def get_domain_group_maps(self, domain_id, group_id):
if domain_id is not None and group_id is not None:
return ModelMap.select(ModelMap, ModelGroup, ModelDomain).where(
ModelMap.domain_id == domain_id,
ModelMap.group_id == group_id).join(
ModelGroup, on=ModelMap.group_id ==
ModelGroup.group_id).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id)
if domain_id is not None:
return ModelMap.select(
ModelMap, ModelGroup,
ModelDomain).where(ModelMap.domain_id == domain_id).join(
ModelGroup, on=ModelMap.group_id ==
ModelGroup.group_id).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id)
elif group_id is not None:
return ModelMap.select(
ModelMap, ModelGroup,
ModelDomain).where(ModelMap.group_id == group_id).join(
ModelGroup, on=ModelMap.group_id ==
ModelGroup.group_id).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id)
def get_domain_group_maps(self, domain_id, group_id):
if domain_id is not None and group_id is not None:
return ModelMap.select(ModelMap, ModelGroup, ModelDomain).where(
ModelMap.domain_id == domain_id,
ModelMap.group_id == group_id
).join(
ModelGroup,
on=ModelMap.group_id == ModelGroup.group_id
).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id
)
if domain_id is not None:
return ModelMap.select(ModelMap, ModelGroup, ModelDomain).where(
ModelMap.domain_id == domain_id
).join(
ModelGroup,
on=ModelMap.group_id == ModelGroup.group_id
).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id
)
elif group_id is not None:
return ModelMap.select(ModelMap, ModelGroup, ModelDomain).where(
ModelMap.group_id == group_id
).join(
ModelGroup,
on=ModelMap.group_id == ModelGroup.group_id
).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id
)
def get(self):
domains = []
try:
domain_list = self.get_domain_list()
except peewee.DoesNotExist:
domain_list = []
# load up permissions if needed
dgmaps = None
include_permissions = request.args.get('include_permissions', None)
if include_permissions:
# domain group maps query
dgmaps = DomainGroupMap.select().where(
DomainGroupMap.group_id << self.get_group_maps()
)
total_domains = domain_list.count()
domain_list = self.paginate_query(
domain_list,
request.args
)
domain_list = self.sort_query(domain_list, request.args)
for d in domain_list:
domain = d.to_clean_dict()
if include_permissions:
domain["permissions"] = self.get_permissions(d, dgmaps)
domains.append(domain)
return {
'status': 'ok',
'domains': domains,
'total_domains': total_domains
}
def get_domain_list(self, in_global_acl=False):
search = request.args.get('search', None)
if self.auth.account.account_type == 'senior_admin' or in_global_acl:
query = ModelDomain.select()
if (search is not None):
search = search.replace('*', '%')
query = query.where((ModelDomain.domain**('%' + search + '%')))
return query
# domain group maps query
dgmq = DomainGroupMap.select(DomainGroupMap.domain_id).where(
DomainGroupMap.group_id << self.get_group_maps())
# domains query
domainQuery = ModelDomain.select().where(
((ModelDomain.owner_id == self.auth.account.account_id) |
(ModelDomain.domain_id << dgmq)))
if (search is not None):
search = search.replace('*', '%')
domainQuery = domainQuery.where(
(ModelDomain.domain**(search + '%')))
return domainQuery
def get(self):
domains = []
in_global_acl = self.auth.account.in_global_acl_emails(
self.auth.account.email)
try:
domain_list = self.get_domain_list(in_global_acl)
except peewee.DoesNotExist:
domain_list = []
# load up permissions if needed
dgmaps = None
include_permissions = request.args.get('include_permissions', None)
if include_permissions:
# domain group maps query
dgmaps = DomainGroupMap.select().where(
DomainGroupMap.group_id << self.get_group_maps())
total_domains = domain_list.count()
