def create_perm(): try: perm = Permission.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) if perm.match in ['admin', 'user']: raise ApiError('{} role already exists'.format(perm.match), 409) for want_scope in perm.scopes: if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError("Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) try: perm = perm.create() except Exception as e: raise ApiError(str(e), 500) admin_audit_trail.send(current_app._get_current_object(), event='permission-created', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=perm.id, type='permission', request=request) if perm: return jsonify(status='ok', id=perm.id, permission=perm.serialize), 201 else: raise ApiError('create API key failed', 500)
def update_user(user_id): if not request.json: raise ApiError('nothing to change', 400) user = User.find_by_id(user_id) if not user: raise ApiError('not found', 404) if request.json.get('email'): user_by_email = User.find_by_email(request.json['email']) if user_by_email and user_by_email.id != user.id: raise ApiError('user with email already exists', 409) admin_audit_trail.send(current_app._get_current_object(), event='user-updated', message='', user=g.user, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update user', 500)
def create_group(): try: group = Group.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) try: group = group.create() except Exception as e: raise ApiError(str(e), 500) admin_audit_trail.send(current_app._get_current_object(), event='group-created', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=group.id, type='group', request=request) if group: return jsonify(status='ok', id=group.id, group=group.serialize), 201 else: raise ApiError('create user group failed', 500)
def update_user(user_id): if not request.json: raise ApiError('nothing to change', 400) user = User.find_by_id(user_id) if not user: raise ApiError('not found', 404) if request.json.get('email'): user_by_email = User.find_by_email(request.json['email']) if user_by_email and user_by_email.id != user.id: raise ApiError('user with that email already exists', 409) if request.json.get('roles'): want_scopes = Permission.lookup(login='', roles=request.json['roles']) for want_scope in want_scopes: if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError("Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) admin_audit_trail.send(current_app._get_current_object(), event='user-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update user', 500)
def create_perm(): try: perm = Permission.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) if perm.match in ['admin', 'user']: raise ApiError('{} role already exists'.format(perm.match), 409) for want_scope in perm.scopes: if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError("Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) try: perm = perm.create() except Exception as e: raise ApiError(str(e), 500) admin_audit_trail.send(current_app._get_current_object(), event='permission-created', message='', user=g.user, customers=g.customers, scopes=g.scopes, resource_id=perm.id, type='permission', request=request) if perm: return jsonify(status='ok', id=perm.id, permission=perm.serialize), 201 else: raise ApiError('create API key failed', 500)
def update_key(key): if not request.json: raise ApiError('nothing to change', 400) if not current_app.config['AUTH_REQUIRED']: key = ApiKey.find_by_id(key) elif Scope.admin in g.scopes or Scope.admin_keys in g.scopes: key = ApiKey.find_by_id(key) else: key = ApiKey.find_by_id(key, user=g.login) if not key: raise ApiError('not found', 404) update = request.json update['customer'] = assign_customer(wanted=update.get('customer'), permission=Scope.admin_keys) for want_scope in update.get('scopes', []): if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError("Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) admin_audit_trail.send(current_app._get_current_object(), event='apikey-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=key.id, type='apikey', request=request) if key.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update API key', 500)
def create_user(): try: user = User.parse(request.json) except Exception as e: raise ApiError(str(e), 400) # check allowed domain if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]): raise ApiError('unauthorized domain', 403) if User.find_by_email(email=user.email): raise ApiError('username already exists', 409) try: user = user.create() except Exception as e: ApiError(str(e), 500) # if email verification is enforced, send confirmation email if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified: user.send_confirmation() admin_audit_trail.send(current_app._get_current_object(), event='user-created', message='', user=g.user, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user: return jsonify(status='ok', id=user.id, user=user.serialize), 201 else: raise ApiError('create user failed', 500)
