コード例 #1
0
    def put(self, authority_id, data=None):
        """
        .. http:put:: /authorities/1

           Update an authority

           **Example request**:

           .. sourcecode:: http

              PUT /authorities/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                "name": "TestAuthority5",
                "roles": [{
                    "id": 566,
                    "name": "TestAuthority5_admin"
                }, {
                    "id": 567,
                    "name": "TestAuthority5_operator"
                }, {
                    "id": 123,
                    "name": "*****@*****.**"
                }],
                "active": true,
                "authorityCertificate": {
                    "body": "-----BEGIN CERTIFICATE-----",
                    "status": null,
                    "cn": "AcommonName",
                    "description": "This is the ROOT certificate for the TestAuthority5 certificate authority.",
                    "chain": "",
                    "notBefore": "2016-06-03T00:00:51+00:00",
                    "notAfter": "2036-06-03T23:59:51+00:00",
                    "owner": "*****@*****.**",
                    "user": {
                        "username": "******",
                        "active": true,
                        "email": "*****@*****.**",
                        "id": 3
                    },
                    "active": true,
                    "bits": 2048,
                    "id": 2280,
                    "name": "TestAuthority5"
                },
                "owner": "*****@*****.**",
                "id": 44,
                "description": "This is the ROOT certificate for the TestAuthority5 certificate authority."
               }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "name": "TestAuthority",
                "roles": [{
                    "id": 123,
                    "name": "*****@*****.**"
                }, {
                    "id": 564,
                    "name": "TestAuthority_admin"
                }, {
                    "id": 565,
                    "name": "TestAuthority_operator"
                }],
                "options": null,
                "active": true,
                "authorityCertificate": {
                    "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
                    "status": true,
                    "cn": "AcommonName",
                    "description": "This is the ROOT certificate for the TestAuthority certificate authority.",
                    "chain": "",
                    "notBefore": "2016-06-02T00:00:15+00:00",
                    "notAfter": "2023-06-02T23:59:15+00:00",
                    "owner": "*****@*****.**",
                    "user": {
                        "username": "******",
                        "active": true,
                        "email": "*****@*****.**",
                        "id": 3
                    },
                    "active": true,
                    "bits": 2048,
                    "id": 2235,
                    "name": "TestAuthority"
                },
                "owner": "*****@*****.**",
                "id": 43,
                "description": "This is the ROOT certificate for the TestAuthority certificate authority."
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        authority = service.get(authority_id)

        if not authority:
            return dict(message='Not Found'), 404

        # all the authority role members should be allowed
        roles = [x.name for x in authority.roles]
        permission = AuthorityPermission(authority_id, roles)

        if permission.can():
            return service.update(authority_id,
                                  owner=data['owner'],
                                  description=data['description'],
                                  active=data['active'],
                                  roles=data['roles'])

        return dict(
            message="You are not authorized to update this authority."), 403
コード例 #2
0
ファイル: views.py プロジェクト: bossadvisors/lemur
    def put(self, authority_id, data=None):
        """
        .. http:put:: /authorities/1

           Update a authority

           **Example request**:

           .. sourcecode:: http

              PUT /authorities/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                 "roles": [],
                 "active": false,
                 "owner": "*****@*****.**",
                 "description": "this is authority1"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "id": 1,
                "name": "authority1",
                "description": "this is authority1",
                "pluginName": null,
                "chain": "-----begin ...",
                "body": "-----begin ...",
                "active": false,
                "notBefore": "2015-06-05t17:09:39",
                "notAfter": "2015-06-10t17:09:39"
                "options": null
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        authority = service.get(authority_id)

        if not authority:
            return dict(message='Not Found'), 404

        role = role_service.get_by_name(authority.owner)

        # all the authority role members should be allowed
        roles = [x.name for x in authority.roles]

        # allow "owner" roles by team DL
        roles.append(role)
        permission = AuthorityPermission(authority_id, roles)

        # we want to make sure that we cannot add roles that we are not members of
        if not g.current_user.is_admin:
            role_ids = set([r.id for r in data['roles']])
            user_role_ids = set([r.id for r in g.current_user.roles])

            if not role_ids.issubset(user_role_ids):
                return dict(message="You are not allowed to associate a role which you are not a member of"), 400

        if permission.can():
            return service.update(
                authority_id,
                owner=data['owner'],
                description=data['description'],
                active=data['active'],
                roles=data['roles']
            )

        return dict(message="You are not authorized to update this authority"), 403
コード例 #3
0
ファイル: views.py プロジェクト: harmw/lemur
    def put(self, authority_id, data=None):
        """
        .. http:put:: /authorities/1

