class RightsTest(TestCase):
def setUp(self):
self.logger = getLogger()
self.rights = Rights()
self.data_types = ['profile', 'group', 'role']
# This should be in a filldb script
referenced_rights = {
'1234',
'1235',
'1236',
'1237',
'1238',
'1239',
'1240',
'1241',
'2344',
'2345',
'2346',
'2347',
'2348',
'2349',
'4210',
'4211'
}
for x in referenced_rights:
self.rights.add(x, 'desc test rule')
# delete everything before starting
self.rights.delete_group('group_test1')
self.rights.delete_group('group_test2')
self.rights.delete_user('jharris')
self.rights.delete_profile('profile_test1')
self.rights.delete_profile('profile_test2')
self.rights.delete_role('role_test1bis')
def tearDown(self):
pass
# TODO: cleanup the mess in default_rights
def tests(self):
# Test creation of groups
rights = {
'1234': {'desc': 'test right in group', 'checksum': 15},
'1235': {'desc': 'test right in group', 'checksum': 8},
'1236': {'desc': 'test right in group', 'checksum': 12},
'1237': {'desc': 'test right in group', 'checksum': 1},
'1238': {'desc': 'test right in group', 'checksum': 15},
'1239': {'desc': 'test right in group', 'checksum': 15},
'1240': {'desc': 'test right in group', 'checksum': 8},
'1241': {'desc': 'test right in group', 'checksum': 8}
}
rights_scnd = {
'2344': {'desc': 'test right in group', 'checksum': 15},
'2345': {'desc': 'test right in group', 'checksum': 8},
'2346': {'desc': 'test right in group', 'checksum': 12},
'2347': {'desc': 'test right in group', 'checksum': 1},
'2348': {'desc': 'test right in group', 'checksum': 15},
'2349': {'desc': 'test right in group', 'checksum': 15},
'4210': {'desc': 'test right in group', 'checksum': 8},
'4211': {'desc': 'test right in group', 'checksum': 8}
}
# basic group creation
self.rights.create_group('group_test1', rights)
self.rights.create_group('group_test2', rights_scnd)
# basic profile creation
self.rights.create_profile('profile_test1', ['group_test1'])
self.rights.create_profile('profile_test2', ['group_test2'])
# create new role and assign it to the user
self.rights.create_role('role_test1bis', 'profile_test1')
self.rights.create_user('jharris', 'role_test1bis')
# Basic check
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 1), True)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add permissions to the rights
self.rights.add_right('group_test1', 'group', '1237', 12)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Test right deletion
self.rights.remove_right('group_test1', 'group', '1237', 8)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add it back
self.rights.add_right('group_test1', 'group', '1237', 12)
# Test remove_entity
self.rights.remove_group_profile('profile_test1', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add it back
self.rights.add_group_profile('profile_test1', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Test removing the profile
self.rights.remove_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add it back
self.rights.add_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Remove the profile to add it to the role
self.rights.remove_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add the group to the role
self.rights.add_group_role('role_test1bis', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Remove it
self.rights.remove_group_role('role_test1bis', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add the specific right to the user
self.rights.add_right('jharris', 'user', '1237', 12)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Change the checksum
self.rights.remove_right('jharris', 'user', '1237', 4)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 8), True)
# Add a right on the same action to different fields
# and check that it is summed correctly
self.rights.remove_right('jharris', 'user', '1237', 8)
self.rights.remove_right('group_test1', 'user', '1237', 12)
self.rights.add_right('jharris', 'user', '1237', 2)
self.rights.add_right('role_test1bis', 'user', '1237', 4)
self.rights.add_right('group_test2', 'user', '1237', 8)
self.rights.add_group_user('jharris', 'group_test2')
self.rights.add_group_role('role_test1bis', 'group_test1')
self.rights.add_profile('role_test1bis', None, 'profile_test1')
