예제 #1
0
def getAuthorizedUsers(request, *args, **kwargs):
    response = {
        "code"      : 0,
        "message"   : "",
        "users"     : []
    }
     
    userinfo = UserInfo.getUserInfo(request)
    fullpath = userinfo.getHomePath() + request.POST.get("path")
    authType = int(request.POST.get("type"))
     
    if userinfo.isAdmin() :
        file_id = index.dir_get(fullpath)
        if file_id is not None :
            for user in UserAuthority.objects.filter(file_id=file_id)  :
                if      authType & 4 and not user.readable     : continue
                elif    authType & 2 and not user.writeable    : continue
                elif    authType & 1 and not user.deletable    : continue
                 
                response['users'].append([user.username.username,
                                          user.username.getName(),
                                          user.username.usertype])
    else :
        response['code'] = 1
        response['message'] = "최고 관리자만 가능합니다"
         
    return HttpResponse(json.dumps(response))
예제 #2
0
 def setAuth(fullPath, inherit=None, readable=None, writeable=None, deletable=None) :
     """
     Directory 권한 설정
     성공 시
         경로 식별자 ID
         ""
     실패 시
         -1 
         예외 메시지
     """
 
     file_id = index.dir_get(fullPath)
     message = ""
     
     if file_id is None :
         params = {}
         if inherit is not None :
             params["inherit"] = inherit
         
         if readable is not None :
             params["readable"] = readable
         
         if writeable is not None :
             params["writeable"] = writeable
             
         if deletable is not None :
             params["deletable"] = deletable
         
         try :
             with transaction.atomic() :
                 descriptor = FileDescriptor(file=fullPath, reference_id=0, **params)
                 descriptor.save()
                 index.dir_set(fullPath, descriptor.file_id)
                 file_id = descriptor.file_id
         except Exception as err :
             error("auth.dir.set : " + err.__str__())
             file_id = -1
             message = err.__str__()        
 
     else :
         try : 
             descriptor = FileDescriptor.objects.get(file_id=file_id)
             file_id = descriptor.file_id
             if inherit  is not None :
                 descriptor.inherit = inherit
             if readable is not None :
                 descriptor.readable = readable
             if writeable is not None :
                 descriptor.writeable = writeable
             if deletable is not None :
                 descriptor.deletable = deletable
             descriptor.save()
              
         except Exception as err :
             error("auth.dir.set : " + err.__str__())
             file_id = -2
             message = err.__str__()
     
     return (file_id, message)    
예제 #3
0
 def delAuth(fullPath) :
     """
     Directory 권한 삭제
     """
     file_id = index.dir_get(fullPath)
     if file_id is None :
         return True
     elif index.dir_del(fullPath):
         FileDescriptor.objects.filter(file_id=file_id).delete()
         FileDescriptor.objects.filter(reference_id=file_id).delete()
         return True
     else :
         return False
예제 #4
0
 def delAuth(fullPath):
     """
     Directory 권한 삭제
     """
     file_id = index.dir_get(fullPath)
     if file_id is None:
         return True
     elif index.dir_del(fullPath):
         FileDescriptor.objects.filter(file_id=file_id).delete()
         FileDescriptor.objects.filter(reference_id=file_id).delete()
         return True
     else:
         return False
예제 #5
0
def getDefaultAuthority(request, *args, **kwargs):
    path = request.POST.get("path")
    response = {
        "path"      : path,
        "register"  : False,
        "readable"  : config.DEFAULT_AUTH_DIR_READABLE,
        "writeable" : config.DEFAULT_AUTH_DIR_WRITEABLE,
        "deletable" : config.DEFAULT_AUTH_DIR_DELETABLE,
        "inherit"   : config.DEFAULT_AUTH_DIR_INHERIT
    }
     
    userinfo = UserInfo.getUserInfo(request)
    fullpath = userinfo.getHomePath() + path
    file_id = index.dir_get(fullpath)
    if file_id is not None :
        fileDescriptor = FileDescriptor.objects.get(file_id=file_id)
        response['register']    = True
        response['readable']    = fileDescriptor.readable
        response['writeable']   = fileDescriptor.writeable
        response['deletable']   = fileDescriptor.deletable
        response['inherit']     = fileDescriptor.inherit
        
    return HttpResponse(json.dumps(response))
예제 #6
0
    def getAuth(userinfo, fullPath, mode = 0x07):
        """
        조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다.
        """
        if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic() : 
            return (True, True, True)
        
        readable    = not (mode & 0x04) | userinfo.isMetic()
        writeable   = not (mode & 0x02)
        deletable   = not (mode & 0x01)
        
        normFullPath = os.path.normpath(fullPath)
                
        descriptor  = None
        file_id     = index.dir_get(fullPath)
             
