def addUser(self, currentuser, userspec):
#permit(self.isSystemUser(currentuser), "Only System User can add users")
#hiding as not sure how to bootstrap TODO
#authorize(False, self, currentuser, None)
#addUserToApp will fail if we are not systemuser.
#for some such functions we could swap out to apps owner
#but decide on app invitation model for this
vspec=validatespec(userspec, "user")
#print vspec
try:
newuser=User(**vspec)
self.session.add(newuser)
except:
import sys
print sys.exc_info()
doabort('BAD_REQ', "Failed adding user %s" % userspec['nick'])
#Also add user to private default group and public group
if newuser.nick == '*****@*****.**':
#Shouldnt this be part of system configuration
newuser.systemuser=True
currentuser=newuser
self.addGroup(currentuser, dict(name='public', description="Public Items", creator=newuser))
self.commit()
print "CURRENT", currentuser
self.addGroup(currentuser, dict(name='default', creator=newuser, personalgroup=True))
self.addUserToGroup(currentuser, '[email protected]/group:public', newuser, None)
#Faking this for now
#self.addUserToApp(currentuser, '[email protected]/app:publications', newuser, None)
return newuser
def getUserForNick(self, currentuser, nick):
print "nick is", nick
try:
user=self.session.query(User).filter_by(nick=nick).one()
except:
doabort('NOT_FND', "User %s not found" % nick)
return user
def addMemberableToMembable(self, currentuser, useras, fqpn, memberablefqin, changerw=False):
"add a user, group, or app to a postable=group, app, or library"
ptype = gettype(fqpn)
mtype = gettype(memberablefqin)
# BUG: need exception handling here, also want to make sure no strange fqins are accepted
membableq = ptype.objects(basic__fqin=fqpn)
try:
membable = membableq.get()
except:
doabort("BAD_REQ", "No such membable(tag) %s" % fqpn)
memberableq = mtype.objects(basic__fqin=memberablefqin)
memberable = memberableq.get()
try:
if not changerw:
rw = RWDEFMAP[ptype]
else:
rw = not RWDEFMAP[ptype]
memb = is_me_in_pble(memberable, membable.members)
if memb == False:
memb = MembableEmbedded(
mtype=mtype.classname, fqmn=memberablefqin, readwrite=rw, pname=memberable.presentable_name()
)
membableq.update(safe_update=True, push__members=memb)
except:
doabort(
"BAD_REQ",
"Failed adding memberable %s %s to membable %s %s"
% (mtype.__name__, memberablefqin, ptype.__name__, fqpn),
)
return memberableq.get(), membableq.get()
def getMemberableForFqin(self, currentuser, mtype, memberfqin):
"gets user for nick"
try:
member = mtype.objects(basic__fqin=memberfqin).get()
except:
doabort("NOT_FND", "User %s not found" % memberfqin)
return member
def changeOwnershipOfOwnable(self, currentuser, owner, fqon, newowner):
"this is used for things like itentypes and tagtypes, not for g/a/l. Also for tags?"
otype = gettype(fqon)
oq = otype.objects(basic__fqin=fqon)
try:
ownable = oq.get()
except:
doabort("BAD_REQ", "No such ownable %s %s" % (otype.__name__, fqon))
authorize_ownable_owner(False, self, currentuser, owner, ownable)
