Exemplo n.º 1
0
    def add_role(name, app_id=None, is_app_admin=False, uid=None):
        Role.get_by(name=name, app_id=app_id) and abort(
            400, "Role <{0}> is already existed".format(name))

        return Role.create(name=name,
                           app_id=app_id,
                           is_app_admin=is_app_admin,
                           uid=uid)
Exemplo n.º 2
0
Arquivo: acl.py Projeto: 13052020/cmdb
    def _get_role(self, name):
        user = UserCache.get(name)
        if user:
            return Role.get_by(name=name,
                               uid=user.uid,
                               first=True,
                               to_dict=False)

        return Role.get_by(name=name,
                           app_id=self.app_id,
                           first=True,
                           to_dict=False)
Exemplo n.º 3
0
    def get(cls, rid):
        role = cache.get(cls.PREFIX_ID.format(rid))
        if role is None:
            role = Role.get_by_id(rid)
            if role is not None:
                cache.set(cls.PREFIX_ID.format(rid), role)

        return role
Exemplo n.º 4
0
    def get_by_name(cls, app_id, name):
        role = cache.get(cls.PREFIX_NAME.format(app_id, name))
        if role is None:
            role = Role.get_by(app_id=app_id, name=name, first=True, to_dict=False)
            if role is not None:
                cache.set(cls.PREFIX_NAME.format(app_id, name), role)

        return role
Exemplo n.º 5
0
    def update_role(rid, **kwargs):
        kwargs.pop('app_id', None)

        role = Role.get_by_id(rid) or abort(
            404, "Role <{0}> does not exist".format(rid))

        RoleCache.clean(rid)

        return role.update(**kwargs)
Exemplo n.º 6
0
    def delete(cls, uid):
        if hasattr(g, 'user') and uid == g.user.uid:
            return abort(400, "You cannot delete yourself")

        user = User.get_by(uid=uid, to_dict=False, first=True) or abort(
            404, "User <{0}> does not exist".format(uid))

        UserCache.clean(user)

        for i in Role.get_by(uid=uid, to_dict=False):
            i.delete()

        user.delete()
Exemplo n.º 7
0
    def delete_role(cls, rid):
        role = Role.get_by_id(rid) or abort(
            404, "Role <{0}> does not exist".format(rid))

        for i in RoleRelation.get_by(parent_id=rid, to_dict=False):
            i.soft_delete()
        for i in RoleRelation.get_by(child_id=rid, to_dict=False):
            i.soft_delete()

        for i in RolePermission.get_by(rid=rid, to_dict=False):
            i.soft_delete()

        role_rebuild.apply_async(args=(list(
            RoleRelationCRUD.recursive_child_ids(rid)), ),
                                 queue=ACL_QUEUE)

        RoleCache.clean(rid)
        RoleRelationCache.clean(rid)

        role.soft_delete()
Exemplo n.º 8
0
    def update(uid, **kwargs):
        user = User.get_by(uid=uid, to_dict=False, first=True) or abort(
            404, "User <{0}> does not exist".format(uid))

        if kwargs.get("username"):
            other = User.get_by(username=kwargs['username'],
                                first=True,
                                to_dict=False)
            if other is not None and other.uid != user.uid:
                return abort(
                    400, "User <{0}> cannot be duplicated".format(
                        kwargs['username']))

        UserCache.clean(user)

        if kwargs.get("username") and kwargs['username'] != user.username:
            role = Role.get_by(name=user.username, first=True, to_dict=False)
            if role is not None:
                RoleCRUD.update_role(role.id, **dict(name=kwargs['name']))

        return user.update(**kwargs)
Exemplo n.º 9
0
    def post(self):
        username = request.values.get("username") or request.values.get(
            "email")
        password = request.values.get("password")
        if current_app.config.get('AUTH_WITH_LDAP'):
            user, authenticated = User.query.authenticate_with_ldap(
                username, password)
        else:
            user, authenticated = User.query.authenticate(username, password)
        if not user:
            return abort(403, "User <{0}> does not exist".format(username))
        if not authenticated:
            return abort(403, "invalid username or password")

        login_user(user)

        token = jwt.encode(
            {
                'sub':
                user.email,
                'iat':
                datetime.datetime.now(),
                'exp':
                datetime.datetime.now() +
                datetime.timedelta(minutes=24 * 60 * 7)
            }, current_app.config['SECRET_KEY'])

        role = Role.get_by(uid=user.uid, first=True, to_dict=False)
        if role:
            parent_ids = RoleRelationCRUD.recursive_parent_ids(role.id)
            parent_roles = [RoleCache.get(i).name for i in parent_ids]
        else:
            parent_roles = []
        session["acl"] = dict(uid=user.uid,
                              avatar=user.avatar,
                              userName=user.username,
                              nickName=user.nickname,
                              parentRoles=parent_roles)

        return self.jsonify(token=token.decode())
Exemplo n.º 10
0
    def add(cls, **kwargs):
        existed = User.get_by(username=kwargs['username'],
                              email=kwargs['email'])
        existed and abort(
            400, "User <{0}> is already existed".format(kwargs['username']))

        is_admin = kwargs.pop('is_admin', False)
        kwargs['nickname'] = kwargs.get('nickname') or kwargs['username']
        kwargs['block'] = 0
        kwargs['key'], kwargs['secret'] = cls._gen_key_secret()

        user = User.create(**kwargs)

        role = RoleCRUD.add_role(user.username, uid=user.uid)

        if is_admin:
            from api.lib.perm.acl.cache import AppCache
            from api.lib.perm.acl.role import RoleRelationCRUD
            admin_r = Role.get_by(name='admin', first=True, to_dict=False) or \
                      RoleCRUD.add_role('admin', AppCache.get('cmdb').id, True)

            RoleRelationCRUD.add(admin_r.id, role.id)

        return user