def create_new_group(groups_colln, group_json, user_id, user_group_ids, initial_agents=None, ignore_source=False): for k in ('_id', 'members'): if k in group_json: raise ObjModelException('you cannot set "{}" attribute.', 403) for k in ('groupName', 'jsonClass'): if k not in group_json: raise ObjModelException('{} should be provided for creating new group'.format(k), 400) if group_json['jsonClass'] != 'UsersGroup': raise ObjModelException('invalid jsonClass', 403) if not ignore_source: if 'source' not in group_json: group_json['source'] = initial_agents.all_users_group_id old_group = get_group( groups_colln, get_group_selector_doc(group_name=group_json['groupName']), projection={"_id": 1, "jsonClass": 1}) if old_group is not None: raise ObjModelException('group already exists', 403) group = JsonObject.make_from_dict(group_json) # noinspection PyProtectedMember group.set_from_dict({"members": [user_id]}) new_group_id = objstore_helper.create_resource( groups_colln, group.to_json_map(), user_id, user_group_ids, initial_agents=initial_agents, standalone=ignore_source) return new_group_id
def remove_users_from_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids): group = JsonObject.make_from_dict( users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1})) if group is None: raise ObjModelException('group not found', 404) if current_user_id and not PermissionResolver.resolve_permission( group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln): raise ObjModelException('permission denied', 403) update_doc = {"$pull": {"members": {"$in": user_ids}}} response = users_colln.update_one(group_selector_doc, update_doc) return response.modified_count
def post(self): args = self.post_parser.parse_args() args = parse_json_args(args, self.post_json_parse_directives) resource_jsons = args['resource_jsons'] return_projection = args['return_projection'] created_resource_jsons = [] for n, rj in enumerate(resource_jsons): try: if 'jsonClass' not in rj: raise ObjModelException('jsonClass attribute should exist for update/creation', 403) created_resource_id = objstore_helper.create_or_update( g.objstore_colln, rj, current_token.user_id, current_token.group_ids, initial_agents=g.initial_agents) if created_resource_id is None: created_resource_jsons.append(None) continue created_resource_json = g.objstore_colln.get( created_resource_id, projection=projection_helper.modified_projection(return_projection, ["_id", "jsonClass"])) created_resource_jsons.append(created_resource_json) except ObjModelException as e: return error_response( message='action not allowed at resource {}'.format(n), code=e.http_response_code, details={"error": e.message}) except (ValidationError, TypeError) as e: return error_response( message='schema validation error at resource {}'.format(n), code=400, details={"error": str(e)}) return created_resource_jsons
def post(self, group_identifier): args = self.get_parser.parse_args() identifier_type = args.get('identifier_type', '_id') group_selector_doc = self._group_selector_doc(group_identifier, identifier_type) update_doc = jsonify_argument(args['update_doc'], key='update_doc') check_argument_type(update_doc, (dict, ), key='update_doc') if 'jsonClass' not in update_doc: update_doc['jsonClass'] = 'UsersGroup' if update_doc['jsonClass'] != 'UsersGroup': return error_response(message='invalid jsonClass', code=403) if identifier_type == '_id': update_doc.pop('groupName', None) if update_doc['_id'] != group_identifier: return error_response(message='invalid user_id', code=403) else: group_id = groups_helper.get_group_id(g.users_colln, group_identifier) if not group_id: return error_response(message='no group with group_name {}'. format(group_identifier)) update_doc['_id'] = group_id return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict, ), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: group_update = JsonObject.make_from_dict(update_doc) updated_group_id = objstore_helper.update_resource( g.users_colln, group_update.to_json_map(), current_token.user_id, current_token.group_ids, not_allowed_attributes=['members', 'groupName']) if updated_group_id is None: raise ObjModelException('group not exist', 404) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValueError as e: return error_response(message='schema validation error', code=403, details={"error": str(e)}) group_json = g.users_colln.find_one(group_selector_doc, projection=return_projection) return group_json
def create_new_user(users_colln, user_json, initial_agents=None, with_password=True): for k in ('_id', 'externalAuthentications'): if k in user_json: raise ObjModelException('you cannot set "{}" attribute.', 403) essential_fields = ['email', 'jsonClass'] if with_password: essential_fields.append('password') for k in essential_fields: if k not in user_json: raise ObjModelException('{} should be provided for creating new user'.format(k), 400) if user_json['jsonClass'] != 'User': raise ObjModelException('invalid jsonClass', 403) if with_password: user_json['hashedPassword'] = bcrypt.hashpw( user_json['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8') user_json.pop('password') existing_user = get_user( users_colln, get_user_selector_doc(email=user_json['email']), projection={"_id": 1, "jsonClass": 1}) if existing_user is not None: raise ObjModelException('user already exists', 403) user = JsonObject.make_from_dict(user_json) user.set_from_dict({"externalAuthentications": WrapperObject()}) new_user_id = objstore_helper.create_resource( users_colln, user.to_json_map(), None, None, initial_agents=initial_agents, standalone=True) permissions_helper.add_to_agent_set( users_colln, [new_user_id], ObjectPermissions.ACTIONS, Permission.GRANTED, user_pids=[new_user_id]) from ..agents_helpers import groups_helper if initial_agents is not None: groups_helper.add_users_to_group( users_colln, groups_helper.get_group_selector_doc(_id=initial_agents.all_users_group_id), [new_user_id], None, None) return new_user_id
