def test_default_group(self): resets = [useradmin.conf.DEFAULT_USER_GROUP.set_for_testing("test_default")] try: get_default_user_group() c = make_logged_in_client(username="******", is_superuser=True) # Create default group if it doesn't already exist. assert_true(Group.objects.filter(name="test_default").exists()) # Try deleting the default group assert_true(Group.objects.filter(name="test_default").exists()) response = c.post("/useradmin/groups/delete", {"group_names": ["test_default"]}) assert_true("default user group may not be deleted" in response.content) assert_true(Group.objects.filter(name="test_default").exists()) # Change the name of the default group, and try deleting again resets.append(useradmin.conf.DEFAULT_USER_GROUP.set_for_testing("new_default")) response = c.post("/useradmin/groups/delete", {"group_names": ["test_default"]}) assert_false(Group.objects.filter(name="test_default").exists()) assert_true(Group.objects.filter(name="new_default").exists()) finally: for reset in resets: reset()
def test_default_group(self): resets = [ useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default') ] try: get_default_user_group() c = make_logged_in_client(username='******', is_superuser=True) # Create default group if it doesn't already exist. assert_true(Group.objects.filter(name='test_default').exists()) # Try deleting the default group assert_true(Group.objects.filter(name='test_default').exists()) response = c.post('/useradmin/groups/delete', {'group_names': ['test_default']}) assert_true( 'default user group may not be deleted' in response.content) assert_true(Group.objects.filter(name='test_default').exists()) # Change the name of the default group, and try deleting again resets.append( useradmin.conf.DEFAULT_USER_GROUP.set_for_testing( 'new_default')) response = c.post('/useradmin/groups/delete', {'group_names': ['test_default']}) assert_false(Group.objects.filter(name='test_default').exists()) assert_true(Group.objects.filter(name='new_default').exists()) finally: for reset in resets: reset()
def forwards(self, orm): try: from useradmin.models import get_default_user_group from desktop.lib.test_utils import revoke_permission # Revoke S3 access to default group by default if get_default_user_group(): revoked = revoke_permission(get_default_user_group(), 'filebrowser', 's3_access') LOG.info('Revoked s3 permissions: %s' % revoked) except Exception, e: LOG.error(e)
def setUp(self): self.client = make_logged_in_client(username='******', groupname=get_default_user_group(), recreate=True, is_superuser=False) self.user = User.objects.get(username='******') self.user = rewrite_user(self.user)
def handle(self, *args, **options): if not options.get('user'): user = User.objects.get(username=pwd.getpwuid(os.getuid()).pw_name) else: user = options['user'] dialect = options.get('dialect', 'hive') # Install sample notebook from fixture if notebook with sample UUID doesn't exist if not Document2.objects.filter(uuid="7f2ea775-e067-4fde-8f5f-4d704ab9b002").exists(): sample_user = install_sample_user() with transaction.atomic(): management.call_command('loaddata', 'initial_notebook_examples.json', verbosity=2, commit=False) Document.objects.sync() # Get or create sample user directories home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR ) Document2.objects.filter(type='notebook', owner__username__in=SAMPLE_USER_OWNERS).update(parent_directory=examples_dir) # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample notebook') from beeswax.management.commands.beeswax_install_examples import Command Command().handle(dialect=dialect, user=user)
def delete_group(request): if not request.user.is_superuser: request.audit = { 'operation': 'DELETE_GROUP', 'operationText': _get_failed_operation_text(request.user.username, 'DELETE_GROUP'), 'allowed': False } raise PopupException(_("You must be a superuser to delete groups."), error_code=401) if request.method == 'POST': try: group_names = request.POST.getlist('group_names') # Get the default group before getting the group, because we may be # trying to delete the default group, and it may not have been created yet. default_group = get_default_user_group() if default_group is not None and default_group.name in group_names: raise PopupException(_("The default user group may not be deleted."), error_code=401) Group.objects.filter(name__in=group_names).delete() request.info(_('The groups were deleted.')) request.audit = { 'operation': 'DELETE_GROUP', 'operationText': 'Deleted Group(s): %s' % ', '.join(group_names) } return redirect(reverse(list_groups)) except Group.DoesNotExist: raise PopupException(_("Group not found."), error_code=404) else: return render("delete_group.mako", request, {'path': request.path})
def authenticate(self, access_token): username = access_token['screen_name'] password = access_token['oauth_token_secret'] username = force_username_case(username) try: if AUTH.IGNORE_USERNAME_CASE.get(): user = User.objects.get(username__iexact=username) else: user = User.objects.get(username=username) except User.DoesNotExist: if not UserProfile.objects.filter(creation_method=str( UserProfile.CreationMethod.EXTERNAL)).exists(): is_super = True else: is_super = False # Could save oauth_token detail in the user profile here user = find_or_create_user(username, password) profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super user.save() default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) return user
def authenticate(self, remote_user=None): username = self.clean_username(remote_user) username = desktop.conf.AUTH.FORCE_USERNAME_LOWERCASE.get() and username.lower() or username is_super = False if User.objects.count() == 0: is_super = True try: if desktop.conf.AUTH.IGNORE_USERNAME_CASE.get(): user = User.objects.get(username__iexact=username) else: user = User.objects.get(username=username) except User.DoesNotExist: user = find_or_create_user(username, None) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user.save() user = rewrite_user(user) return user
def delete_group(request, name): if not request.user.is_superuser: raise PopupException("You must be a superuser to delete groups.") if request.method == 'POST': try: global groups_lock __groups_lock.acquire() try: # Get the default group before getting the group, because we may be # trying to delete the default group, and it may not have been created # yet default_group = get_default_user_group() group = Group.objects.get(name=name) if default_group is not None and default_group.name == name: raise PopupException("The default user group may not be deleted.") group.delete() finally: __groups_lock.release() # Send a flash message saying "deleted"? return list_groups(request) except Group.DoesNotExist: raise PopupException("Group not found.") else: return render("confirm.mako", request, dict(path=request.path, title="Delete group?"))
