def rest_put(namespace, ctype, _id=None): #get the session (security) account = get_account() storage = get_storage(namespace=namespace) #check rights on specific ctype (check ctype_to_group_access variable below) if ctype in ctype_to_group_access: if not check_group_rights(account,ctype_to_group_access[ctype]): return HTTPError(403, 'Insufficient rights') logger.debug("PUT:") data = request.body.readline() if not data: return HTTPError(400, "No data received") logger.debug(" + data: %s" % data) logger.debug(" + data-type: %s" % type(data)) if isinstance(data, str): try: data = json.loads(data) except Exception, err: logger.error("PUT: Impossible to parse data (%s)" % err) return HTTPError(404, "Impossible to parse data")
def remove_account_from_group(group_id=None,account_id=None): session_account = get_account() if not check_group_rights(session_account,group_managing_access): return HTTPError(403, 'Insufficient rights') storage = get_storage(namespace='object',account=session_account) if not group_id or not account_id: return HTTPError(400, 'Bad request, must specified group and account') #get group && account if group_id.find('group.') == -1: group_id = 'group.%s' % group_id if account_id.find('account.') == -1: account_id = 'account.%s' % account_id logger.debug('Try to get %s and %s' % (account_id,group_id)) try: account_record = storage.get(account_id,account=session_account) account = caccount(account_record) group_record = storage.get(group_id,account=session_account) group = cgroup(group_record) except Exception,err: logger.error('error while fetching %s and %s : %s' % (account_id,group_id,err)) return HTTPError(403, 'Record not found or insufficient rights')
def rest_put(namespace, ctype, _id=None): #get the session (security) account = get_account() storage = get_storage(namespace=namespace, logging_level=logger.level) #check rights on specific ctype (check ctype_to_group_access variable below) if ctype in ctype_to_group_access: if not check_group_rights(account, ctype_to_group_access[ctype]): return HTTPError(403, 'Insufficient rights') logger.debug("PUT:") data = request.body.readline() if not data: return HTTPError(400, "No data received") logger.debug(" + data: %s" % data) logger.debug(" + data-type: %s" % type(data)) if isinstance(data, str): try: data = json.loads(data) except Exception, err: logger.error("PUT: Impossible to parse data (%s)" % err) return HTTPError(404, "Impossible to parse data")
def account_get(_id=None): namespace = 'object' ctype= 'account' #get the session (security) account = get_account() if not check_group_rights(account, 'group.account_managing'): return HTTPError(403, 'Insufficient rights') limit = int(request.params.get('limit', default=20)) #page = int(request.params.get('page', default=0)) start = int(request.params.get('start', default=0)) #groups = request.params.get('groups', default=None) search = request.params.get('search', default=None) logger.debug("GET:") logger.debug(" + User: "******" + Group(s): "+str(account.groups)) logger.debug(" + namespace: "+str(namespace)) logger.debug(" + Ctype: "+str(ctype)) logger.debug(" + _id: "+str(_id)) logger.debug(" + Limit: "+str(limit)) #logger.debug(" + Page: "+str(page)) logger.debug(" + Start: "+str(start)) #logger.debug(" + Groups: "+str(groups)) logger.debug(" + Search: "+str(search)) storage = get_storage(namespace=namespace) total = 0 mfilter = {} if ctype: mfilter = {'crecord_type': ctype} if _id: try: records = [ storage.get(_id, account=account) ] total = 1 except Exception, err: self.logger.error("Exception !\nReason: %s" % err) return HTTPError(404, _id+" Not Found")
def account_get(_id=None): namespace = 'object' ctype = 'account' #get the session (security) account = get_account() if not check_group_rights(account, 'group.account_managing'): return HTTPError(403, 'Insufficient rights') limit = int(request.params.get('limit', default=20)) #page = int(request.params.get('page', default=0)) start = int(request.params.get('start', default=0)) #groups = request.params.get('groups', default=None) search = request.params.get('search', default=None) logger.debug("GET:") logger.debug(" + User: "******" + Group(s): " + str(account.groups)) logger.debug(" + namespace: " + str(namespace)) logger.debug(" + Ctype: " + str(ctype)) logger.debug(" + _id: " + str(_id)) logger.debug(" + Limit: " + str(limit)) #logger.debug(" + Page: "+str(page)) logger.debug(" + Start: " + str(start)) #logger.debug(" + Groups: "+str(groups)) logger.debug(" + Search: " + str(search)) storage = get_storage(namespace=namespace) total = 0 mfilter = {} if ctype: mfilter = {'crecord_type': ctype} if _id: try: records = [storage.get(_id, account=account)] total = 1 except Exception, err: self.logger.error("Exception !\nReason: %s" % err) return HTTPError(404, _id + " Not Found")