        # 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음.
        # info("ROOT : " + userinfo.getHomePath())
        # info("COMP : " + normFullPath)
        if normFullPath == userinfo.getHomePath() :
            inheritable = False
        else :
            inheritable = True
         
        if file_id is not None and file_id >= 0 :
            try :
                descriptor = FileDescriptor.objects.get(file_id=file_id)
                 
                readable    |= descriptor.readable
                writeable   |= descriptor.writeable
                deletable   |= descriptor.deletable
                 
                if not (readable and writeable and deletable) :
                    users = []
                    users.append(userinfo)
                    for user in UserGroups.objects.filter(user=userinfo) :
                        users.append(user.group)
             
                    for userAuthority in UserAuthority.objects.filter(username__in=users, file_id=file_id) :    
                        readable    |= userAuthority.readable
                        writeable   |= userAuthority.writeable
                        deletable   |= userAuthority.deletable
                         
                        if readable and writeable and deletable :
                            break
                 
                if not (readable and writeable and deletable) and inheritable and descriptor.inherit :
                    auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath))
                    readable    |= auth_inherit[0]
                    writeable   |= auth_inherit[1]
                    deletable   |= auth_inherit[2]
 
            except Exception as err:
                error("auth.dir.get : " + err.__str__())
                pass
            
        elif not userinfo.isGuest() or config.USING_GUEST :
            readable    = config.DEFAULT_AUTH_DIR_READABLE
            writeable   = config.DEFAULT_AUTH_DIR_WRITEABLE
            deletable   = config.DEFAULT_AUTH_DIR_DELETABLE
             
            # 상속받는 경우        
            if not(readable and writeable and deletable) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT :
                auth_inherit = Directory.getAuth(userinfo, FileManager.getParent(fullPath))
             
                readable    |= auth_inherit[0]
                writeable   |= auth_inherit[1]
                deletable   |= auth_inherit[2]
                
        # 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다.            
        if userinfo.isGuest() and normFullPath == config.getHomeGuest() :
            readable = True 
    
        return (readable, writeable, deletable)
예제 #7
0
def setAuthorizedUsers(request, *args, **kwargs):
    response = {
        "code"      : 0,
        "message"   : "",
        "users"     : []
    }
     
    userinfo = UserInfo.getUserInfo(request)
    fullpath = userinfo.getHomePath() + request.POST.get("path")
    
    ids         = request.POST.getlist("ids[]")
    readable    = request.POST.get('readable')
    readable    = (readable == "1", None)[readable == None]
    writeable   = request.POST.get('writeable')
    writeable   = (writeable == "1", None)[writeable == None]
    deletable   = request.POST.get('deletable')
    deletable   = (deletable == "1", None)[deletable == None]
    if userinfo.isAdmin() :         
        file_id = index.dir_get(fullpath) 
        if file_id is None :
            file_id = Directory.setAuth(fullpath, config.DEFAULT_AUTH_DIR_INHERIT, config.DEFAULT_AUTH_DIR_READABLE, config.DEFAULT_AUTH_DIR_WRITEABLE, config.DEFAULT_AUTH_DIR_DELETABLE)[0]
            
        fileDescriptor = FileDescriptor.objects.get(file_id=file_id)
        try :
            with transaction.atomic() :
                for authUser in UserInfo.objects.filter(username__in=ids) :
                    userAuthority = None
                    try :
                        userAuthority = UserAuthority.objects.get(username=authUser, file_id=fileDescriptor)
                        if (readable  is not None and userAuthority.readable == readable) or \
                           (writeable is not None and userAuthority.writeable == writeable) or \
                           (deletable is not None and userAuthority.deletable == deletable) :
                            continue
                          
                    except Exception as err :
                        userAuthority = UserAuthority(username=authUser, file_id=fileDescriptor)
                          
                    if readable is not None :
                        userAuthority.readable = readable
                    if writeable is not None :
                        userAuthority.writeable = writeable
                    if deletable is not None :
                        userAuthority.deletable = deletable
                    userAuthority.save()
                    response['users'].append([
                                authUser.username,
                                authUser.getName(),
                                authUser.usertype,
                                userAuthority.readable,
                                userAuthority.writeable,
                                userAuthority.deletable])
                      
        except Exception as err :
            response['code'] = -2
            response['message'] = err.__str__()
            response['users'].clear()
                 