# try:
# newowner=self.getUserForFqin(currentuser, newownerfqin)
# except:
# #make sure target exists.
# doabort('BAD_REQ', "No such newowner %s" % newownerfqin)
newownerfqin = newowner.basic.fqin
permit(
self.isMemberOfMembable(currentuser, newowner, ownable),
" Possible new owner %s must be member of ownable %s %s" % (newownerfqin, ptype.__name__, fqpn),
)
try:
oldownerfqpn = ownable.owner
# memb=MembableEmbedded(mtype=User.classname, fqmn=newowner.basic.fqin, readwrite=True, pname = newowner.presentable_name())
memb = is_me_in_pble(newowner, ownable.members)
# oq.filter(members__fqmn=newowner.basic.fqin).update_one(safe_update=True, set__owner = newowner.basic.fqin, set__members_S=memb)
ownable.update(safe_update=True, set__owner=newowner.basic.fqin)
except:
doabort(
"BAD_REQ",
"Failed changing owner from %s to %s for ownable %s %s"
% (oldownerfqpn, newowner.basic.fqin, otype.__name__, fqon),
)
newowner.reload()
ownable.reload()
return newowner, ownable
def getUserForFqin(self, currentuser, userfqin):
"gets user for nick"
try:
user = User.objects(basic__fqin=userfqin).get()
except:
doabort("NOT_FND", "User %s not found" % userfqin)
return user
def getMembable(self, currentuser, fqmn):
"gets the membable corresponding to the fqpn"
mtype = gettype(fqmn)
try:
membable = mtype.objects(basic__fqin=fqmn).get()
except:
doabort("NOT_FND", "%s %s not found" % (classname(mtype), fqmn))
return membable
def permit2(authstart, clausetuples):
start=authstart
reasons=[]
for tup in clausetuples:
start = start or tup[0]
reasons.append(tup[1])
if start==False:
doabort('NOT_AUT', {'reason':' or '.join(reasons)})
def getUserForNick(self, currentuser, nick):
"gets user for nick"
##print "ingetuser", [e.nick for e in User.objects]
# print "nick", nick
try:
user = User.objects(nick=nick).get()
except:
doabort("NOT_FND", "User %s not found" % nick)
return user
def removeUserFromApp(self, currentuser, fullyQualifiedAppName, usertoberemoved):
app=self.getApp(currentuser, fullyQualifiedAppName)
#permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be owner of app %s or systemuser" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, app)
try:
usertoberemoved.applicationsin.remove(app)
except:
doabort('BAD_REQ', "Failed removing user %s from app %s" % (usertoberemoved.nick, app.fqin))
return OK
def acceptInviteToApp(self, currentuser, fullyQualifiedAppName, me, authspec):
app=self.getApp(currentuser, fullyQualifiedAppName)
authorize(False, self, currentuser, me)
permit(self.isInvitedToApp(me, app), "User %s must be invited to app %s" % (me.nick, app.fqin))
try:
me.applicationsin.append(app)
except:
doabort('BAD_REQ', "Failed in user %s accepting invite to app %s" % (me.nick, app.fqin))
return me
def removeUserFromGroup(self, currentuser, fullyQualifiedGroupName, usertoberemoved):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
usertoberemoved.groupsin.remove(grp)
except:
doabort('BAD_REQ', "Failed removing user %s from group %s" % (usertoberemoved.nick, grp.fqin))
return OK
def inviteUserToApp(self, currentuser, fqan, usertobeaddednick):
app=self.getApp(currentuser, fqan)
userq= User.objects(nick=usertobeaddednick)
authorize_context_owner(False, self, currentuser, None, app)
try:
userq.update(safe_update=True, push__appsinvitedto=fqan)
except:
doabort('BAD_REQ', "Failed inviting user %s to app %s" % (usertobeadded.nick, fqan))
return usertobeaddednick
def inviteUserToGroup(self, currentuser, fullyQualifiedGroupName, usertobeadded, authspec):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
usertobeadded.groupsinvitedto.append(grp)
except:
doabort('BAD_REQ', "Failed inviting user %s to group %s" % (usertobeadded.nick, grp.fqin))
return usertobeadded
def inviteUserToApp(self, currentuser, fullyQualifiedAppName, usertobeadded, authspec):
app=self.getApp(currentuser, fullyQualifiedAppName)
#permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be owner of app %s or systemuser" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, app)
try:
usertobeadded.applicationsinvitedto.append(app)
except:
doabort('BAD_REQ', "Failed inviting user %s to app %s" % (usertobeadded.nick, app.fqin))
return usertobeaded
def inviteUserToGroup(self, currentuser, fqgn, usertobeaddednick):
grp=self.getGroup(currentuser, fqgn)
userq= User.objects(nick=usertobeaddednick)
authorize_context_owner(False, self, currentuser, None, grp)
try:
userq.update(safe_update=True, push__groupsinvitedto=fqgn)
except:
doabort('BAD_REQ', "Failed inviting user %s to group %s" % (usertobeadded.nick, fqgn))
#print "IIIII", userq.get().groupsinvitedto
return usertobeaddednick
def validatespec(specdict, spectype="user"):
keysneeded=MUSTHAVEKEYS[spectype]
keyswehave=specdict.keys()
for k in keysneeded:
if k not in keyswehave:
doabort('BAD_REQ', "Key %s not in spec for %s" % (k, spectype))
if spectype=='group' or spectype=='app':
specdict['owner']=specdict['creator']
specdict['fqin']=specdict['creator'].nick+"/"+spectype+":"+specdict['name']
return specdict
def getUserForCookieid(self, currentuser, cookieid):
"gets user for adsid"
##print "ingetuser", [e.nick for e in User.objects]
##print "nick", nick
try:
user = User.objects(cookieid=cookieid).get()
except:
# print "JJJJ", sys.exc_info()
doabort("NOT_FND", "User %s not found" % cookieid)
return user
def acceptInviteToGroup(self, currentuser, fullyQualifiedGroupName, me, authspec):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
authorize(False, self, currentuser, me)
permit(self.isInvitedToGroup(me, grp), "User %s must be invited to group %s" % (me.nick, grp.fqin))
#permit(self.isInvitedToGroup(me, grp) or self.isSystemUser(currentuser), "User %s must be invited to group %s or currentuser must be systemuser" % (me.nick, grp.fqin))
try:
me.groupsin.append(grp)
except:
doabort('BAD_REQ', "Failed in user %s accepting invite to group %s" % (me.nick, grp.fqin))
return me
def addUserToGroup(self, currentuser, grouporfullyQualifiedGroupName, usertobeadded, authspec):
grp=_group(currentuser, self, grouporfullyQualifiedGroupName)
if grp.fqin!='[email protected]/group:public':
#special case so any user can add themselves to public group
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
try:
usertobeadded.groupsin.append(grp)
except:
doabort('BAD_REQ', "Failed adding user %s to group %s" % (usertobeadded.nick, grp.fqin))
return usertobeadded
def changeOwnershipOfGroup(self, currentuser, fullyQualifiedGroupName, usertobenewowner):
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
permit(self.isMemberOfGroup(usertobenewowner, grp), " User %s must be member of grp %s" % (currentuser.nick, grp.fqin))
try:
oldownernick=grp.owner.nick
grp.owner = usertobenewowner
except:
doabort('BAD_REQ', "Failed changing owner from %s to %s for group %s" % (oldownernick, usertobenewowner.nick, grp.fqin))
return usertobenewowner
def addApp(self, currentuser, appspec):
authorize(False, self, currentuser, currentuser)
appspec=validatespec(appspec, "app")
appspec['appgroup']=True
try:
newapp=Application(**appspec)
except:
doabort('BAD_REQ', "Failed adding app %s" % appspec['name'])
self.session.add(newapp)
#self.commit()#needed due to full lookup in addUserToApp. fixthis
self.addUserToApp(currentuser, newapp, newapp.creator, None)
return newapp
def addGroup(self, currentuser, groupspec):
authorize(False, self, currentuser, currentuser)
vspec=validatespec(groupspec, "group")
try:
newgroup=Group(**vspec)
except:
doabort('BAD_REQ', "Failed adding group %s" % groupspec['name'])
#Also add user to private default group and public group
self.session.add(newgroup)
#self.commit()#needed as in addUserToGroup you do a full lookup. fix this!
