Exemplos de HttpErrorException.forbidden em Python

Exemplo n.º 1

Arquivo: admin_panel.py Projeto: baxterjfinch/dragonspectrum

 def get(self, organization=None):
     if not self.user.is_admin:
         raise HttpErrorException.forbidden()
     temp_data = {
         'user': {
             'display_name': self.user.display_name,
             'super_admin': self.user.is_super_admin,
         },
         'org': False,
         'org_json': None,
     }
     if not self.user.is_org_admin or (self.user.is_super_admin
                                       and organization is not None):
         if not organization:
             raise HttpErrorException.forbidden()
         org = Organization.get_by_id(organization)
         if not org:
             raise HttpErrorException.bad_request('invalid organization id')
         if not self.user.is_super_admin and self.user.organization != org.key:
             raise HttpErrorException.forbidden()
         temp_data['org'] = True
         temp_data['org_id'] = org.key.id()
         temp_data['org_json'] = json.dumps(org.to_dict())
         groups = org.get_all_groups()
         groups += org.get_all_hidden_groups()
         temp_data['groups'] = json.dumps(groups)
     template_index = JINJA_ENVIRONMENT.get_template(
         'admin_panel/index.html')
     self.response.write(template_index.render(temp_data))

Exemplo n.º 2

Arquivo: users.py Projeto: baxterjfinch/dragonspectrum

 def get(self, organization=None):
     if not self.user.is_admin:
         raise HttpErrorException.forbidden()
     if self.user.is_super_admin and not organization:
         users = User.query(User.organization == None).fetch()
         users_dicts = []
         for user in users:
             users_dicts.append(user.to_dict())
         self.write_json_response(users_dicts)
     else:
         org = Organization.get_by_id(organization)
         if not org:
             raise HttpErrorException.bad_request('invalid org id')
         if not self.user.is_super_admin and self.user.organization != org.key:
             raise HttpErrorException.forbidden()
         if self.request.get('username', None):
             user = User.get_by_id(self.request.get('username'))
             if not user:
                 raise HttpErrorException.bad_request('invalid username')
             self.write_json_response(user.to_dict())
         else:
             users = User.query(User.organization == org.key).fetch()
             users_dicts = []
             for user in users:
                 users_dicts.append(user.to_dict())
             self.write_json_response(users_dicts)

Exemplo n.º 3

Arquivo: publish.py Projeto: baxterjfinch/dragonspectrum

    def get_publish(self, document, group):
        document = Document.get_by_id(document)
        if not document:
            raise HttpErrorException.bad_request('invalid document id')
        if not document.has_permission_read(self.user):
            raise HttpErrorException.forbidden()

        group = Group.get_by_id(group)
        if not group:
            raise HttpErrorException.bad_request('invalid group id')

        self.project = document.project.get()
        version = self.request.get('v', 'latest')
        pub = PublishDocument.get(document, group, version)

        if not pub:
            raise HttpErrorException.not_found()

        if pub.group not in self.user.groups and pub.group != Group.get_worldshare_key(
        ):
            raise HttpErrorException.forbidden()

        self._create_analytic_session()
        self.project.record_analytic('pro_opn', self.analytic_session)

        template_index = JINJA_ENVIRONMENT.get_template('document_public.html')
        return template_index.render({
            'title': self.project.title,
            'version': pub.version,
            'created_at': pub.created_ts,
            'published_to': pub.group.get().name,
            'an_token': self.analytic_session.key.id(),
            'project_id': self.project.id,
            'html': pub.html,
        })

Exemplo n.º 4

Arquivo: project.py Projeto: baxterjfinch/dragonspectrum

    def _up_vote(self):
        if not self.project.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        vote_changed = True

        pvote = self.project.get_user_vote(self.user)

        # If there is no previous vote, they can vote up or down
        if pvote is None:
            self.project.project_score += 1
            uvote = ProjectUserVotes(project=self.project.key,
                                     user=self.user.key,
                                     direction='up')
            uvote.put()

