def main(argv=sys.argv):
if len(argv) < 2:
usage(argv)
config_uri = argv[1]
options = parse_vars(argv[2:])
setup_logging(config_uri)
settings = get_appsettings(config_uri, name="testscaffold", options=options)
engine = get_engine(settings)
session_factory = get_session_factory(engine)
dbsession = get_tm_session(session_factory, transaction.manager)
with transaction.manager:
user = User(user_name="admin", email="foo@localhost")
UserService.set_password(user, "admin")
admin_object = Group(group_name="Administrators")
group_permission = GroupPermission(perm_name="root_administration")
dbsession.add(admin_object)
admin_object.permissions.append(group_permission)
admin_object.users.append(user)
test_group = Group(group_name="Other group")
dbsession.add(test_group)
for x in range(1, 25):
user = User(user_name="test{}".format(x), email="foo{}@localhost".format(x))
UserService.set_password(user, "test")
test_group.users.append(user)
def users_create(request):
"""
Returns users list
"""
form = forms.UserCreateForm(MultiDict(request.safe_json_body or {}),
csrf_context=request)
if form.validate():
log.info("registering user")
# probably not needed in the future since this requires root anyways
# lets keep this here in case we lower view permission in the future
# if request.registry.settings['appenlight.disable_registration']:
# return HTTPUnprocessableEntity(body={'error': 'Registration is currently disabled.'})
user = User()
# insert new user here
DBSession.add(user)
form.populate_obj(user)
UserService.regenerate_security_code(user)
UserService.set_password(user, user.user_password)
user.status = 1 if form.status.data else 0
request.session.flash(_("User created"))
DBSession.flush()
return user.get_dict(exclude_keys=[
"security_code_date",
"notes",
"security_code",
"user_password",
])
else:
return HTTPUnprocessableEntity(body=form.errors_json)
def get_dict(self, exclude_keys=None, include_keys=None, extended_info=False):
result = super(User, self).get_dict(exclude_keys, include_keys)
if extended_info:
result["groups"] = [g.group_name for g in self.groups]
result["permissions"] = [p.perm_name for p in UserService.permissions(self)]
request = get_current_request()
apps = UserService.resources_with_perms(
self, ["view"], resource_types=["application"]
)
result["applications"] = sorted(
[
{"resource_id": a.resource_id, "resource_name": a.resource_name}
for a in apps.all()
],
key=lambda x: x["resource_name"].lower(),
)
result["assigned_reports"] = [
r.get_dict(request) for r in self.assigned_report_groups
]
result["latest_events"] = [
ev.get_dict(request) for ev in self.latest_events()
]
exclude_keys_list = exclude_keys or []
include_keys_list = include_keys or []
d = {}
for k in result.keys():
if k not in exclude_keys_list and (
k in include_keys_list or not include_keys
):
d[k] = result[k]
return d
def lost_password(request):
"""
Presents lost password page - sends password reset link to
specified email address.
This link is valid only for 10 minutes
"""
form = forms.LostPasswordForm(request.POST, csrf_context=request)
if request.method == "POST" and form.validate():
user = UserService.by_email(form.email.data)
if user:
UserService.regenerate_security_code(user)
user.security_code_date = datetime.datetime.utcnow()
email_vars = {
"user": user,
"request": request,
"email_title": "AppEnlight :: New password request",
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template="/email_templates/lost_password.jinja2",
)
msg = (
"Password reset email had been sent. "
"Please check your mailbox for further instructions."
