Exemplo n.º 1
0
def permission_user_new(auth_client):
    if auth_client.user:
        form = UserPermissionAssignForm()
    elif auth_client.organization:
        form = TeamPermissionAssignForm()
        form.organization = auth_client.organization
        form.team_id.choices = [(team.buid, team.title)
                                for team in auth_client.organization.teams]
    else:
        abort(403)  # This should never happen. Clients always have an owner.
    if form.validate_on_submit():
        perms = set()
        if auth_client.user:
            permassign = AuthClientUserPermissions.get(auth_client=auth_client,
                                                       user=form.user.data)
            if permassign:
                perms.update(permassign.access_permissions.split())
            else:
                permassign = AuthClientUserPermissions(user=form.user.data,
                                                       auth_client=auth_client)
                db.session.add(permassign)
        else:
            permassign = AuthClientTeamPermissions.get(auth_client=auth_client,
                                                       team=form.team)
            if permassign:
                perms.update(permassign.access_permissions.split())
            else:
                permassign = AuthClientTeamPermissions(team=form.team,
                                                       auth_client=auth_client)
                db.session.add(permassign)
        perms.update(form.perms.data.split())
        permassign.access_permissions = ' '.join(sorted(perms))
        db.session.commit()
        if auth_client.user:
            flash(
                _("Permissions have been assigned to user {pname}").format(
                    pname=form.user.data.pickername),
                'success',
            )
        else:
            flash(
                _("Permissions have been assigned to team ‘{pname}’").format(
                    pname=permassign.team.pickername),
                'success',
            )
        return render_redirect(url_for('.client_info', key=auth_client.buid),
                               code=303)
    return render_form(
        form=form,
        title=_("Assign permissions"),
        formid='perm_assign',
        submit=_("Assign permissions"),
    )
Exemplo n.º 2
0
def client_info(auth_client):
    if auth_client.user:
        permassignments = AuthClientUserPermissions.all_forclient(
            auth_client).all()
    else:
        permassignments = AuthClientTeamPermissions.all_forclient(
            auth_client).all()
    return render_template(
        'client_info.html.jinja2',
        auth_client=auth_client,
        permassignments=permassignments,
    )
Exemplo n.º 3
0
def client_edit(auth_client):
    form = RegisterClientForm(obj=auth_client, model=AuthClient)
    form.edit_user = current_auth.user
    form.client_owner.choices = available_client_owners()
    if request.method == 'GET':
        if auth_client.user:
            form.client_owner.data = auth_client.user.buid
        else:
            form.client_owner.data = auth_client.organization.buid

    if form.validate_on_submit():
        if (auth_client.user != form.user
                or auth_client.organization != form.organization):
            # Ownership has changed. Remove existing permission assignments
            AuthClientUserPermissions.all_forclient(auth_client).delete(
                synchronize_session=False)
            AuthClientTeamPermissions.all_forclient(auth_client).delete(
                synchronize_session=False)
            flash(
                _("This application’s owner has changed, so all previously assigned permissions "
                  "have been revoked"),
                'warning',
            )
        form.populate_obj(auth_client)
        auth_client.user = form.user
        auth_client.organization = form.organization
        db.session.commit()
        return render_redirect(url_for('.client_info', key=auth_client.buid),
                               code=303)