        # If there was a previous vote and its down. We remove their vote, otherwise they are trying
        # to vote up again and we disallow that.
        elif pvote is not None and pvote.direction == 'down':
            self.project.project_score += 1
            pvote.key.delete()

        else:
            vote_changed = False

        if vote_changed:
            cost = spectra.calculate_cost('pro_up_vote',
                                          user=self.user,
                                          artifact=self.project)
            if not spectra.has_sufficient_points(cost, self.user):
                raise HttpErrorException.forbidden()
            self.user.sub_spectra_cost(cost)

        action_data = {'project_score': self.project.project_score}
        trans = Transaction(action='pro_up_vote',
                            user=self.user.key,
                            artifact=self.project.key,
                            project=self.project.key,
                            action_data=action_data)
        trans.put()

        self.get_channel_token()
        channel_tokens = ChannelToken.get_by_project_key(
            self.project.key, self.user_channel_token)
        channel_tokens = ChannelToken.remove_unauthorized_users(
            channel_tokens, [self.project])
        message = {
            'user': self.get_user_channel_data(),
            'transaction': trans.to_dict(self.user)
        }
        ChannelToken.broadcast_message(channel_tokens, message)

Exemplo n.º 5

Arquivo: project.py Projeto: baxterjfinch/dragonspectrum

    def delete(self, project_id=None):
        if self.request.get('token_id') is None:
            raise HttpErrorException.bad_request('no token id')

        self.user.current_token_id = self.request.get('token_id')
        if not project_id and not Project.valid_id(project_id):
            raise HttpErrorException.bad_request('no project id')

        project = Project.get_by_id(project_id)
        if not project:
            raise HttpErrorException.bad_request('invaild project id')
        if not project.has_permission_delete(self.user):
            raise HttpErrorException.forbidden()

        trans = Transaction(action='pro_del',
                            user=self.user.key,
                            artifact=project.key,
                            project=project.key)
        trans.put()

        self.get_channel_token()
        channel_tokens = ChannelToken.get_by_project_key(
            project.key, self.user_channel_token)
        channel_tokens = ChannelToken.remove_unauthorized_users(
            channel_tokens, [project])
        message = {
            'user': self.get_user_channel_data(),
            'transaction': trans.to_dict(self.user)
        }
        ChannelToken.broadcast_message(channel_tokens, message)

        project.delete(self.user)

Exemplo n.º 6

Arquivo: app_engine.py Projeto: baxterjfinch/dragonspectrum

 def get(self, organization=None):
     if not self.user.is_admin:
         raise HttpErrorException.forbidden()
     temp_data = {}
     template_index = JINJA_ENVIRONMENT.get_template(
         'admin_panel/thinktank/logging/app_engine_logs.html')
     self.response.write(template_index.render(temp_data))

Exemplo n.º 7

Arquivo: project.py Projeto: baxterjfinch/dragonspectrum

    def _set_title(self):
        title = self.json_request.get('title')
        if title.rstrip() == '':
            raise HttpErrorException.bad_request('empty title given')

        if not self.project.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        self.project.title = title

        action_data = {'title': title}
        trans = Transaction(action='pro_title',
                            user=self.user.key,
                            artifact=self.project.key,
                            project=self.project.key,
                            action_data=action_data)
        trans.put()

        self.get_channel_token()
        channel_tokens = ChannelToken.get_by_project_key(
            self.project.key, self.user_channel_token)
        channel_tokens = ChannelToken.remove_unauthorized_users(
            channel_tokens, [self.project])
        message = {
            'user': self.get_user_channel_data(),
            'transaction': trans.to_dict(self.user)
        }
        ChannelToken.broadcast_message(channel_tokens, message)

Exemplo n.º 8

    def post(self, phrasing_id=None):
        self.get_channel_token()
        if not Phrasing.valid_id(phrasing_id):
            raise HttpErrorException.bad_request('invalid phrasing id')

        self.phrasing = Phrasing.get_by_id(phrasing_id)
        if not self.phrasing:
            raise HttpErrorException.bad_request('invalid phrasing id')
        if not self.phrasing.has_permission_read(self.user):
            raise HttpErrorException.forbidden()
        if self.json_request.get('text'):
            self._set_text()
        if self.json_request.get('permission'):
            self._add_perm()
        if not self.json_request.get('permission') and self.json_request.get(
                'group_id'):
            self._rm_perm()
        if self.json_request.get('remove_group'):
            self._remove_group()

        self.phrasing.modified_ts = datetime.datetime.now()
        project = self.phrasing.project.get()
        project.pw_modified_ts = datetime.datetime.now()

        ndb.put_multi([project, self.phrasing])

