def sync_permissions(): for name, title in Permission.PERMISSIONS: permission = Permission.query.filter_by(name=name).first() if permission is None: p = Permission() p.name = name p.title = title db.session.add(p) db.session.commit()
def update_permission(user, role): from app.libs.db import db_session from app.models import Permission user.role |= Permission.get_by_role(role).bit db_session.add(user) db_session.commit()
def add_permission(request, groupname): login = login_verify(request, None, True) if login: return login if request.method == 'POST': value = request.POST.get('value', '') description = request.POST.get('description', '') group = Group.objects.get(name=groupname) permission = Permission(value=value, description=description) permission.save() group.permissions.add(permission) group.save() return HttpResponseRedirect('/view_group/' + groupname + '/') else: form = AddPermissionForm() context = {'form': form, 'groupname': groupname} return render(request, 'app/add_permission.html', context)
def initdb(): """Initialize MySQL databse.""" from app.libs.db import init_db from app.models import Permission, User, Topic from app.base.roles import Roles from app.settings import Admins, Topics from app.libs.utils import encrypt_password click.echo('[2L] {0}..'.format(initdb.__doc__)) init_db() click.echo('\n\n[2L] init permisions...') for attr, role in Roles.__dict__.items(): if (not attr.startswith('__') and '{0}' not in role and role != 'root'): click.echo(' -> {0}'.format(role)) Permission.create(role) click.echo('\n\n[2L] init master chief...') bit_sum = Permission.root_permission() for admin in Admins: click.echo(' -> {0}'.format(admin)) if admin['role'] == 'root': admin['role'] = bit_sum else: admin['role'] = (Permission.get_by_role(admin['role']).bit | Permission.get_by_role('comment').bit | Permission.get_by_role('vote').bit) admin['password'] = encrypt_password(admin['password']) User.create(**admin) click.echo('\n\n[2L] create default topics...') for topic in Topics: click.echo(' -> {0}'.format(topic)) Topic.create(**topic)
def init(): """Initialize the application DB. :: run.py init Bootstraps an administrative user given the environment variables: - `LTD_KEEPER_BOOTSTRAP_USER` - `LTD_KEEPER_BOOTSTRAP_PASSWORD` """ with keeper_app.app_context(): # bootstrap a user if User.query.get(1) is None: u = User(username=keeper_app.config['DEFAULT_USER'], permissions=Permission.full_permissions()) u.set_password(keeper_app.config['DEFAULT_PASSWORD']) db.session.add(u) db.session.commit()
def add_user_to_service(service_id, user_id): service = dao_fetch_service_by_id(service_id) user = get_user_by_id(user_id=user_id) if user in service.users: error = "User id: {} already part of service id: {}".format( user_id, service_id) raise InvalidRequest(error, status_code=400) data = request.get_json() validate(data, post_set_permissions_schema) permissions = [ Permission(service_id=service_id, user_id=user_id, permission=p["permission"]) for p in data["permissions"] ] folder_permissions = data.get("folder_permissions", []) dao_add_user_to_service(service, user, permissions, folder_permissions) data = service_schema.dump(service).data return jsonify(data=data), 201
def sample_user_service_permission(notify_db, notify_db_session, service=None, user=None, permission="manage_settings"): if user is None: user = create_user() if service is None: service = create_service(user=user, check_if_service_exists=True) data = { 'user': user, 'service': service, 'permission': permission, } p_model = Permission.query.filter_by(user=user, service=service, permission=permission).first() if not p_model: p_model = Permission(**data) db.session.add(p_model) db.session.commit() return p_model