def add_users_to_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids): group = JsonObject.make_from_dict( users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1})) if group is None: raise ObjModelException('group not found', 404) if current_user_id and not PermissionResolver.resolve_permission( group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln): raise ObjModelException('permission denied', 403) for user_id in user_ids: from . import users_helper user_json = users_colln.find_one(users_helper.get_user_selector_doc(_id=user_id), projection={"_id": 1}) if user_json is None: raise ObjModelException('user "{}" not found'.format(user_id), 403) update_doc = {"$addToSet": {"members": {"$each": user_ids}}} response = users_colln.update_one(group_selector_doc, update_doc) return response.modified_count
def post(self, user_id): ''' if not current_token.user_id: return error_response(message='not authorized', code=401) ''' args = self.post_parser.parse_args() user_selector_doc = users_helper.get_user_selector_doc(_id=user_id) update_doc = jsonify_argument(args['update_doc'], key='update_doc') check_argument_type(update_doc, (dict, ), key='update_doc') if '_id' not in update_doc: update_doc['_id'] = user_id if 'jsonClass' not in update_doc: update_doc['jsonClass'] = 'User' if update_doc['_id'] != user_id: return error_response(message='invalid user_id', code=403) if update_doc['jsonClass'] != 'User': return error_response(message='invalid jsonClass', code=403) return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict, ), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: user_update = JsonObject.make_from_dict(update_doc) updated_user_id = objstore_helper.update_resource( g.users_colln, user_update.to_json_map(), current_token.user_id, current_token.group_ids, not_allowed_attributes=[ 'hashedPassword', 'externalAuthentications', 'password' ]) if updated_user_id is None: raise ObjModelException('user not exist', 404) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except (ValueError, ValidationError, TypeError) as e: return error_response(message='schema validation error', code=403, details={"error": str(e)}) user_json = g.users_colln.find_one(user_selector_doc, projection=return_projection) return user_json
def post(self): user_id = resolve_user_id() group_ids = [ group['_id'] for group in groups_helper.get_user_groups( g.users_colln, user_id, groups_projection={"_id": 1}) ] args = self.post_parser.parse_args() update_doc = jsonify_argument(args['update_doc'], key='update_doc') check_argument_type(update_doc, (dict,), key='update_doc') if '_id' not in update_doc: update_doc['_id'] = user_id if 'jsonClass' not in update_doc: update_doc['jsonClass'] = 'User' if update_doc['_id'] != user_id: return error_response(message='invalid _id', code=403) if update_doc['jsonClass'] != 'User': return error_response(message='invalid jsonClass', code=403) if 'password' in update_doc: update_doc['hashedPassword'] = bcrypt.hashpw( update_doc['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8') update_doc.pop('password') return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict,), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: user_update = JsonObject.make_from_dict(update_doc) updated_user_id = objstore_helper.update_resource( g.users_colln, user_update.to_json_map(), user_id, group_ids, not_allowed_attributes=('externalAuthentications', 'password')) if updated_user_id is None: raise ObjModelException('user not exist', 404) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValueError as e: return error_response(message='schema validation error', code=403, details={"error": str(e)}) user_json = g.users_colln.get(user_id, projection=return_projection) return user_json
def create_new_client(oauth_colln, client_json, client_type, user_id, group_ids, initial_agents=None): oauth2_master_config = oauth_colln.find_one( {"jsonClass": OAuth2MasterConfig.json_class}) if oauth2_master_config: grant_privileges_conf = oauth2_master_config['grant_privileges'] cc_agent_set = grant_privileges_conf['client_credentials'] allow_cc_grant = (user_id in cc_agent_set['users'] or True in [ group in cc_agent_set['groups'] for group in group_ids ]) pw_agent_set = grant_privileges_conf['password'] allow_pw_grant = (user_id in pw_agent_set['users'] or True in [ group in pw_agent_set['groups'] for group in group_ids ]) else: allow_cc_grant = allow_pw_grant = False for k in ('_id', 'client_id', 'client_secret', 'token_endpoint_auth_method', 'grant_types', 'response_types', 'scope', 'user_id'): if k in client_json: raise ObjModelException('you can\'t set {} attribute'.format(k), 403) if client_json['jsonClass'] != OAuth2Client.json_class: raise ObjModelException('invalid jsonClass', 403) essential_fields = ['name'] for k in essential_fields: if k not in client_json: raise ObjModelException('unsufficient data', 403) client_id = uuid.uuid4().hex grant_types = ['authorization_code', 'refresh_token', 'implicit' ] if client_type == 'private' else ['implicit'] if client_type == 'private': if allow_cc_grant: grant_types.append('client_credentials') if allow_pw_grant: grant_types.append('password') client_json.update({ "client_id": client_id, "token_endpoint_auth_method": "client_secret_post" if client_type != 'public' else 'none', "grant_types": grant_types, "response_types": ["code", "token"] if client_type == 'private' else ["token"], "scope": "vedavaapi.root", "user_id": user_id }) if client_type == 'private': client_secret = bcrypt.gensalt(24).decode('utf-8') client_json['client_secret'] = client_secret client = JsonObject.make_from_dict(client_json) new_client_underscore_id = objstore_helper.create_resource( oauth_colln, client.to_json_map(), user_id, group_ids, initial_agents=initial_agents, standalone=True) return new_client_underscore_id