예제 #1
0
def get_user_view_template_vars(session, actor, user, graph):
    # TODO(cbguder): get around circular dependencies
    from grouper.fe.handlers.user_disable import UserDisable
    from grouper.fe.handlers.user_enable import UserEnable

    ret = {}
    if user.is_service_account:
        ret["can_control"] = (
            can_manage_service_account(session, user.service_account, actor) or
            user_is_user_admin(session, actor)
        )
        ret["can_disable"] = ret["can_control"]
        ret["can_enable"] = user_is_user_admin(session, actor)
        ret["account"] = user.service_account
    else:
        ret["can_control"] = (user.name == actor.name or user_is_user_admin(session, actor))
        ret["can_disable"] = UserDisable.check_access(session, actor, user)
        ret["can_enable"] = UserEnable.check_access(session, actor, user)

    if user.id == actor.id:
        ret["num_pending_group_requests"] = user_requests_aggregate(session, actor).count()
        _, ret["num_pending_perm_requests"] = get_requests_by_owner(session, actor,
            status='pending', limit=1, offset=0)
    else:
        ret["num_pending_group_requests"] = None
        ret["num_pending_perm_requests"] = None

    try:
        user_md = graph.get_user_details(user.name)
    except NoSuchUser:
        # Either user is probably very new, so they have no metadata yet, or
        # they're disabled, so we've excluded them from the in-memory graph.
        user_md = {}

    shell = (get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY).data_value
        if get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY)
        else "No shell configured")
    ret["shell"] = shell
    ret["open_audits"] = user_open_audits(session, user)
    group_edge_list = get_groups_by_user(session, user) if user.enabled else []
    ret["groups"] = [{'name': g.name, 'type': 'Group', 'role': ge._role}
        for g, ge in group_edge_list]
    ret["passwords"] = user_passwords(session, user)
    ret["public_keys"] = get_public_keys_of_user(session, user.id)
    for key in ret["public_keys"]:
        key.tags = get_public_key_tags(session, key)
        key.pretty_permissions = ["{} ({})".format(perm.name,
            perm.argument if perm.argument else "unargumented")
            for perm in get_public_key_permissions(session, key)]
    ret["log_entries"] = get_log_entries_by_user(session, user)
    ret["user_tokens"] = user.tokens

    if user.is_service_account:
        service_account = user.service_account
        ret["permissions"] = service_account_permissions(session, service_account)
    else:
        ret["permissions"] = user_md.get('permissions', [])

    return ret
예제 #2
0
def get_user_view_template_vars(session, actor, user, graph):
    ret = {}
    ret["can_control"] = (user.name == actor.name
                          or user_is_user_admin(session, actor))
    ret["can_disable"] = UserDisable.check_access(session, actor, user)
    ret["can_enable"] = UserEnable.check_access(session, actor, user)

    if user.id == actor.id:
        ret["num_pending_group_requests"] = user_requests_aggregate(
            session, actor).count()
        _, ret["num_pending_perm_requests"] = get_requests_by_owner(
            session, actor, status='pending', limit=1, offset=0)
    else:
        ret["num_pending_group_requests"] = None
        ret["num_pending_perm_requests"] = None

    try:
        user_md = graph.get_user_details(user.name)
    except NoSuchUser:
        # Either user is probably very new, so they have no metadata yet, or
        # they're disabled, so we've excluded them from the in-memory graph.
        user_md = {}

    shell = (get_user_metadata_by_key(session, user.id,
                                      USER_METADATA_SHELL_KEY).data_value
             if get_user_metadata_by_key(session, user.id,
                                         USER_METADATA_SHELL_KEY) else
             "No shell configured")
    ret["shell"] = shell
    ret["open_audits"] = user_open_audits(session, user)
    group_edge_list = get_groups_by_user(session, user) if user.enabled else []
    ret["groups"] = [{
        'name': g.name,
        'type': 'Group',
        'role': ge._role
    } for g, ge in group_edge_list]
    ret["passwords"] = user_passwords(session, user)
    ret["public_keys"] = get_public_keys_of_user(session, user.id)
    for key in ret["public_keys"]:
        key.tags = get_public_key_tags(session, key)
        key.pretty_permissions = [
            "{} ({})".format(
                perm.name, perm.argument if perm.argument else "unargumented")
            for perm in get_public_key_permissions(session, key)
        ]
    ret["permissions"] = user_md.get('permissions', [])
    ret["log_entries"] = get_log_entries_by_user(session, user)
    ret["user_tokens"] = user.tokens

    return ret
예제 #3
0
def test_add_tag(users, http_client, base_url, session):

    user = session.query(User).filter_by(username="******").scalar()

