def sync_members(g): # NOTE: g._register_silos() IS AN EXPENSIVE OPERATION. # THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY #g = ag.granary g.state.revert() g._register_silos() granary_list = g.silos granary_list_database = list_silos() usernames = list_usernames() for silo in granary_list: if not silo in granary_list_database: add_silo(silo) kw = g.describe_silo(silo) #Get existing owners, admins, managers and submitters from silo metadata owners = [] admins = [] managers = [] submitters = [] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] # Check users in silo metadata are valid users owners = [x for x in owners if x in usernames] admins = [x for x in admins if x in usernames] managers = [x for x in managers if x in usernames] submitters = [x for x in submitters if x in usernames] #Synchronize members in silo metadata with users in database d_admins = [] d_managers = [] d_sunbmitters = [] if silo in granary_list_database: d_admins, d_managers, d_submitters = list_group_usernames(silo) admins.extend(d_admins) managers.extend(d_managers) submitters.extend(d_submitters) # Ensure users are listed just once in silo metadata and owner is superset owners.extend(admins) owners.extend(managers) owners.extend(submitters) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) owners = list(set(owners)) # Add users in silo metadata to the database new_silo_users = [] for a in admins: if not a in d_admins: new_silo_users.append((a, 'administrator')) for a in managers: if not a in d_managers: new_silo_users.append((a, 'manager')) for a in new_submitters: if not a in d_submitters: new_silo_users.append((a, 'submitter')) if new_silo_users: add_group_users(silo, new_silo_users) #Write members into silo kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) g.describe_silo(silo, **kw) g.sync() return
def silouserview(self, silo, username): if not request.environ.get('repoze.who.identity'): abort(401, "Not Authorised") if not ag.granary.issilo(silo): abort(404) ident = request.environ.get('repoze.who.identity') http_method = request.environ['REQUEST_METHOD'] if http_method == 'GET': silos = ag.authz(ident) if not silo in silos: abort(403, "User is not a member of the silo %s"%silo) if not ('administrator' in ident['permissions'] or \ 'manager' in ident['permissions'] or ident['user'].user_name == username): abort(403, "Do not have administrator or manager credentials to view profiles of other users") else: silos = ag.authz(ident, permission=['administrator', 'manager']) if not silo in silos: abort(403, "Do not have administrator or manager credentials for silo %s"%silo) if not ('administrator' in ident['permissions'] or 'manager' in ident['permissions']): abort(403, "Do not have administrator or manager credentials") existing_users = list_usernames() if not username in existing_users: abort(404, "User not found") c.ident = ident c.silo = silo c.username = username if http_method == "GET": a, m, s = list_group_usernames(silo) if not (username in a or username in m or username in s): abort(404, "User not found in silo") c.user = list_user(username) #if 'groups' in c.user and c.user['groups']: # for i in c.user['groups']: # if i[0] != silo: # c.user['groups'].remove(i) accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: return render("/silo_user.html") elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = 'application/json; charset="UTF-8"' response.status_int = 200 response.status = "200 OK" return simplejson.dumps(c.user) try: mimetype = accept_list.pop(0) except IndexError: mimetype = None #Whoops nothing satisfies - return text/plain response.content_type = 'application/json; charset="UTF-8"' response.status_int = 200 response.status = "200 OK" return simplejson.dumps(c.user) elif http_method == "POST": params = request.POST if not ('role' in params and params['role'] and params['role'] in ['administrator', 'manager', 'submitter']): abort(400, "Parameters 'role' not found or is invalid") kw = ag.granary.describe_silo(silo) #Get existing owners, admins, managers and users owners = [] admins = [] managers = [] submitters = [] if 'owners' in kw and kw['owners']: owners = [x.strip() for x in kw['owners'].split(",") if x] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] to_remove = [] to_add = [] if params['role'] == 'administrator': if not 'administrator' in ident['permissions']: abort(403, "Need to be administrator to add user to role admin") if not username in admins: to_add.append((username, 'administrator')) admins.append(username) if not username in owners: owners.append(username) if username in managers: managers.remove(username) to_remove.append((username, 'manager')) if username in submitters: submitters.remove(username) to_remove.append((username, 'submitter')) elif params['role'] == 'manager': if not username in managers: to_add.append((username, 'manager')) managers.append(username) if not username in owners: owners.append(username) if username in admins: if not 'administrator' in ident['permissions']: abort(403, "Need to be admin to modify user of role admin") if len(admins) == 1: abort(403, "Add another administrator to silo before updating user role") admins.remove(username) to_remove.append((username, 'administrator')) if username in submitters: submitters.remove(username) to_remove.append((username, 'submitter')) elif params['role'] == 'submitter': if not username in submitters: to_add.append((username, 'submitter')) submitters.append(username) if not username in owners: owners.append(username) if username in admins: if not 'administrator' in ident['permissions']: abort(403, "Need to be admin to modify user of role admin") if len(admins) == 1: abort(403, "Add another administrator to silo before updating user role") admins.remove(username) to_remove.append((username, 'administrator')) if username in managers: if len(managers) == 1 and len(admins) == 0: abort(403, "Add another administrator or manager to silo before updating user role") managers.remove(username) to_remove.append((username, 'manager')) owners = list(set(owners)) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) # Update silo info if to_remove or to_add: kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) ag.granary.describe_silo(silo, **kw) ag.granary.sync() #Add new silo users into database if to_add: add_group_users(silo, to_add) response.status_int = 201 response.status = "201 Created" response.headers['Content-Location'] = url(controller="users", action="silouserview", silo=silo, username=username) response_message = "201 Created" if to_remove: delete_group_users(silo, to_remove) response.status_int = 204 response.status = "204 Updated" response_message = None else: response.status_int = 400 response.status = "400 Bad Request" response_message = "No updates to user role" #Conneg return accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: redirect(url(controller="users", action="silouserview", silo=silo, username=username)) elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = 'application/json; charset="UTF-8"' return response_message try: mimetype = accept_list.pop(0) except IndexError: mimetype = None #Whoops nothing satisfies - return text/plain response.content_type = 'application/json; charset="UTF-8"' return response_message elif http_method == "DELETE": kw = ag.granary.describe_silo(silo) #Get existing owners, admins, managers and users owners = [] admins = [] managers = [] submitters = [] if 'owners' in kw and kw['owners']: owners = [x.strip() for x in kw['owners'].split(",") if x] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] #Gather user roles to delete to_remove = [] if username in admins: if not 'administrator' in ident['permissions']: abort(403, "Need to be admin to modify user of role admin") if len(admins) == 1: abort(403, "Add another administrator to silo before deleting user") to_remove.append((username, 'administrator')) admins.remove(username) if username in managers: if len(managers) == 1 and len(admins) == 0: abort(403, "Add another administrator or manager to silo before deleting user") managers.remove(username) to_remove.append((username, 'manager')) if username in submitters: submitters.remove(username) to_remove.append((username, 'submitter')) if username in owners: owners.remove(username) owners = list(set(owners)) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) if to_remove: # Update silo info kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) ag.granary.describe_silo(silo, **kw) ag.granary.sync() delete_group_users(silo, to_remove) else: abort(400, "No user to delete") accept_list = None response.content_type = "text/plain" response.status_int = 200 response.status = "200 OK" return "{'ok':'true'}"
def sync_members(g): # NOTE: g._register_silos() IS AN EXPENSIVE OPERATION. # THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY #g = ag.granary g.state.revert() g._register_silos() granary_list = g.silos granary_list_database = list_silos() usernames = list_usernames() for silo in granary_list: if not silo in granary_list_database: add_silo(silo) kw = g.describe_silo(silo) #Get existing owners, admins, managers and submitters from silo metadata owners = [] admins = [] managers = [] submitters = [] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] # Check users in silo metadata are valid users owners = [x for x in owners if x in usernames] admins = [x for x in admins if x in usernames] managers = [x for x in managers if x in usernames] submitters = [x for x in submitters if x in usernames] #Synchronize members in silo metadata with users in database d_admins = [] d_managers = [] d_sunbmitters = [] if silo in granary_list_database: d_admins, d_managers, d_submitters = list_group_usernames(silo) admins.extend(d_admins) managers.extend(d_managers) submitters.extend(d_submitters) # Ensure users are listed just once in silo metadata and owner is superset owners.extend(admins) owners.extend(managers) owners.extend(submitters) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) owners = list(set(owners)) # Add users in silo metadata to the database new_silo_users = [] for a in admins: if not a in d_admins: new_silo_users.append((a, 'administrator')) for a in managers: if not a in d_managers: new_silo_users.append((a, 'manager')) for a in new_submitters: if not a in d_submitters: new_silo_users.append((a, 'submitter')) if new_silo_users: add_group_users(silo, new_silo_users) #Write members into silo kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) g.describe_silo(silo, **kw) g.sync() return