def invited_user(email): # Validate email with https://github.com/JoshData/python-email-validator ? # Setup a temporary user so that we can add the ACL # Also setup the pre-registration info they can name = email.split('@', 1)[0] count = 1 check_name = name while True: user = DBSession.query(BQUser).filter_by( resource_name=check_name).first() if user is None: name = check_name break check_name = name + str(count) count += 1 password = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(6)) log.debug('AUTH: tg_user name=%s email=%s display=%s', name, email, email) tg_user = User(user_name=name, password=password, email_address=email, display_name=email) try: DBSession.add(tg_user) DBSession.flush() data_service.cache_invalidate("/data_service/user") except sqlalchemy.exc.IntegrityError: log.exception('During user invitation') log.debug("AUTH: tg_user = %s", str(tg_user)) # we should have created the BQUser by now. user = DBSession.query(BQUser).filter_by(resource_name=name).first() return (user, password)
def post_user(self, doc, **kw): """ Creates new user with tags, the owner of the tags is assigned to the user document format: <user name="user"> <tag name="password" value="12345"/> <tag name="email" value="*****@*****.**"/> <tag name="display_name" value="user"/> </user> """ userxml = etree.fromstring(doc) required_tags = ['user_name', 'password', 'email', 'display_name'] tags = {} if userxml.tag == 'user': user_name = userxml.attrib['name'] if user_name: tags['user_name'] = user_name for t in userxml.xpath('tag'): tags[t.get('name')] = t.get('value') #if (t.attrib['name']=='password') or (t.attrib['name']=='email'): if t.get('name') in REMOVE_TAGS: t.getparent().remove(t) #removes email and password if t.attrib['name'] == 'email': userxml.attrib['value'] = t.attrib[ 'value'] #set it as value of the user if all(k in tags for k in required_tags): log.debug("ADMIN: Adding user: %s", str(user_name)) u = User(user_name=tags['user_name'], password=tags['password'], email_address=tags['email'], display_name=tags['display_name']) DBSession.add(u) self._update_groups(u, tags.get('groups', '').split(',')) try: transaction.commit() except IntegrityError: abort( 405, 'Another user already has this user name or email address' ) #r = BQUser.query.filter(BQUser.resource_name == tags['user_name']).first() r = data_service.query(resource_type='user', name=tags['user_name'], wpublic=1) if len(r) > 0: admin = get_username() #get admin user set_current_user( tags['user_name'] ) #change document as user so that all changes are owned by the new user r = data_service.update_resource( '/data_service/%s' % r[0].attrib.get('resource_uniq'), new_resource=userxml) set_current_user(admin) #set back to admin user return self.get_user( '%s' % r.attrib.get('resource_uniq'), **kw) else: abort(400) abort(400)
def __init__(self, user_name=None, password=None, email_address=None, display_name=None, create_tg=False, tg_user = None, create_store=True,**kw): super(BQUser, self).__init__() if not display_name: display_name = user_name if create_tg and tg_user is None: tg_user = User() tg_user.user_name = user_name tg_user.email_address = email_address tg_user.password = password tg_user.display_name = display_name DBSession.add(tg_user) self.permission = 'published' self.resource_name = tg_user.user_name self.resource_value = tg_user.email_address dn = Tag (parent = self) dn.name = 'display_name' dn.value = tg_user.display_name or tg_user.user_name dn.owner = self self.owner = self self.permission = 'published' if create_store: #from bq.commands.stores import init_stores #init_stores (tg_user.user_name) root_store = BQStore(owner_id = self) root_store.resource_name='(root)' root_store.resource_unid='(root)' DBSession.add(root_store)
def setUp(self): """Prepare model test fixture.""" try: new_attrs = {} new_attrs.update(self.attrs) new_attrs.update(self.do_get_dependencies()) self.obj = self.klass(**new_attrs) #pylint: disable=not-callable DBSession.add(self.obj) DBSession.flush() return self.obj except Exception: DBSession.rollback() raise
def bquser_callback (tg_user, operation, **kw): # Deleted users will receive and update callback if tg_user is None: return if operation =='create': u = DBSession.query(BQUser).filter_by(resource_name=tg_user.user_name).first() if u is None: u = BQUser(tg_user=tg_user) DBSession.add(u) log.info ('created BQUSER %s' , u.name) return if operation == 'update': u = DBSession.query(BQUser).filter_by(resource_name=tg_user.user_name).first() if u is not None: u.value = tg_user.email_address dn = u.findtag('display_name', create=True) dn.value = tg_user.display_name dn.permission = 'published' log.info ('updated BQUSER %s' , u.name) return
