def invited_user(email):
# Validate email with https://github.com/JoshData/python-email-validator ?
# Setup a temporary user so that we can add the ACL
# Also setup the pre-registration info they can
name = email.split('@', 1)[0]
count = 1
check_name = name
while True:
user = DBSession.query(BQUser).filter_by(
resource_name=check_name).first()
if user is None:
name = check_name
break
check_name = name + str(count)
count += 1
password = ''.join(random.SystemRandom().choice(string.ascii_uppercase +
string.digits)
for _ in range(6))
log.debug('AUTH: tg_user name=%s email=%s display=%s', name, email, email)
tg_user = User(user_name=name,
password=password,
email_address=email,
display_name=email)
try:
DBSession.add(tg_user)
DBSession.flush()
data_service.cache_invalidate("/data_service/user")
except sqlalchemy.exc.IntegrityError:
log.exception('During user invitation')
log.debug("AUTH: tg_user = %s", str(tg_user))
# we should have created the BQUser by now.
user = DBSession.query(BQUser).filter_by(resource_name=name).first()
return (user, password)
def post_user(self, doc, **kw):
"""
Creates new user with tags, the owner of the tags is assigned to the user
document format:
<user name="user">
<tag name="password" value="12345"/>
<tag name="email" value="*****@*****.**"/>
<tag name="display_name" value="user"/>
</user>
"""
userxml = etree.fromstring(doc)
required_tags = ['user_name', 'password', 'email', 'display_name']
tags = {}
if userxml.tag == 'user':
user_name = userxml.attrib['name']
if user_name:
tags['user_name'] = user_name
for t in userxml.xpath('tag'):
tags[t.get('name')] = t.get('value')
#if (t.attrib['name']=='password') or (t.attrib['name']=='email'):
if t.get('name') in REMOVE_TAGS:
t.getparent().remove(t) #removes email and password
if t.attrib['name'] == 'email':
userxml.attrib['value'] = t.attrib[
'value'] #set it as value of the user
if all(k in tags for k in required_tags):
log.debug("ADMIN: Adding user: %s", str(user_name))
u = User(user_name=tags['user_name'],
password=tags['password'],
email_address=tags['email'],
display_name=tags['display_name'])
DBSession.add(u)
self._update_groups(u, tags.get('groups', '').split(','))
try:
transaction.commit()
except IntegrityError:
abort(
405,
'Another user already has this user name or email address'
)
#r = BQUser.query.filter(BQUser.resource_name == tags['user_name']).first()
r = data_service.query(resource_type='user',
name=tags['user_name'],
wpublic=1)
if len(r) > 0:
admin = get_username() #get admin user
set_current_user(
tags['user_name']
) #change document as user so that all changes are owned by the new user
r = data_service.update_resource(
'/data_service/%s' %
r[0].attrib.get('resource_uniq'),
new_resource=userxml)
set_current_user(admin) #set back to admin user
return self.get_user(
'%s' % r.attrib.get('resource_uniq'), **kw)
else:
abort(400)
abort(400)
def __init__(self, user_name=None, password=None,
email_address=None, display_name=None,
create_tg=False, tg_user = None, create_store=True,**kw):
super(BQUser, self).__init__()
if not display_name: display_name = user_name
if create_tg and tg_user is None:
tg_user = User()
tg_user.user_name = user_name
tg_user.email_address = email_address
tg_user.password = password
tg_user.display_name = display_name
DBSession.add(tg_user)
self.permission = 'published'
self.resource_name = tg_user.user_name
self.resource_value = tg_user.email_address
dn = Tag (parent = self)
dn.name = 'display_name'
dn.value = tg_user.display_name or tg_user.user_name
dn.owner = self
self.owner = self
self.permission = 'published'
if create_store:
#from bq.commands.stores import init_stores
#init_stores (tg_user.user_name)
root_store = BQStore(owner_id = self)
root_store.resource_name='(root)'
root_store.resource_unid='(root)'
DBSession.add(root_store)
def setUp(self):
"""Prepare model test fixture."""
