def delete_users(self, userIds, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: userIds = split_list_sanitized(userIds) try: for userId in userIds: try: delUser = session.query(User).filter(User.id == userId).one() session.delete(delUser) for flFile in session.query(File).filter(File.owner_id == delUser.id): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by user %s has been deleted as a result of the owner being deleted. " % (flFile.name, flFile.id, delUser.id), "admin")) session.add(AuditLog(user.id, Actions.DELETE_USER, "User with ID: \"%s\" deleted from system" % delUser.id, "admin")) sMessages.append("Successfully deleted user %s" % userId) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("User with ID:%s does not exist" % userId) except Exception, e: fMessages.append("Could not delete user: %s" % str(e)) session.commit() except Exception, e: session.rollback() cherrypy.log.error("[%s] [delete_users] [Could not delete users: %s]" % (user.id, str(e))) fMessages.append("Could not delete users: %s" % str(e))
def update_group(self, groupId, groupName=None, groupScope="private", format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: groupId = strip_tags(groupId) group = session.query(Group).filter(Group.id == groupId).one() if group.owner_id == user.id or AccountService.user_has_permission( user, "admin"): group.name = strip_tags(groupName) if strip_tags( groupName) is not None else group.name group.scope = strip_tags(groupScope.lower( )) if groupScope is not None else group.scope session.add( AuditLog( user.id, Actions.UPDATE_GROUP, "Group \"%s\"(%s) has been updated" % (group.name, group.id))) session.commit() sMessages.append("Group updated") else: fMessages.append( "You do not have permission to update this group") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find group with ID: %s" % str(groupId))
def take_file(self, fileId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) config = cherrypy.request.app.config['filelocker'] try: flFile = session.query(File).filter(File.id == fileId).one() if flFile.owner_id == user.id: fMessages.append("You cannot take your own file") elif flFile.shared_with( user) or AccountService.user_has_permission(user, "admin"): if (FileService.get_user_quota_usage_bytes(user) + flFile.size) >= (user.quota * 1024 * 1024): cherrypy.log.error( "[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]" % (user.id, flFile.name)) raise Exception( "You may not copy this file because doing so would exceed your quota" ) takenFile = flFile.get_copy() takenFile.owner_id = user.id takenFile.date_uploaded = datetime.datetime.now() takenFile.notify_on_download = False session.add(takenFile) session.commit() shutil.copy(os.path.join(config['vault'], str(flFile.id)), os.path.join(config['vault'], str(takenFile.id))) sMessages.append( "Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. " % flFile.name) else: fMessages.append( "You do not have permission to take this file") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId))
def remove_users_from_group(self, userIds, groupId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userIds = split_list_sanitized(userIds) groupId = int(strip_tags(groupId)) group = session.query(Group).filter(Group.id==groupId).one() if group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): for userId in userIds: user = AccountService.get_user(userId) group.members.remove(user) session.add(AuditLog(user.id, Actions.UPDATE_GROUP, "%s user(s) removed from group \"%s\"(%s)" % (len(userIds), group.name, group.id))) session.commit() sMessages.append("Group members removed successfully") else: fMessages.append("You do not have permission to modify group with ID:%s" % str(groupId)) except ValueError: fMessages.append("Invalid group Id") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Group with ID:%s could not be found" % str(groupId)) except Exception, e: session.rollback() fMessages.append("Couldn't remove members from group: %s" % str(e)) cherrypy.log.error("[%s] [remove_users_from_group] [Couldn't remove members from group: %s]" % (user.id, str(e)))
def update_role(self, roleId, roleName, email, quota, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: roleId = strip_tags(roleId) existingRole = session.query(Role).filter(Role.id == roleId).one() existingRole.name = strip_tags(roleName) existingRole.email = strip_tags(email) existingRole.quota = int(quota) session.add( AuditLog( user.id, Actions.UPDATE_ROLE, "%s updated role \"%s\"(%s)" % (user.id, existingRole.name, existingRole.id), None, existingRole.id)) session.commit() sMessages.append("Successfully updated a role named %s." % str(roleName)) except ValueError: fMessages.append("Quota must be a positive integer") except sqlalchemy.orm.exc.NoResultFound: fMessages.append("Role with ID:%s could not be found to update." % str(roleId)) except Exception, e: session.rollback() cherrypy.log.error( "[%s] [update_role] [Problem creating role: %s]" % (user.id, str(e))) fMessages.append("Problem creating role: %s" % str(e))
def delete_public_share(self, shareId, format="json", **kwargs): user, role, sMessages, fMessages = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) shareId = strip_tags(shareId) try: ps = session.query(PublicShare).filter( PublicShare.id == shareId).one() if role is not None and ps.role_owner_id == role.id: session.delete(ps) session.add( AuditLog( user.id, Actions.DELETE_PUBLIC_SHARE, "Role %s stopped sharing files publicly via URL using share ID: %s" % (role.name, str(ps.id)), None, role.id)) session.commit() sMessages.append("Successfully unshared files") elif ps.owner_id == user.id or AccountService.user_has_permission( user, "admin"): session.delete(ps) session.add( AuditLog( user.id, Actions.DELETE_PUBLIC_SHARE, "You stopped sharing files publicly via URL using share ID: %s" % str(ps.id))) session.commit() sMessages.append("Successfully unshared files") else: fMessages.append( "You do not have permission to modify share ID: %s" % str(ps.id)) except Exception, e: fMessages.append(str(e))
def remove_users_from_group(self, userIds, groupId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: userIds = split_list_sanitized(userIds) groupId = int(strip_tags(groupId)) group = session.query(Group).filter(Group.id == groupId).one() if group.owner_id == user.id or AccountService.user_has_permission( user, "admin"): for userId in userIds: user = AccountService.get_user(userId) group.members.remove(user) session.add( AuditLog( user.id, Actions.UPDATE_GROUP, "%s user(s) removed from group \"%s\"(%s)" % (len(userIds), group.name, group.id))) session.commit() sMessages.append("Group members removed successfully") else: fMessages.append( "You do not have permission to modify group with ID:%s" % str(groupId)) except ValueError: fMessages.append("Invalid group Id") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Group with ID:%s could not be found" % str(groupId))
