def update_personal_user(username):
data = request.get_json()
current_user = get_jwt_identity()
# check for internal user
if username.id == 1:
return Problem.from_crud_resource(
HTTPStatus.FORBIDDEN,
'user',
'update',
f"Current user does not have permission to update user {username.id}.")
# check password
if username.verify_password(data['old_password']):
if username.id == current_user:
# allow ability to update username/password but not roles/active
if username.id == 2:
username.set_roles([2])
username.active = True
return update_user_fields(data, username)
else:
return update_user_fields(data, username)
else:
return Problem.from_crud_resource(
HTTPStatus.FORBIDDEN,
'user',
'update',
f"Current user does not have permission to update user {username.id}.")
else:
return None, HTTPStatus.FORBIDDEN
def create_role():
json_data = request.get_json()
if not Role.query.filter_by(name=json_data['name']).first():
resources = json_data['resources'] if 'resources' in json_data else []
if '/roles' in resources:
resources.remove('/roles')
role_params = {
'name':
json_data['name'],
'description':
json_data['description'] if 'description' in json_data else '',
'resources':
resources
}
new_role = Role(**role_params)
db.session.add(new_role)
db.session.commit()
current_app.logger.info(f"Role added: {role_params}")
return new_role.as_json(), HTTPStatus.CREATED
else:
current_app.logger.warning(
f"Role with name {json_data['name']} already exists")
return Problem.from_crud_resource(
HTTPStatus.BAD_REQUEST, 'role', 'create',
f"Role with name {json_data['name']} already exists")
def __func():
config_in = request.get_json()
if not _reset_token_durations(access_token_duration=config_in.get(
'access_token_duration', None),
refresh_token_duration=config_in.get(
'refresh_token_duration', None)):
return Problem.from_crud_resource(
HTTPStatus.BAD_REQUEST, 'configuration', 'update',
'Access token duration must be less than refresh token duration.'
)
for config, config_value in config_in.items():
if hasattr(api_gateway.config.Config, config.upper()):
setattr(api_gateway.config.Config, config.upper(),
config_value)
elif hasattr(current_app.config, config.upper()):
setattr(current_app.config, config.upper(), config_value)
current_app.logger.info('Changed configuration')
try:
api_gateway.config.Config.write_values_to_file()
return __get_current_configuration(), HTTPStatus.OK
except (IOError, OSError) as e:
current_app.logger.error(
'Could not write changes to configuration to file')
return Problem(
HTTPStatus.INTERNAL_SERVER_ERROR,
'Could not write changes to file.',
'Could not write configuration changes to file. Problem: {}'.
format(format_exception_message(e)))
def update_user(user_id):
data = request.get_json()
current_user = get_jwt_identity()
# check for internal user
if user_id.id == 1:
return None, HTTPStatus.FORBIDDEN
if user_id.id == current_user:
# check for super_admin, allows ability to update username/password but not roles/active
if user_id.id == 2:
user_id.set_roles([2])
user_id.active = True
return update_user_fields(data, user_id)
return role_update_user_fields(data, user_id, update=True)
else:
# check for super_admin
if user_id.id == 2:
return None, HTTPStatus.FORBIDDEN
else:
response = role_update_user_fields(data, user_id, update=True)
if isinstance(response, tuple) and response[1] == HTTPStatus.FORBIDDEN:
current_app.logger.error(f"User {current_user} does not have permission to update user {user_id.id}")
return Problem.from_crud_resource(
HTTPStatus.FORBIDDEN,
'user',
'update',
f"Current user does not have permission to update user {user_id.id}.")
else:
return response
def update_user_fields(data, user):
if user.id != 1:
original_username = str(user.username)
if 'username' in data and data['username']:
user_db = User.query.filter_by(username=data['username']).first()
if user_db is None or user_db.id == user.id:
user.username = data['username']
else:
return Problem(HTTPStatus.BAD_REQUEST, 'Cannot update user.',
f"Username {data['username']} is already taken.")
elif 'new_username' in data and data['new_username']:
user_db = User.query.filter_by(username=data['old_username']).first()
if user_db is None or user_db.id == user.id:
user.username = data['new_username']
else:
return Problem(HTTPStatus.BAD_REQUEST, 'Cannot update user.',
f"Username {data['new_username']} is already taken.")