)
request.session.flash(_(msg))
return HTTPFound(location=request.route_url("lost_password"))
return {"form": form}
def user_resource_permission_create(request):
"""
Set new permissions for user for a resource
"""
resource = request.context.resource
user_name = request.unsafe_json_body.get("user_name")
user = UserService.by_user_name(user_name)
if not user:
user = UserService.by_email(user_name)
if not user:
return False
for perm_name in request.unsafe_json_body.get("permissions", []):
permission = UserResourcePermissionService.by_resource_user_and_perm(
user.id, perm_name, resource.resource_id
)
if not permission:
permission = UserResourcePermission(perm_name=perm_name, user_id=user.id)
resource.user_permissions.append(permission)
DBSession.flush()
perms = [
p.perm_name
for p in ResourceService.perms_for_user(resource, user)
if p.type == "user"
]
result = {"user_name": user.user_name, "permissions": list(set(perms))}
return result
def groups_users_add(request):
"""
Get list of permissions assigned to specific resources
"""
group = GroupService.by_id(request.matchdict.get("group_id"))
user = UserService.by_user_name(request.unsafe_json_body.get("user_name"))
if not user:
user = UserService.by_email(request.unsafe_json_body.get("user_name"))
if not group or not user:
return HTTPNotFound()
if user not in group.users:
group.users.append(user)
group.member_count = group.users_dynamic.count()
props = [
"user_name",
"id",
"first_name",
"last_name",
"email",
"last_login_date",
"status",
]
u_dict = user.get_dict(include_keys=props)
u_dict["gravatar_url"] = UserService.gravatar_url(user, s=20)
return u_dict
def test_generate_random_pass(self, db_session):
rand_str = UserService.generate_random_pass()
assert len(rand_str) == 7
assert isinstance(rand_str, six.string_types)
rand_str = UserService.generate_random_pass(20)
assert len(rand_str) == 20
def test_regenerate_security_code(self, db_session):
created_user = add_user(db_session)
old_code = created_user.security_code
UserService.regenerate_security_code(created_user)
new_code = created_user.security_code
assert old_code != new_code
assert len(new_code) == 64
def test_delete_object_with_flush(self, db_session):
user = User(user_name="some_new_user", email="foo")
assert user.id is None
user.persist(flush=True, db_session=db_session)
assert user.id is not None
uid = user.id
UserService.by_id(uid, db_session=db_session) is not None
user.delete()
assert UserService.by_id(uid, db_session=db_session) is None
def test_users_for_perms(self, db_session):
user = User(user_name="aaa", email="aaa", status=0)
UserService.set_password(user, "password")
aaa_perm = UserPermission(perm_name="aaa")
bbb_perm = UserPermission(perm_name="bbb")
bbb2_perm = UserPermission(perm_name="bbb")
user.user_permissions.append(aaa_perm)
user.user_permissions.append(bbb_perm)
user2 = User(user_name="bbb", email="bbb", status=0)
UserService.set_password(user2, "password")
user2.user_permissions.append(bbb2_perm)
user3 = User(user_name="ccc", email="ccc", status=0)
UserService.set_password(user3, "password")
group = add_group(db_session)
group.users.append(user3)
db_session.add(user)
db_session.add(user2)
db_session.flush()
users = UserService.users_for_perms(["aaa"], db_session=db_session)
assert len(users.all()) == 1
assert users[0].user_name == "aaa"
users = UserService.users_for_perms(["bbb"], db_session=db_session).all()
assert len(users) == 2
assert ["aaa", "bbb"] == sorted([u.user_name for u in users])
users = UserService.users_for_perms(
["aaa", "bbb", "manage_apps"], db_session=db_session
)
assert ["aaa", "bbb", "ccc"] == sorted([u.user_name for u in users])
def test_users_for_perms(self, db_session):
user = User(user_name="aaa", email="aaa", status=0)
UserService.set_password(user, "password")
aaa_perm = UserPermission(perm_name="aaa")
bbb_perm = UserPermission(perm_name="bbb")
bbb2_perm = UserPermission(perm_name="bbb")
user.user_permissions.append(aaa_perm)
user.user_permissions.append(bbb_perm)
user2 = User(user_name="bbb", email="bbb", status=0)
UserService.set_password(user2, "password")
user2.user_permissions.append(bbb2_perm)
user3 = User(user_name="ccc", email="ccc", status=0)
UserService.set_password(user3, "password")
group = add_group(db_session)
