def api_delete_apikey(apikey_id): apikey = ApiKey.query.get(apikey_id) if not apikey: abort(404) current_app.logger.debug(current_user.role.name) if current_user.role.name not in ['Administrator', 'Operator']: apikeys = get_user_apikeys() user_domains_obj_list = current_user.get_domain().all() apikey_domains_obj_list = apikey.domains user_domains_list = [item.name for item in user_domains_obj_list] apikey_domains_list = [item.name for item in apikey_domains_obj_list] apikeys_ids = [apikey_item.id for apikey_item in apikeys] inter = set(apikey_domains_list).intersection(set(user_domains_list)) if not (len(inter) == len(apikey_domains_list)): msg = "You don't have access to some domains apikey belongs to" current_app.logger.error(msg) raise DomainAccessForbidden(message=msg) if apikey_id not in apikeys_ids: raise DomainAccessForbidden() try: apikey.delete() except Exception as e: current_app.logger.error('Error: {0}'.format(e)) abort(500) return '', 204
def api_update_apikey(apikey_id): # if role different and user is allowed to change it, update # if apikey domains are different and user is allowed to handle # that domains update domains domain_obj_list = None account_obj_list = None apikey = ApiKey.query.get(apikey_id) if not apikey: abort(404) data = request.get_json() description = data['description'] if 'description' in data else None if 'role' in data: if isinstance(data['role'], str): role_name = data['role'] elif isinstance(data['role'], dict) and 'name' in data['role'].keys(): role_name = data['role']['name'] else: abort(400) target_role = role_name else: role_name = None target_role = apikey.role.name if 'domains' not in data: domains = None elif not isinstance(data['domains'], (list, )): abort(400) else: domains = [d['name'] if isinstance(d, dict) else d for d in data['domains']] if 'accounts' not in data: accounts = None elif not isinstance(data['accounts'], (list, )): abort(400) else: accounts = [a['name'] if isinstance(a, dict) else a for a in data['accounts']] current_app.logger.debug('Updating apikey with id {0}'.format(apikey_id)) if target_role == 'User': current_domains = [item.name for item in apikey.domains] current_accounts = [item.name for item in apikey.accounts] if domains is not None: domain_obj_list = Domain.query.filter(Domain.name.in_(domains)).all() if len(domain_obj_list) != len(domains): msg = "One of supplied domains does not exist" current_app.logger.error(msg) raise DomainNotExists(message=msg) target_domains = domains else: target_domains = current_domains if accounts is not None: account_obj_list = Account.query.filter(Account.name.in_(accounts)).all() if len(account_obj_list) != len(accounts): msg = "One of supplied accounts does not exist" current_app.logger.error(msg) raise AccountNotExists(message=msg) target_accounts = accounts else: target_accounts = current_accounts if len(target_domains) == 0 and len(target_accounts) == 0: current_app.logger.error("Apikey with User role must have domains or accounts") raise ApiKeyNotUsable() if domains is not None and set(domains) == set(current_domains): current_app.logger.debug( "Domains are the same, apikey domains won't be updated") domains = None if accounts is not None and set(accounts) == set(current_accounts): current_app.logger.debug( "Accounts are the same, apikey accounts won't be updated") accounts = None if current_user.role.name not in ['Administrator', 'Operator']: if role_name != 'User': msg = "User cannot assign other role than User" current_app.logger.error(msg) raise NotEnoughPrivileges(message=msg) if len(accounts) > 0: msg = "User cannot assign accounts" current_app.logger.error(msg) raise NotEnoughPrivileges(message=msg) apikeys = get_user_apikeys() apikeys_ids = [apikey_item.id for apikey_item in apikeys] user_domain_obj_list = current_user.get_domain().all() domain_list = [item.name for item in domain_obj_list] user_domain_list = [item.name for item in user_domain_obj_list] current_app.logger.debug("Input domain list: {0}".format(domain_list)) current_app.logger.debug( "User domain list: {0}".format(user_domain_list)) inter = set(domain_list).intersection(set(user_domain_list)) if not (len(inter) == len(domain_list)): msg = "You don't have access to one of domains" current_app.logger.error(msg) raise DomainAccessForbidden(message=msg) if apikey_id not in apikeys_ids: msg = 'Apikey does not belong to domain to which user has access' current_app.logger.error(msg) raise DomainAccessForbidden() if role_name == apikey.role.name: current_app.logger.debug("Role is same, apikey role won't be updated") role_name = None if description == apikey.description: msg = "Description is same, apikey description won't be updated" current_app.logger.debug(msg) description = None if target_role != "User": domains, accounts = [], [] try: apikey.update(role_name=role_name, domains=domains, accounts=accounts, description=description) except Exception as e: current_app.logger.error('Error: {0}'.format(e)) abort(500) return '', 204
def api_update_apikey(apikey_id): # if role different and user is allowed to change it, update # if apikey domains are different and user is allowed to handle # that domains update domains data = request.get_json() description = data['description'] if 'description' in data else None role_name = data['role'] if 'role' in data else None domains = data['domains'] if 'domains' in data else None domain_obj_list = None apikey = ApiKey.query.get(apikey_id) if not apikey: abort(404) current_app.logger.debug('Updating apikey with id {0}'.format(apikey_id)) if role_name == 'User' and len(domains) == 0: current_app.logger.error("Apikey with User role must have domains") raise ApiKeyNotUsable() elif role_name == 'User': domain_obj_list = Domain.query.filter(Domain.name.in_(domains)).all() if len(domain_obj_list) == 0: msg = "One of supplied domains does not exists" current_app.logger.error(msg) raise DomainNotExists(message=msg) if current_user.role.name not in ['Administrator', 'Operator']: if role_name != 'User': msg = "User cannot assign other role than User" current_app.logger.error(msg) raise NotEnoughPrivileges(message=msg) apikeys = current_user.get_apikeys() apikey_domains = [item.name for item in apikey.domains] apikeys_ids = [apikey_item.id for apikey_item in apikeys] user_domain_obj_list = current_user.get_domain().all() domain_list = [item.name for item in domain_obj_list] user_domain_list = [item.name for item in user_domain_obj_list] current_app.logger.debug("Input domain list: {0}".format(domain_list)) current_app.logger.debug( "User domain list: {0}".format(user_domain_list)) inter = set(domain_list).intersection(set(user_domain_list)) if not (len(inter) == len(domain_list)): msg = "You don't have access to one of domains" current_app.logger.error(msg) raise DomainAccessForbidden(message=msg) if apikey_id not in apikeys_ids: msg = 'Apikey does not belong to domain to which user has access' current_app.logger.error(msg) raise DomainAccessForbidden() if set(domains) == set(apikey_domains): current_app.logger.debug( "Domains are same, apikey domains won't be updated") domains = None if role_name == apikey.role: current_app.logger.debug("Role is same, apikey role won't be updated") role_name = None if description == apikey.description: msg = "Description is same, apikey description won't be updated" current_app.logger.debug(msg) description = None try: apikey = ApiKey.query.get(apikey_id) apikey.update(role_name=role_name, domains=domains, description=description) except Exception as e: current_app.logger.error('Error: {0}'.format(e)) abort(500) return '', 204