def delete_resource_file(colln, user, file_anno_or_id):
"""
:type colln: MyDbCollection
:param user:
:param file_anno_or_id:
:return:
"""
if isinstance(file_anno_or_id, FileAnnotation):
file_anno = file_anno_or_id # type: FileAnnotation
else:
file_anno = JsonObject.make_from_dict(
db_helper.read_by_id(colln,
file_anno_or_id)) # type: FileAnnotation
target_resource_id = file_anno.target
target_resource = JsonObject.make_from_dict(
db_helper.read_by_id(colln, target_resource_id))
has_update_permission = permission_manager.has_persmission(
user, Permission.UPDATE, obj=target_resource)
if not has_update_permission:
raise PermissionError(
'no permission to update resource and it\'s files')
# noinspection PyProtectedMember
colln.delete_item(file_anno._id)
file_path_in_resource_scope = file_anno.body.path
file_path = resource_file_path(target_resource_id,
file_path_in_resource_scope)
os.remove(file_path)
def get(self, user_id):
args = self.get_parser.parse_args()
user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)
projection = jsonify_argument(args.get('projection', None),
key='projection')
check_argument_type(projection, (dict, ),
key='projection',
allow_none=True)
_validate_projection(projection)
projection = projection_helper.modified_projection(
projection, mandatory_attrs=["_id", "jsonClass"])
user = JsonObject.make_from_dict(
g.users_colln.find_one(user_selector_doc, projection=None))
if user is None:
return error_response(message='user not found', code=404)
if not PermissionResolver.resolve_permission(
user, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
user_json = user.to_json_map()
projected_user_json = users_helper.project_user_json(
user_json, projection=projection)
return projected_user_json
def create_new_group(groups_colln, group_json, user_id, user_group_ids, initial_agents=None, ignore_source=False):
for k in ('_id', 'members'):
if k in group_json:
raise ObjModelException('you cannot set "{}" attribute.', 403)
for k in ('groupName', 'jsonClass'):
if k not in group_json:
raise ObjModelException('{} should be provided for creating new group'.format(k), 400)
if group_json['jsonClass'] != 'UsersGroup':
raise ObjModelException('invalid jsonClass', 403)
if not ignore_source:
if 'source' not in group_json:
group_json['source'] = initial_agents.all_users_group_id
old_group = get_group(
groups_colln, get_group_selector_doc(group_name=group_json['groupName']), projection={"_id": 1, "jsonClass": 1})
if old_group is not None:
raise ObjModelException('group already exists', 403)
group = JsonObject.make_from_dict(group_json)
# noinspection PyProtectedMember
group.set_from_dict({"members": [user_id]})
new_group_id = objstore_helper.create_resource(
groups_colln, group.to_json_map(), user_id, user_group_ids,
initial_agents=initial_agents, standalone=ignore_source)
return new_group_id
def get(self, group_identifier):
args = self.get_parser.parse_args()
identifier_type = args.get('identifier_type', '_id')
group_selector_doc = self._group_selector_doc(group_identifier,
identifier_type)
projection = jsonify_argument(args.get('projection', None),
key='projection')
check_argument_type(projection, (dict, ),
key='projection',
allow_none=True)
_validate_projection(projection)
projection = projection_helper.modified_projection(
projection, mandatory_attrs=["_id", "jsonClass"])
group = JsonObject.make_from_dict(
g.users_colln.find_one(group_selector_doc, projection=None))
if group is None:
return error_response(message='group not found', code=404)
if not PermissionResolver.resolve_permission(
group, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
group_json = group.to_json_map()
projected_group_json = projection_helper.project_doc(
group_json, projection)
return projected_group_json
def post(self, group_identifier):
args = self.get_parser.parse_args()
identifier_type = args.get('identifier_type', '_id')
group_selector_doc = self._group_selector_doc(group_identifier,
identifier_type)
update_doc = jsonify_argument(args['update_doc'], key='update_doc')
check_argument_type(update_doc, (dict, ), key='update_doc')
if 'jsonClass' not in update_doc:
update_doc['jsonClass'] = 'UsersGroup'
if update_doc['jsonClass'] != 'UsersGroup':
return error_response(message='invalid jsonClass', code=403)
if identifier_type == '_id':
update_doc.pop('groupName', None)
if update_doc['_id'] != group_identifier:
return error_response(message='invalid user_id', code=403)
else:
group_id = groups_helper.get_group_id(g.users_colln,
group_identifier)
if not group_id:
return error_response(message='no group with group_name {}'.