group.users.append(user3)
db_session.add(user)
db_session.add(user2)
db_session.flush()
users = UserService.users_for_perms(["aaa"], db_session=db_session)
assert len(users.all()) == 1
assert users[0].user_name == "aaa"
users = UserService.users_for_perms(["bbb"],
db_session=db_session).all()
assert len(users) == 2
assert ["aaa", "bbb"] == sorted([u.user_name for u in users])
users = UserService.users_for_perms(["aaa", "bbb", "manage_apps"],
db_session=db_session)
assert ["aaa", "bbb", "ccc"] == sorted([u.user_name for u in users])
def users_resource_permissions_list(request):
"""
Get list of permissions assigned to specific resources
"""
user = UserService.by_id(request.matchdict.get("user_id"))
if not user:
return HTTPNotFound()
return [
permission_tuple_to_dict(perm)
for perm in UserService.resources_with_possible_perms(user)
]
def add_user(db_session,
user_name="username",
email="email",
perms=["root", "alter_users"]):
user = User(user_name=user_name, email=email, status=0)
UserService.set_password(user, "password")
for perm in perms:
u_perm = UserPermission(perm_name=perm)
user.user_permissions.append(u_perm)
db_session.add(user)
db_session.flush()
return user
def assign_users(request):
"""
Assigns specific report group to user for review - send email notification
"""
report_group = request.context.report_group
application = request.context.resource
currently_assigned = [u.user_name for u in report_group.assigned_users]
new_assigns = request.unsafe_json_body
# first unassign old users
for user_name in new_assigns["unassigned"]:
if user_name in currently_assigned:
user = UserService.by_user_name(user_name)
report_group.assigned_users.remove(user)
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
comment.body = "Unassigned group from @%s" % user_name
report_group.comments.append(comment)
# assign new users
for user_name in new_assigns["assigned"]:
if user_name not in currently_assigned:
user = UserService.by_user_name(user_name)
if user in report_group.assigned_users:
report_group.assigned_users.remove(user)
DBSession.flush()
assignment = ReportAssignment(
owner_id=user.id,
report_time=report_group.first_timestamp,
group_id=report_group.id,
)
DBSession.add(assignment)
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
comment.body = "Assigned report_group to @%s" % user_name
report_group.comments.append(comment)
email_vars = {
"user": user,
"request": request,
"application": application,
"report_group": report_group,
"email_title": "AppEnlight :: Assigned Report",
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template="/email_templates/assigned_report.jinja2",
)
return True
def comment_create(request):
"""
Creates user comments for report group, sends email notifications
of said comments
"""
report_group = request.context.report_group
application = request.context.resource
form = forms.CommentForm(MultiDict(request.unsafe_json_body),
csrf_context=request)
if request.method == "POST" and form.validate():
comment = ReportComment(owner_id=request.user.id,
report_time=report_group.first_timestamp)
form.populate_obj(comment)
report_group.comments.append(comment)
perm_list = ResourceService.users_for_perm(application, "view")
uids_to_notify = []
users_to_notify = []
for perm in perm_list:
user = perm.user
if ("@{}".format(user.user_name) in comment.body
and user.id not in uids_to_notify):
uids_to_notify.append(user.id)
users_to_notify.append(user)
commenters = ReportGroupService.users_commenting(
report_group, exclude_user_id=request.user.id)
for user in commenters:
if user.id not in uids_to_notify:
uids_to_notify.append(user.id)
users_to_notify.append(user)
for user in users_to_notify:
email_vars = {
"user": user,
"commenting_user": request.user,
"request": request,
"application": application,
"report_group": report_group,
"comment": comment,
"email_title": "AppEnlight :: New comment",
}
UserService.send_email(
request,
recipients=[user.email],
variables=email_vars,
template="/email_templates/new_comment_report.jinja2",
)
request.session.flash(_("Your comment was created"))
return comment.get_dict()
else:
return form.errors
def add_user(
db_session,
user_name="username",
email="email",
perms=["root", "alter_users"],
password="******",
):
user = User(user_name=user_name, email=email, status=0)