self.rights.add_group_profile('role_test1bis', 'group_test1')
# Change entity name
self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
self.assertTrue(
'group_test2' == self.rights.get_group('group_test2')['crecord_name']
)
self.assertTrue(
self.rights.update_entity_name('group_test2', 'group', 'name_changed')
)
self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
self.assertTrue(
'name_changed' == self.rights.get_group('group_test2')['crecord_name']
)
# Update fields
uid = 'my_user'
urole = 'admin'
values = {
'_id': uid,
'contact': {
'address': '',
'name': 'Administrator'
},
'external': False,
'mail': '*****@*****.**',
'shadowpasswd': 'DEADBEEF',
'ui_language': 'fr',
}
user = self.rights.create_user(
uid, urole,
contact=None,
rights=None,
groups=None
)
self.assertEqual(user['crecord_name'], uid)
self.rights.update_fields(uid, 'user', values)
r = self.rights.user_storage._backend.find({'_id': uid})
self.assertTrue(r.count() > 0)
content = list(r.limit(1))[0]
self.assertEqual(content['crecord_name'], uid)
self.assertEqual(content['ui_language'], 'fr')
self.assertEqual(content['mail'], '*****@*****.**')
class RightsModule(MigrationModule):
CONF_PATH = 'etc/migration/rights.conf'
CATEGORY = 'RIGHTS'
def __init__(self,
actions_path=None,
users_path=None,
roles_path=None,
*args,
**kwargs):
super(RightsModule, self).__init__(*args, **kwargs)
self.logger = Logger.get('migrationtool', MigrationModule.LOG_PATH)
self.config = Configuration.load(RightsModule.CONF_PATH, Ini)
conf = self.config.get(self.CATEGORY, {})
self.manager = Rights()
if actions_path is not None:
actions_path = actions_path
else:
actions_path = conf.get('actions_path', DEFAULT_ACTIONS_PATH)
self.actions_path = os.path.expanduser(actions_path)
if users_path is not None:
users_path = users_path
else:
users_path = conf.get('users_path', DEFAULT_USERS_PATH)
self.users_path = os.path.expanduser(users_path)
if roles_path is not None:
roles_path = roles_path
else:
roles_path = conf.get('roles_path', DEFAULT_ROLES_PATH)
self.roles_path = os.path.expanduser(roles_path)
def init(self, clear=True, yes=False):
self.add_actions(self.load(self.actions_path), clear)
self.add_users(self.load(self.users_path), clear)
self.add_roles(self.load(self.roles_path), clear)
def update(self, yes=False):
self.init(clear=False)
def load(self, path):
try:
loaded = []
for fpath in os.listdir(path):
if fpath.endswith('.json'):
fullpath = os.path.join(path, fpath)
with open(fullpath) as f:
data = ensure_iterable(json.load(f))
loaded += data
except Exception as err:
self.logger.error(u'Unable to load JSON files "{0}": {1}'.format(
path, err))
loaded = []
return loaded
def add_actions(self, data, clear):
for action in data:
for aid in action:
if self.manager.get_action(aid) is None or clear:
self.logger.info(u'Initialize action: {0}'.format(aid))
self.manager.add(
aid, action[aid].get('desc', 'Empty description'))
def add_users(self, data, clear):
for user in data:
if self.manager.get_user(user['_id']) is None or clear:
self.logger.info(u'Initialize user: {0}'.format(user['_id']))
self.manager.create_user(user['_id'],
user.get('role', None),
rights=user.get('rights', None),
contact=user.get('contact', None),
groups=user.get('groups', None))
self.manager.update_fields(
user['_id'], 'user', {
'external': user.get('external', False),
'enable': user.get('enable', True),
'shadowpasswd': user.get('shadowpass', None),
'mail': user.get('mail', None),
'authkey': user.get('authkey', str(uuid1()))
})
def add_roles(self, data, clear):
for role in data:
if self.manager.get_role(role['_id']) is None or clear:
self.logger.info(u'Initialize role: {0}'.format(role['_id']))
self.manager.create_role(role['_id'],
role.get('profile', None))
self.logger.info(u'Updating role: {0}'.format(role['_id']))
record = self.manager.get_role(role['_id'])
rights = record.get('rights', {})
groups = record.get('groups', [])
rights.update(role.get('rights', {}))
groups += role.get('groups', [])
groups = list(set(groups)) # make groups unique
self.manager.update_rights(role['_id'], 'role', rights, record)
self.manager.update_group(role['_id'], 'role', groups, record)
self.manager.update_fields(
role['_id'], 'role',
{"defaultview": role.get("defaultview", None)})
