def delete_users(self, userIds, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
userIds = split_list_sanitized(userIds)
try:
for userId in userIds:
try:
delUser = session.query(User).filter(User.id == userId).one()
session.delete(delUser)
for flFile in session.query(File).filter(File.owner_id == delUser.id):
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by user %s has been deleted as a result of the owner being deleted. " % (flFile.name, flFile.id, delUser.id), "admin"))
session.add(AuditLog(user.id, Actions.DELETE_USER, "User with ID: \"%s\" deleted from system" % delUser.id, "admin"))
sMessages.append("Successfully deleted user %s" % userId)
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("User with ID:%s does not exist" % userId)
except Exception, e:
fMessages.append("Could not delete user: %s" % str(e))
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [delete_users] [Could not delete users: %s]" % (user.id, str(e)))
fMessages.append("Could not delete users: %s" % str(e))
def login(self, **kwargs):
msg, errorMessage, config = ( None, None, cherrypy.request.app.config['filelocker'])
authType = session.query(ConfigParameter).filter(ConfigParameter.name=="auth_type").one().value
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
if kwargs.has_key("msg"):
msg = kwargs['msg']
if kwargs.has_key("local") and kwargs['local']==str(True):
authType = "local"
loginPage = config['root_url'] + "/process_login"
if msg is not None and str(strip_tags(msg))=="1":
errorMessage = "Invalid username or password"
elif msg is not None and str(strip_tags(msg))=="2":
errorMessage = "You have been logged out of the application"
elif msg is not None and str(strip_tags(msg))=="3":
errorMessage = "Password cannot be blank"
if authType == "ldap" or authType == "local":
currentYear = datetime.date.today().year
footerText = str(Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(),globals()]))
tpl = Template(file=get_template_file('login.tmpl'), searchList=[locals(),globals()])
return str(tpl)
elif authType == "cas":
raise cherrypy.HTTPRedirect(config['root_url'])
else:
cherrypy.log.error("[system] [login] [No authentication variable set in config]")
raise cherrypy.HTTPError(403, "No authentication mechanism")
def logout(self):
config = cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
authType = session.query(ConfigParameter).filter(
ConfigParameter.name == "auth_type").one().value
if authType == "cas":
from lib.CAS import CAS
casUrl = session.query(ConfigParameter).filter(
ConfigParameter.name == "cas_url").one().value
casConnector = CAS(casUrl)
casLogoutUrl = casConnector.logout_url(
) + "?redirectUrl=" + config['root_url'] + "/logout_cas"
currentYear = datetime.date.today().year
footerText = str(
Template(file=get_template_file('footer_text.tmpl'),
searchList=[locals(), globals()]))
tpl = Template(file=get_template_file('cas_logout.tmpl'),
searchList=[locals(), globals()])
cherrypy.session['user'], cherrypy.response.cookie['filelocker'][
'expires'] = None, 0
return str(tpl)
else:
cherrypy.session['user'], cherrypy.response.cookie['filelocker'][
'expires'] = None, 0
raise cherrypy.HTTPRedirect(config['root_url'] + '/login?msg=2')
def upload_request(self, requestId=None, msg=None, **kwargs):
user = None
messages, uploadRequest, requestId, config = [], None, strip_tags(
requestId), cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
if msg is not None and int(msg) == 1:
messages.append(
"You must supply a valid ID and password to upload files for this request"
)
if msg is not None and int(msg) == 2:
messages.append("Unable to load upload request")
if msg is not None and int(msg) == 3:
messages.append("Invalid password")
requestId = strip_tags(requestId)
if cherrypy.session.has_key("uploadRequest"):
raise cherrypy.HTTPRedirect(
config['root_url'] +
'/upload_request_uploader?requestId=%s' % requestId)
elif requestId is not None:
try:
uploadRequest = session.query(UploadRequest).filter(
UploadRequest.id == requestId).one()
if (uploadRequest.type == "single"
and uploadRequest.password == None):
raise cherrypy.HTTPRedirect(
config['root_url'] +
'/upload_request_uploader?requestId=%s' % requestId)
except sqlalchemy.orm.exc.NoResultFound, nrf:
messages.append("Invalid upload request ID")
def files(self, **kwargs):
user, role, defaultExpiration, uploadRequests, userFiles, userShareableAttributes, attributeFilesDict, sharedFiles = (
cherrypy.session.get("user"), cherrypy.session.get("current_role"),
None, [], [], [], {}, [])
config = cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
maxDays = int(
session.query(ConfigParameter).filter(
ConfigParameter.name == 'max_file_life_days').one().value)
geoTagging = get_config_dict_from_objects([
session.query(ConfigParameter).filter(
ConfigParameter.name == 'geotagging').one()
])['geotagging']
adminEmail = session.query(ConfigParameter).filter(
ConfigParameter.name == 'admin_email').one().value
defaultExpiration = datetime.date.today() + (datetime.timedelta(
days=maxDays))
userFiles = self.file.get_user_file_list(format="list")
if role is None:
uploadRequests = session.query(UploadRequest).filter(
UploadRequest.owner_id == user.id).all()
userShareableAttributes = AccountService.get_shareable_attributes_by_user(
user)
attributeFilesDict = ShareService.get_files_shared_with_user_by_attribute(
user)
sharedFiles = ShareService.get_files_shared_with_user(user)
else:
userShareableAttributes = AccountService.get_shareable_attributes_by_role(
role)
tpl = Template(file=get_template_file('files.tmpl'),
searchList=[locals(), globals()])
return str(tpl)
def get_hourly_statistics(self, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
uploadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0}
downloadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0}
try:
thirtyDaysAgo = datetime.date.today() - datetime.timedelta(days=30)
thirtyDayDownloadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.DOWNLOAD)).scalar()
downloadSums = session\
.query(func.count(AuditLog.id), func.hour(AuditLog.date))\
.group_by(func.hour(AuditLog.date))\
.filter(and_(AuditLog.action==Actions.DOWNLOAD, AuditLog.date > thirtyDaysAgo)).all()
for d in downloadSums:
downloadAveragesDict[str(d[1])] = 0 if d[0]==0 or thirtyDayDownloadSum==0 else int((float(d[0])/float(thirtyDayDownloadSum))*100)
thirtyDayUploadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.UPLOAD)).scalar()
uploadSums = session\
.query(func.count(AuditLog.id), func.hour(AuditLog.date))\
.group_by(func.hour(AuditLog.date))\
.filter(and_(AuditLog.action==Actions.UPLOAD, AuditLog.date > thirtyDaysAgo)).all()
for u in uploadSums:
uploadAveragesDict[str(u[1])] = 0 if u[0]==0 or thirtyDayUploadSum==0 else int((float(u[0])/float(thirtyDayUploadSum))*100)
sMessages.append("Success")
except Exception, e:
fMessages.append("Unable to get statistics: %s" % str(e))
cherrypy.log.error("[%s] [get_hourly_statistics] [%s]" % (user.id, str(e)))
def secure_delete(config, fileName):
import errno
vault = config['filelocker']['vault']
deleteConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('delete_%')).all())
deleteCommand = deleteConfig['delete_command']
deleteArguments = deleteConfig['delete_arguments']
deleteList = [deleteCommand]
for argument in deleteArguments.split(" "):
deleteList.append(argument)
deleteList.append(os.path.join(vault,fileName))