def create_attribute_shares(self, fileIds, attributeId, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: userShareableAttributes, permission = AccountService.get_shareable_attributes_by_user( user), False for attribute in userShareableAttributes: if attributeId == attribute.id: permission = True break if permission: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: session.add( AttributeShare(file_id=fileId, attribute_id=attributeId)) sMessages.append( "Successfully shared file(s) with users having the %s attribute" % attributeId) else: fMessages.append( "You do not have permission to share with this attribute") except Exception, e: fMessages.append(str(e))
def update_user(self, userId, quota=None, email=None, firstName=None, lastName=None, password=None, confirmPassword=None, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userId = strip_tags(userId) if userId == user.id or AccountService.user_has_permission(user, "admin"): updateUser = AccountService.get_user(userId) #This kind of implicitly enforces permissions updateUser.email = strip_tags(email) if strip_tags(email) is not None else updateUser.email updateUser.quota = int(strip_tags(quota)) if strip_tags(quota) is not None else updateUser.quota updateUser.first_name = strip_tags(firstName) if strip_tags(firstName) is not None else updateUser.first_name updateUser.last_name = strip_tags(lastName) if strip_tags(lastName) is not None else updateUser.last_name if password != "" and password is not None and confirmPassword != "" and confirmPassword is not None: if password == confirmPassword: updateUser.set_password(password) else: fMessages.append("Passwords do not match, password has not been reset") sMessages.append("Successfully updated user settings") session.add(AuditLog(user.id, Actions.UPDATE_USER, "%s updated user account \"%s\"" % (user.id, userId), userId)) session.commit() else: fMessages.append("You do not have permission to update this user") except Exception, e: session.rollback() cherrypy.log.error("[%s] [update_user] [Problem rupdating user: %s]" % (user.id, str(e))) fMessages.append("Problem while updating user: %s" % str(e))
def read_message(self, messageId, format="json", **kwargs): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] try: messageShare = session.query(MessageShare).filter( MessageShare.message_id == messageId).one() if messageShare.recipient_id == user.id: messageShare.date_viewed = datetime.datetime.now() session.add( AuditLog( user.id, "Read Message", "%s read message sent by %s with subject \"%s\"" % (user.id, messageShare.message.owner_id, messageShare.message.subject), messageShare.message.owner_id)) else: fMessages.append( "You do not have permission to read this message") session.commit() except sqlalchemy.orm.exc.NoResultFound: fMessages.append("Invalid message id") except Exception, e: cherrypy.log.error( "[%s] [read_message] [Could not mark message as read: %s]" % (user.id, str(e))) fMessages.append("Could not mark message as read: %s" % str(e))
def take_file(self, fileId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: config = cherrypy.request.app.config['filelocker'] try: flFile = session.query(File).filter(File.id==fileId).one() if flFile.owner_id == user.id: fMessages.append("You cannot take your own file") elif flFile.shared_with(user) or AccountService.user_has_permission(user, "admin"): if (FileService.get_user_quota_usage_bytes(user) + flFile.size) >= (user.quota*1024*1024): cherrypy.log.error("[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]" % (user.id, flFile.name)) raise Exception("You may not copy this file because doing so would exceed your quota") takenFile = flFile.get_copy() takenFile.owner_id = user.id takenFile.date_uploaded = datetime.datetime.now() takenFile.notify_on_download = False session.add(takenFile) session.commit() shutil.copy(os.path.join(config['vault'],str(flFile.id)), os.path.join(config['vault'],str(takenFile.id))) sMessages.append("Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. " % flFile.name) else: fMessages.append("You do not have permission to take this file") except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId)) except Exception, e: session.rollback() fMessages.append(str(e))
def bulk_create_user(self, quota, password, permissions, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"),[], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: permissions = split_list_sanitized(permissions) line = cherrypy.request.body.readline() count = 0 while line != "": (userId, userFirstName, userLastName, userEmailAddress) = split_list_sanitized(line) if session.query(User).filter(User.id==userId).scalar() is None: newUser = User(first_name=userFirstName, last_name=userLastName, email=userEmailAddress.replace("\n",""), quota=quota, id=userId) newUser.set_password(password) session.add(newUser) for permissionId in permissions: permission = session.query(Permission).filter(Permission.id==permissionId).one() newUser.permissions.append(permission) session.commit() count += 1 else: fMessages.append("User %s already exists." % userId) line = cherrypy.request.body.readline() if len(fMessages) == 0: sMessages.append("Created %s users" % count) except ValueError, ve: fMessages.append("CSV file not parsed correctly, possibly in wrong format.") except Exception, e: cherrypy.log.error("[%s] [bulk_create_user] [Problem creating users in bulk: %s]" % (user.id, str(e))) fMessages.append("Problem creating users in bulk: %s" % str(e))
def check_in_file(tempFileName, flFile): config = cherrypy.request.app.config['filelocker'] filePath = os.path.join(config['vault'], tempFileName) #Virus scanning if requested avCommand = session.query(ConfigParameter).filter(ConfigParameter.name=="antivirus_command").one().value if(avCommand): avCommandList = avCommand.split(" ") avCommandList.append(filePath) scanFile = True else: scanFile = False try: if(scanFile): p = subprocess.Popen(avCommandList, stdout=subprocess.PIPE) output = p.communicate()[0] if(p.returncode != 0): cherrypy.log.error("[%s] [check_in_file] [File %s did not pass requested virus scan, return code: %s, output: %s]" % (flFile.owner_id, flFile.name, p.returncode, output)) queue_for_deletion(tempFileName) flFile.passed_avscan = False raise Exception('Virus found during scan!') else: flFile.passed_avscan = True else: flFile.passed_avscan = False session.add(flFile) session.commit() except OSError, oe: cherrypy.log.error("[%s] [check_in_file] [AVSCAN execution failed: %s]" % (flFile.owner_id, str(oe))) flFile.passed_avscan = False raise Exception('Virus scan failed!')
