def main(q, i, params, tags): q.logger.log('Getting %s'%(repr(params)), 5) osiscon = OsisDB().getConnection('main') serialized_rootobject = osiscon.objectGet(params['rootobjecttype'], params['rootobjectguid'], params['rootobjectversionguid']) rootobject_type = osis.ROOTOBJECT_TYPES[params['rootobjecttype']] rootobject = rootobject_type.deserialize(ThriftSerializer,serialized_rootobject) params['rootobject'] = rootobject
def __init__(self, tasklets=list()): basedir = os.path.join(q.dirs.pyAppsDir, p.api.appname) self._authenticate = q.taskletengine.get(os.path.join(basedir, 'impl', 'authenticate')) self._authorize = q.taskletengine.get(os.path.join(basedir, 'impl', 'authorize')) self.tasklets = tasklets self.alkira = Alkira(p.api) self.connection = OsisDB().getConnection(p.api.appname)
def main(q, i, params, tags): q.logger.log('Getting %s' % (repr(params)), 5) osiscon = OsisDB().getConnection('main') serialized_rootobject = osiscon.objectGet(params['rootobjecttype'], params['rootobjectguid'], params['rootobjectversionguid']) rootobject_type = osis.ROOTOBJECT_TYPES[params['rootobjecttype']] rootobject = rootobject_type.deserialize(ThriftSerializer, serialized_rootobject) params['rootobject'] = rootobject
def __init__(self): super(AuthBackend, self).__init__() self.osis = OsisDB().getConnection(p.api.appname) self.initChecked = False self.adminGroupGuid = None self.publicGroupGuid = None self.anonymousUserGuid = None self.userGroupGuid = None self._cache = cache.getApi() if cache else None self._cacheHash = cache.calculateHash( {"__name__": "authorization_authbackend"}) if cache else None
def main(q, i, p, params, tags): rootobject = 'businessparams' domain = "datacenter" view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection('dcsimulator') if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, True) view.setCol('collocation', q.enumerators.OsisType.INTEGER, True) view.setCol('storage', q.enumerators.OsisType.INTEGER, True) view.setCol('cpu', q.enumerators.OsisType.INTEGER, True) view.setCol('leasebuilding', q.enumerators.OsisType.INTEGER, True) view.setCol('leaseinfrastructure', q.enumerators.OsisType.INTEGER, True) view.setCol('leasehw', q.enumerators.OsisType.INTEGER, True) view.setCol('interestbuilding', q.enumerators.OsisType.FLOAT, True) view.setCol('interestdatacenter', q.enumerators.OsisType.FLOAT, True) view.setCol('leaseperiodbuilding', q.enumerators.OsisType.INTEGER, True) view.setCol('leaseperioddatacenter', q.enumerators.OsisType.INTEGER, True) view.setCol('technology', q.enumerators.OsisType.INTEGER, True) view.setCol('installperiod', q.enumerators.OsisType.INTEGER, True) view.setCol('size', q.enumerators.OsisType.INTEGER, False) view.setCol('racksurface', q.enumerators.OsisType.INTEGER, False) view.setCol('kwhourcost', q.enumerators.OsisType.FLOAT, False) view.setCol('pue', q.enumerators.OsisType.FLOAT, False) view.setCol('salescollocation', q.enumerators.OsisType.FLOAT, False) view.setCol('salescpu', q.enumerators.OsisType.FLOAT, False) view.setCol('salesstorage', q.enumerators.OsisType.FLOAT, False) view.setCol('salesbandwidth', q.enumerators.OsisType.FLOAT, False) connection.viewAdd(view) indexes = ['collocation', 'size', 'leasebuilding', 'interestdatacenter'] for field in indexes: context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field} connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, p, params, tags): rootobject = 'activity' domain = "crm" view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection('sampleapp') if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, False) view.setCol('description', q.enumerators.OsisType.STRING, False) view.setCol('customer', q.enumerators.OsisType.STRING, True) view.setCol('lead', q.enumerators.OsisType.STRING, True) view.setCol('location', q.enumerators.OsisType.STRING, True) view.setCol('type', q.enumerators.OsisType.STRING, True) view.setCol('priority', q.enumerators.OsisType.STRING, True) view.setCol('status', q.enumerators.OsisType.STRING, True) view.setCol('starttime', q.enumerators.OsisType.DATETIME, True) view.setCol('endtime', q.enumerators.OsisType.DATETIME, True) connection.viewAdd(view) indexes = ['name', 'customer', 'type', 'priority'] for field in indexes: context = { 'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field } connection.runQuery( "CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def view(self): '''Views allow OSIS users/developers/administrators to define their desired specific ways to query the stored objects.\ Every view needs to be updated on every store action. ''' print '\n\033[1;34mRegistering a View \n\033[1;32m[ ]osisdb = OsisDB()\n[ ]conn = osisdb.getConnection(\'main\')\n' print '\033[1;32m[ ]view = conn.viewCreate(\'company\', \'name\')\n[ ]view.setCol(\'name\', q.enumerators.OsisType.STRING, False)\n' print '[ ]view.setCol(\'url\', q.enumerators.OsisType.STRING, False)\n[ ]conn.viewAdd(view)' osisdb = OsisDB() try: conn = osisdb.getConnection('main') view = conn.viewCreate('company', 'name') view.setCol('name', q.enumerators.OsisType.STRING, False) view.setCol('url', q.enumerators.OsisType.STRING, False) conn.viewAdd(view) except Exception, e: print '\033[1;32mView Already Exists'
