Exemplo n.º 1
0
    def logout(session_id: str):
        """Logout user.

        Args:
            session_id (str): session UUID.

        """

        db = DataBase()
        db_session = db.create_session()
        db_session.query(db.Session).filter_by(uuid=session_id).delete()
        db_session.commit()
Exemplo n.º 2
0
        def wrapper(*args, **kwargs) -> web.Response:
            """Wrap decorated method.

            Args:
                *args (tuple): Tuple with nameless arguments;
                **kwargs (dict): Dict with named arguments.

            Returns:
                Result of called wrapped method.

            Raises:
                HTTPUnauthorized: 401 HTTP error, if user session is expired or not found;
                HTTPForbidden: 403 HTTP error, if access denied.

            """

            request = args[1]
            session_id = request.headers.get('Authorization')

            if not session_id:
                raise web.HTTPUnauthorized(text='Unauthorized request')

            db = DataBase()
            db_session = db.create_session()
            session = db_session.query(
                db.Session).filter_by(uuid=session_id).first()

            if not session:
                raise web.HTTPUnauthorized(
                    text='Session expired. Please, sign in again')

            if not session.user.role:
                raise web.HTTPForbidden(text='User is not attached to role')

            method = db_session.query(
                db.Method).filter_by(name=func.__name__).first()

            if method and not method.shared:
                relations = set(
                    filter(lambda rel: rel.role_id == session.user.role.id,
                           method.roles))

                if len(relations) == 0:
                    raise web.HTTPForbidden(text='Access denied')

            return func(*args, **kwargs)
Exemplo n.º 3
0
def app():
    """Entry point of app.

    Get and parse command line parameters and configure web app.
    Command line options:
    -p --port - port (default: 8080).
    -f --folder - working directory (absolute or relative path, default: current app folder FileServer).
    -i --init - initialize database.
    -h --help - help.

    """

    parser = commandline_parser()
    namespace = parser.parse_args(sys.argv[1:])

    db = DataBase()
    if namespace.init:
        db.init_system()

    handler = Handler(namespace.folder)
    app = web.Application()
    app.add_routes([
        web.get('/', handler.handle),
        web.get('/files/list', handler.get_files),
        web.get('/files', handler.get_file_info),
        web.post('/files', handler.create_file),
        web.delete('/files/{filename}', handler.delete_file),
        web.get('/files/download', handler.download_file),
        web.get('/files/download/queued', handler.download_file_queued),
        web.post('/signup', handler.signup),
        web.post('/signin', handler.signin),
        web.get('/logout', handler.logout),
        web.put('/method/{method_name}', handler.add_method),
        web.delete('/method/{method_name}', handler.delete_method),
        web.put('/role/{role_name}', handler.add_role),
        web.delete('/role/{role_name}', handler.delete_role),
        web.post('/add_method_to_role', handler.add_method_to_role),
        web.post('/delete_method_from_role', handler.delete_method_from_role),
        web.post('/change_shared_prop', handler.change_shared_prop),
        web.post('/change_user_role', handler.change_user_role),
        web.post('/change_file_dir', handler.change_file_dir),
    ])
    logging.basicConfig(level=logging.INFO)
    web.run_app(app, port=namespace.port)
Exemplo n.º 4
0
    def add_method(method_name: str):
        """Add new method.

        Args:
            method_name (str): Method name.

        Raises:
            SystemError: if method exists.

        """

        db = DataBase()
        db_session = db.create_session()
        existing_method = db_session.query(
            db.Method).filter_by(name=method_name).first()

        if existing_method:
            raise SystemError(f'Method {method_name} already exists')

        db_session.add(db.Method(method_name))
        db_session.commit()
Exemplo n.º 5
0
    def add_role(role_name: str):
        """Add new role.

        Args:
            role_name (str): Role name.

        Raises:
            SystemError: if role exists.