UserService.set_password(user, password)
for perm in perms:
u_perm = UserPermission(perm_name=perm)
user.user_permissions.append(u_perm)
db_session.add(user)
db_session.flush()
return user
def test_resources_with_possible_perms(self, db_session):
self.set_up_user_group_and_perms(db_session)
resource = ResourceTestobjB(resource_id=3,
resource_name="other",
owner_user_id=self.user.id)
self.user.resources.append(resource)
resource_g = ResourceTestobjB(resource_id=4,
resource_name="group owned")
self.group.resources.append(resource_g)
db_session.flush()
perms = UserService.resources_with_possible_perms(
self.user, db_session=db_session)
second = [
PermissionTuple(self.user, "foo_perm", "user", None, self.resource,
False, True),
PermissionTuple(self.user, "group_perm", "group", self.group,
self.resource, False, True),
PermissionTuple(self.user, "test_perm2", "user", None,
self.resource, False, True),
PermissionTuple(self.user, ALL_PERMISSIONS, "user", None, resource,
True, True),
PermissionTuple(self.user, ALL_PERMISSIONS, "group", self.group,
resource_g, True, True),
]
check_one_in_other(perms, second)
def get_paginator(
cls,
user,
page=1,
item_count=None,
items_per_page=50,
order_by=None,
filter_settings=None,
db_session=None,
):
if not filter_settings:
filter_settings = {}
registry = get_current_registry()
resources = UserService.resources_with_perms(
user, ["view"], resource_types=registry.resource_types)
resource_ids = [r.resource_id for r in resources]
query = EventService.for_resource(resource_ids,
or_target_user_id=user.id,
limit=100,
db_session=db_session)
paginator = SqlalchemyOrmPage(query,
page=page,
items_per_page=items_per_page,
**filter_settings)
return paginator
def test_resources_ids_with_perm(self, db_session):
created_user = add_user(db_session)
resource1 = add_resource(db_session, 1, "test_resource1")
resource2 = add_resource(db_session, 2, "test_resource2")
resource3 = add_resource(db_session, 3, "test_resource3")
permission1 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource1.resource_id,
)
permission2 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource2.resource_id,
)
permission3 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource3.resource_id,
)
resource1.user_permissions.append(permission1)
resource2.user_permissions.append(permission2)
resource3.user_permissions.append(permission3)
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["test_perm"],
resource_ids=[1, 3],
db_session=db_session).all()
assert resources == [resource1, resource3]
def test_resources_ids_with_perm(self, db_session):
created_user = add_user(db_session)
resource1 = add_resource(db_session, 1, "test_resource1")
resource2 = add_resource(db_session, 2, "test_resource2")
resource3 = add_resource(db_session, 3, "test_resource3")
permission1 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource1.resource_id,
)
permission2 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource2.resource_id,
)
permission3 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource3.resource_id,
)
resource1.user_permissions.append(permission1)
resource2.user_permissions.append(permission2)
resource3.user_permissions.append(permission3)
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["test_perm"], resource_ids=[1, 3], db_session=db_session
).all()
assert resources == [resource1, resource3]
def auth_tokens_POST(request):
"""
Lists all available alert channels
"""
if request.matched_route.name == "users_self_property":
user = request.user
else:
user = UserService.by_id(request.matchdict.get("user_id"))
if not user:
return HTTPNotFound()
req_data = request.safe_json_body or {}
if not req_data.get("expires"):
req_data.pop("expires", None)
form = forms.AuthTokenCreateForm(MultiDict(req_data), csrf_context=request)
if not form.validate():
return HTTPUnprocessableEntity(body=form.errors_json)
token = AuthToken()
form.populate_obj(token)
if token.expires:
interval = h.time_deltas.get(token.expires)["delta"]
token.expires = datetime.datetime.utcnow() + interval
user.auth_tokens.append(token)
DBSession.flush()
return token.get_dict()
def login_failure(request, reason=None):
"""
Response from redirect upon login failure, either because of invalid or incorrect user credentials.
