def removeSubscriptionUser(subscriptionId, userId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) if not AgentUser.GetUser(subscriptionId, userId): return "The user with user id {userId} doesn't exist in subscription {subscriptionId}".format( userId=userId, subscriptionId=subscriptionId), 404 AgentUser.DeleteUser(subscriptionId, userId) return jsonify({}), 204 except Exception as e: return handleExceptions(e)
def removeAdmin(userId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) objectId = AuthenticationHelper.GetUserObjectId(getToken()) admin = AgentUser.GetAdmin(userId) if not admin: return "The admin with user id {userId} doesn't exist.".format( userId=userId), 404 if admin.ObjectId.lower() == objectId: raise LunaUserException( HTTPStatus.CONFLICT, "Admin cannot remove themselves from Admin list.") AgentUser.DeleteAdmin(userId) return jsonify({}), 204 except Exception as e: return handleExceptions(e)
def listAllAdmins(): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) admins = AgentUser.ListAllAdmin() return jsonify(admins), 200 except Exception as e: return handleExceptions(e)
def getSubscriptionUser(subscriptionId, userId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) user = AgentUser.GetUser(subscriptionId, userId) return jsonify(user), 200 except Exception as e: return handleExceptions(e)
def listAllSubscriptionUsers(subscriptionId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) users = AgentUser.ListAllBySubscriptionId(subscriptionId) return jsonify(users), 200 except Exception as e: return handleExceptions(e)
def ValidateSignitureAndUser(token, subscriptionId=None): signiture = AuthenticationHelper.ValidateSigniture(token) objectId = signiture["oid"].lower() for user in AgentUser.ListAllAdmin(): ## TODO: which property should we use here if objectId == user.ObjectId.lower(): return "Admin" ## If the subscription id is specified, validate the user permission. Otherwise, return user name directly if subscriptionId: for user in AgentUser.ListAllBySubscriptionId(subscriptionId): if objectId == user.ObjectId.lower(): return objectId raise LunaUserException(HTTPStatus.FORBIDDEN, "The resource doesn't exist or you don't have permission to access it.") else: return objectId
def ValidateSignitureAndAdmin(token): signiture = AuthenticationHelper.ValidateSigniture(token) for admin in AgentUser.ListAllAdmin(): ## TODO: which property should we use here if signiture["oid"].lower() == admin.ObjectId.lower(): return "Admin" raise LunaUserException(HTTPStatus.FORBIDDEN, "Admin permission is required for this operation.")
def ListAllByUserObjectId(objectId): subscriptions = APISubscription.ListAll() result = [] for subscription in subscriptions: users = AgentUser.ListAllBySubscriptionId(subscription.SubscriptionId) if any(user.ObjectId == objectId for user in users): result.append(subscription) return result
def getAdmin(userId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) admin = AgentUser.GetAdmin(userId) if not admin: return "The admin with user id {userId} doesn't exist.".format( userId=userId), 404 return jsonify(admin), 200 except Exception as e: return handleExceptions(e)
def Get(subscriptionId, objectId="Admin"): """ the function will should only be called in local mode, otherwise, the keys might be out of date! """ if objectId != "Admin": # validate the userId users = AgentUser.ListAllBySubscriptionId(subscriptionId) if not any(user.ObjectId == objectId for user in users): raise LunaUserException(HTTPStatus.FORBIDDEN, "The subscription {} doesn't exist or you don't have permission to access it.".format(subscriptionId)) session = Session() subscription = session.query(APISubscription).filter_by(SubscriptionId = subscriptionId).first() session.close() if not subscription: return None subscription.PrimaryKey = key_vault_helper.get_secret(subscription.PrimaryKeySecretName) subscription.SecondaryKey = key_vault_helper.get_secret(subscription.SecondaryKeySecretName) if os.environ["AGENT_MODE"] == "LOCAL" and objectId == "Admin": subscription.Admins = AgentUser.ListAllAdmin() subscription.Users = AgentUser.ListAllBySubscriptionId(subscriptionId) subscription.AvailablePlans = ["Basic", "Premium"] return subscription
def addAdmin(userId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) if AgentUser.GetAdmin(userId): return "The admin with user id {userId} already exists.".format( userId=userId), 409 if "ObjectId" not in request.json: raise LunaUserException(HTTPStatus.BAD_REQUEST, "The object id is required") user = AgentUser(**request.json) if user.Role != "Admin": return "The role of the admin user must be Admin.", 400 if userId != user.AADUserId: return "The user id in request body doesn't match the user id in request url.", 400 AgentUser.Create(user) return jsonify(request.json), 202 except Exception as e: return handleExceptions(e)
def addSubscriptionUser(subscriptionId, userId): try: AuthenticationHelper.ValidateSignitureAndAdmin(getToken()) if AgentUser.GetUser(subscriptionId, userId): return "The user with user id {userId} already exists in subscription {subscriptionId}".format( userId=userId, subscriptionId=subscriptionId), 409 if "ObjectId" not in request.json: raise LunaUserException(HTTPStatus.BAD_REQUEST, "The object id is required") user = AgentUser(**request.json) if subscriptionId != user.SubscriptionId: return "The subscription id in request body doesn't match the subscription id in request url.", 400 if userId != user.AADUserId: return "The user id in request body doesn't match the user id in request url.", 400 AgentUser.Create(user) return jsonify(request.json), 202 except Exception as e: return handleExceptions(e)