def rest_put(namespace, ctype, _id=None):
#get the session (security)
account = get_account()
storage = get_storage(namespace=namespace)
#check rights on specific ctype (check ctype_to_group_access variable below)
if ctype in ctype_to_group_access:
if not check_group_rights(account,ctype_to_group_access[ctype]):
return HTTPError(403, 'Insufficient rights')
logger.debug("PUT:")
data = request.body.readline()
if not data:
return HTTPError(400, "No data received")
logger.debug(" + data: %s" % data)
logger.debug(" + data-type: %s" % type(data))
if isinstance(data, str):
try:
data = json.loads(data)
except Exception, err:
logger.error("PUT: Impossible to parse data (%s)" % err)
return HTTPError(404, "Impossible to parse data")
def remove_account_from_group(group_id=None,account_id=None):
session_account = get_account()
if not check_group_rights(session_account,group_managing_access):
return HTTPError(403, 'Insufficient rights')
storage = get_storage(namespace='object',account=session_account)
if not group_id or not account_id:
return HTTPError(400, 'Bad request, must specified group and account')
#get group && account
if group_id.find('group.') == -1:
group_id = 'group.%s' % group_id
if account_id.find('account.') == -1:
account_id = 'account.%s' % account_id
logger.debug('Try to get %s and %s' % (account_id,group_id))
try:
account_record = storage.get(account_id,account=session_account)
account = caccount(account_record)
group_record = storage.get(group_id,account=session_account)
group = cgroup(group_record)
except Exception,err:
logger.error('error while fetching %s and %s : %s' % (account_id,group_id,err))
return HTTPError(403, 'Record not found or insufficient rights')
def rest_put(namespace, ctype, _id=None):
#get the session (security)
account = get_account()
storage = get_storage(namespace=namespace, logging_level=logger.level)
#check rights on specific ctype (check ctype_to_group_access variable below)
if ctype in ctype_to_group_access:
if not check_group_rights(account, ctype_to_group_access[ctype]):
return HTTPError(403, 'Insufficient rights')
logger.debug("PUT:")
data = request.body.readline()
if not data:
return HTTPError(400, "No data received")
logger.debug(" + data: %s" % data)
logger.debug(" + data-type: %s" % type(data))
if isinstance(data, str):
try:
data = json.loads(data)
except Exception, err:
logger.error("PUT: Impossible to parse data (%s)" % err)
return HTTPError(404, "Impossible to parse data")
def account_get(_id=None):
namespace = 'object'
ctype= 'account'
#get the session (security)
account = get_account()
if not check_group_rights(account, 'group.account_managing'):
return HTTPError(403, 'Insufficient rights')
limit = int(request.params.get('limit', default=20))
#page = int(request.params.get('page', default=0))
start = int(request.params.get('start', default=0))
#groups = request.params.get('groups', default=None)
search = request.params.get('search', default=None)
logger.debug("GET:")
logger.debug(" + User: "******" + Group(s): "+str(account.groups))
logger.debug(" + namespace: "+str(namespace))
logger.debug(" + Ctype: "+str(ctype))
logger.debug(" + _id: "+str(_id))
logger.debug(" + Limit: "+str(limit))
#logger.debug(" + Page: "+str(page))
logger.debug(" + Start: "+str(start))
#logger.debug(" + Groups: "+str(groups))
logger.debug(" + Search: "+str(search))
storage = get_storage(namespace=namespace)
total = 0
mfilter = {}
if ctype:
mfilter = {'crecord_type': ctype}
if _id:
try:
records = [ storage.get(_id, account=account) ]
total = 1
except Exception, err:
self.logger.error("Exception !\nReason: %s" % err)
return HTTPError(404, _id+" Not Found")
def account_get(_id=None):
namespace = 'object'
ctype = 'account'
#get the session (security)
account = get_account()
if not check_group_rights(account, 'group.account_managing'):
return HTTPError(403, 'Insufficient rights')
limit = int(request.params.get('limit', default=20))
#page = int(request.params.get('page', default=0))
start = int(request.params.get('start', default=0))
#groups = request.params.get('groups', default=None)
search = request.params.get('search', default=None)
logger.debug("GET:")
logger.debug(" + User: "******" + Group(s): " + str(account.groups))
logger.debug(" + namespace: " + str(namespace))
logger.debug(" + Ctype: " + str(ctype))
logger.debug(" + _id: " + str(_id))
logger.debug(" + Limit: " + str(limit))
#logger.debug(" + Page: "+str(page))
logger.debug(" + Start: " + str(start))
#logger.debug(" + Groups: "+str(groups))
logger.debug(" + Search: " + str(search))
storage = get_storage(namespace=namespace)
total = 0
mfilter = {}
if ctype:
mfilter = {'crecord_type': ctype}
if _id:
try:
records = [storage.get(_id, account=account)]
total = 1
except Exception, err:
self.logger.error("Exception !\nReason: %s" % err)
return HTTPError(404, _id + " Not Found")
def tree_update(name='None'):
namespace = 'object'
account = get_account()
if not check_group_rights(account,group_managing_access[0]) and not check_group_rights(account,group_managing_access[1]):
return HTTPError(403, "Access Denied : Your groups have not right to create/update view")
storage = get_storage(namespace=namespace, account=account)
data = json.loads(request.body.readline())
logger.debug('Tree update %s' % data['_id'])
try:
logger.debug(' + Get future parent record')
record_parent = storage.get(data['parentId'], account=account)
except:
return HTTPError(403, "You don't have right on the parent record")
try:
logger.debug(' + Get the children record')
record_child = storage.get(data['_id'], account=account)
except:
logger.debug(' + Children not found')
record_child = None
#test if the record exist
if isinstance(record_child, crecord):
#check write rights
if record_parent.check_write(account=account) and record_child.check_write(account=account):
#if parents are really different
if not (data['parentId'] in record_child.parent):
logger.debug(' + Update relations')
record_parent_old = storage.get(record_child.parent[0], account=account)
logger.debug(' + Remove children %s from %s' % (record_child._id, record_parent_old._id))
record_parent_old.remove_children(record_child)
logger.debug(' + Add children %s to %s' % (record_child._id, record_parent._id))
record_parent.add_children(record_child)
logger.debug(' + Updating all records')
storage.put([record_child, record_parent, record_parent_old],account=account)
elif (record_child.name != data['crecord_name']):
logger.debug(' + Rename record')
logger.debug(' + old name : %s' % str(record_child.name))
logger.debug(' + new name : %s' % data['crecord_name'])
record_child.name = data['crecord_name']
storage.put(record_child,account=account)
else :
logger.debug(' + Records are same, nothing to do')
else:
logger.debug('Access Denied')
return HTTPError(403, "Access Denied")
else:
#add new view/folder
parentNode = storage.get(data['parentId'], account=account)
#test rights
if isinstance(parentNode, crecord):
if parentNode.check_write(account=account):
if data['leaf'] == True:
logger.debug('record is a leaf, add the new view')
record = crecord({'leaf':True,'_id':data['id'],'items':data['items']},type='view',name=data['crecord_name'],account=account)
else:
logger.debug('record is a directory, add it')
record = crecord({'_id':data['id']},type='view_directory',name=data['crecord_name'],account=account)
parentNode.add_children(record)
record.chown(account._id)
record.chgrp(group_managing_access[0])
record.chmod('g+w')
record.chmod('g+r')
storage.put([record,parentNode],account=account)
else:
logger.debug('Access Denied')
return HTTPError(403, "Access Denied")
else :
logger.error('ParentNode doesn\'t exist')
def account_post():
#get the session (security)
account = get_account()
if not check_group_rights(account,group_managing_access):
return HTTPError(403, 'Insufficient rights')
root_account = caccount(user="******", group="root")
storage = get_storage(namespace='object',account=account)
logger.debug("POST:")
data = request.body.readline()
if not data:
return HTTPError(400, "No data received")
data = json.loads(data)
## Clean data
try:
del data['_id']
del data['id']
del data['crecord_type']
except:
pass
if data['user']:
#check if already exist
update = False
_id = "account." + str(data['user'])
try:
record = storage.get(_id ,account=account)
logger.debug('Update account %s' % _id)
update = True
except:
logger.debug('Create account %s' % _id)
#-----------------------UPDATE----------------------
if update:
#Get password
if data['passwd']:
passwd = str(data['passwd'])
else:
passwd = None
#Get group
group = str(data['aaa_group'])
if group:
if group.find('group.') == -1:
group = 'group.%s' % group
#get secondary groups
groups = data['groups']
secondary_groups = []
if groups:
if not isinstance(groups,list):
groups = [groups]
for one_group in groups:
if one_group.find('group.') == -1:
one_group = 'group.%s' % one_group
try :
secondary_groups.append(cgroup(storage.get(one_group,account=account)))
except Exception,err:
logger.error('Error while searching secondary group: %s',err)
#clean secondary groups
for one_record in record.data['groups']:
if unicode(one_record) not in secondary_groups:
remove_account_from_group(one_record,record._id)
#get clean account
record = storage.get(_id ,account=account)
#clean
del data['passwd']
del data['aaa_group']
del data['groups']
#new record
for key in dict(data).keys():
record.data[key] = data[key]
update_account = caccount(record)
#updating
if passwd:
logger.debug(' + Update password ...')
update_account.passwd(passwd)
if group:
logger.debug(' + Update group ...')
update_account.chgrp(group)
if secondary_groups:
logger.debug(' + Update groups ...')
update_account.add_in_groups(secondary_groups)
storage.put(update_account, account=account)
storage.put(secondary_groups, account=account)
reload_account(update_account._id)
else:
#----------------------------CREATION--------------------------
logger.debug(' + New account')
new_account = caccount(user=data['user'], group=data['aaa_group'], lastname=data['lastname'], firstname=data['firstname'], mail=data['mail'])
#passwd
passwd = data['passwd']
new_account.passwd(passwd)
logger.debug(" + Passwd: '%s'" % passwd)
#secondary groups
groups = data['groups']
secondary_groups = []
if groups:
if not isinstance(groups,list):
groups = [groups]
for one_group in groups:
if one_group.find('group.') == -1:
one_group = 'group.%s' % one_group
try :
secondary_groups.append(cgroup(storage.get(one_group,account=account)))
except Exception,err:
logger.error('Error while searching secondary group: %s',err)
new_account.add_in_groups(secondary_groups)
storage.put(secondary_groups)
#put record
logger.debug(' + Save new account')
new_account.chown(new_account._id)
storage.put(new_account, account=account)
#get rootdir
logger.debug(' + Create view directory')
rootdir = storage.get('directory.root', account=root_account)
if rootdir:
userdir = crecord({'_id': 'directory.root.%s' % new_account.user,'id': 'directory.root.%s' % new_account.user ,'expanded':'true'}, type='view_directory', name=new_account.user)
userdir.chown(new_account._id)
userdir.chgrp(new_account.group)
userdir.chmod('g-w')
userdir.chmod('g-r')
storage.put(userdir, account=account)
rootdir.add_children(userdir)
storage.put(rootdir, account=root_account)
storage.put(userdir, account=account)
else:
logger.error('Impossible to get rootdir')
def send_event( routing_key=None):
account = get_account()
if not check_group_rights(account,group_managing_access):
return HTTPError(403, 'Insufficient rights')
connector = None
connector_name = None
event_type = None
source_type = None
component = None
resource = None
state = None
state_type = None
perf_data = None
perf_data_array = None
output = None
long_output = None
#--------------------explode routing key----------
if routing_key :
logger.debug('The routing key is : %s' % str(routing_key))
routing_key = routing_key.split('.')
if len(routing_key) > 6 or len(routing_key) < 5:
logger.error('Bad routing key')
return HTTPError(400, 'Bad routing key')
connector = routing_key[0]
connector_name = routing_key[1]
event_type = routing_key[2]
source_type = routing_key[3]
component = routing_key[4]
if routing_key[5]:
resource = routing_key[5]
#-----------------------get params-------------------
if not connector:
connector = request.params.get('connector', default=None)
if not connector :
logger.error('No connector argument')
return HTTPError(400, 'Missing connector argument')
if not connector_name:
connector_name = request.params.get('connector_name', default=None)
if not connector_name:
logger.error('No connector name argument')
return HTTPError(400, 'Missing connector name argument')
if not event_type:
event_type = request.params.get('event_type', default=None)
if not event_type:
logger.error('No event_type argument')
return HTTPError(400, 'Missing event type argument')
if not source_type:
source_type = request.params.get('source_type', default=None)
if not source_type:
logger.error('No source_type argument')
return HTTPError(400, 'Missing source type argument')
if not component:
component = request.params.get('component', default=None)
if not component:
logger.error('No component argument')
return HTTPError(400, 'Missing component argument')
if not resource:
resource = request.params.get('resource', default=None)
if not resource:
logger.error('No resource argument')
return HTTPError(400, 'Missing resource argument')
if not state:
state = request.params.get('state', default=None)
if not state:
logger.error('No state argument')
return HTTPError(400, 'Missing state argument')
if not state_type:
state_type = request.params.get('state_type', default=1)
if not output:
output = request.params.get('output', default=None)
if not long_output:
long_output = request.params.get('long_output', default=None)
if not perf_data:
perf_data = request.params.get('perf_data', default=None)
if not perf_data_array:
perf_data_array = request.params.get('perf_data_array', default=None)
#if type(perf_data_array) == 'str':
#perf_data_array = json.loads(perf_data_array)
#------------------------------forging event----------------------------------
event = cevent.forger(
connector = connector,
connector_name = connector_name,
event_type = event_type,
source_type = source_type,
component = component,
resource= resource,
state = int(state),
state_type = int(state_type),
output = output,
long_output = long_output,
perf_data = perf_data,
perf_data_array = json.loads(perf_data_array),
)
logger.debug(type(perf_data_array))
logger.debug(perf_data_array)
logger.debug('The forged event is : ')
logger.debug(str(event))
#------------------------------AMQP Part--------------------------------------
key = cevent.get_routingkey(event)
amqp.publish(event, key, amqp.exchange_name_events)
logger.debug('Amqp event published')
return {'total':1,'success':True,'data':{'event':event}}
