Пример #1
0
def delete_resource_file(colln, user, file_anno_or_id):
    """

    :type colln: MyDbCollection
    :param user:
    :param file_anno_or_id:
    :return:
    """
    if isinstance(file_anno_or_id, FileAnnotation):
        file_anno = file_anno_or_id  # type: FileAnnotation
    else:
        file_anno = JsonObject.make_from_dict(
            db_helper.read_by_id(colln,
                                 file_anno_or_id))  # type: FileAnnotation

    target_resource_id = file_anno.target
    target_resource = JsonObject.make_from_dict(
        db_helper.read_by_id(colln, target_resource_id))

    has_update_permission = permission_manager.has_persmission(
        user, Permission.UPDATE, obj=target_resource)

    if not has_update_permission:
        raise PermissionError(
            'no permission to update resource and it\'s files')

    # noinspection PyProtectedMember
    colln.delete_item(file_anno._id)
    file_path_in_resource_scope = file_anno.body.path
    file_path = resource_file_path(target_resource_id,
                                   file_path_in_resource_scope)
    os.remove(file_path)
Пример #2
0
    def get(self, user_id):
        args = self.get_parser.parse_args()
        user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)

        projection = jsonify_argument(args.get('projection', None),
                                      key='projection')
        check_argument_type(projection, (dict, ),
                            key='projection',
                            allow_none=True)
        _validate_projection(projection)
        projection = projection_helper.modified_projection(
            projection, mandatory_attrs=["_id", "jsonClass"])

        user = JsonObject.make_from_dict(
            g.users_colln.find_one(user_selector_doc, projection=None))
        if user is None:
            return error_response(message='user not found', code=404)

        if not PermissionResolver.resolve_permission(
                user, ObjectPermissions.READ, current_token.user_id,
                current_token.group_ids, g.users_colln):
            return error_response(message='permission denied', code=403)

        user_json = user.to_json_map()
        projected_user_json = users_helper.project_user_json(
            user_json, projection=projection)
        return projected_user_json
Пример #3
0
def create_new_group(groups_colln, group_json, user_id, user_group_ids, initial_agents=None, ignore_source=False):
    for k in ('_id', 'members'):
        if k in group_json:
            raise ObjModelException('you cannot set "{}" attribute.', 403)

    for k in ('groupName', 'jsonClass'):
        if k not in group_json:
            raise ObjModelException('{} should be provided for creating new group'.format(k), 400)

    if group_json['jsonClass'] != 'UsersGroup':
        raise ObjModelException('invalid jsonClass', 403)

    if not ignore_source:
        if 'source' not in group_json:
            group_json['source'] = initial_agents.all_users_group_id

    old_group = get_group(
        groups_colln, get_group_selector_doc(group_name=group_json['groupName']), projection={"_id": 1, "jsonClass": 1})
    if old_group is not None:
        raise ObjModelException('group already exists', 403)

    group = JsonObject.make_from_dict(group_json)
    # noinspection PyProtectedMember
    group.set_from_dict({"members": [user_id]})

    new_group_id = objstore_helper.create_resource(
        groups_colln, group.to_json_map(), user_id, user_group_ids,
        initial_agents=initial_agents, standalone=ignore_source)
    return new_group_id
Пример #4
0
    def get(self, group_identifier):
        args = self.get_parser.parse_args()

        identifier_type = args.get('identifier_type', '_id')
        group_selector_doc = self._group_selector_doc(group_identifier,
                                                      identifier_type)

        projection = jsonify_argument(args.get('projection', None),
                                      key='projection')
        check_argument_type(projection, (dict, ),
                            key='projection',
                            allow_none=True)
        _validate_projection(projection)
        projection = projection_helper.modified_projection(
            projection, mandatory_attrs=["_id", "jsonClass"])

        group = JsonObject.make_from_dict(
            g.users_colln.find_one(group_selector_doc, projection=None))
        if group is None:
            return error_response(message='group not found', code=404)

        if not PermissionResolver.resolve_permission(
                group, ObjectPermissions.READ, current_token.user_id,
                current_token.group_ids, g.users_colln):
            return error_response(message='permission denied', code=403)

        group_json = group.to_json_map()
        projected_group_json = projection_helper.project_doc(
            group_json, projection)
        return projected_group_json
Пример #5
0
    def post(self, group_identifier):
        args = self.get_parser.parse_args()

