def set_user(bot, update, args, job_queue: JobQueue):
if update.message.from_user.id not in [
p.t_id for p in Permission.select(Permission.t_id)
]:
update.message.reply_text(
"You don't have permission to get issues from this jira-service")
return
user, _ = User.get_or_create(name=args[0])
user.last_updated = datetime.now()
user.save()
t_id = update.message.chat_id
try:
chat = Chat.get(t_id=t_id)
except DoesNotExist:
chat = Chat.create(t_id=t_id)
chat.user = user
chat.save()
add_job(job_queue, chat)
update.message.reply_text('You will get issues notifications from user: ' +
user.name)
def create_role(self, rolename, permissions=[]):
r = Role(rolename=rolename)
for permission in permissions:
r.permissions.append(
Permission(rolename=r.rolename, permission=permission))
self.session.add(r)
self.session.commit()
return r
def create_role(self, rolename, permissions=[]):
r = Role(rolename=rolename)
r.last_changed_by = "Unknown"
r.last_change_date = datetime.now()
for permission in permissions:
r.permissions.append(Permission(rolename=r.rolename, permission=permission))
self.session.add(r)
self.session.commit()
return r
def update_role(self, role, permissions):
r = self.session.query(Role).filter(Role.rolename == role.rolename)\
.filter(Role.valid_until == ModelUtility.NullTimeStamp).first()
# 1. Aktuellen Stand der Rolle als Version sichern
r_version = Role(rolename=r.rolename, valid_until=datetime.now())
r_version.last_change_date = r.last_change_date
r_version.last_changed_by = r.last_changed_by
r_version.permissions = []
for permission in r.permissions:
r_version.permissions.append(Permission(role=r, permission=permission.permission))
self.session.add(r_version)
# 2. Rolle aktualisieren
r.permissions = []
for permission in permissions:
r.permissions.append(Permission(role=r, permission=permission))
r.last_change_date = datetime.now()
r.last_changed_by = 'blub'
self.session.add(r)
self.session.commit()
def update_role(self, role, permissions):
r = self.session.query(Role).filter(
Role.rolename == role.rolename).first()
r.permissions = []
for permission in permissions:
r.permissions.append(
Permission(rolename=r.rolename, permission=permission))
r.last_change_date = datetime.now()
r.last_changed_by = 'blub'
self.session.add(r)
self.session.commit()
def update_role(self, role):
r = self.session.query(RoleEntity).filter(RoleEntity.rolename == role.rolename).\
filter(RoleEntity.deleted == False).first()
if r is None:
raise Exception("Die Rolle {0} ist gelöscht oder existiert nicht".format(role.rolename))
r.future_version.permissions = []
for permission in role.permissions:
r.future_version.permissions.append(Permission(role_version=r.future_version, permission=permission))
r.future_version.last_change_date = datetime.now()
r.future_version.last_changed_by = "unbekannt"
self.session.add(r.future_version)
self.session.commit()
def commit(self, rolename):
r = self.session.query(RoleEntity).filter(RoleEntity.rolename == rolename).\
filter(RoleEntity.deleted == False).first()
if r is None:
raise Exception("Die Rolle {0} ist gelöscht oder existiert nicht".format(rolename))
# Neue Rollenversion anlegen
r_version = RoleVersion(role=r)
r_version.create_date = datetime.now()
r_version.last_change_date = datetime.now()
r_version.last_changed_by = "unbekannt"
for permission in r.future_version.permissions:
r_version.permissions.append(Permission(role_version=r_version, permission=permission.permission))
# Versionen weiterschalten
r.current_version = r.future_version
r.future_version = r_version
# Speichern
self.session.add(r)
self.session.add(r.current_version)
self.session.add(r_version)
self.session.commit()
def create_role(self, role):
# Prüfen, ob die Rolle bereits existiert
exists = self.session.query(RoleEntity).filter(RoleEntity.rolename == role.rolename).count()
# Prüfen, ob der Benutzer bereits als gelöscht existiert
deleted = self.session.query(RoleEntity).filter(RoleEntity.rolename == role.rolename).\
filter(RoleEntity.deleted).count()
if deleted == 1:
# Benutzerobjekt laden und wieder aktivieren
r = self.session.query(RoleEntity).filter(RoleEntity.rolename == role.rolename).\
filter(RoleEntity.deleted).first()
elif exists == 0:
# Benuter-Basisobjekt anlegen
r = RoleEntity(rolename=role.rolename)
else:
# Ansonsten gibts den Benutzer schon in aktivem Zustand => Fehler!
raise Exception("Der Rollenname {0} wird bereits verwendet".format(role.rolename))
r.create_date = datetime.now()
r.deleted = False
r_version = RoleVersion(role=r)
r_version.create_date = r.create_date
r_version.last_change_date = datetime.now()
r_version.last_changed_by = "unbekannt"
r.future_version = r_version
for permission in role.permissions:
r_version.permissions.append(Permission(role_version=r_version, permission=permission))
self.session.add(r)
self.session.add(r_version)
self.session.commit()
return r
def insert_test_data(engine):
Session = sessionmaker(engine)
session = Session()
head_dept = session.query(Dept).filter(Dept.name == '总部').first()
dept1 = Dept(name='研发部', desc='研发部', parent_id=head_dept.id)
session.add(dept1)
session.flush()
dept1_1 = Dept(name='研发一部', desc='研发一部', parent_id=dept1.id)
dept1_2 = Dept(name='研发二部', desc='研发二部', parent_id=dept1.id)
session.add(dept1_1)
session.add(dept1_2)
dept2 = Dept(name='市场部', desc='市场部', parent_id=head_dept.id)
session.add(dept2)
session.flush()
dept2_1 = Dept(name='市场一部', desc='市场一部', parent_id=dept2.id)
dept2_2 = Dept(name='市场二部', desc='市场二部', parent_id=dept2.id)
session.add(dept2_1)
session.add(dept2_2)
session.flush()
user1 = User(name='熊大',
password=utils.md5encode('abc123'),
dept_id=dept1.id)
user2 = User(name='熊二',
password=utils.md5encode('abc123'),
dept_id=dept2.id)
user3 = User(name='张三',
password=utils.md5encode('abc123'),
email='*****@*****.**',
dept_id=dept1_1.id)
user4 = User(name='李四',
password=utils.md5encode('abc123'),
email='*****@*****.**',
dept_id=dept1_2.id)
user5 = User(name='王五',
password=utils.md5encode('abc123'),
dept_id=dept2_1.id)
user6 = User(name='赵六',
password=utils.md5encode('abc123'),
dept_id=dept2_2.id)
user7 = User(name='用户1',
password=utils.md5encode('abc123'),
dept_id=dept1_1.id)
user8 = User(name='用户2',
password=utils.md5encode('abc123'),
dept_id=dept1_2.id)
user9 = User(name='用户3',
password=utils.md5encode('abc123'),
dept_id=dept1_1.id)
user10 = User(name='用户4',
password=utils.md5encode('abc123'),
dept_id=dept1_2.id)
session.add(user1)
session.add(user2)
session.add(user3)
session.add(user4)
session.add(user5)
session.add(user6)
session.add(user7)
session.add(user8)
session.add(user9)
session.add(user10)
session.flush()
sys_admin_role = session.query(Role).filter(Role.name == '系统管理员').first()
dept_admin_role = session.query(Role).filter(Role.name == '部门管理员').first()
user_role = session.query(Role).filter(Role.name == '普通用户').first()
session.add(UserRoleMembership(user1.id, dept_admin_role.id))
session.add(UserRoleMembership(user2.id, dept_admin_role.id))
session.add(UserRoleMembership(user3.id, dept_admin_role.id))
session.add(UserRoleMembership(user4.id, dept_admin_role.id))
session.add(UserRoleMembership(user5.id, dept_admin_role.id))
session.add(UserRoleMembership(user6.id, dept_admin_role.id))
session.add(UserRoleMembership(user7.id, user_role.id))
session.add(UserRoleMembership(user8.id, user_role.id))
session.add(UserRoleMembership(user9.id, user_role.id))
session.add(UserRoleMembership(user10.id, user_role.id))
session.flush()
session.add(
Permission(path='^/depts$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/depts/.*', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/depts$', role_id=sys_admin_role.id, method='POST'))
session.add(
Permission(path='^/depts/.*', role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/depts/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/depts$', role_id=dept_admin_role.id, method='GET'))
session.add(
Permission(path='^/depts/.*', role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/depts$', role_id=dept_admin_role.id, method='POST'))
session.add(
Permission(path='^/depts/.*',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/depts/.*',
role_id=dept_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/roles$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/roles$', role_id=dept_admin_role.id, method='GET'))
session.add(Permission(path='^/roles$', role_id=user_role.id,
method='GET'))
session.add(
Permission(path='^/users$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/users/.*', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/users$', role_id=sys_admin_role.id, method='POST'))
session.add(
Permission(path='^/users/.*', role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/users/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/users$', role_id=dept_admin_role.id, method='GET'))
session.add(
