def create_group(): group = request.json # perform validations on incoming data; issue#132 if not group.get('name'): return jsonify(success=False, reason='name-field-is-required') userz = group.get('users') sitez = group.get('sites') if userz: for user in userz: if not users.find_one({'email': user}): return jsonify(success=False, reason='user %s does not exist'%user) if sitez: for site in sitez: if not sites.find_one({'name': site}): return jsonify(success=False, reason='site %s does not exist'%site) if groups.find_one({'name': group['name']}) is not None: return jsonify(success=False, reason='group-already-exists') # post-validation new_group = { 'id': str(uuid.uuid4()), 'name': group['name'], 'description': group.get('description', ""), 'sites': group.get('sites', []), 'users': group.get('users', []), 'created': datetime.datetime.utcnow() } groups.insert(new_group) return jsonify(success=True, group=sanitize_group(new_group))
def get_issues(): issue_codes = request.args.getlist('issue_code') issues = [] group = groups.find_one({'name': request.args.get('group_name')}) if group is not None: for target in group['sites']: scan = scans.find_one({"plan.name": request.args.get('plan_name'), "configuration.target": target, "state": "FINISHED", "sessions.issues.Code": {"$in": issue_codes}}, {"id": 1, "created": 1, "started": 1, "finished": 1, "configuration.target": 1, "sessions.issues.$": 1}) if scan: hit = {"site": {"url": scan["configuration"]["target"]}, "scan": {"id": scan["id"], "created": sanitize_time(scan["created"]), "started": sanitize_time(scan["started"]), "finished": sanitize_time(scan["finished"]), "sessions": []}} for session in scan["sessions"]: s = {"plugin": {"class": session["plugin"]["class"]}, "issues": []} for issue in session['issues']: if issue['Code'] in issue_codes: s["issues"].append({"summary": issue["Summary"], "id": issue["Id"], "code": issue["Code"]}) hit["scan"]["sessions"].append(s) issues.append(hit) return jsonify(success=True, issues=issues)
def create_group(): group = request.json # perform validations on incoming data; issue#132 if not group.get("name"): return jsonify(success=False, reason="name-field-is-required") userz = group.get("users") sitez = group.get("sites") if userz: for user in userz: if not users.find_one({"email": user}): return jsonify(success=False, reason="user %s does not exist" % user) if sitez: for site in sitez: if not sites.find_one({"name": site}): return jsonify(success=False, reason="site %s does not exist" % site) if groups.find_one({"name": group["name"]}) is not None: return jsonify(success=False, reason="group-already-exists") # post-validation new_group = { "id": str(uuid.uuid4()), "name": group["name"], "description": group.get("description", ""), "sites": group.get("sites", []), "users": group.get("users", []), "created": datetime.datetime.utcnow(), } groups.insert(new_group) return jsonify(success=True, group=sanitize_group(new_group))
def _find_sites_for_user_by_group_name(email, group_name): """ Find all sites that user has access to in a given group. """ group = groups.find_one({'name': group_name, 'users': email}) if not group: return jsonify(success=False, reason="Group not found.") return group['sites']
def create_group(): group = request.json # perform validations on incoming data; issue#132 if not group.get('name'): return jsonify(success=False, reason='name-field-is-required') userz = group.get('users') sitez = group.get('sites') if userz: for user in userz: if not users.find_one({'email': user}): return jsonify(success=False, reason='user %s does not exist' % user) if sitez: for site in sitez: if not sites.find_one({'url': site}): return jsonify(success=False, reason='site %s does not exist' % site) if groups.find_one({'name': group['name']}) is not None: return jsonify(success=False, reason='group-already-exists') # post-validation new_group = { 'id': str(uuid.uuid4()), 'name': group['name'], 'description': group.get('description', ""), 'sites': group.get('sites', []), 'users': group.get('users', []), 'created': datetime.datetime.utcnow() } groups.insert(new_group) return jsonify(success=True, group=sanitize_group(new_group))
def patch_group(group_name): group = groups.find_one({'name': group_name}) if not group: return jsonify(success=False, reason='no-such-group') # Process the edits. These can probably be done in one operation. patch = request.json for site in patch.get('addSites', []): if isinstance(site, unicode): groups.update({'name':group_name},{'$push': {'sites': site}}) for site in patch.get('removeSites', []): if isinstance(site, unicode): groups.update({'name':group_name},{'$pull': {'sites': site}}) for user in patch.get('addUsers', []): if isinstance(user, unicode): groups.update({'name':group_name},{'$push': {'users': user}}) for user in patch.get('removeUsers', []): if isinstance(user, unicode): groups.update({'name':group_name},{'$pull': {'users': user}}) # Return the modified group group = groups.find_one({'name': group_name}) return jsonify(success=True, group=sanitize_group(group))
def patch_group(group_name): group = groups.find_one({"name": group_name}) if not group: return jsonify(success=False, reason="no-such-group") # Process the edits. These can probably be done in one operation. patch = request.json for site in patch.get("addSites", []): if isinstance(site, unicode) or isinstance(site, str): groups.update({"name": group_name}, {"$push": {"sites": site}}) for site in patch.get("removeSites", []): if isinstance(site, unicode) or isinstance(site, str): groups.update({"name": group_name}, {"$pull": {"sites": site}}) for user in patch.get("addUsers", []): if isinstance(user, unicode) or isinstance(user, str): groups.update({"name": group_name}, {"$push": {"users": user}}) for user in patch.get("removeUsers", []): if isinstance(user, unicode) or isinstance(user, str): groups.update({"name": group_name}, {"$pull": {"users": user}}) # Return the modified group group = groups.find_one({"name": group_name}) return jsonify(success=True, group=sanitize_group(group))
def patch_group(group_name): group = groups.find_one({'name': group_name}) if not group: return jsonify(success=False, reason='no-such-group') # Process the edits. These can probably be done in one operation. patch = request.json for site in patch.get('addSites', []): if isinstance(site, unicode) or isinstance(site, str): groups.update({'name': group_name}, {'$push': {'sites': site}}) for site in patch.get('removeSites', []): if isinstance(site, unicode) or isinstance(site, str): groups.update({'name': group_name}, {'$pull': {'sites': site}}) for user in patch.get('addUsers', []): if isinstance(user, unicode) or isinstance(user, str): groups.update({'name': group_name}, {'$push': {'users': user}}) for user in patch.get('removeUsers', []): if isinstance(user, unicode) or isinstance(user, str): groups.update({'name': group_name}, {'$pull': {'users': user}}) # Return the modified group group = groups.find_one({'name': group_name}) return jsonify(success=True, group=sanitize_group(group))
def get_group(group_name): group = groups.find_one({'name': group_name}) if not group: return jsonify(success=False, reason='no-such-group') return jsonify(success=True, group=sanitize_group(group))
def _check_group_exists(group_name): return groups.find_one({'name': group_name}) is not None
def delete_group(group_name): group = groups.find_one({'name': group_name}) if not group: return jsonify(success=False, reason='no-such-group') groups.remove({'name': group_name}) return jsonify(success=True)