def logging(session_mgr, request, response, module_path, result, **kwargs): manager = Manager() session = session_mgr.get() # get list of parent module chains not including the full path of this one parent_modules = [] module_chain = module_path.split('.') temp_parent_chain = module_chain[0] for module_name in module_chain[1:]: parent_modules.append(temp_parent_chain) temp_parent_chain += '.' + module_name # do not log if the API call is part of the logging API (search, etc) if 'logging' in parent_modules: return # convert(request.headers) log = { 'timestamp': Manager.get_current_time(), 'path': module_path, 'parent_modules': parent_modules, 'uid': session.uid, 'source_ip': request.remote_addr, 'method': request.method, # don't yet know whether a module exists to get an action from 'action': None, # permissions is represented as a set, so convert it to a list # else the database can't encode it 'permissions': list(session_mgr.get_permissions()), 'request': { 'headers': dict(request.headers), 'data': { 'form': request.form, 'args': request.args, 'data': request.data, }, 'kwargs': json.dumps(kwargs, default=convert, ensure_ascii=False).encode("utf-8"), 'cookies': request.cookies, }, 'response': { 'status': response.status, 'headers': dict(response.headers), 'data': response.get_data() } } if result['module'] is not None: log['action'] = getattr(result['module'], 'action', None) if result['error'] is not None: # the actual exception, if present, can't and shouldn't be encoded into mongo # create a copy of result[error] with exception field explicitly left out log['failure'] = { key: result['error'][key] for key in result['error'] if key != 'exception' } # set up db db = manager.db("logging") db.logs.insert_one(log)
class PermissionManager(object): def __init__(self, session): self.manager = Manager() self.db = self.manager.db('appinit') self.session = session # self.settings = settings def get_route_uids(self, route, permission): route = PermissionsRoute(self.db, route) return route.get_uids(permission) def list_user_permissions(self): user = PermissionsUser(self.db, self.session.uid) return user.list_permissions() def get_route(self, route=None): permissions = self.list_user_permissions() if route == None: return permissions else: if route in permissions: return permissions[route] else: return []
class PermissionsUser(object): def __init__(self, db, uid): self.uid = uid self.db = db self.manager = Manager() def list_permissions(self): permissions = {} routes = self.manager.get_route() routes.append({"name": "system"}) for route in routes: if route['name'] != "system": list_name = route['api']['name'].split("_") camel_case = ''.join( [list_name[x].title() for x in range(1, len(list_name))]) name = list_name[0] + camel_case else: name = route['name'] permissions[name] = {} all_permissions = self.db.permissions.find({ "route": route['name'] }).distinct("permissions") user_permissions = self.db.permissions.find_one({ "uid": self.uid, "route": route['name'] }) if user_permissions != None: all_true = False if user_permissions['route'] == route['name']: all_true = "admin" in user_permissions['permissions'] for p in user_permissions['permissions']: key = 'is_' + p if all_true: permissions[name][key] = True elif p in all_permissions: permissions[name][key] = True else: permissions[name][key] = False return permissions
from flask import Flask, redirect, make_response, send_file, request if controller_path not in sys.path: sys.path.append(base_path) from views.saml import Auth from appinit_auth.middleware import token from appinit_auth.lib import SessionManager from appinit.lib.config import Settings from appinit.lib.db import Manager from appinit_backend.lib.responses import HttpResponse, HttpResponseBadRequest, HttpResponseInternalServerError manager = Manager() settings = Settings(path=settings_path, verify=False) session_mgr = SessionManager(manager) auth = Auth(manager, settings, session_mgr) app = Flask(__name__) app.url_map.strict_slashes = False @app.before_request def token_before(): token.process_request(session_mgr, request=request)
def __init__(self, db, uid): self.uid = uid self.db = db self.manager = Manager()
def __init__(self, session): self.manager = Manager() self.db = self.manager.db('appinit') self.session = session