try:
p = subprocess.Popen(deleteList, stdout=subprocess.PIPE)
output = p.communicate()[0]
if(p.returncode != 0):
cherrypy.log.error("[%s] [secure_delete] [The command to delete the file returned a failure code of %s: %s]" % ("admin", p.returncode, output))
else:
deletedFile = session.query(DeletedFile).filter(DeletedFile.file_name==fileName).scalar()
if deletedFile is not None:
session.delete(deletedFile)
session.commit()
except OSError, oe:
if oe.errno == errno.ENOENT:
cherrypy.log.error("[admin] [secure_delete] [Couldn't delete because the file was not found (dequeing): %s]" % str(oe))
deletedFile = session.query(DeletedFile).filter(DeletedFile.file_name==fileName).scalar()
if deletedFile is not None:
session.delete(deletedFile)
session.commit()
else:
cherrypy.log.error("[admin] [secure_delete] [Generic system error while deleting file: %s" % str(oe))
def get_role_permissions(self, roleId, format="json", **kwargs):
user, sMessages, fMessages, permissionData = (
cherrypy.session.get("user"), [], [], [])
try:
roleId = strip_tags(roleId)
role = session.query(Role).filter(Role.id == roleId).one()
permissions = session.query(Permission).all()
for permission in permissions:
if permission in role.permissions:
permissionData.append({
'permissionId': permission.id,
'permissionName': permission.name,
'inheritedFrom': "role"
})
else:
permissionData.append({
'permissionId': permission.id,
'permissionName': permission.name,
'inheritedFrom': ""
})
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("The role ID: %s does not exist" % str(roleId))
except Exception, e:
cherrypy.log.error(
"[%s] [get_role_permissions] [Couldn't get permissions for role %s: %s]"
% (user.id, roleId, str(e)))
fMessages.append("Could not get permissions: %s" % str(e))
def help(self, **kwargs):
defaultQuota = int(session.query(ConfigParameter).filter(ConfigParameter.name=='default_quota').one().value)
maxDays = int(session.query(ConfigParameter).filter(ConfigParameter.name=='max_file_life_days').one().value)
cliEnabled = session.query(ConfigParameter).filter(ConfigParameter.name=="cli_feature").one().value
geoTagging = get_config_dict_from_objects([session.query(ConfigParameter).filter(ConfigParameter.name=='geotagging').one()])['geotagging']
tpl = Template(file=get_template_file('halp.tmpl'), searchList=[locals(),globals()])
return str(tpl)
def public_download(self, shareId, **kwargs):
user = None
message, publicShare, config = None, None, cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
cherrypy.response.timeout = 36000
shareId = strip_tags(shareId)
try:
publicShare = session.query(PublicShare).filter(PublicShare.id==shareId).one()
if cherrypy.session.has_key("public_share_id") == False or cherrypy.session.get("public_share_id") != publicShare.id:
password = kwargs['password'] if kwargs.has_key("password") else None
if publicShare.password == None or (password is not None and Encryption.compare_password_hash(password, publicShare.password)):
cherrypy.session['public_share_id'] = publicShare.id
elif password == None:
message = "This file share is password protected."
publicShare = None
elif password is not None and Encryption.compare_password_hash(password, publicShare.password) == False:
message = "Invalid password"
publicShare = None
else:
publicShare = None
except sqlalchemy.orm.exc.NoResultFound:
message = "Invalid Share ID"
shareId = None
except Exception, e:
message = "Unable to access download page: %s " % str(e)
def bulk_create_user(self, quota, password, permissions, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"),[], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
permissions = split_list_sanitized(permissions)
line = cherrypy.request.body.readline()
count = 0
while line != "":
(userId, userFirstName, userLastName, userEmailAddress) = split_list_sanitized(line)
if session.query(User).filter(User.id==userId).scalar() is None:
newUser = User(first_name=userFirstName, last_name=userLastName, email=userEmailAddress.replace("\n",""), quota=quota, id=userId)
newUser.set_password(password)
session.add(newUser)
for permissionId in permissions:
permission = session.query(Permission).filter(Permission.id==permissionId).one()
newUser.permissions.append(permission)
session.commit()
count += 1
else:
fMessages.append("User %s already exists." % userId)
line = cherrypy.request.body.readline()
if len(fMessages) == 0:
sMessages.append("Created %s users" % count)
except ValueError, ve:
fMessages.append("CSV file not parsed correctly, possibly in wrong format.")
except Exception, e:
cherrypy.log.error("[%s] [bulk_create_user] [Problem creating users in bulk: %s]" % (user.id, str(e)))
fMessages.append("Problem creating users in bulk: %s" % str(e))
def delete_user_shares(self, fileIds, userId, format="json"):
user, role, sMessages, fMessages = (
cherrypy.session.get("user"), cherrypy.session.get("current_role"),
[], [])
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
try:
flFile = session.query(File).filter(File.id == fileId).one()
if (
role is not None and flFile.role_owner_id == role.id
) or flFile.owner_id == user.id or AccountService.user_has_permission(
user, "admin"):
ps = session.query(UserShare).filter(
and_(UserShare.user_id == userId,
UserShare.file_id == flFile.id)).scalar()
if ps is not None:
session.delete(ps)
session.add(
AuditLog(
user.id, Actions.DELETE_USER_SHARE,
"You stopped sharing file %s with %s" %
(flFile.name, userId), None,
role.id if role is not None else None))
session.commit()
sMessages.append("Share has been successfully deleted")
else:
fMessages.append("This share does not exist")
else:
fMessages.append(
"You do not have permission to modify shares for file with ID: %s"
% str(flFile.id))
except Exception, e:
session.rollback()
fMessages.append("Problem deleting share for file: %s" %
str(e))
def revoke_role_permission(self,
roleId,
permissionId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
roleId = strip_tags(roleId)
permission = session.query(Permission).filter(
Permission.id == permissionId).one()
try:
role = session.query(Role).filter(Role.id == roleId).one()
role.permissions.remove(permission)
session.commit()
sMessages.append("Role %s no longer has permission %s" %
(roleId, permissionId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Role with ID: %s does not exist" %
str(roleId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Permission with ID: %s does not exist" %
str(permissionId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [revoke_role_permission] [Problem revoking a role permission: %s]"
% (user.id, str(e)))
fMessages.append("Problem revoking a role permission: %s" % str(e))
def get_hourly_statistics(self, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
uploadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0}
downloadAveragesDict = {'0':0,'1':0,'2':0,'3':0,'4':0,'5':0,'6':0,'7':0,'8':0,'9':0,'10':0,'11':0,'12':0,'13':0,'14':0,'15':0,'16':0,'17':0,'18':0,'19':0,'20':0,'21':0,'22':0,'23':0}
try:
thirtyDaysAgo = datetime.date.today() - datetime.timedelta(days=30)
thirtyDayDownloadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.DOWNLOAD)).scalar()
downloadSums = session\
.query(func.count(AuditLog.id), func.hour(AuditLog.date))\
.group_by(func.hour(AuditLog.date))\
.filter(and_(AuditLog.action==Actions.DOWNLOAD, AuditLog.date > thirtyDaysAgo)).all()