domain_list = self.paginate_query(domain_list, request.args)
domain_list = self.sort_query(domain_list, request.args)
for d in domain_list:
domain = d.to_clean_dict()
if include_permissions:
domain["permissions"] = self.get_permissions(
d, dgmaps, in_global_acl)
domains.append(domain)
return {
'status': 'ok',
'domains': domains,
'total_domains': total_domains
}
def load_domains(self):
# reset
self.domains = {}
# look up my group ids
accountgroupmaps = AccountGroupMap.select(
AccountGroupMap.group_id).where(
AccountGroupMap.account_id == self.account_id)
group_ids = []
for map in accountgroupmaps:
group_ids.append(map.group_id)
# get domain group maps
if group_ids:
domaingroupmaps = DomainGroupMap.select(
DomainGroupMap,
Domain).where(DomainGroupMap.group_id << group_ids).join(
Domain,
on=Domain.domain_id == DomainGroupMap.domain_id,
attr='domain_id')
# store the maps by domain id for the can_* methods below
for map in domaingroupmaps:
did = map.domain_id.domain_id
if map.domain_id.domain_id not in self.domains:
self.domains[did] = {'domain': map.domain_id, 'maps': []}
self.domains[did]["maps"].append(map)
# grab domains this user owns
domains = Domain.select(Domain).where(
Domain.owner_id == self.account_id)
for domain in domains:
if domain.domain_id not in self.domains:
self.domains[domain.domain_id] = {'domain': domain, 'maps': []}
def get_domain_list(self):
search = request.args.get('search', None)
if self.auth.account.account_type == 'senior_admin':
query = ModelDomain.select()
if (search is not None):
search = search.replace('*', '%')
query = query.where(
(ModelDomain.domain ** ('%' + search + '%'))
)
return query
# domain group maps query
dgmq = DomainGroupMap.select(DomainGroupMap.domain_id).where(
DomainGroupMap.group_id << self.get_group_maps()
)
# domains query
domainQuery = ModelDomain.select().where(
(
(ModelDomain.owner_id == self.auth.account.account_id) |
(ModelDomain.domain_id << dgmq)
)
)
if (search is not None):
search = search.replace('*', '%')
domainQuery = domainQuery.where(
(ModelDomain.domain ** (search + '%'))
)
return domainQuery
def get_map(self, map_id):
return ModelMap.select(
ModelMap, ModelGroup,
ModelDomain).where(ModelMap.map_id == map_id).join(
ModelGroup, on=ModelMap.group_id ==
ModelGroup.group_id).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id).get()
def test_validate_failure(self):
map = DomainGroupMap()
map.permissions = -1
with self.assertRaises(ValueError) as cm1:
map.validate()
map.permissions = 8
with self.assertRaises(ValueError) as cm2:
map.validate()
def get_map(self, map_id):
return ModelMap.select(ModelMap, ModelGroup, ModelDomain).where(
ModelMap.map_id == map_id
).join(
ModelGroup,
on=ModelMap.group_id == ModelGroup.group_id
).switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id
).get()
def get_map(self, domain_id, group_id):
return ModelMap.select(ModelMap, ModelGroup, ModelDomain).where(
ModelMap.domain_id == domain_id,
ModelMap.group_id == group_id).join(
ModelGroup,
on=ModelMap.group_id == ModelGroup.group_id,
attr='group_id').switch(ModelMap).join(
ModelDomain,
on=ModelMap.domain_id == ModelDomain.domain_id,
attr='domain_id').get()
def test_permissions_failure(self):
map = DomainGroupMap()
with self.assertRaises(ValueError) as cm1:
map.has_perm('foobar')
with self.assertRaises(ValueError) as cm2:
map.set_perm('boofar', True)
def load_domains(self):
# reset
self.domains = {}
# look up my group ids
accountgroupmaps = AccountGroupMap.select(
AccountGroupMap.group_id
).where(
AccountGroupMap.account_id == self.account_id
)
group_ids = []
for map in accountgroupmaps:
group_ids.append(map.group_id)
# get domain group maps
if group_ids:
domaingroupmaps = DomainGroupMap.select(
