Exemplo n.º 1
0
def rest_put(namespace, ctype, _id=None):
	#get the session (security)
	account = get_account()
	storage = get_storage(namespace=namespace)
	
	#check rights on specific ctype (check ctype_to_group_access variable below)
	if ctype in ctype_to_group_access:
		if not check_group_rights(account,ctype_to_group_access[ctype]):
			return HTTPError(403, 'Insufficient rights')

	logger.debug("PUT:")

	data = request.body.readline()
	if not data:
		return HTTPError(400, "No data received")

	logger.debug(" + data: %s" % data)
	logger.debug(" + data-type: %s" % type(data))
		
	if isinstance(data, str):
		try:
			data = json.loads(data)
		except Exception, err:
			logger.error("PUT: Impossible to parse data (%s)" % err)
			return HTTPError(404, "Impossible to parse data")
Exemplo n.º 2
0
def remove_account_from_group(group_id=None,account_id=None):
	session_account = get_account()
	if not check_group_rights(session_account,group_managing_access):
		return HTTPError(403, 'Insufficient rights')
	storage = get_storage(namespace='object',account=session_account)
	
	if not group_id or not account_id:
		return HTTPError(400, 'Bad request, must specified group and account')
	
	#get group && account
	if group_id.find('group.') == -1:
		group_id = 'group.%s' % group_id
		
	if account_id.find('account.') == -1:
		account_id = 'account.%s' % account_id
		
	logger.debug('Try to get %s and %s' % (account_id,group_id))
		
	try:
		account_record = storage.get(account_id,account=session_account)
		account = caccount(account_record)
		group_record = storage.get(group_id,account=session_account)
		group = cgroup(group_record)
		
	except Exception,err:
		logger.error('error while fetching %s and %s : %s' % (account_id,group_id,err))
		return HTTPError(403, 'Record not found or insufficient rights')
Exemplo n.º 3
0
def rest_put(namespace, ctype, _id=None):
    #get the session (security)
    account = get_account()
    storage = get_storage(namespace=namespace, logging_level=logger.level)

    #check rights on specific ctype (check ctype_to_group_access variable below)
    if ctype in ctype_to_group_access:
        if not check_group_rights(account, ctype_to_group_access[ctype]):
            return HTTPError(403, 'Insufficient rights')

    logger.debug("PUT:")

    data = request.body.readline()
    if not data:
        return HTTPError(400, "No data received")

    logger.debug(" + data: %s" % data)
    logger.debug(" + data-type: %s" % type(data))

    if isinstance(data, str):
        try:
            data = json.loads(data)
        except Exception, err:
            logger.error("PUT: Impossible to parse data (%s)" % err)
            return HTTPError(404, "Impossible to parse data")
Exemplo n.º 4
0
def account_get(_id=None):
	namespace = 'object'
	ctype= 'account'
	
	#get the session (security)
	account = get_account()

	if not check_group_rights(account, 'group.account_managing'):
		return HTTPError(403, 'Insufficient rights')

	limit = int(request.params.get('limit', default=20))
	#page =  int(request.params.get('page', default=0))
	start =  int(request.params.get('start', default=0))
	#groups = request.params.get('groups', default=None)
	search = request.params.get('search', default=None)

	logger.debug("GET:")
	logger.debug(" + User: "******" + Group(s): "+str(account.groups))
	logger.debug(" + namespace: "+str(namespace))
	logger.debug(" + Ctype: "+str(ctype))
	logger.debug(" + _id: "+str(_id))
	logger.debug(" + Limit: "+str(limit))
	#logger.debug(" + Page: "+str(page))
	logger.debug(" + Start: "+str(start))
	#logger.debug(" + Groups: "+str(groups))
	logger.debug(" + Search: "+str(search))

	storage = get_storage(namespace=namespace)

	total = 0
	mfilter = {}
	if ctype:
		mfilter = {'crecord_type': ctype}
	if _id:	
		try:
			records = [ storage.get(_id, account=account) ]
			total = 1
		except Exception, err:
			self.logger.error("Exception !\nReason: %s" % err)
			return HTTPError(404, _id+" Not Found")
Exemplo n.º 5
0
def account_get(_id=None):
    namespace = 'object'
    ctype = 'account'

