def testIsAllowedToViewPacakgesProposalsOff(self): """Test PermissionResolver._IsAllowedToViewPackages() without proposals.""" test_resolver = auth.PermissionResolver('task') email_one = '*****@*****.**' email_two = '*****@*****.**' email_three = '*****@*****.**' setattr(auth.settings, 'ENABLE_PROPOSALS_GROUP', False) setattr(auth.settings, 'PROPOSALS_GROUP', '') self.mox.StubOutWithMock(auth, 'DoUserAuth') self.mox.StubOutWithMock(auth, 'IsAdminUser') self.mox.StubOutWithMock(auth, 'IsSupportUser') auth.IsAdminUser(email_one).AndReturn(True) auth.IsAdminUser(email_two).AndReturn(False) auth.IsSupportUser(email_two).AndReturn(True) auth.IsAdminUser(email_three).AndReturn(False) auth.IsSupportUser(email_three).AndReturn(False) self.mox.ReplayAll() test_resolver.email = email_one self.assertTrue(test_resolver._IsAllowedToViewPackages()) test_resolver.email = email_two self.assertTrue(test_resolver._IsAllowedToViewPackages()) test_resolver.email = email_three self.assertFalse(test_resolver._IsAllowedToViewPackages()) self.mox.VerifyAll()
def testIsAllowedToPropose(self): """Test PermissionResolver._IsAllowedToPropose().""" test_resolver = auth.PermissionResolver('task') email_one = '*****@*****.**' email_two = '*****@*****.**' email_three = '*****@*****.**' self.mox.StubOutWithMock(auth, 'IsAdminUser') self.mox.StubOutWithMock(auth, 'IsGroupMember') auth.IsAdminUser(email_one).AndReturn(True) auth.IsAdminUser(email_two).AndReturn(False) auth.IsGroupMember( email_two, 'proposals_group', remote_group_lookup=True).AndReturn(True) auth.IsAdminUser(email_three).AndReturn(False) auth.IsGroupMember( email_three, 'proposals_group', remote_group_lookup=True).AndReturn(False) self.mox.ReplayAll() test_resolver.email = email_one self.assertTrue(test_resolver._IsAllowedToPropose()) test_resolver.email = email_two self.assertTrue(test_resolver._IsAllowedToPropose()) test_resolver.email = email_three self.assertFalse(test_resolver._IsAllowedToPropose()) self.mox.VerifyAll()
def testDoUserAuthWithIsAdminTrueSuccess(self): self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users)) self.mox.StubOutWithMock(auth, 'IsAdminUser') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(True) auth.IsAdminUser(email).AndReturn(True) self.mox.ReplayAll() self.assertEqual(mock_user, auth.DoUserAuth(is_admin=True)) self.mox.VerifyAll()
def _DisplayHost(self, uuid=None, computer=None): """Displays the report for a single host. Args: uuid: str uuid for host to display. computer: models.Computer object to display. """ if not computer: computer = models.Computer.get_by_key_name(uuid) else: uuid = computer.uuid client_log_files = models.ClientLogFile.all().filter( 'uuid =', uuid).order('-mtime').fetch(100) msu_log = models.ComputerMSULog.all().filter( 'uuid =', uuid).order('-mtime').fetch(100) applesus_installs = models.InstallLog.all().filter( 'uuid =', uuid).filter( 'applesus =', True).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT) installs = models.InstallLog.all().filter('uuid =', uuid).filter( 'applesus =', False).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT) exits = models.PreflightExitLog.all().filter( 'uuid =', uuid).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT) install_problems = models.ClientLog.all().filter( 'action =', 'install_problem').filter( 'uuid =', uuid).order('-mtime').fetch(SINGLE_HOST_DATA_FETCH_LIMIT) uptime = None if computer: AddTimezoneToComputerDatetimes(computer) computer.connection_dates.reverse() computer.connection_datetimes.reverse() if computer.uptime: uptime_days = datetime.timedelta(seconds=computer.uptime).days uptime_hms = time.strftime('%H:%M:%S', time.gmtime(computer.uptime)) uptime = '%d days, %s' % (uptime_days, uptime_hms) else: uptime = 'unknown' values = { 'uuid_lookup_url': settings.UUID_LOOKUP_URL, 'owner_lookup_url': settings.OWNER_LOOKUP_URL, 'computer': computer, 'applesus_installs': applesus_installs, 'installs': installs, 'client_log_files': client_log_files, 'msu_log': msu_log, 'install_problems': install_problems, 'preflight_exits': exits, 'uptime': uptime, 'host_report': True, 'limit': SINGLE_HOST_DATA_FETCH_LIMIT, 'is_admin': auth.IsAdminUser(), 'is_support_user': auth.IsSupportUser(), 'is_security_user': auth.IsSecurityUser(), } self.response.out.write( RenderTemplate('templates/stats_host.html', values))
