def password(self, request, pk, *args, **kwargs):
data = request.data.copy()
scirius_user = self.get_object()
data['user'] = scirius_user.user.pk
if request.user.is_superuser:
pass_serializer = ChangePasswordSuperUserSerializer(data=data)
else:
pass_serializer = ChangePasswordSerializer(data=data)
pass_serializer.is_valid(raise_exception=True)
if request.user.is_superuser is False:
if not scirius_user.user.check_password(
pass_serializer.validated_data.get('old_password')):
raise serializers.ValidationError(
{'old_password': ['Wrong password']})
scirius_user.user.set_password(
pass_serializer.validated_data.get('new_password'))
scirius_user.user.save()
scirius_user.save()
comment = data.pop('comment', None)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(action_type='edit_user_password',
comment=comment_serializer.validated_data['comment'],
user=request.user,
other_user=scirius_user.user)
return Response({'password': '******'})
def partial_update(self, request, pk, *args, **kwargs):
if request.user.is_superuser is False:
for right in (
'is_active',
'is_staff',
'is_superuser',
):
if right in request.data:
raise PermissionDenied({
right:
'You do not have permission to perform this action.'
})
data = request.data.copy()
comment = data.pop('comment', None)
instance = self.get_object()
serializer = self.get_serializer(instance,
data=request.data,
partial=True)
serializer.is_valid(raise_exception=True)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(action_type='edit_user',
comment=comment_serializer.validated_data['comment'],
user=request.user,
other_user=serializer.instance.user)
return super(AccountViewSet, self).update(request,
pk,
partial=True,
*args,
**kwargs)
def token(self, request, *args, **kwargs):
scirius_user = self.get_object()
tokens = Token.objects.filter(user=scirius_user.user)
token = ''
if request.method == 'GET':
if len(tokens) > 0:
token = tokens[0].key
else:
if len(tokens) > 0:
tokens[0].delete()
token = Token.objects.create(user=scirius_user.user).key
data = request.data.copy()
comment = data.pop('comment', None)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(
action_type='edit_user_token',
comment=comment_serializer.validated_data['comment'],
user=request.user,
other_user=scirius_user.user)
return Response({'token': token})
def post(self, request, format=None):
suri = Suricata.objects.first()
try:
suri.ruleset.update()
except IOError as e:
raise serializers.ValidationError(
{'update_push_all': ['Can not fetch data: %s' % e]})
suri.generate()
ret = suri.push()
suri.updated_date = timezone.now()
suri.save()
msg = ['Suricata restart already asked']
if ret:
msg = 'ok'
comment = request.data.get('comment', None)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(
action_type='update_push_all',
user=request.user,
ruleset=suri.ruleset,
comment=comment_serializer.validated_data['comment'])
return Response({'update_push_all': msg})
def post(self, request, format=None):
suri = Suricata.objects.first()
try:
suri.ruleset.update()
except IOError as e:
raise serializers.ValidationError({'update_push_all': ['Can not fetch data: %s' % e]})
suri.generate()
ret = suri.push()
suri.updated_date = timezone.now()
suri.save()
msg = ['Suricata restart already asked']
if ret:
msg = 'ok'
comment = request.data.get('comment', None)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(
action_type='update_push_all',
user=request.user,
ruleset=suri.ruleset,
comment=comment_serializer.validated_data['comment']
)
return Response({'update_push_all': msg})
def destroy(self, request, *args, **kwargs):
old_user = self.get_object()
# Do not need to copy 'request.data' and pop 'comment'
# because we are not using serializer there
comment = request.data.get('comment', None)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(action_type='delete_user',
user=request.user,
old_user=old_user.user,
comment=comment_serializer.validated_data['comment'])
return super(AccountViewSet, self).destroy(request, *args, **kwargs)
def update(self, request, pk, *args, **kwargs):
data = request.data.copy()
comment = data.pop('comment', None)
instance = self.get_object()
serializer = self.get_serializer(instance,
data=request.data,
partial=False)
serializer.is_valid(raise_exception=True)
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(action_type='edit_user',
comment=comment_serializer.validated_data['comment'],
user=request.user,
other_user=serializer.instance.user)
return super(AccountViewSet, self).update(request, pk, *args, **kwargs)
def create(self, request, *args, **kwargs):
data = request.data.copy()
comment = data.pop('comment', None)
serializer = AccountSerializer(data=data)
serializer.is_valid(raise_exception=True)
serializer.save()
comment_serializer = CommentSerializer(data={'comment': comment})
comment_serializer.is_valid(raise_exception=True)
UserAction.create(action_type='create_user',
comment=comment_serializer.validated_data['comment'],
user=request.user,
new_user=serializer.instance.user)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
headers=headers,
status=status.HTTP_201_CREATED)
def destroy(self, request, *args, **kwargs):
from rules.rest_api import CommentSerializer
comment_serializer = CommentSerializer(data=request.data)
comment_serializer.is_valid(raise_exception=True)
UserAction.create(
action_type='delete_rule_filter',
comment=comment_serializer.validated_data.get('comment'),
user=request.user,
rule_filter=self.get_object()
)
index = self.get_object().index
response = super(RuleProcessingFilterViewSet, self).destroy(request, *args, **kwargs)
# Update index values
RuleProcessingFilter.objects.filter(index__gt=index).update(index=models.F('index') - 1)
return response
def destroy(self, request, *args, **kwargs):
from rules.rest_api import CommentSerializer
comment_serializer = CommentSerializer(data=request.data)
comment_serializer.is_valid(raise_exception=True)
UserAction.create(
action_type='delete_rule_filter',
comment=comment_serializer.validated_data.get('comment'),
user=request.user,
rule_filter=self.get_object()
)
index = self.get_object().index
response = super(RuleProcessingFilterViewSet, self).destroy(request, *args, **kwargs)
# Update index values
RuleProcessingFilter.objects.filter(index__gt=index).update(index=models.F('index') - 1)
return response