format(group_identifier))
update_doc['_id'] = group_id
return_projection = jsonify_argument(args.get('return_projection',
None),
key='return_projection')
check_argument_type(return_projection, (dict, ),
key='return_projection',
allow_none=True)
_validate_projection(return_projection)
return_projection = projection_helper.modified_projection(
return_projection, mandatory_attrs=['_id', 'jsonClass'])
try:
group_update = JsonObject.make_from_dict(update_doc)
updated_group_id = objstore_helper.update_resource(
g.users_colln,
group_update.to_json_map(),
current_token.user_id,
current_token.group_ids,
not_allowed_attributes=['members', 'groupName'])
if updated_group_id is None:
raise ObjModelException('group not exist', 404)
except ObjModelException as e:
return error_response(message=e.message, code=e.http_response_code)
except ValueError as e:
return error_response(message='schema validation error',
code=403,
details={"error": str(e)})
group_json = g.users_colln.find_one(group_selector_doc,
projection=return_projection)
return group_json
def resolve_to_absolute_path(self, file_anno_id):
file_anno = JsonObject.make_from_dict(
db_helper.read_by_id(self.colln, file_anno_id))
if file_anno is None:
return None
custodian_resource_id = file_anno.target
file_path_in_resource_scope = file_anno.body.path
file_path = myservice().resource_file_path(
self.repo_name, custodian_resource_id, file_path_in_resource_scope)
return file_path
def post(self, user_id):
'''
if not current_token.user_id:
return error_response(message='not authorized', code=401)
'''
args = self.post_parser.parse_args()
user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)
update_doc = jsonify_argument(args['update_doc'], key='update_doc')
check_argument_type(update_doc, (dict, ), key='update_doc')
if '_id' not in update_doc:
update_doc['_id'] = user_id
if 'jsonClass' not in update_doc:
update_doc['jsonClass'] = 'User'
if update_doc['_id'] != user_id:
return error_response(message='invalid user_id', code=403)
if update_doc['jsonClass'] != 'User':
return error_response(message='invalid jsonClass', code=403)
return_projection = jsonify_argument(args.get('return_projection',
None),
key='return_projection')
check_argument_type(return_projection, (dict, ),
key='return_projection',
allow_none=True)
_validate_projection(return_projection)
return_projection = projection_helper.modified_projection(
return_projection, mandatory_attrs=['_id', 'jsonClass'])
try:
user_update = JsonObject.make_from_dict(update_doc)
updated_user_id = objstore_helper.update_resource(
g.users_colln,
user_update.to_json_map(),
current_token.user_id,
current_token.group_ids,
not_allowed_attributes=[
'hashedPassword', 'externalAuthentications', 'password'
])
if updated_user_id is None:
raise ObjModelException('user not exist', 404)
except ObjModelException as e:
return error_response(message=e.message, code=e.http_response_code)
except (ValueError, ValidationError, TypeError) as e:
return error_response(message='schema validation error',
code=403,
details={"error": str(e)})
user_json = g.users_colln.find_one(user_selector_doc,
projection=return_projection)
return user_json
def get_group(org_name, group_id, projection=None):
from vedavaapi.common import VedavaapiServices
from vedavaapi.accounts import VedavaapiAccounts
accounts_service = VedavaapiServices.lookup(
'accounts') # type: VedavaapiAccounts
users_colln = accounts_service.get_users_colln(org_name)
if projection is not None:
if 0 in projection.values():
projection.pop('jsonClass', None)
else:
projection.update({"jsonClass": 1})
group_json = users_colln.get(group_id, projection=projection)
return JsonObject.make_from_dict(group_json)
def remove_users_from_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):
group = JsonObject.make_from_dict(