def get(self): """Handle GET.""" try: # already munki authenticated? return, nothing to do. gaeserver.DoMunkiAuth() #logging.info('Uauth: session is already authenticated') return except gaeserver.NotAuthenticated: pass user = users.get_current_user() if not user: #logging.error('Uauth: user is not logged in') raise NotAuthenticated email = user.email() if auth.IsAdminUser(email): a = gaeserver.AuthSimianServer() output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_ADMIN) elif auth.IsSupportUser(email): a = gaeserver.AuthSimianServer() output = a.SessionCreateUserAuthToken(email, level=gaeserver.LEVEL_BASE) else: logging.error('Uauth: user %s is not an admin', email) raise NotAuthenticated if output: #logging.info('Uauth: success, token = %s', output) self.response.headers['Set-Cookie'] = '%s=%s; secure; httponly;' % ( auth_init.AUTH_TOKEN_COOKIE, output) self.response.out.write(auth_init.AUTH_TOKEN_COOKIE) else: #logging.info('Uauth: unknown token') raise NotAuthenticated
def testIsAdminUserBootstrap(self, _): """Test IsAdminUser() where no admins are defined.""" admin_email = '*****@*****.**' self.testbed.setup_env(overwrite=True, USER_EMAIL=admin_email, USER_IS_ADMIN='1') self.assertTrue(auth.IsAdminUser(admin_email))
def testIsAdminUserFalse(self): """Test IsAdminUser() with a passed email address that is not an admin.""" self.mox.StubOutWithMock(auth, '_GetGroupMembers') admin_email = '*****@*****.**' auth._GetGroupMembers('admins').AndReturn(['*****@*****.**']) self.mox.ReplayAll() self.assertFalse(auth.IsAdminUser(admin_email)) self.mox.VerifyAll()
def _DisplayPackagesList(self): """Displays list of all installs/removals/etc.""" installs, counts_mtime = models.ReportsCache.GetInstallCounts() pending, pending_mtime = models.ReportsCache.GetPendingCounts() packages = [] all_packages = self.request.get('all_packages') == '1' query = self._GetPackageQuery() for p in query: if not p.plist: self.error(httplib.FORBIDDEN) self.response.out.write('Package %s has a broken plist!' % p.filename) return pkg = {} pkg['count'] = installs.get(p.munki_name, {}).get('install_count', 'N/A') pkg['fail_count'] = installs.get(p.munki_name, {}).get('install_fail_count', 'N/A') pkg['pending_count'] = pending.get(p.munki_name, 'N/A') pkg['duration_seconds_avg'] = installs.get(p.munki_name, {}).get( 'duration_seconds_avg', None) or 'N/A' pkg['unattended'] = p.plist.get('unattended_install', False) pkg['unattended_uninstall'] = p.plist.get('unattended_uninstall', False) force_install_after_date = p.plist.get('force_install_after_date', None) if force_install_after_date: pkg['force_install_after_date'] = force_install_after_date pkg['catalogs'] = p.catalog_matrix pkg['manifests'] = p.manifest_matrix pkg['munki_name'] = p.munki_name or p.plist.GetMunkiName() pkg['filename'] = p.filename pkg['file_size'] = p.plist.get('installer_item_size', 0) * 1024 pkg['install_types'] = p.install_types pkg['manifest_mod_access'] = p.manifest_mod_access pkg['description'] = p.description pkg['plist_is_signed'] = p.plist_is_signed() packages.append(pkg) packages.sort(key=lambda pkg: pkg['munki_name'].lower()) self.Render( self.TEMPLATE, { 'packages': packages, 'counts_mtime': counts_mtime, 'pending_mtime': pending_mtime, 'report_type': self.REPORT_TYPE, 'active_pkg': self.request.GET.get('activepkg'), 'is_support_user': auth.IsSupportUser(), 'can_upload': auth.HasPermission(auth.UPLOAD), 'is_admin': auth.IsAdminUser(), 'all_packages': all_packages, })