Exemplo n.º 9

    def post(self, user_id=None):
        if not user_id:
            raise HttpErrorException.bad_request('no user id given')

        user = User.get_by_id(user_id)
        if not user:
            raise HttpErrorException.bad_request('invalid user id given')
        if user != self.user and not self.user.is_super_admin:
            lr = tt_logging.construct_log(
                msg_short='Non-Admin User try to Alter Another User\'s Billing',
                msg='User (%s) attemped to change another user\'s (%s) '
                    'billing information' % (self.user.key.id(), user.key.id()),
                log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user,
                request=self.request
            )
            log.warning(lr['dict_msg']['msg'], extra=lr)
            raise HttpErrorException.forbidden()

        if self.json_request.get('subscribe'):
            pay_plan = self.json_request.get('subscribe')
            if user.is_billable_account():
                raise HttpErrorException.bad_request('user already has billable account')

            checkout_url = user.setup_billable_account(pay_plan)
            self.write_json_response({'checkout_url': checkout_url})

Exemplo n.º 10

    def post(self, concept_id=None):
        if not concept_id and not Concept.valid_id(concept_id):
            raise HttpErrorException.bad_request('invalid concept id')

        concept = Concept.get_by_id(concept_id)
        if not concept:
            raise HttpErrorException.bad_request('invalid concept id')
        if not self.json_request.get('document_id') and not Document.valid_id(
                self.json_request.get('document_id')):
            raise HttpErrorException.bad_request('invalid document id')

        document = Document.get_by_id(self.json_request.get('document_id'))
        if not document:
            raise HttpErrorException.bad_request('invalid document  id')
        if not document.has_permission_set_crawlcontext(self.user):
            raise HttpErrorException.forbidden()

        if document.presentation_document is None:
            raise HttpErrorException.bad_request('document has not summary')

        presentation_document = document.presentation_document.get()
        if document.presentation_document is None:
            raise HttpErrorException.bad_request('document has not summary')

        project = document.project.get()
        if not isinstance(self.json_request.get('crawl'), bool):
            raise HttpErrorException.bad_request('invalid crawl')

        temp = self.json_request.get('temp', None)
        if temp is None:
            raise HttpErrorException.bad_request('no temp giving')

        crawlcontexts = ndb.get_multi(concept.presentation_crawlcontext)
        if temp:
            for crawl in crawlcontexts:
                if crawl.document == presentation_document.key:
                    concept.presentation_crawlcontext.remove(crawl.key)
                    concept.put()
                    crawl.key.delete()
                    break

        else:
            for crawl in crawlcontexts:
                if crawl.document == presentation_document.key:
                    crawl.crawl = self.json_request.get('crawl')
                    crawl.put()
                    break
            else:
                crawl = PresentationCrawlContext(
                    key=PresentationCrawlContext.create_key(),
                    project=project.key,
                    document=presentation_document.key,
                    crawl=self.json_request.get('crawl'))
                crawl.put()

                concept.presentation_crawlcontext.append(crawl.key)
                concept.put()

        project.pw_modified_ts = datetime.datetime.now()
        project.put()

Exemplo n.º 11

Arquivo: document.py Projeto: baxterjfinch/dragonspectrum

    def post(self):
        doc = Document.get_by_id(self.json_request.get('document', 'none'))
        if not doc:
            raise HttpErrorException.bad_request('invalid document id')
        if not doc.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        if not doc.summary_document:
            raise HttpErrorException.bad_request('no summary document')

        sum_doc = doc.summary_document.get()
        if not sum_doc:
            raise HttpErrorException.bad_request('no summary document')

        word_count = self.json_request.get('word_count')
        try:
            word_count = int(word_count)
        except (ValueError, TypeError):
            raise HttpErrorException.bad_request('word_count must be int')

        if word_count < 100 or word_count > 2500 or word_count % 50 != 0:
            raise HttpErrorException.bad_request(
                'word_count must be 100 to 2500 in 50 inc')

        sum_doc.word_count = word_count
        sum_doc.put()

Exemplo n.º 12

Arquivo: dashboard.py Projeto: baxterjfinch/dragonspectrum

 def get(self, organization=None):
     if not self.user.is_admin:
         raise HttpErrorException.forbidden()
     temp_data = {}
     template_index = JINJA_ENVIRONMENT.get_template(
         'admin_panel/dashboard.html')
     self.response.write(template_index.render(temp_data))