def authenticate(self, access_token): username = access_token['screen_name'] password = access_token['oauth_token_secret'] try: user = User.objects.get(username=username) except User.DoesNotExist: if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists(): is_super=True else: is_super=False # Could save oauth_token detail in the user profile here user = find_or_create_user(username, password) profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super user.save() default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) return user
def update_user(self, user, attributes, attribute_mapping, force_save=False): # Do this check up here, because the auth call creates a django user upon first login per user is_super = False if not UserProfile.objects.filter(creation_method=str(UserProfile.CreationMethod.EXTERNAL)).exists(): # If there are no LDAP users already in the system, the first one will # become a superuser is_super = True elif User.objects.filter(username=user.username).exists(): # If the user already exists, we shouldn't change its superuser # privileges. However, if there's a naming conflict with a non-external # user, we should do the safe thing and turn off superuser privs. user = User.objects.get(username=user.username) existing_profile = get_profile(user) if existing_profile.creation_method == str(UserProfile.CreationMethod.EXTERNAL): is_super = user.is_superuser user = super(SAML2Backend, self).update_user(user, attributes, attribute_mapping, force_save) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super user = rewrite_user(user) default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user.save() return user return None
def handle_noargs(self, **options): fs = cluster.get_hdfs() create_directories(fs, [REMOTE_SAMPLE_DIR.get()]) remote_dir = REMOTE_SAMPLE_DIR.get() # Copy examples binaries for name in os.listdir(LOCAL_SAMPLE_DIR.get()): local_dir = fs.join(LOCAL_SAMPLE_DIR.get(), name) remote_data_dir = fs.join(remote_dir, name) LOG.info(_('Copying examples %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir}) fs.do_as_user(fs.DEFAULT_USER, fs.copyFromLocal, local_dir, remote_data_dir) # Copy sample data local_dir = paths.get_thirdparty_root("sample_data") remote_data_dir = fs.join(remote_dir, 'data') LOG.info(_('Copying data %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir}) fs.do_as_user(fs.DEFAULT_USER, fs.copyFromLocal, local_dir, remote_data_dir) # Load jobs sample_user = install_sample_user() management.call_command('loaddata', 'initial_pig_examples.json', verbosity=2) Document.objects.sync() if USE_NEW_EDITOR.get(): # Get or create sample user directories home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR) try: # Don't overwrite doc = Document.objects.get(object_id=1100713) doc2 = Document2.objects.get(owner=sample_user, name=doc.name, type='link-pigscript') # If document exists but has been trashed, recover from Trash if doc2.parent_directory != examples_dir: doc2.parent_directory = examples_dir doc2.save() except Document.DoesNotExist: LOG.warn('Sample pig script document not found.') except Document2.DoesNotExist: if doc.content_object: data = doc.content_object.dict data.update({'content_type': doc.content_type.model, 'object_id': doc.object_id}) data = json.dumps(data) doc2 = Document2.objects.create( owner=sample_user, parent_directory=examples_dir, name=doc.name, type='link-pigscript', description=doc.description, data=data) LOG.info('Successfully installed sample link to pig script: %s' % (doc2.name,)) # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()])
def delete_group(request, name): if not request.user.is_superuser: raise PopupException(_("You must be a superuser to delete groups."), error_code=401) if request.method == 'POST': try: global groups_lock __groups_lock.acquire() try: # Get the default group before getting the group, because we may be # trying to delete the default group, and it may not have been created # yet default_group = get_default_user_group() group = Group.objects.get(name=name) if default_group is not None and default_group.name == name: raise PopupException(_("The default user group may not be deleted."), error_code=401) group.delete() finally: __groups_lock.release() request.info(_('The group was deleted.')) return redirect(reverse(list_groups)) except Group.DoesNotExist: raise PopupException(_("Group not found."), error_code=404) else: return render("delete_group.mako", request, dict(path=request.path, groupname=name))
def handle_noargs(self, **options): sample_user = install_sample_user() # Get or create sample user directories home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR ) if not Document2.objects.filter(type='search-dashboard', owner__username__in=SAMPLE_USER_OWNERS).exists(): management.call_command('loaddata', 'initial_search_examples.json', verbosity=2) Document.objects.sync() Document2.objects.filter(type='search-dashboard', owner__username__in=SAMPLE_USER_OWNERS).update(parent_directory=examples_dir) else: # Check if sample documents are in Trash, and if so, restore them for doc in Document2.objects.filter(type='search-dashboard', owner__username__in=SAMPLE_USER_OWNERS): if doc.parent_directory != examples_dir: doc.parent_directory = examples_dir doc.save() # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample search dashboard')