def process_login(self, username, password, **kwargs): rootURL, local = cherrypy.request.app.config['filelocker']['root_url'], False if kwargs.has_key("local") and kwargs['local'] == str(True): local = True username = strip_tags(username) if password is None or password == "": raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" % (rootURL, str(local))) else: directory = AccountService.ExternalDirectory(local) if directory.authenticate(username, password): cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32] currentUser = AccountService.get_user(username, True) #if they are authenticated and local, this MUST return a user object if currentUser is not None: if not currentUser.authorized: raise cherrypy.HTTPError(403, "You do not have permission to access this system") session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() raise cherrypy.HTTPRedirect(rootURL) else: #This should only happen in the case of a user existing in the external directory, but having never logged in before try: newUser = directory.lookup_user(username) AccountService.install_user(newUser) currentUser = AccountService.get_user(username, True) if currentUser is not None and currentUser.authorized != False: raise cherrypy.HTTPRedirect(rootURL) else: raise cherrypy.HTTPError(403, "You do not have permission to access this system") except Exception, e: return "Unable to install user: %s" % str(e) else:
def create_role(self, roleId, roleName, email, quota, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: roleId = strip_tags(roleId) existingRole = session.query(Role).filter(Role.id == roleId).scalar() if existingRole is None: roleName = strip_tags(roleName) email = strip_tags(email) quota = int(quota) newRole = Role(id=roleId, name=roleName, email=email, quota=quota) session.add(newRole) session.add(AuditLog(user.id, Actions.CREATE_ROLE, "%s added a role to the system named \"%s\"" % (user.id, newRole.name), None)) session.commit() sMessages.append("Successfully created a role named %s. Other users who are added to this role may act on behalf of this role now." % str(roleName)) else: fMessages.append("A role with role ID: %s already exists" % str(roleId)) except ValueError: fMessages.append("Quota must be a positive integer") except Exception, e: session.rollback() cherrypy.log.error("[%s] [create_role] [Problem creating role: %s]" % (user.id, str(e))) fMessages.append("Problem creating role: %s" % str(e))
def delete_user_shares(self, fileIds, userId, format="json"): user, role, sMessages, fMessages = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: flFile = session.query(File).filter(File.id == fileId).one() if ( role is not None and flFile.role_owner_id == role.id ) or flFile.owner_id == user.id or AccountService.user_has_permission( user, "admin"): ps = session.query(UserShare).filter( and_(UserShare.user_id == userId, UserShare.file_id == flFile.id)).scalar() if ps is not None: session.delete(ps) session.add( AuditLog( user.id, Actions.DELETE_USER_SHARE, "You stopped sharing file %s with %s" % (flFile.name, userId), None, role.id if role is not None else None)) session.commit() sMessages.append("Share has been successfully deleted") else: fMessages.append("This share does not exist") else: fMessages.append( "You do not have permission to modify shares for file with ID: %s" % str(flFile.id)) except Exception, e: session.rollback() fMessages.append("Problem deleting share for file: %s" % str(e))
def CLI_login(self, CLIkey, userId, format="cli", **kwargs): rootURL, local, sMessages, fMessages = cherrypy.request.app.config['filelocker']['root_url'], False, [], [] if session.query(ConfigParameter).filter(ConfigParameter.name == "cli_feature").one().value == 'Yes': userId = strip_tags(userId) CLIkey = strip_tags(CLIkey) hostIP = Filelocker.get_client_address() if(self.validIPv4.match(hostIP)): hostIPv4 = hostIP hostIPv6 = "" elif(self.validIPv6.match(hostIP)): hostIPv4 = "" hostIPv6 = hostIP self.directory = CLIDirectory.CLIDirectory() if self.directory.authenticate(userId, CLIkey, hostIPv4, hostIPv6): currentUser = AccountService.get_user(userId, True) cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32] if currentUser is not None: session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() sMessages.append(cherrypy.session['request-origin']) else: fMessages.append("Failure: Not Authorized!") else: fMessages.append("Failure: Not Authorized!") else: fMessages.append("Failure: CLI not supported by server!") return fl_response(sMessages, fMessages, format)
def delete_upload_request(self, ticketId, format="json", requestOrigin=""): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: ticketId = strip_tags(ticketId) uploadRequest = session.query(UploadRequest).filter( UploadRequest.id == ticketId).one() if uploadRequest.owner_id == user.id or AccountService.user_has_permission( user, "admin"): session.delete(uploadRequest) session.add( AuditLog( user.id, Actions.DELETE_UPLOAD_REQUEST, "You deleted an upload request with ID: %s" % uploadRequest.id)) session.commit() sMessages.append("Upload request deleted") else: fMessages.append( "You do not have permission to delete this upload request" ) except Exception, e: fMessages.append(str(e))
def delete_roles(self, roleIds, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: roleIds = split_list_sanitized(roleIds) for roleId in roleIds: try: role = session.query(Role).filter(Role.id == roleId).one() session.delete(role) for flFile in session.query(File).filter( File.role_owner_id == role.id): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add( AuditLog( user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted as a result of the role owner being deleted. " % (flFile.name, flFile.id, role.id), "admin")) session.add( AuditLog( user.id, Actions.DELETE_ROLE, "%s deleted role \"%s\"(%s) from the system" % (user.id, role.name, role.id), None)) sMessages.append("Successfully deleted roles%s." % str(roleId)) except sqlalchemy.orm.exc.NoResultFound: fMessages.append("The role ID: %s does not exist" % str(roleId)) session.commit() except Exception, e: session.rollback() cherrypy.log.error( "[%s] [delete_roles] [Problem deleting roles: %s]" % (user.id, str(e))) fMessages.append("Problem deleting roles: %s" % str(e))
def routine_maintenance(config): from lib import AccountService expiredFiles = session.query(File).filter(File.date_expires < datetime.datetime.now()) for flFile in expiredFiles: try: for share in flFile.user_shares: session.delete(share) for share in flFile.group_shares: session.delete(share) for share in flFile.public_shares: session.delete(share) for share in flFile.attribute_shares: session.delete(share) FileService.queue_for_deletion(flFile.id) session.add( AuditLog( "admin", Actions.DELETE_FILE, "File %s (ID:%s) has expired and has been purged by the system." % (flFile.name, flFile.id), flFile.owner_id, ) ) session.delete(flFile) session.commit() except Exception, e: session.rollback() cherrypy.log.error("[system] [routine_maintenance] [Error while deleting expired file: %s]" % str(e))
