def addUser(self, currentuser, userspec): #permit(self.isSystemUser(currentuser), "Only System User can add users") #hiding as not sure how to bootstrap TODO #authorize(False, self, currentuser, None) #addUserToApp will fail if we are not systemuser. #for some such functions we could swap out to apps owner #but decide on app invitation model for this vspec=validatespec(userspec, "user") #print vspec try: newuser=User(**vspec) self.session.add(newuser) except: import sys print sys.exc_info() doabort('BAD_REQ', "Failed adding user %s" % userspec['nick']) #Also add user to private default group and public group if newuser.nick == '*****@*****.**': #Shouldnt this be part of system configuration newuser.systemuser=True currentuser=newuser self.addGroup(currentuser, dict(name='public', description="Public Items", creator=newuser)) self.commit() print "CURRENT", currentuser self.addGroup(currentuser, dict(name='default', creator=newuser, personalgroup=True)) self.addUserToGroup(currentuser, '[email protected]/group:public', newuser, None) #Faking this for now #self.addUserToApp(currentuser, '[email protected]/app:publications', newuser, None) return newuser
def getUserForNick(self, currentuser, nick): print "nick is", nick try: user=self.session.query(User).filter_by(nick=nick).one() except: doabort('NOT_FND', "User %s not found" % nick) return user
def addMemberableToMembable(self, currentuser, useras, fqpn, memberablefqin, changerw=False): "add a user, group, or app to a postable=group, app, or library" ptype = gettype(fqpn) mtype = gettype(memberablefqin) # BUG: need exception handling here, also want to make sure no strange fqins are accepted membableq = ptype.objects(basic__fqin=fqpn) try: membable = membableq.get() except: doabort("BAD_REQ", "No such membable(tag) %s" % fqpn) memberableq = mtype.objects(basic__fqin=memberablefqin) memberable = memberableq.get() try: if not changerw: rw = RWDEFMAP[ptype] else: rw = not RWDEFMAP[ptype] memb = is_me_in_pble(memberable, membable.members) if memb == False: memb = MembableEmbedded( mtype=mtype.classname, fqmn=memberablefqin, readwrite=rw, pname=memberable.presentable_name() ) membableq.update(safe_update=True, push__members=memb) except: doabort( "BAD_REQ", "Failed adding memberable %s %s to membable %s %s" % (mtype.__name__, memberablefqin, ptype.__name__, fqpn), ) return memberableq.get(), membableq.get()
def getMemberableForFqin(self, currentuser, mtype, memberfqin): "gets user for nick" try: member = mtype.objects(basic__fqin=memberfqin).get() except: doabort("NOT_FND", "User %s not found" % memberfqin) return member
def changeOwnershipOfOwnable(self, currentuser, owner, fqon, newowner): "this is used for things like itentypes and tagtypes, not for g/a/l. Also for tags?" otype = gettype(fqon) oq = otype.objects(basic__fqin=fqon) try: ownable = oq.get() except: doabort("BAD_REQ", "No such ownable %s %s" % (otype.__name__, fqon)) authorize_ownable_owner(False, self, currentuser, owner, ownable) # try: # newowner=self.getUserForFqin(currentuser, newownerfqin) # except: # #make sure target exists. # doabort('BAD_REQ', "No such newowner %s" % newownerfqin) newownerfqin = newowner.basic.fqin permit( self.isMemberOfMembable(currentuser, newowner, ownable), " Possible new owner %s must be member of ownable %s %s" % (newownerfqin, ptype.__name__, fqpn), ) try: oldownerfqpn = ownable.owner # memb=MembableEmbedded(mtype=User.classname, fqmn=newowner.basic.fqin, readwrite=True, pname = newowner.presentable_name()) memb = is_me_in_pble(newowner, ownable.members) # oq.filter(members__fqmn=newowner.basic.fqin).update_one(safe_update=True, set__owner = newowner.basic.fqin, set__members_S=memb) ownable.update(safe_update=True, set__owner=newowner.basic.fqin) except: doabort( "BAD_REQ", "Failed changing owner from %s to %s for ownable %s %s" % (oldownerfqpn, newowner.basic.fqin, otype.__name__, fqon), ) newowner.reload() ownable.reload() return newowner, ownable