    else :
        response['code'] = 1
        response['message'] = "최고 관리자만 가능합니다"
         
    return HttpResponse(json.dumps(response))
예제 #8
0
    def setAuth(fullPath,
                inherit=None,
                readable=None,
                writeable=None,
                deletable=None):
        """
        Directory 권한 설정
        성공 시
            경로 식별자 ID
            ""
        실패 시
            -1 
            예외 메시지
        """

        file_id = index.dir_get(fullPath)
        message = ""

        if file_id is None:
            params = {}
            if inherit is not None:
                params["inherit"] = inherit

            if readable is not None:
                params["readable"] = readable

            if writeable is not None:
                params["writeable"] = writeable

            if deletable is not None:
                params["deletable"] = deletable

            try:
                with transaction.atomic():
                    descriptor = FileDescriptor(file=fullPath,
                                                reference_id=0,
                                                **params)
                    descriptor.save()
                    index.dir_set(fullPath, descriptor.file_id)
                    file_id = descriptor.file_id
            except Exception as err:
                error("auth.dir.set : " + err.__str__())
                file_id = -1
                message = err.__str__()

        else:
            try:
                descriptor = FileDescriptor.objects.get(file_id=file_id)
                file_id = descriptor.file_id
                if inherit is not None:
                    descriptor.inherit = inherit
                if readable is not None:
                    descriptor.readable = readable
                if writeable is not None:
                    descriptor.writeable = writeable
                if deletable is not None:
                    descriptor.deletable = deletable
                descriptor.save()

            except Exception as err:
                error("auth.dir.set : " + err.__str__())
                file_id = -2
                message = err.__str__()

        return (file_id, message)
예제 #9
0
    def getAuth(userinfo, fullPath, mode=0x07):
        """
        조회 대상에 대하여 소유한 권한을 RWD 튜플로 반환한다.
        """
        if userinfo.isYeoman() or mode == 0x04 and userinfo.isMetic():
            return (True, True, True)

        readable = not (mode & 0x04) | userinfo.isMetic()
        writeable = not (mode & 0x02)
        deletable = not (mode & 0x01)

        normFullPath = os.path.normpath(fullPath)

        descriptor = None
        file_id = index.dir_get(fullPath)

        # 재귀적으로 권한 추출 시 사용자 홈 이상으로는 올라갈 수 없음.
        # info("ROOT : " + userinfo.getHomePath())
        # info("COMP : " + normFullPath)
        if normFullPath == userinfo.getHomePath():
            inheritable = False
        else:
            inheritable = True

        if file_id is not None and file_id >= 0:
            try:
                descriptor = FileDescriptor.objects.get(file_id=file_id)

                readable |= descriptor.readable
                writeable |= descriptor.writeable
                deletable |= descriptor.deletable

                if not (readable and writeable and deletable):
                    users = []
                    users.append(userinfo)
                    for user in UserGroups.objects.filter(user=userinfo):
                        users.append(user.group)

                    for userAuthority in UserAuthority.objects.filter(
                            username__in=users, file_id=file_id):
                        readable |= userAuthority.readable
                        writeable |= userAuthority.writeable
                        deletable |= userAuthority.deletable

                        if readable and writeable and deletable:
                            break

                if not (readable and writeable
                        and deletable) and inheritable and descriptor.inherit:
                    auth_inherit = Directory.getAuth(
                        userinfo, FileManager.getParent(fullPath))
                    readable |= auth_inherit[0]
                    writeable |= auth_inherit[1]
                    deletable |= auth_inherit[2]

            except Exception as err:
                error("auth.dir.get : " + err.__str__())
                pass

        elif not userinfo.isGuest() or config.USING_GUEST:
            readable = config.DEFAULT_AUTH_DIR_READABLE
            writeable = config.DEFAULT_AUTH_DIR_WRITEABLE
            deletable = config.DEFAULT_AUTH_DIR_DELETABLE

            # 상속받는 경우
            if not (readable and writeable and deletable
                    ) and inheritable and config.DEFAULT_AUTH_DIR_INHERIT:
                auth_inherit = Directory.getAuth(
                    userinfo, FileManager.getParent(fullPath))

                readable |= auth_inherit[0]
                writeable |= auth_inherit[1]
                deletable |= auth_inherit[2]

        # 만약 guest 활성화 되어있다면 GUEST HOME 에 대한 파일 조회 권한만 부여 한다.
        if userinfo.isGuest() and normFullPath == config.getHomeGuest():
            readable = True

        return (readable, writeable, deletable)