def create_role_user(session, actor, name, description, canjoin): # type (Session, User, str, str, str) -> None """DEPRECATED: Do not use in production code Creates a service account with the given name, description, and canjoin status Args: session: the database session actor: the user creating the service account name: the name of the service account description: description of the service account canjoin: the canjoin status for management of the service account Throws: IntegrityError: if a user or group with the given name already exists """ user = User(username=name, role_user=True) group = Group(groupname=name, description=description, canjoin=canjoin) user.add(session) group.add(session) group.add_member(actor, actor, "Group Creator", "actioned", None, "np-owner") group.add_member(actor, user, "Service Account", "actioned", None, "member") session.commit() AuditLog.log( session, actor.id, "create_role_user", "Created new service account.", on_group_id=group.id, on_user_id=user.id, )
def create_group(self, name, description, join_policy, email): # type: (str, str, GroupJoinPolicy, Optional[str]) -> None group = SQLGroup(groupname=name, description=description, canjoin=join_policy.value, email_address=email) group.add(self.session)
def create_group(self, name): # type: (str) -> None """Create a group, does nothing if it already exists.""" if Group.get(self.session, name=name): return group = Group(groupname=name) group.add(self.session)
def post(self, *args: Any, **kwargs: Any) -> None: form = GroupCreateForm(self.request.arguments) if not form.validate(): return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) if "@" in form.data["groupname"]: form.groupname.errors.append("Group names cannot contain @") return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) group = Group( groupname=form.data["groupname"], description=form.data["description"], canjoin=form.data["canjoin"], auto_expire=form.data["auto_expire"], require_clickthru_tojoin=form.data["require_clickthru_tojoin"], ) try: group.add(self.session) self.session.flush() except IntegrityError: self.session.rollback() form.groupname.errors.append("{} already exists".format(form.data["groupname"])) return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) group.add_member( self.current_user, self.current_user, "Group Creator", "actioned", None, form.data["creatorrole"], ) self.session.commit() AuditLog.log( self.session, self.current_user.id, "create_group", "Created new group.", on_group_id=group.id, ) return self.redirect("/groups/{}?refresh=yes".format(group.name))
def sync_db_command(args): # Models not implicitly or explictly imported above are explicitly imported # here: from grouper.models.perf_profile import PerfProfile # noqa db_engine = get_db_engine(get_database_url(settings)) Model.metadata.create_all(db_engine) # Add some basic database structures we know we will need if they don't exist. session = make_session() for name, description in SYSTEM_PERMISSIONS: test = Permission.get(session, name) if test: continue permission = Permission(name=name, description=description) try: permission.add(session) session.flush() except IntegrityError: session.rollback() raise Exception('Failed to create permission: %s' % (name, )) session.commit() # This group is needed to bootstrap a Grouper installation. admin_group = Group.get(session, name="grouper-administrators") if not admin_group: admin_group = Group( groupname="grouper-administrators", description="Administrators of the Grouper system.", canjoin="nobody", ) try: admin_group.add(session) session.flush() except IntegrityError: session.rollback() raise Exception('Failed to create group: grouper-administrators') for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN): permission = Permission.get(session, permission_name) assert permission, "Permission should have been created earlier!" grant_permission(session, admin_group.id, permission.id) session.commit()
def post(self, *args, **kwargs): # type: (*Any, **Any) -> None form = GroupCreateForm(self.request.arguments) if not form.validate(): return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) group = Group( groupname=form.data["groupname"], description=form.data["description"], canjoin=form.data["canjoin"], auto_expire=form.data["auto_expire"], require_clickthru_tojoin=form.data["require_clickthru_tojoin"], ) try: group.add(self.session) self.session.flush() except IntegrityError: self.session.rollback() form.groupname.errors.append("{} already exists".format(form.data["groupname"])) return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) group.add_member( self.current_user, self.current_user, "Group Creator", "actioned", None, form.data["creatorrole"], ) self.session.commit() AuditLog.log( self.session, self.current_user.id, "create_group", "Created new group.", on_group_id=group.id, ) return self.redirect("/groups/{}?refresh=yes".format(group.name))
def post(self): form = GroupCreateForm(self.request.arguments) if not form.validate(): return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) user = self.get_current_user() group = Group( groupname=form.data["groupname"], description=form.data["description"], canjoin=form.data["canjoin"], auto_expire=form.data["auto_expire"], ) try: group.add(self.session) self.session.flush() except IntegrityError: self.session.rollback() form.groupname.errors.append( "{} already exists".format(form.data["groupname"]) ) return self.render( "group-create.html", form=form, alerts=self.get_form_alerts(form.errors) ) group.add_member(user, user, "Group Creator", "actioned", None, form.data["creatorrole"]) self.session.commit() AuditLog.log(self.session, self.current_user.id, 'create_group', 'Created new group.', on_group_id=group.id) return self.redirect("/groups/{}?refresh=yes".format(group.name))
def create_group(self, name, description, join_policy): # type: (str, str, GroupJoinPolicy) -> None group = SQLGroup(groupname=name, description=description, canjoin=join_policy.value) group.add(self.session)
def sync_db_command(args): # Models not implicitly or explictly imported above are explicitly imported here from grouper.models.perf_profile import PerfProfile # noqa: F401 from grouper.models.user_token import UserToken # noqa: F401 db_engine = get_db_engine(get_database_url(settings)) Model.metadata.create_all(db_engine) # Add some basic database structures we know we will need if they don't exist. session = make_session() for name, description in SYSTEM_PERMISSIONS: test = get_permission(session, name) if test: continue try: create_permission(session, name, description) session.flush() except IntegrityError: session.rollback() raise Exception("Failed to create permission: %s" % (name, )) session.commit() # This group is needed to bootstrap a Grouper installation. admin_group = Group.get(session, name="grouper-administrators") if not admin_group: admin_group = Group( groupname="grouper-administrators", description="Administrators of the Grouper system.", canjoin="nobody", ) try: admin_group.add(session) session.flush() except IntegrityError: session.rollback() raise Exception("Failed to create group: grouper-administrators") for permission_name in (GROUP_ADMIN, PERMISSION_ADMIN, USER_ADMIN): permission = get_permission(session, permission_name) assert permission, "Permission should have been created earlier!" grant_permission(session, admin_group.id, permission.id) session.commit() auditors_group_name = get_auditors_group_name(settings) auditors_group = Group.get(session, name=auditors_group_name) if not auditors_group: auditors_group = Group( groupname=auditors_group_name, description= "Group for auditors, who can be owners of audited groups.", canjoin="canjoin", ) try: auditors_group.add(session) session.flush() except IntegrityError: session.rollback() raise Exception( "Failed to create group: {}".format(auditors_group_name)) permission = get_permission(session, PERMISSION_AUDITOR) assert permission, "Permission should have been created earlier!" grant_permission(session, auditors_group.id, permission.id) session.commit()