for d in downloadSums:
downloadAveragesDict[str(d[1])] = 0 if d[0]==0 or thirtyDayDownloadSum==0 else int((float(d[0])/float(thirtyDayDownloadSum))*100)
thirtyDayUploadSum = session.query(func.count(AuditLog.date)).filter(and_(AuditLog.date > thirtyDaysAgo,AuditLog.action==Actions.UPLOAD)).scalar()
uploadSums = session\
.query(func.count(AuditLog.id), func.hour(AuditLog.date))\
.group_by(func.hour(AuditLog.date))\
.filter(and_(AuditLog.action==Actions.UPLOAD, AuditLog.date > thirtyDaysAgo)).all()
for u in uploadSums:
uploadAveragesDict[str(u[1])] = 0 if u[0]==0 or thirtyDayUploadSum==0 else int((float(u[0])/float(thirtyDayUploadSum))*100)
sMessages.append("Success")
except Exception, e:
fMessages.append("Unable to get statistics: %s" % str(e))
cherrypy.log.error("[%s] [get_hourly_statistics] [%s]" % (user.id, str(e)))
def grant_user_permission(self,
userId,
permissionId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
userId = strip_tags(userId)
permission = session.query(Permission).filter(
Permission.id == permissionId).one()
try:
flUser = session.query(User).filter(User.id == userId).one()
flUser.permissions.append(permission)
session.commit()
sMessages.append("User %s granted permission %s" %
(userId, permissionId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("User with ID: %s does not exist" %
str(userId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Permission with ID: %s does not exist" %
str(permissionId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [grant_user_permission] [Problem granting user a permission: %s]"
% (user.id, str(e)))
fMessages.append("Problem granting a user permission: %s" % str(e))
def revoke_user_permission(self,
userId,
permissionId,
format="json",
**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
permission = session.query(Permission).filter(
Permission.id == permissionId).one()
try:
flUser = session.query(User).filter(User.id == userId).one()
if flUser.id == user.id and permission.id == "admin":
fMessages.append(
"You cannot remove admin permissions from your own account"
)
else:
flUser.permissions.remove(permission)
session.commit()
sMessages.append("User %s no longer has permission %s" %
(userId, permissionId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("User with ID: %s does not exist" %
str(userId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("Permission with ID: %s does not exist" %
str(permissionId))
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [revoke_user_permission] [Problem revoking a user permission: %s]"
% (user.id, str(e)))
fMessages.append("Problem revoking a user permission: %s" % str(e))
def delete_roles(self, roleIds, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
roleIds = split_list_sanitized(roleIds)
for roleId in roleIds:
try:
role = session.query(Role).filter(Role.id == roleId).one()
session.delete(role)
for flFile in session.query(File).filter(
File.role_owner_id == role.id):
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(
AuditLog(
user.id, Actions.DELETE_FILE,
"File %s (%s) owned by role %s has been deleted as a result of the role owner being deleted. "
% (flFile.name, flFile.id, role.id), "admin"))
session.add(
AuditLog(
user.id, Actions.DELETE_ROLE,
"%s deleted role \"%s\"(%s) from the system" %
(user.id, role.name, role.id), None))
sMessages.append("Successfully deleted roles%s." %
str(roleId))
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("The role ID: %s does not exist" %
str(roleId))
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [delete_roles] [Problem deleting roles: %s]" %
(user.id, str(e)))
fMessages.append("Problem deleting roles: %s" % str(e))
def get_messages(self, format="json", **kwargs):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
messagesList, recvMessagesList, sentMessagesList = [], [], []
try:
recvMessages = session.query(MessageShare).filter(MessageShare.recipient_id == user.id).all()
sentMessages = session.query(Message).filter(Message.owner_id == user.id).all()
for rMessage in recvMessages:
messageDict = rMessage.message.get_dict()
messageDict["viewedDatetime"] = (
rMessage.date_viewed.strftime("%m/%d/%Y") if rMessage.date_viewed is not None else None
)
messageBody = strip_tags(cgi.escape(decrypt_message(rMessage.message)), True)
messageDict["body"] = (
str(Template("$messageBody", searchList=[locals()], filter=WebSafe))
if messageBody is not None
else ""
)
recvMessagesList.append(messageDict)
for message in sentMessages:
messageDict = message.get_dict()
messageBody = strip_tags(cgi.escape(decrypt_message(message)), True)
messageDict["body"] = (
str(Template("$messageBody", searchList=[locals()], filter=WebSafe))
if messageBody is not None
else ""
)
sentMessagesList.append(messageDict)
messagesList.append(recvMessagesList)
messagesList.append(sentMessagesList)
except Exception, e:
fMessages.append("Error while retrieving messages: %s" % str(e))
def sign_tos(self, **kwargs):
config = cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
if cherrypy.session.has_key("user") and cherrypy.session.get(
"user") is not None:
user = cherrypy.session.get("user")
if kwargs.has_key('action') and kwargs['action'] == "sign":
attachedUser = session.query(User).filter(
User.id == user.id).one()
attachedUser.date_tos_accept = datetime.datetime.now()
cherrypy.session['user'] = attachedUser.get_copy()
session.commit()
raise cherrypy.HTTPRedirect(config['root_url'])
else:
currentYear = datetime.date.today().year
footerText = str(
Template(file=get_template_file('footer_text.tmpl'),
searchList=[locals(), globals()]))
return str(
Template(file=get_template_file('tos.tmpl'),
searchList=[locals(), globals()]))
else:
raise cherrypy.HTTPRedirect(config['root_url'])
def login(self, **kwargs):
msg, errorMessage, config = (None, None,
cherrypy.request.app.config['filelocker'])
authType = session.query(ConfigParameter).filter(
ConfigParameter.name == "auth_type").one().value
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
if kwargs.has_key("msg"):
msg = kwargs['msg']
if kwargs.has_key("local") and kwargs['local'] == str(True):
authType = "local"
loginPage = config['root_url'] + "/process_login"
if msg is not None and str(strip_tags(msg)) == "1":
errorMessage = "Invalid username or password"
elif msg is not None and str(strip_tags(msg)) == "2":
errorMessage = "You have been logged out of the application"
elif msg is not None and str(strip_tags(msg)) == "3":
errorMessage = "Password cannot be blank"
if authType == "ldap" or authType == "local":
currentYear = datetime.date.today().year
footerText = str(
Template(file=get_template_file('footer_text.tmpl'),
searchList=[locals(), globals()]))
tpl = Template(file=get_template_file('login.tmpl'),
searchList=[locals(), globals()])
return str(tpl)
elif authType == "cas":
raise cherrypy.HTTPRedirect(config['root_url'])
else:
cherrypy.log.error(
"[system] [login] [No authentication variable set in config]")
raise cherrypy.HTTPError(403, "No authentication mechanism")
def get_messages(self, format="json", **kwargs):
user, sMessages, fMessages = cherrypy.session.get("user"), [], []
messagesList, recvMessagesList, sentMessagesList = [], [], []
try:
recvMessages = session.query(MessageShare).filter(
MessageShare.recipient_id == user.id).all()
sentMessages = session.query(Message).filter(
Message.owner_id == user.id).all()
