Exemplo n.º 1
0
class RightsTest(TestCase):

    def setUp(self):
        self.logger = getLogger()
        self.rights = Rights()
        self.data_types = ['profile', 'group', 'role']

        # This should be in a filldb script
        referenced_rights = {
            '1234',
            '1235',
            '1236',
            '1237',
            '1238',
            '1239',
            '1240',
            '1241',
            '2344',
            '2345',
            '2346',
            '2347',
            '2348',
            '2349',
            '4210',
            '4211'
        }
        for x in referenced_rights:
            self.rights.add(x, 'desc test rule')

        # delete everything before starting
        self.rights.delete_group('group_test1')
        self.rights.delete_group('group_test2')

        self.rights.delete_user('jharris')

        self.rights.delete_profile('profile_test1')
        self.rights.delete_profile('profile_test2')

        self.rights.delete_role('role_test1bis')

    def tearDown(self):
        pass
        # TODO: cleanup the mess in default_rights

    def tests(self):
        # Test creation of groups
        rights = {
            '1234': {'desc': 'test right in group', 'checksum': 15},
            '1235': {'desc': 'test right in group', 'checksum': 8},
            '1236': {'desc': 'test right in group', 'checksum': 12},
            '1237': {'desc': 'test right in group', 'checksum': 1},
            '1238': {'desc': 'test right in group', 'checksum': 15},
            '1239': {'desc': 'test right in group', 'checksum': 15},
            '1240': {'desc': 'test right in group', 'checksum': 8},
            '1241': {'desc': 'test right in group', 'checksum': 8}
        }
        rights_scnd = {
            '2344': {'desc': 'test right in group', 'checksum': 15},
            '2345': {'desc': 'test right in group', 'checksum': 8},
            '2346': {'desc': 'test right in group', 'checksum': 12},
            '2347': {'desc': 'test right in group', 'checksum': 1},
            '2348': {'desc': 'test right in group', 'checksum': 15},
            '2349': {'desc': 'test right in group', 'checksum': 15},
            '4210': {'desc': 'test right in group', 'checksum': 8},
            '4211': {'desc': 'test right in group', 'checksum': 8}
        }

        # basic group creation
        self.rights.create_group('group_test1', rights)
        self.rights.create_group('group_test2', rights_scnd)

        # basic profile creation
        self.rights.create_profile('profile_test1', ['group_test1'])
        self.rights.create_profile('profile_test2', ['group_test2'])

        # create new role and assign it to the user
        self.rights.create_role('role_test1bis', 'profile_test1')
        self.rights.create_user('jharris', 'role_test1bis')

        # Basic check
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 1), True)

        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add permissions to the rights
        self.rights.add_right('group_test1', 'group', '1237', 12)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Test right deletion
        self.rights.remove_right('group_test1', 'group', '1237', 8)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add it back
        self.rights.add_right('group_test1', 'group', '1237', 12)

        # Test remove_entity
        self.rights.remove_group_profile('profile_test1', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add it back
        self.rights.add_group_profile('profile_test1', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Test removing the profile
        self.rights.remove_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add it back
        self.rights.add_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Remove the profile to add it to the role
        self.rights.remove_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add the group to the role
        self.rights.add_group_role('role_test1bis', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Remove it
        self.rights.remove_group_role('role_test1bis', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add the specific right to the user
        self.rights.add_right('jharris', 'user', '1237', 12)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Change the checksum
        self.rights.remove_right('jharris', 'user', '1237', 4)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 8), True)

        # Add a right on the same action to different fields
        # and check that it is summed correctly
        self.rights.remove_right('jharris', 'user', '1237', 8)
        self.rights.remove_right('group_test1', 'user', '1237', 12)
        self.rights.add_right('jharris', 'user', '1237', 2)
        self.rights.add_right('role_test1bis', 'user', '1237', 4)
        self.rights.add_right('group_test2', 'user', '1237', 8)
        self.rights.add_group_user('jharris', 'group_test2')
        self.rights.add_group_role('role_test1bis', 'group_test1')
        self.rights.add_profile('role_test1bis', None, 'profile_test1')
        self.rights.add_group_profile('role_test1bis', 'group_test1')