def main(q, i, params, tags): rootobject = 'customer' domain = "crm" appname = params['appname'] view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, True) connection.viewAdd(view) indexes = ['name'] for field in indexes: context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field} connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags): domain = 'ui' rootobject = 'space' conName = params['appname'] connection = OsisDB().getConnection(conName) view_name = '%s_tag_list' % rootobject if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('tag', q.enumerators.OsisType.STRING, False, index=True) connection.viewAdd(view)
def main(q, i, params, tags): rootobject = 'user' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('name', q.enumerators.OsisType.STRING, True, index=True) view.setCol('login', q.enumerators.OsisType.STRING, True, index=True) view.setCol('groupguids', q.enumerators.OsisType.STRING, True) connection.viewAdd(view)
def main(q, i, params, tags): rootobject = 'bookmark' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('name', q.enumerators.OsisType.STRING, False, index=True) view.setCol('url', q.enumerators.OsisType.STRING, False) view.setCol('order', q.enumerators.OsisType.INTEGER, False) connection.viewAdd(view)
class BaseCloudAPI: connection = OsisDB().getConnection('main') def checkAuthentication(self, request, methodname, args, kwargs): if not request.username or not request.password: return False filterObject = self.connection.getFilterObject() filterObject.add('view_clouduser_list', 'login', request.username, True) filterObject.add('view_clouduser_list', 'password', request.password, True) clouduser_guids = self.connection.objectsFind('clouduser', filterObject) if clouduser_guids and len(clouduser_guids) == 1: self.updateExecutionParams(args, kwargs, clouduser_guids[0]) return True return False def updateExecutionParams(self, args, kwargs, clouduserguid): executionparams = self.getExecutionparams(args, kwargs) executionparams['clouduserguid'] = clouduserguid def getExecutionparams(self, args, kwargs): executionparams = dict() if args and len(args) >= 2: executionparams = args[-1] else: kwargs = kwargs or dict() executionparams = kwargs.get('executionparams', dict()) kwargs['executionparams'] = executionparams return executionparams def checkAuthorization(self, criteria, request, methodname, args, kwargs): clouduserguid = self.getExecutionparams(args, kwargs).get( 'clouduserguid', None) if not clouduserguid: return False for group in criteria['groups']: filterObject = self.connection.getFilterObject() filterObject.add('view_cloudusergroup_clouduser_list', 'name', group, True) filterObject.add('view_cloudusergroup_clouduser_list', 'clouduserguid', clouduserguid) if self.connection.objectsFind('cloudusergroup', filterObject): return True return False
def main(q, i, params, tags): rootobject = 'eventqueue' domain = "monitoring" appname = params['appname'] view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, True) view.setCol('numberofevents', q.enumerators.OsisType.INTEGER, True) connection.viewAdd(view) indexes = ['name', 'numberofevents'] for field in indexes: context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field} connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags): rootobject = 'config' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('space', q.enumerators.OsisType.UUID, True, index=True) view.setCol('page', q.enumerators.OsisType.UUID, True, index=True) view.setCol('macro', q.enumerators.OsisType.STRING, True, index=True) view.setCol('configid', q.enumerators.OsisType.STRING, True, index=True) view.setCol('username', q.enumerators.OsisType.STRING, True, index=True) connection.viewAdd(view)
def main(q, i, params, tags): rootobject = '_index' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('name', q.enumerators.OsisType.STRING, False) view.setCol('url', q.enumerators.OsisType.STRING, False) view.setCol('content', q.enumerators.OsisType.TEXT, True) view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True) view.setCol('description', q.enumerators.OsisType.STRING, True) connection.viewAdd(view)