    return render_form(
        form=form,
        title=_("Edit application"),
        formid='client_edit',
        submit=_("Save changes"),
        ajax=True,
    )
Exemplo n.º 4
0
def permission_user_delete(auth_client, kwargs):
    if auth_client.user:
        user = User.get(buid=kwargs['buid'])
        if not user:
            abort(404)
        permassign = AuthClientUserPermissions.get(auth_client=auth_client,
                                                   user=user)
        if not permassign:
            abort(404)
        return render_delete_sqla(
            permassign,
            db,
            title=_("Confirm delete"),
            message=
            _("Remove all permissions assigned to user {pname} for app ‘{title}’?"
              ).format(pname=user.pickername, title=auth_client.title),
            success=_("You have revoked permisions for user {pname}").format(
                pname=user.pickername),
            next=url_for('.client_info', key=auth_client.buid),
        )
    else:
        team = Team.get(buid=kwargs['buid'])
        if not team:
            abort(404)
        permassign = AuthClientTeamPermissions.get(auth_client=auth_client,
                                                   team=team)
        if not permassign:
            abort(404)
        return render_delete_sqla(
            permassign,
            db,
            title=_("Confirm delete"),
            message=
            _("Remove all permissions assigned to team ‘{pname}’ for app ‘{title}’?"
              ).format(pname=team.title, title=auth_client.title),
            success=_("You have revoked permisions for team {title}").format(
                title=team.title),
            next=url_for('.client_info', key=auth_client.buid),
        )
Exemplo n.º 5
0
def get_userinfo(user,
                 auth_client,
                 scope=[],
                 user_session=None,
                 get_permissions=True):

    teams = {}

    if '*' in scope or 'id' in scope or 'id/*' in scope:
        userinfo = {
            'userid': user.buid,
            'buid': user.buid,
            'uuid': user.uuid,
            'username': user.username,
            'fullname': user.fullname,
            'timezone': user.timezone,
            'avatar': user.avatar,
            'oldids': [o.buid for o in user.oldids],
            'olduuids': [o.uuid for o in user.oldids],
        }
    else:
        userinfo = {}

    if user_session:
        userinfo['sessionid'] = user_session.buid

    if '*' in scope or 'email' in scope or 'email/*' in scope:
        userinfo['email'] = str(user.email)
    if '*' in scope or 'phone' in scope or 'phone/*' in scope:
        userinfo['phone'] = str(user.phone)
    if '*' in scope or 'organizations' in scope or 'organizations/*' in scope:
        userinfo['organizations'] = {
            'owner': [{
                'userid': org.buid,
                'buid': org.buid,
                'uuid': org.uuid,
                'name': org.name,
                'title': org.title,
            } for org in user.organizations_owned()],
            'member': [{
                'userid': org.buid,
                'buid': org.buid,
                'uuid': org.uuid,
                'name': org.name,
                'title': org.title,
            } for org in user.organizations_memberof()],
            'all': [{
                'userid': org.buid,
                'buid': org.buid,
                'uuid': org.uuid,
                'name': org.name,
                'title': org.title,
            } for org in user.organizations()],
        }

    if ('*' in scope or 'organizations' in scope or 'teams' in scope
            or 'organizations/*' in scope or 'teams/*' in scope):
        for team in user.teams:
            teams[team.buid] = {
                'userid': team.buid,
                'buid': team.buid,
                'uuid': team.uuid,
                'title': team.title,
                'org': team.organization.buid,
                'org_uuid': team.organization.uuid,
                'owners': team == team.organization.owners,
                'member': True,
            }

    if '*' in scope or 'teams' in scope or 'teams/*' in scope:
        for org in user.organizations_owned():
            for team in org.teams:
                if team.buid not in teams:
                    teams[team.buid] = {
                        'userid': team.buid,
                        'buid': team.buid,
                        'uuid': team.uuid,
                        'title': team.title,
                        'org': team.organization.buid,
                        'org_uuid': team.organization.uuid,
                        'owners': team == team.organization.owners,
                        'member': False,
                    }

    if teams:
        userinfo['teams'] = list(teams.values())

