def create_new_group(groups_colln, group_json, user_id, user_group_ids, initial_agents=None, ignore_source=False):
for k in ('_id', 'members'):
if k in group_json:
raise ObjModelException('you cannot set "{}" attribute.', 403)
for k in ('groupName', 'jsonClass'):
if k not in group_json:
raise ObjModelException('{} should be provided for creating new group'.format(k), 400)
if group_json['jsonClass'] != 'UsersGroup':
raise ObjModelException('invalid jsonClass', 403)
if not ignore_source:
if 'source' not in group_json:
group_json['source'] = initial_agents.all_users_group_id
old_group = get_group(
groups_colln, get_group_selector_doc(group_name=group_json['groupName']), projection={"_id": 1, "jsonClass": 1})
if old_group is not None:
raise ObjModelException('group already exists', 403)
group = JsonObject.make_from_dict(group_json)
# noinspection PyProtectedMember
group.set_from_dict({"members": [user_id]})
new_group_id = objstore_helper.create_resource(
groups_colln, group.to_json_map(), user_id, user_group_ids,
initial_agents=initial_agents, standalone=ignore_source)
return new_group_id
def remove_users_from_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):
group = JsonObject.make_from_dict(
users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
if group is None:
raise ObjModelException('group not found', 404)
if current_user_id and not PermissionResolver.resolve_permission(
group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
raise ObjModelException('permission denied', 403)
update_doc = {"$pull": {"members": {"$in": user_ids}}}
response = users_colln.update_one(group_selector_doc, update_doc)
return response.modified_count
def post(self):
args = self.post_parser.parse_args()
args = parse_json_args(args, self.post_json_parse_directives)
resource_jsons = args['resource_jsons']
return_projection = args['return_projection']
created_resource_jsons = []
for n, rj in enumerate(resource_jsons):
try:
if 'jsonClass' not in rj:
raise ObjModelException('jsonClass attribute should exist for update/creation', 403)
created_resource_id = objstore_helper.create_or_update(
g.objstore_colln, rj,
current_token.user_id, current_token.group_ids, initial_agents=g.initial_agents)
if created_resource_id is None:
created_resource_jsons.append(None)
continue
created_resource_json = g.objstore_colln.get(
created_resource_id,
projection=projection_helper.modified_projection(return_projection, ["_id", "jsonClass"]))
created_resource_jsons.append(created_resource_json)
except ObjModelException as e:
return error_response(
message='action not allowed at resource {}'.format(n),
code=e.http_response_code, details={"error": e.message})
except (ValidationError, TypeError) as e:
return error_response(
message='schema validation error at resource {}'.format(n),
code=400, details={"error": str(e)})
return created_resource_jsons
def post(self, group_identifier):
args = self.get_parser.parse_args()
identifier_type = args.get('identifier_type', '_id')
group_selector_doc = self._group_selector_doc(group_identifier,
identifier_type)
update_doc = jsonify_argument(args['update_doc'], key='update_doc')
check_argument_type(update_doc, (dict, ), key='update_doc')
if 'jsonClass' not in update_doc:
update_doc['jsonClass'] = 'UsersGroup'
if update_doc['jsonClass'] != 'UsersGroup':
return error_response(message='invalid jsonClass', code=403)
if identifier_type == '_id':
update_doc.pop('groupName', None)
if update_doc['_id'] != group_identifier:
return error_response(message='invalid user_id', code=403)
else:
group_id = groups_helper.get_group_id(g.users_colln,
group_identifier)
if not group_id:
return error_response(message='no group with group_name {}'.