def main(q, i, params, tags): rootobject = 'permission' domain = "crm" appname = params['appname'] view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, True) view.setCol('uri', q.enumerators.OsisType.STRING, True) connection.viewAdd(view) indexes =list() indexes.append('name') indexes.append('uri') for field in indexes: context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field} connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags): rootobject = 'project' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('name', q.enumerators.OsisType.STRING, False, index=True, unique=True) view.setCol('path', q.enumerators.OsisType.STRING, False) view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True) connection.viewAdd(view)
def main(q, i, params, tags): rootobject = 'lead' domain = "crm" appname = params['appname'] view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, True) view.setCol('code', q.enumerators.OsisType.STRING, True) view.setCol('customerguid', q.enumerators.OsisType.UUID, True) view.setCol('source', q.enumerators.OsisType.STRING, True) view.setCol('type', q.enumerators.OsisType.STRING, True) view.setCol('status', q.enumerators.OsisType.STRING, True) view.setCol('amount', q.enumerators.OsisType.FLOAT, True) view.setCol('probability', q.enumerators.OsisType.BIGINT, True) connection.viewAdd(view) indexes = ['name', 'code', 'source', 'type', 'status', 'amount', 'probability'] for field in indexes: context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field} connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags): rootobject = 'page' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('name', q.enumerators.OsisType.STRING, True, index=True) view.setCol('space', q.enumerators.OsisType.UUID, True, index=True) view.setCol('category', q.enumerators.OsisType.STRING, True, index=True) view.setCol('parent', q.enumerators.OsisType.UUID, True, index=True) view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True) view.setCol('order', q.enumerators.OsisType.INTEGER, True) view.setCol('title', q.enumerators.OsisType.STRING, True) view.setCol('pagetype', q.enumerators.OsisType.STRING, True) connection.viewAdd(view)
def main(q, i, p, params, tags): rootobject = 'activity' domain = "crm" view_name = '%s_view_%s_list' % (domain, rootobject) connection = OsisDB().getConnection('sampleapp') if not connection.viewExists(domain, rootobject, view_name): view = connection.viewCreate(domain, rootobject, view_name) view.setCol('name', q.enumerators.OsisType.STRING, False) view.setCol('description', q.enumerators.OsisType.STRING, False) view.setCol('customer', q.enumerators.OsisType.STRING, True) view.setCol('lead', q.enumerators.OsisType.STRING, True) view.setCol('location', q.enumerators.OsisType.STRING, True) view.setCol('type', q.enumerators.OsisType.STRING, True) view.setCol('priority', q.enumerators.OsisType.STRING, True) view.setCol('status', q.enumerators.OsisType.STRING, True) view.setCol('starttime', q.enumerators.OsisType.DATETIME, True) view.setCol('endtime', q.enumerators.OsisType.DATETIME, True) connection.viewAdd(view) indexes = ['name', 'customer', 'type', 'priority'] for field in indexes: context = {'schema': "%s_%s" % (domain, rootobject), 'view': view_name, 'field': field} connection.runQuery("CREATE INDEX %(field)s_%(schema)s_%(view)s ON %(schema)s.%(view)s (%(field)s)" % context)
def main(q, i, params, tags): rootobject = 'space' domain = "ui" appname = params['appname'] connection = OsisDB().getConnection(appname) if not connection.viewExists(domain, rootobject, rootobject): view = connection.viewCreate(domain, rootobject, rootobject) view.setCol('name', q.enumerators.OsisType.STRING, True, index=True, unique=True) view.setCol('tags', q.enumerators.OsisType.STRING, True, index=True) view.setCol('repository', q.enumerators.OsisType.STRING, True, index=True) view.setCol('repo_username', q.enumerators.OsisType.STRING, True) view.setCol('order', q.enumerators.OsisType.INTEGER, True) connection.viewAdd(view)
def main(q, i, params, tags): con = OsisDB().getConnection('main') params['result'] = con.runQuery(params['query'])
