def post(self, group_id): params = self._get_validated_object_parameters(request.form) group = data_engine.get_group(group_id=group_id, load_users=True) if group is None: raise DoesNotExistError(str(group_id)) # Check permissions! The current user must have user admin to be here. # But if they don't also have permissions admin or superuser then we # must block the change if the new group would grant one of the same. if group.permissions.admin_permissions or group.permissions.admin_all: if not permissions_engine.is_permitted( SystemPermissions.PERMIT_ADMIN_PERMISSIONS, get_session_user()): raise SecurityError( 'You cannot add users to a group that ' + 'grants permissions administration, because you do not ' + 'have permissions administration access yourself.') user = data_engine.get_user(user_id=params['user_id']) if user is not None: if user not in group.users: group.users.append(user) data_engine.save_object(group) reset_user_sessions(user) permissions_engine.reset() return make_api_success_response()
def delete(self, user_id): user = data_engine.get_user(user_id=user_id) if user is None: raise DoesNotExistError(str(user_id)) if user.id == 1: raise ParameterError('The \'admin\' user cannot be deleted') data_engine.delete_user(user) # If this is the current user, log out if get_session_user_id() == user_id: log_out() # Reset session caches reset_user_sessions(user) return make_api_success_response(object_to_dict(user))
def delete(self, group_id): # Check permissions! The current user must have permissions admin to delete groups. permissions_engine.ensure_permitted( SystemPermissions.PERMIT_ADMIN_PERMISSIONS, get_session_user()) group = data_engine.get_group(group_id=group_id, load_users=True) if group is None: raise DoesNotExistError(str(group_id)) try: data_engine.delete_group(group) except ValueError as e: raise ParameterError(str(e)) # Reset permissions and session caches reset_user_sessions(group.users) permissions_engine.reset() return make_api_success_response()
def delete(self, group_id, user_id): group = data_engine.get_group(group_id=group_id, load_users=True) if group is None: raise DoesNotExistError(str(group_id)) # Back up the object in case we need to restore it backup_group = copy.deepcopy(group) # Update group membership for idx, member in enumerate(group.users): if member.id == user_id: del group.users[idx] data_engine.save_object(group) reset_user_sessions(member) permissions_engine.reset() _check_for_user_lockout(backup_group) break return make_api_success_response()
def put(self, group_id): params = self._get_validated_object_parameters(request.form) group = data_engine.get_group(group_id=group_id, load_users=True) if group is None: raise DoesNotExistError(str(group_id)) # Back up the object in case we need to restore it backup_group = copy.deepcopy(group) # Update group group.description = params['description'] if group.group_type != Group.GROUP_TYPE_SYSTEM: group.group_type = params['group_type'] if group.group_type == Group.GROUP_TYPE_LOCAL: group.name = params['name'] permissions_changed = self._set_permissions(group, params) data_engine.save_object(group) # Reset permissions and session caches if permissions_changed: reset_user_sessions(group.users) permissions_engine.reset() _check_for_user_lockout(backup_group) return make_api_success_response(object_to_dict(group))
def put(self, user_id): params = self._get_validated_object_parameters(request.form, False) user = data_engine.get_user(user_id=user_id) if user is None: raise DoesNotExistError(str(user_id)) user.first_name = params['first_name'] user.last_name = params['last_name'] user.email = params['email'] user.auth_type = params['auth_type'] user.allow_api = params['allow_api'] # Don't update the status field with this method # Update username only if non-LDAP if user.auth_type != User.AUTH_TYPE_LDAP: user.username = params['username'] # Update password only if non-LDAP and a new one was passed in if user.auth_type != User.AUTH_TYPE_LDAP and params['password']: user.set_password(params['password']) data_engine.save_object(user) # Reset session caches reset_user_sessions(user) return make_api_success_response(object_to_dict(user))