        """

        db = DataBase()
        db_session = db.create_session()
        existing_role = db_session.query(
            db.Role).filter_by(name=role_name).first()

        if existing_role:
            raise SystemError(f'Role {role_name} already exists')

        db_session.add(db.Role(role_name))
        db_session.commit()
Exemplo n.º 6
0
        def wrapper(*args, **kwargs) -> web.Response:
            """Wrap decorated method.

            Args:
                *args (tuple): Tuple with nameless arguments;
                **kwargs (dict): Dict with named arguments.

            Returns:
                Result of called wrapped method.

            Raises:
                HTTPUnauthorized: 401 HTTP error, if user session is expired or not found.

            """

            request = args[1]
            session_id = request.headers.get('Authorization')

            if not session_id:
                raise web.HTTPUnauthorized(text='Unauthorized request')

            db = DataBase()
            db_session = db.create_session()
            session = db_session.query(
                db.Session).filter_by(uuid=session_id).first()

            if not session:
                raise web.HTTPUnauthorized(
                    text='Session expired. Please, sign in again')

            if session.exp_dt < datetime.now():
                db_session.delete(session)
                db_session.commit()
                raise web.HTTPUnauthorized(
                    text='Session expired. Please, sign in again')

            kwargs.update(user_id=session.user_id)

            return func(*args, **kwargs)
Exemplo n.º 7
0
    def delete_method(method_name: str):
        """Delete method.

        Args:
            method_name (str): Method name.

        Raises:
            SystemError: if method does not exist.

        """

        db = DataBase()
        db_session = db.create_session()
        method = db_session.query(
            db.Method).filter_by(name=method_name).first()

        if not method:
            raise SystemError(f'Method {method_name} is not found')

        db_session.query(db.MethodRole).filter_by(method_id=method.id).delete()
        db_session.delete(method)
        db_session.commit()
Exemplo n.º 8
0
    def delete_role(role_name: str):
        """Delete role.

        Args:
            role_name (str): Role name.

        Raises:
            SystemError: if role does not exist, if role has users.

        """

        db = DataBase()
        db_session = db.create_session()
        role = db_session.query(db.Role).filter_by(name=role_name).first()

        if not role:
            raise SystemError(f'Role {role_name} is not found')

        if len(role.users):
            raise SystemError("You can't delete role with users")

        db_session.query(db.MethodRole).filter_by(role_id=role.id).delete()
        db_session.delete(role)
        db_session.commit()
Exemplo n.º 9
0
            raise ValueError('Invalid email format')

        if not PASSWORD_REGEX.match(password):
            raise ValueError(
                'Invalid password. Password should contain letters, digits and will be 8 to 50 characters long'
            )

        if password != confirm_password:
            raise ValueError('Passwords are not match')

        if surname:
            surname = surname.strip()

        hashed_password = HashAPI.hash_sha512(password)

        db = DataBase()
        db_session = db.create_session()
        existed_user = db_session.query(db.User).filter_by(email=email).first()

        if existed_user:
            raise SystemError(f'User with email {email} already exists')

        role_visitor = db_session.query(
            db.Role).filter_by(name="visitor").first()
        db_session.add(
            db.User(email, hashed_password, name, surname, role=role_visitor))
        db_session.commit()

    @staticmethod
    def signin(**kwargs) -> str:
        """Sign in user.
Exemplo n.º 10
0
        Raises:
            ValueError: if at least one required parameter in kwargs is not set;
            SystemError: method is not found, role is not found, method is already added to role.

        """

        method_name = kwargs.get('method')
        role_name = kwargs.get('role')

        if not method_name or not (method_name := method_name.strip()):
            raise ValueError('Method name is not set')

        if not role_name or not (role_name := role_name.strip()):
            raise ValueError('Role name is not set')

        db = DataBase()
        db_session = db.create_session()
        method = db_session.query(
            db.Method).filter_by(name=method_name).first()
        role = db_session.query(db.Role).filter_by(name=role_name).first()

        if not method:
            raise SystemError(f'Method {method_name} is not found')

        if not role:
            raise SystemError(f'Role {role_name} is not found')

        relations = set(
            filter(lambda rel: rel.role_id == role.id, method.roles))
        if len(relations):
            raise SystemError(