if 'old_password' in data and 'password' in data and \
data['old_password'] != "" and data['password'] != "":
logger.info("go there")
if user.verify_password(data['old_password']):
user.password = data['password']
else:
user.username = original_username
return Problem.from_crud_resource(
HTTPStatus.UNAUTHORIZED,
'user',
'update',
'Current password is incorrect.')
db.session.commit()
current_app.logger.info(f"Updated user {user.id}. Updated to: {user.as_json()}")
return user.as_json(), HTTPStatus.OK
else:
return None, HTTPStatus.FORBIDDEN
def delete_user(user_id):
if user_id.id != get_jwt_identity() and user_id.id != 1 and user_id.id != 2:
db.session.delete(user_id)
db.session.commit()
current_app.logger.info(f"User {user_id.username} deleted")
return None, HTTPStatus.NO_CONTENT
else:
if user_id.id == get_jwt_identity():
current_app.logger.error(f"Could not delete user {user_id.id}. User is current user.")
return Problem.from_crud_resource(HTTPStatus.FORBIDDEN, 'user', 'delete',
'Current user cannot delete self.')
if user_id.id == 2:
current_app.logger.error(f"Could not delete user {user_id.username}. "
f"You do not have permission to delete Super Admin.")
return Problem.from_crud_resource(HTTPStatus.FORBIDDEN, 'user', 'delete',
'A user cannot delete Super Admin.')
if user_id.id == 1:
current_app.logger.error(f"Could not delete user {user_id.username}. "
f"You do not have permission to delete WALKOFF's internal user.")
return Problem.from_crud_resource(HTTPStatus.FORBIDDEN, 'user', 'delete',
"A user cannot delete WALKOFF's internal user.")
def delete_user(user_id):
if user_id.id != get_jwt_identity(
) and user_id.username != "internal_user":
db.session.delete(user_id)
db.session.commit()
current_app.logger.info(f"User {user_id.username} deleted")
return None, HTTPStatus.NO_CONTENT
else:
current_app.logger.error(
f"Could not delete user {user_id.id}. User is current user.")
return Problem.from_crud_resource(HTTPStatus.FORBIDDEN, 'user',
'delete',
'Current user cannot delete self.')
def update_settings():
config_in = request.get_json()
if not _reset_token_durations(access_token_duration=config_in.get('access_token_duration', None),
refresh_token_duration=config_in.get('refresh_token_duration', None)):
return Problem.from_crud_resource(
HTTPStatus.BAD_REQUEST,
'settings',
'update',
'Access token duration must be less than refresh token duration.')
for config, config_value in config_in.items():
if hasattr(api_gateway.flask_config.FlaskConfig, config.upper()):
setattr(api_gateway.flask_config.FlaskConfig, config.upper(), config_value)
elif hasattr(current_app.config, config.upper()):
setattr(current_app.config, config.upper(), config_value)
current_app.logger.info('Changed settings')
def create_user():
data = request.get_json()
username = data['username']
if not User.query.filter_by(username=username).first():
user = add_user(username=username, password=data['password'])
if 'roles' in data or 'active' in data:
role_update_user_fields(data, user)
db.session.commit()
current_app.logger.info(f'User added: {user.as_json()}')
return user.as_json(), HTTPStatus.CREATED
else:
current_app.logger.warning(
f'Cannot create user {username}. User already exists.')
return Problem.from_crud_resource(
HTTPStatus.BAD_REQUEST, 'user', 'create',
f'User with username {username} already exists')
def update_user(user_id):
data = request.get_json()
current_user = get_jwt_identity()
if user_id.username == "internal_user":
return None, HTTPStatus.FORBIDDEN
if user_id.id == current_user:
return update_user_fields(data, user_id)
else:
response = role_update_user_fields(data, user_id, update=True)
if isinstance(response, tuple) and response[1] == HTTPStatus.FORBIDDEN:
current_app.logger.error(
f"User {current_user} does not have permission to update user {user_id.id}"
)
return Problem.from_crud_resource(
HTTPStatus.FORBIDDEN, 'user', 'update',
f"Current user does not have permission to update user {user_id.id}."
)
else:
return response
def scheduled_task_name_already_exists_problem(name, operation):
return Problem.from_crud_resource(
HTTPStatus.BAD_REQUEST, 'scheduled task', operation,
'Could not {} scheduled task. Scheduled task with name {} already exists.'
.format(operation, name))