        identifier_type = args.get('identifier_type', '_id')
        group_selector_doc = self._group_selector_doc(group_identifier,
                                                      identifier_type)

        update_doc = jsonify_argument(args['update_doc'], key='update_doc')
        check_argument_type(update_doc, (dict, ), key='update_doc')

        if 'jsonClass' not in update_doc:
            update_doc['jsonClass'] = 'UsersGroup'
        if update_doc['jsonClass'] != 'UsersGroup':
            return error_response(message='invalid jsonClass', code=403)

        if identifier_type == '_id':
            update_doc.pop('groupName', None)
            if update_doc['_id'] != group_identifier:
                return error_response(message='invalid user_id', code=403)
        else:
            group_id = groups_helper.get_group_id(g.users_colln,
                                                  group_identifier)
            if not group_id:
                return error_response(message='no group with group_name {}'.
                                      format(group_identifier))
            update_doc['_id'] = group_id

        return_projection = jsonify_argument(args.get('return_projection',
                                                      None),
                                             key='return_projection')
        check_argument_type(return_projection, (dict, ),
                            key='return_projection',
                            allow_none=True)
        _validate_projection(return_projection)
        return_projection = projection_helper.modified_projection(
            return_projection, mandatory_attrs=['_id', 'jsonClass'])

        try:
            group_update = JsonObject.make_from_dict(update_doc)
            updated_group_id = objstore_helper.update_resource(
                g.users_colln,
                group_update.to_json_map(),
                current_token.user_id,
                current_token.group_ids,
                not_allowed_attributes=['members', 'groupName'])
            if updated_group_id is None:
                raise ObjModelException('group not exist', 404)
        except ObjModelException as e:
            return error_response(message=e.message, code=e.http_response_code)
        except ValueError as e:
            return error_response(message='schema validation error',
                                  code=403,
                                  details={"error": str(e)})

        group_json = g.users_colln.find_one(group_selector_doc,
                                            projection=return_projection)
        return group_json
Пример #6
0
    def resolve_to_absolute_path(self, file_anno_id):
        file_anno = JsonObject.make_from_dict(
            db_helper.read_by_id(self.colln, file_anno_id))
        if file_anno is None:
            return None

        custodian_resource_id = file_anno.target
        file_path_in_resource_scope = file_anno.body.path
        file_path = myservice().resource_file_path(
            self.repo_name, custodian_resource_id, file_path_in_resource_scope)
        return file_path
Пример #7
0
    def post(self, user_id):
        '''
        if not current_token.user_id:
            return error_response(message='not authorized', code=401)
        '''
        args = self.post_parser.parse_args()
        user_selector_doc = users_helper.get_user_selector_doc(_id=user_id)

        update_doc = jsonify_argument(args['update_doc'], key='update_doc')
        check_argument_type(update_doc, (dict, ), key='update_doc')
        if '_id' not in update_doc:
            update_doc['_id'] = user_id
        if 'jsonClass' not in update_doc:
            update_doc['jsonClass'] = 'User'

        if update_doc['_id'] != user_id:
            return error_response(message='invalid user_id', code=403)
        if update_doc['jsonClass'] != 'User':
            return error_response(message='invalid jsonClass', code=403)

        return_projection = jsonify_argument(args.get('return_projection',
                                                      None),
                                             key='return_projection')
        check_argument_type(return_projection, (dict, ),
                            key='return_projection',
                            allow_none=True)
        _validate_projection(return_projection)
        return_projection = projection_helper.modified_projection(
            return_projection, mandatory_attrs=['_id', 'jsonClass'])

        try:
            user_update = JsonObject.make_from_dict(update_doc)
            updated_user_id = objstore_helper.update_resource(
                g.users_colln,
                user_update.to_json_map(),
                current_token.user_id,
                current_token.group_ids,
                not_allowed_attributes=[
                    'hashedPassword', 'externalAuthentications', 'password'
                ])
            if updated_user_id is None:
                raise ObjModelException('user not exist', 404)
        except ObjModelException as e:
            return error_response(message=e.message, code=e.http_response_code)
        except (ValueError, ValidationError, TypeError) as e:
            return error_response(message='schema validation error',
                                  code=403,
                                  details={"error": str(e)})

