def from_role(cls, role, expire=None):
roles = set([Role.load_id(Role.SYSTEM_GUEST)])
if role is None or not role.is_actor:
return cls(None, roles)
roles.add(role.id)
roles.add(Role.load_id(Role.SYSTEM_USER))
roles.update([g.id for g in role.roles])
return cls(role.id, roles, is_admin=role.is_admin, expire=expire)
def password_login():
"""
Provides email and password authentication
"""
# require(settings.PASSWORD_LOGIN)
request_data = request.get_json()
email = request_data.get('email')
password = request_data.get('password')
log.warning("THE REQUEST DATA LOOKS LIKE {}".format(request_data))
require(settings.PASSWORD_LOGIN)
data = request.get_json()
role = Role.login(data.get("email"), data.get("password"))
#log.warning("LOGGING IN FROM THE SESSIONS API: {}".format(role.email))
if role is None:
raise BadRequest("Invalid user or password")
#
role.touch()
db.session.commit()
# update_role(role)
authz = Authz.from_role(role)
return jsonify({"status": "ok", "token": authz.to_token()})
def update(id):
role = obj_or_404(Role.by_id(id))
data = request.get_json()
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return jsonify(data)
def get_role(role_id):
if role_id is None:
return
key = cache.object_key(Role, role_id)
data = cache.get_complex(key)
if data is None:
role = Role.by_id(role_id)
if role is None:
return
data = role.to_dict()
cache.set_complex(key, data, expires=cache.EXPIRE)
return data
def create_user(email, name, password, is_admin=False):
"""Create a password-based user"""
foregin_id = "password:{}".format(email)
role = Role.load_or_create(
foregin_id, Role.USER, name, email=email, is_admin=is_admin
)
if password is not None:
role.set_password(password)
db.session.add(role)
db.session.commit()
#update_role(role)
return role
def create():
data = request.get_json()
email = "*****@*****.**"
role = Role.by_email(email)
if role is not None:
return jsonify(
{
"status": "error",
"message": "Email is already registered"
},
status=409)
role = create_user(email, data.get("name"), data.get("password"))
request.authz = Authz.from_role(role)
return jsonify({"status": "ok"})
def delete_role(role):
"""
Fully delete a role from the database and transfer the ownership of documents and entities by it to the system user
"""
fallback = Role.load_cli_user()
def _del(cls, col):
pq = db.session.query(cls)
pq = pq.filter(col == role.id)
def _repo(cls, col):
pq = db.session.query(cls).filter(col == role.id)
pq.update({col: fallback.id}, synchronize_session=False)
_del(Permission, Permission.role_id)
db.session.delete(role)
db.session.commit()
def view(id):
"""Retrieve role details"""
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
return jsonify(data)
def update_roles():
for role in Role.all(deleted=True):
update_role(role)
def create_system_roles():
log.info("CREATING SYSTEM ROLES")
Role.load_or_create(Role.SYSTEM_GUEST, Role.SYSTEM, "All visitors")
Role.load_or_create(Role.SYSTEM_USER, Role.SYSTEM, "Logged in users")
Role.load_cli_user()
db.session.commit()
def private_roles(self):
if not self.logged_in:
return set()
return self.roles.difference(Role.public_roles())
def role(self):
if not hasattr(self, "_role"):
self._role = Role.by_id(self.id)
return self._role