def delete_files(self, fileIds, format="json", requestOrigin="", **kwargs): user, role, sMessages, fMessages = (cherrypy.session.get("user"),cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: fileId = int(fileId) flFile = session.query(File).filter(File.id == fileId).one() if flFile.role_owner_id is not None and role is not None and flFile.role_owner_id == role.id: FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted by user %s. " % (flFile.name, flFile.id, role.name, user.id))) session.commit() sMessages.append("File %s deleted successfully" % flFile.name) elif flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) has been deleted" % (flFile.name, flFile.id))) session.commit() sMessages.append("File %s deleted successfully" % flFile.name) else: fMessages.append("You do not have permission to delete file %s" % flFile.name) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId)) except Exception, e: session.rollback() cherrypy.log.error("[%s] [delete_files] [Could not delete file: %s]" % (user.id, str(e))) fMessages.append("File not deleted: %s" % str(e))
def routine_maintenance(config): from lib import AccountService expiredFiles = session.query(File).filter( File.date_expires < datetime.datetime.now()) for flFile in expiredFiles: try: for share in flFile.user_shares: session.delete(share) for share in flFile.group_shares: session.delete(share) for share in flFile.public_shares: session.delete(share) for share in flFile.attribute_shares: session.delete(share) FileService.queue_for_deletion(flFile.id) session.add( AuditLog( "admin", Actions.DELETE_FILE, "File %s (ID:%s) has expired and has been purged by the system." % (flFile.name, flFile.id), flFile.owner_id)) session.delete(flFile) session.commit() except Exception, e: session.rollback() cherrypy.log.error( "[system] [routine_maintenance] [Error while deleting expired file: %s]" % str(e))
def hide_share(self, fileIds, format="json"): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: session.add(HiddenShare(file_id=fileId, owner_id=user.id)) except Exception, e: fMessages.append(str(e))
def queue_for_deletion(filePath): try: if session.query(DeletedFile).filter(DeletedFile.file_name==filePath).scalar() is None: session.add(DeletedFile(file_name=filePath)) session.commit() except Exception, e: cherrypy.log.error("Unable to queue file for deletion: %s" % str(e)) session.rollback()
def install_user(user): if user is not None: if user.quota is None: user.quota = int(session.query(ConfigParameter).filter(ConfigParameter.name=="default_quota").one().value) session.add(user) session.add(AuditLog(user.id, "Install User", "User %s (%s) installed" % (user.display_name, user.id))) session.commit() else: raise Exception("User %s doesn't exist in directory" % user.id)
def hide_shares(self, fileIds, format="json", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) try: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: session.add(HiddenShare(file_id=fileId, owner_id=user.id)) session.commit() sMessages.append("Share has been hidden") except Exception, e: fMessages.append("Could not hide share: %s" % str(e)) cherrypy.log.error( "[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def install_user(user): if user is not None: if user.quota is None: user.quota = int( session.query(ConfigParameter).filter( ConfigParameter.name == "default_quota").one().value) session.add(user) session.add( AuditLog(user.id, "Install User", "User %s (%s) installed" % (user.display_name, user.id))) session.commit() else: raise Exception("User %s doesn't exist in directory" % user.id)
def hide_share(self, fileIds, format="json", requestOrigin=""): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: session.add(HiddenShare(file_id=fileId, owner_id=user.id)) except Exception, e: fMessages.append(str(e)) sMessages.append("Successfully hid shares. Unhide shares in Account Settings.") session.commit()
def cluster_elections(config): try: currentNodeId = int(config["filelocker"]["cluster_member_id"]) currentNode = session.query(ClusterNode).filter(ClusterNode.member_id == currentNodeId).scalar() if currentNode is None: # This node isn't in the DB yet, check in import socket currentNode = ClusterNode( member_id=currentNodeId, hostname=socket.gethostname(), is_master=False, last_seen_timestamp=datetime.datetime.now(), ) session.add(currentNode) session.commit() else: # In the DB, update last seen to avoid purging currentNode.last_seen_timestamp = datetime.datetime.now() session.commit() currentMaster = session.query(ClusterNode).filter(ClusterNode.is_master == True).scalar() # If this is default master node and another node has assumed master, reset and force election if currentNodeId == 0 and currentNode.is_master == False and currentMaster is not None: for node in session.query(ClusterNode).all(): node.is_master = False session.commit() # This isn't the default master, there is one, but it's expired elif currentMaster is not None and currentMaster.last_seen_timestamp < datetime.datetime.now() - datetime.timedelta( minutes=5 ): # master is expired session.delete(currentMaster) session.commit() # No master, hold election elif currentMaster is None: # No master nodes found, become master if eligible purge_expired_nodes() highestPriority = currentNode.member_id for node in session.query(ClusterNode).all(): if node.member_id < highestPriority: highestPriority = node.member_id break if ( highestPriority == currentNode.member_id ): # Current node has lowest node id, thus highest priority, assume master currentNode.is_master = True session.commit() return True except sqlalchemy.orm.exc.ConcurrentModificationError, cme: cherrypy.log.error( "[system] [cluster_elections] [Concurrency error during elections. This can occur if locks on the DB inhibit normal cluster elections. If this error occurs infrequently, it can usually be disregarded. Full Error: %s]" % str(cme) ) session.rollback() return False
def create_admin_user(dburi, password): engine = create_engine(dburi, echo=False) Session = sessionmaker(bind=engine) session = Session() adminUser = session.query(User).filter(User.id=="admin").scalar() if adminUser is None: adminUser = User(id="admin", first_name="Administrator", quota=1024, date_tos_accept=datetime.datetime.now()) session.add(adminUser) session.commit() adminUser.set_password(password) adminPermission = session.query(Permission).filter(Permission.id == "admin").one() if adminPermission not in adminUser.permissions: adminUser.permissions.append(adminPermission) session.commit()