q.manage.postgresql8.cmdb.rootLogin = '******' q.manage.postgresql8.cmdb.rootPasswd = 'qbase' except Exception, e: print '\033[1;33mPostgresql requires group and user accounts.\nLinux users may try:' print '#groupadd qbase\n#useradd qbase' #q.manage.postgresql8.cmdb.save() q.manage.postgresql8.applyConfig() ##if postgresql fails to start using the q.manage commands use #q.cmdtools.postgresql8.pg_ctl.start(username) print '\n\033[1;34mAdd Database:\n\033[1;32m[ ]q.manage.postgresql8.cmdb.addDatabase(\'osis\')\n' q.manage.postgresql8.cmdb.addDatabase('osis') #q.manage.postgresql8.cmdb.save() q.manage.postgresql8.applyConfig() print '\n\033[1;34mView the created Database:\n\033[1;32m[ ]q.manage.postgresql8.cmdb.printDatabases()\n' q.manage.postgresql8.cmdb.printDatabases() osisdb = OsisDB() print '\n\033[1;34mAdd Connection for the database:\n\033[1;32m[ ]osisdb.addConnection(\'main\', \'127.0.0.1\', \'osis\', \'qbase\', \'qbase\')' try: osisdb.addConnection('main', '127.0.0.1', 'osis', 'qbase', 'qbase') #Register Model on server print '\n\033[1;34mGet a connection for the database:\n\033[1;32m[ ]con = osisdb.getConnection(\'main\')\n' con = osisdb.getConnection('main') print '\n\033[1;34mCreate an object in the database:\n\033[1;32m[ ]con.createObjectTypeByName(\'company\') \n' print con.createObjectTypeByName('company') con.createObjectTypeByName('company') print '\n\033[1;34mInitialise OSIS System: \n\033[1;32m[ ]osis.init(\'/opt/qbase3/libexec/osis\') \n' print osis.init('/opt/qbase3/libexec/osis') except Exception, e: print 'Connection to OSIS Database Failed. Check if Model file is present' def store(self):
def main(q, i, params, tags): con = OsisDB().getConnection('main') params['result'] = con.objectDelete(params['rootobjecttype'], params['rootobjectguid'], params['rootobjectversionguid'])
def main(q, i, params, tags): osis = OsisDB().getConnection('main') root = params['rootobject'] osis.objectSave(root)
def getOsisConnection(self, appname): from osis.store.OsisDB import OsisDB osis = OsisDB().getConnection(appname) return osis
class AuthBackend(object): def __init__(self): super(AuthBackend, self).__init__() self.osis = OsisDB().getConnection(p.api.appname) self.initChecked = False self.adminGroupGuid = None self.publicGroupGuid = None self.anonymousUserGuid = None self.userGroupGuid = None self._cache = cache.getApi() if cache else None self._cacheHash = cache.calculateHash( {"__name__": "authorization_authbackend"}) if cache else None def _initCheck(self): if self.initChecked: return self.initChecked = True #make sure we have an admins group adminGroup = AuthBackend._getGroup(self, ADMIN_GROUP) if not bool(adminGroup): self.adminGroupGuid = AuthBackend.createUsergroup( self, {"name": ADMIN_GROUP}) else: self.adminGroupGuid = adminGroup[0] #make sure we have a public group publicGroup = AuthBackend._getGroup(self, PUBLIC_GROUP) if not bool(publicGroup): self.publicGroupGuid = AuthBackend.createUsergroup( self, {"name": PUBLIC_GROUP}) else: self.publicGroupGuid = publicGroup[0] #make sure we have a users group userGroup = AuthBackend._getGroup(self, USER_GROUP) if not bool(userGroup): self.userGroupGuid = AuthBackend.createUsergroup( self, {"name": USER_GROUP}) else: self.userGroupGuid = userGroup[0] #make sure we have an anonymous user self.anonymousUserGuid = AuthBackend._getUsers(self, ANON_USER) if not bool(self.anonymousUserGuid): #We are Anonymous. We are Legion. We do not forgive. We do not forget. Expect us. self.anonymousUserGuid = AuthBackend.createUser( self, { "login": ANON_USER, "name": "Anonymous User" }) else: self.anonymousUserGuid = self.anonymousUserGuid[0] def _getGroup(self, name): searchfilter = self.osis.getFilterObject() searchfilter.add('group', "name", name, True) return self.osis.objectsFind("ui", "group", searchfilter) def _groupExists(self, name): return bool(self._getGroup(name)) def _getUsers(self, login): searchfilter = self.osis.getFilterObject() searchfilter.add('user', "login", login, True) return self.osis.objectsFind("ui", "user", searchfilter) def _userExists(self, login): return bool(self._getUsers(login)) def _getRules(self, group, functionname, context): searchfilter = self.osis.getFilterObject() searchfilter.add('authoriserule', "groupguids", ";" + group + ";", False) searchfilter.add('authoriserule', "function", functionname, True) searchfilter.add('authoriserule', "context", json_print_dict(context), True) return self.osis.objectsFind("ui", "authoriserule", searchfilter) def _ruleExists(self, group, functionname, context): return bool(self._getRules(group, functionname, context)) def _getCachedIsAuhtorised(self, groups, functionname, context): if not self._cache: return None #get main authorization dict results = self._cache.get(self._cacheHash) or {} #calculate hash for isAuthorised isAuthorisedHash = cache.calculateHash({ "groups": groups, "functionname": functionname, "context": context }) if isAuthorisedHash in results: #get the cached result return results[isAuthorisedHash] return None def _setCachedIsAuthorized(self, groups, functionname, context, value): if not self._cache: return #get main authorization dict results = self._cache.get(self._cacheHash) or {} #calculate hash for isAuthorised isAuthorisedHash = cache.calculateHash({ "groups": groups, "functionname": functionname, "context": context }) results[isAuthorisedHash] = value #save main authorization dict self._cache.set(self._cacheHash, results, cache.maxduration) def _clearCache(self): if not self._cache: return #clear main authorization dict self._cache.flushByKeys([self._cacheHash]) @ensure_groups def verifyUserIdentity(self, login, password): #pylint: disable=W0613 q.errorconditionhandler.raiseError("Not implemented") @ensure_groups def createUsergroup(self, usergroupinfo): if self._groupExists(usergroupinfo["name"]): q.errorconditionhandler.raiseError("Group %s already exists." % usergroupinfo["name"]) else: group = p.api.model.ui.group.new() group.name = usergroupinfo["name"] p.api.model.ui.group.save(group) return group.guid @ensure_groups def deleteUsergroup(self, usergroupid): if usergroupid == self.adminGroupGuid: q.errorconditionhandler.raiseError("Unable to delete %s." % ADMIN_GROUP) if usergroupid == self.publicGroupGuid: q.errorconditionhandler.raiseError("Unable to delete %s." % PUBLIC_GROUP) #make sure users don't reference the group anymore searchfilter = self.osis.getFilterObject() searchfilter.add('user', "groupguids", ";" + usergroupid + ";", False) userguids = self.osis.objectsFind("ui", "user", searchfilter) for userguid in userguids: user = p.api.model.ui.user.get(userguid) user.groups.remove(usergroupid) p.api.model.ui.user.save(user) #make sure rules don't reference the group anymore searchfilter = self.osis.getFilterObject() searchfilter.add('authoriserule', "groupguids", ";" + usergroupid + ";", False) ruleguids = self.osis.objectsFind("ui", "authoriserule", searchfilter) for ruleguid in ruleguids: rule = p.api.model.ui.authoriserule.get(ruleguid) rule.groupguids.remove(usergroupid) if not len(rule.groupguids): p.api.model.ui.authoriserule.delete(ruleguid) else: p.api.model.ui.authoriserule.save(rule) p.api.model.ui.group.delete(usergroupid) #clear authorization cache self._clearCache() return True @ensure_groups def createUser(self, userinfo): if self._userExists(userinfo["login"]): q.errorconditionhandler.raiseError("User %s already exists." % userinfo["login"]) else: user = p.api.model.ui.user.new() user.login = userinfo["login"] if "name" in userinfo: user.name = userinfo["name"] user.groups.append(self.publicGroupGuid) # Keep anonymous out of users group, they can't be trusted... if userinfo["login"] != ANON_USER: user.groups.append(self.userGroupGuid) p.api.model.ui.user.save(user) return user.guid @ensure_groups def deleteUser(self, userid): if userid == self.anonymousUserGuid: q.errorconditionhandler.raiseError("Unable to delete %s." % ANON_USER) login = p.api.model.ui.user.get(userid).login p.api.model.ui.user.delete(userid) return login @ensure_groups def updateUser(self, userid, userinfo): user = p.api.model.ui.user.get(userid) if "name" in userinfo: user.name = userinfo["name"] p.api.model.ui.user.save(user) return user.login @ensure_groups def addUserToGroup(self, userid, usergroupid): user = p.api.model.ui.user.get(userid) if usergroupid in user.groups: q.errorconditionhandler.raiseError( "User is already in that group.") user.groups.append(usergroupid) p.api.model.ui.user.save(user) return True @ensure_groups def deleteUserFromGroup(self, userid, usergroupid): user = p.api.model.ui.user.get(userid) if not usergroupid in user.groups: q.errorconditionhandler.raiseError("User is not in that group.") user.groups.remove(usergroupid) p.api.model.ui.user.save(user) return True @ensure_groups def authorise(self, groups, functionname, context): if not isinstance(groups, list): groups = [groups] for group in groups: if self._ruleExists(group, functionname, context): q.errorconditionhandler.raiseError("Rule already exists.") rule = p.api.model.ui.authoriserule.new() rule.groupguids = groups rule.function = functionname rule.context = context p.api.model.ui.authoriserule.save(rule) #clear authorization cache self._clearCache() return rule.guid @ensure_groups def unAuthorise(self, groups, functionname, context): if not isinstance(groups, list): groups = [groups] if self.adminGroupGuid in groups: q.errorconditionhandler.raiseError( "Removing authorization from the \"%s\" group is not allowed." % ADMIN_GROUP) found = False for group in groups: rules = self._getRules(group, functionname, context) for rule in rules: p.api.model.ui.authoriserule.delete(rule) found = True if found: #clear authorization cache self._clearCache() return found @ensure_groups def listAuthorisation(self, groups=None, functionname=None, context=None): #pylint: disable=W0613 q.errorconditionhandler.raiseError("Not implemented") @ensure_groups def isAuthorised(self, groups, functionname, context): q.logger.log( "Checking