def tree_update(name='None'): namespace = 'object' account = get_account() if not check_group_rights(account,group_managing_access[0]) and not check_group_rights(account,group_managing_access[1]): return HTTPError(403, "Access Denied : Your groups have not right to create/update view") storage = get_storage(namespace=namespace, account=account) data = json.loads(request.body.readline()) logger.debug('Tree update %s' % data['_id']) try: logger.debug(' + Get future parent record') record_parent = storage.get(data['parentId'], account=account) except: return HTTPError(403, "You don't have right on the parent record") try: logger.debug(' + Get the children record') record_child = storage.get(data['_id'], account=account) except: logger.debug(' + Children not found') record_child = None #test if the record exist if isinstance(record_child, crecord): #check write rights if record_parent.check_write(account=account) and record_child.check_write(account=account): #if parents are really different if not (data['parentId'] in record_child.parent): logger.debug(' + Update relations') record_parent_old = storage.get(record_child.parent[0], account=account) logger.debug(' + Remove children %s from %s' % (record_child._id, record_parent_old._id)) record_parent_old.remove_children(record_child) logger.debug(' + Add children %s to %s' % (record_child._id, record_parent._id)) record_parent.add_children(record_child) logger.debug(' + Updating all records') storage.put([record_child, record_parent, record_parent_old],account=account) elif (record_child.name != data['crecord_name']): logger.debug(' + Rename record') logger.debug(' + old name : %s' % str(record_child.name)) logger.debug(' + new name : %s' % data['crecord_name']) record_child.name = data['crecord_name'] storage.put(record_child,account=account) else : logger.debug(' + Records are same, nothing to do') else: logger.debug('Access Denied') return HTTPError(403, "Access Denied") else: #add new view/folder parentNode = storage.get(data['parentId'], account=account) #test rights if isinstance(parentNode, crecord): if parentNode.check_write(account=account): if data['leaf'] == True: logger.debug('record is a leaf, add the new view') record = crecord({'leaf':True,'_id':data['id'],'items':data['items']},type='view',name=data['crecord_name'],account=account) else: logger.debug('record is a directory, add it') record = crecord({'_id':data['id']},type='view_directory',name=data['crecord_name'],account=account) parentNode.add_children(record) record.chown(account._id) record.chgrp(group_managing_access[0]) record.chmod('g+w') record.chmod('g+r') storage.put([record,parentNode],account=account) else: logger.debug('Access Denied') return HTTPError(403, "Access Denied") else : logger.error('ParentNode doesn\'t exist')
def account_post(): #get the session (security) account = get_account() if not check_group_rights(account,group_managing_access): return HTTPError(403, 'Insufficient rights') root_account = caccount(user="******", group="root") storage = get_storage(namespace='object',account=account) logger.debug("POST:") data = request.body.readline() if not data: return HTTPError(400, "No data received") data = json.loads(data) ## Clean data try: del data['_id'] del data['id'] del data['crecord_type'] except: pass if data['user']: #check if already exist update = False _id = "account." + str(data['user']) try: record = storage.get(_id ,account=account) logger.debug('Update account %s' % _id) update = True except: logger.debug('Create account %s' % _id) #-----------------------UPDATE---------------------- if update: #Get password if data['passwd']: passwd = str(data['passwd']) else: passwd = None #Get group group = str(data['aaa_group']) if group: if group.find('group.') == -1: group = 'group.%s' % group #get secondary groups groups = data['groups'] secondary_groups = [] if groups: if not isinstance(groups,list): groups = [groups] for one_group in groups: if one_group.find('group.') == -1: one_group = 'group.%s' % one_group try : secondary_groups.append(cgroup(storage.get(one_group,account=account))) except Exception,err: logger.error('Error while searching secondary group: %s',err) #clean secondary groups for one_record in record.data['groups']: if unicode(one_record) not in secondary_groups: remove_account_from_group(one_record,record._id) #get clean account record = storage.get(_id ,account=account) #clean del data['passwd'] del data['aaa_group'] del data['groups'] #new record for key in dict(data).keys(): record.data[key] = data[key] update_account = caccount(record) #updating if passwd: logger.debug(' + Update password ...') update_account.passwd(passwd) if group: logger.debug(' + Update group ...') update_account.chgrp(group) if secondary_groups: logger.debug(' + Update groups ...') update_account.add_in_groups(secondary_groups) storage.put(update_account, account=account) storage.put(secondary_groups, account=account) reload_account(update_account._id) else: #----------------------------CREATION-------------------------- logger.debug(' + New account') new_account = caccount(user=data['user'], group=data['aaa_group'], lastname=data['lastname'], firstname=data['firstname'], mail=data['mail']) #passwd passwd = data['passwd'] new_account.passwd(passwd) logger.debug(" + Passwd: '%s'" % passwd) #secondary groups groups = data['groups'] secondary_groups = [] if groups: if not isinstance(groups,list): groups = [groups] for one_group in groups: if one_group.find('group.') == -1: one_group = 'group.