#print newgroup.fqin, newgroup.creator.info(), '<<<<<<'
self.addUserToGroup(currentuser, newgroup, newgroup.creator, None)
return newgroup
def removeGroupFromApp(self, currentuser, fullyQualifiedAppName, fullyQualifiedGroupName):
app=self.getApp(currentuser, fullyQualifiedAppName)
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#permit(self.isOwnerOfGroup(currentuser, grp), "User %s must be owner of group %s" % (currentuser.nick, grp.fqin))
#permit(self.isMemberOfApp(currentuser, app), "User %s must be member of app %s" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
authorize_context_member(False, self, currentuser, None, app)
try:
grp.applicationsin.remove(app)
#pubsub depending on what we want to do to delete
except:
doabort('BAD_REQ', "Failed removing group %s from app %s" % (grp.fqin, app.fqin))
return OK
def changeOwnershipOfLibrary(self, currentuser, fqln, newowner, groupmode=False):
libq=Library.objects(basic__fqin=fqln)
if groupmode:
try:
groupq=Group.objects(basic__fqin=newowner)
group=groupq.get()
newowner=group.basic.fqin
except:
#make sure target exists.
doabort('BAD_REQ', "No such group %s" % newowner)
authorize_context_member(False, self, currentuser, None, group)
else:
try:
userq= User.objects(nick=newowner)
newowner=userq.get().nick
except:
#make sure target exists.
doabort('BAD_REQ', "No such user %s" % newowner)
try:
lib=libq.get()
except:
doabort('BAD_REQ', "No such group %s" % fqtn)
authorize_context_owner(False, self, currentuser, None, lib)
try:
oldownernick=lib.owner
if groupmode:
lib.update(safe_update=True, set__owner = newowner, push__members=newowner)
else:
lib.update(safe_update=True, set__owner = newowner, push__members=newowner, pull__members=oldownernick)
except:
doabort('BAD_REQ', "Failed changing owner from %s to %s for lib %s" % (oldownernick, newowner, fqln))
return newowner
def inviteUserToPostable(self, currentuser, useras, fqpn, user, changerw=False):
"invite a user to a postable."
ptype = gettype(fqpn)
postable = self.getPostable(currentuser, fqpn)
usertobeaddedfqin = user.basic.fqin
if usertobeaddedfqin == useras.basic.fqin:
doabort(
"BAD_REQ", "Failed inviting user %s to postable %s as cant invite owner" % (usertobeaddedfqin, fqpn)
)
# userq= User.objects(basic__fqin=usertobeaddedfqin)
# try:
# user=userq.get()
# except:
# doabort('BAD_REQ', "No such user %s" % usertobeaddedfqin)
authorize_postable_owner(False, self, currentuser, useras, postable)
try:
if not changerw:
rw = RWDEFMAP[ptype]
else:
rw = not RWDEFMAP[ptype]
pe = is_pe_in_mble(postable, user.postablesinvitedto)
# memb = is_me_in_pble(memberable, postable.members)
if pe == False:
pe = PostableEmbedded(
ptype=ptype.classname,
fqpn=postable.basic.fqin,
owner=useras.adsid,
pname=postable.presentable_name(),
readwrite=rw,
description=postable.basic.description,
)
user.update(safe_update=True, push__postablesinvitedto=pe)
memb = is_me_in_pble(user, postable.inviteds)
if memb == False:
memb = MembableEmbedded(
mtype=User.classname, fqmn=usertobeaddedfqin, readwrite=rw, pname=user.presentable_name()
)