           Update an authority

           **Example request**:

           .. sourcecode:: http

              PUT /authorities/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                "name": "TestAuthority5",
                "roles": [{
                    "id": 566,
                    "name": "TestAuthority5_admin"
                }, {
                    "id": 567,
                    "name": "TestAuthority5_operator"
                }, {
                    "id": 123,
                    "name": "*****@*****.**"
                }],
                "active": true,
                "authorityCertificate": {
                    "body": "-----BEGIN CERTIFICATE-----",
                    "status": null,
                    "cn": "AcommonName",
                    "description": "This is the ROOT certificate for the TestAuthority5 certificate authority.",
                    "chain": "",
                    "notBefore": "2016-06-03T00:00:51+00:00",
                    "notAfter": "2036-06-03T23:59:51+00:00",
                    "owner": "*****@*****.**",
                    "user": {
                        "username": "******",
                        "active": true,
                        "email": "*****@*****.**",
                        "id": 3
                    },
                    "active": true,
                    "bits": 2048,
                    "id": 2280,
                    "name": "TestAuthority5"
                },
                "owner": "*****@*****.**",
                "id": 44,
                "description": "This is the ROOT certificate for the TestAuthority5 certificate authority."
               }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "name": "TestAuthority",
                "roles": [{
                    "id": 123,
                    "name": "*****@*****.**"
                }, {
                    "id": 564,
                    "name": "TestAuthority_admin"
                }, {
                    "id": 565,
                    "name": "TestAuthority_operator"
                }],
                "options": null,
                "active": true,
                "authorityCertificate": {
                    "body": "-----BEGIN CERTIFICATE-----IyMzU5MTVaMHk...",
                    "status": true,
                    "cn": "AcommonName",
                    "description": "This is the ROOT certificate for the TestAuthority certificate authority.",
                    "chain": "",
                    "notBefore": "2016-06-02T00:00:15+00:00",
                    "notAfter": "2023-06-02T23:59:15+00:00",
                    "owner": "*****@*****.**",
                    "user": {
                        "username": "******",
                        "active": true,
                        "email": "*****@*****.**",
                        "id": 3
                    },
                    "active": true,
                    "bits": 2048,
                    "id": 2235,
                    "name": "TestAuthority"
                },
                "owner": "*****@*****.**",
                "id": 43,
                "description": "This is the ROOT certificate for the TestAuthority certificate authority."
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        authority = service.get(authority_id)

        if not authority:
            return dict(message='Not Found'), 404

        # all the authority role members should be allowed
        roles = [x.name for x in authority.roles]
        permission = AuthorityPermission(authority_id, roles)

        if permission.can():
            return service.update(
                authority_id,
                owner=data['owner'],
                description=data['description'],
                active=data['active'],
                roles=data['roles']
            )

        return dict(message="You are not authorized to update this authority."), 403
コード例 #4
0
    def put(self, authority_id):
        """
        .. http:put:: /authorities/1

           Update a authority

           **Example request**:

           .. sourcecode:: http

              PUT /authorities/1 HTTP/1.1
              Host: example.com
              Accept: application/json, text/javascript

              {
                 "roles": [],
                 "active": false,
                 "owner": "*****@*****.**",
                 "description": "this is authority1"
              }

           **Example response**:

           .. sourcecode:: http

              HTTP/1.1 200 OK
              Vary: Accept
              Content-Type: text/javascript

              {
                "id": 1,
                "name": "authority1",
                "description": "this is authority1",
                "pluginName": null,
                "chain": "-----begin ...",
                "body": "-----begin ...",
                "active": false,
                "notBefore": "2015-06-05t17:09:39",
                "notAfter": "2015-06-10t17:09:39"
                "options": null
              }

           :reqheader Authorization: OAuth token to authenticate
           :statuscode 200: no error
           :statuscode 403: unauthenticated
        """
        self.reqparse.add_argument('roles',
                                   type=list,
                                   default=[],
                                   location='json')
        self.reqparse.add_argument('active',
                                   type=str,
                                   location='json',
                                   required=True)
        self.reqparse.add_argument('owner',
                                   type=str,
                                   location='json',
                                   required=True)
        self.reqparse.add_argument('description',
                                   type=str,
                                   location='json',
                                   required=True)
        args = self.reqparse.parse_args()

        authority = service.get(authority_id)
        role = role_service.get_by_name(authority.owner)

        # all the authority role members should be allowed
        roles = [x.name for x in authority.roles]

        # allow "owner" roles by team DL
        roles.append(role)
        permission = AuthorityPermission(authority_id, roles)

        # we want to make sure that we cannot add roles that we are not members of
        if not g.current_user.is_admin:
            role_ids = set([r['id'] for r in args['roles']])
            user_role_ids = set([r.id for r in g.current_user.roles])

            if not role_ids.issubset(user_role_ids):
                return dict(
                    message=
                    "You are not allowed to associate a role which you are not a member of"
                ), 400

        if permission.can():
            return service.update(authority_id,
                                  owner=args['owner'],
                                  description=args['description'],
                                  active=args['active'],
                                  roles=args['roles'])

        return dict(
            message="You are not authorized to update this authority"), 403