        # Change entity name
        self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
        self.assertTrue(
            'group_test2' == self.rights.get_group('group_test2')['crecord_name']
            )
        self.assertTrue(
            self.rights.update_entity_name('group_test2', 'group', 'name_changed')
            )
        self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
        self.assertTrue(
            'name_changed' == self.rights.get_group('group_test2')['crecord_name']
            )

        # Update fields
        uid = 'my_user'
        urole = 'admin'
        values = {
            '_id': uid,
            'contact': {
                'address': '',
                'name': 'Administrator'
            },
            'external': False,
            'mail': '*****@*****.**',
            'shadowpasswd': 'DEADBEEF',
            'ui_language': 'fr',
        }

        user = self.rights.create_user(
            uid, urole,
            contact=None,
            rights=None,
            groups=None
        )
        self.assertEqual(user['crecord_name'], uid)

        self.rights.update_fields(uid, 'user', values)
        r = self.rights.user_storage._backend.find({'_id': uid})
        self.assertTrue(r.count() > 0)
        content = list(r.limit(1))[0]
        self.assertEqual(content['crecord_name'], uid)
        self.assertEqual(content['ui_language'], 'fr')
        self.assertEqual(content['mail'], '*****@*****.**')
Exemplo n.º 2
0
class RightsModule(MigrationModule):

    CONF_PATH = 'etc/migration/rights.conf'
    CATEGORY = 'RIGHTS'

    def __init__(self,
                 actions_path=None,
                 users_path=None,
                 roles_path=None,
                 *args,
                 **kwargs):
        super(RightsModule, self).__init__(*args, **kwargs)

        self.logger = Logger.get('migrationtool', MigrationModule.LOG_PATH)
        self.config = Configuration.load(RightsModule.CONF_PATH, Ini)
        conf = self.config.get(self.CATEGORY, {})

        self.manager = Rights()

        if actions_path is not None:
            actions_path = actions_path
        else:
            actions_path = conf.get('actions_path', DEFAULT_ACTIONS_PATH)
        self.actions_path = os.path.expanduser(actions_path)

        if users_path is not None:
            users_path = users_path
        else:
            users_path = conf.get('users_path', DEFAULT_USERS_PATH)
        self.users_path = os.path.expanduser(users_path)

        if roles_path is not None:
            roles_path = roles_path
        else:
            roles_path = conf.get('roles_path', DEFAULT_ROLES_PATH)
        self.roles_path = os.path.expanduser(roles_path)

    def init(self, clear=True, yes=False):
        self.add_actions(self.load(self.actions_path), clear)
        self.add_users(self.load(self.users_path), clear)
        self.add_roles(self.load(self.roles_path), clear)

    def update(self, yes=False):
        self.init(clear=False)

    def load(self, path):
        try:
            loaded = []

            for fpath in os.listdir(path):
                if fpath.endswith('.json'):
                    fullpath = os.path.join(path, fpath)

                    with open(fullpath) as f:
                        data = ensure_iterable(json.load(f))

                    loaded += data

        except Exception as err:
            self.logger.error(u'Unable to load JSON files "{0}": {1}'.format(
                path, err))

            loaded = []

        return loaded

    def add_actions(self, data, clear):
        for action in data:
            for aid in action:
                if self.manager.get_action(aid) is None or clear:
                    self.logger.info(u'Initialize action: {0}'.format(aid))

                    self.manager.add(
                        aid, action[aid].get('desc', 'Empty description'))

    def add_users(self, data, clear):
        for user in data:
            if self.manager.get_user(user['_id']) is None or clear:
                self.logger.info(u'Initialize user: {0}'.format(user['_id']))

                self.manager.create_user(user['_id'],
                                         user.get('role', None),
                                         rights=user.get('rights', None),
                                         contact=user.get('contact', None),
                                         groups=user.get('groups', None))