def delete_files(self, fileIds, format="json", requestOrigin="", **kwargs): user, role, sMessages, fMessages = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: fileId = int(fileId) flFile = session.query(File).filter( File.id == fileId).one() if flFile.role_owner_id is not None and role is not None and flFile.role_owner_id == role.id: FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add( AuditLog( user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted by user %s. " % (flFile.name, flFile.id, role.name, user.id))) session.commit() sMessages.append("File %s deleted successfully" % flFile.name) elif flFile.owner_id == user.id or AccountService.user_has_permission( user, "admin"): FileService.queue_for_deletion(flFile.id) session.delete(flFile) session.add( AuditLog( user.id, Actions.DELETE_FILE, "File %s (%s) has been deleted" % (flFile.name, flFile.id))) session.commit() sMessages.append("File %s deleted successfully" % flFile.name) else: fMessages.append( "You do not have permission to delete file %s" % flFile.name) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find file with ID: %s" % str(fileId)) except Exception, e: session.rollback() cherrypy.log.error( "[%s] [delete_files] [Could not delete file: %s]" % (user.id, str(e))) fMessages.append("File not deleted: %s" % str(e))
def hide_shares(self, fileIds, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: session.add(HiddenShare(file_id=fileId, owner_id=user.id)) session.commit() sMessages.append("Share has been hidden") except Exception, e: fMessages.append("Could not hide share: %s" % str(e)) cherrypy.log.error("[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def get_user(userId, login=False): import warnings authType = session.query(ConfigParameter).filter( ConfigParameter.name == "auth_type").one().value warnings.simplefilter("ignore") user = session.query(User).filter(User.id == userId).scalar() if user is None and authType != "local": #This would be silly if we are using local auth, there's no other source of user info directory = ExternalDirectory() user = directory.lookup_user(userId) if user is not None: if user.quota is None: user.quota = int( session.query(ConfigParameter).filter( ConfigParameter.name == "default_quota").one().value) session.add(user) session.commit() if user is not None: attributeList = [] for permission in user.permissions: if permission.id.startswith("(attr)"): attributeList.append(permission.id.split("(attr)")[1]) for group in user.groups: for permission in group.permissions: if permission.id.startswith("(attr)"): attributeList.append(permission.id.split("(attr)")[1]) if login: for flPlugin in getPlugins(FilelockerPlugin, plugins): attributeList.extend( flPlugin.get_user_attributes(user.id) ) #Send user object off to plugin to get the list populated if not flPlugin.is_authorized( user.userId ): #Checks if any plugin is going to explicitly deny this user access to Filelocker user.authorized = False uniqueAttributeList = [] for attributeId in attributeList: if attributeId not in uniqueAttributeList: attr = session.query(Attribute).filter( Attribute.id == attributeId).scalar() if attr is not None: user.attributes.append(attr) uniqueAttributeList.append(attributeId) user.date_last_login = datetime.datetime.now() session.commit() setup_session(user.get_copy()) if user.quota is None: #Catch for users that got added with nil quotas user.quota = 0 session.commit() return user
def bulk_create_user(self, quota, password, permissions, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: permissions = split_list_sanitized(permissions) line = cherrypy.request.body.readline() count = 0 while line != "": (userId, userFirstName, userLastName, userEmailAddress) = split_list_sanitized(line) if session.query(User).filter( User.id == userId).scalar() is None: newUser = User(first_name=userFirstName, last_name=userLastName, email=userEmailAddress.replace( "\n", ""), quota=quota, id=userId) newUser.set_password(password) session.add(newUser) for permissionId in permissions: permission = session.query(Permission).filter( Permission.id == permissionId).one() newUser.permissions.append(permission) session.commit() count += 1 else: fMessages.append("User %s already exists." % userId) line = cherrypy.request.body.readline() if len(fMessages) == 0: sMessages.append("Created %s users" % count) except ValueError, ve: fMessages.append( "CSV file not parsed correctly, possibly in wrong format.") except Exception, e: cherrypy.log.error( "[%s] [bulk_create_user] [Problem creating users in bulk: %s]" % (user.id, str(e))) fMessages.append("Problem creating users in bulk: %s" % str(e))
def cluster_elections(config): try: currentNodeId = int(config['filelocker']['cluster_member_id']) currentNode = session.query(ClusterNode).filter( ClusterNode.member_id == currentNodeId).scalar() if currentNode is None: #This node isn't in the DB yet, check in import socket currentNode = ClusterNode( member_id=currentNodeId, hostname=socket.gethostname(), is_master=False, last_seen_timestamp=datetime.datetime.now()) session.add(currentNode) session.commit() else: #In the DB, update last seen to avoid purging currentNode.last_seen_timestamp = datetime.datetime.now() session.commit() currentMaster = session.query(ClusterNode).filter( ClusterNode.is_master == True).scalar() #If this is default master node and another node has assumed master, reset and force election if currentNodeId == 0 and currentNode.is_master == False and currentMaster is not None: for node in session.query(ClusterNode).all(): node.is_master = False session.commit() #This isn't the default master, there is one, but it's expired elif currentMaster is not None and currentMaster.last_seen_timestamp < datetime.datetime.now( ) - datetime.timedelta(minutes=5): #master is expired session.delete(currentMaster) session.commit() #No master, hold election elif currentMaster is None: #No master nodes found, become master if eligible purge_expired_nodes() highestPriority = currentNode.member_id for node in session.query(ClusterNode).all(): if node.member_id < highestPriority: highestPriority = node.member_id break if highestPriority == currentNode.member_id: #Current node has lowest node id, thus highest priority, assume master currentNode.is_master = True session.commit() return True except sqlalchemy.orm.exc.ConcurrentModificationError, cme: cherrypy.log.error( "[system] [cluster_elections] [Concurrency error during elections. This can occur if locks on the DB inhibit normal cluster elections. If this error occurs infrequently, it can usually be disregarded. Full Error: %s]" % str(cme)) session.rollback() return False
