def create(self, validated_data): slug = validated_data['name'].lower().replace('-','_').strip() slug = slug.replace(' ','_') new_permission = Permission(name=validated_data['name'],slug = slug) new_permission.save() # add permission return new_permission
def register(): data = valid_register(request.get_json()) if data['status']: data = data['data'] if data['password'] != data['repassword']: return jsonify({'status': 400, 'msg': 'Password Not Match'}), 400 if User.query.filter(User.email == data['email']).first(): return jsonify({'status': 403, 'msg': 'Email Already Used'}), 403 otp_list = OtpList.query.filter(OtpList.authid == data['authid']).all() if not otp_list: return jsonify({'status': 403, 'msg': 'Invalid AuthID'}), 403 user = User() user.name = data['name'] user.email = data['email'] user.password = crypt.generate_password_hash(data['password']) db.session.add(user) db.session.commit() for each_otp in otp_list: permission = Permission() permission.user_id = user.id permission.otp_id = each_otp.id db.session.add(permission) db.session.commit() return jsonify({'status': 'ok'}), 200 else: return jsonify({'status': 400, 'msg': data['msg']}), 400
def create_permission(name, desc): permission = Permission.from_name(db.session, name) if not permission: permission = Permission(name=name, description=desc) else: permission.description = desc db.session.add(permission) return permission
def _add_permission(self, name): """ Adds a permission to the backend param name: name of the permission to add: 'can_add','can_edit' etc... """ perm = self.session.query(Permission).filter_by(name = name).first() if perm == None: perm = Permission() perm.name = name self.session.add(perm) self.session.commit() return perm return perm
def set_session_user(self, dj): """Takes a Dj model, and stores values into the session""" djkey = dj.key permissions = { 'djs': Permission.DJ_EDIT, 'programs': Permission.PROGRAM_EDIT, 'albums': Permission.ALBUM_EDIT, 'permissions': Permission.PERMISSION_EDIT, 'genres': Permission.GENRE_EDIT, 'blogs': Permission.BLOG_EDIT, 'events': Permission.EVENT_EDIT,} permissions = dict((key, Permission.get_by_title(perm).has_dj(djkey)) for (key, perm) in permissions.iteritems()) if not reduce(lambda x,y: x or y, permissions.values()): permissions = None self.session['dj'] = { 'key' : dj.key.urlsafe(), 'fullname' : dj.fullname, 'lowername' : dj.lowername, 'username': dj.username, 'email' : dj.email, 'permissions' : permissions, }
def add_device(): try: token = request.headers["token"] # TODO: Wrapper bat? user = db.get_user_by_token(token) if user == None: return jsonify({"error": "Gakoa ez da zuzena"}), 200 data = request.get_json(silent=True) # device auth device = db.get_device_by_code(data["code"]) if device == None: return jsonify({"error": "Kodea ez da baliozkoa"}), 400 if db.device_has_owner(device.id): return jsonify({"error": "Kodea ez da baliozkoa"}), 400 if db.add(Permission(user.id, device.id, Permission.OWNER)) == False: return jsonify({"error": "Errorea datubasean"}), 500 logger.info("Device bati jabea jarri zaio. Auth:" + device.auth + " UserId:" + str(user.id) + " addr:" + str(request.remote_addr)) return jsonify({"success": "true"}), 200 except Exception as e: logger.error("Errorea 'add_device' : " + str(e) + " " + str(request.remote_addr)) abort(500)
def _save_policy_line(self, ptype, rule): with self.app.app_context(): line = Permission(ptype=ptype) for i, v in enumerate(rule): setattr(line, 'v{}'.format(i), v) db.session.add(line) db.session.commit()
def api_key_create(): content = request.get_json(force=True) if content is None: return bad_request(web_utils.INVALID_JSON) params, err_response = get_json_params( content, ["email", "password", "device_name"]) if err_response: return err_response email, password, device_name = params if not email: return bad_request(web_utils.INVALID_EMAIL) email = email.lower() user = User.from_email(db.session, email) if not user: time.sleep(5) return bad_request(web_utils.AUTH_FAILED) if not flask_security.verify_password(password, user.password): time.sleep(5) return bad_request(web_utils.AUTH_FAILED) api_key = ApiKey(user, device_name) for name in Permission.PERMS_ALL: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) db.session.add(api_key) db.session.commit() return jsonify( dict(token=api_key.token, secret=api_key.secret, device_name=api_key.device_name, expiry=api_key.expiry))
def api_key_confirm(token=None, secret=None): req = ApiKeyRequest.from_token(db.session, token) if not req: time.sleep(5) flash('Email login request not found.', 'danger') return redirect('/') if req.secret != secret: flash('Email login code invalid.', 'danger') return redirect('/') now = datetime.datetime.now() if now > req.expiry: time.sleep(5) flash('Email login request expired.', 'danger') return redirect('/') if request.method == 'POST': confirm = request.form.get('confirm') == 'true' if not confirm: db.session.delete(req) db.session.commit() flash('Email login cancelled.', 'success') return redirect('/') perms = request.form.getlist('perms') api_key = ApiKey(req.user, req.device_name) for name in perms: perm = Permission.from_name(db.session, name) api_key.permissions.append(perm) req.created_api_key = api_key db.session.add(req) db.session.add(api_key) db.session.commit() flash('Email login confirmed.', 'success') return redirect('/') return render_template('paydb/api_key_confirm.html', req=req, perms=Permission.PERMS_ALL)
def regist(): if request.method == 'GET': return render_template('regist.html') else: telephone = request.form.get('telephone') username = request.form.get('username') password1 = request.form.get('password1') password2 = request.form.get('password2') # 手机号码验证,如果被注册了,就不能再注册了 user = User.query.filter(User.telephone == telephone).first() if user: return u'该手机号码已被注册,请更换手机号码!' else: # password1要和password2相等才可以 if password1 != password2: return u'两次密码不相等,请核对后再填写!' else: user = User(telephone=telephone, username=username, password=password1) db.session.add(user) db.session.commit() user = User.query.filter(User.telephone == telephone).first() user_id = user.id permission = Permission(author_id=user_id, permission='common') db.session.add(permission) db.session.commit() # 如果注册成功,就让页面跳转到登录的页面 return redirect(url_for('login'))
def _add_permission(self, name): """ Adds a permission to the backend, model permission :param name: name of the permission to add: 'can_add','can_edit' etc... """ perm = self.session.query(Permission).filter_by(name=name).first() if perm is None: try: perm = Permission() perm.name = name self.session.add(perm) self.session.commit() return perm except Exception as e: log.error("Add Permission: {0}".format(str(e))) self.session.rollback() return perm
def add_row_perm(self, instance, perm): if self.has_row_perm(instance, perm): return False permission = Permission() permission.content_object = instance permission.group = self permission.name = perm permission.save() return True
def post(self, *args, **kwargs): ''' Approves users ''' try: user_name = self.get_argument("username") except: self.render("admin/error.html", errors=["User does not exist"]) user = User.by_user_name(user_name) permission = Permission(permission_name='admin', user_id=user.id) self.dbsession.add(permission) self.dbsession.add(user) self.dbsession.flush() self.render("admin/approved_user.html", user=user)
def commit_permission(id, idea_session_id): """Save newly created permission to db :param int id: id for user who receives permission :param int idea_session_id: id for associated session """ new_permission = Permission( granted_id = id, idea_session_id = idea_session_id ) db.session.add(new_permission) db.session.commit() return new_permission
def add_row_perm(self, instance, perm): from models import Permission if self.has_row_perm(instance, perm, True): return False permission = Permission() permission.content_object = instance permission.user = self permission.name = perm permission.save() return True
def to_internal_value(self, data): name = data.get('name') if not name or '': raise exceptions.ValidationError({"name_errors": [ "name is a required field and cannot be empty"]}) # validation for slug slug = name.lower().replace('-','_') slug = slug.replace(' ','_') exists, obj = Permission.slug_exists(slug) if exists: raise exceptions.ValidationError({"slug_errors": [ ' %s Already exists'%slug]}) return { 'name': data['name'] }
def generate_admins(admin_names): """ Creates admin users with the syntax '<handle> <email> <password>' """ from models import User, Permission, dbsession from models.User import ADMIN_PERMISSION for i in range(0, len(admin_names)): admin_detail = admin_names[i].split() user = User(handle=admin_detail[0], name=admin_detail[0], email=admin_detail[1], password=admin_detail[2]) dbsession.add(user) dbsession.flush() admin_permission = Permission(name=ADMIN_PERMISSION, user_id=user.id) dbsession.add(admin_permission) dbsession.flush() dbsession.commit()
def add_note(session, user_id, note_title): print('new note: ', user_id, note_title) if not session.query( Note.title).filter(Note.title == note_title).first(): new_note = Note( title=note_title, last_edit_user=user_id, ) session.add(new_note) session.flush() new_permission = Permission(user=user_id, note=new_note.id, permission_type=Permission.PT.owner) session.add(new_permission) session.commit() return True else: return False
def do_strip(self, username): """ Strip a user of all permissions Usage: strip <handle> """ user = User.by_handle(username) if user is None: print (WARN + "'%s' user not found in database." % username) else: username = user.handle permissions = Permission.by_user_id(user.id) if len(permissions) == 0: print (WARN + "%s has no permissions." % user.handle) else: for perm in permissions: print (INFO + "Removing permission: " + perm.permission_name) dbsession.delete(perm) dbsession.flush() print (INFO + "Successfully removed %s's permissions." % user.handle)
def do_grant(self, username): ''' Add user permissions Usage: grant <handle> ''' user = User.by_handle(username) if user is None: print(WARN + str("%s user not found in database." % username)) else: name = raw_input(PROMPT + "Add permission: ") permission = Permission( permission_name=unicode(name), user_id=user.id ) dbsession.add(permission) dbsession.add(user) dbsession.flush() print(INFO + str("Successfully granted %s permissions to %s." % (name, user.name,)))
def do_delete(self, username): """ Delete a user from the database Usage: delete <handle> """ user = User.by_handle(username) if user is None: print (WARN + "'%s' user not found in database." % username) else: username = user.handle print (WARN + str("Are you sure you want to delete %s?" % username)) if raw_input(PROMPT + "Delete [y/n]: ").lower() == "y": permissions = Permission.by_user_id(user.id) for perm in permissions: print (INFO + "Removing permission: " + perm.permission_name) dbsession.delete(perm) dbsession.flush() dbsession.delete(user) dbsession.flush() print (INFO + "Successfully deleted %s from database." % username)
def do_strip(self, username): ''' Strip a user of all permissions Usage: strip <handle> ''' user = User.by_handle(username) if user is None: print(WARN + str("%s user not found in database." % username)) else: username = user.handle permissions = Permission.by_user_id(user.id) if len(permissions) == 0: print(WARN + str("%s has no permissions." % user.handle)) else: for perm in permissions: print(INFO + "Removing permission: " + perm.permission_name) dbsession.delete(perm) dbsession.flush() print(INFO + "Successfully removed %s's permissions." % user.handle)
def do_strip(self, username): ''' Strip a user of all permissions Usage: strip <user name> ''' user = User.by_user_name(username) if user == None: print(WARN + str("%s user not found in database." % username)) else: username = user.user_name permissions = Permission.by_user_id(user.id) if len(permissions) == 0: print(WARN + str("%s has no permissions." % user.user_name)) else: for perm in permissions: print( INFO + "Removing permission: " + perm.permission_name) dbsession.delete(perm) dbsession.flush() print(INFO + "Successfully removed %s's permissions." % user.user_name)
def do_delete(self, username): ''' Delete a user from the database Usage: delete <handle> ''' user = User.by_handle(username) if user is None: print(WARN + str("%s user not found in database." % username)) else: username = user.handle print(WARN + str("Are you sure you want to delete %s?" % username)) if raw_input(PROMPT + "Delete [y/n]: ").lower() == 'y': permissions = Permission.by_user_id(user.id) for perm in permissions: print(INFO + "Removing permission: " + perm.permission_name) dbsession.delete(perm) dbsession.flush() dbsession.delete(user) dbsession.flush() print(INFO + str("Successfully deleted %s from database." % username))
def add_row_perm(self, instance, perm): # 20100118 RL # Bug in this app's code - one can fail to have perms both because you don't nhave them, and # because your account isn't active. If the latter, we definitely shouldn't be putting duplicate rows in. # Short of copying/pasting code, the easiest thing to do is to skip the active test - implemented by # modifying has_row_perm to take another param. if self.has_row_perm(instance, perm, True, False): return False permission = Permission() permission.content_object = instance permission.user = self permission.name = perm permission.save() return True
) dbsession.add(item) dbsession.flush() # Game Levels game_level = GameLevel( number=0, buyout=0, ) dbsession.add(game_level) dbsession.flush() # Admin User Account admin_user = User(handle=u'admin') admin_user.password = password dbsession.add(admin_user) dbsession.flush() admin_permission = Permission(name=ADMIN_PERMISSION, user_id=admin_user.id) dbsession.add(admin_permission) dbsession.flush() # Display Details if config.debug: environ = bold + R + "Developement boot strap" + W details = ", default admin password is '%s'." % password else: environ = bold + "Production boot strap" + W details = '.' print INFO + '%s completed successfully%s' % (environ, details)
password1 = getpass.getpass() sys.stdout.write(PROMPT + "Confirm New Admin ") sys.stdout.flush() password2 = getpass.getpass() if password1 == password2 and 12 <= len(password1): password = password1 else: print(WARN + 'Error: Passwords did not match, or were less than 12 chars') os._exit(1) ### Create admin account user = User(user_name=unicode(username), approved=True) dbsession.add(user) dbsession.flush() user.password = password dbsession.add(user) dbsession.flush() permission = Permission(permission_name=user.user_name, user_id=user.id) dbsession.add(permission) dbsession.flush() ### Print details for user' if config.debug: environ = bold + R + "Developement boot strap" + W details = ", default admin password is '%s'." % password else: environ = bold + "Production boot strap" + W details = '.' print(INFO + '%s complete successfully%s' % (environ, details))
from models.User import * from models.Passport import * from models.Permission import * from models.Event import * from models.Vendor import * from controller.Event import createEvent import datetime from datetime import date from sqlalchemy import event as sqlevent from sqlalchemy import DDL if __name__ == '__main__': db.create_all() staffPerms = list( map(lambda n: Permission(name=n), ["canStamp", "canActivate", "canRecharge"])) participantPerms = list( map(lambda n: Permission(name=n), ["canSeePassport"])) allPerms = staffPerms + participantPerms for permission in allPerms: db.session.add(permission) groups = { "Admin": allPerms, "Participant": participantPerms, "Staff": staffPerms, "Vendor": staffPerms }
def add_row_perm(self, instance, perm): if type(instance).__name__ == 'QuerySet': for object in instance: if self.has_row_perm(object, perm): pass permission = Permission() permission.content_object = object permission.user = self permission.name = perm permission.save() else: if self.has_row_perm(instance, perm): return False permission = Permission() permission.content_object = instance permission.group = self permission.name = perm permission.save() return True
limitations under the License. ''' import os import sys import getpass from libs.ConsoleColors import * from libs.ConfigManager import ConfigManager from models import dbsession, User, Permission #Create Admin Account user = User(user_name=unicode('admin'), approved=True) dbsession.add(user) dbsession.flush() user.password = '******' dbsession.add(user) dbsession.flush() #Create Admin Permission permission = Permission(permission_name="admin", user_id=user.id) dbsession.add(permission) dbsession.flush() #Create Default User Account regular = User(user_name=unicode('user'), approved=True) dbsession.add(regular) dbsession.flush() regular.password = '******' dbsession.add(regular) dbsession.flush()
def folders_set_permissions(user, folder_id): if not user.admin: return error_response("not_admin", "You must be an administrator to " "edit the permissions on a folder") schema = { "type": "object", "properties": { "permissions": { "type": "array", "items": { "type": "object", "properties": { "user_id": {"type": "integer"}, "read": {"type": "boolean"}, "write": {"type": "boolean"} }, "required": ["user_id", "read", "write"] } } }, "required": ["permissions"] } error = validate_schema(request.json, schema) if error: return error if not Folder.query.filter(Folder.id==folder_id).count(): return error_response("item_not_found", "Folder not found") for permission in request.json.get("permissions"): user_id = permission.get("user_id") u = User.query.get(user_id) if not u: return error_response("item_not_found", "User with ID {} not found" "".format(user_id)) if u.admin: return error_response("input_validation_fail", "Cannot set " "permissions for an administrator, administrators already have " "full access to all folders") ps = Permission.query.filter(Permission.user_id==user_id).filter( Permission.folder_id==folder_id).all() p = ps[0] if ps else Permission() # If no read or write, do not add permission and delete if exists if not(permission.get("read") or permission.get("write")): if ps: db_session.delete(p) continue if permission.get("write") and not permission.get("read"): return error_response("input_validation_fail", "Users must be able " "to read a folder if they are to write to it") p.user_id = user_id p.folder_id = folder_id p.read = permission.get("read") p.write = permission.get("write") if not ps: db_session.add(p) db_session.commit() return jsonify(success=True)
# needs to be subscribed to be a user return HttpResponse(str(0), content_type='text/plain') if not bc.user.subscribed: # needs to be subscribed to be a maintainer return HttpResponse(str(0), content_type='text/plain') try: # does the permission already exist? p = Permission.objects.get(user=tc.user, tool=t) # if so just report success. return HttpResponse(str(1), content_type='text/plain') except ObjectDoesNotExist, e: pass np = Permission(user=tc.user, permission=1, tool=t, addedby=bc.user) np.save() return HttpResponse(str(1), content_type='text/plain') @check_secret @check_ip @csrf_exempt @require_POST def settoolstatus(request, tool_id, status, card_id): try: t = Tool.objects.get(pk=tool_id) except ObjectDoesNotExist, e: return HttpResponse('-1', content_type='text/plain') try:
number=0, buyout=0, ) dbsession.add(game_level) dbsession.flush() # Admin User Account user = User( account=u'admin', handle=u'God', algorithm=u'scrypt', ) dbsession.add(user) dbsession.flush() user.password = password dbsession.add(user) dbsession.flush() permission = Permission(name=u'admin', user_id=user.id) dbsession.add(permission) dbsession.flush() # Display Details if config.debug: environ = bold + R + "Developement boot strap" + W details = ", default admin password is '%s'." % password else: environ = bold + "Production boot strap" + W details = '.' print INFO + '%s completed successfully%s' % (environ, details)
def public_save(request): user_id = request.POST.get("user_id", "") user_name = request.POST.get("user_name", "") user_real_name = request.POST.get("user_real_name", "") user_email = request.POST.get("user_email", "") user_password = request.POST.get("user_password", "") user_re_password = request.POST.get("user_re_password", "") user_is_admin = request.POST.get("user_is_admin", 0) permission_list = request.POST.get("permission_list", "") if user_is_admin == 1 or user_is_admin == "1": user_is_admin = True else: user_is_admin = False result = {} head = {} if user_name == "": error_code = 100015 elif user_password == "" or user_re_password == "": error_code = 100021 elif user_password != user_re_password: error_code = 100019 elif len(user_password) < 6: error_code = 100020 else: new_user_id = "" if user_id == "": if User.objects.filter(username=user_name, is_active=1): error_code = 100017 else: add_user = User(username=user_name, first_name=user_real_name, is_superuser=user_is_admin, email=user_email) try: add_user.set_password(user_password) add_user.save() new_user_id = add_user.id error_code = 0 except Exception as ex: head["exceptions"] = ex error_code = 110000 else: if User.objects.filter(username=user_name, is_active=1).exclude(id=user_id): error_code = 100017 else: edit_user = get_object_or_404(User, id=user_id) try: edit_user.username = user_name edit_user.first_name = user_real_name edit_user.email = user_email if user_password != edit_user.password: edit_user.set_password(user_password) edit_user.is_superuser = user_is_admin edit_user.save() new_user_id = user_id error_code = 0 except Exception as ex: head["exceptions"] = ex error_code = 110000 # 保存权限 if new_user_id != "": permissions = Permission.objects.filter(user_id=new_user_id) if permissions: for pers in permissions: pers.delete() if permission_list != "": permission_list = permission_list.encode("utf8") permission_list = permission_list.split(",") for permission_id in permission_list: permission_info = Permission.objects.filter(user_id=new_user_id, project_id=permission_id) if permission_info: pass else: new_permission = Permission(user_id=new_user_id, project_id=permission_id) new_permission.save() head["code"] = error_code head["message"] = errorinfo.change_to_message(error_code) result["heads"] = head return result
def add_row_perm(self, instance, perm): """ Add permission 'perm' to user 'self' for object(s) instance. instance variable may be an object or a queryset. """ if type(instance).__name__ == 'QuerySet': for object in instance: if self.has_row_perm(object, perm, True): pass permission = Permission() permission.content_object = object permission.user = self permission.name = perm permission.save() else: if self.has_row_perm(instance, perm, True): return False permission = Permission() permission.content_object = instance permission.user = self permission.name = perm permission.save() return True
def public_save(request): user_id = request.POST.get("user_id", "") user_name = request.POST.get("user_name", "") user_real_name = request.POST.get("user_real_name", "") user_email = request.POST.get("user_email", "") user_password = request.POST.get("user_password", "") user_re_password = request.POST.get("user_re_password", "") user_is_admin = request.POST.get("user_is_admin", 0) permission_list = request.POST.get("permission_list", "") if user_is_admin == 1 or user_is_admin == "1": user_is_admin = True else: user_is_admin = False result = {} head = {} if user_name == "": error_code = 100015 elif user_password == "" or user_re_password == "": error_code = 100021 elif user_password != user_re_password: error_code = 100019 elif len(user_password) < 6: error_code = 100020 else: new_user_id = "" if user_id == "": if User.objects.filter(username=user_name, is_active=1): error_code = 100017 else: add_user = User(username=user_name, first_name=user_real_name, is_superuser=user_is_admin, email=user_email) try: add_user.set_password(user_password) add_user.save() new_user_id = add_user.id error_code = 0 except Exception as ex: head["exceptions"] = ex error_code = 110000 else: if User.objects.filter(username=user_name, is_active=1).exclude(id=user_id): error_code = 100017 else: edit_user = get_object_or_404(User, id=user_id) try: edit_user.username = user_name edit_user.first_name = user_real_name edit_user.email = user_email if user_password != edit_user.password: edit_user.set_password(user_password) edit_user.is_superuser = user_is_admin edit_user.save() new_user_id = user_id error_code = 0 except Exception as ex: head["exceptions"] = ex error_code = 110000 # 保存权限 if new_user_id != "": permissions = Permission.objects.filter(user_id=new_user_id) if permissions: for pers in permissions: pers.delete() if permission_list != "": permission_list = permission_list.encode("utf8") permission_list = permission_list.split(",") for permission_id in permission_list: permission_info = Permission.objects.filter( user_id=new_user_id, project_id=permission_id) if permission_info: pass else: new_permission = Permission(user_id=new_user_id, project_id=permission_id) new_permission.save() head["code"] = error_code head["message"] = errorinfo.change_to_message(error_code) result["heads"] = head return result
def can(self, ask): if self.permissions is None: self.permissions = Permission.User return Permission(self.permissions).can(ask)
sys.stdout.write(PROMPT + "Confirm New Admin ") sys.stdout.flush() password2 = getpass.getpass() if password1 == password2 and 12 <= len(password1): password = password1 else: print WARN + \ 'Error: Passwords did not match, or were less than 12 chars' os._exit(1) # Admin User Account user = User(name='admin', ) dbsession.add(user) dbsession.flush() user.password = password dbsession.add(user) dbsession.flush() permission = Permission(name=ADMIN_PERMISSION, user_id=user.id) dbsession.add(permission) dbsession.flush() # Display Details if config.debug: environ = bold + R + "Developement boot strap" + W details = ", default admin password is '%s'." % password else: environ = bold + "Production boot strap" + W details = '.' print INFO + '%s completed successfully%s' % (environ, details)