            self.manager.update_fields(
                user['_id'], 'user', {
                    'external': user.get('external', False),
                    'enable': user.get('enable', True),
                    'shadowpasswd': user.get('shadowpass', None),
                    'mail': user.get('mail', None),
                    'authkey': user.get('authkey', str(uuid1()))
                })

    def add_roles(self, data, clear):
        for role in data:
            if self.manager.get_role(role['_id']) is None or clear:
                self.logger.info(u'Initialize role: {0}'.format(role['_id']))

                self.manager.create_role(role['_id'],
                                         role.get('profile', None))

            self.logger.info(u'Updating role: {0}'.format(role['_id']))
            record = self.manager.get_role(role['_id'])

            rights = record.get('rights', {})
            groups = record.get('groups', [])

            rights.update(role.get('rights', {}))
            groups += role.get('groups', [])
            groups = list(set(groups))  # make groups unique

            self.manager.update_rights(role['_id'], 'role', rights, record)
            self.manager.update_group(role['_id'], 'role', groups, record)
            self.manager.update_fields(
                role['_id'], 'role',
                {"defaultview": role.get("defaultview", None)})
Exemplo n.º 3
0
class ViewsModule(MigrationModule):
    def __init__(self, *args, **kwargs):
        super(ViewsModule, self).__init__(*args, **kwargs)

        self.storage = Middleware.get_middleware_by_uri(
            'storage-default://',
            table='object'
        )
        self.rights = Rights()

    def init(self):
        pass

    def update(self):
        # Get views
        views = self.storage.find_elements(query={'crecord_type': 'view'})
        backup = []

        for view in views:
            # Go through the view
            if 'containerwidget' in view:
                if 'items' in view['containerwidget']:
                    self.find_weathers(view['containerwidget']['items'])

            self.logger.info('Updating view: {0}'.format(view['_id']))

            try:
                self.storage.put_element(element=view, _id=view['_id'])

            except Exception as err:
                self.logger.error(
                    'Unable to update view "{0}": {1}'.format(
                        view['_id'],
                        err
                    )
                )

                backup.append(view)

            self.logger.info('Ensure rights for view: {0}'.format(view['_id']))

            actions = self.rights.get_action([view['_id']])

            if not actions:
                self.rights.add(view['_id'], 'Access to view {0}'.format(
                    view.get('title', view['_id'])
                ))

        if backup:
            bakdir = os.path.join(
                sys.prefix, 'var', 'cache', 'canopsis', 'migration'
            )

            filepath = os.path.join(bakdir, 'view.{0}.bak'.format(int(time())))

            os.makedirs(bakdir)

            with open(filepath, 'w') as f:
                json.dump(backup, f)

            self.logger.info('Backup found at: {0}'.format(filepath))

    def find_weathers(self, items):
        # Recursively find all weathers in the view
        for item in items:
            w = item['widget']

            # Nested widget search
            if 'items' in w:
                self.find_weathers(w['items'])

            if w['xtype'] == 'weather' and 'event_selection' in w:
                self.logger.info(
                    u'Processing weather in widget: {0}'.format(
                        w['title']
                    )
                )

                w['event_selection'] = self.transform_event_selection(
                    w['event_selection']
                )

    def transform_event_selection(self, event_selection):
        # Business code, update weather content
        selection = []

        while event_selection:
            value = event_selection.pop()

            if isinstance(value, basestring):
                value = {
                    'label': 'label',
                    'rk': value
                }

            selection.append(value)

        return selection
Exemplo n.º 4
0
class RightsTest(TestCase):

    def setUp(self):
        self.logger = getLogger()
        self.rights = Rights()
        self.data_types = ['profile', 'group', 'role']

        # This should be in a filldb script
        referenced_rights = {
            '1234',
            '1235',
            '1236',
            '1237',
            '1238',
            '1239',
            '1240',
            '1241',
            '2344',
            '2345',
            '2346',
            '2347',
            '2348',
            '2349',
            '4210',
            '4211'
        }
        for x in referenced_rights:
            self.rights.add(x, 'desc test rule')