format(group_identifier))
update_doc['_id'] = group_id
return_projection = jsonify_argument(args.get('return_projection',
None),
key='return_projection')
check_argument_type(return_projection, (dict, ),
key='return_projection',
allow_none=True)
_validate_projection(return_projection)
return_projection = projection_helper.modified_projection(
return_projection, mandatory_attrs=['_id', 'jsonClass'])
try:
group_update = JsonObject.make_from_dict(update_doc)
updated_group_id = objstore_helper.update_resource(
g.users_colln,
group_update.to_json_map(),
current_token.user_id,
current_token.group_ids,
not_allowed_attributes=['members', 'groupName'])
if updated_group_id is None:
raise ObjModelException('group not exist', 404)
except ObjModelException as e:
return error_response(message=e.message, code=e.http_response_code)
except ValueError as e:
return error_response(message='schema validation error',
code=403,
details={"error": str(e)})
group_json = g.users_colln.find_one(group_selector_doc,
projection=return_projection)
return group_json
def create_new_user(users_colln, user_json, initial_agents=None, with_password=True):
for k in ('_id', 'externalAuthentications'):
if k in user_json:
raise ObjModelException('you cannot set "{}" attribute.', 403)
essential_fields = ['email', 'jsonClass']
if with_password:
essential_fields.append('password')
for k in essential_fields:
if k not in user_json:
raise ObjModelException('{} should be provided for creating new user'.format(k), 400)
if user_json['jsonClass'] != 'User':
raise ObjModelException('invalid jsonClass', 403)
if with_password:
user_json['hashedPassword'] = bcrypt.hashpw(
user_json['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
user_json.pop('password')
existing_user = get_user(
users_colln, get_user_selector_doc(email=user_json['email']),
projection={"_id": 1, "jsonClass": 1})
if existing_user is not None:
raise ObjModelException('user already exists', 403)
user = JsonObject.make_from_dict(user_json)
user.set_from_dict({"externalAuthentications": WrapperObject()})
new_user_id = objstore_helper.create_resource(
users_colln, user.to_json_map(), None, None, initial_agents=initial_agents, standalone=True)
permissions_helper.add_to_agent_set(
users_colln, [new_user_id], ObjectPermissions.ACTIONS, Permission.GRANTED, user_pids=[new_user_id])
from ..agents_helpers import groups_helper
if initial_agents is not None:
groups_helper.add_users_to_group(
users_colln,
groups_helper.get_group_selector_doc(_id=initial_agents.all_users_group_id), [new_user_id], None, None)
return new_user_id
def add_users_to_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):
group = JsonObject.make_from_dict(
users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
if group is None:
raise ObjModelException('group not found', 404)
if current_user_id and not PermissionResolver.resolve_permission(
group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
raise ObjModelException('permission denied', 403)
for user_id in user_ids:
from . import users_helper
user_json = users_colln.find_one(users_helper.get_user_selector_doc(_id=user_id), projection={"_id": 1})
if user_json is None:
raise ObjModelException('user "{}" not found'.format(user_id), 403)
update_doc = {"$addToSet": {"members": {"$each": user_ids}}}
response = users_colln.update_one(group_selector_doc, update_doc)
return response.modified_count
def post(self, user_id):
'''
if not current_token.user_id:
return error_response(message='not authorized', code=401)
'''
args = self.post_parser.parse_args()
user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)
update_doc = jsonify_argument(args['update_doc'], key='update_doc')
check_argument_type(update_doc, (dict, ), key='update_doc')
if '_id' not in update_doc:
update_doc['_id'] = user_id
if 'jsonClass' not in update_doc:
update_doc['jsonClass'] = 'User'
if update_doc['_id'] != user_id:
return error_response(message='invalid user_id', code=403)
if update_doc['jsonClass'] != 'User':
return error_response(message='invalid jsonClass', code=403)
return_projection = jsonify_argument(args.get('return_projection',
None),
key='return_projection')
check_argument_type(return_projection, (dict, ),
key='return_projection',
allow_none=True)
_validate_projection(return_projection)
return_projection = projection_helper.modified_projection(
return_projection, mandatory_attrs=['_id', 'jsonClass'])
try:
user_update = JsonObject.make_from_dict(update_doc)