def update_user(user_id): if not request.json: raise ApiError('nothing to change', 400) user = User.find_by_id(user_id) if not user: raise ApiError('not found', 404) if request.json.get('email'): user_by_email = User.find_by_email(request.json['email']) if user_by_email and user_by_email.id != user.id: raise ApiError('user with that email already exists', 409) if request.json.get('roles'): want_scopes = Permission.lookup(login='', roles=request.json['roles']) for want_scope in want_scopes: if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError("Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) updated = user.update(**request.json) admin_audit_trail.send(current_app._get_current_object(), event='user-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if updated: return jsonify(status='ok', user=updated.serialize) else: raise ApiError('failed to update user', 500)
def create_customer(): try: customer = Customer.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) try: customer = customer.create() except Exception as e: raise ApiError(str(e), 500) admin_audit_trail.send(current_app._get_current_object(), event='customer-created', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=customer.id, type='customer', request=request) if customer: return jsonify(status='ok', id=customer.id, customer=customer.serialize), 201 else: raise ApiError('create customer lookup failed', 500)
def update_perm(perm_id): if not request.json: raise ApiError('nothing to change', 400) for s in request.json.get('scopes', []): if s not in list(Scope): raise ApiError("'{}' is not a valid Scope".format(s), 400) perm = Permission.find_by_id(perm_id) if not perm: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='permission-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=perm.id, type='permission', request=request) if perm.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update permission', 500)
def delete_key(key): key = ApiKey.find_by_id(key) if not key: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='apikey-deleted', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=key.id, type='apikey', request=request) if key.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete API key', 500)
def delete_group(group_id): group = Group.find_by_id(group_id) if not group: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='group-deleted', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=group.id, type='group', request=request) if group.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete user group', 500)
def delete_perm(perm_id): perm = Permission.find_by_id(perm_id) if not perm: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='permission-deleted', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=perm.id, type='permission', request=request) if perm.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete permission', 500)
def delete_user(user_id): user = User.find_by_id(user_id) if not user: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='user-deleted', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete user', 500)
def delete_customer(customer_id): customer = Customer.find_by_id(customer_id) if not customer: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='customer-deleted', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=customer.id, type='customer', request=request) if customer.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete customer', 500)
def delete_perm(perm_id): perm = Permission.find_by_id(perm_id) if not perm: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='permission-deleted', message='', user=g.user, customers=g.customers, scopes=g.scopes, resource_id=perm.id, type='permission', request=request) if perm.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete permission', 500)
def create_user(): if current_app.config['AUTH_PROVIDER'] != 'basic': raise ApiError( 'must use {} login flow to create new user'.format( current_app.config['AUTH_PROVIDER']), 400) try: user = User.parse(request.json) except Exception as e: raise ApiError(str(e), 400) # check allowed domain if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]): raise ApiError('unauthorized domain', 403) if User.find_by_username(username=user.email): raise ApiError('user with that email already exists', 409) want_scopes = Permission.lookup(login=user.email, roles=user.roles) for want_scope in want_scopes: if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError( "Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) try: user = user.create() except Exception as e: ApiError(str(e), 500) # if email verification is enforced, send confirmation email if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified: user.send_confirmation() admin_audit_trail.send(current_app._get_current_object(), event='user-created', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user: return jsonify(status='ok', id=user.id, user=user.serialize), 201 else: raise ApiError('create user failed', 500)
def update_user_attributes(user_id): if not request.json.get('attributes', None): raise ApiError("must supply 'attributes' as json data", 400) user = User.find_by_id(user_id) if not user: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='user-attributes-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user.update_attributes(request.json['attributes']): return jsonify(status='ok') else: raise ApiError('failed to update attributes', 500)
