def add_permissions_group():
predef_group_perm = [
{
"name": "admin",
"permission": [
'all_all'
]
},
{
"name": "user",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup',
'ro_alarms',
'ro_ca',
'wo_sign'
]
}
]
for group in predef_group_perm:
group_id = Group.getByNameOrID(group['name']).id
for perm in group['permission']:
perm_id = Permission.getByNameOrID(perm).id
r = GroupPermission(group_id=group_id, permission_id=perm_id)
db.session.add(r)
db.session.commit()
def updatePerm(dbSession, permission, permData, requester):
permData = {k: permData[k] for k in permData if k in Permission.fillable}
checkPerm(permData)
try:
perm = Permission.getByNameOrID(permission)
if 'name' in permData.keys() and perm.name != permData['name']:
raise HTTPRequestError(400, "permission name can't be changed")
for key, value in permData.items():
setattr(perm, key, value)
dbSession.add(perm)
log().info('permission ' + perm.name + ' updated by '
+ requester['username'],
permData)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
def delete_perm(db_session, permission, requester):
try:
perm = Permission.getByNameOrID(permission)
db_session.execute(
UserPermission.__table__.delete(
UserPermission.permission_id == perm.id))
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.permission_id == perm.id))
cache.delete_key(action=perm.method, resource=perm.path)
log().info(
'permission ' + str(perm.name) + ' deleted by ' +
requester['username'], perm.safeDict())
db_session.delete(perm)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
def removeGroupPermission(dbSession, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = dbSession.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
dbSession.delete(relation)
cache.deleteKey(action=perm.method, resource=perm.path)
log().info('permission ' + perm.name + ' removed from '
' group ' + group.name + ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def removeUserPermission(dbSession, user, permission, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = dbSession.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one()
dbSession.delete(relation)
cache.deleteKey(userid=user.id, action=perm.method, resource=perm.path)
log().info('user ' + user.username + ' removed permission ' +
perm.name + ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "User does not have this permission")
def addGroupPermission(dbSession, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if dbSession.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
dbSession.add(r)
cache.deleteKey(action=perm.method, resource=perm.path)
log().info('permission ' + perm.name + ' added to group ' + group.name +
' by ' + requester['username'])
def add_user_permission(db_session, user, permission, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
if db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "User already have this permission")
r = UserPermission(user_id=user.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info('user ' + user.username + ' received permission '
+ perm.name + ' by ' + requester['username'])
def addPermissionsGroup():
predefGroupPerm = [
{
"name": "admin",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup',
'all_user',
'all_pap'
]
},
{
"name": "user",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup'
]
}
]
for g in predefGroupPerm:
groupId = Group.getByNameOrID(g['name']).id
for perm in g['permission']:
permId = Permission.getByNameOrID(perm).id
r = GroupPermission(group_id=groupId, permission_id=permId)
db.session.add(r)
db.session.commit()
def getPerm(dbSession, permission):
try:
perm = Permission.getByNameOrID(permission)
return perm
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
def get_perm(db_session, permission):
try:
perm = Permission.getByNameOrID(permission)
return perm
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")