Exemplo n.º 13

Arquivo: document.py Projeto: baxterjfinch/dragonspectrum

 def get(self, document='none'):
     document = Document.get_by_id(document)
     if not document:
         raise HttpErrorException.bad_request('invalid document id')
     if not document.has_permission_read(self.user):
         raise HttpErrorException.forbidden()
     self.write_json_response(document.to_dict(self.user))

Exemplo n.º 14

Arquivo: document.py Projeto: baxterjfinch/dragonspectrum

    def _set_title(self):
        if not self.document.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        title = self.json_request.get('title', '').rstrip()
        if title == '':
            raise HttpErrorException.bad_request('title can not be empty')
        self.document.title = title

Exemplo n.º 15

Arquivo: document.py Projeto: baxterjfinch/dragonspectrum

    def _add_perm(self):
        if not self.document.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        group, required = self.document.validate_add_perm_request(
            self.json_request, self.user)
        self.document.add_group_perm(group, self.json_request.get('operation'),
                                     self.json_request.get('permission'),
                                     required)

        action_data = {
            'group': group.key.id(),
            'operation': self.json_request.get('operation'),
            'permission': self.json_request.get('permission'),
            'type': 'required' if required else 'shared',
            'hidden': False,
        }

        trans = Transaction(action='doc_perm_add',
                            user=self.user.key,
                            artifact=self.document.key,
                            project=self.project.key,
                            action_data=action_data)
        trans.put()
        org = self.document.organization.get()

        # Get project channel tokens
        channel_tokens = ChannelToken.get_by_project_key(
            self.project.key, self.user_channel_token)
        # Loop through each channel token to test permissions on next sibling
        for channel_token in channel_tokens:
            ach_user = channel_token.user.get()

            if (not self.document.has_permission_read(channel_token.user.get())
                    and not self.document.had_permission_read(
                        channel_token.user.get())):
                continue

            if not ach_user.is_super_admin and not \
                    (ach_user.is_org_admin and org.key == ach_user.organization) and \
                    org.is_hidden_group(group):

                fake_id = memcache.get(group.key.id() + '_fake_id')
                if fake_id is None:
                    fake_id = server.create_uuid()
                    memcache.add(key=group.key.id() + '_fake_id',
                                 value=fake_id)

                trans.action_data['group'] = fake_id
                trans.action_data['hidden'] = True

            message = {
                'user': self.get_user_channel_data(),
                'transaction': trans.to_dict(self.user)
            }

            ChannelToken.broadcast_message([channel_token], message)

Exemplo n.º 16

Arquivo: organization.py Projeto: baxterjfinch/dragonspectrum

 def get(self, organization=None):
     if not self.user.is_admin:
         raise HttpErrorException.forbidden()
     if self.user.is_super_admin and organization is None:
         orgs = Organization.query().fetch()
         orgs_dict = []
         for org in orgs:
             orgs_dict.append(org.to_dict())
         self.write_json_response(orgs_dict)
     else:
         if not organization:
             raise HttpErrorException.bad_request('invalid org id')
         org = Organization.get_by_id(organization)
         if not org:
             raise HttpErrorException.bad_request('invalid org id')
         if not self.user.is_super_admin and self.user.organization != org.key:
             raise HttpErrorException.forbidden()
         self.write_json_response(org.to_dict())

Exemplo n.º 17

Arquivo: artifact.py Projeto: baxterjfinch/dragonspectrum

    def validate_rm_group_request(self, request, user):
        if not self.has_permission_admin(user):
            raise HttpErrorException.forbidden()
        if not Artifact.valid_id(request.get('remove_group')) and not request.get('remove_group') == 'world':
            raise HttpErrorException.bad_request('invalid group id')

        group = Group.get_by_id(request.get('remove_group'))
        if not group:
            raise HttpErrorException.bad_request('invalid group id')

        return group

Exemplo n.º 18

Arquivo: selectedphrasing.py Projeto: baxterjfinch/dragonspectrum

    def post(self, phrasing_id=None):
        if not phrasing_id:
            raise HttpErrorException.bad_request('no phrasing_id given')

        phrasing = Phrasing.get_by_id(phrasing_id)
        if not phrasing:
            raise HttpErrorException.bad_request('invalid phrasing_id given')
        if not self.json_request.get('document'):
            raise HttpErrorException.bad_request('no document given')

