示例#1
0
def user_resource_permission_create(request):
    """
    Set new permissions for user for a resource
    """
    resource = request.context.resource
    user_name = request.unsafe_json_body.get('user_name')
    user = User.by_user_name(user_name)
    if not user:
        user = User.by_email(user_name)
    if not user:
        return False

    for perm_name in request.unsafe_json_body.get('permissions', []):
        permission = UserResourcePermission.by_resource_user_and_perm(
            user.id, perm_name, resource.resource_id)
        if not permission:
            permission = UserResourcePermission(perm_name=perm_name,
                                                user_id=user.id)
            resource.user_permissions.append(permission)
    DBSession.flush()
    perms = [
        p.perm_name for p in resource.perms_for_user(user) if p.type == 'user'
    ]
    result = {'user_name': user.user_name, 'permissions': list(set(perms))}
    return result
示例#2
0
def assign_users(request):
    """
    Assigns specific report group to user for review - send email notification
    """
    report_group = request.context.report_group
    application = request.context.resource
    currently_assigned = [u.user_name for u in report_group.assigned_users]
    new_assigns = request.unsafe_json_body

    # first unassign old users
    for user_name in new_assigns['unassigned']:
        if user_name in currently_assigned:
            user = User.by_user_name(user_name)
            report_group.assigned_users.remove(user)
            comment = ReportComment(owner_id=request.user.id,
                                    report_time=report_group.first_timestamp)
            comment.body = 'Unassigned group from @%s' % user_name
            report_group.comments.append(comment)

    # assign new users
    for user_name in new_assigns['assigned']:
        if user_name not in currently_assigned:
            user = User.by_user_name(user_name)
            if user in report_group.assigned_users:
                report_group.assigned_users.remove(user)
            DBSession.flush()
            assignment = ReportAssignment(
                owner_id=user.id,
                report_time=report_group.first_timestamp,
                group_id=report_group.id)
            DBSession.add(assignment)

            comment = ReportComment(owner_id=request.user.id,
                                    report_time=report_group.first_timestamp)
            comment.body = 'Assigned report_group to @%s' % user_name
            report_group.comments.append(comment)

            email_vars = {'user': user,
                          'request': request,
                          'application': application,
                          'report_group': report_group,
                          'email_title': "AppEnlight :: Assigned Report"}
            UserService.send_email(request, recipients=[user.email],
                                   variables=email_vars,
                                   template='/email_templates/assigned_report.jinja2')

    return True
示例#3
0
def groups_users_remove(request):
    """
    Get list of permissions assigned to specific resources
    """
    group = GroupService.by_id(request.matchdict.get('group_id'))
    user = User.by_user_name(request.GET.get('user_name'))
    if not group or not user:
        return HTTPNotFound()
    if len(group.users) > 1:
        group.users.remove(user)
        msg = "User removed from group"
        request.session.flash(msg)
        group.member_count = group.users_dynamic.count()
        return True
    msg = "Administrator group needs to contain at least one user"
    request.session.flash(msg, 'warning')
    return False
示例#4
0
def application_ownership_transfer(request):
    """
    Allows application owner to transfer application ownership to other user
    """
    resource = request.context.resource
    form = forms.ChangeApplicationOwnerForm(MultiDict(request.safe_json_body
                                                      or {}),
                                            csrf_context=request)
    form.password.user = request.user
    if form.validate():
        user = User.by_user_name(form.user_name.data)
        user.resources.append(resource)
        # remove integrations to not leak security data of external applications
        for integration in resource.integrations[:]:
            resource.integrations.remove(integration)
        request.session.flash(_('Application transfered'))
    else:
        return HTTPUnprocessableEntity(body=form.errors_json)
    return True
示例#5
0
def user_resource_permission_delete(request):
    """
    Removes user permission from specific resource
    """
    resource = request.context.resource

    user = User.by_user_name(request.GET.get('user_name'))
    if not user:
        return False

    for perm_name in request.GET.getall('permissions'):
        permission = UserResourcePermission.by_resource_user_and_perm(
            user.id, perm_name, resource.resource_id)
        resource.user_permissions.remove(permission)
    DBSession.flush()
    perms = [
        p.perm_name for p in resource.perms_for_user(user) if p.type == 'user'
    ]
    result = {'user_name': user.user_name, 'permissions': list(set(perms))}
    return result
示例#6
0
def groups_users_add(request):
    """
    Get list of permissions assigned to specific resources
    """
    group = GroupService.by_id(request.matchdict.get('group_id'))
    user = User.by_user_name(request.unsafe_json_body.get('user_name'))
    if not user:
        user = User.by_email(request.unsafe_json_body.get('user_name'))

    if not group or not user:
        return HTTPNotFound()
    if user not in group.users:
        group.users.append(user)
        group.member_count = group.users_dynamic.count()
    props = [
        'user_name', 'id', 'first_name', 'last_name', 'email',
        'last_login_date', 'status'
    ]
    u_dict = user.get_dict(include_keys=props)
    u_dict['gravatar_url'] = user.gravatar_url(s=20)
    return u_dict
示例#7
0
def unique_username_validator(form, field):
    user = User.by_user_name(field.data)
    if user:
        raise wtforms.ValidationError('This username already exists in system')
示例#8
0
def found_username_validator(form, field):
    user = User.by_user_name(field.data)
    # sets user to recover in email validator
    form.field_user = user
    if not user:
        raise wtforms.ValidationError('This username does not exist')