def delete_upload_request(self, ticketId, format="json", requestOrigin=""): user, sMessages, fMessages = cherrypy.session.get("user"), [], [] if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: ticketId = strip_tags(ticketId) uploadRequest = session.query(UploadRequest).filter(UploadRequest.id == ticketId).one() if uploadRequest.owner_id == user.id or AccountService.user_has_permission(user, "admin"): session.delete(uploadRequest) session.add(AuditLog(user.id, Actions.DELETE_UPLOAD_REQUEST, "You deleted an upload request with ID: %s" % uploadRequest.id)) session.commit() sMessages.append("Upload request deleted") else: fMessages.append("You do not have permission to delete this upload request") except Exception, e: fMessages.append(str(e))
def process_login(self, username, password, **kwargs): rootURL, local = cherrypy.request.app.config['filelocker'][ 'root_url'], False if kwargs.has_key("local") and kwargs['local'] == str(True): local = True username = strip_tags(username) if password is None or password == "": raise cherrypy.HTTPRedirect("%s/login?msg=3&local=%s" % (rootURL, str(local))) else: directory = AccountService.ExternalDirectory(local) if directory.authenticate(username, password): cherrypy.session['request-origin'] = str( os.urandom(32).encode('hex'))[0:32] currentUser = AccountService.get_user( username, True ) #if they are authenticated and local, this MUST return a user object if currentUser is not None: if not currentUser.authorized: raise cherrypy.HTTPError( 403, "You do not have permission to access this system") session.add( AuditLog( cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address()))) session.commit() raise cherrypy.HTTPRedirect(rootURL) else: #This should only happen in the case of a user existing in the external directory, but having never logged in before try: newUser = directory.lookup_user(username) AccountService.install_user(newUser) currentUser = AccountService.get_user(username, True) if currentUser is not None and currentUser.authorized != False: raise cherrypy.HTTPRedirect(rootURL) else: raise cherrypy.HTTPError( 403, "You do not have permission to access this system" ) except Exception, e: return "Unable to install user: %s" % str(e) else:
def delete_clikey(self, hostIPv4, hostIPv6, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: clikey = session.query(CLIKey).filter(CLIKey.host_ipv4==hostIPv4).filter(CLIKey.host_ipv6==hostIPv6).one() if clikey.user_id == user.id or AccountService.user_has_permission(user, "admin"): session.delete(clikey) sMessages.append("Key %s deleted successfully" % clikey.value) session.add(AuditLog(user.id, Actions.DELETE_CLIKEY, "%s deleted CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6))) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find key for host: %s%s" % str(hostIPv4), str(hostIPv6)) session.commit() except Exception, e: session.rollback() fMessages.append("Could not delete Key: %s" % str(e)) cherrypy.log.error("[%s] [delete_clikey] [Could not delete key: %s]" % (user.id, str(e)))
def add_user_to_group(self, userId, groupId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userId = strip_tags(userId) groupId = int(strip_tags(groupId)) group = session.query(Group).filter(Group.id == groupId).one() if group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): try: user = AccountService.get_user(userId) group.members.append(user) session.add(AuditLog(user.id, Actions.UPDATE_GROUP, "User %s added to group \"%s\"(%s)" % (user.id, group.name, group.id))) session.commit() except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Invalid user ID: %s, not added to group" % str(userId)) else:
def create_group_shares(self, fileIds, groupId, notify="false", cc="false", format="json", requestOrigin=""): user, role, sMessages, fMessages, config = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [], cherrypy.request.app.config['filelocker']) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) fileIds = split_list_sanitized(fileIds) groupId = strip_tags(groupId) if groupId is not None and groupId != "" else None notify = True if notify.lower() == "true" else False cc = True if cc.lower() == "true" else False try: if groupId is not None: sharedFiles = [] group = session.query(Group).filter(Group.id==groupId).one() if (role is not None and group.role_owner_id == role.id) or group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): for fileId in fileIds: flFile = session.query(File).filter(File.id == fileId).one() existingShare = session.query(GroupShare).filter(and_(GroupShare.group_id==group.id, GroupShare.file_id==fileId)).scalar() if existingShare is not None: fMessages.append("File %s is already shared with group %s" % (flFile.name, group.name)) elif (role is not None and flFile.role_owner_id == role.id) or flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"): flFile.group_shares.append(GroupShare(group_id=groupId, file_id=fileId)) sharedFiles.append(flFile) else: fMessages.append("You do not have permission to share file with ID: %s" % fileId) sMessages.append("Shared file(s) successfully") if role is not None: session.add(AuditLog(user.id, Actions.CREATE_GROUP_SHARE, "Role %s shared %s files with group %s(%s)" % (role.id, len(fileIds), group.name, group.id), None, role.id)) else: session.add(AuditLog(user.id, Actions.CREATE_GROUP_SHARE, "%s shared %s files with group %s(%s)" % (user.id, len(fileIds), group.name, group.id), None)) else: fMessages.append("You do not have permission to share with this group") session.commit() if notify: cherrypy.session.release_lock() for groupMember in group.members: try: Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':groupMember.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) session.add(AuditLog(user.id, Actions.SEND_EMAIL, "%s has been notified via email that you have shared a file with him or her." % (groupMember.email), None, role.id if role is not None else None)) session.commit() except Exception, e: session.rollback() fMessages.append("Problem sending email notification to %s: %s" % (groupMember.display_name, str(e))) if cc: if (user.email is not None and user.email != ""): try: Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':user.email if role is None else role.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) session.add(AuditLog(user.id, Actions.SEND_EMAIL, "You have been carbon copied via email on the notification that was sent out as a result of your file share.")) session.commit() except Exception, e: session.rollback() fMessages.append("Problem carbon copying email notification: %s" % (str(e))) else: fMessages.append("You elected to receive a carbon copy of the share notification, however your account does not have an email address set.")