def empty_app(request): """An application with only a single user, but otherwise empty""" app = create_app("testing") ctx = app.app_context() ctx.push() db.drop_all() db.create_all() # Creates users with each of the permissions u = User(username=DEFAULT_USERNAME, permissions=Permission.full_permissions()) u.set_password(DEFAULT_PASSWORD) db.session.add(u) u = User(username=PRODUCT_ADMIN_USERNAME, permissions=Permission.ADMIN_PRODUCT) u.set_password(DEFAULT_PASSWORD) db.session.add(u) u = User(username=EDITION_ADMIN_USERNAME, permissions=Permission.ADMIN_EDITION) u.set_password(DEFAULT_PASSWORD) db.session.add(u) u = User(username=BUILD_UPLOADER_USERNAME, permissions=Permission.UPLOAD_BUILD) u.set_password(DEFAULT_PASSWORD) db.session.add(u) u = User(username=BUILD_DEPRECATOR_USERNAME, permissions=Permission.DEPRECATE_BUILD) u.set_password(DEFAULT_PASSWORD) db.session.add(u) db.session.commit() def fin(): db.session.remove() db.drop_all() ctx.pop() request.addfinalizer(fin) return app
def test_accepts_jwt_with_permission_for_service(self, client, db_session, required_permission): @requires_user_in_service(required_permission=required_permission) def endpoint_that_requires_permission_for_service(): pass user = create_user() service = create_service(service_name='some-service') dao_add_user_to_service(service, user, permissions=[ Permission(service=service, user=user, permission=required_permission) ]) token = create_access_token(identity=user) request.view_args['service_id'] = service.id request.headers = {'Authorization': 'Bearer {}'.format(token)} endpoint_that_requires_permission_for_service()
async def create_permissions(codes: List[str]): permissions = [Permission(name=code, code=code) for code in codes] await Permission.bulk_create(permissions)
def test_saving_and_retrieving_models(self): company = Company() company.name = 'PSL' company.email = '*****@*****.**' company.telephone = 7777777 company.save() first_room = Room() first_room.name = 'Peter Santamaria' first_room.company = company first_room.security_level = 2 first_room.description = 'Conference room' first_room.id = 'r00m1' first_room.save() second_room = Room() second_room.name = '201' second_room.company = company second_room.security_level = 1 second_room.description = 'Class room' second_room.id = 'r00m2' second_room.save() third_room = Room() third_room.name = 'rest' third_room.company = company third_room.security_level = 1 third_room.description = 'Rest room' third_room.id = 'r00m3' third_room.save() event = Event() event.name = 'My event' event.company = company event.start_date = datetime(2017, 3, 16) event.end_date = datetime(2017, 3, 21) event.event_id = '3v3nt' event.rooms.add(first_room) event.rooms.add(second_room) event.rooms.add(third_room) event.save() enduser = EndUser() enduser.id = 'u53r' enduser.name = 'Sebastian' enduser.last_name = 'Villegas' enduser.email = '*****@*****.**' enduser.save() first_permission = Permission() first_permission.user_id = enduser first_permission.event = event first_permission.id = '93rm151' first_permission.save() second_permission = Permission() second_permission.user_id = enduser second_permission.event = event second_permission.id = '93rm152' second_permission.save() saved_company = Company.objects.first() self.assertEqual(saved_company, company) saved_rooms = Room.objects.all() self.assertEqual(saved_rooms.count(), 3) self.assertEqual(saved_rooms[0], first_room) self.assertEqual(saved_rooms[1], second_room) self.assertEqual(saved_rooms[2], third_room) saved_event = Event.objects.first() self.assertEqual(saved_event, event) saved_enduser = EndUser.objects.first() self.assertEqual(saved_enduser, enduser) saved_permissions = Permission.objects.all() self.assertEqual(saved_permissions.count(), 2) self.assertEqual(saved_permissions[0], first_permission) self.assertEqual(saved_permissions[1], second_permission)
async def list_permissions(p: Pagination = Depends(Pagination)): return await p.apply(Permission.all(), schemas.PermissionSimple)
async def create_permission(body: schemas.PermissionCreate): if await Permission.filter(code=body.code).exists(): raise EvaException(message="provided permission code already exists") permission = Permission(**body.dict()) await permission.save() return schemas.PermissionDetail.from_orm(permission)