try:
new_attrs = {}
new_attrs.update(self.attrs)
new_attrs.update(self.do_get_dependencies())
self.obj = self.klass(**new_attrs) #pylint: disable=not-callable
DBSession.add(self.obj)
DBSession.flush()
return self.obj
except Exception:
DBSession.rollback()
raise
def bquser_callback (tg_user, operation, **kw):
# Deleted users will receive and update callback
if tg_user is None:
return
if operation =='create':
u = DBSession.query(BQUser).filter_by(resource_name=tg_user.user_name).first()
if u is None:
u = BQUser(tg_user=tg_user)
DBSession.add(u)
log.info ('created BQUSER %s' , u.name)
return
if operation == 'update':
u = DBSession.query(BQUser).filter_by(resource_name=tg_user.user_name).first()
if u is not None:
u.value = tg_user.email_address
dn = u.findtag('display_name', create=True)
dn.value = tg_user.display_name
dn.permission = 'published'
log.info ('updated BQUSER %s' , u.name)
return
def new_group(self, *args, **kw):
if len(args):
group_names = args
else:
content_type = request.headers.get('Content-Type')
inputer = find_inputer(content_type)
els = inputer(request.body_file)
group_names = els.xpath('//group/@name')
resource = etree.Element('resource')
for nm in group_names:
g = Group(group_name=nm)
DBSession.add(g)
etree.SubElement(resource, 'group', name=nm)
try:
transaction.commit()
except (IntegrityError, InvalidRequestError) as e:
transaction.abort()
abort(400, "Bad request %s" % e)
return resource
def new_user (cls, email, password, create_tg = False):
bquser = cls( user_name= email,
email_address=email,
display_name=email,
password = password)
DBSession.add (bquser)
DBSession.flush()
DBSession.refresh(bquser)
bquser.owner_id = bquser.id
if create_tg:
tg_user = User()
tg_user.user_name = email
tg_user.email_address = email
tg_user.password = password
tg_user.display_name = email
#tg_user.dough_user_id = self.id
DBSession.add(tg_user)
DBSession.flush()
return bquser
def bisquik2db_internal(inputs, parent, resource, replace):
'''Parse a document (either as a doc, or an etree.
Verify against xmlschema if present
'''
results = []
if parent is not None:
parent = DBSession.merge(parent)
if resource is not None:
resource = DBSession.merge(resource)
ts = datetime.now()
for el in inputs:
node = updateDB(root=el,
parent=parent,
resource=resource,
replace=replace,
ts=ts)
log.debug("returned %s ", str(node))
log.debug('modified : new (%d), dirty (%d), deleted(%d)',
len(DBSession.new), len(DBSession.dirty),
len(DBSession.deleted)) # pylint: disable=no-member
if node not in DBSession: # pylint: disable=unsupported-membership-test
# pylint: disable=no-member
DBSession.add(node)
#log.debug ("node.document = %s" , str( node.document))
node.document.ts = ts
results.append(node)
#DBSession.flush()
#for node in results:
# DBSession.refresh(node)
if log.isEnabledFor(logging.DEBUG):
log.debug('modifyed : new (%d), dirty (%d), deleted(%d)',
len(DBSession.new), len(DBSession.dirty),
len(DBSession.deleted)) # pylint: disable=no-member
log.debug("Bisquik2db last_node %s of document %s ", str(node),
str(node.document))
if len(results) == 1:
return node
return results
def resource_acl(resource,
newauth,
user=None,
acl=None,
notify=False,
invalidate=True,
action='append'):
"""Create or modify resource acls
@param resource: resource (Taggable)
@param newauth : an etree of the acl record or None if deleting
@param user : the user (Taggable) of the acl or None (will be determined from newauth)
@param acl : the acl (TaggableAcl) or None (will be found or created)
@param notify : send an email on state change (boolean)
@param invalidate: Invalidate caches (boolean)
@parama delete : Append/modify or Delete record (boolean)
@return an etree acl record
"""
log.debug("ACL SET %s", resource)
user, passwd = match_user(user=user,
user_uniq=newauth.get('user'),
email=newauth.get('email'))
if acl is None:
try:
DBSession.flush() # autoflush is off so flush before query
except sqlalchemy.exc.IntegrityError:
log.exception("while preparing for query")
acl = DBSession.query(TaggableAcl).filter_by(taggable_id=resource.id,
user_id=user.id).first()
if acl is None: # Check if newauth is not None or delete is true???
acl = TaggableAcl()
acl.taggable_id = resource.id
acl.user_id = user.id
acl.action = "read"
DBSession.add(acl)
if action == 'delete':
log.debug("Removing %s from %s for %s",
newauth.get('action', RESOURCE_READ), resource.resource_uniq,
user.resource_uniq)
# http://stackoverflow.com/questions/8306506/deleting-an-object-from-an-sqlalchemy-session-before-its-been-persisted
if acl in DBSession.new:
DBSession.expunge(acl)
else:
DBSession.delete(acl)
else:
log.debug("Changing share on %s for %s action=%s",
resource.resource_uniq, user.resource_uniq,
newauth.get('action', RESOURCE_READ))
acl.action = newauth.get('action', RESOURCE_READ)
#
# Special actions on sharing specific resource types
#
handler = SHARE_HANDLERS.get(resource.resource_type)
if handler:
log.debug("Special share handling with %s", handler)
handler(resource.resource_uniq, user.resource_uniq, newauth, action)
# Notify changes if needed
if notify:
try:
notify_user(action, resource, user, passwd)
except Exception:
log.exception("While notifying share")
if invalidate:
Resource.hier_cache.invalidate_resource(None, user=user.id)
# Return the new/updated auth element
return _aclelem(resource, user, acl)
