Exemplo n.º 1
0
 def create(self, request, role_guids=None):
     """
     Creates a Client
     :param request: Raw request
     :type request: Request
     :param role_guids: The GUIDs of the roles where the client should get access to
     :type role_guids: str
     """
     if 'role_guids' in request.DATA:
         del request.DATA['role_guids']
     serializer = FullSerializer(Client, instance=Client(), data=request.DATA)
     client = serializer.deserialize()
     if client.user is not None:
         if client.user_guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']):
             client.grant_type = 'CLIENT_CREDENTIALS'
             client.client_secret = OAuth2Toolbox.create_hash(64)
             client.save()
             if not role_guids:
                 roles = [junction.role for junction in client.user.group.roles]
             else:
                 possible_role_guids = [junction.role_guid for junction in client.user.group.roles]
                 roles = [Role(guid) for guid in role_guids if guid in possible_role_guids]
             for role in roles:
                 roleclient = RoleClient()
                 roleclient.client = client
                 roleclient.role = role
                 roleclient.save()
             return client
     raise HttpNotAcceptableException(error_description='A client must have a user',
                                      error='invalid_data')
Exemplo n.º 2
0
 def list(self, request, userguid=None, ovs_type=None):
     """
     Lists all available Clients where the logged in user has access to
     :param request: Raw request
     :type request: Request
     :param userguid: User guid to filter the clients
     :type userguid: str
     :param ovs_type: Filter on the Client's ovs_type
     :type ovs_type: str
     """
     if ApiToolbox.is_client_in_roles(request.client, ['manage']):
         client_list = ClientList.get_clients()
     else:
         if ovs_type is not None and ovs_type != 'INTERNAL':
             client_list = [
                 client for client in request.client.user.clients
                 if client.ovs_type == ovs_type
             ]
         else:
             client_list = [
                 client for client in request.client.user.clients
                 if client.ovs_type != 'INTERNAL'
             ]
     if userguid is not None:
         return [
             client for client in client_list
             if client.user_guid == userguid
         ]
     return client_list
Exemplo n.º 3
0
 def list(self, request):
     """
     Lists all available Users where the logged in user has access to
     :param request: The raw request
     :type request: Request
     """
     if ApiToolbox.is_client_in_roles(request.client, ['manage']):
         return UserList.get_users()
     else:
         return [request.client.user]
Exemplo n.º 4
0
 def retrieve(self, request, user):
     """
     Load information about a given User. Only the currently logged in User is accessible, or all if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to load
     :type user: User
     """
     if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']):
         return user
     raise HttpForbiddenException(error_description='Fetching user information not allowed',
                                  error='no_ownership')
Exemplo n.º 5
0
 def retrieve(self, request, client):
     """
     Load information about a given Client
     Only the currently logged in User's Clients are accessible, or all if the logged in User has a
     system role
     :param request: Raw request
     :type request: Request
     :param client: Client to return
     :type client: Client
     """
     _ = format
     if client.guid in request.client.user.clients_guids or ApiToolbox.is_client_in_roles(request.client, ['manage']):
         return client
     raise HttpForbiddenException(error_description='Fetching client information not allowed',
                                  error='no_ownership')
Exemplo n.º 6
0
 def set_password(self, request, user, new_password):
     """
     Sets the password of a given User. A logged in User can only changes its own password, or all passwords if the logged in User has a manage role
     :param request: The raw request
     :type request: Request
     :param user: The user to update the password from
     :type user: User
     :param new_password: The new password to be set
     :type new_password: str
     """
     if user.guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']):
         user.password = hashlib.sha256(str(new_password)).hexdigest()
         user.save()
         for client in user.clients:
             for token in client.tokens:
                 for junction in token.roles:
                     junction.delete()
                 token.delete()
         return user
     raise HttpForbiddenException(error_description='Updating password not allowed',
                                  error='impossible_request')
Exemplo n.º 7
0
 def destroy(self, request, client):
     """
     Deletes a user
     :param request: Raw request
     :type request: Request
     :param client: The Client to be deleted
     :type client: Client
     :return: None
     :rtype: None
     """
     if client.user_guid == request.client.user_guid or ApiToolbox.is_client_in_roles(request.client, ['manage']):
         for token in client.tokens:
             for junction in token.roles.itersafe():
                 junction.delete()
             token.delete()
         for junction in client.roles.itersafe():
             junction.delete()
         client.delete()
     else:
         return HttpForbiddenException(error_description='Deleting this client is now allowed',
                                       error='no_ownership')