def testDoUserAuthWithIsAdminTrueFailure(self): self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users)) self.mox.StubOutWithMock(auth, 'IsAdminUser') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(False) self.mox.ReplayAll() self.assertRaises(auth.IsAdminMismatch, auth.DoUserAuth, is_admin=True) self.mox.VerifyAll()
def testIsAdminUserBootstrapFalse(self): """Test IsAdminUser() where no admins are defined, but user not admin.""" self.mox.StubOutWithMock(auth.users, 'is_current_user_admin') self.mox.StubOutWithMock(auth, '_GetGroupMembers') admin_email = '*****@*****.**' auth._GetGroupMembers('admins').AndReturn([]) self.mox.StubOutWithMock(auth, 'users') auth.users.is_current_user_admin().AndReturn(False) self.mox.ReplayAll() self.assertFalse(auth.IsAdminUser(admin_email)) self.mox.VerifyAll()
def testIsAdminUserWithNoPassedEmail(self): """Test IsAdminUser() with no passed email address.""" self.mox.StubOutWithMock(auth.users, 'get_current_user') self.mox.StubOutWithMock(auth, '_GetGroupMembers') admin_email = '*****@*****.**' mock_user = self.mox.CreateMockAnything() auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(admin_email) auth._GetGroupMembers('admins').AndReturn(['*****@*****.**']) self.mox.ReplayAll() self.assertFalse(auth.IsAdminUser()) self.mox.VerifyAll()
def testDoOAuthAuthAdminMismatch(self): """Test DoOAuthAuth(is_admin=True) where user is not admin.""" self.mox.StubOutWithMock(auth.oauth, 'get_current_user') self.mox.StubOutWithMock(auth, 'IsAdminUser') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.oauth.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(False) self.mox.ReplayAll() self.assertRaises(auth.IsAdminMismatch, auth.DoOAuthAuth, is_admin=True) self.mox.VerifyAll()
def _DisplayBrokenClients(self): """Displays a report of broken clients.""" # client with broken python py_computers = models.ComputerClientBroken.all().filter( 'fixed =', False) py_computers = list(py_computers) for computer in py_computers: computer.details = computer.details.replace("'", "\\'") computer.details = computer.details.replace('"', "\\'") computer.details = re.sub('\n', '<br/>', computer.details) computer.broken_datetimes.reverse() # clients with zero connection zero_conn_computers = models.Computer.AllActive().filter( 'connections_on_corp =', 0).filter('connections_off_corp =', 0).fetch(COMPUTER_FETCH_LIMIT) zero_conn_computers = list(zero_conn_computers) zero_conn_computers.sort(key=lambda x: x.preflight_datetime, reverse=True) # clients with no recent postflight, but recent preflight # NOTE: this takes ~5s to complete in ~20k fleet where ~1400 clients have # old postflight_datetime. if far more clients are in this state then # then the query could cause DeadlineExceededError. pf_computers = [] now = datetime.datetime.utcnow() not_recent = now - datetime.timedelta(days=15) q = models.Computer.AllActive().filter('postflight_datetime <', not_recent) for c in q: if not c.preflight_datetime or not c.postflight_datetime: continue # already covered zero connection clients above. if (c.preflight_datetime - c.postflight_datetime).days > 7: pf_computers.append(c) pf_computers.sort(key=lambda x: x.preflight_datetime, reverse=True) self.response.out.write( RenderTemplate( 'templates/stats_brokenclients.html', { 'py_computers': py_computers, 'zero_conn_computers': zero_conn_computers, 'pf_computers': pf_computers, 'is_admin': auth.IsAdminUser(), 'is_security_user': auth.IsSecurityUser(), }))