        # delete everything before starting
        self.rights.delete_group('group_test1')
        self.rights.delete_group('group_test2')

        self.rights.delete_user('jharris')

        self.rights.delete_profile('profile_test1')
        self.rights.delete_profile('profile_test2')

        self.rights.delete_role('role_test1bis')

    def tests(self):
        # Test creation of groups
        rights = {
            '1234': {'desc': 'test right in group', 'checksum': 15},
            '1235': {'desc': 'test right in group', 'checksum': 8},
            '1236': {'desc': 'test right in group', 'checksum': 12},
            '1237': {'desc': 'test right in group', 'checksum': 1},
            '1238': {'desc': 'test right in group', 'checksum': 15},
            '1239': {'desc': 'test right in group', 'checksum': 15},
            '1240': {'desc': 'test right in group', 'checksum': 8},
            '1241': {'desc': 'test right in group', 'checksum': 8}
        }
        rights_scnd = {
            '2344': {'desc': 'test right in group', 'checksum': 15},
            '2345': {'desc': 'test right in group', 'checksum': 8},
            '2346': {'desc': 'test right in group', 'checksum': 12},
            '2347': {'desc': 'test right in group', 'checksum': 1},
            '2348': {'desc': 'test right in group', 'checksum': 15},
            '2349': {'desc': 'test right in group', 'checksum': 15},
            '4210': {'desc': 'test right in group', 'checksum': 8},
            '4211': {'desc': 'test right in group', 'checksum': 8}
        }

        # basic group creation
        self.rights.create_group('group_test1', rights)
        self.rights.create_group('group_test2', rights_scnd)

        # basic profile creation
        self.rights.create_profile('profile_test1', ['group_test1'])
        self.rights.create_profile('profile_test2', ['group_test2'])

        # create new role and assign it to the user
        self.rights.create_role('role_test1bis', 'profile_test1')
        self.rights.create_user('jharris', 'role_test1bis')

        # Basic check
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 1), True)

        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add permissions to the rights
        self.rights.add_right('group_test1', 'group', '1237', 12)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Test right deletion
        self.rights.remove_right('group_test1', 'group', '1237', 8)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add it back
        self.rights.add_right('group_test1', 'group', '1237', 12)

        # Test remove_entity
        self.rights.remove_group_profile('profile_test1', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add it back
        self.rights.add_group_profile('profile_test1', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Test removing the profile
        self.rights.remove_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add it back
        self.rights.add_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Remove the profile to add it to the role
        self.rights.remove_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add the group to the role
        self.rights.add_group_role('role_test1bis', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Remove it
        self.rights.remove_group_role('role_test1bis', 'group_test1')
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)

        # Add the specific right to the user
        self.rights.add_right('jharris', 'user', '1237', 12)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), True)

        # Change the checksum
        self.rights.remove_right('jharris', 'user', '1237', 4)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 12), False)
        self.assertEqual(
            self.rights.check_rights(
                'jharris', '1237', 8), True)

        # Add a right on the same action to different fields
        # and check that it is summed correctly
        self.rights.remove_right('jharris', 'user', '1237', 8)
        self.rights.remove_right('group_test1', 'user', '1237', 12)
        self.rights.add_right('jharris', 'user', '1237', 2)
        self.rights.add_right('role_test1bis', 'user', '1237', 4)
        self.rights.add_right('group_test2', 'user', '1237', 8)
        self.rights.add_group_user('jharris', 'group_test2')
        self.rights.add_group_role('role_test1bis', 'group_test1')
        self.rights.add_profile('role_test1bis', None, 'profile_test1')
        self.rights.add_group_profile('role_test1bis', 'group_test1')
        self.assertEqual(
            self.rights.get_user_rights('jharris')['1237']['checksum'],
            15)

        # Change entity name
        self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
        self.assertTrue(
            'group_test2' == self.rights.get_group('group_test2')['crecord_name']
            )
        self.assertTrue(
            self.rights.update_entity_name('group_test2', 'group', 'name_changed')
            )
        self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
        self.assertTrue(
            'name_changed' == self.rights.get_group('group_test2')['crecord_name']
            )
Exemplo n.º 5
0
class RightsTest(TestCase):
    def setUp(self):
        self.logger = getLogger()
        self.rights = Rights()
        self.data_types = ['profile', 'group', 'role']