if group %s is authorized for function '%s' with context '%s' " % (str(groups), functionname, str(context)), 3) if not isinstance(groups, list): groups = [groups] cachedResult = self._getCachedIsAuhtorised(groups, functionname, context) if cachedResult is not None: #return cached result return cachedResult def doSearch(groupguid, functionname, context): searchfilter = self.osis.getFilterObject() searchfilter.add('authoriserule', "groupguids", ";" + groupguid + ";", False) searchfilter.add('authoriserule', "function", functionname, True) rules = self.osis.objectsFindAsView("ui", "authoriserule", searchfilter, 'authoriserule') # No rules found if not rules: q.logger.log("No rules found for group %s" % (str(groups)), 3) return False for rule in rules: ruleContext = json.loads(rule['context']) # Remove the '_rulegroup' and '_forceinheritance' items from the saved context. # This is only used to map stored rules to rulegroups in the UI # And yes, I know it's dirty if authorization: if authorization.RacktivityAuthorization.RULE_GROUP_PARAM in ruleContext and authorization.RacktivityAuthorization.RULE_GROUP_PARAM not in context: ruleContext.pop(authorization.RacktivityAuthorization. RULE_GROUP_PARAM) if authorization.RacktivityAuthorization.FORCE_INHERITANCE_PARAM in ruleContext: ruleContext.pop(authorization.RacktivityAuthorization. FORCE_INHERITANCE_PARAM) ruleMatch = True contextKeys = set(context.keys()) ruleContextKeys = set(ruleContext.keys()) if not ruleContextKeys.issubset(contextKeys): q.logger.log( "Context keys do not match for rule %s" % (str(rule)), 3) ruleMatch = False else: for key, value in context.iteritems(): keyMatches = True if key in ruleContext and not (value == ""): valueToMatch = ruleContext[key] if isinstance(value, dict): valueToMatch = json.loads(valueToMatch) if set(valueToMatch.keys()).issubset( set(value.keys())): for valueKey in value.keys(): if not valueKey in valueToMatch: continue if not (value[valueKey] == valueToMatch[valueKey]): keyMatches = False else: keyMatches = False elif isinstance(value, list): if valueToMatch not in set(value): keyMatches = False elif not (value == valueToMatch): keyMatches = False if not keyMatches: q.logger.log( "'%s' not in '%s' or '%s' != '%s'" % (key, str(ruleContext), value, valueToMatch), 3) ruleMatch = False break if ruleMatch: return True return False result = False for groupguid in groups: if not groupguid: continue if doSearch(groupguid, functionname, context): result = True break #store result in cache self._setCachedIsAuthorized(groups, functionname, context, result) return result
def main(q, i, p, params, tags): #pylint: disable=W0613 global authService #pylint: disable=W0603 if authService is None: authService = AuthService() request = params["request"] if not request.username: params["result"] = False else: q.logger.log( "Checking authorization for user %s with params %s" % (request.username, str(params)), 3) config = getConfig(q, p) if request.username == "anonymous" and isAdminOrIdeSpace(params): #An unauthenticated user cannot access the ADMIN or IDE space q.logger.log( "An unauthenticated user cannot access the ADMIN or IDE space", 3) params["result"] = False elif request.username == "anonymous" and isLocalRequest( request) and int(config["auth"]["insecure"]): q.logger.log("Allowing authorization for local request", 3) params["result"] = True else: #default unauthorized params["result"] = False conn = OsisDB().getConnection(p.api.appname) searchfilter = conn.getFilterObject() searchfilter.add("user", "login", request.username, True) users = conn.objectsFindAsView("ui", "user", searchfilter, "user") if users and len(users) == 1: user = users[0] groups = filter(None, user["groupguids"].split(";")) #pylint: disable=W0141 # we only parse the name in kwargs and the default values arguments = getAllArguments(params) context = {} authInfo = params["criteria"] if "authorizeParams" in authInfo: for key, value in authInfo["authorizeParams"].iteritems(): if isinstance(value, list): contextValues = list() for val in value: contextValue = getParamValue(arguments, val) if contextValue is not None: contextValues.append(contextValue) if contextValues: context[key] = contextValues else: # param not found, bailing out params["result"] = False request._request.setResponseCode(412) #pylint: disable=W0212 return else: contextValue = getParamValue(arguments, value) if contextValue is not None: context[key] = contextValue else: # param not found, bailing out params["result"] = False request._request.setResponseCode(412) #pylint: disable=W0212 return funcName = None if "authorizeRule" in authInfo: funcName = authInfo["authorizeRule"] if funcName: params["result"] = authService.isAuthorised( groups, funcName, context) if not params["result"] and 'localAuthorize' in params: newContext = params['localAuthorize'].redefine( funcName, context) if newContext: q.logger.log( "Rechecking authorization for user %s with new context %s" % (request.username, str(newContext)), 3) params["result"] = authService.isAuthorised( groups, funcName, newContext) #set the http response to 405 when we failed if params["result"] == False: request._request.setResponseCode(405) #pylint: disable=W0212
