예제 #1
0
def getBoxFromParentChain(db, path, parentBox):
    """ Given a path and a box to start with,
        the box identified by the path is returned,
        with all its permissions set along the way.
    """
    subBoxDict = dbRetrieveRecordByKey(
        db,
        'boxes',
        {'box_name': path[0], 'parent_id': parentBox.box_id},
        dbTablesDesc=dbSchema,
    )
    if subBoxDict is None:
        return None
    else:
        subPath = path[1:]
        subBox = Box(**subBoxDict)
        thisBoxPermissions = list(dbGetBoxRolePermissions(db, subBox.box_id))
        subBox.updatePermissionData(
            fromBox=parentBox,
            lastPermissionLayer=thisBoxPermissions,
        )
        if len(subPath) < 1:
            return subBox
        else:
            return getBoxFromParentChain(db, subPath, subBox)
예제 #2
0
def dbDeleteTicket(db, ticketId, user, mode, skipCommit=False):
    """ Remove a ticket from DB."""
    ticketDict = dbRetrieveRecordByKey(
        db,
        'tickets',
        {'ticket_id': ticketId},
        dbTablesDesc=dbSchema,
    )
    if (ticketDict is not None and
            ticketTargetTypeToModeNameMap[ticketDict['target_type']] == mode):
        ticket = Ticket(**ticketDict)
        if userIsAdmin(db, user) or user.username == ticket.username:
            #
            dbDeleteRecordsByKey(
                db,
                'tickets',
                {'ticket_id': ticketId},
                dbTablesDesc=dbSchema,
            )
            if not skipCommit:
                db.commit()
        else:
            raise OstracionError('Insufficient permissions')
    else:
        raise OstracionWarning('Ticket unavailable')
예제 #3
0
def dbGetUser(db, username):
    """Retrieve a user given its username."""
    userDict = dbRetrieveRecordByKey(
        db,
        'users',
        {'username': username},
        dbTablesDesc=dbSchema,
    )
    return User(**userDict) if userDict is not None else None
예제 #4
0
def dbGetUserRoles(db, user, asDict=False):
    """ Retrieve roles associated to a user.

        Here we implement the automatic attribution of
        anonymous role to unauthenticated visitors.
    """
    anonymousRole = dbRetrieveRecordByKey(
        db,
        'roles',
        {
            'role_id': 'anonymous',
            'role_class': 'system'
        },
        dbTablesDesc=dbSchema,
    )
    #
    if user.is_authenticated:
        for userRole in (ur for urBlock in (dbRetrieveRecordsByKey(
                db,
                'user_roles',
            {'username': user.username},
                dbTablesDesc=dbSchema,
        ), (anonymousRole, )) for ur in urBlock):
            #
            role = dbRetrieveRecordByKey(
                db,
                'roles',
                {
                    'role_class': userRole['role_class'],
                    'role_id': userRole['role_id'],
                },
                dbTablesDesc=dbSchema,
            )
            #
            if asDict:
                yield role
            else:
                yield Role(**role)
    else:
        if asDict:
            yield anonymousRole
        else:
            yield anonymousRole(**role)
예제 #5
0
def secondsToWaitBeforeLogin(db,
                             ipAddress,
                             doWrite,
                             loginProtectionSeconds,
                             hashSalt,
                             skipCommit=False):
    """ Check at once if the record exists
        and if the login is attemptable.
        Moreover update/insert the attempted-login entry in all cases
        and finally (optionally) commit.
    """
    #
    atLogin = AttemptedLogin(
        sender_hash=hashOfIpAddress(ipAddress, hashSalt=hashSalt),
        datetime=datetime.datetime.now(),
    )
    #
    prevLoginDict = dbRetrieveRecordByKey(
        db,
        'attempted_logins',
        {'sender_hash': atLogin.sender_hash},
        dbTablesDesc=dbSchema,
    )
    if prevLoginDict is not None:
        prevLogin = AttemptedLogin(**prevLoginDict)
    else:
        prevLogin = None
    #
    if (prevLogin is None
            or (datetime.datetime.now() - prevLogin.datetime).seconds >=
            loginProtectionSeconds):
        secondsToWait = 0
    else:
        secondsToWait = loginProtectionSeconds - (datetime.datetime.now() -
                                                  prevLogin.datetime).seconds
    #
    if doWrite and secondsToWait <= 0:
        if prevLogin is None:
            dbAddRecordToTable(
                db,
                'attempted_logins',
                atLogin.asDict(),
                dbTablesDesc=dbSchema,
            )
        else:
            dbUpdateRecordOnTable(
                db,
                'attempted_logins',
                atLogin.asDict(),
                dbTablesDesc=dbSchema,
            )
        if not skipCommit:
            db.commit()
    #
    return secondsToWait
예제 #6
0
def dbGetSetting(db, sgKlass, sgId, sId, user):
    """Load a given setting and return it as enriched."""
    return _enrichSettingObject(
        Setting(**dbRetrieveRecordByKey(
            db,
            'settings',
            {
                'klass': sgKlass,
                'group_id': sgId,
                'id': sId,
            },
            dbTablesDesc=dbSchema,
        )))
예제 #7
0
 def _retrieveAncestorIds(db, bx, ids=[]):
     if bx.box_id == '':
         return ids + [bx.box_id]
     else:
         return _retrieveAncestorIds(
             db,
             Box(**dbRetrieveRecordByKey(
                 db,
                 'boxes',
                 {'box_id': bx.parent_id},
                 dbTablesDesc=dbSchema,
             )),
             ids=ids + [bx.box_id],
         )
예제 #8
0
def _retraceBoxPath(db, boxId, builtPath=[]):
    """ From a box ID rebuild the corresponding
        path (by retracing the parent boxes all the way up to root.
