def get(self, folder_id=None):
""" Gets a folder by path or ID, returning 1 level of children (sub-folders) """
if folder_id is None:
# Get folder from path, using auto_sync to pick up new and deleted disk folders
path = self._get_validated_path_arg(request)
db_folder = auto_sync_folder(path, data_engine, task_engine)
if db_folder is None:
raise DoesNotExistError(path)
else:
# Get folder from ID
db_folder = data_engine.get_folder(folder_id)
if db_folder is None:
raise DoesNotExistError(str(folder_id))
# View permission is required (ignoring view permission on parent+children)
permissions_engine.ensure_folder_permitted(
db_folder, FolderPermission.ACCESS_VIEW, get_session_user())
# Get the folder again, this time with parent and children
# (children possibly faked - see the get_folder() docs - which is why
# we can't use db_folder mk2 normally, only serialize it and exit)
status_filter = self._get_validated_status_arg(request)
db_folder = data_engine.get_folder(db_folder.id,
load_parent=True,
load_children=True,
children_status=status_filter)
if db_folder is None:
raise DoesNotExistError(str(folder_id))
return make_api_success_response(object_to_dict(db_folder))
def trace_permissions():
embed = request.args.get('embed', '')
user_id = request.args.get('user', '')
folder_path = request.args.get('path', '')
if folder_path == '':
folder_path = os.path.sep
folder = None
user = None
users = []
user_has_admin = False
trace = None
err_msg = None
db_session = data_engine.db_get_session()
try:
# Get folder and selected user info
# User can be None for an anonymous user
user_id = parse_int(user_id)
if user_id != 0:
user = data_engine.get_user(user_id, _db_session=db_session)
if user is None:
raise DoesNotExistError('This user no longer exists')
folder = data_engine.get_folder(folder_path=folder_path,
_db_session=db_session)
if folder is None or folder.status == Folder.STATUS_DELETED:
raise DoesNotExistError('This folder no longer exists')
# Get users list
users = data_engine.list_users(status=User.STATUS_ACTIVE,
order_field=User.username,
_db_session=db_session)
# Get the folder+user traced permissions
trace = permissions_engine._trace_folder_permissions(folder, user)
# Flag on the UI if the user has admin
for gdict in trace['groups']:
gperms = gdict['group'].permissions
if gperms.admin_files or gperms.admin_all:
user_has_admin = True
break
except Exception as e:
log_security_error(e, request)
err_msg = safe_error_str(e)
finally:
try:
return render_template(
'admin_trace_permissions.html',
embed=embed,
folder=folder,
folder_is_root=folder.is_root() if folder else False,
user=user,
user_list=users,
trace=trace,
user_has_admin=user_has_admin,
err_msg=err_msg,
GROUP_ID_PUBLIC=Group.ID_PUBLIC)
finally:
db_session.close()
def _get_task_data(self, function_name, api_params):
# Return the task-specific options and parameters
if function_name == "purge_system_stats":
return (
"Purge system statistics",
{"before_time": api_params["before_time"]},
Task.PRIORITY_NORMAL,
"info",
"error",
3600,
)
elif function_name == "purge_image_stats":
return (
"Purge image statistics",
{"before_time": api_params["before_time"]},
Task.PRIORITY_NORMAL,
"info",
"error",
3600,
)
elif function_name == "purge_deleted_folder_data":
# Get folder ID from path
db_folder = data_engine.get_folder(folder_path=api_params["path"])
if db_folder is None:
raise ParameterError(api_params["path"] + " is not a valid folder path")
return ("Purge deleted data", {"folder_id": db_folder.id}, Task.PRIORITY_NORMAL, "info", "error", 0)
else:
raise ParameterError(function_name + " task is not yet supported")
def post(self):
params = self._get_validated_object_parameters(request.form)
db_session = data_engine.db_get_session()
db_commit = False
try:
db_group = data_engine.get_group(params['group_id'],
_db_session=db_session)