def check_auth(self, username, password): if pam.authenticate(username, password, desktop.conf.AUTH.PAM_SERVICE.get()): is_super = False if User.objects.count() == 0: is_super = True try: user = User.objects.get(username=username) except User.DoesNotExist: user = find_or_create_user(username, None) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user.save() user = rewrite_user(user) return user return None
def add_to_group(username, groupname=get_default_user_group().name): user = User.objects.get(username=username) group, created = Group.objects.get_or_create(name=groupname) if not user.groups.filter(name=group.name).exists(): user.groups.add(group) user.save()
def delete_group(request, name): if not request.user.is_superuser: raise PopupException(_("You must be a superuser to delete groups."), error_code=401) if request.method == 'POST': try: global groups_lock __groups_lock.acquire() try: # Get the default group before getting the group, because we may be # trying to delete the default group, and it may not have been created # yet default_group = get_default_user_group() group = Group.objects.get(name=name) if default_group is not None and default_group.name == name: raise PopupException( _("The default user group may not be deleted."), error_code=401) group.delete() finally: __groups_lock.release() request.info(_('The group was deleted.')) return redirect(reverse(list_groups)) except Group.DoesNotExist: raise PopupException(_("Group not found."), error_code=404) else: return render("delete_group.mako", request, dict(path=request.path, groupname=name))
def share_to_default(self, document): from useradmin.models import get_default_user_group # Remove build dependency perm, created = DocumentPermission.objects.get_or_create(doc=document) default_group = get_default_user_group() if default_group: perm.groups.add(default_group)
def setUp(self): self.client = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.client_not_me = make_logged_in_client(username="******", groupname="default", recreate=True, is_superuser=False) self.user = User.objects.get(username="******") self.user_not_me = User.objects.get(username="******") grant_access(self.user.username, self.user.username, "desktop") grant_access(self.user_not_me.username, self.user_not_me.username, "desktop") self.default_group = get_default_user_group() # This creates the user directories for the new user response = self.client.get('/desktop/api2/docs/') data = json.loads(response.content) assert_equal('/', data['document']['path'], data) self.home_dir = Document2.objects.get_home_directory(user=self.user)
def _import_ldap_user(username, import_by_dn=False): """ Import a user from LDAP. If import_by_dn is true, this will import the user by the distinguished name, rather than the configured username attribute. """ conn = ldap_access.get_connection() user_info = conn.find_user(username, import_by_dn) if user_info is None: LOG.warn("Could not get LDAP details for user %s" % (username,)) return None user, created = User.objects.get_or_create(username=user_info['username']) profile = get_profile(user) if not created and profile.creation_method == str(UserProfile.CreationMethod.HUE): # This is a Hue user, and shouldn't be overwritten LOG.warn('There was a naming conflict while importing user %s' % (username,)) return None default_group = get_default_user_group() if created and default_group is not None: user.groups.add(default_group) if 'first' in user_info: user.first_name = user_info['first'] if 'last' in user_info: user.last_name = user_info['last'] if 'email' in user_info: user.email = user_info['email'] profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.save() return user
def authenticate(self, remote_user=None): username = self.clean_username(remote_user) username = desktop.conf.AUTH.FORCE_USERNAME_LOWERCASE.get( ) and username.lower() or username is_super = False if User.objects.count() == 0: is_super = True try: if desktop.conf.AUTH.IGNORE_USERNAME_CASE.get(): user = User.objects.get(username__iexact=username) else: user = User.objects.get(username=username) except User.DoesNotExist: user = find_or_create_user(username, None) if user is not None and user.is_active: profile = get_profile(user) profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.is_superuser = is_super default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user.save() user = rewrite_user(user) return user