def getUserForFqin(self, currentuser, userfqin): "gets user for nick" try: user = User.objects(basic__fqin=userfqin).get() except: doabort("NOT_FND", "User %s not found" % userfqin) return user
def getMembable(self, currentuser, fqmn): "gets the membable corresponding to the fqpn" mtype = gettype(fqmn) try: membable = mtype.objects(basic__fqin=fqmn).get() except: doabort("NOT_FND", "%s %s not found" % (classname(mtype), fqmn)) return membable
def permit2(authstart, clausetuples): start=authstart reasons=[] for tup in clausetuples: start = start or tup[0] reasons.append(tup[1]) if start==False: doabort('NOT_AUT', {'reason':' or '.join(reasons)})
def getUserForNick(self, currentuser, nick): "gets user for nick" ##print "ingetuser", [e.nick for e in User.objects] # print "nick", nick try: user = User.objects(nick=nick).get() except: doabort("NOT_FND", "User %s not found" % nick) return user
def removeUserFromApp(self, currentuser, fullyQualifiedAppName, usertoberemoved): app=self.getApp(currentuser, fullyQualifiedAppName) #permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be owner of app %s or systemuser" % (currentuser.nick, app.fqin)) authorize_context_owner(False, self, currentuser, None, app) try: usertoberemoved.applicationsin.remove(app) except: doabort('BAD_REQ', "Failed removing user %s from app %s" % (usertoberemoved.nick, app.fqin)) return OK
def acceptInviteToApp(self, currentuser, fullyQualifiedAppName, me, authspec): app=self.getApp(currentuser, fullyQualifiedAppName) authorize(False, self, currentuser, me) permit(self.isInvitedToApp(me, app), "User %s must be invited to app %s" % (me.nick, app.fqin)) try: me.applicationsin.append(app) except: doabort('BAD_REQ', "Failed in user %s accepting invite to app %s" % (me.nick, app.fqin)) return me
def removeUserFromGroup(self, currentuser, fullyQualifiedGroupName, usertoberemoved): grp=self.getGroup(currentuser, fullyQualifiedGroupName) #permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) authorize_context_owner(False, self, currentuser, None, grp) try: usertoberemoved.groupsin.remove(grp) except: doabort('BAD_REQ', "Failed removing user %s from group %s" % (usertoberemoved.nick, grp.fqin)) return OK
def inviteUserToApp(self, currentuser, fqan, usertobeaddednick): app=self.getApp(currentuser, fqan) userq= User.objects(nick=usertobeaddednick) authorize_context_owner(False, self, currentuser, None, app) try: userq.update(safe_update=True, push__appsinvitedto=fqan) except: doabort('BAD_REQ', "Failed inviting user %s to app %s" % (usertobeadded.nick, fqan)) return usertobeaddednick
def inviteUserToGroup(self, currentuser, fullyQualifiedGroupName, usertobeadded, authspec): grp=self.getGroup(currentuser, fullyQualifiedGroupName) #permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) authorize_context_owner(False, self, currentuser, None, grp) try: usertobeadded.groupsinvitedto.append(grp) except: doabort('BAD_REQ', "Failed inviting user %s to group %s" % (usertobeadded.nick, grp.fqin)) return usertobeadded
def inviteUserToApp(self, currentuser, fullyQualifiedAppName, usertobeadded, authspec): app=self.getApp(currentuser, fullyQualifiedAppName) #permit(self.isOwnerOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be owner of app %s or systemuser" % (currentuser.nick, app.fqin)) authorize_context_owner(False, self, currentuser, None, app) try: usertobeadded.applicationsinvitedto.append(app) except: doabort('BAD_REQ', "Failed inviting user %s to app %s" % (usertobeadded.nick, app.fqin)) return usertobeaded
