def list_user_operations(self, entname, username=None): result = [] try: ent = self.user_info.get_entity(entname) if ent is None: return dict(success=False, msg='The entity does not exists') if username != None and username != '': if session['auth'].is_admin_role() == False: return dict(success=False, msg=constants.NO_PRIVILEGE) userobj = self.user_info.get_user(username) if userobj != None: auth = AuthorizationService() auth.user = userobj ops = auth.get_ops(ent) else: return dict(success=False, msg='The user does not exists') else: ops = session['auth'].get_ops(ent) for op in ops: result.append(op.name) return dict(success=True, ops=result) except Exception as ex: print_traceback() return dict(success=False, msg=to_str(ex).replace("'", ''))
def api_loginhandler(self, api_login, api_pwd): try: usr = User.by_user_name(api_login) if usr is not None and usr.validate_password(api_pwd) == True: auth = AuthorizationService() auth.user = usr session['userid'] = 'admin' session['auth'] = auth session['username'] = usr.user_name except Exception as ex: return {'success': False, 'msg': to_str(ex).replace("'", '')} return {'success': True, 'result': True}
def process_ha_events(self, conn): try: tc = TaskCreator() auth = AuthorizationService() auth.user = User.by_user_name(u'admin') grps = conn.query(ServerGroup).all() for grp in grps: running_ha_evts = conn.query(HAEvent).filter(HAEvent.status == HAEvent.STARTED).filter(HAEvent.sp_id == grp.id).all() if running_ha_evts: continue ha_events = conn.query(HAEvent).filter(HAEvent.status == HAEvent.IDLE).filter(HAEvent.sp_id == grp.id).order_by(HAEvent.event_id.asc()).all() if len(ha_events) > 0: tc.ha_action(auth, grp.id, grp.name) finally: conn.commit()
def servicepoint_login(self, came_from='/', **kwargs): result = None try: status = self.controller_impl.user_login(kwargs) if status.get('success'): user = status.get('user') group = status.get('group') ldap_user = status.get('ldap_user') user_details = status.get('user_details') result = self.post_login(user, group, ldap_user, user_details, came_from=url('/')) usr = DBSession.query(User).filter_by(user_name=user).first() auth = AuthorizationService() auth.user = usr #from stackone.cloud.DbModel.platforms.cms.CSEP import CSEP # servicepoint_name = kwargs.get('csep_name') # servicepoint = DBSession.query(CSEP).filter(CSEP.name == servicepoint_name).first() # if servicepoint is None: # msg = 'Cloud Service not found' # return "{success:false,msg:'" + msg.replace("'", ' ') + "'}" # if auth.has_servicepoint_role(servicepoint): # session['user'] = user # session['auth'] = auth # session['userid'] = usr.user_id # session['servicepoint_id'] = servicepoint.id # else: # return "{success:false,msg:'user has no permission on the Cloud Service'}" return result msg = status.get('msg') return "{success:false,msg:'" + msg.replace("'", ' ') + "'}" except Exception as e: print 'Exception: ', print e import traceback traceback.print_exc() return "{success:false,msg:'" + str(e).replace("'", ' ') + "'}"
def has_permission(self, type, groupid=None, _dc=None): auth = AuthorizationService() ent = self.user_info.get_entity(entname) if ent is None: return dict(success=False, result='The entity does not exists') try: if username != None and username != '': if session['auth'].is_admin_role() == False: return dict(success=False, result=constants.NO_PRIVILEGE) userobj = self.user_info.get_user(username) if userobj != None: auth.user = userobj return dict(success=True, result=auth.has_privilege(operation, ent)) return dict(success=False, result='The user does not exists') permits = session['auth'].has_privilege(operation, ent) return dict(success=True, result=permits) except Exception as ex: print_traceback() return dict(success=False, result=to_str(ex).replace("'", ''))
def post_login(self, userid, group, ldap_user, user_details, came_from=url('/')): result = '' if not userid: result = "{success:false,msg:'session expired'}" return result auth = AuthorizationService() auth.user_name = userid r = DBHelper().find_by_name(Role, to_unicode('admin')) session['cloud_only'] = False if ldap_user: if not len(group): result = "{success:false,msg:'User does not belong to any group in LDAP'}" return result #len(group) grps=Group.by_group_names(group) if not grps: result = "{success:false,msg:'None of the LDAP group (s) " + str(group).replace("'", '') + " defined in stackone'}" return result auth.groups = grps session['user_firstname'] = userid session['group_names'] = group session['is_cloud_admin'] = auth.is_admin_role() is_admin = auth.is_admin_role() from stackone.model.LDAPManager import LDAPManager auth.email_address = LDAPManager().get_email_address(user_details) else: u = User.by_user_name(to_unicode(userid)) auth.user = u auth.groups = u.groups session['user_firstname'] = u.firstname