def create(self, request, role_guids=None): """ Creates a Client :param request: Raw request :type request: Request :param role_guids: The GUIDs of the roles where the client should get access to :type role_guids: str """ if 'role_guids' in request.DATA: del request.DATA['role_guids'] serializer = FullSerializer(Client, instance=Client(), data=request.DATA) client = serializer.deserialize() if client.user is not None: if client.user_guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']): client.grant_type = 'CLIENT_CREDENTIALS' client.client_secret = OAuth2Toolbox.create_hash(64) client.save() if not role_guids: roles = [junction.role for junction in client.user.group.roles] else: possible_role_guids = [junction.role_guid for junction in client.user.group.roles] roles = [Role(guid) for guid in role_guids if guid in possible_role_guids] for role in roles: roleclient = RoleClient() roleclient.client = client roleclient.role = role roleclient.save() return client raise HttpNotAcceptableException(error_description='A client must have a user', error='invalid_data')
def list(self, request, userguid=None, ovs_type=None): """ Lists all available Clients where the logged in user has access to :param request: Raw request :type request: Request :param userguid: User guid to filter the clients :type userguid: str :param ovs_type: Filter on the Client's ovs_type :type ovs_type: str """ if ApiToolbox.is_client_in_roles(request.client, ['manage']): client_list = ClientList.get_clients() else: if ovs_type is not None and ovs_type != 'INTERNAL': client_list = [ client for client in request.client.user.clients if client.ovs_type == ovs_type ] else: client_list = [ client for client in request.client.user.clients if client.ovs_type != 'INTERNAL' ] if userguid is not None: return [ client for client in client_list if client.user_guid == userguid ] return client_list
def list(self, request): """ Lists all available Users where the logged in user has access to :param request: The raw request :type request: Request """ if ApiToolbox.is_client_in_roles(request.client, ['manage']): return UserList.get_users() else: return [request.client.user]
def retrieve(self, request, user): """ Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role :param request: The raw request :type request: Request :param user: The user to load :type user: User """ if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']): return user raise HttpForbiddenException(error_description='Fetching user information not allowed', error='no_ownership')
def retrieve(self, request, client): """ Load information about a given Client Only the currently logged in User's Clients are accessible, or all if the logged in User has a system role :param request: Raw request :type request: Request :param client: Client to return :type client: Client """ _ = format if client.guid in request.client.user.clients_guids or ApiToolbox.is_client_in_roles(request.client, ['manage']): return client raise HttpForbiddenException(error_description='Fetching client information not allowed', error='no_ownership')
def set_password(self, request, user, new_password): """ Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role :param request: The raw request :type request: Request :param user: The user to update the password from :type user: User :param new_password: The new password to be set :type new_password: str """ if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']): user.password = hashlib.sha256(str(new_password)).hexdigest() user.save() for client in user.clients: for token in client.tokens: for junction in token.roles: junction.delete() token.delete() return user raise HttpForbiddenException(error_description='Updating password not allowed', error='impossible_request')
def destroy(self, request, client): """ Deletes a user :param request: Raw request :type request: Request :param client: The Client to be deleted :type client: Client :return: None :rtype: None """ if client.user_guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']): for token in client.tokens: for junction in token.roles.itersafe(): junction.delete() token.delete() for junction in client.roles.itersafe(): junction.delete() client.delete() else: return HttpForbiddenException(error_description='Deleting this client is now allowed', error='no_ownership')