%s' % one_group try : secondary_groups.append(cgroup(storage.get(one_group,account=account))) except Exception,err: logger.error('Error while searching secondary group: %s',err) new_account.add_in_groups(secondary_groups) storage.put(secondary_groups) #put record logger.debug(' + Save new account') new_account.chown(new_account._id) storage.put(new_account, account=account) #get rootdir logger.debug(' + Create view directory') rootdir = storage.get('directory.root', account=root_account) if rootdir: userdir = crecord({'_id': 'directory.root.%s' % new_account.user,'id': 'directory.root.%s' % new_account.user ,'expanded':'true'}, type='view_directory', name=new_account.user) userdir.chown(new_account._id) userdir.chgrp(new_account.group) userdir.chmod('g-w') userdir.chmod('g-r') storage.put(userdir, account=account) rootdir.add_children(userdir) storage.put(rootdir, account=root_account) storage.put(userdir, account=account) else: logger.error('Impossible to get rootdir')
def send_event( routing_key=None): account = get_account() if not check_group_rights(account,group_managing_access): return HTTPError(403, 'Insufficient rights') connector = None connector_name = None event_type = None source_type = None component = None resource = None state = None state_type = None perf_data = None perf_data_array = None output = None long_output = None #--------------------explode routing key---------- if routing_key : logger.debug('The routing key is : %s' % str(routing_key)) routing_key = routing_key.split('.') if len(routing_key) > 6 or len(routing_key) < 5: logger.error('Bad routing key') return HTTPError(400, 'Bad routing key') connector = routing_key[0] connector_name = routing_key[1] event_type = routing_key[2] source_type = routing_key[3] component = routing_key[4] if routing_key[5]: resource = routing_key[5] #-----------------------get params------------------- if not connector: connector = request.params.get('connector', default=None) if not connector : logger.error('No connector argument') return HTTPError(400, 'Missing connector argument') if not connector_name: connector_name = request.params.get('connector_name', default=None) if not connector_name: logger.error('No connector name argument') return HTTPError(400, 'Missing connector name argument') if not event_type: event_type = request.params.get('event_type', default=None) if not event_type: logger.error('No event_type argument') return HTTPError(400, 'Missing event type argument') if not source_type: source_type = request.params.get('source_type', default=None) if not source_type: logger.error('No source_type argument') return HTTPError(400, 'Missing source type argument') if not component: component = request.params.get('component', default=None) if not component: logger.error('No component argument') return HTTPError(400, 'Missing component argument') if not resource: resource = request.params.get('resource', default=None) if not resource: logger.error('No resource argument') return HTTPError(400, 'Missing resource argument') if not state: state = request.params.get('state', default=None) if not state: logger.error('No state argument') return HTTPError(400, 'Missing state argument') if not state_type: state_type = request.params.get('state_type', default=1) if not output: output = request.params.get('output', default=None) if not long_output: long_output = request.params.get('long_output', default=None) if not perf_data: perf_data = request.params.get('perf_data', default=None) if not perf_data_array: perf_data_array = request.params.get('perf_data_array', default=None) #if type(perf_data_array) == 'str': #perf_data_array = json.loads(perf_data_array) #------------------------------forging event---------------------------------- event = cevent.forger( connector = connector, connector_name = connector_name, event_type = event_type, source_type = source_type, component = component, resource= resource, state = int(state), state_type = int(state_type), output = output, long_output = long_output, perf_data = perf_data, perf_data_array = json.loads(perf_data_array), ) logger.debug(type(perf_data_array)) logger.debug(perf_data_array) logger.debug('The forged event is : ') logger.debug(str(event)) #------------------------------AMQP Part-------------------------------------- key = cevent.get_routingkey(event) amqp.publish(event, key, amqp.exchange_name_events) logger.debug('Amqp event published') return {'total':1,'success':True,'data':{'event':event}}