def update_user_attributes(user_id): if not request.json.get('attributes', None): raise ApiError("must supply 'attributes' as json data", 400) user = User.find_by_id(user_id) if not user: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='user-attributes-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user.update_attributes(request.json['attributes']): return jsonify(status='ok') else: raise ApiError('failed to update attributes', 500)
def remove_user_from_group(group_id, user_id): group = Group.find_by_id(group_id) if not group: raise ApiError('not found', 404) user = User.find_by_id(user_id) if not user: raise ApiError('invalid user', 400) admin_audit_trail.send(current_app._get_current_object(), event='user-attributes-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if group.remove_user(user_id): return jsonify(status='ok') else: raise ApiError('failed to remove user from group', 500)
def create_customer(): try: customer = Customer.parse(request.json) except ValueError as e: raise ApiError(str(e), 400) try: customer = customer.create() except Exception as e: raise ApiError(str(e), 500) admin_audit_trail.send(current_app._get_current_object(), event='customer-created', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=customer.id, type='customer', request=request) if customer: return jsonify(status='ok', id=customer.id, customer=customer.serialize), 201 else: raise ApiError('create customer lookup failed', 500)
def delete_key(key): key = ApiKey.find_by_id(key) if not key: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='apikey-deleted', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=key.id, type='apikey', request=request) if key.delete(): return jsonify(status='ok') else: raise ApiError('failed to delete API key', 500)
def create_user(): if current_app.config['AUTH_PROVIDER'] != 'basic': raise ApiError( 'must use {} login flow to create new user'.format(current_app.config['AUTH_PROVIDER']), 400) try: user = User.parse(request.json) except Exception as e: raise ApiError(str(e), 400) # check allowed domain if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]): raise ApiError('unauthorized domain', 403) if User.find_by_username(username=user.email): raise ApiError('user with that email already exists', 409) want_scopes = Permission.lookup(login=user.email, roles=user.roles) for want_scope in want_scopes: if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError("Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) try: user = user.create() except Exception as e: ApiError(str(e), 500) # if email verification is enforced, send confirmation email if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified: user.send_confirmation() admin_audit_trail.send(current_app._get_current_object(), event='user-created', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=user.id, type='user', request=request) if user: return jsonify(status='ok', id=user.id, user=user.serialize), 201 else: raise ApiError('create user failed', 500)
def update_key(key): if not request.json: raise ApiError('nothing to change', 400) if not current_app.config['AUTH_REQUIRED']: key = ApiKey.find_by_id(key) elif Scope.admin in g.scopes or Scope.admin_keys in g.scopes: key = ApiKey.find_by_id(key) else: key = ApiKey.find_by_id(key, user=g.login) if not key: raise ApiError('not found', 404) update = request.json update['customer'] = assign_customer(wanted=update.get('customer'), permission=Scope.admin_keys) for want_scope in update.get('scopes', []): if not Permission.is_in_scope(want_scope, have_scopes=g.scopes): raise ApiError( "Requested scope '{}' not in existing scopes: {}".format( want_scope, ','.join(g.scopes)), 403) admin_audit_trail.send(current_app._get_current_object(), event='apikey-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=key.id, type='apikey', request=request) updated = key.update(**request.json) if updated: return jsonify(status='ok', key=updated.serialize) else: raise ApiError('failed to update API key', 500)
def update_customer(customer_id): if not request.json: raise ApiError('nothing to change', 400) customer = Customer.find_by_id(customer_id) if not customer: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='customer-updated', message='', user=g.login, customers=g.customers, scopes=g.scopes, resource_id=customer.id, type='customer', request=request) if customer.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update customer', 500)
def update_group(group_id): if not request.json: raise ApiError('nothing to change', 400) group = Group.find_by_id(group_id) if not group: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='group-updated', message='', user=g.user, customers=g.customers, scopes=g.scopes, resource_id=group.id, type='group', request=request) if group.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update user group', 500)
def update_key(key): if not request.json: raise ApiError('nothing to change', 400) key = ApiKey.find_by_id(key) if not key: raise ApiError('not found', 404) admin_audit_trail.send(current_app._get_current_object(), event='apikey-updated', message='', user=g.user, customers=g.customers, scopes=g.scopes, resource_id=key.id, type='apikey', request=request) if key.update(**request.json): return jsonify(status='ok') else: raise ApiError('failed to update API key', 500)