if db_group is None:
raise DoesNotExistError(str(params['group_id']))
db_folder = data_engine.get_folder(params['folder_id'],
_db_session=db_session)
if db_folder is None:
raise DoesNotExistError(str(params['folder_id']))
# This commits (needed for refresh to get the new ID)
fp = FolderPermission(db_folder, db_group, params['access'])
fp = data_engine.save_object(fp,
refresh=True,
_db_session=db_session,
_commit=True)
db_commit = True
return make_api_success_response(object_to_dict(fp))
finally:
try:
if db_commit:
db_session.commit()
permissions_engine.reset_folder_permissions()
else:
db_session.rollback()
finally:
db_session.close()
def post(self):
params = self._get_validated_object_parameters(request.form)
db_session = data_engine.db_get_session()
db_commit = False
try:
db_group = data_engine.get_group(params['group_id'], _db_session=db_session)
if db_group is None:
raise DoesNotExistError(str(params['group_id']))
db_folder = data_engine.get_folder(params['folder_id'], _db_session=db_session)
if db_folder is None:
raise DoesNotExistError(str(params['folder_id']))
# This commits (needed for refresh to get the new ID)
fp = FolderPermission(db_folder, db_group, params['access'])
fp = data_engine.save_object(
fp, refresh=True, _db_session=db_session, _commit=True
)
db_commit = True
return make_api_success_response(object_to_dict(fp))
finally:
try:
if db_commit:
db_session.commit()
permissions_engine.reset()
else:
db_session.rollback()
finally:
db_session.close()
def folder_permissions():
folder_path = request.args.get('path', '')
if folder_path == '':
folder_path = os.path.sep
group_id = request.args.get('group', '')
if group_id == '':
group_id = Group.ID_PUBLIC
group = None
folder = None
current_perms = None
groups = []
err_msg = None
db_session = data_engine.db_get_session()
try:
# Get folder and group info
group = data_engine.get_group(group_id, _db_session=db_session)
if group is None:
raise DoesNotExistError('This group no longer exists')
folder = data_engine.get_folder(folder_path=folder_path, _db_session=db_session)
if folder is None or folder.status == Folder.STATUS_DELETED:
raise DoesNotExistError('This folder no longer exists')
# Get groups list
groups = data_engine.list_objects(Group, Group.name, _db_session=db_session)
# Get the current permissions for the folder+group, which can be None.
# Note that permissions_manager might fall back to the Public group if
# this is None, but to keep the admin manageable we're going to deal
# only with folder inheritance, not group inheritance too.
current_perms = data_engine.get_nearest_folder_permission(
folder, group,
_load_nearest_folder=True,
_db_session=db_session
)
except Exception as e:
log_security_error(e, request)
err_msg = str(e)
finally:
try:
return render_template(
'admin_folder_permissions.html',
group=group,
folder=folder,
folder_is_root=folder.is_root() if folder else False,
current_permissions=current_perms,
group_list=groups,
err_msg=err_msg,
GROUP_ID_PUBLIC=Group.ID_PUBLIC,
GROUP_ID_EVERYONE=Group.ID_EVERYONE
)
finally:
db_session.close()
def folder_permissions():
folder_path = request.args.get('path', '')
if folder_path == '':
folder_path = os.path.sep
group_id = request.args.get('group', '')
if group_id == '':
group_id = Group.ID_PUBLIC
group = None
folder = None
current_perms = None
groups = []
err_msg = None
db_session = data_engine.db_get_session()
try:
# Get folder and group info
group = data_engine.get_group(group_id, _db_session=db_session)
if group is None:
raise DoesNotExistError('This group no longer exists')
folder = data_engine.get_folder(folder_path=folder_path,
_db_session=db_session)
if folder is None or folder.status == Folder.STATUS_DELETED:
raise DoesNotExistError('This folder no longer exists')
# Get groups list
groups = data_engine.list_objects(Group,
Group.name,
_db_session=db_session)