class RightsTest(TestCase):
def setUp(self):
self.logger = getLogger()
self.rights = Rights()
self.data_types = ['profile', 'group', 'role']
# This should be in a filldb script
referenced_rights = {
'1234',
'1235',
'1236',
'1237',
'1238',
'1239',
'1240',
'1241',
'2344',
'2345',
'2346',
'2347',
'2348',
'2349',
'4210',
'4211'
}
for x in referenced_rights:
self.rights.add(x, 'desc test rule')
# delete everything before starting
self.rights.delete_group('group_test1')
self.rights.delete_group('group_test2')
self.rights.delete_user('jharris')
self.rights.delete_profile('profile_test1')
self.rights.delete_profile('profile_test2')
self.rights.delete_role('role_test1bis')
def tests(self):
# Test creation of groups
rights = {
'1234': {'desc': 'test right in group', 'checksum': 15},
'1235': {'desc': 'test right in group', 'checksum': 8},
'1236': {'desc': 'test right in group', 'checksum': 12},
'1237': {'desc': 'test right in group', 'checksum': 1},
'1238': {'desc': 'test right in group', 'checksum': 15},
'1239': {'desc': 'test right in group', 'checksum': 15},
'1240': {'desc': 'test right in group', 'checksum': 8},
'1241': {'desc': 'test right in group', 'checksum': 8}
}
rights_scnd = {
'2344': {'desc': 'test right in group', 'checksum': 15},
'2345': {'desc': 'test right in group', 'checksum': 8},
'2346': {'desc': 'test right in group', 'checksum': 12},
'2347': {'desc': 'test right in group', 'checksum': 1},
'2348': {'desc': 'test right in group', 'checksum': 15},
'2349': {'desc': 'test right in group', 'checksum': 15},
'4210': {'desc': 'test right in group', 'checksum': 8},
'4211': {'desc': 'test right in group', 'checksum': 8}
}
# basic group creation
self.rights.create_group('group_test1', rights)
self.rights.create_group('group_test2', rights_scnd)
# basic profile creation
self.rights.create_profile('profile_test1', ['group_test1'])
self.rights.create_profile('profile_test2', ['group_test2'])
# create new role and assign it to the user
self.rights.create_role('role_test1bis', 'profile_test1')
self.rights.create_user('jharris', 'role_test1bis')
# Basic check
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 1), True)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add permissions to the rights
self.rights.add_right('group_test1', 'group', '1237', 12)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Test right deletion
self.rights.remove_right('group_test1', 'group', '1237', 8)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add it back
self.rights.add_right('group_test1', 'group', '1237', 12)
# Test remove_entity
self.rights.remove_group_profile('profile_test1', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add it back
self.rights.add_group_profile('profile_test1', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Test removing the profile
self.rights.remove_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add it back
self.rights.add_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Remove the profile to add it to the role
self.rights.remove_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add the group to the role
self.rights.add_group_role('role_test1bis', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Remove it
self.rights.remove_group_role('role_test1bis', 'group_test1')
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
# Add the specific right to the user
self.rights.add_right('jharris', 'user', '1237', 12)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), True)
# Change the checksum
self.rights.remove_right('jharris', 'user', '1237', 4)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 12), False)
self.assertEqual(
self.rights.check_rights(
'jharris', '1237', 8), True)
# Add a right on the same action to different fields
# and check that it is summed correctly
self.rights.remove_right('jharris', 'user', '1237', 8)
self.rights.remove_right('group_test1', 'user', '1237', 12)
self.rights.add_right('jharris', 'user', '1237', 2)
self.rights.add_right('role_test1bis', 'user', '1237', 4)
self.rights.add_right('group_test2', 'user', '1237', 8)
self.rights.add_group_user('jharris', 'group_test2')
self.rights.add_group_role('role_test1bis', 'group_test1')