def post(self, report=None, uuid=None): """Stats post handler.""" #logging.debug('POST called: report=%s, uuid=%s', report, uuid) if not auth.IsAdminUser() and not auth.IsSupportUser(): self.response.set_status(403) return if report not in ['host', 'clientlog', 'brokenclients']: self.response.set_status(404) return action = self.request.get('action') if action == 'set_inactive': c = models.Computer.get_by_key_name(uuid) if not c: self.response.out.write('UUID not found') return c.active = False c.put(update_active=False) elif action == 'set_loststolen': models.ComputerLostStolen.SetLostStolen(uuid) elif action == 'upload_logs': c = models.Computer.get_by_key_name(uuid) if not c: self.response.out.write('UUID not found') return c.upload_logs_and_notify = users.get_current_user().email() c.put() elif action == 'delete_client_log': key = uuid # for /admin/clientlog/ it's really the uuid_logname l = models.ClientLogFile.get_by_key_name(key) l.delete() return elif action == 'set_fixed': c = models.ComputerClientBroken.get_by_key_name(uuid) if not c: self.response.out.write('UUID not found') return c.fixed = True c.put() else: self.response.set_status(404) self.redirect('/admin/%s/%s' % (report, uuid))
def testDoUserAuthWithAllDomainUsersOff(self): self.stubs.Set(auth.settings, 'ALLOW_ALL_DOMAIN_USERS_READ_ACCESS', False) self.stubs.Set(auth, 'users', self.mox.CreateMock(auth.users)) self.mox.StubOutWithMock(auth, 'IsAdminUser') self.mox.StubOutWithMock(auth, 'IsSupportUser') self.mox.StubOutWithMock(auth, 'IsSecurityUser') self.mox.StubOutWithMock(auth, 'IsPhysicalSecurityUser') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.users.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(False) auth.IsSupportUser(email).AndReturn(False) auth.IsSecurityUser(email).AndReturn(False) auth.IsPhysicalSecurityUser(email).AndReturn(True) self.mox.ReplayAll() self.assertEqual(mock_user, auth.DoUserAuth()) self.mox.VerifyAll()
def testDoOAuthAuthSuccess(self): """Test DoOAuthAuth() with success, where user is in KeyValueCache.""" self.mox.StubOutWithMock(auth.oauth, 'get_current_user') self.mox.StubOutWithMock(auth, 'IsAdminUser') self.mox.StubOutWithMock(auth.models.KeyValueCache, 'MemcacheWrappedGet') self.mox.StubOutWithMock(auth.util, 'Deserialize') mock_user = self.mox.CreateMockAnything() email = '*****@*****.**' auth.settings.OAUTH_USERS = [] oauth_users = [email] auth.oauth.get_current_user().AndReturn(mock_user) mock_user.email().AndReturn(email) auth.IsAdminUser(email).AndReturn(True) auth.models.KeyValueCache.MemcacheWrappedGet( 'oauth_users', 'text_value').AndReturn(oauth_users) auth.util.Deserialize(oauth_users).AndReturn(oauth_users) self.mox.ReplayAll() auth.DoOAuthAuth(is_admin=True) self.mox.VerifyAll()
def get(self, filename): """GET Args: filename: str, package filename like 'foo.dmg' Returns: None if a blob is being returned, or a response object """ auth_return = auth.DoAnyAuth() if hasattr(auth_return, 'email'): email = auth_return.email() if not auth.IsAdminUser(email) and not auth.IsSupportUser(email): raise auth.IsAdminMismatch filename = urllib.unquote(filename) pkg = models.PackageInfo.MemcacheWrappedGet(filename) if pkg is None or not pkg.blobstore_key: self.error(404) return if common.IsPanicModeNoPackages(): self.error(503) return # Get the Blobstore BlobInfo for this package; memcache wrapped. memcache_key = 'blobinfo_%s' % filename blob_info = memcache.get(memcache_key) if not blob_info: blob_info = blobstore.BlobInfo.get(pkg.blobstore_key) if blob_info: memcache.set(memcache_key, blob_info, 300) # cache for 5 minutes. else: logging.critical( 'Failure fetching BlobInfo for %s. Verify the blob exists: %s', pkg.filename, pkg.blobstore_key) self.error(404) return header_date_str = self.request.headers.get('If-Modified-Since', '') etag_nomatch_str = self.request.headers.get('If-None-Match', 0) etag_match_str = self.request.headers.get('If-Match', 0) pkg_date = blob_info.creation pkg_size_bytes = blob_info.size # TODO(user): The below can be simplified once all of our clients # have ETag values set on the filesystem for these files. The # parsing of If-Modified-Since could be removed. Removing it prematurely # will cause a re-download of all packages on all clients for 1 iteration # until they all have ETag values. # Reduce complexity of elif conditional below. # If an If-None-Match: ETag is supplied, don't worry about a # missing file modification date -- the ETag supplies everything needed. if etag_nomatch_str and not header_date_str: resource_expired = False else: resource_expired = handlers.IsClientResourceExpired( pkg_date, header_date_str) # Client supplied If-Match: etag, but that etag does not match current # etag. return 412. if (etag_match_str and pkg.pkgdata_sha256 and etag_match_str != pkg.pkgdata_sha256): self.response.set_status(412) # Client supplied no etag or If-No-Match: etag, and the etag did not # match, or the client's file is older than the mod time of this package. elif ((etag_nomatch_str and pkg.pkgdata_sha256 and etag_nomatch_str != pkg.pkgdata_sha256) or resource_expired): self.response.headers['Content-Disposition'] = str( 'attachment; filename=%s' % filename) # header date empty or package has changed, send blob with last-mod date. if pkg.pkgdata_sha256: self.response.headers['ETag'] = str(pkg.pkgdata_sha256) self.response.headers['Last-Modified'] = pkg_date.strftime( handlers.HEADER_DATE_FORMAT) self.response.headers['X-Download-Size'] = str(pkg_size_bytes) self.send_blob(pkg.blobstore_key) else: # Client doesn't need to do anything, current version is OK based on # ETag and/or last modified date. if pkg.pkgdata_sha256: self.response.headers['ETag'] = str(pkg.pkgdata_sha256) self.response.set_status(304)
def IsAdminUser(self): """Returns True if the current user is an admin, False otherwise.""" if not hasattr(self, '_is_admin'): self._is_admin = auth.IsAdminUser() return self._is_admin
def get(self, filename=None): """GET Args: filename: string like Firefox-1.0.dmg """ auth_return = auth.DoAnyAuth() if hasattr(auth_return, 'email'): email = auth_return.email() if not any(( auth.IsAdminUser(email), auth.IsSupportUser(email), )): raise auth.IsAdminMismatch if filename: filename = urllib.unquote(filename) hash_str = self.request.get('hash') if hash_str: lock = models.GetLockForPackage(filename) try: lock.Acquire(timeout=30, max_acquire_attempts=5) except datastore_locks.AcquireLockError: self.response.set_status(httplib.FORBIDDEN) self.response.out.write('Could not lock pkgsinfo') return pkginfo = models.PackageInfo.get_by_key_name(filename) if pkginfo: self.response.headers[ 'Content-Type'] = 'text/xml; charset=utf-8' if hash_str: self.response.headers['X-Pkgsinfo-Hash'] = self._Hash( pkginfo.plist) self.response.out.write(pkginfo.plist) else: if hash_str: lock.Release() self.response.set_status(httplib.NOT_FOUND) return if hash_str: lock.Release() else: query = models.PackageInfo.all() filename = self.request.get('filename') if filename: query.filter('filename', filename) install_types = self.request.get_all('install_types') for install_type in install_types: query.filter('install_types =', install_type) catalogs = self.request.get_all('catalogs') for catalog in catalogs: query.filter('catalogs =', catalog) pkgs = [] for p in query: pkg = {} for k in p.properties(): if k != '_plist': pkg[k] = getattr(p, k) pkgs.append(pkg) self.response.out.write('<?xml version="1.0" encoding="UTF-8"?>\n') self.response.out.write(plist.GetXmlStr(pkgs)) self.response.headers['Content-Type'] = 'text/xml; charset=utf-8'
def get(self, filename=None): """GET Args: filename: string like Firefox-1.0.dmg """ auth_return = auth.DoAnyAuth() if hasattr(auth_return, 'email'): email = auth_return.email() if not any(( auth.IsAdminUser(email), auth.IsSupportUser(email), )): raise auth.IsAdminMismatch if filename: filename = urllib.unquote(filename) hash_str = self.request.get('hash') if hash_str: lock = 'pkgsinfo_%s' % filename if not gae_util.ObtainLock(lock, timeout=5.0): self.response.set_status(403) self.response.out.write('Could not lock pkgsinfo') return pkginfo = models.PackageInfo.get_by_key_name(filename) if pkginfo: self.response.headers[ 'Content-Type'] = 'text/xml; charset=utf-8' if hash_str: self.response.headers['X-Pkgsinfo-Hash'] = self._Hash( pkginfo.plist) self.response.out.write(pkginfo.plist) else: if hash_str: gae_util.ReleaseLock(lock) self.response.set_status(404) return if hash_str: gae_util.ReleaseLock(lock) else: query = models.PackageInfo.all() filename = self.request.get('filename') if filename: query.filter('filename', filename) install_types = self.request.get_all('install_types') for install_type in install_types: query.filter('install_types =', install_type) catalogs = self.request.get_all('catalogs') for catalog in catalogs: query.filter('catalogs =', catalog) pkgs = [] for p in query: pkg = {} for k in p.properties(): if k != '_plist': pkg[k] = getattr(p, k) pkgs.append(pkg) self.response.out.write('<?xml version="1.0" encoding="UTF-8"?