    # add SSH key
    fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'public_key': key_1}),
            headers={'X-Grouper-User': user.username})
    assert resp.code == 200

    key = session.query(PublicKey).filter_by(user_id=user.id).scalar()

    # add SSH key
    fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'public_key': key_2}),
            headers={'X-Grouper-User': user.username})
    assert resp.code == 200

    key2 = session.query(PublicKey).filter_by(public_key=key_2).scalar()

    fe_url = url(base_url, '/tags')
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
            headers={'X-Grouper-User': user.username})

    tag = PublicKeyTag.get(session, name="tyler_was_here")

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert get_public_key_tags(session, key) == [], "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, '/tags')
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "dont_tag_me_bro", "description": "Test Tag Please Ignore"}),
            headers={'X-Grouper-User': user.username})

    tag = PublicKeyTag.get(session, name="dont_tag_me_bro")

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert get_public_key_tags(session, key) == [], "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "tyler_was_here"}),
            headers={'X-Grouper-User': user.username})

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    key2 = session.query(PublicKey).filter_by(public_key=key_2).scalar()
    assert len(get_public_key_tags(session, key2)) == 0, "Keys other than the one with the added tag should not gain tags"

    # Non-admin and not user adding tag should fail
    fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
    with pytest.raises(HTTPError):
        resp = yield http_client.fetch(fe_url, method="POST",
                body=urlencode({'tagname': "tyler_was_here"}),
                headers={'X-Grouper-User': "******"})

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    # User admins test
    fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "dont_tag_me_bro"}),
            headers={'X-Grouper-User': "******"})

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 2, "The key should have 2 tags now"
    assert set([x.name for x in get_public_key_tags(session, key)]) == set(["tyler_was_here",
        "dont_tag_me_bro"])
예제 #4
0
def test_remove_tag(users, http_client, base_url, session):

    user = session.query(User).filter_by(username="******").scalar()

    # add SSH key
    fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'public_key': key_1}),
            headers={'X-Grouper-User': user.username})
    assert resp.code == 200

    key = session.query(PublicKey).filter_by(user_id=user.id).scalar()

    # add SSH key
    fe_url = url(base_url, '/users/{}/public-key/add'.format(user.username))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'public_key': key_2}),
            headers={'X-Grouper-User': user.username})
    assert resp.code == 200

    key2 = session.query(PublicKey).filter_by(public_key=key_2).scalar()

    fe_url = url(base_url, '/tags')
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "tyler_was_here", "description": "Test Tag Please Ignore"}),
            headers={'X-Grouper-User': user.username})

    tag = PublicKeyTag.get(session, name="tyler_was_here")

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert get_public_key_tags(session, key) == [], "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, '/tags')
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "dont_tag_me_bro", "description": "Test Tag Please Ignore"}),
            headers={'X-Grouper-User': user.username})

    tag2 = PublicKeyTag.get(session, name="dont_tag_me_bro")

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert get_public_key_tags(session, key) == [], "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "tyler_was_here"}),
            headers={'X-Grouper-User': user.username})

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    key2 = session.query(PublicKey).filter_by(public_key=key_2).scalar()
    assert len(get_public_key_tags(session, key2)) == 0, "Keys other than the one with the added tag should not gain tags"

    fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key2.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "tyler_was_here"}),
            headers={'X-Grouper-User': user.username})