def main(q, i, params, tags): connection = OsisDB().getConnection('main') params['result'] = connection.objectsFind(params['rootobjecttype'], params['filterobject'], params['osisview'])
class ide(object): def __init__(self, tasklets=list()): basedir = os.path.join(q.dirs.pyAppsDir, p.api.appname) self._authenticate = q.taskletengine.get(os.path.join(basedir, 'impl', 'authenticate')) self._authorize = q.taskletengine.get(os.path.join(basedir, 'impl', 'authorize')) self.tasklets = tasklets self.alkira = Alkira(p.api) self.connection = OsisDB().getConnection(p.api.appname) @staticmethod def getAuthorizedFunctions(): functions = [] for funcName in dir(ide): # loop over functions of our class funcObj = getattr(ide, funcName) if getattr(funcObj, "APPLICATIONSERVER_EXPOSE_AUTHORIZED", False): #needs authorization if hasattr(funcObj, "auth_categories"): functions.append(getattr(funcObj, "auth_categories")) return functions def checkAuthentication(self, request, domain, service, methodname, args, kwargs): q.logger.log("HEADERS from ide.checkAuthentication %s" % str(request._request.requestHeaders)) #pylint:disable=W0212 tags = ('authenticate',) params = dict() params['request'] = request params['domain'] = domain params['service'] = service params['methodname'] = methodname params['args'] = args params['kwargs'] = kwargs params['result'] = True self._authenticate.execute(params, tags=tags) return params.get('result', False) def checkAuthorization(self, criteria, request, domain, service, methodname, args, kwargs): tags = ('authorize',) params = dict() params['criteria'] = criteria params['request'] = request params['domain'] = domain params['service'] = service params['methodname'] = methodname params['args'] = args params['kwargs'] = kwargs params['result'] = True self._authorize.execute(params, tags=tags) return params.get('result', False) def _resolveID(self, id): #pylint: disable=W0622 pieces = id.split(os.path.sep) project = self.alkira.getProject(pieces.pop(0)) return project, q.system.fs.joinPaths(*pieces) if pieces else "" #pylint: disable=W0142 def _getID(self, project, path): projectpath = q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname, project.path) _id = path.replace(projectpath, "") _id = _id.lstrip("/") return q.system.fs.joinPaths(project.name, _id) def _hasChildren(self, path): return bool(q.system.fs.walk(path, return_folders=1)) def _getProjectPath(self, project): return q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname, project.path) def _IDtoGUID(self, id): #pylint: disable=W0622 md5 = hashlib.md5(id) #pylint: disable=E1101 _hash = md5.hexdigest() parts = [] li = 0 for i in GUIDMAP: part = _hash[li:li + i] if len(part) != i: part += "0" * (i - len(part)) parts.append(part) li += i return "-".join(parts) def _filter(self, file): #pylint: disable=W0622 return os.path.splitext(file)[1] in EXTENSIONS def _updateFileIndex(self, id, content): #pylint: disable=W0622 guid = self._IDtoGUID(id) name = q.system.fs.getBaseName(id) self.connection.viewSave("ui", "_index", '_index', guid, guid, { 'name': name, 'content': content, 'url': 'ide://%s' % id }) def _updateDirIndex(self, id): #pylint: disable=W0622 project, relativepath = self._resolveID(id) fullpath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) for f in q.system.fs.walk(fullpath, 1): if not self._filter(f): continue self._updateFileIndex(self._getID(project, f), q.system.fs.fileGetContents(f)) def _deleteIndex(self, id): #pylint: disable=W0622 url = "ide://%s" % id index = self.connection.findTable("ui", "_index") delete = index.delete().where(index.c.url.like('%s%%' % url)) self.connection.runSqlAlchemyQuery(delete) def _touchTasklets(self, project, relativepath): fullpath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) for td in itertools.chain(TASKLETS, self.tasklets): ftd = q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname, td) if fullpath.startswith(ftd): q.system.fs.createEmptyFile(q.system.fs.joinPaths(ftd, "tasklets_updated")) break @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def getProjectNode(self, id="."): #pylint: disable=W0622 results = [] if not id: raise