def delete_group_shares(self, fileIds, groupId, format="json"): user, role, sMessages, fMessages = ( cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) fileIds = split_list_sanitized(fileIds) for fileId in fileIds: try: group = session.query(Group).filter(Group.id == groupId).one() if ( role is not None and group.role_owner_id == role.id ) or group.owner_id == user.id or AccountService.user_has_permission( user, "admin"): flFile = session.query(File).filter( File.id == fileId).one() if ( role is not None and flFile.role_owner_id == role.id ) or flFile.owner_id == user.id or AccountService.user_has_permission( user, "admin"): share = session.query(GroupShare).filter( GroupShare.group_id == groupId and GroupShare.file_id == flFile.id).scalar() if share is not None: session.delete(share) session.add( AuditLog( user.id, Actions.DELETE_GROUP_SHARE, "You stopped sharing file %s with group %s" % (flFile.name, group.name), None, role.id if role is not None else None)) session.commit() else: fMessages.append( "You do not have permission to modify shares for file with ID: %s" % str(flFile.id)) else: fMessages.append( "You do not have permission delete shares with this group" ) except Exception, e: session.rollback() fMessages.append("Problem deleting share for file: %s" % str(e))
def create_upload_request(self, password, expiration, requestType, maxFileSize=None, cc="false", notifyUser="******", emailAddresses=None, personalMessage=None, format="json", requestOrigin="", **kwargs): user, config, uploadURL, sMessages, fMessages = cherrypy.session.get("user"),cherrypy.request.app.config['filelocker'],"", [], [] if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: expiration = parse_date(expiration, datetime.datetime.now()) except Exception, e: fMessages.append(str(e)) try: cc = True if cc.lower() == "true" else False notifyUser = True if notifyUser.lower() == "true" else False print "DEBUG: notifyUser = "******"" or maxFileSize=="0" or maxFileSize == 0) else None if maxFileSize is not None and maxFileSize < 0: fMessages.append("Max file size must be a positive number") password = None if password == "" else password emailAddresses = split_list_sanitized(emailAddresses.replace(";", ",")) if (emailAddresses is not None and emailAddresses != "") else [] personalMessage = strip_tags(personalMessage) requestType = "multi" if requestType.lower() == "multi" else "single" uploadRequest = UploadRequest(date_expires=expiration, max_file_size=maxFileSize, notify_user=notifyUser, type=requestType, owner_id=user.id) if password is not None: uploadRequest.set_password(password) if requestType == "multi" and password is None: fMessages.append("You must specify a password for upload requests that allow more than 1 file to be uploaded") else: uploadRequest.generate_id() session.add(uploadRequest) if cc: emailAddresses.append(user.email) orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) for recipient in emailAddresses: Mail.notify(get_template_file('upload_request_notification.tmpl'),\ {'sender': user.email, 'recipient': recipient, 'ownerId': user.id, \ 'ownerName': user.display_name, 'requestId': uploadRequest.id, 'requestType': uploadRequest.type,\ 'personalMessage': personalMessage, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) session.add(AuditLog(user.id, Actions.CREATE_UPLOAD_REQUEST, "You created an upload request. As a result, the following email addresses were sent a file upload link: %s" % ",".join(emailAddresses), None)) session.commit() uploadURL = config['root_url']+"/public_upload?ticketId=%s" % str(uploadRequest.id) sMessages.append("Successfully created upload request") except Exception, e: fMessages.append(str(e))
def create_attribute(self, attributeName, attributeId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: attributeName, attributeId = strip_tags(attributeName), strip_tags(attributeId) if attributeId is None: fMessages.append("You must specify an ID for an attribute") elif attributeName is None: fMessages.append("You must give this attribute a name") else: attribute = Attribute(name=attributeName, id=attributeId) session.add(attribute) session.commit() sMessages.append("Successfully created a new attribute") except Exception, e: session.rollback() cherrypy.log.error("[%s] [create_attribute] [Could not create attribute: %s]" % (user.id, str(e))) fMessages.append("Unable to create attribute: %s" % str(e))
def create_attribute_shares(self, fileIds, attributeId, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: userShareableAttributes, permission = AccountService.get_shareable_attributes_by_user(user), False for attribute in userShareableAttributes: if attributeId == attribute.id: permission = True break if permission: fileIds = split_list_sanitized(fileIds) for fileId in fileIds: session.add(AttributeShare(file_id=fileId, attribute_id=attributeId)) sMessages.append("Successfully shared file(s) with users having the %s attribute" % attributeId ) else: fMessages.append("You do not have permission to share with this attribute") except Exception, e: fMessages.append(str(e))
def file_download_complete(user, fileId, publicShareId=None): config = cherrypy.request.app.config['filelocker'] try: role = None if cherrypy.session.has_key("current_role"): role = cherrypy.session.get("current_role") flFile = session.query(File).filter(File.id==fileId).one() if ((role is not None and flFile.role_owner_id != role.id) or user is None or user.id != flFile.owner_id) and flFile.notify_on_download and publicShareId is None: ownerName = "Unknown" try: owner = None if role is not None: owner = session.query(User).filter(User.id==flFile.role_owner_id).one() else: owner = session.query(User).filter(User.id==flFile.owner_id).one() ownerName = owner.id if owner.email is not None and owner.email != "": orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) Mail.notify(get_template_file('download_notification.tmpl'),{'sender': None, 'recipient': owner.email, 'fileName': flFile.name, 'downloadUserId': user.id, 'downloadUserName': user.display_name, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) except Exception, e: cherrypy.log.error("[%s] [file_download_complete] [Unable to notify user %s of download completion: %s]" % (user.id, ownerName, str(e))) if publicShareId is not None: publicShare = session.query(PublicShare).filter(PublicShare.id == publicShareId).one() session.add(AuditLog(flFile.owner_id, "Download File", "File %s downloaded via Public Share. " % str(flFile.name), None, flFile.role_owner_id, flFile.id)) if flFile.notify_on_download: try: owner = None if role is not None: owner = session.query(User).filter(User.id==flFile.role_owner_id).one() else: owner = session.query(User).filter(User.id==flFile.owner_id).one() if owner.email is not None and owner.email != "": orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all()) Mail.notify(get_template_file('public_download_notification.tmpl'),{'sender': None, 'recipient': owner.email, 'fileName': flFile.name, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']}) except Exception, e: cherrypy.log.error("[%s] [file_download_complete] [(2)Unable to notify user %s of download completion: %s]" % ("admin", owner.id, str(e))) if publicShare.reuse == "single": publicShare.files.remove(flFile) session.commit() publicShare = session.query(PublicShare).filter(PublicShare.id == publicShare.id).one() if len(publicShare.files) == 0: session.delete(publicShare) session.add(AuditLog(flFile.owner_id, "Delete Public Share", "File %s (%s) downloaded via single use public share. File is no longer publicly shared." % (flFile.name, flFile.id), None, flFile.role_owner_id, flFile.id)) session.commit()