def inviteUserToGroup(self, currentuser, fqgn, usertobeaddednick): grp=self.getGroup(currentuser, fqgn) userq= User.objects(nick=usertobeaddednick) authorize_context_owner(False, self, currentuser, None, grp) try: userq.update(safe_update=True, push__groupsinvitedto=fqgn) except: doabort('BAD_REQ', "Failed inviting user %s to group %s" % (usertobeadded.nick, fqgn)) #print "IIIII", userq.get().groupsinvitedto return usertobeaddednick
def validatespec(specdict, spectype="user"): keysneeded=MUSTHAVEKEYS[spectype] keyswehave=specdict.keys() for k in keysneeded: if k not in keyswehave: doabort('BAD_REQ', "Key %s not in spec for %s" % (k, spectype)) if spectype=='group' or spectype=='app': specdict['owner']=specdict['creator'] specdict['fqin']=specdict['creator'].nick+"/"+spectype+":"+specdict['name'] return specdict
def getUserForCookieid(self, currentuser, cookieid): "gets user for adsid" ##print "ingetuser", [e.nick for e in User.objects] ##print "nick", nick try: user = User.objects(cookieid=cookieid).get() except: # print "JJJJ", sys.exc_info() doabort("NOT_FND", "User %s not found" % cookieid) return user
def acceptInviteToGroup(self, currentuser, fullyQualifiedGroupName, me, authspec): grp=self.getGroup(currentuser, fullyQualifiedGroupName) authorize(False, self, currentuser, me) permit(self.isInvitedToGroup(me, grp), "User %s must be invited to group %s" % (me.nick, grp.fqin)) #permit(self.isInvitedToGroup(me, grp) or self.isSystemUser(currentuser), "User %s must be invited to group %s or currentuser must be systemuser" % (me.nick, grp.fqin)) try: me.groupsin.append(grp) except: doabort('BAD_REQ', "Failed in user %s accepting invite to group %s" % (me.nick, grp.fqin)) return me
def addUserToGroup(self, currentuser, grouporfullyQualifiedGroupName, usertobeadded, authspec): grp=_group(currentuser, self, grouporfullyQualifiedGroupName) if grp.fqin!='[email protected]/group:public': #special case so any user can add themselves to public group #permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) authorize_context_owner(False, self, currentuser, None, grp) try: usertobeadded.groupsin.append(grp) except: doabort('BAD_REQ', "Failed adding user %s to group %s" % (usertobeadded.nick, grp.fqin)) return usertobeadded
def changeOwnershipOfGroup(self, currentuser, fullyQualifiedGroupName, usertobenewowner): grp=self.getGroup(currentuser, fullyQualifiedGroupName) #permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) authorize_context_owner(False, self, currentuser, None, grp) permit(self.isMemberOfGroup(usertobenewowner, grp), " User %s must be member of grp %s" % (currentuser.nick, grp.fqin)) try: oldownernick=grp.owner.nick grp.owner = usertobenewowner except: doabort('BAD_REQ', "Failed changing owner from %s to %s for group %s" % (oldownernick, usertobenewowner.nick, grp.fqin)) return usertobenewowner
def addApp(self, currentuser, appspec): authorize(False, self, currentuser, currentuser) appspec=validatespec(appspec, "app") appspec['appgroup']=True try: newapp=Application(**appspec) except: doabort('BAD_REQ', "Failed adding app %s" % appspec['name']) self.session.add(newapp) #self.commit()#needed due to full lookup in addUserToApp. fixthis self.addUserToApp(currentuser, newapp, newapp.creator, None) return newapp
def addGroup(self, currentuser, groupspec): authorize(False, self, currentuser, currentuser) vspec=validatespec(groupspec, "group") try: newgroup=Group(**vspec) except: doabort('BAD_REQ', "Failed adding group %s" % groupspec['name']) #Also add user to private default group and public group self.session.add(newgroup) #self.commit()#needed as in addUserToGroup you do a full lookup. fix this! #print newgroup.fqin, newgroup.creator.info(), '<<<<<<' self.addUserToGroup(currentuser, newgroup, newgroup.creator, None) return newgroup
