def new_function(*args, **kw):
"""
Wrapped function
"""
start = time.time()
request = _find_request(args)
if not hasattr(request, 'user') or not hasattr(request, 'client'):
raise HttpUnauthorizedException(
error_description='Not authenticated',
error='not_authenticated')
user = UserList.get_user_by_username(request.user.username)
if user is None:
raise HttpUnauthorizedException(
error_description='Not authenticated',
error='not_authenticated')
if not ApiToolbox.is_token_in_roles(request.token, roles):
raise HttpForbiddenException(
error_description='This call requires roles: {0}'.format(
', '.join(roles)),
error='invalid_roles')
duration = time.time() - start
result = f(*args, **kw)
if isinstance(result, OVSResponse):
result.timings['security'] = [duration, 'Security']
return result
def _validate_access(self, backend, request):
_ = self
if not ApiToolbox.access_granted(request.client,
user_rights=backend.user_rights,
client_rights=backend.client_rights):
raise HttpForbiddenException(
error_description=
'The requesting client has no access to this Backend',
error='no_ownership')
def validate_access(self, backend, request):
"""
:param backend: The Backend to validate
:type backend: Backend
:param request: The raw request
:type request: Request
"""
_ = self
if not Toolbox.access_granted(request.client,
user_rights=backend.user_rights,
client_rights=backend.client_rights):
raise HttpForbiddenException(error_description='The requesting client has no access to this Backend',
error='no_ownership')
def retrieve(self, request, user):
"""
Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
:param request: The raw request
:type request: Request
:param user: The user to load
:type user: User
"""
if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(
request.client, ['manage']):
return user
raise HttpForbiddenException(
error_description='Fetching user information not allowed',
error='no_ownership')
def retrieve(self, request, client):
"""
Load information about a given Client
Only the currently logged in User's Clients are accessible, or all if the logged in User has a
system role
:param request: Raw request
:type request: Request
:param client: Client to return
:type client: Client
"""
_ = format
if client.guid in request.client.user.clients_guids or Toolbox.is_client_in_roles(
request.client, ['manage']):
return client
raise HttpForbiddenException(
error_description='Fetching client information not allowed',
error='no_ownership')
def new_function(*args, **kw):
"""
Wrapped function
"""
request = _find_request(args)
if not hasattr(request, 'user') or not hasattr(request, 'client'):
raise HttpUnauthorizedException(
error_description='Not authenticated',
error='not_authenticated')
user = UserList.get_user_by_username(request.user.username)
if user is None:
raise HttpUnauthorizedException(
error_description='Not authenticated',
error='not_authenticated')
if not Toolbox.is_token_in_roles(request.token, roles):
raise HttpForbiddenException(
error_description='This call requires roles: {0}'.format(
', '.join(roles)),
error='invalid_roles')
return f(*args, **kw)
def partial_update(self, contents, user, request):
"""
Update a User
:param request: The raw request
:type request: Request
:param user: The user to update
:type user: User
:param contents: The contents to update/return
:type contents: str
"""
contents = None if contents is None else contents.split(',')
serializer = FullSerializer(User,
contents=contents,
instance=user,
data=request.DATA)
user = serializer.deserialize()
if user.guid == request.client.user_guid:
raise HttpForbiddenException(
error_description='A user cannot update itself',
error='impossible_request')
user.save()
return user
def destroy(self, request, client):
"""
Deletes a user
:param request: Raw request
:type request: Request
:param client: The Client to be deleted
:type client: Client
:return: None
:rtype: None
"""
if client.user_guid == request.client.user_guid or Toolbox.is_client_in_roles(
request.client, ['manage']):
for token in client.tokens:
for junction in token.roles.itersafe():
junction.delete()
token.delete()
for junction in client.roles.itersafe():
junction.delete()
client.delete()
else:
return HttpForbiddenException(
error_description='Deleting this client is now allowed',
error='no_ownership')
def set_password(self, request, user, new_password):
"""
Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
:param request: The raw request
:type request: Request
:param user: The user to update the password from
:type user: User
:param new_password: The new password to be set
:type new_password: str
"""
if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(
request.client, ['manage']):
user.password = hashlib.sha256(str(new_password)).hexdigest()
user.save()
for client in user.clients:
for token in client.tokens:
for junction in token.roles:
junction.delete()
token.delete()
return user
raise HttpForbiddenException(
error_description='Updating password not allowed',
error='impossible_request')
def destroy(self, request, user):
"""
Deletes a user
:param request: The raw request
:type request: Request
:param user: The user to delete
:type user: User
:return: None
:rtype: None
"""
if request.client.user_guid == user.guid:
raise HttpForbiddenException(
error_description='A user cannot delete itself',
error='impossible_request')
for client in user.clients:
for token in client.tokens:
for junction in token.roles.itersafe():
junction.delete()
token.delete()
for junction in client.roles.itersafe():
junction.delete()
client.delete()
user.delete()
return None