def handle(self, *args, **options): sample_user = install_sample_user() # Get or create sample user directories home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR ) if not Document2.objects.filter(type='search-dashboard', owner__username__in=SAMPLE_USER_OWNERS).exists(): with transaction.atomic(): if sys.version_info[0] > 2: management.call_command('loaddata', 'initial_search_examples.json', verbosity=2) else: management.call_command('loaddata', 'initial_search_examples.json', verbosity=2, commit=False) Document.objects.sync() Document2.objects.filter(type='search-dashboard', owner__username__in=SAMPLE_USER_OWNERS).update(parent_directory=examples_dir) else: # Check if sample documents are in Trash, and if so, restore them for doc in Document2.objects.filter(type='search-dashboard', owner__username__in=SAMPLE_USER_OWNERS): if doc.parent_directory != examples_dir: doc.parent_directory = examples_dir doc.save() # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample search dashboard')
def handle(self, *args, **options): if not options.get('user'): user = User.objects.get(username=pwd.getpwuid(os.getuid()).pw_name) else: user = options['user'] # Install sample notebook from fixture if notebook with sample UUID doesn't exist if not Document2.objects.filter(uuid="7f2ea775-e067-4fde-8f5f-4d704ab9b002").exists(): sample_user = install_sample_user() management.call_command('loaddata', 'initial_notebook_examples.json', verbosity=2) Document.objects.sync() # Get or create sample user directories home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR ) Document2.objects.filter(type='notebook', owner__username__in=SAMPLE_USER_OWNERS).update(parent_directory=examples_dir) # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample notebook') from beeswax.management.commands.beeswax_install_examples import Command app_name = 'beeswax' Command().handle(app_name=app_name, user=user, tables='tables.json')
def test_login_does_not_reset_groups(self): client = make_logged_in_client(username=self.test_username, password="******") user = User.objects.get(username=self.test_username) test_group, created = Group.objects.get_or_create( name=self.test_username) default_group = get_default_user_group() user.groups.all().delete() assert_false(user.groups.exists()) # No groups response = client.post('/hue/accounts/login/', dict(username=self.test_username, password="******"), follow=True) assert_equal(200, response.status_code, "Expected ok status.") assert_equal([default_group.name], [i for i in user.groups.values_list('name', flat=True)]) add_to_group(self.test_username, self.test_username) # Two groups client.get('/accounts/logout') response = client.post('/hue/accounts/login/', dict(username=self.test_username, password="******"), follow=True) assert_equal(200, response.status_code, "Expected ok status.") assert_equal(set([default_group.name, test_group.name]), set(user.groups.values_list('name', flat=True))) user.groups.filter(name=default_group.name).delete() assert_equal(set([test_group.name]), set(user.groups.values_list('name', flat=True))) # Keep manual group only, don't re-add default group client.get('/accounts/logout') response = client.post('/hue/accounts/login/', dict(username=self.test_username, password="******"), follow=True) assert_equal(200, response.status_code, "Expected ok status.") assert_equal([test_group.name], list(user.groups.values_list('name', flat=True))) user.groups.remove(test_group) assert_false(user.groups.exists()) # Re-add default group client.get('/accounts/logout') response = client.post('/hue/accounts/login/', dict(username=self.test_username, password="******"), follow=True) assert_equal(200, response.status_code, "Expected ok status.") assert_equal([default_group.name], list(user.groups.values_list('name', flat=True)))
def _import_ldap_users_info(connection, user_info, sync_groups=False, import_by_dn=False): """ Import user_info found through ldap_access.find_users. """ imported_users = [] for ldap_info in user_info: # Extra validation in case import by DN and username has spaces or colons validate_username(ldap_info['username']) user, created = ldap_access.get_or_create_ldap_user(username=ldap_info['username']) profile = get_profile(user) if not created and profile.creation_method == str(UserProfile.CreationMethod.HUE): # This is a Hue user, and shouldn't be overwritten LOG.warn(_('There was a naming conflict while importing user %(username)s') % { 'username': ldap_info['username'] }) return None default_group = get_default_user_group() if created and default_group is not None: user.groups.add(default_group) if 'first' in ldap_info: user.first_name = ldap_info['first'] if 'last' in ldap_info: user.last_name = ldap_info['last'] if 'email' in ldap_info: user.email = ldap_info['email'] profile.creation_method = UserProfile.CreationMethod.EXTERNAL profile.save() user.save() imported_users.append(user) # sync groups if sync_groups and 'groups' in ldap_info: old_groups = set(user.groups.all()) new_groups = set() # Skip if 'memberOf' or 'isMemberOf' are not set for group_dn in ldap_info['groups']: group_ldap_info = connection.find_groups(group_dn, find_by_dn=True, scope=ldap.SCOPE_BASE) for group_info in group_ldap_info: # Add only if user isn't part of group. if not user.groups.filter(name=group_info['name']).exists(): groups = import_ldap_groups(connection, group_info['dn'], import_members=False, import_members_recursive=False, sync_users=False, import_by_dn=True) if groups: new_groups.update(groups) # Remove out of date groups remove_groups = old_groups - new_groups remove_ldap_groups = LdapGroup.objects.filter(group__in=remove_groups) remove_groups_filtered = [ldapgroup.group for ldapgroup in remove_ldap_groups] user.groups.filter(group__in=remove_groups_filtered).delete() user.groups.add(*new_groups) Group.objects.filter(group__in=remove_groups_filtered).delete() remove_ldap_groups.delete() return imported_users