for rMessage in recvMessages:
messageDict = rMessage.message.get_dict()
messageDict['viewedDatetime'] = rMessage.date_viewed.strftime(
"%m/%d/%Y") if rMessage.date_viewed is not None else None
messageBody = strip_tags(
cgi.escape(decrypt_message(rMessage.message)), True)
messageDict['body'] = str(
Template(
"$messageBody", searchList=[locals()],
filter=WebSafe)) if messageBody is not None else ""
recvMessagesList.append(messageDict)
for message in sentMessages:
messageDict = message.get_dict()
messageBody = strip_tags(cgi.escape(decrypt_message(message)),
True)
messageDict['body'] = str(
Template(
"$messageBody", searchList=[locals()],
filter=WebSafe)) if messageBody is not None else ""
sentMessagesList.append(messageDict)
messagesList.append(recvMessagesList)
messagesList.append(sentMessagesList)
except Exception, e:
fMessages.append("Error while retrieving messages: %s" % str(e))
def get_search_widget(self, context, **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
groups = session.query(User).filter(User.id==user.id).one().groups
directoryType = session.query(ConfigParameter).filter(ConfigParameter.name=="directory_type").one().value
userShareableAttributes = AccountService.get_shareable_attributes_by_user(user)
tpl = Template(file=get_template_file('search_widget.tmpl'), searchList=[locals(),globals()])
return str(tpl)
def upload_request_uploader(self, requestId=None, password=None, **kwargs):
user = None
format = "content_only" if kwargs.has_key(
"format") and kwargs["format"] == "content_only" else "html"
requestOwner, uploadRequest, tpl, messages, config = (
None, None, None, [], cherrypy.request.app.config['filelocker'])
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
maxDays = int(
session.query(ConfigParameter).filter(
ConfigParameter.name == 'max_file_life_days').one().value)
defaultExpiration = datetime.date.today() + (datetime.timedelta(
days=maxDays))
requestFiles = []
requestId = strip_tags(requestId)
cherrypy.session['request-origin'] = str(
os.urandom(32).encode('hex'))[0:32]
if requestId is not None:
if cherrypy.session.has_key("uploadRequest"):
if cherrypy.session.get("uploadRequest").id != requestId:
#TODO session check deletion
del (cherrypy.session['uploadRequest'])
if cherrypy.session.has_key(
"uploadRequest"
): #Their requestId and the session uploadTicket's ID matched, let them keep the session
uploadRequestId = cherrypy.session.get("uploadRequest").id
uploadRequest = session.query(UploadRequest).filter(
UploadRequest.id == uploadRequestId).scalar()
if uploadRequest is None: #Expired request, but they still have a valid session to view file
uploadRequest = cherrypy.session.get("uploadRequest")
uploadRequest.expired = True
elif password is None or password == "": #If they come in with a ticket - fill it in and prompt for password
try:
uploadRequest = session.query(UploadRequest).filter(
UploadRequest.id == requestId).one()
if uploadRequest.password == None and uploadRequest.type == "single":
cherrypy.session[
'uploadRequest'] = uploadRequest.get_copy()
else:
messages.append(
"This upload request requires a password before you can upload files"
)
uploadRequest = None
raise cherrypy.HTTPError(
500, "Invalid password"
) if format == "content_only" else cherrypy.HTTPRedirect(
config['root_url'] +
'/upload_request?requestId=%s&msg=3' % requestId)
requestOwner = session.query(User).filter(
User.id == uploadRequest.owner_id).one()
except cherrypy.HTTPError, httpe:
raise httpe
except cherrypy.HTTPRedirect, httpr:
raise httpr
except Exception, e:
messages.append(str(e))
def unhide_all_shares(self, format="json"):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
session.query(HiddenShare).filter(
HiddenShare.owner_id == user.id).delete()
session.commit()
sMessages.append("Successfully unhid shares")
except Exception, e:
fMessages.append(str(e))
def manage_groups(self, **kwargs):
user, config = cherrypy.session.get(
"user"), cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(
session.query(ConfigParameter).filter(
ConfigParameter.name.like('org_%')).all())
groups = session.query(Group).filter(Group.owner_id == user.id).all()
tpl = Template(file=get_template_file('manage_groups.tmpl'),
searchList=[locals(), globals()])
return str(tpl)
def unhide_all_shares(self, format="json", requestOrigin=""):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
session.query(HiddenShare).filter(HiddenShare.owner_id==user.id).delete()
session.commit()
sMessages.append("Successfully unhid shares")
except Exception, e:
fMessages.append(str(e))
def create_group_shares(self, fileIds, groupId, notify="false", cc="false", format="json", requestOrigin=""):
user, role, sMessages, fMessages, config = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [], cherrypy.request.app.config['filelocker'])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
fileIds = split_list_sanitized(fileIds)
groupId = strip_tags(groupId) if groupId is not None and groupId != "" else None
notify = True if notify.lower() == "true" else False
cc = True if cc.lower() == "true" else False
try:
if groupId is not None:
sharedFiles = []
group = session.query(Group).filter(Group.id==groupId).one()
if (role is not None and group.role_owner_id == role.id) or group.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
for fileId in fileIds:
flFile = session.query(File).filter(File.id == fileId).one()
existingShare = session.query(GroupShare).filter(and_(GroupShare.group_id==group.id, GroupShare.file_id==fileId)).scalar()
if existingShare is not None:
fMessages.append("File %s is already shared with group %s" % (flFile.name, group.name))
elif (role is not None and flFile.role_owner_id == role.id) or flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
flFile.group_shares.append(GroupShare(group_id=groupId, file_id=fileId))
sharedFiles.append(flFile)
else:
fMessages.append("You do not have permission to share file with ID: %s" % fileId)
sMessages.append("Shared file(s) successfully")
if role is not None:
session.add(AuditLog(user.id, Actions.CREATE_GROUP_SHARE, "Role %s shared %s files with group %s(%s)" % (role.id, len(fileIds), group.name, group.id), None, role.id))
else:
session.add(AuditLog(user.id, Actions.CREATE_GROUP_SHARE, "%s shared %s files with group %s(%s)" % (user.id, len(fileIds), group.name, group.id), None))
else:
fMessages.append("You do not have permission to share with this group")
session.commit()
if notify:
cherrypy.session.release_lock()
for groupMember in group.members:
try:
Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':groupMember.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']})
session.add(AuditLog(user.id, Actions.SEND_EMAIL, "%s has been notified via email that you have shared a file with him or her." % (groupMember.email), None, role.id if role is not None else None))
session.commit()
except Exception, e:
session.rollback()
fMessages.append("Problem sending email notification to %s: %s" % (groupMember.display_name, str(e)))
if cc:
if (user.email is not None and user.email != ""):
try:
Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':user.email if role is None else role.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name']})
session.add(AuditLog(user.id, Actions.SEND_EMAIL, "You have been carbon copied via email on the notification that was sent out as a result of your file share."))