.. seealso::
- :func:`sign_in`
"""
http_err = HTTPUnauthorized
if reason is None:
reason = s.Signin_POST_UnauthorizedResponseSchema.description
try:
user_name = ar.get_value_multiformat_body_checked(request, "user_name", default=None)
ar.get_value_multiformat_body_checked(request, "password", default=None, pattern=None)
except HTTPException:
http_err = HTTPBadRequest
reason = s.Signin_POST_BadRequestResponseSchema.description
else:
user_name_list = ax.evaluate_call(
lambda: [user.user_name for user in UserService.all(models.User, db_session=request.db)],
fallback=lambda: request.db.rollback(), http_error=HTTPForbidden,
msg_on_fail=s.Signin_POST_ForbiddenResponseSchema.description)
if user_name in user_name_list:
http_err = HTTPInternalServerError
reason = s.Signin_POST_Internal_InternalServerErrorResponseSchema.description
content = ag.get_request_info(request, default_message=s.Signin_POST_UnauthorizedResponseSchema.description)
content.setdefault("detail", str(reason))
ax.raise_http(http_error=http_err, content=content, detail=s.Signin_POST_UnauthorizedResponseSchema.description)
def test_by_username_andsecurity_code_wrong_code(self, db_session):
add_user(db_session)
queried_user = UserService.by_user_name_and_security_code(
user_name="username", security_code="wrong_code", db_session=db_session
)
assert queried_user is None
def test_by_user_name_not_existing(self, db_session):
add_user(db_session)
queried_user = UserService.by_user_name(
"not_existing_user", db_session=db_session
)
assert queried_user is None
def users_websocket(request):
"""
Handle authorization of users trying to connect
"""
# handle preflight request
user = request.user
if request.method == "OPTIONS":
res = request.response.body("OK")
add_cors_headers(res)
return res
applications = UserService.resources_with_perms(
user, ["view"], resource_types=["application"])
channels = ["app_%s" % app.resource_id for app in applications]
payload = {
"username": user.user_name,
"conn_id": str(uuid.uuid4()),
"channels": channels,
}
settings = request.registry.settings
response = channelstream_request(
settings["cometd.secret"],
"/connect",
payload,
servers=[request.registry.settings["cometd_servers"]],
throw_exceptions=True,
)
return payload
def search_users(request):
"""
Returns a list of users for autocomplete
"""
user = request.user
items_returned = []
like_condition = request.params.get("user_name", "") + "%"
# first append used if email is passed
found_user = UserService.by_email(request.params.get("user_name", ""))
if found_user:
name = "{} {}".format(found_user.first_name, found_user.last_name)
items_returned.append({"user": found_user.user_name, "name": name})
for found_user in UserService.user_names_like(like_condition).limit(20):
name = "{} {}".format(found_user.first_name, found_user.last_name)
items_returned.append({"user": found_user.user_name, "name": name})
return items_returned
def test_resources_with_possible_perms(self, db_session):
self.set_up_user_group_and_perms(db_session)
resource = TestResourceB(
resource_id=3, resource_name="other", owner_user_id=self.user.id
)
self.user.resources.append(resource)
resource_g = TestResourceB(resource_id=4, resource_name="group owned")
self.group.resources.append(resource_g)
db_session.flush()
perms = UserService.resources_with_possible_perms(
self.user, db_session=db_session
)
second = [
PermissionTuple(
self.user, "foo_perm", "user", None, self.resource, False, True
),
PermissionTuple(
self.user, "group_perm", "group", self.group, self.resource, False, True
),
PermissionTuple(
self.user, "test_perm2", "user", None, self.resource, False, True
),
PermissionTuple(
self.user, ALL_PERMISSIONS, "user", None, resource, True, True
),
PermissionTuple(
self.user, ALL_PERMISSIONS, "group", self.group, resource_g, True, True
),
]
check_one_in_other(perms, second)
def get_user_resources_permissions_dict(user, request, resource_types=None, resource_ids=None,
inherit_groups_permissions=True, resolve_groups_permissions=False):
# type: (models.User, Request, Optional[List[Str]], Optional[List[int]], bool, bool) -> ResourcePermissionMap
"""
Creates a dictionary of resources ID with corresponding permissions of the user.