users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
if group is None:
raise ObjModelException('group not found', 404)
if current_user_id and not PermissionResolver.resolve_permission(
group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
raise ObjModelException('permission denied', 403)
update_doc = {"$pull": {"members": {"$in": user_ids}}}
response = users_colln.update_one(group_selector_doc, update_doc)
return response.modified_count
def save_file(colln, user, resource_id, file, purpose):
file_name = secure_filename(os.path.basename(file.filename))
file_path = resource_file_path(resource_id, file_name)
file_descriptor = FileDescriptor.from_details(file_name)
file_annotation = FileAnnotation.from_details(file_descriptor,
resource_id,
purpose=purpose)
handle_creation_details(colln, user, file_annotation)
file_annotation.validate()
created_doc = db_helper.update(colln, file_annotation, user,
permission_manager)
created_anno = JsonObject.make_from_dict(created_doc)
file.save(file_path)
return created_anno
def handle_creation_details(colln, user, resource):
if not isinstance(resource, Resource):
return resource
user_id = user.authentication_infos[0].user_id
if hasattr(resource, '_id'):
old_object = JsonObject.make_from_dict(
db_helper.read_by_id(colln, resource._id))
raise_if_overwrites(old_object, resource, ["creator", "created"])
# TODO modified time to be setted, contributors to be updated.
else:
resource.creator = user_id
resource.contributor = [user_id]
delete_attributes(resource, ["created"])
resource.update_time()
return resource
def post(self):
user_id = resolve_user_id()
group_ids = [
group['_id'] for group in groups_helper.get_user_groups(
g.users_colln, user_id, groups_projection={"_id": 1})
]
args = self.post_parser.parse_args()
update_doc = jsonify_argument(args['update_doc'], key='update_doc')
check_argument_type(update_doc, (dict,), key='update_doc')
if '_id' not in update_doc:
update_doc['_id'] = user_id
if 'jsonClass' not in update_doc:
update_doc['jsonClass'] = 'User'
if update_doc['_id'] != user_id:
return error_response(message='invalid _id', code=403)
if update_doc['jsonClass'] != 'User':
return error_response(message='invalid jsonClass', code=403)
if 'password' in update_doc:
update_doc['hashedPassword'] = bcrypt.hashpw(
update_doc['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
update_doc.pop('password')
return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection')
check_argument_type(return_projection, (dict,), key='return_projection', allow_none=True)
_validate_projection(return_projection)
return_projection = projection_helper.modified_projection(
return_projection, mandatory_attrs=['_id', 'jsonClass'])
try:
user_update = JsonObject.make_from_dict(update_doc)
updated_user_id = objstore_helper.update_resource(
g.users_colln, user_update.to_json_map(), user_id, group_ids,
not_allowed_attributes=('externalAuthentications', 'password'))
if updated_user_id is None:
raise ObjModelException('user not exist', 404)
except ObjModelException as e:
return error_response(message=e.message, code=e.http_response_code)
except ValueError as e:
return error_response(message='schema validation error', code=403, details={"error": str(e)})
user_json = g.users_colln.get(user_id, projection=return_projection)
return user_json
def get(self, group_identifier):
args = self.get_parser.parse_args()
identifier_type = args.get('identifier_type', '_id')
# noinspection PyProtectedMember
group_selector_doc = GroupResource._group_selector_doc(
group_identifier, identifier_type)
group = JsonObject.make_from_dict(
g.users_colln.find_one(group_selector_doc, projection=None))
if group is None:
return error_response(message='group not found', code=404)
if not PermissionResolver.resolve_permission(