def install(self, django_user): """ Install queries. Raise InstallException on failure. """ LOG.info('Installing sample query: %s' % (self.name, )) try: # Don't overwrite query = SavedQuery.objects.get(owner=django_user, name=self.name, type=self.type) except SavedQuery.DoesNotExist: query = SavedQuery(owner=django_user, name=self.name, type=self.type, desc=self.desc) # The data field needs to be a string. The sample file writes it # as json (without encoding into a string) for readability. query.data = json.dumps(self.data) query.save() LOG.info('Successfully installed sample design: %s' % (self.name, )) if beeswax.conf.USE_NEW_EDITOR.get(): try: # Don't overwrite doc2 = Document2.objects.get(owner=django_user, name=self.name, type=self._document_type( self.type)) except Document2.DoesNotExist: # Create document from saved query notebook = import_saved_beeswax_query(query) data = notebook.get_json() # Get or create sample user directories home_dir = Directory.objects.get_home_directory(django_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=django_user, name=Document2.EXAMPLES_DIR) doc2 = Document2.objects.create(owner=django_user, parent_directory=examples_dir, name=self.name, type=self._document_type( self.type), description=self.desc, data=data) # Share with default group examples_dir.share(django_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) doc2.save() LOG.info('Successfully installed sample query: %s' % (self.name, ))
def check_auth(self, username, password): user = find_or_create_user(username, None) user.is_superuser = False user.save() default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) return user
def install(self, django_user, interpreter=None): """ Install queries. Raise InstallException on failure. """ LOG.info('Installing sample query: %s' % (self.name,)) try: # Don't overwrite query = SavedQuery.objects.get(owner=django_user, name=self.name, type=self.type) except SavedQuery.DoesNotExist: query = SavedQuery(owner=django_user, name=self.name, type=self.type, desc=self.desc) # The data field needs to be a string. The sample file writes it as json (without encoding into a string) for readability. query.data = json.dumps(self.data) query.save() LOG.info('Successfully installed sample design: %s' % (self.name,)) if USE_NEW_EDITOR.get(): examples_dir = _get_example_directory(django_user) document_type = self._document_type(self.type, interpreter) notebook = import_saved_beeswax_query(query, interpreter=interpreter) try: # Could move PK from a uuid in queries.json at some point to handle name changes without duplicating. # And move to a simpler json format at some point. doc2 = Document2.objects.get(owner=django_user, name=self.name, type=document_type, is_history=False) if doc2.parent_directory != examples_dir: # Recover from Trash or if moved doc2.parent_directory = examples_dir data = json.loads(doc2.data) data['uuid'] = doc2.uuid doc2.data = json.dumps(data) # Refresh content doc2.save() except Document2.DoesNotExist: # Create new example data = notebook.get_data() data['isSaved'] = True uuid = data.get('uuid') data = json.dumps(data) doc2 = Document2.objects.create( uuid=uuid, # Must the same as in the notebook data owner=django_user, parent_directory=examples_dir, name=self.name, type=document_type, description=self.desc, data=data ) # TODO: FK to connector object # Share with default group examples_dir.share(django_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample query: %s' % doc2)
def test_share_document_permissions(self): # No doc response = self.client.get('/home') assert_equal({}, json.loads(response.context['json_documents'])) response = self.client_not_me.get('/home') assert_equal({}, json.loads(response.context['json_documents'])) # Add doc script, doc = self._add_doc('test_update_permissions') doc_id = '%s' % doc.id response = self.client.get('/home') assert_true(doc_id in json.loads(response.context['json_documents'])) response = self.client_not_me.get('/home') assert_false(doc_id in json.loads(response.context['json_documents'])) # Share by user response = self.client.post("/desktop/api/doc/update_permissions", { 'doc_id': doc.id, 'data': json.dumps({'read': {'user_ids': [self.user.id, self.user_not_me.id], 'group_ids': []}}) }) assert_equal(0, json.loads(response.content)['status'], response.content) response = self.client.get('/home') assert_true(doc_id