        document = Document.get_by_id(self.json_request.get('document'))
        if not document:
            raise HttpErrorException.bad_request('invalid document given')
        if not document.has_permission(self.user, 'manage_phrasings'):
            raise HttpErrorException.forbidden()

        if not document.presentation_document:
            raise HttpErrorException.bad_request(
                'document does not have a presentation')

        sum_doc = document.presentation_document.get()
        if not sum_doc:
            raise HttpErrorException.bad_request(
                'document does not have a presentation')

        concept = phrasing.concept.get()
        if concept.has_presentation_selected_phrasing(document=sum_doc):
            selected_phrasing = concept.get_presentation_selected_phrasing(
                sum_doc)
            selected_phrasing.phrasing = phrasing.key
            selected_phrasing.put()
        else:
            selected_phrasing = PresentationSelectedPhrasing(
                id=PresentationSelectedPhrasing.create_uuid(),
                project=concept.project,
                document=sum_doc.key,
                phrasing=phrasing.key)
            selected_phrasing.put()

            concept.presentation_selected_phrasings.append(
                selected_phrasing.key)
            concept.put()

        project = document.project.get(
        )  # Don't want concept's project, this could be a linked concept
        project.pw_modified_ts = datetime.datetime.now()
        project.put()

        self.get_analytic_session()
        concept.record_analytic('con_phr_cha', self.analytic_session)

        if selected_phrasing:
            self.write_json_response(selected_phrasing.to_dict())

Exemplo n.º 19

Arquivo: publish.py Projeto: baxterjfinch/dragonspectrum

    def delete(self, publish):
        publish = PublishPresentation.get_by_id(publish)
        if not publish:
            raise HttpErrorException.bad_request('invalid publish id')

        document = publish.document.get()
        if not document:
            raise HttpErrorException.bad_request('document does not exists')
        if not document.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        publish.key.delete()

Exemplo n.º 20

    def new(request, request_data, request_user):
        if not request_user.is_super_admin:
            lr = tt_logging.construct_log(
                msg_short='Non-Admin User Tried Creating New Organization',
                log_type=tt_logging.SECURITY,
                request_user=request_user,
                request=request)
            log.warning(lr['dict_msg']['msg'], extra=lr)
            raise HttpErrorException.forbidden()
        if request_data.get('name') is None:
            raise HttpErrorException.bad_request('no name given')
        if request_data.get('id') is None:
            raise HttpErrorException.bad_request('no organization id given')

        org = Organization(
            key=Organization.create_key(request_data.get('id').strip()))
        org.name = request_data.get('name').strip()
        org.groups.append(Group.get_worldshare_key())
        if request_data.get('description') is not None:
            org.description = request_data.get('description')
        if request_data.get('domain') is not None:
            org.domain = request_data.get('domain')
        if request_data.get('owner') is not None:
            org.owner = request_data.get('owner')
        if request_data.get('webpage') is not None:
            org.webpage = request_data.get('webpage')
        if request_data.get('point_of_contact') is not None:
            org.point_of_contact = request_data.get('point_of_contact')
        if request_data.get('email') is not None:
            org.email = request_data.get('email')
        if request_data.get('phone') is not None:
            org.phone = request_data.get('phone')
        if request_data.get('fax') is not None:
            org.fax = request_data.get('fax')
        if request_data.get('account_type') is not None:
            org.account_type = request_data.get('account_type')
        group = Group(key=Group.create_key(),
                      name=org.name,
                      description=str(org.name) + '\'s organization group',
                      organization=org.key,
                      active=True)
        group.put()
        org.groups.append(group.key)
        org.org_group = group.key
        org.put()
        lr = tt_logging.construct_log(msg_short='New Organization Was Created',
                                      log_type=tt_logging.DEFAULT,
                                      request_user=request_user,
                                      request=request,
                                      artifact=org)
        log.info(lr['dict_msg']['msg'], extra=lr)
        return org.to_dict()

Exemplo n.º 21

 def put(self, coupon_code=None):
     if not self.user.is_super_admin:
         raise HttpErrorException.forbidden()
     if not coupon_code:
         raise HttpErrorException.bad_request('no coupon code given')
     try:
         coupon.Coupon.new(coupon_code.lower(), self.json_request)
     except coupon.InvalidCouponCodeException as e:
         raise HttpErrorException.bad_request(e.message)
     except coupon.InvalidPropertyException as e:
         raise HttpErrorException.bad_request(e.message)
     except coupon.InvalidCouponEngineException as e:
         raise HttpErrorException.bad_request(e.message)