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    # Fail Remove tag
    tag = PublicKeyTag.get(session, name="dont_tag_me_bro")
    fe_url = url(base_url, '/users/{}/public-key/{}/delete_tag/{}'.format(user.username, key.id, tag.id))
    with pytest.raises(HTTPError):
        resp = yield http_client.fetch(fe_url, method="POST",
                body="",
                headers={'X-Grouper-User': "******"})

    # Remove tag that isn't on key: should fail silently
    tag = PublicKeyTag.get(session, name="dont_tag_me_bro")
    fe_url = url(base_url, '/users/{}/public-key/{}/delete_tag/{}'.format(user.username, key.id, tag.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body="",
            headers={'X-Grouper-User': user.username})

    assert resp.code == 200

    # Remove tag
    tag = PublicKeyTag.get(session, name="tyler_was_here")
    fe_url = url(base_url, '/users/{}/public-key/{}/delete_tag/{}'.format(user.username, key.id, tag.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body="",
            headers={'X-Grouper-User': user.username})

    assert resp.code == 200

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 0, "The key should have exactly 0 tags"

    key2 = session.query(PublicKey).filter_by(public_key=key_2).scalar()
    assert len(get_public_key_tags(session, key2)) == 1, "Removing a tag from one key should not affect other keys"

    # User admin remove tag

    # readd tag
    fe_url = url(base_url, '/users/{}/public-key/{}/tag'.format(user.username, key.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body=urlencode({'tagname': "tyler_was_here"}),
            headers={'X-Grouper-User': user.username})

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    # Nonuser admin fail Remove tag
    tag = PublicKeyTag.get(session, name="tyler_was_here")
    fe_url = url(base_url, '/users/{}/public-key/{}/delete_tag/{}'.format(user.username, key.id, tag.id))
    with pytest.raises(HTTPError):
        resp = yield http_client.fetch(fe_url, method="POST",
                body="",
                headers={'X-Grouper-User': "******"})

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tags"

    # Remove tag
    tag = PublicKeyTag.get(session, name="tyler_was_here")
    fe_url = url(base_url, '/users/{}/public-key/{}/delete_tag/{}'.format(user.username, key.id, tag.id))
    resp = yield http_client.fetch(fe_url, method="POST",
            body="",
            headers={'X-Grouper-User': "******"})

    assert resp.code == 200

    key = session.query(PublicKey).filter_by(public_key=key_1).scalar()
    assert len(get_public_key_tags(session, key)) == 0, "The key should have exactly 0 tags"
예제 #5
0
def test_add_tag(users, http_client, base_url, session):  # noqa: F811

    user = session.query(User).filter_by(username="******").scalar()

    # add SSH key
    fe_url = url(base_url, "/users/{}/public-key/add".format(user.username))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"public_key": SSH_KEY_1}),
        headers={"X-Grouper-User": user.username},
    )
    assert resp.code == 200

    key = session.query(PublicKey).filter_by(user_id=user.id).scalar()

    # add SSH key
    fe_url = url(base_url, "/users/{}/public-key/add".format(user.username))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"public_key": SSH_KEY_2}),
        headers={"X-Grouper-User": user.username},
    )
    assert resp.code == 200

    key2 = session.query(PublicKey).filter_by(public_key=SSH_KEY_2).scalar()

    fe_url = url(base_url, "/tags")
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "tyler_was_here", "description": "Test Tag Please Ignore"}),
        headers={"X-Grouper-User": user.username},
    )

    PublicKeyTag.get(session, name="tyler_was_here")

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert (
        get_public_key_tags(session, key) == []
    ), "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, "/tags")
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "dont_tag_me_bro", "description": "Test Tag Please Ignore"}),
        headers={"X-Grouper-User": user.username},
    )

    PublicKeyTag.get(session, name="dont_tag_me_bro")

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert (
        get_public_key_tags(session, key) == []
    ), "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key.id))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "tyler_was_here"}),
        headers={"X-Grouper-User": user.username},
    )

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    key2 = session.query(PublicKey).filter_by(public_key=SSH_KEY_2).scalar()
    assert (
        len(get_public_key_tags(session, key2)) == 0
    ), "Keys other than the one with the added tag should not gain tags"