updated_user_id = objstore_helper.update_resource(
g.users_colln,
user_update.to_json_map(),
current_token.user_id,
current_token.group_ids,
not_allowed_attributes=[
'hashedPassword', 'externalAuthentications', 'password'
])
if updated_user_id is None:
raise ObjModelException('user not exist', 404)
except ObjModelException as e:
return error_response(message=e.message, code=e.http_response_code)
except (ValueError, ValidationError, TypeError) as e:
return error_response(message='schema validation error',
code=403,
details={"error": str(e)})
user_json = g.users_colln.find_one(user_selector_doc,
projection=return_projection)
return user_json
def post(self):
user_id = resolve_user_id()
group_ids = [
group['_id'] for group in groups_helper.get_user_groups(
g.users_colln, user_id, groups_projection={"_id": 1})
]
args = self.post_parser.parse_args()
update_doc = jsonify_argument(args['update_doc'], key='update_doc')
check_argument_type(update_doc, (dict,), key='update_doc')
if '_id' not in update_doc:
update_doc['_id'] = user_id
if 'jsonClass' not in update_doc:
update_doc['jsonClass'] = 'User'
if update_doc['_id'] != user_id:
return error_response(message='invalid _id', code=403)
if update_doc['jsonClass'] != 'User':
return error_response(message='invalid jsonClass', code=403)
if 'password' in update_doc:
update_doc['hashedPassword'] = bcrypt.hashpw(
update_doc['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
update_doc.pop('password')
return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection')
check_argument_type(return_projection, (dict,), key='return_projection', allow_none=True)
_validate_projection(return_projection)
return_projection = projection_helper.modified_projection(
return_projection, mandatory_attrs=['_id', 'jsonClass'])
try:
user_update = JsonObject.make_from_dict(update_doc)
updated_user_id = objstore_helper.update_resource(
g.users_colln, user_update.to_json_map(), user_id, group_ids,
not_allowed_attributes=('externalAuthentications', 'password'))
if updated_user_id is None:
raise ObjModelException('user not exist', 404)
except ObjModelException as e:
return error_response(message=e.message, code=e.http_response_code)
except ValueError as e:
return error_response(message='schema validation error', code=403, details={"error": str(e)})
user_json = g.users_colln.get(user_id, projection=return_projection)
return user_json
def create_new_client(oauth_colln,
client_json,
client_type,
user_id,
group_ids,
initial_agents=None):
oauth2_master_config = oauth_colln.find_one(
{"jsonClass": OAuth2MasterConfig.json_class})
if oauth2_master_config:
grant_privileges_conf = oauth2_master_config['grant_privileges']
cc_agent_set = grant_privileges_conf['client_credentials']
allow_cc_grant = (user_id in cc_agent_set['users'] or True in [
group in cc_agent_set['groups'] for group in group_ids
])
pw_agent_set = grant_privileges_conf['password']
allow_pw_grant = (user_id in pw_agent_set['users'] or True in [
group in pw_agent_set['groups'] for group in group_ids
])
else:
allow_cc_grant = allow_pw_grant = False
for k in ('_id', 'client_id', 'client_secret',
'token_endpoint_auth_method', 'grant_types', 'response_types',
'scope', 'user_id'):
if k in client_json:
raise ObjModelException('you can\'t set {} attribute'.format(k),
403)
if client_json['jsonClass'] != OAuth2Client.json_class:
raise ObjModelException('invalid jsonClass', 403)
essential_fields = ['name']
for k in essential_fields:
if k not in client_json:
raise ObjModelException('unsufficient data', 403)
client_id = uuid.uuid4().hex
grant_types = ['authorization_code', 'refresh_token', 'implicit'
] if client_type == 'private' else ['implicit']
if client_type == 'private':
if allow_cc_grant:
grant_types.append('client_credentials')
if allow_pw_grant:
grant_types.append('password')
client_json.update({
"client_id":
client_id,
"token_endpoint_auth_method":
"client_secret_post" if client_type != 'public' else 'none',
"grant_types":
grant_types,
"response_types":
["code", "token"] if client_type == 'private' else ["token"],
"scope":
"vedavaapi.root",
"user_id":
user_id
})
if client_type == 'private':
client_secret = bcrypt.gensalt(24).decode('utf-8')
client_json['client_secret'] = client_secret
client = JsonObject.make_from_dict(client_json)
new_client_underscore_id = objstore_helper.create_resource(
oauth_colln,
client.to_json_map(),
user_id,
group_ids,
initial_agents=initial_agents,
standalone=True)
return new_client_underscore_id