Exemplo n.º 22

 def get(self, pay_plan=None):
     if not self.user.is_super_admin:
         lr = tt_logging.construct_log(
             msg_short='Non-Admin User Attemped to Access Payment Plans',
             log_type=tt_logging.SECURITY,
             request=self.request,
             request_user=self.user)
         log.warning(lr['dict_msg']['msg'], extra=lr)
         raise HttpErrorException.forbidden()
     if not pay_plan:
         self.write_json_response(payment_plan.get_payment_plan_list())
     else:
         raise NotImplementedError()

Exemplo n.º 23

 def get(self, organization=None):
     if organization:
         self.organization = Organization.get_by_id(organization)
         if not self.organization:
             raise HttpErrorException.bad_request('invalid organization id')
     if (not self.user.is_super_admin
             or (self.organization and not self.user.is_org_admin
                 and self.organization.key != self.user.organization)):
         raise HttpErrorException.forbidden()
     temp_data = {}
     template_index = JINJA_ENVIRONMENT.get_template(
         'admin_panel/thinktank/analytics.html')
     self.response.write(template_index.render(temp_data))

Exemplo n.º 24

Arquivo: organization.py Projeto: baxterjfinch/dragonspectrum

 def get(self, organization=None):
     if not self.user.is_admin:
         raise HttpErrorException.forbidden()
     if organization:
         organization = Organization.get_by_id(organization)
         if not organization:
             raise HttpErrorException.bad_request('invalid org id')
     temp_data = {}
     if organization:
         temp_data['org'] = organization
     template_index = JINJA_ENVIRONMENT.get_template(
         'admin_panel/organization.html')
     self.response.write(template_index.render(temp_data))

Exemplo n.º 25

    def delete(self, phrasing_id=None):
        if not phrasing_id:
            raise HttpErrorException.bad_request('no phrasing_id given')

        phrasing = Phrasing.get_by_id(phrasing_id)
        if not phrasing:
            raise HttpErrorException.bad_request('invalid phrasing_id given')
        if not phrasing.has_permission_write(self.user):
            raise HttpErrorException.forbidden()

        concept = phrasing.concept.get()
        if phrasing.key == concept.distilled_phrasing:
            raise HttpErrorException.forbidden()

        project = phrasing.project.get()
        project.pw_modified_ts = datetime.datetime.now()
        project.put()

        trans = Transaction(action='phr_del',
                            user=self.user.key,
                            artifact=phrasing.key,
                            project=project.key)
        trans.put()

        self.get_channel_token()
        channel_tokens = ChannelToken.get_by_project_key(
            project.key, self.user_channel_token)
        channel_tokens = ChannelToken.remove_unauthorized_users(
            channel_tokens, [concept, phrasing])
        message = {
            'user': self.get_user_channel_data(),
            'transaction': trans.to_dict(self.user)
        }
        ChannelToken.broadcast_message(channel_tokens, message)

        phrasing.delete(concept, self.user)
        self.get_analytic_session()
        concept.record_analytic('con_phr_del', self.analytic_session)

Exemplo n.º 26

Arquivo: organization.py Projeto: baxterjfinch/dragonspectrum

 def get(self, org_id=None):
     if self.user.is_super_admin:
         self._serve_site_organizations()
     elif self.user.is_org_admin:
         self._serve_user_organization()
     else:
         lr = tt_logging.construct_log(
             msg_short='Non-Admin User Tried Access Organizations',
             msg='A Non-Admin user tried accessing other organizations',
             log_type=tt_logging.SECURITY, request_user=self.user,
             request=self.request
         )
         log.warning(lr['dict_msg']['msg'], extra=lr)
         raise HttpErrorException.forbidden()

Exemplo n.º 27

 def get(self, hours):
     if not self.user.is_super_admin:
         raise HttpErrorException.forbidden()
     if not hours:
         raise HttpErrorException.bad_request('no hours given')
     try:
         hours = int(hours)
     except ValueError:
         raise HttpErrorException.bad_request('hours must be int')
     start_time = datetime.now() - timedelta(hours=hours)
     healths = Health.query(Health.ts > start_time).order(Health.ts).fetch()
     healths_dict = []
     for health in healths:
         healths_dict.append(health.to_dict())
     self.response.write(json.dumps(healths_dict))

