def remove_user(user):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
crud.delete_user(db.session, user, requester)
return format_response(200, "User removed")
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_sample_group_perm(transaction):
global GROUP_PERMS
perm_id = crud.create_sample_perms(transaction)
group_id = crud.create_sample_groups(transaction)
transaction['fullPath'] = transaction['fullPath'].replace("/users/", f"/{group_id[0]}/")
rship.add_group_permission(db.session, group_id[0], perm_id, REQUESTER)
GROUP_PERMS.append((group_id[0], perm_id))
def delete_group(group):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
crud.delete_group(db.session, group, requester)
return format_response(200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_sample_perms(transaction):
permission = {
"path": "/devices/info/\\*",
"method": "POST",
"permission": "permit",
"name": "sample_permission"
}
requester = {"userid": 0, "username": "******"}
perm_id = 0
try:
results = crud.create_perm(db.session, permission, requester)
perm_id = results.id
print(f"Results: {results.safe_dict()}")
except HTTPRequestError as e:
print(f"Error: {e.message}")
permission = {
"path": "/auth/user",
"method": "\\*",
"permission": "deny",
"name": "deny_user_access"
}
try:
results = crud.create_perm(db.session, permission, requester)
print(f"Results: {results.safe_dict()}")
except HTTPRequestError as e:
print(f"Error: {e.message}")
return perm_id
def create_sample_groups(transaction):
requester = {"userid": 0, "username": "******"}
group = {"name": "admin", "description": "admin"}
group_id = []
try:
results = crud.create_group(db.session, group, requester)
group_id.append(results.id)
print(f"Results are: {results.safe_dict()}")
except HTTPRequestError as e:
print(f"Error: {e.message}")
group = {"name": "common", "description": "Group for common users"}
try:
results = crud.create_group(db.session, group, requester)
group_id.append(results.id)
print(f"Results are: {results.safe_dict()}")
except HTTPRequestError as e:
print(f"Error: {e.message}")
group = {"name": "user", "description": "Group for common users"}
try:
results = crud.create_group(db.session, group, requester)
group_id.append(results.id)
print(f"Results are: {results.safe_dict()}")
except HTTPRequestError as e:
print(f"Error: {e.message}")
return group_id
def delete_permission(perm_id):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
crud.delete_perm(db.session, perm_id, requester)
return format_response(200)
except HTTPRequestError as err:
publish_alarm(err)
return format_response(err.errorCode, err.message)
def update_group(group):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
group_data = load_json_from_request(request)
crud.update_group(db.session, group, group_data, requester)
return format_response(200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_sample_group_perm(transaction):
global GROUP_PERMS
perm_id = crud.create_sample_perms(transaction)
group_id = crud.create_sample_groups(transaction)
transaction['fullPath'] = transaction['fullPath'].replace(
"/101/", f"/{group_id[0]}/")
transaction['fullPath'] = transaction['fullPath'].replace(
"/201", f"/{perm_id}")
GROUP_PERMS.append((group_id[0], perm_id))
def update_permission(permid):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
perm_data = load_json_from_request(request)
crud.update_perm(db.session, permid, perm_data, requester)
db.session.commit()
return format_response(200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def deleteGroup(group):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
crud.deleteGroup(db.session, group, requester)
MVGroupPermission.refresh()
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def updateGroup(group):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
groupData = loadJsonFromRequest(request)
crud.updateGroup(db.session, group, groupData, requester)
db.session.commit()
return formatResponse(200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def update_user(user_id):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
user = load_json_from_request(request)
crud.update_user(db.session, user_id, user, requester)
return format_response(200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def auth_clear_permissions_and_groups(transaction):
requester = {
"userid": 0,
"username": "******"
}
try:
users = crud.search_user(db.session, None)
# Delete all users
for user in users:
if user.username != 'admin':
crud.delete_user(db.session, user.username, requester)
except HTTPRequestError:
pass
try:
permissions = crud.search_perm(db.session)
for permission in permissions:
if permission.type != PermissionTypeEnum.system:
crud.delete_perm(db.session, permission.name, requester)
except HTTPRequestError as e:
pass
try:
groups = crud.search_group(db.session)
for group in groups:
if group.name != 'admin':
crud.delete_group(db.session, group.name, requester)
except HTTPRequestError as e:
pass
def delete_permission(permid):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
crud.get_perm(db.session, permid)
crud.delete_perm(db.session, permid, requester)
db.session.commit()
MVUserPermission.refresh()
MVGroupPermission.refresh()
return format_response(200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def removeUser(user):
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
oldUsername = crud.getUser(db.session, user).username
crud.deleteUser(db.session, user, requester)
kong.removeFromKong(oldUsername)
MVUserPermission.refresh()
MVGroupPermission.refresh()
db.session.commit()
return formatResponse(200, "User removed")
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def get_permission(perm_id):
try:
perm = crud.get_perm(db.session, perm_id)