    if get_permissions:
        if auth_client.user:
            perms = AuthClientUserPermissions.get(auth_client=auth_client,
                                                  user=user)
            if perms:
                userinfo['permissions'] = perms.access_permissions.split(' ')
        else:
            permsset = set()
            if user.teams:
                perms = AuthClientTeamPermissions.all_for(
                    auth_client=auth_client, user=user).all()
                for permob in perms:
                    permsset.update(permob.access_permissions.split(' '))
            userinfo['permissions'] = sorted(permsset)
    return userinfo
Exemplo n.º 6
0
def permission_user_edit(auth_client, kwargs):
    if auth_client.user:
        user = User.get(buid=kwargs['buid'])
        if not user:
            abort(404)
        permassign = AuthClientUserPermissions.get(auth_client=auth_client,
                                                   user=user)
        if not permassign:
            abort(404)
    elif auth_client.organization:
        team = Team.get(buid=kwargs['buid'])
        if not team:
            abort(404)
        permassign = AuthClientTeamPermissions.get(auth_client=auth_client,
                                                   team=team)
        if not permassign:
            abort(404)
    form = PermissionEditForm()
    if request.method == 'GET':
        if permassign:
            form.perms.data = permassign.access_permissions
    if form.validate_on_submit():
        perms = ' '.join(sorted(form.perms.data.split()))
        if not perms:
            db.session.delete(permassign)
        else:
            permassign.access_permissions = perms
        db.session.commit()
        if perms:
            if auth_client.user:
                flash(
                    _("Permissions have been updated for user {pname}").format(
                        pname=user.pickername),
                    'success',
                )
            else:
                flash(
                    _("Permissions have been updated for team {title}").format(
                        title=team.title),
                    'success',
                )
        else:
            if auth_client.user:
                flash(
                    _("All permissions have been revoked for user {pname}").
                    format(pname=user.pickername),
                    'success',
                )
            else:
                flash(
                    _("All permissions have been revoked for team {title}").
                    format(title=team.title),
                    'success',
                )
        return render_redirect(url_for('.client_info', key=auth_client.buid),
                               code=303)
    return render_form(
        form=form,
        title=_("Edit permissions"),
        formid='perm_edit',
        submit=_("Save changes"),
        ajax=True,
    )
Exemplo n.º 7
0
    def make_fixtures(self):
        """
        Create users, attach them to organizations. Create test client app, add test
        resource, action and message.
        """
        crusoe = User(username="******", fullname="Crusoe Celebrity Dachshund")
        oakley = User(username="******")
        piglet = User(username="******")
        nameless = User(fullname="Nameless")

        db.session.add_all([crusoe, oakley, piglet, nameless])
        self.crusoe = crusoe
        self.oakley = oakley
        self.piglet = piglet
        self.nameless = nameless

        crusoe_email = UserEmail(
            email="*****@*****.**", user=crusoe, primary=True
        )
        crusoe_phone = UserPhone(phone="+8080808080", user=crusoe, primary=True)
        oakley_email = UserEmail(email="*****@*****.**", user=oakley)
        db.session.add_all([crusoe_email, crusoe_phone, oakley_email])
        self.crusoe_email = crusoe_email
        self.crusoe_phone = crusoe_phone

        batdog = Organization(name='batdog', title='Batdog')
        batdog.owners.users.append(crusoe)
        db.session.add(batdog)
        self.batdog = batdog

        specialdachs = Organization(name="specialdachs", title="Special Dachshunds")
        specialdachs.owners.users.append(oakley)
        db.session.add(specialdachs)
        self.specialdachs = specialdachs

        auth_client = AuthClient(
            title="Batdog Adventures",
            organization=batdog,
            confidential=True,
            namespace='fun.batdogadventures.com',
            website="http://batdogadventures.com",
        )
        db.session.add(auth_client)
        self.auth_client = auth_client

        dachshunds = Team(title="Dachshunds", organization=batdog)
        db.session.add(dachshunds)
        self.dachshunds = dachshunds

        auth_client_team_permissions = AuthClientTeamPermissions(
            team=dachshunds, auth_client=auth_client, access_permissions="admin"
        )
        self.auth_client_team_permissions = auth_client_team_permissions
        db.session.add(auth_client_team_permissions)

        auth_client_user_permissions = AuthClientUserPermissions(
            user=crusoe, auth_client=auth_client
        )
        db.session.add(auth_client_user_permissions)
        self.auth_client_user_permissions = auth_client_user_permissions

        message = SMSMessage(
            phone_number=crusoe_phone.phone,
            transactionid="Ruff" * 5,
            message="Wuff Wuff",
        )
        db.session.add(message)
        db.session.commit()
        self.message = message