RuntimeError("Invalid ID") apppath = q.system.fs.joinPaths(q.dirs.pyAppsDir, p.api.appname) closed = lambda x: bool(q.system.fs.listDirsInDir(x)) fullpath = q.system.fs.joinPaths(apppath, id) fullpath = os.path.relpath(fullpath) dirList = sorted(q.system.fs.listDirsInDir(fullpath)) for directory in dirList: name = q.system.fs.getBaseName(directory) dirid = os.path.relpath(q.system.fs.joinPaths(id, name)) results.append({"state": "closed" if closed(directory) else "leaf", "data": name, "attr": {"id": dirid}}) return results @q.manage.applicationserver.expose_authorized(defaultGroups=["admin"], authorizeParams={}, authorizeRule="create project") def createProject(self, name, path): self.alkira.createProject(name, path) self._updateDirIndex(name) @q.manage.applicationserver.expose_authorized(defaultGroups=["admin"], authorizeParams={}, authorizeRule="delete project") def deleteProject(self, name): self.alkira.deleteProject(name) self._deleteIndex(name) @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def getProjects(self): return self.alkira.listProjectInfo() @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def getNode(self, id="."): #pylint: disable=W0622 results = [] if not id: raise RuntimeError("Invalid ID") if id == ".": projects = self.alkira.listProjects() for project in projects: results.append({"state": "closed", "data": project, "attr": {"id": project, "rel": "project"}}) return results project, relativepath = self._resolveID(id) projectpath = self._getProjectPath(project) fullpath = q.system.fs.joinPaths(projectpath, relativepath) if q.system.fs.isDir(fullpath): for directory in q.system.fs.listDirsInDir(fullpath): dirname = q.system.fs.getBaseName(directory) results.append({"state": "closed" if self._hasChildren(directory) else "leaf", "data": dirname, "attr": {"id": self._getID(project, directory)}}) results = sorted(results, key=lambda i: i['data']) files = [] for f in q.system.fs.listFilesInDir(fullpath): filename = q.system.fs.getBaseName(f) if not self._filter(filename): continue files.append({"state": "leaf", "data": filename, "attr": {"id": self._getID(project, f), "rel": "file", "title":filename}}) files = sorted(files, key=lambda i: i['data']) results += files return results @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def getFile(self, id): #pylint: disable=W0622 project, relativepath = self._resolveID(id) filepath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) return q.system.fs.fileGetContents(filepath) @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def setFile(self, id, content): #pylint: disable=W0622 project, relativepath = self._resolveID(id) filepath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) q.system.fs.writeFile(filepath, content) self._updateFileIndex(id, content) self._touchTasklets(project, relativepath) @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def newFile(self, id): #pylint: disable=W0622 project, relativepath = self._resolveID(id) filepath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) if q.system.fs.exists(filepath): raise RuntimeError("A file with the same name already exists") return q.system.fs.writeFile(filepath, "") @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def newDir(self, id): #pylint: disable=W0622 project, relativepath = self._resolveID(id) dirpath = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) if q.system.fs.exists(dirpath): raise RuntimeError("A file with the same name already exists") return q.system.fs.createDir(dirpath) @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def delete(self, id): #pylint: disable=W0622 project, relativepath = self._resolveID(id) path = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) if q.system.fs.isFile(path): q.system.fs.removeFile(path) elif q.system.fs.isDir(path): q.system.fs.removeDirTree(path) self._deleteIndex(id) self._touchTasklets(project, relativepath) @q.manage.applicationserver.expose_authorized(defaultGroups=["admin", "developer"], authorizeParams={}, authorizeRule="use project") def rename(self, id, name): #pylint: disable=W0622 project, relativepath = self._resolveID(id) path = q.system.fs.joinPaths(self._getProjectPath(project), relativepath) newname = q.system.fs.joinPaths(q.system.fs.getDirName(path), name) newid = self._getID(project, newname) if q.system.fs.exists(newname): raise RuntimeError("A file with the same name already exists") self._deleteIndex(id) if q.system.fs.isFile(path): q.system.fs.renameFile(path, newname) self._updateFileIndex(newid, q.system.fs.fileGetContents(newname)) elif q.system.fs.isDir(path): q.system.fs.renameDir(path, newname) self._updateDirIndex(newid) self._touchTasklets(project, relativepath)