def new_group(self, *args, **kw): if len(args): group_names = args else: content_type = request.headers.get('Content-Type') inputer = find_inputer(content_type) els = inputer(request.body_file) group_names = els.xpath('//group/@name') resource = etree.Element('resource') for nm in group_names: g = Group(group_name=nm) DBSession.add(g) etree.SubElement(resource, 'group', name=nm) try: transaction.commit() except (IntegrityError, InvalidRequestError) as e: transaction.abort() abort(400, "Bad request %s" % e) return resource
def new_user (cls, email, password, create_tg = False): bquser = cls( user_name= email, email_address=email, display_name=email, password = password) DBSession.add (bquser) DBSession.flush() DBSession.refresh(bquser) bquser.owner_id = bquser.id if create_tg: tg_user = User() tg_user.user_name = email tg_user.email_address = email tg_user.password = password tg_user.display_name = email #tg_user.dough_user_id = self.id DBSession.add(tg_user) DBSession.flush() return bquser
def bisquik2db_internal(inputs, parent, resource, replace): '''Parse a document (either as a doc, or an etree. Verify against xmlschema if present ''' results = [] if parent is not None: parent = DBSession.merge(parent) if resource is not None: resource = DBSession.merge(resource) ts = datetime.now() for el in inputs: node = updateDB(root=el, parent=parent, resource=resource, replace=replace, ts=ts) log.debug("returned %s ", str(node)) log.debug('modified : new (%d), dirty (%d), deleted(%d)', len(DBSession.new), len(DBSession.dirty), len(DBSession.deleted)) # pylint: disable=no-member if node not in DBSession: # pylint: disable=unsupported-membership-test # pylint: disable=no-member DBSession.add(node) #log.debug ("node.document = %s" , str( node.document)) node.document.ts = ts results.append(node) #DBSession.flush() #for node in results: # DBSession.refresh(node) if log.isEnabledFor(logging.DEBUG): log.debug('modifyed : new (%d), dirty (%d), deleted(%d)', len(DBSession.new), len(DBSession.dirty), len(DBSession.deleted)) # pylint: disable=no-member log.debug("Bisquik2db last_node %s of document %s ", str(node), str(node.document)) if len(results) == 1: return node return results
def resource_acl(resource, newauth, user=None, acl=None, notify=False, invalidate=True, action='append'): """Create or modify resource acls @param resource: resource (Taggable) @param newauth : an etree of the acl record or None if deleting @param user : the user (Taggable) of the acl or None (will be determined from newauth) @param acl : the acl (TaggableAcl) or None (will be found or created) @param notify : send an email on state change (boolean) @param invalidate: Invalidate caches (boolean) @parama delete : Append/modify or Delete record (boolean) @return an etree acl record """ log.debug("ACL SET %s", resource) user, passwd = match_user(user=user, user_uniq=newauth.get('user'), email=newauth.get('email')) if acl is None: try: DBSession.flush() # autoflush is off so flush before query except sqlalchemy.exc.IntegrityError: log.exception("while preparing for query") acl = DBSession.query(TaggableAcl).filter_by(taggable_id=resource.id, user_id=user.id).first() if acl is None: # Check if newauth is not None or delete is true??? acl = TaggableAcl() acl.taggable_id = resource.id acl.user_id = user.id acl.action = "read" DBSession.add(acl) if action == 'delete': log.debug("Removing %s from %s for %s", newauth.get('action', RESOURCE_READ), resource.resource_uniq, user.resource_uniq) # http://stackoverflow.com/questions/8306506/deleting-an-object-from-an-sqlalchemy-session-before-its-been-persisted if acl in DBSession.new: DBSession.expunge(acl) else: DBSession.delete(acl) else: log.debug("Changing share on %s for %s action=%s", resource.resource_uniq, user.resource_uniq, newauth.get('action', RESOURCE_READ)) acl.action = newauth.get('action', RESOURCE_READ) # # Special actions on sharing specific resource types # handler = SHARE_HANDLERS.get(resource.resource_type) if handler: log.debug("Special share handling with %s", handler) handler(resource.resource_uniq, user.resource_uniq, newauth, action) # Notify changes if needed if notify: try: notify_user(action, resource, user, passwd) except Exception: log.exception("While notifying share") if invalidate: Resource.hier_cache.invalidate_resource(None, user=user.id) # Return the new/updated auth element return _aclelem(resource, user, acl)