    #get the session (security)
    account = get_account()

    if not check_group_rights(account, 'group.account_managing'):
        return HTTPError(403, 'Insufficient rights')

    limit = int(request.params.get('limit', default=20))
    #page =  int(request.params.get('page', default=0))
    start = int(request.params.get('start', default=0))
    #groups = request.params.get('groups', default=None)
    search = request.params.get('search', default=None)

    logger.debug("GET:")
    logger.debug(" + User: "******" + Group(s): " + str(account.groups))
    logger.debug(" + namespace: " + str(namespace))
    logger.debug(" + Ctype: " + str(ctype))
    logger.debug(" + _id: " + str(_id))
    logger.debug(" + Limit: " + str(limit))
    #logger.debug(" + Page: "+str(page))
    logger.debug(" + Start: " + str(start))
    #logger.debug(" + Groups: "+str(groups))
    logger.debug(" + Search: " + str(search))

    storage = get_storage(namespace=namespace)

    total = 0
    mfilter = {}
    if ctype:
        mfilter = {'crecord_type': ctype}
    if _id:
        try:
            records = [storage.get(_id, account=account)]
            total = 1
        except Exception, err:
            self.logger.error("Exception !\nReason: %s" % err)
            return HTTPError(404, _id + " Not Found")
Exemplo n.º 6
0
def tree_update(name='None'):
	namespace = 'object'
	account = get_account()
		
	if not check_group_rights(account,group_managing_access[0]) and not check_group_rights(account,group_managing_access[1]):
		return HTTPError(403, "Access Denied : Your groups have not right to create/update view")
		
		
	storage = get_storage(namespace=namespace, account=account)
	
	data = json.loads(request.body.readline())
	
	logger.debug('Tree update %s' % data['_id'])

	try:
		logger.debug(' + Get future parent record')
		record_parent = storage.get(data['parentId'], account=account)
	except:
		return HTTPError(403, "You don't have right on the parent record")
	
	try:
		logger.debug(' + Get the children record')
		record_child = storage.get(data['_id'], account=account)
	except:
		logger.debug('   + Children not found')
		record_child = None

	#test if the record exist
	if isinstance(record_child, crecord):
		#check write rights
		if record_parent.check_write(account=account) and record_child.check_write(account=account):
			#if parents are really different
			if not (data['parentId'] in record_child.parent):
				logger.debug(' + Update relations')	
				record_parent_old = storage.get(record_child.parent[0], account=account)
				logger.debug('   + Remove children %s from %s' % (record_child._id, record_parent_old._id))
				record_parent_old.remove_children(record_child)
				
				logger.debug('   + Add children %s to %s' % (record_child._id, record_parent._id))
				record_parent.add_children(record_child)
				
				logger.debug('   + Updating all records')
				storage.put([record_child, record_parent, record_parent_old],account=account)
				
			elif (record_child.name != data['crecord_name']):
				logger.debug(' + Rename record')	
				logger.debug('   + old name : %s' % str(record_child.name))
				logger.debug('   + new name : %s' % data['crecord_name'])
				record_child.name = data['crecord_name']
				storage.put(record_child,account=account)
			
			else :
				logger.debug(' + Records are same, nothing to do')
		else:
			logger.debug('Access Denied')
			return HTTPError(403, "Access Denied")
			
	else:
		#add new view/folder
		parentNode = storage.get(data['parentId'], account=account)
		#test rights
		if isinstance(parentNode, crecord):
			if parentNode.check_write(account=account):
				if data['leaf'] == True:
					logger.debug('record is a leaf, add the new view')
					record = crecord({'leaf':True,'_id':data['id'],'items':data['items']},type='view',name=data['crecord_name'],account=account)
				else:
					logger.debug('record is a directory, add it')
					record = crecord({'_id':data['id']},type='view_directory',name=data['crecord_name'],account=account)
				