# BUG: ok to use fqin here instead of getting from oblect?
# print "LLL", pe.to_json(), memb.to_json(), "+++++++++++++"
# print postable.to_json()
postable.update(safe_update=True, push__inviteds=memb)
##print "userq", userq.to_json()
except:
doabort("BAD_REQ", "Failed inviting user %s to postable %s" % (usertobeaddedfqin, fqpn))
##print "IIIII", userq.get().groupsinvitedto
postable.reload()
user.reload()
return user, postable
def addUserToApp(self, currentuser, fqan, usertobeaddednick):
appq=App.objects(basic__fqin=fqan)
userq= User.objects(nick=usertobeaddednick)
try:
app=appq.get()
except:
doabort('BAD_REQ', "No such app %s" % fqan)
authorize_context_owner(False, self, currentuser, None, app)
try:
userq.update(safe_update=True, push__appsin=fqan)
appq.update(safe_update=True, push__members=usertobeaddednick)
except:
doabort('BAD_REQ', "Failed adding user %s to app %s" % (usertobeaddednick, fqan))
return usertobeaddednick
def addGroupToApp(self, currentuser, fullyQualifiedAppName, fullyQualifiedGroupName, authspec):
app=self.getApp(currentuser, fullyQualifiedAppName)
grp=self.getGroup(currentuser, fullyQualifiedGroupName)
#You must be owner of the group and member of the app
#no useras stuff here?
#permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin))
#permit(self.isMemberOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be member of app %s or systemuser" % (currentuser.nick, app.fqin))
authorize_context_owner(False, self, currentuser, None, grp)
authorize_context_member(False, self, currentuser, None, app)
try:
grp.applicationsin.append(app)
#pubsub must add the individual users. BUG is that how we want to do it?
except:
doabort('BAD_REQ', "Failed adding group %s to app %s" % (grp.fqin, app.fqin))
return grp
def removeUserFromApp(self, currentuser, fqan, usertoberemovednick):
appq=App.objects(basic__fqin=fqan)
userq= User.objects(nick=usertoberemovednick)
try:
app=appq.get()
except:
doabort('BAD_REQ', "No such app %s" % fqan)
authorize_context_owner(False, self, currentuser, None, app)
try:
userq.update(safe_update=True, pull_groupsin=fqan)
appq.update(safe_update=True, pull__members=usertoberemovednick)
except:
doabort('BAD_REQ', "Failed removing user %s from app %s" % (usertoberemovednick, fqan))
return OK
def addPostable(self, currentuser, useras, ptypestr, postablespec):
"the useras adds a postable. currently either currentuser=superuser or useras"
# authorize(False, self, currentuser, currentuser)
authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras)
postablespec["creator"] = useras.basic.fqin
postablespec = augmentspec(postablespec, ptypestr)
a = postablespec["basic"].name.find(":")
b = postablespec["basic"].name.find("/")
if a != -1 or b != -1:
doabort("BAD_REQ", "Failed adding postable due to presence of : or / %s" % (postablespec["basic"].name))
ptype = gettype(postablespec["basic"].fqin)
try:
# print "do we exist",postablespec['basic'].fqin
p = ptype.objects.get(basic__fqin=postablespec["basic"].fqin)
# print "postable exists", p.basic.fqin
return useras, p
except:
# print "In addPostable", ptypestr, ptype
try:
newpostable = ptype(**postablespec)
newpostable.save(safe=True)
# how to save it together?
userq = User.objects(basic__fqin=newpostable.owner)
user = userq.get()
newpe = is_pe_in_mble(newpostable, user.postablesowned)
# memb = is_me_in_pble(memberable, postable.members)
# this would be added a second time but we are protected by this line above!
if newpe == False:
newpe = PostableEmbedded(
ptype=ptypestr,
fqpn=newpostable.basic.fqin,
owner=user.adsid,
pname=newpostable.presentable_name(),
readwrite=True,
description=newpostable.basic.description,
)
res = userq.update(safe_update=True, push__postablesowned=newpe)
##print "result", res, currentuser.groupsowned, currentuser.to_json()
except:
doabort("BAD_REQ", "Failed adding postable %s %s" % (ptype.__name__, postablespec["basic"].fqin))
# BUG changerw must be appropriate here!
self.addMemberableToPostable(
currentuser, useras, newpostable.basic.fqin, newpostable.basic.creator, changerw=False, ownermode=True
)
##print "autoRELOAD?", userq.get().to_json()
newpostable.reload()
return user, newpostable