self.rights.add_profile('role_test1bis', None, 'profile_test1')
self.rights.add_group_profile('role_test1bis', 'group_test1')
self.assertEqual(
self.rights.get_user_rights('jharris')['1237']['checksum'],
15)
# Change entity name
self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
self.assertTrue(
'group_test2' == self.rights.get_group('group_test2')['crecord_name']
)
self.assertTrue(
self.rights.update_entity_name('group_test2', 'group', 'name_changed')
)
self.assertTrue('group_test2' in self.rights.get_user('jharris')['group'])
self.assertTrue(
'name_changed' == self.rights.get_group('group_test2')['crecord_name']
)
class RightsTest(TestCase):
def setUp(self):
self.logger = getLogger()
self.rights = Rights()
self.data_types = ['profile', 'group', 'role']
# This should be in a filldb script
referenced_rights = {
'1234', '1235', '1236', '1237', '1238', '1239', '1240', '1241',
'2344', '2345', '2346', '2347', '2348', '2349', '4210', '4211'
}
for x in referenced_rights:
self.rights.add(x, 'desc test rule')
# delete everything before starting
self.rights.delete_group('group_test1')
self.rights.delete_group('group_test2')
self.rights.delete_user('jharris')
self.rights.delete_profile('profile_test1')
self.rights.delete_profile('profile_test2')
self.rights.delete_role('role_test1bis')
def tearDown(self):
pass
# TODO: cleanup the mess in default_rights
def tests(self):
# Test creation of groups
rights = {
'1234': {
'desc': 'test right in group',
'checksum': 15
},
'1235': {
'desc': 'test right in group',
'checksum': 8
},
'1236': {
'desc': 'test right in group',
'checksum': 12
},
'1237': {
'desc': 'test right in group',
'checksum': 1
},
'1238': {
'desc': 'test right in group',
'checksum': 15
},
'1239': {
'desc': 'test right in group',
'checksum': 15
},
'1240': {
'desc': 'test right in group',
'checksum': 8
},
'1241': {
'desc': 'test right in group',
'checksum': 8
}
}
rights_scnd = {
'2344': {
'desc': 'test right in group',
'checksum': 15
},
'2345': {
'desc': 'test right in group',
'checksum': 8
},
'2346': {
'desc': 'test right in group',
'checksum': 12
},
'2347': {
'desc': 'test right in group',
'checksum': 1
},
'2348': {
'desc': 'test right in group',
'checksum': 15
},
'2349': {
'desc': 'test right in group',
'checksum': 15
},
'4210': {
'desc': 'test right in group',
'checksum': 8
},
'4211': {
'desc': 'test right in group',
'checksum': 8
}
}
# basic group creation
self.rights.create_group('group_test1', rights)
self.rights.create_group('group_test2', rights_scnd)
# basic profile creation
self.rights.create_profile('profile_test1', ['group_test1'])
self.rights.create_profile('profile_test2', ['group_test2'])
# create new role and assign it to the user
self.rights.create_role('role_test1bis', 'profile_test1')
self.rights.create_user('jharris', 'role_test1bis')
# Basic check
self.assertEqual(self.rights.check_rights('jharris', '1237', 1), True)
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
# Add permissions to the rights
self.rights.add_right('group_test1', 'group', '1237', 12)
self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)
# Test right deletion
self.rights.remove_right('group_test1', 'group', '1237', 8)
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
# Add it back
self.rights.add_right('group_test1', 'group', '1237', 12)
# Test remove_entity
self.rights.remove_group_profile('profile_test1', 'group_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
# Add it back
self.rights.add_group_profile('profile_test1', 'group_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)
# Test removing the profile
self.rights.remove_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
# Add it back
self.rights.add_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)
# Remove the profile to add it to the role
self.rights.remove_profile('role_test1bis', None, 'profile_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
# Add the group to the role
self.rights.add_group_role('role_test1bis', 'group_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)
# Remove it
self.rights.remove_group_role('role_test1bis', 'group_test1')
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
# Add the specific right to the user
self.rights.add_right('jharris', 'user', '1237', 12)
