def org_add_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError('You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError('This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
if not new_org_user:
raise RequestError('User "{}" does not exist'.format(user_email))
# ensure that user is not already a part of this Org.
if new_org_user.id in org.user_ids:
raise RequestError('User "{}" is already a part of Org "{}"'.format(
new_org_user.email, org.name))
org.users.append(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def org_user(user, org_id_slug, user_email):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to access this Org')
# localize
localize(org)
# get this new user by id / email
org_user = fetch_by_id_or_field(User, 'email', user_email)
if not org_user:
raise RequestError(
'This user does not yet exist')
# check whether this user can view this other user:
if not len(list(set(org_user.org_ids).intersection(set(user.org_ids)))):
raise ForbiddenError(
'You are not allowed to view this user.'
.format(user.email))
return jsonify(org_user)
def org_delete(user, org_id_slug):
if not user.admin:
raise AuthError('You must be an admin to delete an Org')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'.format(
user.name, org.name))
db.session.delete(org)
db.session.commit()
return delete_response()
def decorated_function(*args, **kw):
# get the org
org_id = arg_str('org', default=None)
if not org_id:
raise AuthError(
'An org is required for this request.')
# get the user object.
user = kw.get('user')
org = fetch_by_id_or_field(Org, 'slug', org_id)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'An Org with ID/Slug {} does exist.'
.format(org_id))
# otherwise ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'
.format(user.name, org.name))
# check if we should localize this request
localize(org)
kw['org'] = org
return f(*args, **kw)
def decorated_function(*args, **kw):
# get the org
org_id = arg_str('org', default=None)
if not org_id:
raise AuthError('An org is required for this request.')
# get the user object.
user = kw.get('user')
org = fetch_by_id_or_field(Org, 'slug', org_id)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'An Org with ID/Slug {} does exist.'.format(org_id))
# otherwise ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'.format(
user.name, org.name))
# check if we should localize this request
localize(org)
kw['org'] = org
return f(*args, **kw)
def org_delete(user, org_id_slug):
if not user.admin:
raise AuthError(
'You must be an admin to delete an Org')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'
.format(user.name, org.name))
db.session.delete(org)
db.session.commit()
return delete_response()
def org_user(user, org_id_slug, user_email):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError('This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to access this Org')
# localize
localize(org)
# get this new user by id / email
org_user = fetch_by_id_or_field(User, 'email', user_email)
if not org_user:
raise RequestError('This user does not yet exist')
# check whether this user can view this other user:
if not len(list(set(org_user.org_ids).intersection(set(user.org_ids)))):
raise ForbiddenError('You are not allowed to view this user.'.format(
user.email))
return jsonify(org_user)
def org_metrics_summary(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to access this Org')
# localize
localize(org)
req_data = request_data()
ret = ingest_metric.org_summary(
req_data,
org_id=org.id,
valid_metrics=org.org_summary_metric_names,
commit=True
)
return jsonify(ret)
def org_create_user(user, org_id_slug):
if not user.admin:
raise AuthError(
'You must be an admin to create a user for an Org.')
# get the form.
req_data = request_data()
email = req_data.get('email')
password = req_data.get('password')
name = req_data.get('name')
admin = req_data.get('admin', False)
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
"You are not allowed to access this Org.")
if User.query.filter_by(email=email).first():
raise RequestError(
'A User with email "{}" already exists'
.format(email))
if not mail.validate(email):
raise RequestError(
'{} is an invalid email address.'
.format(email))
new_org_user = User(
email=email,
password=password,
name=name,
admin=admin)
org.users.append(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def org_remove_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError(
'You must be an admin to remove a user from an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
"You are not allowed to access this Org.")
