def testRaisesIfUsernameSetInRequest(self):
user = user_plugin.ApiGrrUser(username="******")
with self.assertRaises(ValueError):
self.handler.Handle(user, token=access_control.ACLToken(username="******"))
user = user_plugin.ApiGrrUser(username="******")
with self.assertRaises(ValueError):
self.handler.Handle(user, token=access_control.ACLToken(username="******"))
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
events.Events.PublishEvent("Audit",
events.AuditEvent(user=token.username,
action="USER_UPDATE",
urn=user_urn),
token=token)
with aff4.FACTORY.Open(user_urn,
aff4_type=users.GRRUser,
mode="rw",
token=token) as fd:
if args.HasField("password"):
fd.SetPassword(args.password)
if args.user_type == args.UserType.USER_TYPE_ADMIN:
fd.AddLabels(["admin"], owner="GRR")
elif args.user_type == args.UserType.USER_TYPE_STANDARD:
fd.RemoveLabels(["admin"], owner="GRR")
return api_user.ApiGrrUser().InitFromAff4Object(fd)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
events.Events.PublishEvent("Audit",
events.AuditEvent(user=token.username,
action="USER_ADD",
urn=user_urn),
token=token)
if aff4.FACTORY.ExistsWithType(user_urn,
aff4_type=users.GRRUser,
token=token):
raise access_control.UnauthorizedAccess(
"Cannot add user %s: User already exists." % args.username)
with aff4.FACTORY.Create(user_urn,
aff4_type=users.GRRUser,
mode="rw",
token=token) as fd:
if args.HasField("password"):
fd.SetPassword(args.password)
if args.user_type == args.UserType.USER_TYPE_ADMIN:
fd.AddLabels(["admin"], owner="GRR")
return api_user.ApiGrrUser().InitFromAff4Object(fd)
def testSetsSettingsForUserCorrespondingToToken(self):
settings = aff4_users.GUISettings(mode="ADVANCED",
canary_mode=True,
docs_location="REMOTE")
user = user_plugin.ApiGrrUser(settings=settings)
self.handler.Handle(user, token=access_control.ACLToken(username="******"))
# Check that settings for user "foo" were applied.
fd = aff4.FACTORY.Open("aff4:/users/foo", token=self.token)
self.assertEqual(fd.Get(fd.Schema.GUI_SETTINGS), settings)
def testSetsSettingsForUserCorrespondingToToken(self):
settings = aff4_users.GUISettings(mode="ADVANCED", canary_mode=True)
user = user_plugin.ApiGrrUser(settings=settings)
self.handler.Handle(user, token=access_control.ACLToken(username="******"))
# Check that settings for user "foo" were applied.
fd = aff4.FACTORY.Open("aff4:/users/foo", token=self.token)
self.assertEqual(fd.Get(fd.Schema.GUI_SETTINGS), settings)
# Check that settings were applied in relational db.
u = data_store.REL_DB.ReadGRRUser("foo")
self.assertEqual(settings.mode, u.ui_mode)
self.assertEqual(settings.canary_mode, u.canary_mode)
def Handle(self, args, token=None):
if not args.username:
raise ValueError("username can't be empty.")
user_urn = aff4.ROOT_URN.Add("users").Add(args.username)
try:
fd = aff4.FACTORY.Open(user_urn,
aff4_type=users.GRRUser,
mode="r",
token=token)
return api_user.ApiGrrUser().InitFromAff4Object(fd)
except aff4.InstantiationError:
raise api_call_handler_base.ResourceNotFoundError(
"GRR user with username '%s' could not be found." %
args.username)
def Handle(self, args, token=None):
users_root = aff4.FACTORY.Open(aff4.ROOT_URN.Add("users"), token=token)
usernames = sorted(users_root.ListChildren())
total_count = len(usernames)
if args.count:
usernames = usernames[args.offset:args.offset + args.count]
else:
usernames = usernames[args.offset:]
items = []
for aff4_obj in aff4.FACTORY.MultiOpen(usernames,
aff4_type=users.GRRUser,
token=token):
items.append(api_user.ApiGrrUser().InitFromAff4Object(aff4_obj))
return ApiListGrrUsersResult(total_count=total_count, items=items)
def testRaisesIfTraitsSetInRequest(self):
user = user_plugin.ApiGrrUser(
interface_traits=user_plugin.ApiGrrUserInterfaceTraits())
with self.assertRaises(ValueError):
self.handler.Handle(user, token=access_control.ACLToken(username="******"))