.. seealso::
:func:`regroup_permissions_by_resource`
:param user: user for which to find resources permissions
:param request: request with database session connection
:param resource_types: filter the search query with only the specified resource types
:param resource_ids: filter the search query to only the specified resource IDs
:param inherit_groups_permissions:
Whether to include group inherited permissions from user memberships or not.
If ``False``, return only user-specific resource permissions.
Otherwise, resolve inherited permissions using all groups the user is member of.
:param resolve_groups_permissions: whether to combine corresponding user/group permissions into one or not.
:return:
Only resources which the user has permissions on, or including all :term:`Inherited Permissions`, according to
:paramref:`inherit_groups_permissions` argument.
"""
ax.verify_param(user, not_none=True, http_error=HTTPNotFound,
msg_on_fail=s.UserResourcePermissions_GET_NotFoundResponseSchema.description)
# full list of user/groups permissions, filter afterwards according to flags
res_perm_tuple_list = UserService.resources_with_possible_perms(
user, resource_ids=resource_ids, resource_types=resource_types, db_session=request.db)
if not inherit_groups_permissions and not resolve_groups_permissions:
res_perm_tuple_list = filter_user_permission(res_perm_tuple_list, user)
return regroup_permissions_by_resource(res_perm_tuple_list, resolve=resolve_groups_permissions)
def test_by_mail_and_username(self, db_session):
created_user = add_user(db_session)
queried_user = UserService.by_email_and_username(
"email", "username", db_session=db_session
)
assert created_user == queried_user
class AuthToken(Base, BaseModel):
"""
Stores information about possible alerting options
"""
__tablename__ = 'auth_tokens'
id = sa.Column(sa.Integer, primary_key=True, nullable=False)
token = sa.Column(sa.Unicode(40),
nullable=False,
default=lambda x: UserService.generate_random_string(40))
owner_id = sa.Column(
sa.Unicode(30),
sa.ForeignKey('users.id', onupdate='CASCADE', ondelete='CASCADE'))
creation_date = sa.Column(sa.DateTime, default=lambda x: datetime.utcnow())
expires = sa.Column(sa.DateTime)
description = sa.Column(sa.Unicode, default='')
@property
def is_expired(self):
if self.expires:
return self.expires < datetime.utcnow()
else:
return False
def __str__(self):
return '<AuthToken u:%s t:%s...>' % (self.owner_id, self.token[0:10])
def test_by_mail_and_username_wrong_username(self, db_session):
add_user(db_session)
queried_user = UserService.by_email_and_username(
"email", "wrong_username", db_session=db_session
)
assert queried_user is None
def users_DELETE(request):
"""
Removes a user permanently from db - makes a check to see if after the
operation there will be at least one admin left
"""
msg = _("There needs to be at least one administrator in the system")
user = UserService.by_id(request.matchdict.get("user_id"))
if user:
users = UserService.users_for_perms(["root_administration"]).all()
if len(users) < 2 and user.id == users[0].id:
request.session.flash(msg, "warning")
else:
DBSession.delete(user)
request.session.flash(_("User removed"))
return True
request.response.status = 422
return False
def groups_with_resources(self):
"""
.. deprecated:: 0.8
:return:
"""
return UserService.groups_with_resources(self)
def regenerate_security_code(self):
"""
.. deprecated:: 0.8
:return:
"""
return UserService.regenerate_security_code(self)
def regenerate_security_code(self):
"""
.. deprecated:: 0.8
:return:
"""
return UserService.regenerate_security_code(self)
def groups_with_resources(self):
"""
.. deprecated:: 0.8
:return:
"""
return UserService.groups_with_resources(self)
def validate_email(self, value):
request = self.context['request']
modified_obj = self.context.get('modified_obj')
user = UserService.by_email(value, db_session=request.dbsession)
if user:
if not modified_obj or modified_obj.id != user.id:
msg = _('Email already exists in database')
raise validate.ValidationError(msg)
def check_password(self, raw_password):
"""
.. deprecated:: 0.8
:param raw_password:
:return:
"""
return UserService.check_password(self, raw_password=raw_password)