def removeGroupFromApp(self, currentuser, fullyQualifiedAppName, fullyQualifiedGroupName): app=self.getApp(currentuser, fullyQualifiedAppName) grp=self.getGroup(currentuser, fullyQualifiedGroupName) #permit(self.isOwnerOfGroup(currentuser, grp), "User %s must be owner of group %s" % (currentuser.nick, grp.fqin)) #permit(self.isMemberOfApp(currentuser, app), "User %s must be member of app %s" % (currentuser.nick, app.fqin)) authorize_context_owner(False, self, currentuser, None, grp) authorize_context_member(False, self, currentuser, None, app) try: grp.applicationsin.remove(app) #pubsub depending on what we want to do to delete except: doabort('BAD_REQ', "Failed removing group %s from app %s" % (grp.fqin, app.fqin)) return OK
def changeOwnershipOfLibrary(self, currentuser, fqln, newowner, groupmode=False): libq=Library.objects(basic__fqin=fqln) if groupmode: try: groupq=Group.objects(basic__fqin=newowner) group=groupq.get() newowner=group.basic.fqin except: #make sure target exists. doabort('BAD_REQ', "No such group %s" % newowner) authorize_context_member(False, self, currentuser, None, group) else: try: userq= User.objects(nick=newowner) newowner=userq.get().nick except: #make sure target exists. doabort('BAD_REQ', "No such user %s" % newowner) try: lib=libq.get() except: doabort('BAD_REQ', "No such group %s" % fqtn) authorize_context_owner(False, self, currentuser, None, lib) try: oldownernick=lib.owner if groupmode: lib.update(safe_update=True, set__owner = newowner, push__members=newowner) else: lib.update(safe_update=True, set__owner = newowner, push__members=newowner, pull__members=oldownernick) except: doabort('BAD_REQ', "Failed changing owner from %s to %s for lib %s" % (oldownernick, newowner, fqln)) return newowner
def inviteUserToPostable(self, currentuser, useras, fqpn, user, changerw=False): "invite a user to a postable." ptype = gettype(fqpn) postable = self.getPostable(currentuser, fqpn) usertobeaddedfqin = user.basic.fqin if usertobeaddedfqin == useras.basic.fqin: doabort( "BAD_REQ", "Failed inviting user %s to postable %s as cant invite owner" % (usertobeaddedfqin, fqpn) ) # userq= User.objects(basic__fqin=usertobeaddedfqin) # try: # user=userq.get() # except: # doabort('BAD_REQ', "No such user %s" % usertobeaddedfqin) authorize_postable_owner(False, self, currentuser, useras, postable) try: if not changerw: rw = RWDEFMAP[ptype] else: rw = not RWDEFMAP[ptype] pe = is_pe_in_mble(postable, user.postablesinvitedto) # memb = is_me_in_pble(memberable, postable.members) if pe == False: pe = PostableEmbedded( ptype=ptype.classname, fqpn=postable.basic.fqin, owner=useras.adsid, pname=postable.presentable_name(), readwrite=rw, description=postable.basic.description, ) user.update(safe_update=True, push__postablesinvitedto=pe) memb = is_me_in_pble(user, postable.inviteds) if memb == False: memb = MembableEmbedded( mtype=User.classname, fqmn=usertobeaddedfqin, readwrite=rw, pname=user.presentable_name() ) # BUG: ok to use fqin here instead of getting from oblect? # print "LLL", pe.to_json(), memb.to_json(), "+++++++++++++" # print postable.to_json() postable.update(safe_update=True, push__inviteds=memb) ##print "userq", userq.to_json() except: doabort("BAD_REQ", "Failed inviting user %s to postable %s" % (usertobeaddedfqin, fqpn)) ##print "IIIII", userq.get().groupsinvitedto postable.reload() user.reload() return user, postable