group, ObjectPermissions.READ, current_token.user_id,
current_token.group_ids, g.users_colln):
return error_response(message='permission denied', code=403)
member_ids = group.members if hasattr(group, 'members') else []
return member_ids
def create_new_user(users_colln, user_json, initial_agents=None, with_password=True):
for k in ('_id', 'externalAuthentications'):
if k in user_json:
raise ObjModelException('you cannot set "{}" attribute.', 403)
essential_fields = ['email', 'jsonClass']
if with_password:
essential_fields.append('password')
for k in essential_fields:
if k not in user_json:
raise ObjModelException('{} should be provided for creating new user'.format(k), 400)
if user_json['jsonClass'] != 'User':
raise ObjModelException('invalid jsonClass', 403)
if with_password:
user_json['hashedPassword'] = bcrypt.hashpw(
user_json['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
user_json.pop('password')
existing_user = get_user(
users_colln, get_user_selector_doc(email=user_json['email']),
projection={"_id": 1, "jsonClass": 1})
if existing_user is not None:
raise ObjModelException('user already exists', 403)
user = JsonObject.make_from_dict(user_json)
user.set_from_dict({"externalAuthentications": WrapperObject()})
new_user_id = objstore_helper.create_resource(
users_colln, user.to_json_map(), None, None, initial_agents=initial_agents, standalone=True)
permissions_helper.add_to_agent_set(
users_colln, [new_user_id], ObjectPermissions.ACTIONS, Permission.GRANTED, user_pids=[new_user_id])
from ..agents_helpers import groups_helper
if initial_agents is not None:
groups_helper.add_users_to_group(
users_colln,
groups_helper.get_group_selector_doc(_id=initial_agents.all_users_group_id), [new_user_id], None, None)
return new_user_id
def add_users_to_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):
group = JsonObject.make_from_dict(
users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
if group is None:
raise ObjModelException('group not found', 404)
if current_user_id and not PermissionResolver.resolve_permission(
group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
raise ObjModelException('permission denied', 403)
for user_id in user_ids:
from . import users_helper
user_json = users_colln.find_one(users_helper.get_user_selector_doc(_id=user_id), projection={"_id": 1})
if user_json is None:
raise ObjModelException('user "{}" not found'.format(user_id), 403)
update_doc = {"$addToSet": {"members": {"$each": user_ids}}}
response = users_colln.update_one(group_selector_doc, update_doc)
return response.modified_count
def get_client(cls,
oauth_colln,
_id=None,
client_id=None,
projection=None):
client_selector_doc = cls.get_client_selector_doc(_id=_id,
client_id=client_id)
if client_selector_doc is None:
return None
if projection is not None:
if 0 in projection.values():
projection.pop('jsonClass', None)
else:
projection.update({"jsonClass": 1})
client_json = oauth_colln.find_one(client_selector_doc,
projection=projection)
client = JsonObject.make_from_dict(client_json)
return client
def get_group(groups_colln, group_selector_doc, projection=None):
projection = projection_helper.modified_projection(projection, mandatory_attrs=['jsonClass'])
group_json = groups_colln.find_one(group_selector_doc, projection=projection)
return JsonObject.make_from_dict(group_json)
def get_json_object(colln, query_doc, projection=None, cast_class=None):
item_json = colln.find_one(query_doc, projection=projection)
item = JsonObject.make_from_dict(item_json)
cast_class.cast(item)
return item
def create_new_client(oauth_colln,
client_json,
client_type,
user_id,
group_ids,
initial_agents=None):
oauth2_master_config = oauth_colln.find_one(
{"jsonClass": OAuth2MasterConfig.json_class})
if oauth2_master_config:
grant_privileges_conf = oauth2_master_config['grant_privileges']
cc_agent_set = grant_privileges_conf['client_credentials']
allow_cc_grant = (user_id in cc_agent_set['users'] or True in [
group in cc_agent_set['groups'] for group in group_ids
])
pw_agent_set = grant_privileges_conf['password']
allow_pw_grant = (user_id in pw_agent_set['users'] or True in [
group in pw_agent_set['groups'] for group in group_ids
])
else:
allow_cc_grant = allow_pw_grant = False
for k in ('_id', 'client_id', 'client_secret',
'token_endpoint_auth_method', 'grant_types', 'response_types',
'scope', 'user_id'):
if k in client_json:
raise ObjModelException('you can\'t set {} attribute'.format(k),
403)
if client_json['jsonClass'] != OAuth2Client.json_class:
raise ObjModelException('invalid jsonClass', 403)
essential_fields = ['name']
for k in essential_fields:
if k not in client_json:
raise ObjModelException('unsufficient data', 403)
client_id = uuid.uuid4().hex
grant_types = ['authorization_code', 'refresh_token', 'implicit'
] if client_type == 'private' else ['implicit']
if client_type == 'private':
if allow_cc_grant:
grant_types.append('client_credentials')
if allow_pw_grant:
grant_types.append('password')
client_json.update({
"client_id":
client_id,
"token_endpoint_auth_method":
"client_secret_post" if client_type != 'public' else 'none',
"grant_types":
grant_types,
"response_types":
["code", "token"] if client_type == 'private' else ["token"],
"scope":
"vedavaapi.root",
"user_id":
user_id
})
if client_type == 'private':
client_secret = bcrypt.gensalt(24).decode('utf-8')
client_json['client_secret'] = client_secret
client = JsonObject.make_from_dict(client_json)
new_client_underscore_id = objstore_helper.create_resource(
oauth_colln,
client.to_json_map(),
user_id,
group_ids,
initial_agents=initial_agents,
standalone=True)
return new_client_underscore_id
def get_client(oauth_colln, client_selector_doc, projection=None):
projection = projection_helper.modified_projection(
projection, mandatory_attrs=["jsonClass"])
user_json = oauth_colln.find_one(client_selector_doc,
projection=projection)
return JsonObject.make_from_dict(user_json)
def update_tree(colln,
user,
branch,
branch_path,
parent_id,
branch_root_node_type='root'):
result_branch = {}
root_node_content = branch['content']
root_node = JsonObject.make_from_dict(root_node_content)
handle_creation_details(colln, user, root_node)
if branch_root_node_type == 'annotation':
root_node.target = parent_id
elif branch_root_node_type == 'section':
root_node.source = parent_id
try:
root_node.validate()
root_node_json = db_helper.update(
colln, root_node, user, permission_manager=permission_manager)
result_branch['content'] = root_node_json
except Exception as e:
raise TreeCrawlError('content is invalid',
tree_position=branch_path,
node_json=root_node.to_json_map(),
error=str(e))
annotation_sub_branches = branch.get('annotations', [])
result_annotation_sub_branches = []
for n, sb in enumerate(annotation_sub_branches):
sub_branch_path = branch_path + '.annotations[0]'
result_annotation_sub_branch = update_tree(
colln,
user,
sb,
sub_branch_path,
root_node_json['_id'],
branch_root_node_type='annotation')
result_annotation_sub_branches.append(result_annotation_sub_branch)
if len(annotation_sub_branches):
result_branch['annotations'] = result_annotation_sub_branches
section_sub_branches = branch.get('sections', [])
result_section_sub_branches = []
for n, sb in enumerate(section_sub_branches):
sub_branch_path = branch_path + '.sections[0]'
result_section_sub_branch = update_tree(
colln,
user,
sb,
sub_branch_path,
root_node_json['_id'],
branch_root_node_type='section')
result_section_sub_branches.append(result_section_sub_branch)
if len(section_sub_branches):
result_branch['sections'] = result_section_sub_branches
return result_branch