in json.loads(response.context['json_documents'])) response = self.client_not_me.get('/home') assert_true(doc_id in json.loads(response.context['json_documents'])) # Un-share response = self.client.post("/desktop/api/doc/update_permissions", { 'doc_id': doc.id, 'data': json.dumps({'read': {'user_ids': [self.user.id], 'group_ids': []}}) }) assert_equal(0, json.loads(response.content)['status'], response.content) response = self.client.get('/home') assert_true(doc_id in json.loads(response.context['json_documents'])) response = self.client_not_me.get('/home') assert_false(doc_id in json.loads(response.context['json_documents'])) # Share by group default_group = get_default_user_group() response = self.client.post("/desktop/api/doc/update_permissions", { 'doc_id': doc.id, 'data': json.dumps({'read': {'user_ids': [self.user.id], 'group_ids': [default_group.id]}}) }) assert_equal(0, json.loads(response.content)['status'], response.content) response = self.client.get('/home') assert_true(doc_id in json.loads(response.context['json_documents'])) response = self.client_not_me.get('/home') assert_true(doc_id in json.loads(response.context['json_documents']))
def handle(self, *args, **options): fs = cluster.get_hdfs() create_directories(fs, [REMOTE_SAMPLE_DIR.get()]) remote_dir = REMOTE_SAMPLE_DIR.get() sample_user = install_sample_user() # Copy examples binaries for name in os.listdir(LOCAL_SAMPLE_DIR.get()): local_dir = fs.join(LOCAL_SAMPLE_DIR.get(), name) remote_data_dir = fs.join(remote_dir, name) LOG.info( _('Copying examples %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir }) fs.do_as_user(sample_user.username, fs.copyFromLocal, local_dir, remote_data_dir) # Copy sample data local_dir = paths.get_thirdparty_root("sample_data") remote_data_dir = fs.join(remote_dir, 'data') LOG.info( _('Copying data %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir }) fs.do_as_user(sample_user.username, fs.copyFromLocal, local_dir, remote_data_dir) # Initialize doc2, whether editor script or link doc2 = None # Install editor pig script without doc1 link LOG.info("Using Hue 4, will install pig editor sample.") doc2 = self.install_pig_script(sample_user) if USE_NEW_EDITOR.get(): # Get or create sample user directories LOG.info("Creating sample user directories.") home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR) # If document exists but has been trashed, recover from Trash if doc2 and doc2.parent_directory != examples_dir: doc2.parent_directory = examples_dir doc2.save() # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()])
def install(self, django_user, interpreter=None): """ Install queries. Raise InstallException on failure. """ LOG.info('Installing sample query: %s' % (self.name,)) try: # Don't overwrite query = SavedQuery.objects.get(owner=django_user, name=self.name, type=self.type) except SavedQuery.DoesNotExist: query = SavedQuery(owner=django_user, name=self.name, type=self.type, desc=self.desc) # The data field needs to be a string. The sample file writes it # as json (without encoding into a string) for readability. query.data = json.dumps(self.data) query.save() LOG.info('Successfully installed sample design: %s' % (self.name,)) if USE_NEW_EDITOR.get(): # Get or create sample user directories home_dir = Directory.objects.get_home_directory(django_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=django_user, name=Document2.EXAMPLES_DIR ) document_type = self._document_type(self.type, interpreter) try: # Don't overwrite doc2 = Document2.objects.get(owner=django_user, name=self.name, type=document_type, is_history=False) # If document exists but has been trashed, recover from Trash if doc2.parent_directory != examples_dir: doc2.parent_directory = examples_dir doc2.save() except Document2.DoesNotExist: # Create document from saved query notebook = import_saved_beeswax_query(query, interpreter=interpreter) data = notebook.get_data() data['isSaved'] = True uuid = data.get('uuid') data = json.dumps(data) doc2 = Document2.objects.create( uuid=uuid, owner=django_user, parent_directory=examples_dir, name=self.name, type=document_type, description=self.desc, data=data ) # Share with default group examples_dir.share(django_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample query: %s' % (self.name,))
def install(self, django_user): """ Install queries. Raise InstallException on failure. """ LOG.info('Installing sample query: %s' % (self.name,)) try: # Don't overwrite query = SavedQuery.objects.get(owner=django_user, name=self.name, type=self.type) except SavedQuery.DoesNotExist: query = SavedQuery(owner=django_user, name=self.name, type=self.type, desc=self.desc) # The data field needs to be a string. The sample file writes it # as json (without encoding into a string) for readability. query.data = json.dumps(self.data) query.save() LOG.info('Successfully installed sample design: %s' % (self.name,)) if USE_NEW_EDITOR.get(): # Get or create sample user directories home_dir = Directory.objects.get_home_directory(django_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=django_user, name=Document2.EXAMPLES_DIR ) try: # Don't overwrite doc2 = Document2.objects.get(owner=django_user, name=self.name, type=self._document_type(self.type)) # If document exists but has been trashed, recover from Trash if doc2.parent_directory != examples_dir: doc2.parent_directory = examples_dir doc2.save() except Document2.DoesNotExist: # Create document from saved query notebook = import_saved_beeswax_query(query) data = notebook.get_data() data['isSaved'] = True uuid = data.get('uuid') data = json.dumps(data) doc2 = Document2.objects.create( uuid=uuid, owner=django_user, parent_directory=examples_dir, name=self.name, type=self._document_type(self.type), description=self.desc, data=data ) # Share with default group examples_dir.share(django_user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) LOG.info('Successfully installed sample query: %s' % (self.name,))
def setUp(self): self.client = make_logged_in_client(username="******", groupname="default", recreate=False, is_superuser=True) self.client_user = make_logged_in_client(username="******", groupname="default", recreate=False, is_superuser=False) self.admin = User.objects.get(username="******") self.user = User.objects.get(username="******") self.group = get_default_user_group() grant_access(self.admin.username, self.admin.username, "desktop") grant_access(self.user.username, self.user.username, "desktop")
def __init__(self, *args, **kwargs): super(SuperUserChangeForm, self).__init__(*args, **kwargs) if self.instance.id: # If the user exists already, we'll use its current group memberships self.initial['groups'] = set(self.instance.groups.all()) else: # If this is a new user, suggest the default group default_group = get_default_user_group() if default_group is not None: self.initial['groups'] = set([default_group]) else: self.initial['groups'] = []
def add_to_group(username, groupname=None): if groupname is None: group = get_default_user_group() assert group is not None groupname = group.name user = User.objects.get(username=username) group, created = Group.objects.get_or_create(name=groupname) if not user.groups.filter(name=group.name).exists(): user.groups.add(group) user.save()
def __init__(self, *args, **kwargs): super(SuperUserChangeForm, self).__init__(*args, **kwargs) if self.instance.id: # If the user exists already, we'll use its current group memberships self.initial['groups'] = set(self.instance.groups.all()) else: # If his is a new user, suggest the default group default_group = get_default_user_group() if default_group is not None: self.initial['groups'] = set([default_group]) else: self.initial['groups'] = []
def share_to_default(self, document, name='read'): from useradmin.models import get_default_user_group # Remove build dependency self._check_perm(name) if name == DocumentPermission.WRITE_PERM: perm, created = DocumentPermission.objects.get_or_create(doc=document, perms=DocumentPermission.WRITE_PERM) else: perm, created = DocumentPermission.objects.get_or_create(doc=document, perms=DocumentPermission.READ_PERM) default_group = get_default_user_group() if default_group: perm.groups.add(default_group)
def test_default_group(): reset_all_users() reset_all_groups() useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default') get_default_user_group() c = make_logged_in_client(username='******', is_superuser=True) # Create default group if it doesn't already exist. assert_true(Group.objects.filter(name='test_default').exists()) # Try deleting the default group assert_true(Group.objects.filter(name='test_default').exists()) response = c.post('/useradmin/groups/delete/test_default') assert_true('default user group may not be deleted' in response.content) assert_true(Group.objects.filter(name='test_default').exists()) # Change the name of the default group, and try deleting again useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('new_default') response = c.post('/useradmin/groups/delete/test_default') assert_false(Group.objects.filter(name='test_default').exists()) assert_true(Group.objects.filter(name='new_default').exists())
def test_default_group(): reset_all_users() reset_all_groups() useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('test_default') get_default_user_group() c = make_logged_in_client(username='******', is_superuser=True) # Create default group if it doesn't already exist. assert_true(Group.objects.filter(name='test_default').exists()) # Try deleting the default group assert_true(Group.objects.filter(name='test_default').exists()) response = c.post('/useradmin/groups/delete', {'group_names': ['test_default']}) assert_true('default user group may not be deleted' in response.content) assert_true(Group.objects.filter(name='test_default').exists()) # Change the name of the default group, and try deleting again useradmin.conf.DEFAULT_USER_GROUP.set_for_testing('new_default') response = c.post('/useradmin/groups/delete' , {'group_names': ['test_default']}) assert_false(Group.objects.filter(name='test_default').exists()) assert_true(Group.objects.filter(name='new_default').exists())