Permission(path='^/users/.*', role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/users$', role_id=dept_admin_role.id, method='POST'))
session.add(
Permission(path='^/users/.*',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/users/.*',
role_id=dept_admin_role.id,
method='DELETE'))
session.add(Permission(path='^/users$', role_id=user_role.id,
method='GET'))
session.add(
Permission(path='^/users/.*', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/flavors$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/flavors$', role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/flavors$', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/flavors$', role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/flavors/.*',
role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/flavors/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/servers$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/servers$', role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/servers$', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/servers/.*',
role_id=sys_admin_role.id,
method='GET'))
session.add(
Permission(path='^/servers/.*',
role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/servers/.*', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/servers$', role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/servers$',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/servers$', role_id=user_role.id, method='POST'))
session.add(
Permission(path='^/servers/.*',
role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/servers/.*',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/servers/.*', role_id=user_role.id, method='POST'))
session.add(
Permission(path='^/servers/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/servers/.*',
role_id=dept_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/servers/.*', role_id=user_role.id, method='DELETE'))
session.add(
Permission(path='^/volumes$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/volumes$', role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/volumes$', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/volumes/.*',
role_id=sys_admin_role.id,
method='GET'))
session.add(
Permission(path='^/volumes/.*',
role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/volumes/.*', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/volumes$', role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/volumes$',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/volumes$', role_id=user_role.id, method='POST'))
session.add(
Permission(path='^/volumes/.*',
role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/volumes/.*',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/volumes/.*', role_id=user_role.id, method='POST'))
session.add(
Permission(path='^/volumes/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/volumes/.*',
role_id=dept_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/volumes/.*', role_id=user_role.id, method='DELETE'))
session.add(
Permission(path='^/snapshots$',
role_id=sys_admin_role.id,
method='GET'))
session.add(
Permission(path='^/snapshots$',
role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/snapshots$', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/snapshots/.*',
role_id=sys_admin_role.id,
method='GET'))
session.add(
Permission(path='^/snapshots/.*',
role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/snapshots/.*', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/snapshots$',
role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/snapshots$',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/snapshots$', role_id=user_role.id, method='POST'))
session.add(
Permission(path='^/snapshots/.*',
role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/snapshots/.*',
role_id=dept_admin_role.id,
method='POST'))
session.add(
Permission(path='^/snapshots/.*', role_id=user_role.id, method='POST'))
session.add(
Permission(path='^/snapshots/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/snapshots/.*',
role_id=dept_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/snapshots/.*',
role_id=user_role.id,
method='DELETE'))
session.add(
Permission(path='^/images$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/images$', role_id=dept_admin_role.id, method='GET'))
session.add(
Permission(path='^/images$', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/images/.*', role_id=sys_admin_role.id,
method='GET'))
session.add(
Permission(path='^/images/.*',
role_id=dept_admin_role.id,
method='GET'))
session.add(
Permission(path='^/images/.*', role_id=user_role.id, method='GET'))
session.add(
Permission(path='^/images$', role_id=sys_admin_role.id, method='POST'))