def permissions(self):
"""
.. deprecated:: 0.8
:return:
"""
db_session = get_db_session(None, self)
return UserService.permissions(self, db_session=db_session)
def test_owned_permissions(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
created_user.resources.append(resource)
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["test_perm"], db_session=db_session
).all()
assert resources[0] == resource
def generate_random_string(chars=7):
"""
.. deprecated:: 0.8
:param chars:
:return:
"""
return UserService.generate_random_pass(chars=chars)
def gravatar_url(self, default='mm', **kwargs):
"""
.. deprecated:: 0.8
:param default:
:param kwargs:
:return:
"""
return UserService.gravatar_url(self, default, **kwargs)
def get_user(request):
userid = request.unauthenticated_userid
if try_global_session:
# set db_session to none to pass to the UserModel.by_id so it can try to autodiscover
db_session = None
else:
# Else assign the request.session
db_session = session_provider_callable(request)
if userid is not None:
return UserService.by_id(userid, db_session=db_session)
def test_user_permissions(self, db_session):
created_user = add_user(db_session)
permissions = UserService.permissions(created_user, db_session=db_session)
expected = [
PermissionTuple(
created_user, "alter_users", "user", None, None, False, True
),
PermissionTuple(created_user, "root", "user", None, None, False, True),
]
check_one_in_other(permissions, expected)
def test_permission_add(self, full_app, sqla_session):
from ziggurat_foundations.models.services.user import UserService
with session_context(sqla_session) as session:
admin, token = create_admin(session)
user = create_user(
{"user_name": "testX", "email": "*****@*****.**"},
sqla_session=session,
)
url_path = "/api/0.1/users/{}/permissions".format(user.id)
headers = {str("x-testscaffold-auth-token"): str(token)}
permission = {"perm_name": "root_administration"}
permissions = UserService.permissions(user)
assert not list(permissions)
full_app.post_json(url_path, permission, status=200, headers=headers)
sqla_session.expire_all()
permissions = UserService.permissions(user)
assert permissions[0].perm_name == "root_administration"
def by_id(cls, user_id, db_session=None):
"""
.. deprecated:: 0.8
:param user_id:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.by_id(user_id=user_id, db_session=db_session)
def sign_in(self, request):
came_from = request.params.get(self.signin_came_from_key, "/")
db_session = self.session_getter(request)
user = UserService.by_user_name(
request.params.get(self.signin_username_key), db_session=db_session
)
if user is None:
# if no result, test to see if email exists
user = UserService.by_email(
request.params.get(self.signin_username_key), db_session=db_session
)
if user:
password = request.params.get(self.signin_password_key)
if UserService.check_password(user, password):
headers = pyramid.security.remember(request, user.id)
return ZigguratSignInSuccess(
headers=headers, came_from=came_from, user=user
)
headers = pyramid.security.forget(request)
return ZigguratSignInBadAuth(headers=headers, came_from=came_from)
def by_email(cls, email, db_session=None):
"""
.. deprecated:: 0.8
:param email:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.by_email(email=email,
db_session=db_session)
def users_for_perms(cls, perm_names, db_session=None):
"""
.. deprecated:: 0.8
:param perm_names:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.users_for_perms(perm_names=perm_names,
db_session=db_session)
def user_names_like(cls, user_name, db_session=None):
"""
.. deprecated:: 0.8
:param user_name:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.user_names_like(user_name=user_name,
db_session=db_session)
def by_user_names(cls, user_names, db_session=None):
"""
.. deprecated:: 0.8
:param user_names:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.by_user_names(user_names=user_names,
db_session=db_session)
def test_resources_with_perm(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
permission = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource.resource_id,
)
resource.user_permissions.append(permission)
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["test_perm"], db_session=db_session