# get this existing user by id / email
existing_user = fetch_by_id_or_field(User, 'email', user_email)
if not existing_user:
raise RequestError(
'User "{}" does not yet exist'
.format(user_email))
# ensure that user is not already a part of this Org.
if existing_user.id not in org.user_ids:
raise RequestError(
'User "{}" is not a part of Org "{}"'
.format(existing_user.email, org.name))
# remove the user from the org
org.users.remove(existing_user)
# if we're force-deleting the user, do so
# but make sure their recipes are re-assigned
# to the super-user
if arg_bool('force', False):
cmd = "UPDATE recipes set user_id={} WHERE user_id={}"\
.format(org.super_user.id, existing_user.id)
db.session.execute(cmd)
db.session.delete(user)
db.session.commit()
return delete_response()
def org(user, org_id):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('Org {} does not exist.'.format(org_id))
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to access this Org')
# localize
localize(org)
return jsonify(org.to_dict(incl_domains=True))
def get_org_summary(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, "slug", org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError("This Org does not exist.")
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org")
# localize
localize(org)
return jsonify(org.summary_metrics)
def get_org_summary(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to access this Org')
# localize
localize(org)
return jsonify(org.summary_metrics)
def org_remove_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError('You must be an admin to remove a user from an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
# get this existing user by id / email
existing_user = fetch_by_id_or_field(User, 'email', user_email)
if not existing_user:
raise RequestError('User "{}" does not yet exist'.format(user_email))
# ensure that user is not already a part of this Org.
if existing_user.id not in org.user_ids:
raise RequestError('User "{}" is not a part of Org "{}"'.format(
existing_user.email, org.name))
# remove the user from the org
org.users.remove(existing_user)
# if we're force-deleting the user, do so
# but make sure their recipes are re-assigned
# to the super-user
if arg_bool('force', False):
cmd = "UPDATE recipes set user_id={} WHERE user_id={}"\
.format(org.super_user.id, existing_user.id)
db.session.execute(cmd)
db.session.delete(user)
db.session.commit()
return delete_response()
def org_update(user, org_id_slug):
req_data = request_data()
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if the org doesnt exist, create it.
if not org:
raise NotFoundError(
'This Org does not exist.')
if user.id not in org.user_ids:
raise ForbiddenError(
"You are not allowed to access this Org.")
# localize
localize(org)
# update the requesting user to the org
if 'name' in req_data:
org.name = req_data['name']
if 'slug' in req_data:
org.slug = req_data['slug']
elif 'name' in req_data:
org.slug = slugify(req_data['name'])
if 'timezone' in req_data:
org.timezone = req_data['timezone']
try:
db.session.add(org)
db.session.commit()
except Exception as e:
raise RequestError(
"An error occurred while updating this Org '{}'. "
"Here's the error message: {}"
.format(org.name, e.message))
return jsonify(org)
def org(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to access this Org')
# localize
localize(org)
return jsonify(org)
def org_content(user, org_id_slug):
"""
Return a simple list of all content items an organization owns.
"""
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to access this Org')
# localize
localize(org)
return jsonify(org.simple_content_items)
def org_users(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'.format(
user.email, org.name))
return jsonify(org.users)
def org_create_user(user, org_id_slug):
if not user.admin:
raise AuthError('You must be an admin to create a user for an Org.')
# get the form.
req_data = request_data()
email = req_data.get('email')
password = req_data.get('password')
name = req_data.get('name')
admin = req_data.get('admin', False)
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
if User.query.filter_by(email=email).first():
raise RequestError(
'A User with email "{}" already exists'.format(email))
if not mail.validate(email):
raise RequestError('{} is an invalid email address.'.format(email))
new_org_user = User(email=email, password=password, name=name, admin=admin)
org.users.append(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def org_users(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'This Org does not exist.')
# localize
localize(org)
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'User "{}" is not allowed to access Org "{}".'
.format(user.email, org.name))
return jsonify(org.users)
def create_org_timeseries(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, "slug", org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError("This Org does not exist.")
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org")
# localize
localize(org)
req_data = request_data()
ret = load.org_timeseries(req_data, org_id=org.id, metrics_lookup=org.timeseries_metrics, queued=False, commit=True)
return jsonify(ret)
def org_content(user, org_id_slug):
"""
Return a simple list of all content items an organization owns.