def process_permissions(): # todo: check if we have new perms / votes client = get_active_rpc_client() try: perms = client.listpermissions("*", "*", True) except Exception as e: log.debug(e) return with data_session_scope() as session: session.query(Permission).delete() session.query(PendingVote).delete() with data_session_scope() as session: for perm in perms: perm_type = perm['type'] perm_start = perm['startblock'] perm_end = perm['endblock'] address = perm['address'] Address.create_if_not_exists(session, address) if perm_type not in [ enums.ISSUE, enums.CREATE, enums.MINE, enums.ADMIN ]: continue perm_obj = Permission(address=address, perm_type=perm_type, start_block=perm_start, end_block=perm_end) session.add(perm_obj) for vote in perm['pending']: start_block = vote['startblock'] end_block = vote['endblock'] # If candidate has already the permission continue. if start_block == perm['startblock'] and end_block == perm[ 'endblock']: continue for admin in vote['admins']: Address.create_if_not_exists(session, admin) vote_obj = PendingVote(address_from=admin, address_to=address, perm_type=perm_type, start_block=start_block, end_block=end_block) session.add(vote_obj) signals.votes_changed.emit() with profile_session_scope() as profile_db: profile = Profile.get_active(profile_db) with data_session_scope() as data_db: is_admin, is_miner = Permission.get_permissions_for_address( data_db, profile.address) if is_admin != profile.is_admin: profile.is_admin = is_admin signals.is_admin_changed.emit(is_admin) if is_miner != profile.is_miner: profile.is_miner = is_miner signals.is_miner_changed.emit(is_miner) signals.permissions_changed.emit()
def load_data(self): if self._perm_type == Permission.MINE: return list(Permission.validators()) elif self._perm_type == Permission.ADMIN: return list(Permission.guardians())
def listpermissions(): client = get_active_rpc_client() node_height = client.getblockcount()['result'] perms = client.listpermissions() if not perms: log.warning('no permissions from api') return new_perms, new_votes = False, False Permission.delete().execute() CurrentVote.delete().execute() admin_addresses = set() miner_addresses = set() with data_db.atomic(): profile = Profile.get_active() for perm in perms['result']: perm_type = perm['type'] perm_start = perm['startblock'] perm_end = perm['endblock'] if perm_type not in Permission.PERM_TYPES: continue if perm_type == Permission.ADMIN and perm_start < node_height < perm_end: admin_addresses.add(perm['address']) if perm_type == Permission.MINE and perm_start < node_height < perm_end: miner_addresses.add(perm['address']) addr_obj, created = Address.get_or_create(address=perm['address']) for vote in perm['pending']: # If candidate has already the permission continue. if vote['startblock'] == perm['startblock'] and vote[ 'endblock'] == perm['endblock']: continue start_block = vote['startblock'] end_block = vote['endblock'] # new stuff start for admin in vote['admins']: admin_obj, created = Address.get_or_create(address=admin) vote_obj, created = CurrentVote.get_or_create( address=addr_obj, perm_type=perm_type, start_block=start_block, end_block=end_block, given_from=admin_obj) vote_obj.set_vote_type() # new stuff end approbations = len(vote['admins']) # TODO: Fix: current time of syncing is not the time of first_vote! start_block = perm['startblock'] end_block = perm['endblock'] # TODO Why get_or_create ... we just deleted all Permission objects perm_obj, created = Permission.get_or_create( address=addr_obj, perm_type=perm_type, defaults=dict(start_block=start_block, end_block=end_block)) if created: new_perms = True else: perm_obj.save() new_is_admin = profile.address in admin_addresses if profile.is_admin != new_is_admin: profile.is_admin = new_is_admin new_is_miner = profile.address in miner_addresses if profile.is_miner != new_is_miner: profile.is_miner = new_is_miner if profile.dirty_fields: profile.save() # Todo: maybe only trigger table updates on actual change? signals.listpermissions.emit() # triggers community tab updates signals.votes_changed.emit() # triggers community tab updates return {'new_perms': new_perms, 'new_votes': new_votes}