).all()
assert resources[0] == resource
def by_email_and_username(cls, email, user_name, db_session=None):
"""
.. deprecated:: 0.8
:param email:
:param user_name:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.by_email_and_username(email=email,
user_name=user_name,
db_session=db_session)
def by_user_name_and_security_code(cls, user_name, security_code,
db_session=None):
"""
.. deprecated:: 0.8
:param user_name:
:param security_code:
:param db_session:
:return:
"""
db_session = get_db_session(db_session)
return UserService.by_user_name_and_security_code(
user_name=user_name, security_code=security_code,
db_session=db_session)
def resources_with_possible_perms(self, resource_ids=None,
resource_types=None,
db_session=None):
"""
.. deprecated:: 0.8
:param resource_ids:
:param resource_types:
:param db_session:
:return:
"""
db_session = get_db_session(db_session, self)
return UserService.resources_with_possible_perms(
self, resource_ids=resource_ids, resource_types=resource_types,
db_session=db_session)
def test_mixed_perms(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
permission = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource.resource_id,
)
resource.user_permissions.append(permission)
resource2 = add_resource(db_session, 2, "test_resource")
created_user.resources.append(resource2)
add_resource(db_session, 3, "test_resource")
add_resource_b(db_session, 4, "test_resource")
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["test_perm"], db_session=db_session
).all()
found_ids = [r.resource_id for r in resources]
assert sorted(found_ids) == [1, 2]
def test_multiple_resources_with_perm(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
permission = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource.resource_id,
)
resource.user_permissions.append(permission)
resource2 = add_resource(db_session, 2, "test_resource2")
permission2 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource2.resource_id,
)
resource2.user_permissions.append(permission2)
resources = UserService.resources_with_perms(
created_user, ["test_perm"], db_session=db_session
).all()
assert resources == [resource, resource2]
def test_resources_with_group_permission(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
resource2 = add_resource(db_session, 2, "test_resource2")
add_resource(db_session, 3, "test_resource3")
group = add_group(db_session)
group.users.append(created_user)
group_permission = GroupResourcePermission(
perm_name="test_perm", group_id=1, resource_id=resource.resource_id
)
group_permission2 = GroupResourcePermission(
perm_name="foo_perm", group_id=1, resource_id=resource2.resource_id
)
resource.group_permissions.append(group_permission)
resource2.group_permissions.append(group_permission2)
db_session.flush()
resources = UserService.resources_with_perms(
created_user, ["foo_perm"], db_session=db_session
).all()
assert resources[0] == resource2
def test_resources_with_perm_type_other_found(self, db_session):
created_user = add_user(db_session)
resource = add_resource(db_session, 1, "test_resource")
resource2 = add_resource_b(db_session, 2, "test_resource")
resource3 = add_resource(db_session, 3, "test_resource")
resource4 = add_resource_b(db_session, 4, "test_resource")
db_session.flush()
permission = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource.resource_id,
)
resource.user_permissions.append(permission)
permission2 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource2.resource_id,
)
resource2.user_permissions.append(permission2)
permission3 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource3.resource_id,
)
resource3.user_permissions.append(permission3)
permission4 = UserResourcePermission(
perm_name="test_perm",
user_id=created_user.id,
resource_id=resource4.resource_id,
)
resource4.user_permissions.append(permission4)
db_session.flush()
resources = UserService.resources_with_perms(
created_user,
["test_perm"],
resource_types=["test_resource_b"],
db_session=db_session,
).all()
assert len(resources) == 2
def test_get(self, db_session):
org_user = add_user(db_session)
user = UserService.get(user_id=org_user.id, db_session=db_session)
assert org_user.id == user.id