        The id of the box itself is included in the result.
    """
    if boxId == '':
        return [''] + builtPath
    else:
        thisBox = dbRetrieveRecordByKey(db,
                                        'boxes', {'box_id': boxId},
                                        dbTablesDesc=dbSchema)
        return _retraceBoxPath(
            db,
            thisBox['parent_id'],
            [thisBox['box_name']] + builtPath,
        )
예제 #9
0
def getLinkFromParent(
        db, parentBox, linkName,
        user, accountDeletionInProgress=False):
    """ Given a box and the name of a link supposedly contained
        in it, return the link (or None).
    """
    linkDict = dbRetrieveRecordByKey(
        db,
        'links',
        {'name': linkName, 'box_id': parentBox.box_id},
        dbTablesDesc=dbSchema,
    )
    if linkDict is not None:
        return Link(**linkDict)
    else:
        return None
예제 #10
0
def getFileFromParent(
        db, parentBox, fileName,
        user, accountDeletionInProgress=False):
    """ Given a box and the name of a file supposedly contained
        in it, return the file (or None).
    """
    fileDict = dbRetrieveRecordByKey(
        db,
        'files',
        {'name': fileName, 'box_id': parentBox.box_id},
        dbTablesDesc=dbSchema,
    )
    if fileDict is not None:
        return File(**fileDict)
    else:
        return None
예제 #11
0
def getRootBox(db):
    """ Return the root box with permissions set. """
    boxDict = dbRetrieveRecordByKey(
        db,
        'boxes',
        {'box_id': ''},
        dbTablesDesc=dbSchema,
    )
    rootBoxPermissions = list(dbGetBoxRolePermissions(db, ''))
    #
    thisBox = Box(**boxDict)
    thisBox.setPermissionData(
        permissions=rootBoxPermissions,
        permissionHistory=[rootBoxPermissions],
        lastPermissionLayer=rootBoxPermissions,
    )
    return thisBox
예제 #12
0
def dbGetRole(db, roleClass, roleId, user):
    """Retrieve a role from DB by ID."""
    if userIsAdmin(db, user):
        roleDict = dbRetrieveRecordByKey(
            db,
            'roles',
            {
                'role_id': roleId,
                'role_class': roleClass
            },
            dbTablesDesc=dbSchema,
        )
        if roleDict is not None:
            return Role(**roleDict)
        else:
            return None
    else:
        return None
예제 #13
0
def dbGetEnrichAndCheckTicket(db, mode, ticketId, securityCode, urlRoot):
    """ Check validity (proper codes, existence) of a ticket
        and return it enriched.
    """
    ticketDict = dbRetrieveRecordByKey(
        db,
        'tickets',
        {'ticket_id': ticketId},
        dbTablesDesc=dbSchema,
    )
    if ticketDict is None:
        return None
    else:
        ticket = Ticket(**ticketDict)
        if all([
                ticketTargetTypeToModeNameMap[ticket.target_type] == mode,
                ticket.security_code == securityCode,
        ]):
            return enrichTicket(db, ticket, urlRoot)
        else:
            return None
예제 #14
0
def convertRoleRelatedRecord(db, legacySchema,
                             srcTableName, inRecord):
    if srcTableName == 'roles':
        isSystem = inRecord['system'] != 0
        outRecord = {
            'role_id': inRecord['role_id'],
            'role_class': determineRoleClass(inRecord),
            # 'system' DISAPPEARS
            'description': inRecord['description'],
            'can_box': (
                0
                if isSystem and inRecord['role_id'] == 'ticketer'
                else 1
            ),
            'can_user': (
                0
                if isSystem and inRecord['role_id'] == 'anonymous'
                else 1
            ),
            'can_delete': 0 if isSystem else 1,
        }
        return outRecord
    elif srcTableName in {'box_role_permissions', 'user_roles'}:
        referenceRole = dbRetrieveRecordByKey(
            db,
            'roles',
            {'role_id': inRecord['role_id']},
            dbTablesDesc=legacySchema,
        )
        outRecord = recursivelyMergeDictionaries(
            {'role_class': determineRoleClass(referenceRole)},
            defaultMap=inRecord,
        )
        return outRecord
    else:
        raise NotImplementedError('Cannot translate records for table "%s"' % (
            srcTableName,
        ))
예제 #15
0
def generalisedGetUserRoles(db, user):
    """ Look up the roles of the user
        taking into account the non-logged-in case.
    """
    if user is not None:
        if hasattr(user, 'roles') and user.roles is not None:
            return user.roles
        else:
            # the user object can have been created e.g.
            # during an user deletion request and not via the login
            # flask handler (whereupon it would get roles as well)
            return list(dbGetUserRoles(db, user))
    else:
        return [
            Role(**dbRetrieveRecordByKey(
                db,
                'roles',
                {
                    'role_class': 'system',
                    'role_id': 'anonymous'
                },
                dbTablesDesc=dbSchema,
            ))
        ]
예제 #16
0
         print('        * done.')
 else:
     # special handling of some tables
     if tName == 'settings':
         # here we add new settings and refresh some fields of the
         # existing ones (namely all but 'value')
         tcontents = initialDbValues.get(tName)
         print('        * Refreshing')
         for item in tcontents['values']:
             model = tcontents['model'](**item)
             print('            - %s : ' % model, end='')
             itemDictFound = dbRetrieveRecordByKey(
                 db,
                 tName,
                 {
                     'group_id': item['group_id'],
                     'id': item['id']
                 },
                 dbTablesDesc=dbSchema,
             )
             if itemDictFound is None:
                 # new: insert
                 print('inserting... ', end='')
                 dbAddRecordToTable(
                     db,
                     tName,
                     model.asDict(),
                     dbTablesDesc=dbSchema,
                 )
                 print('done ', end='')
             else: