def _initialize(admin_password):
"""
Creates initial objects in database
"""
public_group = Group(name=Group.PUBLIC_GROUP_NAME, capabilities=[])
db.session.add(public_group)
everything_group = Group(name=Group.EVERYTHING_GROUP_NAME,
capabilities=[Capabilities.access_all_objects])
db.session.add(everything_group)
admin_group = Group(name=app_config.mwdb.admin_login,
capabilities=Capabilities.all(),
private=True)
db.session.add(admin_group)
admin_user = User(
login=app_config.mwdb.admin_login,
email="*****@*****.**",
additional_info="MWDB built-in administrator account",
groups=[admin_group, everything_group, public_group],
)
admin_user.reset_sessions()
admin_user.set_password(admin_password)
db.session.add(admin_user)
db.session.commit()
def get_shares_for_upload(upload_as):
"""
Translates 'upload_as' value from API into list of groups that
object will be shared with
"""
if upload_as == "*":
# If '*' is provided: share with all user's groups except 'public'
share_with = [group for group in g.auth_user.groups if group.workspace]
elif upload_as == "private":
share_with = [Group.get_by_name(g.auth_user.login)]
else:
share_group = Group.get_by_name(upload_as)
# Does group exist?
if share_group is None:
raise NotFound(f"Group {upload_as} doesn't exist")
# Has user access to group?
if share_group not in g.auth_user.groups and not g.auth_user.has_rights(
Capabilities.sharing_objects):
raise NotFound(f"Group {upload_as} doesn't exist")
# Is group pending?
if share_group.pending_group is True:
raise NotFound(f"Group {upload_as} is pending")
share_with = [share_group, Group.get_by_name(g.auth_user.login)]
return share_with
def post(self, name):
"""
---
summary: Create a new group
description: |
Creates a new group.
Requires `manage_users` capability.
security:
- bearerAuth: []
tags:
- group
parameters:
- in: path
name: name
schema:
type: string
description: Group name
requestBody:
description: Group information
content:
application/json:
schema: GroupCreateRequestSchema
responses:
200:
description: When group was created successfully
content:
application/json:
schema: GroupSuccessResponseSchema
400:
description: When group name or request body is invalid
403:
description: When user doesn't have `manage_users` capability
409:
description: When group exists yet
"""
schema = GroupCreateRequestSchema()
obj = loads_schema(request.get_data(as_text=True), schema)
group_name_obj = load_schema({"name": name}, GroupNameSchemaBase())
if db.session.query(
exists().where(Group.name == group_name_obj["name"])).scalar():
raise Conflict("Group exists yet")
group = Group(name=group_name_obj["name"],
capabilities=obj["capabilities"])
db.session.add(group)
db.session.commit()
logger.info(
"Group created",
extra={
"group": group.name,
"capabilities": group.capabilities
},
)
schema = GroupSuccessResponseSchema()
return schema.dump({"name": name})
def _initialize(admin_password):
"""
Creates initial objects in database
"""
public_group = Group(name=Group.PUBLIC_GROUP_NAME,
capabilities=[],
workspace=False,
default=True)
db.session.add(public_group)
everything_group = Group(
name=Group.DEFAULT_EVERYTHING_GROUP_NAME,
capabilities=[Capabilities.access_all_objects],
workspace=False,
)
db.session.add(everything_group)
registered_group = Group(
name=Group.DEFAULT_REGISTERED_GROUP_NAME,
capabilities=[
Capabilities.adding_files,
Capabilities.manage_profile,
Capabilities.personalize,
],
workspace=False,
default=True,
)
db.session.add(registered_group)
admin_group = Group(name=app_config.mwdb.admin_login,
capabilities=Capabilities.all(),
private=True)
db.session.add(admin_group)
admin_user = User(
login=app_config.mwdb.admin_login,
email="*****@*****.**",
additional_info="MWDB built-in administrator account",
groups=[admin_group, everything_group, public_group, registered_group],
)
admin_user.reset_sessions()
admin_user.set_password(admin_password)
db.session.add(admin_user)
db.session.commit()
def configure():
logger.info("Configuring 'karton' attribute key.")
attribute = MetakeyDefinition(
key="karton",
url_template="",
label="Karton analysis",
description="Reference to the Karton analysis for object")
db.session.merge(attribute)
db.session.commit()
logger.info("Updating permissions for admin account.")
admin_group = Group.get_by_name("admin")
if KartonCapabilities.karton_manage not in admin_group.capabilities:
admin_group.capabilities.append(KartonCapabilities.karton_manage)
db.session.commit()
def create_object(self, params):
params = dict(params)
# Validate parent object
if params["parent"] is not None:
if not g.auth_user.has_rights(Capabilities.adding_parents):
raise Forbidden("You are not permitted to link with parent")
parent_object = Object.access(params["parent"])
if parent_object is None:
raise NotFound("Parent object not found")
else:
parent_object = None
# Validate metakeys
metakeys = params["metakeys"]
for metakey in params["metakeys"]:
key = metakey["key"]
if not MetakeyDefinition.query_for_set(key).first():
raise NotFound(f"Metakey '{key}' not defined or insufficient "
"permissions to set that one")
# Validate upload_as argument
upload_as = params["upload_as"]
if upload_as == "*":
# If '*' is provided: share with all user's groups except 'public'
share_with = [
group for group in g.auth_user.groups if group.name != "public"
]
else:
share_group = Group.get_by_name(upload_as)
# Does group exist?
if share_group is None:
raise NotFound(f"Group {upload_as} doesn't exist")
# Has user access to group?
if share_group not in g.auth_user.groups and not g.auth_user.has_rights(
Capabilities.sharing_objects):
raise NotFound(f"Group {upload_as} doesn't exist")
# Is group pending?
if share_group.pending_group is True:
raise NotFound(f"Group {upload_as} is pending")
share_with = [share_group, Group.get_by_name(g.auth_user.login)]
item, is_new = self._create_object(params, parent_object, share_with,
metakeys)
db.session.commit()
if is_new:
hooks.on_created_object(item)
self.on_created(item)
else:
hooks.on_reuploaded_object(item)
self.on_reuploaded(item)
logger.info(f'{self.ObjectType.__name__} added',
extra={
'dhash': item.dhash,
'is_new': is_new
})
schema = self.ItemResponseSchema()
return schema.dump(item)