session.commit()
except Exception, e:
session.rollback()
fMessages.append("Problem carbon copying email notification: %s" % (str(e)))
else:
fMessages.append("You elected to receive a carbon copy of the share notification, however your account does not have an email address set.")
def generate_id(self):
import random
shareId = md5(str(random.random())).hexdigest()
tryCount = 0
existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar()
while existing is not None and tryCount < 5:
tryCount += 1
shareId = md5(str(random.random())).hexdigest()
existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar()
if existing is not None:
raise Exception("Could not create a unique share ID")
self.id = shareId
def unhide_shares(self, format="json", requestOrigin="",**kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
session.query(HiddenShare).filter(HiddenShare.owner_id==user.id).delete(synchronize_session=False)
session.commit()
sMessages.append("All shares have been unhidden")
except Exception, e:
fMessages.append("Could not unhide shares: %s" % str(e))
cherrypy.log.error("[%s] [unhide_shares] [Could not unhide shares: %s]" % (user.id, str(e)))
def generate_id(self):
import random
shareId = md5(str(random.random())).hexdigest()
tryCount = 0
existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar()
while existing is not None and tryCount < 5:
tryCount += 1
shareId = md5(str(random.random())).hexdigest()
existing = session.query(UploadRequest).filter(UploadRequest.id == shareId).scalar()
if existing is not None:
raise Exception("Could not create a unique share ID")
self.id = shareId
def unhide_shares(self, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
try:
session.query(HiddenShare).filter(
HiddenShare.owner_id == user.id).delete(
synchronize_session=False)
session.commit()
sMessages.append("All shares have been unhidden")
except Exception, e:
fMessages.append("Could not unhide shares: %s" % str(e))
cherrypy.log.error(
"[%s] [unhide_shares] [Could not unhide shares: %s]" %
(user.id, str(e)))
def download(self, fileId, **kwargs):
serveFile, publicShareId, requestedFile = False, None, None
if cherrypy.session.has_key("public_share_id"):
publicShareId = cherrypy.session.get("public_share_id")
try:
publicShare = session.query(PublicShare).filter(PublicShare.id == publicShareId).one()
requestedFile = session.query(File).filter(File.id == fileId).one()
if requestedFile in publicShare.files:
serveFile = True
else:
raise cherrypy.HTTPError(401)
except sqlalchemy.orm.exc.NoResultFound, nrf:
raise cherrypy.HTTPError(404, "Could not find share or file")
def cluster_elections(config):
try:
currentNodeId = int(config["filelocker"]["cluster_member_id"])
currentNode = session.query(ClusterNode).filter(ClusterNode.member_id == currentNodeId).scalar()
if currentNode is None: # This node isn't in the DB yet, check in
import socket
currentNode = ClusterNode(
member_id=currentNodeId,
hostname=socket.gethostname(),
is_master=False,
last_seen_timestamp=datetime.datetime.now(),
)
session.add(currentNode)
session.commit()
else: # In the DB, update last seen to avoid purging
currentNode.last_seen_timestamp = datetime.datetime.now()
session.commit()
currentMaster = session.query(ClusterNode).filter(ClusterNode.is_master == True).scalar()
# If this is default master node and another node has assumed master, reset and force election
if currentNodeId == 0 and currentNode.is_master == False and currentMaster is not None:
for node in session.query(ClusterNode).all():
node.is_master = False
session.commit()
# This isn't the default master, there is one, but it's expired
elif currentMaster is not None and currentMaster.last_seen_timestamp < datetime.datetime.now() - datetime.timedelta(
minutes=5
): # master is expired
session.delete(currentMaster)
session.commit()
# No master, hold election
elif currentMaster is None: # No master nodes found, become master if eligible
purge_expired_nodes()
highestPriority = currentNode.member_id
for node in session.query(ClusterNode).all():
if node.member_id < highestPriority:
highestPriority = node.member_id
break
if (
highestPriority == currentNode.member_id
): # Current node has lowest node id, thus highest priority, assume master
currentNode.is_master = True
session.commit()
return True
except sqlalchemy.orm.exc.ConcurrentModificationError, cme:
cherrypy.log.error(
"[system] [cluster_elections] [Concurrency error during elections. This can occur if locks on the DB inhibit normal cluster elections. If this error occurs infrequently, it can usually be disregarded. Full Error: %s]"
% str(cme)
)
session.rollback()
return False
def help(self, **kwargs):
defaultQuota = int(
session.query(ConfigParameter).filter(
ConfigParameter.name == 'default_quota').one().value)
maxDays = int(
session.query(ConfigParameter).filter(
ConfigParameter.name == 'max_file_life_days').one().value)
geoTagging = get_config_dict_from_objects([
session.query(ConfigParameter).filter(
ConfigParameter.name == 'geotagging').one()
])['geotagging']
tpl = Template(file=get_template_file('halp.tmpl'),
searchList=[locals(), globals()])
return str(tpl)
def create_admin_user(dburi, password):
engine = create_engine(dburi, echo=False)
Session = sessionmaker(bind=engine)
session = Session()
adminUser = session.query(User).filter(User.id=="admin").scalar()
if adminUser is None:
adminUser = User(id="admin", first_name="Administrator", quota=1024, date_tos_accept=datetime.datetime.now())
session.add(adminUser)
session.commit()
adminUser.set_password(password)
adminPermission = session.query(Permission).filter(Permission.id == "admin").one()
if adminPermission not in adminUser.permissions:
adminUser.permissions.append(adminPermission)
session.commit()
def create_admin_user(dburi, password):
engine = create_engine(dburi, echo=False)
Session = sessionmaker(bind=engine)
session = Session()
adminUser = session.query(User).filter(User.id=="admin").scalar()
if adminUser is None:
adminUser = User(id="admin", first_name="Administrator", quota=1024, date_tos_accept=datetime.datetime.now())
session.add(adminUser)
session.commit()
adminUser.set_password(password)
adminPermission = session.query(Permission).filter(Permission.id == "admin").one()
if adminPermission not in adminUser.permissions:
adminUser.permissions.append(adminPermission)
session.commit()
def index(self, **kwargs):
config = cherrypy.request.app.config['filelocker']
authType = session.query(ConfigParameter).filter(ConfigParameter.name=="auth_type").one().value
cliEnabled = session.query(ConfigParameter).filter(ConfigParameter.name=="cli_feature").one().value
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
user, originalUser = (cherrypy.session.get("user"), cherrypy.session.get("original_user"))
maxDays = int(session.query(ConfigParameter).filter(ConfigParameter.name=='max_file_life_days').one().value)
roles = session.query(User).filter(User.id == user.id).one().roles
currentYear = datetime.date.today().year
startDateFormatted, endDateFormatted = None, None
today = datetime.datetime.now().replace(hour=0, minute=0, second=0, microsecond=0)
sevenDays = datetime.timedelta(days=7)
sevenDaysAgo = today - sevenDays
sevenDaysAgo = sevenDaysAgo.replace(hour=0, minute=0, second=0, microsecond=0)