				parentNode.add_children(record)
				
				record.chown(account._id)
				record.chgrp(group_managing_access[0])
				record.chmod('g+w')
				record.chmod('g+r')
				
				storage.put([record,parentNode],account=account)
			else:
				logger.debug('Access Denied')
				return HTTPError(403, "Access Denied")

		else :
			logger.error('ParentNode doesn\'t exist')
Exemplo n.º 7
0
def account_post():
	#get the session (security)
	account = get_account()
	if not check_group_rights(account,group_managing_access):
		return HTTPError(403, 'Insufficient rights')
	root_account = caccount(user="******", group="root")
	
	storage = get_storage(namespace='object',account=account)

	logger.debug("POST:")

	data = request.body.readline()
	if not data:
		return HTTPError(400, "No data received")

	data = json.loads(data)

	## Clean data
	try:
		del data['_id']
		del data['id']
		del data['crecord_type']
	except:
		pass
	
	if data['user']:
		#check if already exist
		update = False
		_id = "account." + str(data['user'])
		try:
			record = storage.get(_id ,account=account)
			logger.debug('Update account %s' % _id)
			update = True
		except:
			logger.debug('Create account %s' % _id)

		#-----------------------UPDATE----------------------
		if update:
			#Get password
			if data['passwd']:
				passwd = str(data['passwd'])
			else:
				passwd = None
				
			#Get group
			group = str(data['aaa_group'])
			if group:
				if group.find('group.') == -1:
					group = 'group.%s' % group
					
			
			#get secondary groups
			groups = data['groups']
			secondary_groups = []
			if groups:
				if not isinstance(groups,list):
					groups = [groups]
				for one_group in groups:
					if one_group.find('group.') == -1:
						one_group = 'group.%s' % one_group
						try :
							secondary_groups.append(cgroup(storage.get(one_group,account=account)))
						except Exception,err:
							logger.error('Error while searching secondary group: %s',err)
			
			#clean secondary groups
			for one_record in record.data['groups']:
				if unicode(one_record) not in secondary_groups:
					remove_account_from_group(one_record,record._id)
			
			#get clean account
			record = storage.get(_id ,account=account)

			#clean
			del data['passwd']
			del data['aaa_group']
			del data['groups']

			#new record
			for key in dict(data).keys():
				record.data[key] = data[key]
			update_account = caccount(record)
			
			#updating
			if passwd:
				logger.debug(' + Update password ...')
				update_account.passwd(passwd)
			if group:
				logger.debug(' + Update group ...')
				update_account.chgrp(group)
			if secondary_groups:
				logger.debug(' + Update groups ...')				
				update_account.add_in_groups(secondary_groups)

			storage.put(update_account, account=account)
			storage.put(secondary_groups, account=account)
			reload_account(update_account._id)

		else:
			#----------------------------CREATION--------------------------
			logger.debug(' + New account')
			new_account = caccount(user=data['user'], group=data['aaa_group'], lastname=data['lastname'], firstname=data['firstname'], mail=data['mail'])

			#passwd
			passwd = data['passwd']
			new_account.passwd(passwd)
			logger.debug("   + Passwd: '%s'" % passwd)

			#secondary groups
			groups = data['groups']
			secondary_groups = []
			if groups:
				if not isinstance(groups,list):
					groups = [groups]
				for one_group in groups:
					if one_group.find('group.') == -1:
						one_group = 'group.%s' % one_group
						try :
							secondary_groups.append(cgroup(storage.get(one_group,account=account)))
						except Exception,err:
							logger.error('Error while searching secondary group: %s',err)
			
			new_account.add_in_groups(secondary_groups)
			storage.put(secondary_groups)
			
			#put record
			logger.debug(' + Save new account')
			new_account.chown(new_account._id)
			storage.put(new_account, account=account)
			