        user_json = g.users_colln.find_one(user_selector_doc,
                                           projection=return_projection)
        return user_json
Пример #8
0
def get_group(org_name, group_id, projection=None):
    from vedavaapi.common import VedavaapiServices
    from vedavaapi.accounts import VedavaapiAccounts
    accounts_service = VedavaapiServices.lookup(
        'accounts')  # type: VedavaapiAccounts
    users_colln = accounts_service.get_users_colln(org_name)
    if projection is not None:
        if 0 in projection.values():
            projection.pop('jsonClass', None)
        else:
            projection.update({"jsonClass": 1})

    group_json = users_colln.get(group_id, projection=projection)

    return JsonObject.make_from_dict(group_json)
Пример #9
0
def remove_users_from_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):

    group = JsonObject.make_from_dict(
        users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
    if group is None:
        raise ObjModelException('group not found', 404)

    if current_user_id and not PermissionResolver.resolve_permission(
            group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
        raise ObjModelException('permission denied', 403)

    update_doc = {"$pull": {"members": {"$in": user_ids}}}
    response = users_colln.update_one(group_selector_doc, update_doc)

    return response.modified_count
Пример #10
0
def save_file(colln, user, resource_id, file, purpose):
    file_name = secure_filename(os.path.basename(file.filename))
    file_path = resource_file_path(resource_id, file_name)

    file_descriptor = FileDescriptor.from_details(file_name)
    file_annotation = FileAnnotation.from_details(file_descriptor,
                                                  resource_id,
                                                  purpose=purpose)
    handle_creation_details(colln, user, file_annotation)
    file_annotation.validate()
    created_doc = db_helper.update(colln, file_annotation, user,
                                   permission_manager)
    created_anno = JsonObject.make_from_dict(created_doc)

    file.save(file_path)
    return created_anno
Пример #11
0
def handle_creation_details(colln, user, resource):
    if not isinstance(resource, Resource):
        return resource
    user_id = user.authentication_infos[0].user_id

    if hasattr(resource, '_id'):
        old_object = JsonObject.make_from_dict(
            db_helper.read_by_id(colln, resource._id))
        raise_if_overwrites(old_object, resource, ["creator", "created"])
        # TODO modified time to be setted, contributors to be updated.
    else:
        resource.creator = user_id
        resource.contributor = [user_id]
        delete_attributes(resource, ["created"])
        resource.update_time()

    return resource
Пример #12
0
    def post(self):
        user_id = resolve_user_id()
        group_ids = [
            group['_id'] for group in groups_helper.get_user_groups(
                g.users_colln, user_id, groups_projection={"_id": 1})
        ]

        args = self.post_parser.parse_args()
        update_doc = jsonify_argument(args['update_doc'], key='update_doc')
        check_argument_type(update_doc, (dict,), key='update_doc')
        if '_id' not in update_doc:
            update_doc['_id'] = user_id
        if 'jsonClass' not in update_doc:
            update_doc['jsonClass'] = 'User'

        if update_doc['_id'] != user_id:
            return error_response(message='invalid _id', code=403)
        if update_doc['jsonClass'] != 'User':
            return error_response(message='invalid jsonClass', code=403)

        if 'password' in update_doc:
            update_doc['hashedPassword'] = bcrypt.hashpw(
                update_doc['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
            update_doc.pop('password')

        return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection')
        check_argument_type(return_projection, (dict,), key='return_projection', allow_none=True)
        _validate_projection(return_projection)
        return_projection = projection_helper.modified_projection(
            return_projection, mandatory_attrs=['_id', 'jsonClass'])

        try:
            user_update = JsonObject.make_from_dict(update_doc)
            updated_user_id = objstore_helper.update_resource(
                g.users_colln, user_update.to_json_map(), user_id, group_ids,
                not_allowed_attributes=('externalAuthentications', 'password'))
            if updated_user_id is None:
                raise ObjModelException('user not exist', 404)
        except ObjModelException as e:
            return error_response(message=e.message, code=e.http_response_code)
        except ValueError as e:
            return error_response(message='schema validation error', code=403, details={"error": str(e)})

        user_json = g.users_colln.get(user_id, projection=return_projection)
        return user_json
Пример #13
0
    def get(self, group_identifier):
        args = self.get_parser.parse_args()

        identifier_type = args.get('identifier_type', '_id')
        # noinspection PyProtectedMember
        group_selector_doc = GroupResource._group_selector_doc(
            group_identifier, identifier_type)

        group = JsonObject.make_from_dict(
            g.users_colln.find_one(group_selector_doc, projection=None))
        if group is None:
            return error_response(message='group not found', code=404)