DomainGroupMap, Domain
).where(
DomainGroupMap.group_id << group_ids
).join(
Domain,
on=Domain.domain_id == DomainGroupMap.domain_id
)
# store the maps by domain id for the can_* methods below
for map in domaingroupmaps:
did = map.domain_id.domain_id
if map.domain_id.domain_id not in self.domains:
self.domains[did] = {
'domain': map.domain_id,
'maps': []
}
self.domains[did]["maps"].append(map)
# grab domains this user owns
domains = Domain.select(
Domain
).where(
Domain.owner_id == self.account_id
)
for domain in domains:
if domain.domain_id not in self.domains:
self.domains[domain.domain_id] = {
'domain': domain,
'maps': []
}
def test_format_map(self):
domain = Domain()
domain.domain_id = 252
domain.domain = "example.com"
group = Group()
group.group_id = 252
group.name = "Test Group 1"
map = DomainGroupMap()
map.map_id = 1
map.group_id = group
map.domain_id = domain
map.permissions = 7
formatted = map.format_map(map)
self.assertTrue(formatted["can_read"])
self.assertTrue(formatted["can_write"])
self.assertTrue(formatted["can_delete"])
self.assertEquals(formatted["map_id"], map.map_id)
self.assertEquals(formatted["group"], map.group_id.to_clean_dict())
self.assertEquals(formatted["domain"], map.domain_id.to_clean_dict())
def test_permissions_success(self):
map = DomainGroupMap()
self.assertTrue(map.has_perm(map.READ_PERM))
self.assertTrue(map.has_perm(map.WRITE_PERM))
self.assertFalse(map.has_perm(map.DELETE_PERM))
self.assertEquals(map.validate(), None)
my_dict = map.to_dict()
self.assertTrue(my_dict["can_read"])
self.assertTrue(my_dict["can_write"])
self.assertFalse(my_dict["can_delete"])
self.assertEquals(map.validate(), None)
map.set_perm(map.READ_PERM, True)
self.assertTrue(map.has_perm(map.READ_PERM))
self.assertTrue(map.has_perm(map.WRITE_PERM))
self.assertFalse(map.has_perm(map.DELETE_PERM))
self.assertEquals(map.validate(), None)
map.set_perm(map.READ_PERM, False)
map.set_perm(map.WRITE_PERM, True)
self.assertFalse(map.has_perm(map.READ_PERM))
self.assertTrue(map.has_perm(map.WRITE_PERM))
self.assertFalse(map.has_perm(map.DELETE_PERM))
self.assertEquals(map.validate(), None)
map.set_perm(map.WRITE_PERM, False)
map.set_perm(map.DELETE_PERM, True)
self.assertFalse(map.has_perm(map.READ_PERM))
self.assertFalse(map.has_perm(map.WRITE_PERM))
self.assertTrue(map.has_perm(map.DELETE_PERM))
self.assertEquals(map.validate(), None)
map.set_perm(map.DELETE_PERM, False)
self.assertFalse(map.has_perm(map.READ_PERM))
self.assertFalse(map.has_perm(map.WRITE_PERM))
self.assertFalse(map.has_perm(map.DELETE_PERM))
self.assertEquals(map.validate(), None)
my_dict = map.to_dict()
self.assertFalse(my_dict["can_read"])
self.assertFalse(my_dict["can_write"])
self.assertFalse(my_dict["can_delete"])
def create_map(self, domain_id, group_id, can_read, can_write, can_delete):
map = ModelMap()
map.domain_id = domain_id
map.group_id = group_id
map.set_perm(map.READ_PERM, can_read)
map.set_perm(map.WRITE_PERM, can_write)
map.set_perm(map.DELETE_PERM, can_delete)
map.save()
return map
def get_domain_group_maps(self):
if not self.domain_id:
raise Exception("Cannot get maps, domain_id is not set")
return DomainGroupMap.select(DomainGroupMap).where(DomainGroupMap.domain_id == self.domain_id)
def get_domain_group_maps(self):
if not self.domain_id:
raise Exception("Cannot get maps, domain_id is not set")
return DomainGroupMap.select(DomainGroupMap).where(
DomainGroupMap.domain_id == self.domain_id)
def create_map(self, domain_id, group_id, can_read, can_write, can_delete):
map = ModelMap()
map.domain_id = domain_id
map.group_id = group_id
map.set_perm(map.READ_PERM, can_read)
map.set_perm(map.WRITE_PERM, can_write)
map.set_perm(map.DELETE_PERM, can_delete)
map.save()
return map