        # This should be in a filldb script
        referenced_rights = {
            '1234', '1235', '1236', '1237', '1238', '1239', '1240', '1241',
            '2344', '2345', '2346', '2347', '2348', '2349', '4210', '4211'
        }
        for x in referenced_rights:
            self.rights.add(x, 'desc test rule')

        # delete everything before starting
        self.rights.delete_group('group_test1')
        self.rights.delete_group('group_test2')

        self.rights.delete_user('jharris')

        self.rights.delete_profile('profile_test1')
        self.rights.delete_profile('profile_test2')

        self.rights.delete_role('role_test1bis')

    def tearDown(self):
        pass
        # TODO: cleanup the mess in default_rights

    def tests(self):
        # Test creation of groups
        rights = {
            '1234': {
                'desc': 'test right in group',
                'checksum': 15
            },
            '1235': {
                'desc': 'test right in group',
                'checksum': 8
            },
            '1236': {
                'desc': 'test right in group',
                'checksum': 12
            },
            '1237': {
                'desc': 'test right in group',
                'checksum': 1
            },
            '1238': {
                'desc': 'test right in group',
                'checksum': 15
            },
            '1239': {
                'desc': 'test right in group',
                'checksum': 15
            },
            '1240': {
                'desc': 'test right in group',
                'checksum': 8
            },
            '1241': {
                'desc': 'test right in group',
                'checksum': 8
            }
        }
        rights_scnd = {
            '2344': {
                'desc': 'test right in group',
                'checksum': 15
            },
            '2345': {
                'desc': 'test right in group',
                'checksum': 8
            },
            '2346': {
                'desc': 'test right in group',
                'checksum': 12
            },
            '2347': {
                'desc': 'test right in group',
                'checksum': 1
            },
            '2348': {
                'desc': 'test right in group',
                'checksum': 15
            },
            '2349': {
                'desc': 'test right in group',
                'checksum': 15
            },
            '4210': {
                'desc': 'test right in group',
                'checksum': 8
            },
            '4211': {
                'desc': 'test right in group',
                'checksum': 8
            }
        }

        # basic group creation
        self.rights.create_group('group_test1', rights)
        self.rights.create_group('group_test2', rights_scnd)

        # basic profile creation
        self.rights.create_profile('profile_test1', ['group_test1'])
        self.rights.create_profile('profile_test2', ['group_test2'])

        # create new role and assign it to the user
        self.rights.create_role('role_test1bis', 'profile_test1')
        self.rights.create_user('jharris', 'role_test1bis')

        # Basic check
        self.assertEqual(self.rights.check_rights('jharris', '1237', 1), True)

        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)

        # Add permissions to the rights
        self.rights.add_right('group_test1', 'group', '1237', 12)
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)

        # Test right deletion
        self.rights.remove_right('group_test1', 'group', '1237', 8)
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)

        # Add it back
        self.rights.add_right('group_test1', 'group', '1237', 12)

        # Test remove_entity
        self.rights.remove_group_profile('profile_test1', 'group_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)

        # Add it back
        self.rights.add_group_profile('profile_test1', 'group_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)

        # Test removing the profile
        self.rights.remove_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)

        # Add it back
        self.rights.add_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)

        # Remove the profile to add it to the role
        self.rights.remove_profile('role_test1bis', None, 'profile_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)

        # Add the group to the role
        self.rights.add_group_role('role_test1bis', 'group_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)

        # Remove it
        self.rights.remove_group_role('role_test1bis', 'group_test1')
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)

        # Add the specific right to the user
        self.rights.add_right('jharris', 'user', '1237', 12)
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)

        # Change the checksum
        self.rights.remove_right('jharris', 'user', '1237', 4)
        self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
                         False)
        self.assertEqual(self.rights.check_rights('jharris', '1237', 8), True)