session.add(
Permission(path='^/images/.*',
role_id=sys_admin_role.id,
method='POST'))
session.add(
Permission(path='^/images/.*',
role_id=sys_admin_role.id,
method='DELETE'))
session.add(
Permission(path='^/hypervisors$',
role_id=sys_admin_role.id,
method='GET'))
session.add(
Permission(path='^/hosts$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/logs$', role_id=sys_admin_role.id, method='GET'))
session.add(
Permission(path='^/monitor/.*',
role_id=sys_admin_role.id,
method='GET'))
session.commit()
session.close()
def setup_database():
init_model(engine)
teardownDatabase()
elixir.setup_all(True)
# Creating permissions
see_site = Permission()
see_site.permission_name = u'see-site'
see_site.description = u'see-site permission description'
DBSession.save(see_site)
edit_site = Permission()
edit_site.permission_name = u'edit-site'
edit_site.description = u'edit-site permission description'
DBSession.save(edit_site)
commit = Permission()
commit.permission_name = u'commit'
commit.description = u'commit permission description'
DBSession.save(commit)
# Creating groups
admins = Group()
admins.group_name = u'admins'
admins.display_name = u'Admins Group'
admins.permissions.append(edit_site)
DBSession.save(admins)
developers = Group(group_name=u'developers',
display_name=u'Developers Group')
developers.permissions = [commit, edit_site]
DBSession.save(developers)
trolls = Group(group_name=u'trolls', display_name=u'Trolls Group')
trolls.permissions.append(see_site)
DBSession.save(trolls)
# Plus a couple of groups with no permissions
php = Group(group_name=u'php', display_name=u'PHP Group')
DBSession.save(php)
python = Group(group_name=u'python', display_name=u'Python Group')
DBSession.save(python)
# Creating users
user = User()
user.user_name = u'rms'
user.password = u'freedom'
user.email_address = u'*****@*****.**'
user.groups.append(admins)
user.groups.append(developers)
DBSession.save(user)
user = User()
user.user_name = u'linus'
user.password = u'linux'
user.email_address = u'*****@*****.**'
user.groups.append(developers)
DBSession.save(user)
user = User()
user.user_name = u'sballmer'
user.password = u'developers'
user.email_address = u'*****@*****.**'
user.groups.append(trolls)
DBSession.save(user)
# Plus a couple of users without groups
user = User()
user.user_name = u'guido'
user.password = u'phytonic'
user.email_address = u'*****@*****.**'
DBSession.save(user)
user = User()
user.user_name = u'rasmus'
user.password = u'php'
user.email_address = u'*****@*****.**'
DBSession.save(user)
DBSession.commit()
def setup_database():
init_model(engine)
teardownDatabase()
elixir.setup_all(True)
# Creating permissions
see_site = Permission()
see_site.permission_name = u'see-site'
see_site.description = u'see-site permission description'
DBSession.save(see_site)
edit_site = Permission()
edit_site.permission_name = u'edit-site'
edit_site.description = u'edit-site permission description'
DBSession.save(edit_site)
commit = Permission()
commit.permission_name = u'commit'
commit.description = u'commit permission description'
DBSession.save(commit)
# Creating groups
admins = Group()
admins.group_name = u'admins'
admins.display_name = u'Admins Group'
admins.permissions.append(edit_site)
DBSession.save(admins)
developers = Group(group_name=u'developers',
display_name=u'Developers Group')
developers.permissions = [commit, edit_site]
DBSession.save(developers)
trolls = Group(group_name=u'trolls', display_name=u'Trolls Group')
trolls.permissions.append(see_site)
DBSession.save(trolls)
# Plus a couple of groups with no permissions
php = Group(group_name=u'php', display_name=u'PHP Group')
DBSession.save(php)
python = Group(group_name=u'python', display_name=u'Python Group')
DBSession.save(python)
# Creating users
user = User()
user.user_name = u'rms'
user.password = u'freedom'
user.email_address = u'*****@*****.**'
user.groups.append(admins)
user.groups.append(developers)
DBSession.save(user)
user = User()
user.user_name = u'linus'
user.password = u'linux'
user.email_address = u'*****@*****.**'
user.groups.append(developers)
DBSession.save(user)
user = User()
user.user_name = u'sballmer'
user.password = u'developers'
user.email_address = u'*****@*****.**'
user.groups.append(trolls)
DBSession.save(user)
# Plus a couple of users without groups
user = User()
user.user_name = u'guido'
user.password = u'phytonic'
user.email_address = u'*****@*****.**'
DBSession.save(user)
user = User()
user.user_name = u'rasmus'
user.password = u'php'
user.email_address = u'*****@*****.**'
DBSession.save(user)
DBSession.commit()