def get_user(userId, login=False): import warnings authType = session.query(ConfigParameter).filter(ConfigParameter.name=="auth_type").one().value warnings.simplefilter("ignore") user = session.query(User).filter(User.id==userId).scalar() if user is None and authType!="local": #This would be silly if we are using local auth, there's no other source of user info directory = ExternalDirectory() user = directory.lookup_user(userId) if user is not None: if user.quota is None: user.quota = int(session.query(ConfigParameter).filter(ConfigParameter.name=="default_quota").one().value) session.add(user) session.commit() if user is not None: attributeList = [] for permission in user.permissions: if permission.id.startswith("(attr)"): attributeList.append(permission.id.split("(attr)")[1]) for group in user.groups: for permission in group.permissions: if permission.id.startswith("(attr)"): attributeList.append(permission.id.split("(attr)")[1]) if login: for flPlugin in getPlugins(FilelockerPlugin, plugins): attributeList.extend(flPlugin.get_user_attributes(user.id)) #Send user object off to plugin to get the list populated if not flPlugin.is_authorized(user.userId): #Checks if any plugin is going to explicitly deny this user access to Filelocker user.authorized = False uniqueAttributeList = [] for attributeId in attributeList: if attributeId not in uniqueAttributeList: attr = session.query(Attribute).filter(Attribute.id==attributeId).scalar() if attr is not None: user.attributes.append(attr) uniqueAttributeList.append(attributeId) user.date_last_login = datetime.datetime.now() session.commit() setup_session(user.get_copy()) if user.quota is None: #Catch for users that got added with nil quotas user.quota = 0 session.commit() return user
def delete_groups(self, groupIds, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: groupIds = split_list_sanitized(groupIds) for groupId in groupIds: try: group = session.query(Group).filter(Group.id==groupId).one() if group.owner_id == user.id or AccountService.user_has_permission(user, "admin"): session.delete(group) sMessages.append("Group %s deleted successfully" % group.name) session.add(AuditLog(user.id, Actions.DELETE_GROUP, "%s deleted group \"%s\"(%s)" % (user.id, group.name, group.id), None)) except sqlalchemy.orm.exc.NoResultFound, nrf: fMessages.append("Could not find group with ID: %s" % str(groupId)) session.commit() except Exception, e: session.rollback() fMessages.append("Could not delete groups: %s" % str(e)) cherrypy.log.error("[%s] [remove_users_from_group] [Could not delete groups: %s]" % (user.id, str(e)))
def create_user(self, userId, firstName, lastName, email, quota, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: try: newUser = User(id=strip_tags(userId), first_name=strip_tags(firstName), last_name=strip_tags(lastName), email=strip_tags(email), quota=int(quota)) if kwargs.has_key("password") and kwargs.has_key("confirmPassword"): if kwargs['password'] == kwargs['confirmPassword']: newUser.set_password(kwargs['password']) else: raise Exception("Passwords do not match") session.add(newUser) session.add(AuditLog(user.id, Actions.CREATE_USER, "%s created a new user with ID:\"%s\" on the system" % (user.id, newUser.id), newUser.id)) session.commit() sMessages.append("Created user %s (%s)" % (newUser.display_name, newUser.id)) except ValueError: fMessages.append("Invalid number entered for quota. Quota set to 0.") except Exception, e: cherrypy.log.error("[%s] [create_user] [Could not create user account: %s]" % (userId, str(e))) fMessages.append("Could not create user account with ID:%s - %s" % (userId, str(e)))
def create_clikey(self, hostIPv4, hostIPv6, format="json", requestOrigin="", **kwargs): user, sMessages, fMessages = (cherrypy.session.get("user"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: if self.validIPv4.match(hostIPv4): hostIPv6 = '' elif self.validIPv6.match(hostIPv6): hostIPv4 = '' else: fMessages.append("No IP address specified.") return fl_response(sMessages, fMessages, format) CLIkeyGen = str(os.urandom(32).encode('hex'))[0:32] try: existingKey = session.query(CLIKey).filter(CLIKey.user_id==user.id).filter(CLIKey.host_ipv4==hostIPv4).filter(CLIKey.host_ipv6==hostIPv6).one() existingKey.value=CLIkeyGen session.add(AuditLog(user.id, Actions.UPDATE_CLIKEY, "%s updated CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6))) session.commit() sMessages.append("Successfully updated key for host: %s%s." % (str(hostIPv4),str(hostIPv6))) except sqlalchemy.orm.exc.NoResultFound, nrf: newKey = CLIKey(user_id=strip_tags(user.id), host_ipv4=strip_tags(hostIPv4), host_ipv6=strip_tags(hostIPv6), value=CLIkeyGen) session.add(newKey) session.add(AuditLog(user.id, Actions.CREATE_CLIKEY, "%s created CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6))) session.commit() sMessages.append("Successfully added key for host: %s%s." % (str(hostIPv4),str(hostIPv6))) except Exception, e: session.rollback() cherrypy.log.error("[%s] [create_clikey] [Problem creating key: %s]" % (user.id, str(e))) fMessages.append("Problem creating key: %s" % str(e))
def delete_public_share(self, shareId, format="json", requestOrigin="", **kwargs): user, role, sMessages, fMessages = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], []) if requestOrigin != cherrypy.session['request-origin']: fMessages.append("Missing request key!!") else: shareId = strip_tags(shareId) try: ps = session.query(PublicShare).filter(PublicShare.id == shareId).one() if role is not None and ps.role_owner_id == role.id: session.delete(ps) session.add(AuditLog(user.id, Actions.DELETE_PUBLIC_SHARE, "Role %s stopped sharing files publicly via URL using share ID: %s" % (role.name, str(ps.id)), None, role.id)) session.commit() sMessages.append("Successfully unshared files") elif ps.owner_id == user.id or AccountService.user_has_permission(user, "admin"): session.delete(ps) session.add(AuditLog(user.id, Actions.DELETE_PUBLIC_SHARE, "You stopped sharing files publicly via URL using share ID: %s" % str(ps.id))) session.commit() sMessages.append("Successfully unshared files") else: fMessages.append("You do not have permission to modify share ID: %s" % str(ps.id)) except Exception, e: fMessages.append(str(e))