def test_insert_permissions(self): """Test inserting permissions to the Permission Model.""" Permission.insert_permissions(permissions_dict) self.assertTrue(len(permissions_dict) == len(Permission.query.all()))
def post(self): json_data = data_json() per = Permission(email=json_data["email"], level=json_data["level"]) db.session.add(per) db.session.commit() return 200
def deploy(): ''' Run deployment tasks. ''' # migrate database to latest revision from flask_migrate import upgrade upgrade() # insert data from app.models import Color Color.insert_entries() from app.models import Permission Permission.insert_entries() from app.models import Role Role.insert_entries() from app.models import IDType IDType.insert_entries() from app.models import Gender Gender.insert_entries() from app.models import Relationship Relationship.insert_entries() from app.models import PurposeType PurposeType.insert_entries() from app.models import ReferrerType ReferrerType.insert_entries() from app.models import BookingState BookingState.insert_entries() from app.models import AssignmentScoreGrade AssignmentScoreGrade.insert_entries() from app.models import GREAWScore GREAWScore.insert_entries() from app.models import ScoreLabel ScoreLabel.insert_entries() from app.models import InvitationType InvitationType.insert_entries() from app.models import EducationType EducationType.insert_entries() from app.models import ScoreType ScoreType.insert_entries() from app.models import CourseType CourseType.insert_entries() from app.models import iPadCapacity iPadCapacity.insert_entries() from app.models import iPadState iPadState.insert_entries() from app.models import Room Room.insert_entries() from app.models import Lesson Lesson.insert_entries() from app.models import Section Section.insert_entries() from app.models import Assignment Assignment.insert_entries() from app.models import Test Test.insert_entries() from app.models import AnnouncementType AnnouncementType.insert_entries() from config import basedir data = raw_input(u'Enter data identifier (e.g.: initial or 20160422): ') datadir = os.path.join(basedir, 'data', data) if os.path.exists(datadir): from app.models import User User.insert_entries(data=data, basedir=basedir) from app.models import UserCreation UserCreation.insert_entries(data=data, basedir=basedir) from app.models import Punch Punch.insert_entries(data=data, basedir=basedir) from app.models import Tag Tag.insert_entries(data='initial', basedir=basedir) from app.models import Product Product.insert_entries(data='initial', basedir=basedir) from app.models import Course Course.insert_entries(data='initial', basedir=basedir) from app.models import Period Period.insert_entries(data='initial', basedir=basedir) from app.models import iPad iPad.insert_entries(data='initial', basedir=basedir) from app.models import iPadContent iPadContent.insert_entries(data='initial', basedir=basedir) from app.models import NotaBene NotaBene.insert_entries(data='initial', basedir=basedir) from app.models import Feed Feed.insert_entries(data=data, basedir=basedir) else: print u'---> Invalid data identifier: %s' % data
try: group = Group.objects.get(name='ICanHaz') except: group = Group.objects.create(name='ICanHaz') group.save() permission_created = False if group.permissions: for permission in group.permissions.all(): if permission.value == "ICanHaz.access": permission_created = True break if not permission_created: p = Permission(value="ICanHaz.access", description="Access to the permission system") p.save() group.permissions.add(p) group.save() names = [] uids = [] for line in codecs.open('admins_to_add.txt', 'r', 'utf-8'): names.append(" ".join(line.split()[:-1])) uids.append(line.split()[-1]) for g, i, j, index in [[v,v,v,v] for v in range(0,len(names))]: try: i = User(name=names[index], uid=uids[index]) i.save()
def add_default_service_permissions_for_user(self, user, service): for name in default_service_permissions: permission = Permission(permission=name, user=user, service=service) self.create_instance(permission, _commit=False)
def update_num_guardians(self): with data_session_scope() as session: self.num_guardians = Permission.num_guardians(session)