        # Add a right on the same action to different fields
        # and check that it is summed correctly
        self.rights.remove_right('jharris', 'user', '1237', 8)
        self.rights.remove_right('group_test1', 'user', '1237', 12)
        self.rights.add_right('jharris', 'user', '1237', 2)
        self.rights.add_right('role_test1bis', 'user', '1237', 4)
        self.rights.add_right('group_test2', 'user', '1237', 8)
        self.rights.add_group_user('jharris', 'group_test2')
        self.rights.add_group_role('role_test1bis', 'group_test1')
        self.rights.add_profile('role_test1bis', None, 'profile_test1')
        self.rights.add_group_profile('role_test1bis', 'group_test1')

        # Change entity name
        self.assertTrue(
            'group_test2' in self.rights.get_user('jharris')['group'])
        self.assertTrue('group_test2' == self.rights.get_group('group_test2')
                        ['crecord_name'])
        self.assertTrue(
            self.rights.update_entity_name('group_test2', 'group',
                                           'name_changed'))
        self.assertTrue(
            'group_test2' in self.rights.get_user('jharris')['group'])
        self.assertTrue('name_changed' == self.rights.get_group('group_test2')
                        ['crecord_name'])

        # Update fields
        uid = 'my_user'
        urole = 'admin'
        values = {
            '_id': uid,
            'contact': {
                'address': '',
                'name': 'Administrator'
            },
            'external': False,
            'mail': '*****@*****.**',
            'shadowpasswd': 'DEADBEEF',
            'ui_language': 'fr',
        }

        user = self.rights.create_user(uid,
                                       urole,
                                       contact=None,
                                       rights=None,
                                       groups=None)
        self.assertEqual(user['crecord_name'], uid)

        self.rights.update_fields(uid, 'user', values)
        r = self.rights.user_storage._backend.find({'_id': uid})
        self.assertTrue(r.count() > 0)
        content = list(r.limit(1))[0]
        self.assertEqual(content['crecord_name'], uid)
        self.assertEqual(content['ui_language'], 'fr')
        self.assertEqual(content['mail'], '*****@*****.**')
Exemplo n.º 6
0
class ViewsModule(MigrationModule):
    def __init__(self, *args, **kwargs):
        super(ViewsModule, self).__init__(*args, **kwargs)

        self.logger = Logger.get('migrationmodule', MigrationModule.LOG_PATH)
        self.storage = Middleware.get_middleware_by_uri('storage-default://',
                                                        table='object')
        self.rights = Rights()

    def init(self, yes=False):
        pass

    def update(self, yes=False):
        # Get views
        views = self.storage.find_elements(query={'crecord_type': 'view'})
        backup = []

        for view in views:
            # Go through the view
            if 'containerwidget' in view:
                if 'items' in view['containerwidget']:
                    self.find_weathers(view['containerwidget']['items'])

            self.logger.info(u'Updating view: {0}'.format(view['_id']))

            try:
                self.storage.put_element(element=view, _id=view['_id'])

            except Exception as err:
                self.logger.error('Unable to update view "{0}": {1}'.format(
                    view['_id'], err))

                backup.append(view)

            self.logger.info(u'Ensure rights for view: {}'.format(view['_id']))

            actions = self.rights.get_action([view['_id']])

            if not actions:
                self.rights.add(
                    view['_id'],
                    'Access to view {0}'.format(view.get('title',
                                                         view['_id'])))

        if backup:
            bakdir = os.path.join(root_path, 'var', 'cache', 'canopsis',
                                  'migration')

            filepath = os.path.join(bakdir, 'view.{0}.bak'.format(int(time())))

            os.makedirs(bakdir)

            with open(filepath, 'w') as f:
                json.dump(backup, f)

            self.logger.info(u'Backup found at: {0}'.format(filepath))

    def find_weathers(self, items):
        # Recursively find all weathers in the view
        for item in items:
            w = item['widget']