# Get the current permissions for the folder+group, which can be None.
# Note that permissions_manager might fall back to the Public group if
# this is None, but to keep the admin manageable we're going to deal
# only with folder inheritance, not group inheritance too.
current_perms = data_engine.get_nearest_folder_permission(
folder, group, _load_nearest_folder=True, _db_session=db_session)
except Exception as e:
log_security_error(e, request)
err_msg = safe_error_str(e)
finally:
try:
return render_template(
'admin_folder_permissions.html',
group=group,
folder=folder,
folder_is_root=folder.is_root() if folder else False,
current_permissions=current_perms,
group_list=groups,
err_msg=err_msg,
GROUP_ID_PUBLIC=Group.ID_PUBLIC,
GROUP_ID_EVERYONE=Group.ID_EVERYONE)
finally:
db_session.close()
def post(self):
""" Creates a disk folder """
params = self._get_validated_parameters(request.form)
try:
db_folder = create_folder(params['path'], get_session_user(),
data_engine, permissions_engine, logger)
# Return a "fresh" object (without relationships loaded) to match PUT, DELETE
db_folder = data_engine.get_folder(db_folder.id)
return make_api_success_response(object_to_dict(db_folder))
except ValueError as e:
if type(e) is ValueError:
raise ParameterError(str(e))
else:
raise # Sub-classes of ValueError
def delete(self, folder_id):
""" Deletes a disk folder """
# v4.1 #10 delete_folder() doesn't care whether it exists, but we want the
# API to return a "not found" if the folder doesn't exist on disk
# (and as long as the database is already in sync with that)
db_folder = data_engine.get_folder(folder_id)
if db_folder is None:
raise DoesNotExistError(str(folder_id))
if not path_exists(db_folder.path, require_directory=True
) and db_folder.status == Folder.STATUS_DELETED:
raise DoesNotExistError(db_folder.path)
# Run this as a background task in case it takes a long time
task = task_engine.add_task(get_session_user(),
'Delete disk folder %d' % folder_id,
'delete_folder', {'folder_id': folder_id},
Task.PRIORITY_HIGH, 'info', 'error', 10)
if task is None: # Task already submitted
return make_api_success_response(task_accepted=True)
else:
return self._task_response(task, 30)
def trace_permissions():
embed = request.args.get('embed', '')
user_id = request.args.get('user', '')
folder_path = request.args.get('path', '')
if folder_path == '':
folder_path = os.path.sep
folder = None
user = None
users = []
user_has_admin = False
trace = None
err_msg = None
db_session = data_engine.db_get_session()
try:
# Get folder and selected user info
# User can be None for an anonymous user
user_id = parse_int(user_id)
if user_id != 0:
user = data_engine.get_user(user_id, _db_session=db_session)
if user is None:
raise DoesNotExistError('This user no longer exists')
folder = data_engine.get_folder(folder_path=folder_path, _db_session=db_session)
if folder is None or folder.status == Folder.STATUS_DELETED:
raise DoesNotExistError('This folder no longer exists')
# Get users list
users = data_engine.list_users(
status=User.STATUS_ACTIVE,
order_field=User.username,
_db_session=db_session
)
# Get the folder+user traced permissions
trace = permissions_engine._trace_folder_permissions(folder, user)
# Flag on the UI if the user has admin
for gdict in trace['groups']:
gperms = gdict['group'].permissions
if gperms.admin_files or gperms.admin_all:
user_has_admin = True
break
except Exception as e:
log_security_error(e, request)
err_msg = str(e)
finally:
try:
return render_template(
'admin_trace_permissions.html',
embed=embed,
folder=folder,
folder_is_root=folder.is_root() if folder else False,
user=user,
user_list=users,
trace=trace,
user_has_admin=user_has_admin,
err_msg=err_msg,
GROUP_ID_PUBLIC=Group.ID_PUBLIC
)
finally:
db_session.close()
