def user_resource_permission_create(request):
"""
Set new permissions for user for a resource
"""
resource = request.context.resource
user_name = request.unsafe_json_body.get('user_name')
user = User.by_user_name(user_name)
if not user:
user = User.by_email(user_name)
if not user:
return False
for perm_name in request.unsafe_json_body.get('permissions', []):
permission = UserResourcePermission.by_resource_user_and_perm(
user.id, perm_name, resource.resource_id)
if not permission:
permission = UserResourcePermission(perm_name=perm_name,
user_id=user.id)
resource.user_permissions.append(permission)
DBSession.flush()
perms = [
p.perm_name for p in resource.perms_for_user(user) if p.type == 'user'
]
result = {'user_name': user.user_name, 'permissions': list(set(perms))}
return result
def assign_users(request):
"""
Assigns specific report group to user for review - send email notification
"""
report_group = request.context.report_group
application = request.context.resource
currently_assigned = [u.user_name for u in report_group.assigned_users]
new_assigns = request.unsafe_json_body
# first unassign old users
for user_name in new_assigns['unassigned']:
if user_name in currently_assigned:
user = User.by_user_name(user_name)
report_group.assigned_users.remove(user)
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
comment.body = 'Unassigned group from @%s' % user_name
report_group.comments.append(comment)
# assign new users
for user_name in new_assigns['assigned']:
if user_name not in currently_assigned:
user = User.by_user_name(user_name)
if user in report_group.assigned_users:
report_group.assigned_users.remove(user)
DBSession.flush()
assignment = ReportAssignment(
owner_id=user.id,
report_time=report_group.first_timestamp,
group_id=report_group.id)
DBSession.add(assignment)
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
comment.body = 'Assigned report_group to @%s' % user_name
report_group.comments.append(comment)
email_vars = {'user': user,
'request': request,
'application': application,
'report_group': report_group,
'email_title': "AppEnlight :: Assigned Report"}
UserService.send_email(request, recipients=[user.email],
variables=email_vars,
template='/email_templates/assigned_report.jinja2')
return True
def groups_users_remove(request):
"""
Get list of permissions assigned to specific resources
"""
group = GroupService.by_id(request.matchdict.get('group_id'))
user = User.by_user_name(request.GET.get('user_name'))
if not group or not user:
return HTTPNotFound()
if len(group.users) > 1:
group.users.remove(user)
msg = "User removed from group"
request.session.flash(msg)
group.member_count = group.users_dynamic.count()
return True
msg = "Administrator group needs to contain at least one user"
request.session.flash(msg, 'warning')
return False
def application_ownership_transfer(request):
"""
Allows application owner to transfer application ownership to other user
"""
resource = request.context.resource
form = forms.ChangeApplicationOwnerForm(MultiDict(request.safe_json_body
or {}),
csrf_context=request)
form.password.user = request.user
if form.validate():
user = User.by_user_name(form.user_name.data)
user.resources.append(resource)
# remove integrations to not leak security data of external applications
for integration in resource.integrations[:]:
resource.integrations.remove(integration)
request.session.flash(_('Application transfered'))
else:
return HTTPUnprocessableEntity(body=form.errors_json)
return True
def user_resource_permission_delete(request):
"""
Removes user permission from specific resource
"""
resource = request.context.resource
user = User.by_user_name(request.GET.get('user_name'))
if not user:
return False
for perm_name in request.GET.getall('permissions'):
permission = UserResourcePermission.by_resource_user_and_perm(
user.id, perm_name, resource.resource_id)
resource.user_permissions.remove(permission)
DBSession.flush()
perms = [
p.perm_name for p in resource.perms_for_user(user) if p.type == 'user'
]
result = {'user_name': user.user_name, 'permissions': list(set(perms))}
return result
def groups_users_add(request):
"""
Get list of permissions assigned to specific resources
"""
group = GroupService.by_id(request.matchdict.get('group_id'))
user = User.by_user_name(request.unsafe_json_body.get('user_name'))
if not user:
user = User.by_email(request.unsafe_json_body.get('user_name'))
if not group or not user:
return HTTPNotFound()
if user not in group.users:
group.users.append(user)
group.member_count = group.users_dynamic.count()
props = [
'user_name', 'id', 'first_name', 'last_name', 'email',
'last_login_date', 'status'
]
u_dict = user.get_dict(include_keys=props)
u_dict['gravatar_url'] = user.gravatar_url(s=20)
return u_dict
def unique_username_validator(form, field):
user = User.by_user_name(field.data)
if user:
raise wtforms.ValidationError('This username already exists in system')
def found_username_validator(form, field):
user = User.by_user_name(field.data)
# sets user to recover in email validator
form.field_user = user
if not user:
raise wtforms.ValidationError('This username does not exist')