defaultExpiration = datetime.date.today() + (datetime.timedelta(days=maxDays))
startDateFormatted = sevenDaysAgo
endDateFormatted = today
messageSearchWidget = self.account.get_search_widget("messages")
geoTagging = get_config_dict_from_objects([session.query(ConfigParameter).filter(ConfigParameter.name=='geotagging').one()])['geotagging']
banner = session.query(ConfigParameter).filter(ConfigParameter.name=='banner').one().value
defaultQuota = int(session.query(ConfigParameter).filter(ConfigParameter.name=='default_quota').one().value)
header = Template(file=get_template_file('header.tmpl'), searchList=[locals(),globals()])
lightboxen = str(Template(file=get_template_file('lightboxen.tmpl'), searchList=[locals(),globals()]))
footerText = str(Template(file=get_template_file('footer_text.tmpl'), searchList=[locals(),globals()]))
footer = Template(file=get_template_file('footer.tmpl'), searchList=[locals(),globals()])
filesSection = self.files()
indexHTML = str(header) + str(filesSection) + str(footer)
self.saw_banner()
return str(indexHTML)
def get_user(userId, login=False):
import warnings
authType = session.query(ConfigParameter).filter(
ConfigParameter.name == "auth_type").one().value
warnings.simplefilter("ignore")
user = session.query(User).filter(User.id == userId).scalar()
if user is None and authType != "local": #This would be silly if we are using local auth, there's no other source of user info
directory = ExternalDirectory()
user = directory.lookup_user(userId)
if user is not None:
if user.quota is None:
user.quota = int(
session.query(ConfigParameter).filter(
ConfigParameter.name == "default_quota").one().value)
session.add(user)
session.commit()
if user is not None:
attributeList = []
for permission in user.permissions:
if permission.id.startswith("(attr)"):
attributeList.append(permission.id.split("(attr)")[1])
for group in user.groups:
for permission in group.permissions:
if permission.id.startswith("(attr)"):
attributeList.append(permission.id.split("(attr)")[1])
if login:
for flPlugin in getPlugins(FilelockerPlugin, plugins):
attributeList.extend(
flPlugin.get_user_attributes(user.id)
) #Send user object off to plugin to get the list populated
if not flPlugin.is_authorized(
user.userId
): #Checks if any plugin is going to explicitly deny this user access to Filelocker
user.authorized = False
uniqueAttributeList = []
for attributeId in attributeList:
if attributeId not in uniqueAttributeList:
attr = session.query(Attribute).filter(
Attribute.id == attributeId).scalar()
if attr is not None:
user.attributes.append(attr)
uniqueAttributeList.append(attributeId)
user.date_last_login = datetime.datetime.now()
session.commit()
setup_session(user.get_copy())
if user.quota is None: #Catch for users that got added with nil quotas
user.quota = 0
session.commit()
return user
def create_user_shares(self, fileIds, userId=None, notify="no", cc="false", format="json", requestOrigin="", **kwargs):
config = cherrypy.request.app.config['filelocker']
orgConfig = get_config_dict_from_objects(session.query(ConfigParameter).filter(ConfigParameter.name.like('org_%')).all())
user, role, sMessages, fMessages = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
fileIds = split_list_sanitized(fileIds)
userId = strip_tags(userId) if userId is not None and userId != "" else None
notify = True if notify.lower() == "true" else False
cc = True if cc.lower() == "true" else False
sharedFiles, recipients = [], []
try:
if userId is not None:
shareUser = AccountService.get_user(userId)
if (shareUser.email is not None and shareUser.email != ""):
recipients.append(shareUser)
for fileId in fileIds:
flFile = session.query(File).filter(File.id==fileId).one()
if (role is not None and flFile.role_owner_id == role.id) or flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
existingShare = session.query(UserShare).filter(and_(UserShare.file_id==fileId, UserShare.user_id==userId)).scalar()
if existingShare is None:
flFile.user_shares.append(UserShare(user_id=userId, file_id=fileId))
session.commit()
sharedFiles.append(flFile)
if role is not None: session.add(AuditLog(user.id, Actions.CREATE_USER_SHARE, "Role %s shared file %s(%s) with %s" % (role.id, flFile.name, flFile.id, shareUser.id), shareUser.id, role.id))
else: session.add(AuditLog(user.id, "Create User Share", "%s shared file %s(%s) with %s" % (user.id, flFile.name, flFile.id, shareUser.id), shareUser.id))
session.commit()
else:
fMessages.append("You do not have permission to share file with ID: %s" % str(flFile.id))
if notify:
cherrypy.session.release_lock()
if cc:
if (user is not None and user != ""):
recipients.append(user)
else:
fMessages.append("You elected to receive a carbon copy of the share notification, however your account does not have an email address set.")
for recipient in recipients:
try:
Mail.notify(get_template_file('share_notification.tmpl'),{'sender':user.email if role is None else role.email,'recipient':recipient.email, 'ownerId':user.id if role is None else role.id, 'ownerName':user.display_name if role is None else role.name, 'sharedFiles':sharedFiles, 'filelockerURL': config['root_url'], 'org_url': orgConfig['org_url'], 'org_name': orgConfig['org_name'], 'personalMessage': ""})
session.add(AuditLog(user.id, Actions.SEND_EMAIL, "%s(%s) has been notified via email that you have shared a file with him or her." % (recipient.display_name, recipient.id), None, role.id if role is not None else None))
except Exception, e:
session.rollback()
fMessages.append("Problem sending email notification to %s: %s" % (recipient.display_name, str(e)))
session.commit()
sMessages.append("Shared file(s) successfully")
else:
fMessages.append("You did not specify a user to share the file with")
def get_files_shared_with_user(user):
sharedFiles = []
attachedUser = session.query(User).filter(User.id == user.id).one()
hiddenFileIds = []
hiddenShares = session.query(HiddenShare).filter(HiddenShare.owner_id == user.id).all()
for hiddenShare in hiddenShares:
hiddenFileIds.append(hiddenShare.file_id)
for share in attachedUser.user_shares:
if share.flFile.id not in hiddenFileIds:
sharedFiles.append(share.flFile)
for group in attachedUser.groups:
for share in group.group_shares:
if share.flFile.id not in hiddenFileIds:
sharedFiles.append(share.flFile)
return sharedFiles
def download(self, fileId, **kwargs):
serveFile, publicShareId, requestedFile = False, None, None
if cherrypy.session.has_key("public_share_id"):
publicShareId = cherrypy.session.get("public_share_id")
try:
publicShare = session.query(PublicShare).filter(
PublicShare.id == publicShareId).one()
requestedFile = session.query(File).filter(
File.id == fileId).one()
if requestedFile in publicShare.files:
serveFile = True
else:
raise cherrypy.HTTPError(401)
except sqlalchemy.orm.exc.NoResultFound, nrf:
raise cherrypy.HTTPError(404, "Could not find share or file")
def get_files_shared_with_user_by_attribute(user):
"""Builds a dictionary keyed by attribute id with values that are lists of files shared by this attribute"""
attributeShareDictionary = {}
for attributeId in user.attributes:
attribute = (
session.query(Attribute).filter(Attribute.id == attributeId).scalar()