        if not PermissionResolver.resolve_permission(
                group, ObjectPermissions.READ, current_token.user_id,
                current_token.group_ids, g.users_colln):
            return error_response(message='permission denied', code=403)

        member_ids = group.members if hasattr(group, 'members') else []
        return member_ids
Пример #14
0
def create_new_user(users_colln, user_json, initial_agents=None, with_password=True):
    for k in ('_id', 'externalAuthentications'):
        if k in user_json:
            raise ObjModelException('you cannot set "{}" attribute.', 403)

    essential_fields = ['email', 'jsonClass']
    if with_password:
        essential_fields.append('password')
    for k in essential_fields:
        if k not in user_json:
            raise ObjModelException('{} should be provided for creating new user'.format(k), 400)

    if user_json['jsonClass'] != 'User':
        raise ObjModelException('invalid jsonClass', 403)

    if with_password:
        user_json['hashedPassword'] = bcrypt.hashpw(
            user_json['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8')
        user_json.pop('password')

    existing_user = get_user(
        users_colln, get_user_selector_doc(email=user_json['email']),
        projection={"_id": 1, "jsonClass": 1})
    if existing_user is not None:
        raise ObjModelException('user already exists', 403)

    user = JsonObject.make_from_dict(user_json)
    user.set_from_dict({"externalAuthentications": WrapperObject()})

    new_user_id = objstore_helper.create_resource(
        users_colln, user.to_json_map(), None, None, initial_agents=initial_agents, standalone=True)
    permissions_helper.add_to_agent_set(
        users_colln, [new_user_id], ObjectPermissions.ACTIONS, Permission.GRANTED, user_pids=[new_user_id])

    from ..agents_helpers import groups_helper
    if initial_agents is not None:
        groups_helper.add_users_to_group(
            users_colln,
            groups_helper.get_group_selector_doc(_id=initial_agents.all_users_group_id), [new_user_id], None, None)

    return new_user_id
Пример #15
0
def add_users_to_group(users_colln, group_selector_doc, user_ids, current_user_id, current_group_ids):

    group = JsonObject.make_from_dict(
        users_colln.find_one(group_selector_doc, projection={"jsonClass": 1, "_id": 1, "source": 1, "permissions": 1}))
    if group is None:
        raise ObjModelException('group not found', 404)

    if current_user_id and not PermissionResolver.resolve_permission(
            group, ObjectPermissions.UPDATE_CONTENT, current_user_id, current_group_ids, users_colln):
        raise ObjModelException('permission denied', 403)

    for user_id in user_ids:
        from . import users_helper
        user_json = users_colln.find_one(users_helper.get_user_selector_doc(_id=user_id), projection={"_id": 1})
        if user_json is None:
            raise ObjModelException('user "{}" not found'.format(user_id), 403)

    update_doc = {"$addToSet": {"members": {"$each": user_ids}}}
    response = users_colln.update_one(group_selector_doc, update_doc)

    return response.modified_count
Пример #16
0
    def get_client(cls,
                   oauth_colln,
                   _id=None,
                   client_id=None,
                   projection=None):
        client_selector_doc = cls.get_client_selector_doc(_id=_id,
                                                          client_id=client_id)

        if client_selector_doc is None:
            return None

        if projection is not None:
            if 0 in projection.values():
                projection.pop('jsonClass', None)
            else:
                projection.update({"jsonClass": 1})

        client_json = oauth_colln.find_one(client_selector_doc,
                                           projection=projection)
        client = JsonObject.make_from_dict(client_json)
        return client
Пример #17
0
def get_group(groups_colln, group_selector_doc, projection=None):
    projection = projection_helper.modified_projection(projection, mandatory_attrs=['jsonClass'])
    group_json = groups_colln.find_one(group_selector_doc, projection=projection)
    return JsonObject.make_from_dict(group_json)
Пример #18
0
def get_json_object(colln, query_doc, projection=None, cast_class=None):
    item_json = colln.find_one(query_doc, projection=projection)
    item = JsonObject.make_from_dict(item_json)
    cast_class.cast(item)
    return item
Пример #19
0
def create_new_client(oauth_colln,
                      client_json,
                      client_type,
                      user_id,
                      group_ids,
                      initial_agents=None):
    oauth2_master_config = oauth_colln.find_one(
        {"jsonClass": OAuth2MasterConfig.json_class})
    if oauth2_master_config:
        grant_privileges_conf = oauth2_master_config['grant_privileges']