def addUserToApp(self, currentuser, fqan, usertobeaddednick): appq=App.objects(basic__fqin=fqan) userq= User.objects(nick=usertobeaddednick) try: app=appq.get() except: doabort('BAD_REQ', "No such app %s" % fqan) authorize_context_owner(False, self, currentuser, None, app) try: userq.update(safe_update=True, push__appsin=fqan) appq.update(safe_update=True, push__members=usertobeaddednick) except: doabort('BAD_REQ', "Failed adding user %s to app %s" % (usertobeaddednick, fqan)) return usertobeaddednick
def addGroupToApp(self, currentuser, fullyQualifiedAppName, fullyQualifiedGroupName, authspec): app=self.getApp(currentuser, fullyQualifiedAppName) grp=self.getGroup(currentuser, fullyQualifiedGroupName) #You must be owner of the group and member of the app #no useras stuff here? #permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) #permit(self.isMemberOfApp(currentuser, app) or self.isSystemUser(currentuser), "User %s must be member of app %s or systemuser" % (currentuser.nick, app.fqin)) authorize_context_owner(False, self, currentuser, None, grp) authorize_context_member(False, self, currentuser, None, app) try: grp.applicationsin.append(app) #pubsub must add the individual users. BUG is that how we want to do it? except: doabort('BAD_REQ', "Failed adding group %s to app %s" % (grp.fqin, app.fqin)) return grp
def removeUserFromApp(self, currentuser, fqan, usertoberemovednick): appq=App.objects(basic__fqin=fqan) userq= User.objects(nick=usertoberemovednick) try: app=appq.get() except: doabort('BAD_REQ', "No such app %s" % fqan) authorize_context_owner(False, self, currentuser, None, app) try: userq.update(safe_update=True, pull_groupsin=fqan) appq.update(safe_update=True, pull__members=usertoberemovednick) except: doabort('BAD_REQ', "Failed removing user %s from app %s" % (usertoberemovednick, fqan)) return OK
def addPostable(self, currentuser, useras, ptypestr, postablespec): "the useras adds a postable. currently either currentuser=superuser or useras" # authorize(False, self, currentuser, currentuser) authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) postablespec["creator"] = useras.basic.fqin postablespec = augmentspec(postablespec, ptypestr) a = postablespec["basic"].name.find(":") b = postablespec["basic"].name.find("/") if a != -1 or b != -1: doabort("BAD_REQ", "Failed adding postable due to presence of : or / %s" % (postablespec["basic"].name)) ptype = gettype(postablespec["basic"].fqin) try: # print "do we exist",postablespec['basic'].fqin p = ptype.objects.get(basic__fqin=postablespec["basic"].fqin) # print "postable exists", p.basic.fqin return useras, p except: # print "In addPostable", ptypestr, ptype try: newpostable = ptype(**postablespec) newpostable.save(safe=True) # how to save it together? userq = User.objects(basic__fqin=newpostable.owner) user = userq.get() newpe = is_pe_in_mble(newpostable, user.postablesowned) # memb = is_me_in_pble(memberable, postable.members) # this would be added a second time but we are protected by this line above! if newpe == False: newpe = PostableEmbedded( ptype=ptypestr, fqpn=newpostable.basic.fqin, owner=user.adsid, pname=newpostable.presentable_name(), readwrite=True, description=newpostable.basic.description, ) res = userq.update(safe_update=True, push__postablesowned=newpe) ##print "result", res, currentuser.groupsowned, currentuser.to_json() except: doabort("BAD_REQ", "Failed adding postable %s %s" % (ptype.__name__, postablespec["basic"].fqin)) # BUG changerw must be appropriate here! self.addMemberableToPostable( currentuser, useras, newpostable.basic.fqin, newpostable.basic.creator, changerw=False, ownermode=True ) ##print "autoRELOAD?", userq.get().to_json() newpostable.reload() return user, newpostable