session['group_names']=[g.group_name for g in u.groups] is_admin=u.has_role(r) auth.email_address=u.email_address session['is_cloud_admin']=u.has_cloudadmin_role() dcs=auth.get_entities(constants.DATA_CENTER) if len(dcs) == 0L: session['cloud_only']=True session['username']=userid session['has_adv_priv']=tg.config.get(constants.ADVANCED_PRIVILEGES) session['granular_ui']=self.user_info.is_granular_ui() session['PAGEREFRESHINTERVAL']=tg.config.get(constants.PAGEREFRESHINTERVAL) session['TASKPANEREFRESH']=tg.config.get(constants.TASKPANEREFRESH) session['userid']=userid session['auth']=auth session['rem_days']='' try: session['rem_days']=rem_days_to_exp() except Exception as e: print 'Exception: ',e session['is_admin']=is_admin session['version']=constants._version #session['edition']=get_edition()+'_'+constants._version session['edition']='3.2.1.5'+'_'+constants._version #session['has_cloud']=stackone.model.LicenseManager.has_cloud_license() session['has_cloud'] = 0 #session['edition_string']= get_edition_string session['edition_string']= 'stackone Enterprise' #session['sub_edition_string']=get_sub_edition_string session['sub_edition_string']='Trial Edition' session.save() TopCache().delete_usercache(auth) result='{success:true}' return result
def do_work(self, runtime_context, args=None, kw=None): self.task_manager = runtime_context.pop() self.curr_instance = datetime.now() args = self.params (recover, resume) = (False, False) visible = False if kw: resume = kw.get('resume', False) recover = kw.get('recover', False) kw = self.kw_params self.quiet = self.get_context_param('quiet') == True if not self.quiet and resume == False and recover == False: self.task_started() # cancelled = False # results = None try: #1487 try: #1359 task_result_running_instance = True if not args: args = [] if not kw: kw = {} auth = AuthorizationService() auth.email_address = '' user = User.by_user_name(self.user_name) auth.user = user if user is None: #564 u = User.by_user_name(u'admin') auth.email_address = u.email_address logger.info('User: '******' does not exist in CMS.') result = LDAPManager().validate_user(self.user_name) if result['success'] == True: #523 group_names = result['group'] groups = Group.by_group_names(group_names) if not groups: #465 msg = 'Groups: ' + str(group_names) + ' does not exist in CMS.' logger.info(msg) raise Exception(msg) #561--598 else: auth.user_name = self.user_name auth.groups = groups if result.get('email_address'): auth.email_address = result['email_address'] #598 else: logger.info(result['msg']) raise Exception('Error in LDAP chcek: ' + result['msg']) #598 else: auth.user = user auth.user_name = user.user_name auth.email_address = user.email_address #598 TaskUtil.set_task_context(self.task_id) if recover != True and resume != True: raw_result = self.exec_task(auth, self.context, *args, **kw) #884 else: #884 runn = self.get_running_instance() if runn: self.curr_instance = runn.timestamp #785 else: #785 task_result = self.get_task_result_instance() if isinstance(task_result.results, str): task_result.results += 'can not resume task. No running instance' #779 else: #779 if not task_result.results: task_result.results = 'can not resume task. No running instance' task_result_running_instance = False if task_result_running_instance: #883 if recover == True: raw_result = self.recover_task(auth, self.context, *args, **kw) #884 else: if resume == True: raw_result = self.resume_task(auth, self.context, *args, **kw) if task_result_running_instance: #1354 cancelled = False results = raw_result if isinstance(raw_result, dict): #1152 if raw_result.get('status') == constants.TASK_CANCELED: #1031 e = raw_result.get('msg') + '\n' + raw_result.get('results') transaction.abort() cancelled = True if not self.quiet: self.task_fail(e, auth, cancelled=True) #1094 else: if raw_result.get('status') == Task.SUCCEEDED: results = raw_result.get('results') visible = raw_result.get('visible', False) if type(results)==dict: #1148 if results.get('success')==True: results = 'Task Completed Successfully.' else: #1355 if raw_result is not None and self.processors is not None: #1250 #isinstance(raw_result, dict) results = [raw_result] for p in self.processors: #1246 if issubclass(p, Processor): p().process_output(results) else: results = raw_result if results is None: #1340 desc_tuple = self.get_short_desc() if desc_tuple is None: results = 'Task Completed Successfully.' else: short_desc,short_desc_params = desc_tuple desc = short_desc % short_desc_params results = desc + ' Completed Successfully.' transaction.commit() except Exception as e: logger.exception(to_str(e)) transaction.abort() if not self.quiet: self.task_fail(e, auth) else: if not self.quiet and cancelled == False: self.task_success(results, visible) finally: DBSession.remove() return None