            # Nested widget search
            if 'items' in w:
                self.find_weathers(w['items'])

            if w['xtype'] == 'weather' and 'event_selection' in w:
                self.logger.info(u'Processing weather in widget: {0}'.format(
                    w['title']))

                w['event_selection'] = self.transform_event_selection(
                    w['event_selection'])

    def transform_event_selection(self, event_selection):
        # Business code, update weather content
        selection = []

        while event_selection:
            value = event_selection.pop()

            if isinstance(value, basestring):
                value = {'label': 'label', 'rk': value}

            selection.append(value)

        return selection
Exemplo n.º 7
0
class RightsModule(MigrationModule):

    CONF_PATH = 'etc/migration/rights.conf'
    CATEGORY = 'RIGHTS'

    def __init__(
            self,
            actions_path=None,
            users_path=None,
            roles_path=None,
            *args, **kwargs
    ):
        super(RightsModule, self).__init__(*args, **kwargs)

        self.logger = Logger.get('migrationtool', MigrationModule.LOG_PATH)
        self.config = Configuration.load(RightsModule.CONF_PATH, Ini)
        conf = self.config.get(self.CATEGORY, {})

        self.manager = Rights()

        if actions_path is not None:
            actions_path = actions_path
        else:
            actions_path = conf.get('actions_path', DEFAULT_ACTIONS_PATH)
        self.actions_path = os.path.expanduser(actions_path)

        if users_path is not None:
            users_path = users_path
        else:
            users_path = conf.get('users_path', DEFAULT_USERS_PATH)
        self.users_path = os.path.expanduser(users_path)

        if roles_path is not None:
            roles_path = roles_path
        else:
            roles_path = conf.get('roles_path', DEFAULT_ROLES_PATH)
        self.roles_path = os.path.expanduser(roles_path)

    def init(self, clear=True, yes=False):
        self.add_actions(self.load(self.actions_path), clear)
        self.add_users(self.load(self.users_path), clear)
        self.add_roles(self.load(self.roles_path), clear)

    def update(self, yes=False):
        self.init(clear=False)

    def load(self, path):
        try:
            loaded = []

            for fpath in os.listdir(path):
                if fpath.endswith('.json'):
                    fullpath = os.path.join(path, fpath)

                    with open(fullpath) as f:
                        data = ensure_iterable(json.load(f))

                    loaded += data

        except Exception as err:
            self.logger.error(u'Unable to load JSON files "{0}": {1}'.format(
                path,
                err
            ))

            loaded = []

        return loaded

    def add_actions(self, data, clear):
        for action in data:
            for aid in action:
                if self.manager.get_action(aid) is None or clear:
                    self.logger.info(u'Initialize action: {0}'.format(aid))

                    self.manager.add(
                        aid,
                        action[aid].get('desc', 'Empty description')
                    )

    def add_users(self, data, clear):
        for user in data:
            if self.manager.get_user(user['_id']) is None or clear:
                self.logger.info(u'Initialize user: {0}'.format(user['_id']))

                self.manager.create_user(
                    user['_id'],
                    user.get('role', None),
                    rights=user.get('rights', None),
                    contact=user.get('contact', None),
                    groups=user.get('groups', None)
                )

            self.manager.update_fields(
                user['_id'],
                'user',
                {
                    'external': user.get('external', False),
                    'enable': user.get('enable', True),
                    'shadowpasswd': user.get('shadowpass', None),
                    'mail': user.get('mail', None),
                    'authkey': user.get('authkey', str(uuid1()))
                }
            )

    def add_roles(self, data, clear):
        for role in data:
            if self.manager.get_role(role['_id']) is None or clear:
                self.logger.info(u'Initialize role: {0}'.format(role['_id']))

                self.manager.create_role(
                    role['_id'],
                    role.get('profile', None)
                )

            self.logger.info(u'Updating role: {0}'.format(role['_id']))
            record = self.manager.get_role(role['_id'])

            rights = record.get('rights', {})
            groups = record.get('groups', [])

            rights.update(role.get('rights', {}))
            groups += role.get('groups', [])
            groups = list(set(groups))  # make groups unique

            self.manager.update_rights(role['_id'], 'role', rights, record)
            self.manager.update_group(role['_id'], 'role', groups, record)
            self.manager.update_fields(role['_id'], 'role', {"defaultview": role.get("defaultview", None)})
Exemplo n.º 8
0
class RightsModule(MigrationModule):