def handle_noargs(self, **options): self.user = install_sample_user() self.fs = cluster.get_hdfs() LOG.info(_("Creating sample directory '%s' in HDFS") % REMOTE_SAMPLE_DIR.get()) create_directories(self.fs, [REMOTE_SAMPLE_DIR.get()]) remote_dir = REMOTE_SAMPLE_DIR.get() # Copy examples binaries for name in os.listdir(LOCAL_SAMPLE_DIR.get()): local_dir = self.fs.join(LOCAL_SAMPLE_DIR.get(), name) remote_data_dir = self.fs.join(remote_dir, name) LOG.info(_('Copying examples %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir}) self.fs.do_as_user(self.fs.DEFAULT_USER, self.fs.copyFromLocal, local_dir, remote_data_dir) # Copy sample data local_dir = LOCAL_SAMPLE_DATA_DIR.get() remote_data_dir = self.fs.join(remote_dir, 'data') LOG.info(_('Copying data %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir}) self.fs.do_as_user(self.fs.DEFAULT_USER, self.fs.copyFromLocal, local_dir, remote_data_dir) # Load jobs LOG.info(_("Installing examples...")) if ENABLE_V2.get(): management.call_command('loaddata', 'initial_oozie_examples.json', verbosity=2) # Get or create sample user directories home_dir = Directory.objects.get_home_directory(self.user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=self.user, name=Document2.EXAMPLES_DIR ) # Share oozie examples with default group oozie_examples = Document2.objects.filter( type__in=['oozie-workflow2', 'oozie-coordinator2', 'oozie-bundle2'], owner=self.user, parent_directory=None ) oozie_examples.update(parent_directory=examples_dir) examples_dir.share(self.user, Document2Permission.READ_PERM, groups=[get_default_user_group()]) self.install_examples() Document.objects.sync()
def setUp(self): self.client = make_logged_in_client(username='******', groupname=get_default_user_group(), recreate=True, is_superuser=False) self.user = User.objects.get(username='******') self.user = rewrite_user(self.user) self.alone_client = make_logged_in_client( username='******', groupname='alone', # Not in default group recreate=True, is_superuser=False) self.alone_user = User.objects.get(username='******') self.alone_user = rewrite_user(self.alone_user)
def authenticate(self, access_token): username = access_token['screen_name'] password = access_token['oauth_token_secret'] # Could save oauth_token detail in the user profile here user = find_or_create_user(username, password) user.is_superuser = False user.save() default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) return user
def authenticate(self, username, password): user = super(DemoBackend, self).authenticate(username, password) if not user: username = self._random_name() user = find_or_create_user(username, None) user.is_superuser = False user.save() default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user = rewrite_user(user) return user
def handle(self, *args, **options): fs = cluster.get_hdfs() create_directories(fs, [REMOTE_SAMPLE_DIR.get()]) remote_dir = REMOTE_SAMPLE_DIR.get() sample_user = install_sample_user() # Copy examples binaries for name in os.listdir(LOCAL_SAMPLE_DIR.get()): local_dir = fs.join(LOCAL_SAMPLE_DIR.get(), name) remote_data_dir = fs.join(remote_dir, name) LOG.info(_('Copying examples %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir}) fs.do_as_user(sample_user.username, fs.copyFromLocal, local_dir, remote_data_dir) # Copy sample data local_dir = paths.get_thirdparty_root("sample_data") remote_data_dir = fs.join(remote_dir, 'data') LOG.info(_('Copying data %(local_dir)s to %(remote_data_dir)s\n') % { 'local_dir': local_dir, 'remote_data_dir': remote_data_dir}) fs.do_as_user(sample_user.username, fs.copyFromLocal, local_dir, remote_data_dir) # Initialize doc2, whether editor script or link doc2 = None # Install editor pig script without doc1 link LOG.info("Using Hue 4, will install pig editor sample.") doc2 = self.install_pig_script(sample_user) if USE_NEW_EDITOR.get(): # Get or create sample user directories LOG.info("Creating sample user directories.") home_dir = Directory.objects.get_home_directory(sample_user) examples_dir, created = Directory.objects.get_or_create( parent_directory=home_dir, owner=sample_user, name=Document2.EXAMPLES_DIR) # If document exists but has been trashed, recover from Trash if doc2 and doc2.parent_directory != examples_dir: doc2.parent_directory = examples_dir doc2.save() # Share with default group examples_dir.share(sample_user, Document2Permission.READ_PERM, groups=[get_default_user_group()])
def authenticate(self, username=None, password=None): user = super(AllowFirstUserDjangoBackend, self).authenticate(username, password) if user is not None: if user.is_active: user = rewrite_user(user) return user return user if self.is_first_login_ever(): user = find_or_create_user(username, password) user = rewrite_user(user) default_group = get_default_user_group() if default_group is not None: user.groups.add(default_group) user.save() return user return None