"""
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to access this Org')
# localize
localize(org)
return jsonify(org.simple_content_items)
def org_update(user, org_id):
req_data = request_data()
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id)
# if the org doesnt exist, create it.
if not org:
raise NotFoundError('Org {} does not exist.'.format(org_id))
if user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
# localize
localize(org)
# update the requesting user to the org
if 'name' in req_data:
org.name = req_data['name']
if 'slug' in req_data:
org.slug = req_data['slug']
elif 'name' in req_data:
org.slug = slug(req_data['name'])
if 'timezone' in req_data:
org.timezone = req_data['timezone']
try:
db.session.add(org)
db.session.commit()
except Exception as e:
raise RequestError("An error occurred while updating this Org '{}'. "
"Here's the error message: {}".format(
org.name, e.message))
return jsonify(org)
def create_org_metrics_summary(user, org_id_slug):
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
# if it still doesn't exist, raise an error.
if not org:
raise NotFoundError('This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to access this Org')
# localize
localize(org)
req_data = request_data()
ret = load.org_summary(req_data,
org_id=org.id,
mertrics_lookup=org.summary_metrics,
queue=False)
return jsonify(ret)
def org_add_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError(
'You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
if not new_org_user:
raise RequestError('User "{}" does not exist'
.format(user_email))
# ensure that user is not already a part of this Org.
if new_org_user.id in org.user_ids:
raise RequestError('User "{}" is already a part of Org "{}"'
.format(new_org_user.email, org.name))
org.users.append(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def org_add_user(user, org_id, user_email):
if not user.admin:
raise AuthError('You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id)
if not org:
raise NotFoundError('Org {} does not exist.'.format(org_id))
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError('You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
# get the form.
req_data = request_data()
email = req_data.get('email')
name = req_data.get('name')
admin = req_data.get('admin', False)
password = req_data.get('password')
if email and not mail.validate(email):
raise RequestError('{} is an invalid email address.'.format(email))
# insert
if not new_org_user:
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
new_org_user = User(email=email,
password=password,
name=name,
admin=admin)
org.users.append(new_org_user)
db.session.add(org)
# ensure the active user can edit this Org
elif new_org_user.id not in org.user_ids:
raise ForbiddenError("You are not allowed to access this Org.")
# update
if name:
new_org_user.name = name
if email:
new_org_user.email = email
if admin:
new_org_user.admin = admin
if password:
new_org_user.set_password(password)
new_org_user.admin = admin
db.session.add(new_org_user)
db.session.commit()
return jsonify(new_org_user)
def org_add_user(user, org_id_slug, user_email):
if not user.admin:
raise AuthError(
'You must be an admin to add a user to an Org.')
# fetch org
org = fetch_by_id_or_field(Org, 'slug', org_id_slug)
if not org:
raise NotFoundError(
'This Org does not exist.')
# ensure the active user can edit this Org
if user.id not in org.user_ids:
raise ForbiddenError(
'You are not allowed to edit this Org.')
# localize
localize(org)
# get this new user by id / email
new_org_user = fetch_by_id_or_field(User, 'email', user_email)
# get the form.
req_data = request_data()
email = req_data.get('email')
name = req_data.get('name')
admin = req_data.get('admin', False)
password = req_data.get('password')
if email and not mail.validate(email):
raise RequestError(
'{} is an invalid email address.'
.format(email))
# insert
if not new_org_user:
if not all([email, password, name]):
raise RequestError(
'An email, password, and name are required to create a User.')
new_org_user = User(
email=email,
password=password,
name=name,
admin=admin)
org.users.append(new_org_user)
db.session.add(org)
# ensure the active user can edit this Org
elif new_org_user.id not in org.user_ids:
raise ForbiddenError(
"You are not allowed to access this Org.")
# update
if name:
new_org_user.name = name
if email:
new_org_user.email = email
if admin:
new_org_user.admin = admin
if password:
new_org_user.set_password(password)
new_org_user.admin = admin
db.session.add(new_org_user)
db.session.commit()
return jsonify(new_org_user)