    # Non-admin and not user adding tag should fail
    fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key.id))
    with pytest.raises(HTTPError):
        resp = yield http_client.fetch(
            fe_url,
            method="POST",
            body=urlencode({"tagname": "tyler_was_here"}),
            headers={"X-Grouper-User": "******"},
        )

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    # User admins test
    fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key.id))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "dont_tag_me_bro"}),
        headers={"X-Grouper-User": "******"},
    )

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 2, "The key should have 2 tags now"
    assert set([x.name for x in get_public_key_tags(session, key)]) == set(
        ["tyler_was_here", "dont_tag_me_bro"]
    )
예제 #6
0
def test_remove_tag(users, http_client, base_url, session):  # noqa: F811

    user = session.query(User).filter_by(username="******").scalar()

    # add SSH key
    fe_url = url(base_url, "/users/{}/public-key/add".format(user.username))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"public_key": SSH_KEY_1}),
        headers={"X-Grouper-User": user.username},
    )
    assert resp.code == 200

    key = session.query(PublicKey).filter_by(user_id=user.id).scalar()

    # add SSH key
    fe_url = url(base_url, "/users/{}/public-key/add".format(user.username))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"public_key": SSH_KEY_2}),
        headers={"X-Grouper-User": user.username},
    )
    assert resp.code == 200

    key2 = session.query(PublicKey).filter_by(public_key=SSH_KEY_2).scalar()

    fe_url = url(base_url, "/tags")
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "tyler_was_here", "description": "Test Tag Please Ignore"}),
        headers={"X-Grouper-User": user.username},
    )

    tag = PublicKeyTag.get(session, name="tyler_was_here")

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert (
        get_public_key_tags(session, key) == []
    ), "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, "/tags")
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "dont_tag_me_bro", "description": "Test Tag Please Ignore"}),
        headers={"X-Grouper-User": user.username},
    )

    PublicKeyTag.get(session, name="dont_tag_me_bro")

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert (
        get_public_key_tags(session, key) == []
    ), "No public keys should have a tag unless it's been added to the key"

    fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key.id))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "tyler_was_here"}),
        headers={"X-Grouper-User": user.username},
    )

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    key2 = session.query(PublicKey).filter_by(public_key=SSH_KEY_2).scalar()
    assert (
        len(get_public_key_tags(session, key2)) == 0
    ), "Keys other than the one with the added tag should not gain tags"

    fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key2.id))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "tyler_was_here"}),
        headers={"X-Grouper-User": user.username},
    )

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    # Fail Remove tag
    tag = PublicKeyTag.get(session, name="dont_tag_me_bro")
    fe_url = url(
        base_url, "/users/{}/public-key/{}/delete_tag/{}".format(user.username, key.id, tag.id)
    )
    with pytest.raises(HTTPError):
        resp = yield http_client.fetch(
            fe_url, method="POST", body="", headers={"X-Grouper-User": "******"}
        )

    # Remove tag that isn't on key: should fail silently
    tag = PublicKeyTag.get(session, name="dont_tag_me_bro")
    fe_url = url(
        base_url, "/users/{}/public-key/{}/delete_tag/{}".format(user.username, key.id, tag.id)
    )
    resp = yield http_client.fetch(
        fe_url, method="POST", body="", headers={"X-Grouper-User": user.username}
    )

    assert resp.code == 200

    # Remove tag
    tag = PublicKeyTag.get(session, name="tyler_was_here")
    fe_url = url(
        base_url, "/users/{}/public-key/{}/delete_tag/{}".format(user.username, key.id, tag.id)
    )
    resp = yield http_client.fetch(
        fe_url, method="POST", body="", headers={"X-Grouper-User": user.username}
    )

    assert resp.code == 200

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 0, "The key should have exactly 0 tags"

    key2 = session.query(PublicKey).filter_by(public_key=SSH_KEY_2).scalar()
    assert (
        len(get_public_key_tags(session, key2)) == 1
    ), "Removing a tag from one key should not affect other keys"

