def ensure_roles_found(wanted_names, found_roles, roles_field="roles"):
"""
Ensure that all wanted roles are in the roles array, aborting with HTTP 400
and an appropriate field error if some weren't found
Examples:
>>> from werkzeug.exceptions import BadRequest
>>> class MockRole(object):
... def __init__(self, name):
... self.name = name
>>> ensure_roles_found(['a', 'b'], [MockRole('a'), MockRole('b')])
>>> try:
... ensure_roles_found(['a', 'b'], [MockRole('a')])
... except BadRequest as ex:
... print('Code:', ex.code)
... print('Data:', ex.data)
Code: 400
Data: {'message': {'roles': 'Roles not found: b'}}
"""
wanted_names = set(wanted_names)
if len(found_roles) != len(wanted_names):
found_names = set(role.name for role in found_roles)
rest_abort(400, message={
roles_field: "Roles not found: %s" % ", ".join(
wanted_names.difference(found_names)
)
})
def wrapper(*args, **kwargs):
try:
return func(*args, **kwargs)
except LookupError as exc:
rest_abort(404, message=str(exc))
except Exception as exc:
rest_abort(500, message=str(exc))
def rest_set_roles_perms(user, role_names):
""" Check user permissions before setting roles """
if not role_names:
return
if not ADMIN_PERMISSION.can():
rest_abort(401, message={
"roles": ONLY_ADMIN_MSG_FS % "assign roles",
})
rest_set_roles(user, role_names)
def show_error(status, message):
"""
If API request, do a REST abort with JSON message. Otherwise, flash the
error
"""
if is_api_request():
rest_abort(status, message=message)
flash(message)
def wrapper(*args, **kwargs):
for index in range(db.retry_commit_number):
try:
result = func(*args, **kwargs)
except Exception as exc:
return rest_abort(500, message=str(exc))
try:
db.session.commit()
return result
except Exception as exc:
db.session.rollback()
app.log("error", f"Rest Call n°{index} failed ({exc}).")
stacktrace = format_exc()
sleep(db.retry_commit_time * (index + 1))
else:
rest_abort(500, message=stacktrace)
def delete(self, role_name, user_id=None, user=None):
""" Remove a role from a user """
if not ADMIN_PERMISSION.can():
rest_abort(401, message=ONLY_ADMIN_MSG_FS % "remove roles")
if user is None:
user = user_or_404(user_id)
role = Role.query.filter(
Role.name.ilike(role_name),
).first_or_404()
user.roles.remove(role)
DB.session.add(user)
DB.session.commit()
return {'message': '%s removed from %s' % (
role.name,
user.email,
)}
def post(self):
""" Create a new user """
if not CONFIG.security_registerable_form:
rest_abort(403, message="API user registration disabled")
args = USER_NEW_PARSER.parse_args(strict=True)
args = clean_attrs(args)
# TODO throttle before error
user = SECURITY_STATE.datastore.get_user(args['email'])
if user is not None:
rest_abort(400, message={
"email": "Duplicate value '%s'" % args['email'],
})
user = SECURITY_STATE.datastore.create_user(**args)
rest_set_roles_perms(user, args['roles'])
DB.session.add(user)
DB.session.commit()
return user
def wrapper(*args, **kwargs):
try:
return func(*args, **kwargs)
except LookupError as exc:
rest_abort(404, message=str(exc))
except Exception as exc:
rest_abort(500, message=str(exc))
finally:
try:
db.session.commit()
except Exception as exc:
db.session.rollback()
app.log("error", format_exc())
rest_abort(500, message=str(exc))
def get(self, **_):
rest_abort(
404,
message=
f"The requested {request.method} endpoint does not exist.",
)
def wrapper(*args, **kwargs):
if current_user and current_user.is_admin:
return func(*args, **kwargs)
return rest_abort(403)
def decorated_function(*args, **kwargs):
if current_user and current_user.can(permission):
return f(*args, **kwargs)
return rest_abort(403)