			#get rootdir
			logger.debug(' + Create view directory')
			rootdir = storage.get('directory.root', account=root_account)
			
			if rootdir:
				userdir = crecord({'_id': 'directory.root.%s' % new_account.user,'id': 'directory.root.%s' % new_account.user ,'expanded':'true'}, type='view_directory', name=new_account.user)
				userdir.chown(new_account._id)
				userdir.chgrp(new_account.group)
				userdir.chmod('g-w')
				userdir.chmod('g-r')
				storage.put(userdir, account=account)
				rootdir.add_children(userdir)

				storage.put(rootdir, account=root_account)
				storage.put(userdir, account=account)
			else:
				logger.error('Impossible to get rootdir')
Exemplo n.º 8
0
def send_event(	routing_key=None):
	
	account = get_account()
	
	if not check_group_rights(account,group_managing_access):
		return HTTPError(403, 'Insufficient rights')
				
	connector = None
	connector_name = None
	event_type = None
	source_type = None
	component = None
	resource = None
	state = None
	state_type = None
	perf_data = None
	perf_data_array = None
	output = None
	long_output = None
				
	#--------------------explode routing key----------
	if routing_key :
		logger.debug('The routing key is : %s' % str(routing_key))
		
		routing_key = routing_key.split('.')
		if len(routing_key) > 6 or len(routing_key) < 5:
			logger.error('Bad routing key')
			return HTTPError(400, 'Bad routing key')
			
		connector = routing_key[0]
		connector_name = routing_key[1]
		event_type = routing_key[2]
		source_type = routing_key[3]
		component = routing_key[4]
		if routing_key[5]:
			resource = routing_key[5]
	
	
	#-----------------------get params-------------------
	if not connector:
		connector = request.params.get('connector', default=None)
		if not connector :
			logger.error('No connector argument')
			return HTTPError(400, 'Missing connector argument')
			
	if not connector_name:
		connector_name = request.params.get('connector_name', default=None)
		if not connector_name:
			logger.error('No connector name argument')
			return HTTPError(400, 'Missing connector name argument')
			
	if not event_type:
		event_type = request.params.get('event_type', default=None)
		if not event_type:
			logger.error('No event_type argument')
			return HTTPError(400, 'Missing event type argument')
		
	if not source_type:
		source_type = request.params.get('source_type', default=None)
		if not source_type:
			logger.error('No source_type argument')
			return HTTPError(400, 'Missing source type argument')
	
	if not component:
		component = request.params.get('component', default=None)
		if not component:
			logger.error('No component argument')
			return HTTPError(400, 'Missing component argument')
	
	if not resource:
		resource = request.params.get('resource', default=None)
		if not resource:
			logger.error('No resource argument')
			return HTTPError(400, 'Missing resource argument')
		
	if not state:
		state = request.params.get('state', default=None)
		if not state:
			logger.error('No state argument')
			return HTTPError(400, 'Missing state argument')
		
	if not state_type:
		state_type = request.params.get('state_type', default=1)
		
	if not output:
		output = request.params.get('output', default=None)
		
	if not long_output:
		long_output = request.params.get('long_output', default=None)
		
	if not perf_data:
		perf_data = request.params.get('perf_data', default=None)
		
	if not perf_data_array:
		perf_data_array = request.params.get('perf_data_array', default=None)
		#if type(perf_data_array) == 'str':
			#perf_data_array = json.loads(perf_data_array)
		
	#------------------------------forging event----------------------------------

	event = cevent.forger(
				connector = connector,
				connector_name = connector_name,
				event_type = event_type,
				source_type = source_type,
				component = component,
				resource= resource,
				state = int(state),
				state_type = int(state_type),
				output = output,
				long_output = long_output,
				perf_data = perf_data,
				perf_data_array = json.loads(perf_data_array),
			)
	
	logger.debug(type(perf_data_array))
	logger.debug(perf_data_array)
	logger.debug('The forged event is : ')
	logger.debug(str(event))
	
	#------------------------------AMQP Part--------------------------------------
	
	key = cevent.get_routingkey(event)

	amqp.publish(event, key, amqp.exchange_name_events)
		
	logger.debug('Amqp event published')
	
	return {'total':1,'success':True,'data':{'event':event}}