    @property
    def actions_path(self):
        if not hasattr(self, '_actions_path'):
            self.actions_path = None

        return self._actions_path

    @actions_path.setter
    def actions_path(self, value):
        if value is None:
            value = '~/opt/mongodb/load.d/rights/actions_ids'

        self._actions_path = os.path.expanduser(value)

    @property
    def users_path(self):
        if not hasattr(self, '_users_path'):
            self.users_path = None

        return self._users_path

    @users_path.setter
    def users_path(self, value):
        if value is None:
            value = '~/opt/mongodb/load.d/rights/default_users'

        self._users_path = os.path.expanduser(value)

    @property
    def roles_path(self):
        if not hasattr(self, '_roles_path'):
            self.roles_path = None

        return self._roles_path

    @roles_path.setter
    def roles_path(self, value):
        if value is None:
            value = '~/opt/mongodb/load.d/rights/default_roles'

        self._roles_path = os.path.expanduser(value)

    def __init__(
        self,
        actions_path=None,
        users_path=None,
        roles_path=None,
        *args, **kwargs
    ):
        super(RightsModule, self).__init__(*args, **kwargs)

        self.manager = Rights()

        if actions_path is not None:
            self.actions_path = actions_path

        if users_path is not None:
            self.users_path = users_path

        if roles_path is not None:
            self.roles_path = roles_path

    def init(self, clear=True):
        self.add_actions(self.load(self.actions_path), clear)
        self.add_users(self.load(self.users_path), clear)
        self.add_roles(self.load(self.roles_path), clear)

    def update(self):
        self.init(clear=False)

    def load(self, path):
        try:
            loaded = []

            for fpath in os.listdir(path):
                if fpath.endswith('.json'):
                    fullpath = os.path.join(path, fpath)

                    with open(fullpath) as f:
                        data = ensure_iterable(json.load(f))

                    loaded += data

        except Exception as err:
            self.logger.error(u'Unable to load JSON files "{0}": {1}'.format(
                path,
                err
            ))

            loaded = []

        return loaded

    def add_actions(self, data, clear):
        for action in data:
            for aid in action:
                if self.manager.get_action(aid) is None or clear:
                    self.logger.info(u'Initialize action: {0}'.format(aid))

                    self.manager.add(
                        aid,
                        action[aid].get('desc', 'Empty description')
                    )

    def add_users(self, data, clear):
        for user in data:
            if self.manager.get_user(user['_id']) is None or clear:
                self.logger.info(u'Initialize user: {0}'.format(user['_id']))

                self.manager.create_user(
                    user['_id'],
                    user.get('role', None),
                    rights=user.get('rights', None),
                    contact=user.get('contact', None),
                    groups=user.get('groups', None)
                )

            self.manager.update_fields(
                user['_id'],
                'user',
                {
                    'external': user.get('external', False),
                    'enable': user.get('enable', True),
                    'shadowpasswd': user.get('shadowpass', None),
                    'mail': user.get('mail', None),
                    'authkey': user.get('authkey', str(uuid1()))
                }
            )

    def add_roles(self, data, clear):
        for role in data:
            if self.manager.get_role(role['_id']) is None or clear:
                self.logger.info(u'Initialize role: {0}'.format(role['_id']))

                self.manager.create_role(
                    role['_id'],
                    role.get('profile', None)
                )

            self.logger.info(u'Updating role: {0}'.format(role['_id']))
            record = self.manager.get_role(role['_id'])

            rights = record.get('rights', {})
            groups = record.get('groups', [])

            rights.update(role.get('rights', {}))
            groups += role.get('groups', [])
            groups = list(set(groups))  # make groups unique

            self.manager.update_rights(role['_id'], 'role', rights, record)
            self.manager.update_group(role['_id'], 'role', groups, record)