        cc_agent_set = grant_privileges_conf['client_credentials']
        allow_cc_grant = (user_id in cc_agent_set['users'] or True in [
            group in cc_agent_set['groups'] for group in group_ids
        ])

        pw_agent_set = grant_privileges_conf['password']
        allow_pw_grant = (user_id in pw_agent_set['users'] or True in [
            group in pw_agent_set['groups'] for group in group_ids
        ])
    else:
        allow_cc_grant = allow_pw_grant = False

    for k in ('_id', 'client_id', 'client_secret',
              'token_endpoint_auth_method', 'grant_types', 'response_types',
              'scope', 'user_id'):
        if k in client_json:
            raise ObjModelException('you can\'t set {} attribute'.format(k),
                                    403)

    if client_json['jsonClass'] != OAuth2Client.json_class:
        raise ObjModelException('invalid jsonClass', 403)

    essential_fields = ['name']
    for k in essential_fields:
        if k not in client_json:
            raise ObjModelException('unsufficient data', 403)

    client_id = uuid.uuid4().hex
    grant_types = ['authorization_code', 'refresh_token', 'implicit'
                   ] if client_type == 'private' else ['implicit']
    if client_type == 'private':
        if allow_cc_grant:
            grant_types.append('client_credentials')
        if allow_pw_grant:
            grant_types.append('password')

    client_json.update({
        "client_id":
        client_id,
        "token_endpoint_auth_method":
        "client_secret_post" if client_type != 'public' else 'none',
        "grant_types":
        grant_types,
        "response_types":
        ["code", "token"] if client_type == 'private' else ["token"],
        "scope":
        "vedavaapi.root",
        "user_id":
        user_id
    })

    if client_type == 'private':
        client_secret = bcrypt.gensalt(24).decode('utf-8')
        client_json['client_secret'] = client_secret

    client = JsonObject.make_from_dict(client_json)

    new_client_underscore_id = objstore_helper.create_resource(
        oauth_colln,
        client.to_json_map(),
        user_id,
        group_ids,
        initial_agents=initial_agents,
        standalone=True)
    return new_client_underscore_id
Пример #20
0
def get_client(oauth_colln, client_selector_doc, projection=None):
    projection = projection_helper.modified_projection(
        projection, mandatory_attrs=["jsonClass"])
    user_json = oauth_colln.find_one(client_selector_doc,
                                     projection=projection)
    return JsonObject.make_from_dict(user_json)
Пример #21
0
def update_tree(colln,
                user,
                branch,
                branch_path,
                parent_id,
                branch_root_node_type='root'):
    result_branch = {}

    root_node_content = branch['content']
    root_node = JsonObject.make_from_dict(root_node_content)
    handle_creation_details(colln, user, root_node)

    if branch_root_node_type == 'annotation':
        root_node.target = parent_id
    elif branch_root_node_type == 'section':
        root_node.source = parent_id

    try:
        root_node.validate()
        root_node_json = db_helper.update(
            colln, root_node, user, permission_manager=permission_manager)
        result_branch['content'] = root_node_json
    except Exception as e:
        raise TreeCrawlError('content is invalid',
                             tree_position=branch_path,
                             node_json=root_node.to_json_map(),
                             error=str(e))

    annotation_sub_branches = branch.get('annotations', [])
    result_annotation_sub_branches = []
    for n, sb in enumerate(annotation_sub_branches):
        sub_branch_path = branch_path + '.annotations[0]'
        result_annotation_sub_branch = update_tree(
            colln,
            user,
            sb,
            sub_branch_path,
            root_node_json['_id'],
            branch_root_node_type='annotation')
        result_annotation_sub_branches.append(result_annotation_sub_branch)

    if len(annotation_sub_branches):
        result_branch['annotations'] = result_annotation_sub_branches

    section_sub_branches = branch.get('sections', [])
    result_section_sub_branches = []
    for n, sb in enumerate(section_sub_branches):
        sub_branch_path = branch_path + '.sections[0]'
        result_section_sub_branch = update_tree(
            colln,
            user,
            sb,
            sub_branch_path,
            root_node_json['_id'],
            branch_root_node_type='section')
        result_section_sub_branches.append(result_section_sub_branch)

    if len(section_sub_branches):
        result_branch['sections'] = result_section_sub_branches

    return result_branch