Exemplo n.º 28

Arquivo: chat.py Projeto: baxterjfinch/dragonspectrum

    def get(self):
        if self.json_request.get('project') is None:
            raise HttpErrorException.bad_request('invalid project id')

        project = Project.get_by_id(self.json_request.get('project'))
        if not project:
            raise HttpErrorException.bad_request('invalid project id')
        if self.json_request.get('document') is None:
            raise HttpErrorException.bad_request('invalid document id')

        document = Document.get_by_id(self.json_request.get('document'))
        if not document:
            raise HttpErrorException.bad_request('invalid document id')
        if not document.has_permission_read(self.user):
            raise HttpErrorException.forbidden()

        try:
            limit = int(self.request.get('limit', 30))
        except ValueError:
            raise HttpErrorException.bad_request('limit must be int')

        try:
            before_date = int(self.request.get('before_date', 0))
        except ValueError:
            raise HttpErrorException.bad_request('before_date must be int')

        if limit > 100:
            limit = 100

        if before_date and before_date > 0:
            before_date = datetime.fromtimestamp(before_date / 1000.0)
            chat_query = ChatMessage.query(
                ndb.AND(ChatMessage.project == project.key,
                        ChatMessage.document == document.key,
                        ChatMessage.created_ts < before_date))
        else:
            chat_query = ChatMessage.query(
                ndb.AND(ChatMessage.project == project.key,
                        ChatMessage.document == document.key))

        chat_messages = chat_query.order(
            ChatMessage.created_ts).fetch(limit=limit)

        chat_messages_dict = []
        for chat in chat_messages:
            chat_messages_dict.append(chat.to_dict())

        self.write_json_response(chat_messages_dict)

Exemplo n.º 29

 def edit(request, request_data, request_user):
     org = None
     if not request_user.is_admin and org.organization == request_user.key:
         lr = tt_logging.construct_log(
             msg_short='Non-Admin User Tried Altering Organization',
             log_type=tt_logging.SECURITY,
             request_user=request_user,
             request=request,
             artifact=org)
         log.warning(lr['dict_msg']['msg'], extra=lr)
         raise HttpErrorException.forbidden()
     if request_data.get('add'):
         if request_data.get('admin'):
             if request_data.get('user_id') == '':
                 raise HttpErrorException.bad_request('no user_id given')
             user = ndb.Key('User', request_data.get('user_id'))
             if not user:
                 raise HttpErrorException.bad_request(
                     'invalid user_id given')
             if user.key not in org.admins:
                 lr = tt_logging.construct_log(
                     msg_short='User Was Added as Organization Admin',
                     log_type=tt_logging.USER,
                     request_user=request_user,
                     request=request,
                     artifact=org,
                     affected_user=user)
                 log.info(lr['dict_msg']['msg'], extra=lr)
                 org.admins.append(user.key)
     if request_data.get('remove'):
         if request_data.get('remove') == 'admin':
             if request_data.get('user_id') == '':
                 raise HttpErrorException.bad_request('no user_id given')
             user = ndb.Key('User', request_data.get('user_id'))
             if not user:
                 raise HttpErrorException.bad_request(
                     'invalid user_id given')
             if user.key in org.admins:
                 lr = tt_logging.construct_log(
                     msg_short='User Was Removed as Organization Admin',
                     log_type=tt_logging.USER,
                     request_user=request_user,
                     request=request,
                     artifact=org,
                     affected_user=user)
                 log.info(lr['dict_msg']['msg'], extra=lr)
                 org.admins.remove(user.key)
     org.put()

Exemplo n.º 30

Arquivo: publish.py Projeto: baxterjfinch/dragonspectrum

    def get(self, publish):
        if not publish:
            raise HttpErrorException.bad_request('invalid publish id given')

        pub = memcache.get(publish, namespace='document_publish')
        if not pub:
            raise HttpErrorException.not_found()

        if pub == '500':
            self.write_json_response({'error': 500})
        else:
            document = pub.document.get()
            if not document.has_permission_read(self.user):
                raise HttpErrorException.forbidden()

            self.write_json_response(pub.to_dict(html=False))