) # Do this to ensure this attribute is even recognized by the system
if attribute is not None:
for attributeShare in (
session.query(AttributeShare).filter(AttributeShare.attribute_id == attribute.id).all()
):
if not attributeShareDictionary.has_key(attributeShare.attribute_id):
attributeShareDictionary[attributeShare.attribute_id] = []
attributeShareDictionary[attributeShare.attribute_id].append(attributeShare.flFile)
return attributeShareDictionary
def routine_maintenance(config):
from lib import AccountService
expiredFiles = session.query(File).filter(File.date_expires < datetime.datetime.now())
for flFile in expiredFiles:
try:
for share in flFile.user_shares:
session.delete(share)
for share in flFile.group_shares:
session.delete(share)
for share in flFile.public_shares:
session.delete(share)
for share in flFile.attribute_shares:
session.delete(share)
FileService.queue_for_deletion(flFile.id)
session.add(
AuditLog(
"admin",
Actions.DELETE_FILE,
"File %s (ID:%s) has expired and has been purged by the system." % (flFile.name, flFile.id),
flFile.owner_id,
)
)
session.delete(flFile)
session.commit()
except Exception, e:
session.rollback()
cherrypy.log.error("[system] [routine_maintenance] [Error while deleting expired file: %s]" % str(e))
def take_file(self, fileId, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
config = cherrypy.request.app.config['filelocker']
try:
flFile = session.query(File).filter(File.id==fileId).one()
if flFile.owner_id == user.id:
fMessages.append("You cannot take your own file")
elif flFile.shared_with(user) or AccountService.user_has_permission(user, "admin"):
if (FileService.get_user_quota_usage_bytes(user) + flFile.size) >= (user.quota*1024*1024):
cherrypy.log.error("[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]" % (user.id, flFile.name))
raise Exception("You may not copy this file because doing so would exceed your quota")
takenFile = flFile.get_copy()
takenFile.owner_id = user.id
takenFile.date_uploaded = datetime.datetime.now()
takenFile.notify_on_download = False
session.add(takenFile)
session.commit()
shutil.copy(os.path.join(config['vault'],str(flFile.id)), os.path.join(config['vault'],str(takenFile.id)))
sMessages.append("Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. " % flFile.name)
else:
fMessages.append("You do not have permission to take this file")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" % str(fileId))
except Exception, e:
session.rollback()
fMessages.append(str(e))
def delete_files(self, fileIds, format="json", requestOrigin="", **kwargs):
user, role, sMessages, fMessages = (cherrypy.session.get("user"),cherrypy.session.get("current_role"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
fileIds = split_list_sanitized(fileIds)
for fileId in fileIds:
try:
fileId = int(fileId)
flFile = session.query(File).filter(File.id == fileId).one()
if flFile.role_owner_id is not None and role is not None and flFile.role_owner_id == role.id:
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) owned by role %s has been deleted by user %s. " % (flFile.name, flFile.id, role.name, user.id)))
session.commit()
sMessages.append("File %s deleted successfully" % flFile.name)
elif flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
FileService.queue_for_deletion(flFile.id)
session.delete(flFile)
session.add(AuditLog(user.id, Actions.DELETE_FILE, "File %s (%s) has been deleted" % (flFile.name, flFile.id)))
session.commit()
sMessages.append("File %s deleted successfully" % flFile.name)
else:
fMessages.append("You do not have permission to delete file %s" % flFile.name)
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" % str(fileId))
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [delete_files] [Could not delete file: %s]" % (user.id, str(e)))
fMessages.append("File not deleted: %s" % str(e))
def update_server_config(self, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
for key in kwargs:
if key.startswith("config_name_"):
parameterName = key[12:]
# Parameter description should not be updated by client
#description = kwargs['config_desc_%s' % parameterName]
value = None
if parameterName.endswith("pass"): #Don't strip characters from passwords
value = kwargs[key]
else:
value = strip_tags(kwargs[key])
parameter = session.query(ConfigParameter).filter(ConfigParameter.name == parameterName).one()
# Parameter description should not be updated by client
#parameter.description = description
parameter.value = value
session.commit()
#TODO: Make sure this if phased out properly
#Filelocker.update_config(cherrypy.request.app.config)
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [update_server_config] [Could not update server config: %s]" % (user.id, str(e)))
fMessages.append("Unable to update config: %s" % str(e))
def update_server_config(self, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
try:
for key in kwargs:
if key.startswith("config_name_"):
parameterName = key[12:]
# Parameter description should not be updated by client
#description = kwargs['config_desc_%s' % parameterName]
value = None
if parameterName.endswith(
"pass"
): #Don't strip characters from passwords
value = kwargs[key]
else:
value = strip_tags(kwargs[key])
parameter = session.query(ConfigParameter).filter(
ConfigParameter.name == parameterName).one()
# Parameter description should not be updated by client
#parameter.description = description
parameter.value = value
session.commit()
#TODO: Make sure this if phased out properly
#Filelocker.update_config(cherrypy.request.app.config)
except Exception, e:
session.rollback()
cherrypy.log.error(
"[%s] [update_server_config] [Could not update server config: %s]"
% (user.id, str(e)))
fMessages.append("Unable to update config: %s" % str(e))
def take_file(self, fileId, format="json", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
config = cherrypy.request.app.config['filelocker']
try:
flFile = session.query(File).filter(File.id == fileId).one()
if flFile.owner_id == user.id:
fMessages.append("You cannot take your own file")
elif flFile.shared_with(
user) or AccountService.user_has_permission(user, "admin"):
if (FileService.get_user_quota_usage_bytes(user) +
flFile.size) >= (user.quota * 1024 * 1024):
cherrypy.log.error(
"[%s] [take_file] [User has insufficient quota space remaining to check in file: %s]"
% (user.id, flFile.name))
raise Exception(
"You may not copy this file because doing so would exceed your quota"
)
takenFile = flFile.get_copy()
takenFile.owner_id = user.id
takenFile.date_uploaded = datetime.datetime.now()
takenFile.notify_on_download = False
session.add(takenFile)
session.commit()
shutil.copy(os.path.join(config['vault'], str(flFile.id)),
os.path.join(config['vault'], str(takenFile.id)))
sMessages.append(
"Successfully took ownership of file %s. This file can now be shared with other users just as if you had uploaded it. "
% flFile.name)
else:
fMessages.append(
"You do not have permission to take this file")
except sqlalchemy.orm.exc.NoResultFound, nrf:
fMessages.append("Could not find file with ID: %s" % str(fileId))
def download_user_data(self, **kwargs):
user = cherrypy.session.get("user")
try:
userList = session.query(User).all()
mycsv = ""
for flUser in userList:
mycsv = mycsv + str(flUser.id) + ", " + str(
flUser.first_name) + ", " + str(
flUser.last_name) + ", " + str(flUser.email) + "\n"
response = cherrypy.response
response.headers['Cache-Control'] = "no-cache"
response.headers['Content-Disposition'] = '%s; filename="%s"' % (
"attachment", "FilelockerUsers.csv")
response.headers['Content-Type'] = "application/x-download"
response.headers['Pragma'] = "no-cache"
response.body = mycsv
response.headers['Content-Length'] = len(response.body[0])
response.stream = True
return response.body
except Exception, e:
cherrypy.log.error(
"[%s] [download_user_data] [Unable to serve user data CSV: %s]"
% (user.id, str(e)))
raise cherrypy.HTTPError(
500, "Unable to serve user data CSV: %s" % str(e))
def get_public_shares_by_file_ids(self, fileIds, format="json", **kwargs):
user, role, sMessages, fMessages, publicShares = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [], [])
fileIds = split_list_sanitized(fileIds)
try:
publicShareIds = []
for fileId in fileIds:
try:
flFile = session.query(File).filter(File.id==fileId).one()
if role is not None:
if flFile.role_owner_id == role.id:
for publicShare in flFile.public_shares:
if publicShare.id not in publicShareIds:
publicShareIds.append(publicShare.id)
publicShares.append(publicShare)
else:
fMessages.append("This role does not have permission to access public shares on file with ID: %s" % fileId)
elif flFile.owner_id == user.id or AccountService.user_has_permission(user, "admin"):
for publicShare in flFile.public_shares:
if publicShare.id not in publicShareIds:
publicShareIds.append(publicShare.id)
publicShares.append(publicShare)
else:
fMessages.append("You do not have permission to access public shares on file with ID:%s" % fileId)
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("File with ID:%s not found" % fileId)
except Exception, e:
fMessages.append(str(e))
def delete_public_shares_by_file_ids(self, fileIds, format="json", requestOrigin="", **kwargs):
user, role, sMessages, fMessages = (cherrypy.session.get("user"), cherrypy.session.get("current_role"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
fileIds = split_list_sanitized(fileIds)
try:
for fileId in fileIds:
try:
flFile = session.query(File).filter(File.id==fileId).one()
if role is not None:
if flFile.role_owner_id == role.id:
for publicShare in flFile.public_shares:
publicShare.files.remove(flFile)
else:
fMessages.append("This role does not have permissions to modify public shares on file with ID: %s" % fileId)
else:
if flFile.owner_id == user.id:
for publicShare in flFile.public_shares:
publicShare.files.remove(flFile)
else:
fMessages.append("You do not have permission to modify public shares on file with ID: %s" % fileId)
except sqlalchemy.orm.exc.NoResultFound:
fMessages.append("File with ID:%s not found" % fileId)
except Exception,e:
fMessages.append("Could delete public shares by file ids: %s" % str(e))
cherrypy.log.error("[%s] [delete_public_shares_by_file_ids] [Could delete public shares by file ids: %s]" % (user.id, str(e)))
def CLI_login(self, CLIkey, userId, format="cli", **kwargs):
rootURL, local, sMessages, fMessages = cherrypy.request.app.config['filelocker']['root_url'], False, [], []
if session.query(ConfigParameter).filter(ConfigParameter.name == "cli_feature").one().value == 'Yes':
userId = strip_tags(userId)
CLIkey = strip_tags(CLIkey)
hostIP = Filelocker.get_client_address()
if(self.validIPv4.match(hostIP)):
hostIPv4 = hostIP
hostIPv6 = ""
elif(self.validIPv6.match(hostIP)):
hostIPv4 = ""
hostIPv6 = hostIP
self.directory = CLIDirectory.CLIDirectory()
if self.directory.authenticate(userId, CLIkey, hostIPv4, hostIPv6):
currentUser = AccountService.get_user(userId, True)
cherrypy.session['request-origin'] = str(os.urandom(32).encode('hex'))[0:32]
if currentUser is not None:
session.add(AuditLog(cherrypy.session.get("user").id, "Login", "User %s logged in successfully from IP %s" % (currentUser.id, Filelocker.get_client_address())))
session.commit()
sMessages.append(cherrypy.session['request-origin'])
else:
fMessages.append("Failure: Not Authorized!")
else:
fMessages.append("Failure: Not Authorized!")
else:
fMessages.append("Failure: CLI not supported by server!")
return fl_response(sMessages, fMessages, format)
def purge_expired_nodes():
# Clean node table, check for master, if none run election
expirationTime = datetime.datetime.now() - datetime.timedelta(minutes=5)
expiredNodes = session.query(ClusterNode).filter(ClusterNode.last_seen_timestamp < expirationTime).all()
for node in expiredNodes:
session.delete(node)
session.commit()
def create_clikey(self, hostIPv4, hostIPv6, format="json", requestOrigin="", **kwargs):
user, sMessages, fMessages = (cherrypy.session.get("user"), [], [])
if requestOrigin != cherrypy.session['request-origin']:
fMessages.append("Missing request key!!")
else:
if self.validIPv4.match(hostIPv4):
hostIPv6 = ''
elif self.validIPv6.match(hostIPv6):
hostIPv4 = ''
else:
fMessages.append("No IP address specified.")
return fl_response(sMessages, fMessages, format)
CLIkeyGen = str(os.urandom(32).encode('hex'))[0:32]
try:
existingKey = session.query(CLIKey).filter(CLIKey.user_id==user.id).filter(CLIKey.host_ipv4==hostIPv4).filter(CLIKey.host_ipv6==hostIPv6).one()
existingKey.value=CLIkeyGen
session.add(AuditLog(user.id, Actions.UPDATE_CLIKEY, "%s updated CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6)))
session.commit()
sMessages.append("Successfully updated key for host: %s%s." % (str(hostIPv4),str(hostIPv6)))
except sqlalchemy.orm.exc.NoResultFound, nrf:
newKey = CLIKey(user_id=strip_tags(user.id), host_ipv4=strip_tags(hostIPv4), host_ipv6=strip_tags(hostIPv6), value=CLIkeyGen)
session.add(newKey)
session.add(AuditLog(user.id, Actions.CREATE_CLIKEY, "%s created CLI Key for host: %s%s" % (user.id, hostIPv4, hostIPv6)))
session.commit()
sMessages.append("Successfully added key for host: %s%s." % (str(hostIPv4),str(hostIPv6)))
except Exception, e:
session.rollback()
cherrypy.log.error("[%s] [create_clikey] [Problem creating key: %s]" % (user.id, str(e)))
fMessages.append("Problem creating key: %s" % str(e))
def check_in_file(tempFileName, flFile):
config = cherrypy.request.app.config['filelocker']
filePath = os.path.join(config['vault'], tempFileName)
#Virus scanning if requested
avCommand = session.query(ConfigParameter).filter(ConfigParameter.name=="antivirus_command").one().value
if(avCommand):
avCommandList = avCommand.split(" ")
avCommandList.append(filePath)
scanFile = True
else:
scanFile = False
try:
if(scanFile):
p = subprocess.Popen(avCommandList, stdout=subprocess.PIPE)
output = p.communicate()[0]
if(p.returncode != 0):
cherrypy.log.error("[%s] [check_in_file] [File %s did not pass requested virus scan, return code: %s, output: %s]" % (flFile.owner_id, flFile.name, p.returncode, output))
queue_for_deletion(tempFileName)
flFile.passed_avscan = False
raise Exception('Virus found during scan!')
else:
flFile.passed_avscan = True
else:
flFile.passed_avscan = False
session.add(flFile)
session.commit()
except OSError, oe:
cherrypy.log.error("[%s] [check_in_file] [AVSCAN execution failed: %s]" % (flFile.owner_id, str(oe)))
flFile.passed_avscan = False
raise Exception('Virus scan failed!')