self.assertEqual(self.rights.check_rights('jharris', '1237', 12), True)
# Change the checksum
self.rights.remove_right('jharris', 'user', '1237', 4)
self.assertEqual(self.rights.check_rights('jharris', '1237', 12),
False)
self.assertEqual(self.rights.check_rights('jharris', '1237', 8), True)
# Add a right on the same action to different fields
# and check that it is summed correctly
self.rights.remove_right('jharris', 'user', '1237', 8)
self.rights.remove_right('group_test1', 'user', '1237', 12)
self.rights.add_right('jharris', 'user', '1237', 2)
self.rights.add_right('role_test1bis', 'user', '1237', 4)
self.rights.add_right('group_test2', 'user', '1237', 8)
self.rights.add_group_user('jharris', 'group_test2')
self.rights.add_group_role('role_test1bis', 'group_test1')
self.rights.add_profile('role_test1bis', None, 'profile_test1')
self.rights.add_group_profile('role_test1bis', 'group_test1')
# Change entity name
self.assertTrue(
'group_test2' in self.rights.get_user('jharris')['group'])
self.assertTrue('group_test2' == self.rights.get_group('group_test2')
['crecord_name'])
self.assertTrue(
self.rights.update_entity_name('group_test2', 'group',
'name_changed'))
self.assertTrue(
'group_test2' in self.rights.get_user('jharris')['group'])
self.assertTrue('name_changed' == self.rights.get_group('group_test2')
['crecord_name'])
# Update fields
uid = 'my_user'
urole = 'admin'
values = {
'_id': uid,
'contact': {
'address': '',
'name': 'Administrator'
},
'external': False,
'mail': '*****@*****.**',
'shadowpasswd': 'DEADBEEF',
'ui_language': 'fr',
}
user = self.rights.create_user(uid,
urole,
contact=None,
rights=None,
groups=None)
self.assertEqual(user['crecord_name'], uid)
self.rights.update_fields(uid, 'user', values)
r = self.rights.user_storage._backend.find({'_id': uid})
self.assertTrue(r.count() > 0)
content = list(r.limit(1))[0]
self.assertEqual(content['crecord_name'], uid)
self.assertEqual(content['ui_language'], 'fr')
self.assertEqual(content['mail'], '*****@*****.**')
class RightsModule(MigrationModule):
CONF_PATH = 'etc/migration/rights.conf'
CATEGORY = 'RIGHTS'
def __init__(
self,
actions_path=None,
users_path=None,
roles_path=None,
*args, **kwargs
):
super(RightsModule, self).__init__(*args, **kwargs)
self.logger = Logger.get('migrationtool', MigrationModule.LOG_PATH)
self.config = Configuration.load(RightsModule.CONF_PATH, Ini)
conf = self.config.get(self.CATEGORY, {})
self.manager = Rights()
if actions_path is not None:
actions_path = actions_path
else:
actions_path = conf.get('actions_path', DEFAULT_ACTIONS_PATH)
self.actions_path = os.path.expanduser(actions_path)
if users_path is not None:
users_path = users_path
else:
users_path = conf.get('users_path', DEFAULT_USERS_PATH)
self.users_path = os.path.expanduser(users_path)
if roles_path is not None:
roles_path = roles_path
else:
roles_path = conf.get('roles_path', DEFAULT_ROLES_PATH)
self.roles_path = os.path.expanduser(roles_path)
def init(self, clear=True, yes=False):
self.add_actions(self.load(self.actions_path), clear)
self.add_users(self.load(self.users_path), clear)
self.add_roles(self.load(self.roles_path), clear)
def update(self, yes=False):
self.init(clear=False)
def load(self, path):
try:
loaded = []
for fpath in os.listdir(path):
if fpath.endswith('.json'):
fullpath = os.path.join(path, fpath)
with open(fullpath) as f:
data = ensure_iterable(json.load(f))
loaded += data
except Exception as err:
self.logger.error(u'Unable to load JSON files "{0}": {1}'.format(
path,
err
))
loaded = []
return loaded
def add_actions(self, data, clear):
for action in data:
for aid in action:
if self.manager.get_action(aid) is None or clear:
self.logger.info(u'Initialize action: {0}'.format(aid))
self.manager.add(
aid,
action[aid].get('desc', 'Empty description')
)
def add_users(self, data, clear):
for user in data:
if self.manager.get_user(user['_id']) is None or clear:
self.logger.info(u'Initialize user: {0}'.format(user['_id']))
self.manager.create_user(
user['_id'],
user.get('role', None),
rights=user.get('rights', None),
contact=user.get('contact', None),
groups=user.get('groups', None)
)
self.manager.update_fields(
user['_id'],
'user',
{
'external': user.get('external', False),
'enable': user.get('enable', True),
'shadowpasswd': user.get('shadowpass', None),
'mail': user.get('mail', None),
'authkey': user.get('authkey', str(uuid1()))
}
)
def add_roles(self, data, clear):
for role in data:
if self.manager.get_role(role['_id']) is None or clear:
self.logger.info(u'Initialize role: {0}'.format(role['_id']))
self.manager.create_role(
role['_id'],
role.get('profile', None)
)
self.logger.info(u'Updating role: {0}'.format(role['_id']))
record = self.manager.get_role(role['_id'])
rights = record.get('rights', {})
groups = record.get('groups', [])
rights.update(role.get('rights', {}))
groups += role.get('groups', [])
groups = list(set(groups)) # make groups unique
self.manager.update_rights(role['_id'], 'role', rights, record)
self.manager.update_group(role['_id'], 'role', groups, record)
self.manager.update_fields(role['_id'], 'role', {"defaultview": role.get("defaultview", None)})
class RightsModule(MigrationModule):
@property
def actions_path(self):
if not hasattr(self, '_actions_path'):
self.actions_path = None
return self._actions_path
@actions_path.setter
def actions_path(self, value):
if value is None:
value = '~/opt/mongodb/load.d/rights/actions_ids'
self._actions_path = os.path.expanduser(value)
@property
def users_path(self):
if not hasattr(self, '_users_path'):
self.users_path = None
return self._users_path
@users_path.setter
def users_path(self, value):
if value is None:
value = '~/opt/mongodb/load.d/rights/default_users'
self._users_path = os.path.expanduser(value)
@property
def roles_path(self):
if not hasattr(self, '_roles_path'):
self.roles_path = None
return self._roles_path
@roles_path.setter
def roles_path(self, value):
if value is None:
value = '~/opt/mongodb/load.d/rights/default_roles'
self._roles_path = os.path.expanduser(value)
def __init__(
self,
actions_path=None,
users_path=None,
roles_path=None,
*args, **kwargs
):
super(RightsModule, self).__init__(*args, **kwargs)
self.manager = Rights()
if actions_path is not None:
self.actions_path = actions_path
if users_path is not None:
self.users_path = users_path
if roles_path is not None:
self.roles_path = roles_path
def init(self, clear=True):
self.add_actions(self.load(self.actions_path), clear)
self.add_users(self.load(self.users_path), clear)
self.add_roles(self.load(self.roles_path), clear)
def update(self):
self.init(clear=False)
def load(self, path):
try:
loaded = []
for fpath in os.listdir(path):
if fpath.endswith('.json'):
fullpath = os.path.join(path, fpath)
with open(fullpath) as f:
data = ensure_iterable(json.load(f))
loaded += data
except Exception as err:
self.logger.error(u'Unable to load JSON files "{0}": {1}'.format(
path,
err
))
loaded = []
return loaded
def add_actions(self, data, clear):
for action in data:
for aid in action:
if self.manager.get_action(aid) is None or clear:
self.logger.info(u'Initialize action: {0}'.format(aid))
self.manager.add(
aid,
action[aid].get('desc', 'Empty description')
)
def add_users(self, data, clear):
for user in data:
if self.manager.get_user(user['_id']) is None or clear:
self.logger.info(u'Initialize user: {0}'.format(user['_id']))
self.manager.create_user(
user['_id'],
user.get('role', None),
rights=user.get('rights', None),
contact=user.get('contact', None),
groups=user.get('groups', None)
)
self.manager.update_fields(
user['_id'],
'user',
{
'external': user.get('external', False),
'enable': user.get('enable', True),
'shadowpasswd': user.get('shadowpass', None),
'mail': user.get('mail', None),
'authkey': user.get('authkey', str(uuid1()))
}
)
def add_roles(self, data, clear):
for role in data:
if self.manager.get_role(role['_id']) is None or clear:
self.logger.info(u'Initialize role: {0}'.format(role['_id']))
self.manager.create_role(
role['_id'],
role.get('profile', None)
)
self.logger.info(u'Updating role: {0}'.format(role['_id']))
record = self.manager.get_role(role['_id'])
rights = record.get('rights', {})
groups = record.get('groups', [])
rights.update(role.get('rights', {}))
groups += role.get('groups', [])
groups = list(set(groups)) # make groups unique
self.manager.update_rights(role['_id'], 'role', rights, record)
self.manager.update_group(role['_id'], 'role', groups, record)