    # User admin remove tag

    # readd tag
    fe_url = url(base_url, "/users/{}/public-key/{}/tag".format(user.username, key.id))
    resp = yield http_client.fetch(
        fe_url,
        method="POST",
        body=urlencode({"tagname": "tyler_was_here"}),
        headers={"X-Grouper-User": user.username},
    )

    assert resp.code == 200
    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tag"
    assert get_public_key_tags(session, key)[0].name == "tyler_was_here"

    # Nonuser admin fail Remove tag
    tag = PublicKeyTag.get(session, name="tyler_was_here")
    fe_url = url(
        base_url, "/users/{}/public-key/{}/delete_tag/{}".format(user.username, key.id, tag.id)
    )
    with pytest.raises(HTTPError):
        resp = yield http_client.fetch(
            fe_url, method="POST", body="", headers={"X-Grouper-User": "******"}
        )

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 1, "The key should have exactly 1 tags"

    # Remove tag
    tag = PublicKeyTag.get(session, name="tyler_was_here")
    fe_url = url(
        base_url, "/users/{}/public-key/{}/delete_tag/{}".format(user.username, key.id, tag.id)
    )
    resp = yield http_client.fetch(
        fe_url, method="POST", body="", headers={"X-Grouper-User": "******"}
    )

    assert resp.code == 200

    key = session.query(PublicKey).filter_by(public_key=SSH_KEY_1).scalar()
    assert len(get_public_key_tags(session, key)) == 0, "The key should have exactly 0 tags"
예제 #7
0
def get_user_view_template_vars(session, actor, user, graph):
    # TODO(cbguder): get around circular dependencies
    from grouper.fe.handlers.user_disable import UserDisable
    from grouper.fe.handlers.user_enable import UserEnable

    ret = {}
    if user.is_service_account:
        ret["can_control"] = can_manage_service_account(
            session, user.service_account, actor
        ) or user_is_user_admin(session, actor)
        ret["can_disable"] = ret["can_control"]
        ret["can_enable"] = user_is_user_admin(session, actor)
        ret["can_enable_preserving_membership"] = user_is_user_admin(session, actor)
        ret["account"] = user.service_account
    else:
        ret["can_control"] = user.name == actor.name or user_is_user_admin(session, actor)
        ret["can_disable"] = UserDisable.check_access(session, actor, user)
        ret["can_enable_preserving_membership"] = UserEnable.check_access(session, actor, user)
        ret["can_enable"] = UserEnable.check_access_without_membership(session, actor, user)

    if user.id == actor.id:
        ret["num_pending_group_requests"] = user_requests_aggregate(session, actor).count()
        _, ret["num_pending_perm_requests"] = get_requests(
            session, status="pending", limit=1, offset=0, owner=actor
        )
    else:
        ret["num_pending_group_requests"] = None
        ret["num_pending_perm_requests"] = None

    try:
        user_md = graph.get_user_details(user.name)
    except NoSuchUser:
        # Either user is probably very new, so they have no metadata yet, or
        # they're disabled, so we've excluded them from the in-memory graph.
        user_md = {}

    shell = (
        get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY).data_value
        if get_user_metadata_by_key(session, user.id, USER_METADATA_SHELL_KEY)
        else "No shell configured"
    )
    ret["shell"] = shell
    ret["open_audits"] = user_open_audits(session, user)
    group_edge_list = get_groups_by_user(session, user) if user.enabled else []
    ret["groups"] = [
        {"name": g.name, "type": "Group", "role": ge._role} for g, ge in group_edge_list
    ]
    ret["passwords"] = user_passwords(session, user)
    ret["public_keys"] = get_public_keys_of_user(session, user.id)
    for key in ret["public_keys"]:
        key.tags = get_public_key_tags(session, key)
        key.pretty_permissions = [
            "{} ({})".format(perm.name, perm.argument if perm.argument else "unargumented")
            for perm in get_public_key_permissions(session, key)
        ]
    ret["log_entries"] = get_log_entries_by_user(session, user)
    ret["user_tokens"] = user.tokens

    if user.is_service_account:
        service_account = user.service_account
        ret["permissions"] = service_account_permissions(session, service_account)
    else:
        ret["permissions"] = user_md.get("permissions", [])

    return ret