>\n') self.response.out.write(plist.GetXmlStr(pkgs)) self.response.headers['Content-Type'] = 'text/xml; charset=utf-8'
def testIsAdminUserBootstrapFalse(self, _): """Test IsAdminUser() where no admins are defined, but user not admin.""" self.assertFalse(auth.IsAdminUser(self.email))
def testIsAdminUserWithNoPassedEmail(self, _): """Test IsAdminUser() with no passed email address.""" self.assertFalse(auth.IsAdminUser())
def testIsAdminUserFalse(self, _): """Test IsAdminUser() with a passed email address that is not an admin.""" self.assertFalse(auth.IsAdminUser('*****@*****.**'))
def testIsAdminUserTrue(self, _): """Test IsAdminUser() with a passed email address that is an admin.""" admin_email = '*****@*****.**' self.assertTrue(auth.IsAdminUser(admin_email))
def get(self, report=None, uuid=None): """Stats get handler.""" auth.DoUserAuth() if not report: report_type = self.request.get('type') report_filter = self.request.get('filter') if report_type and report_filter: report_filter = urllib.unquote(report_filter) report_filter = report_filter.strip() self._DisplaySummary(report_type, report_filter) else: self._DisplayCachedSummary() elif report == 'host': self._DisplayHost(uuid=uuid) elif report == 'hostmanifest': self._DisplayHostManifest(uuid=uuid) elif report == 'installs': pkg = self.request.get('pkg') historical = self.request.get('historical') == '1' applesus = self.request.get('applesus') == '1' pending = self.request.get('pending') == '1' if pkg: if pending: self._DisplayHostsPendingPkg(pkg) else: self._DisplayInstallsForPackage(pkg) else: if historical or applesus: self._DisplayPackagesListFromCache(applesus=applesus) else: self._DisplayPackagesList() elif report == 'installproblems': self._DisplayInstallProblems() elif report == 'preflightexits': self._DisplayPreflightExits() elif report == 'diskfree': self._DisplayLowDiskFree() elif report == 'uptime': self._DisplayLongestUptime() elif report == 'offcorp': self._DisplayLongestOffCorp() elif report == 'brokenclients': self._DisplayBrokenClients() elif report == 'msulogsummary': self._DisplayMsuLogSummary(since_days=uuid) elif report == 'msulogevent': self._DisplayMsuLogEvent() elif report == 'user_settings': self._DisplayUserSettings() elif report == 'adminlogs': self._DisplayAdminLogs() elif report == 'loststolen': self._DisplayLostStolen() elif report == 'packagealias': self._DisplayPackageAlias() elif report == 'clientlog': log_key_name = uuid l = models.ClientLogFile.get_by_key_name(log_key_name) if l: self.response.headers[ 'Content-Type'] = 'text/plain; charset=utf-8' self.response.out.write(l.log_file) else: self.response.out.write('Log not found') self.response.set_status(404) elif report == 'maintenance': if not auth.IsAdminUser(): self.response.set_status(403) return from simian.mac.admin import maintenance action = uuid if action == 'update_installs_schema': maintenance.UpdateInstallLogSchema() elif action == 'update_legacy_apple_updates': maintenance.ConvertLegacyAppleUpdateInstallLogEntities() elif action == 'rebuild_install_counts': maintenance.RebuildInstallCounts() else: self.response.set_status(404) else: self.response.set_status(404)
def IsAdminUser(self): """Returns True if the current user is an admin, False otherwise.""" # NOTE(user): this is definitely not threadsafe. if not hasattr(self, '_is_admin'): self._is_admin = auth.IsAdminUser() return self._is_admin