def valid_user(request):
"""
Require that a valid user be logged in to access this path
"""
email = authenticated_userid(request)
if email:
user_query = DBSession.query(User).filter(User.email == email)
if user_query.count() > 0:
user = user_query.first()
request.validated['ValidUser'] = user
logger.info("User: "******" " + str(user.id))
else:
raise _401()
else:
raise _401()
def valid_user(request):
"""
Require that a valid user be logged in to access this path
"""
email = authenticated_userid(request)
if email:
user_query = DBSession.query(User).filter(User.email==email)
if user_query.count() > 0:
user = user_query.first()
request.validated['ValidUser'] = user
logger.info("User: "******" " + str(user.id))
else:
raise _401()
else:
raise _401()
def edit_user(request):
"""
Edit an existing user
privs: logged in, or admin
{"username": "******", "changes": {"username": "******", "password": "******", "email": "changed"}}
"""
cur_user = request.validated['ValidUser']
target_username = request.validated['username']
target_users = DBSession.query(User).filter(User.name==target_username)
if target_users.count() > 1:
target_user = target_users.first()
if target_user.name == cur_user.name or cur_user.admin:
changes = request.validated['changes']
if "username" in changes:
if not DBSession.query(User).filter(User.name==changes['username']).count() > 1:
target_user.name = changes['username']
if "password" in changes:
target_user.password = hashlib.sha512(changes['password']).hexdigest()
if "email" in changes:
if not DBSession.query(User).filter(User.email==changes['email']).count() > 1:
target_user.email = changes['email']
DBSession.add(target_user)
DBSession.commit()
return {"success": True}
raise _401()
def login_user(request):
"""
login a user
privs: none
{"username": "******", "password": "******"}
"""
password = hashlib.sha512(request.validated['password']).hexdigest()
username = request.validated['username']
try:
user = DBSession.query(User).filter(User.name == username).one()
except:
raise _401()
if user and user.password == password:
headers = remember(request, user.email)
resp = Response(json.dumps({"success": True}))
resp.headerlist.extend(headers)
return resp
else:
raise _401()
def login_user(request):
"""
login a user
privs: none
{"username": "******", "password": "******"}
"""
password = hashlib.sha512(request.validated['password']).hexdigest()
username = request.validated['username']
try:
user = DBSession.query(User).filter(User.name==username).one()
except:
raise _401()
if user and user.password == password:
headers = remember(request, user.email)
resp = Response(json.dumps({"success": True}))
resp.headerlist.extend(headers)
return resp
else:
raise _401()
def push_repo(request):
"""
Push changes to this repo to a remote
"""
cur_user = request.validated['ValidUser']
repos = DBSession.query(Repo).filter(Repo.id==request.matchdict['rid'])
if repos.count() > 0:
repo = repos.first()
if repo.owner_id == cur_user.id or cur_user.admin:
repo.push()
return {"success": True}
raise _401()
def clone_repo(request):
"""
clone a repo fresh
"""
cur_user = request.validated['ValidUser']
repo_query = DBSession.query(Repo).filter(Repo.id==1)
if repo_query.count() > 0:
repo = repo_query.first()
if repo.owner_id == cur_user.id or cur_user.admin:
repo.clone()
return {"success": True}
raise _401()
def commit_repo(request):
"""
commit whatever changes have been made
"""
cur_user = request.validated['ValidUser']
repo_query = DBSession.query(Repo).filter(Repo.id==request.matchdict['rid'])
if repo_query.count() > 0:
repo = repo_query.first()
if repo.owner_id == cur_user.id or cur_user.admin:
repo.commit_a(request.validated['message'])
return {"success": True}
raise _401()
def delete_user(request):
"""
Delete a user
privs: admin, or self
"""
cur_user = request.validated['ValidUser']
target_query = DBSession.query(User).filter(User.name==request.validated['username'])
if target_query.count() > 0:
target = target_query.first()
if target.name == cur_user.name or cur_user.admin:
DBSession.delete(target)
DBSession.commit()
return {"success": True}
raise _401()
def create_user(request):
"""
Create a new User
This is expected a username, password, and email
privs: None
"""
new_user = User(
name=request.validated['username'],
password=hashlib.sha512(request.validated['password']).hexdigest(),
email=request.validated['email']
)
if DBSession.query(User).filter(User.name==new_user.name).count() > 0:
raise _401()
DBSession.add(new_user)
DBSession.commit()
return {"success": True}
def create_key(request):
"""
Create a new api key for a user
privs: logged in, admin
{"username": "******"}
"""
cur_user = request.validated['ValidUser']
target_query = DBSession.query(User).filter(
User.name==request.validated['username'])
if target_query.count() > 0:
target = target_query.first()
if target.name == cur_user or cur_user.admin:
key = gen_apikey()
newAPIKey = APIKey(apikey=key,owner_id=target.id)
DBSession.add(newAPIKey)
DBSession.commit()
return {"success": True}
raise _401()
def create_key(request):
"""
Create a new api key for a user
privs: logged in, admin
{"username": "******"}
"""
cur_user = request.validated['ValidUser']
target_query = DBSession.query(User).filter(
User.name == request.validated['username'])
if target_query.count() > 0:
target = target_query.first()
if target.name == cur_user or cur_user.admin:
key = gen_apikey()
newAPIKey = APIKey(apikey=key, owner_id=target.id)
DBSession.add(newAPIKey)
DBSession.commit()
return {"success": True}
raise _401()
def delete_key(request):
"""
Delete an api key
privs: logged in, admin
{"username": "******", "key": "dat-key"}
"""
cur_user = request.validated['ValidUser']
target_query = DBSession.query(User).filter(
User.name==request.validated['username'])
if target_query.count() > 0:
target = target_query.first()
if target == cur_user or cur_user.admin:
key_query = DBSession.query(APIKey).filter(
APIKey.apikey==request.validated['key'])
if key_query.count() > 0:
key = key_query.first()
DBSession.delete(key)
DBSession.commit()
return {"success": True}
raise _401()
def delete_key(request):
"""
Delete an api key
privs: logged in, admin
{"username": "******", "key": "dat-key"}
"""
cur_user = request.validated['ValidUser']
target_query = DBSession.query(User).filter(
User.name == request.validated['username'])
if target_query.count() > 0:
target = target_query.first()
if target == cur_user or cur_user.admin:
key_query = DBSession.query(APIKey).filter(
APIKey.apikey == request.validated['key'])
if key_query.count() > 0:
key = key_query.first()
DBSession.delete(key)
DBSession.commit()
return {"success": True}
raise _401()
def post_repo(request):
"""
To create a new repository
"""
cur_user = request.validated['ValidUser']
data = request.validated
data.update({'owner_id': cur_user.id})
r = Repo.from_dict(data)
if not DBSession.query(Repo).filter(Repo.name==r.name).count() > 0:
DBSession.add(r)
DBSession.commit()
if data['source_type'] == 'tar':
t = TrackedLink.from_dict({
"repoid": r.id,
"name": r.name,
"link_text": data.get('link_text'),
"url": r.source_url,
})
t.repo = r
DBSession.add(t)
DBSession.commit()
return r.to_dict()
raise _401()
def valid_body_func(request):
data = json.loads(request.body)
if all(map(lambda k: k in data,required_keys)):
request.validated.update(data)
else:
raise _401()
def valid_body_func(request):
data = json.loads(request.body)
if all(map(lambda k: k in data, required_keys)):
request.validated.update(data)
else:
raise _401()