return make_response(json.dumps(perm.safe_dict(), default=json_serial),
200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_sample_user_perm(transaction):
global USER_PERMS
user_id, group_id = auth.create_sample_users(transaction)
perm_id = crud.create_sample_perms(transaction)
transaction['fullPath'] = transaction['fullPath'].replace("/admin/", f"/{user_id[0]}/")
rship.add_user_permission(db.session, user_id[0], perm_id, REQUESTER)
USER_PERMS.append((user_id[0], perm_id))
def get_user(user):
try:
user = crud.get_user(db.session, user)
return make_response(
json.dumps({"user": user.safe_dict()}, default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def list_tenants():
"""Returns a list containing all existing tenants in the system"""
try:
tenants = crud.list_tenants(db.session)
return make_response(json.dumps({"tenants": tenants}), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_user():
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
auth_data = load_json_from_request(request)
# Create user
new_user = crud.create_user(db.session, auth_data, requester)
# If no problems occur to create user (no exceptions), configure kong
kong_data = kong.configure_kong(new_user.username)
if kong_data is None:
return format_response(
500, 'failed to configure verification subsystem')
new_user.secret = kong_data['secret']
new_user.key = kong_data['key']
new_user.kongId = kong_data['kongid']
db.session.add(new_user)
db.session.commit()
group_success = []
group_failed = []
if 'profile' in auth_data.keys():
group_success, group_failed = rship. \
add_user_many_groups(db.session, new_user.id,
auth_data['profile'], requester)
db.session.commit()
if conf.emailHost != 'NOEMAIL':
pwdc.create_password_set_request(db.session, new_user)
db.session.commit()
if crud.count_tenant_users(db.session, new_user.service) == 1:
log().info("will emit tenant lifecycle event {} - CREATE".format(
new_user.service))
send_notification({"type": 'CREATE', 'tenant': new_user.service})
return make_response(
json.dumps(
{
"user": new_user.safeDict(),
"groups": group_success,
"could not add": group_failed,
"message": "user created"
},
default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def get_group(group):
try:
group = crud.get_group(db.session, group)
group = group.safe_dict()
group['created_date'] = group['created_date'].isoformat()
return make_response(json.dumps(group, default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_sample_user_perm(transaction):
global USER_PERMS
user_id, group_id = auth.create_sample_users(transaction)
perm_id = crud.create_sample_perms(transaction)
transaction['fullPath'] = transaction['fullPath'].replace(
"/1/", f"/{user_id[0]}/")
transaction['fullPath'] = transaction['fullPath'].replace(
"/201", f"/{perm_id}")
USER_PERMS.append((user_id[0], perm_id))
def remove_user(user):
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
old_username = crud.get_user(db.session, user).username
old_user = crud.delete_user(db.session, user, requester)
kong.remove_from_kong(old_username)
MVUserPermission.refresh()
MVGroupPermission.refresh()
db.session.commit()
if crud.count_tenant_users(db.session, old_user.service) == 0:
log().info("will emit tenant lifecycle event {} - DELETE".format(
old_user.service))
send_notification({"type": 'DELETE', 'tenant': old_user.service})
return format_response(200, "User removed")
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_user():
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
user = load_json_from_request(request)
result = crud.create_user(db.session, user, requester)
return jsonify(result, 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_permission():
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
perm_data = load_json_from_request(request)
new_perm = crud.create_perm(db.session, perm_data, requester)
return make_response(json.dumps({
"status": 200,
"id": new_perm.id
}), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def list_users():
try:
users = crud.search_user(
db.session,
# Optional search filters
request.args['username'] if 'username' in request.args else None
)
users_safe = list(map(lambda u: u.safe_dict(), users))
return make_response(json.dumps({"users": users_safe}, default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def create_group():
try:
requester = auth.get_jwt_payload(request.headers.get('Authorization'))
group_data = load_json_from_request(request)
new_group = crud.create_group(db.session, group_data, requester)
return make_response(json.dumps({
"status": 200,
"id": new_group.id
}, default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def createGroup():
try:
requester = auth.getJwtPayload(request.headers.get('Authorization'))
groupData = loadJsonFromRequest(request)
newGroup = crud.createGroup(db.session, groupData, requester)
db.session.add(newGroup)
db.session.commit()
return make_response(json.dumps({
"status": 200,
"id": newGroup.id
}), 200)
except HTTPRequestError as err:
return formatResponse(err.errorCode, err.message)
def list_group():
try:
groups = crud.search_group(
db.session,
# search filters
request.args['name'] if 'name' in request.args else None
)
groups_safe = list(map(lambda p: p.safe_dict(), groups))
for g in groups_safe:
g['created_date'] = g['created_date'].isoformat()
return make_response(json.dumps({"groups": groups_safe}, default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
def list_permissions():
try:
perms = crud.search_perm(
db.session,
# search filters
request.args['path'] if 'path' in request.args else None,
request.args['method'] if 'method' in request.args else None,
request.args['permission'] if 'permission' in request.args else None,
request.args['type'] if 'type' in request.args else None
)
permissions_safe = list(map(lambda p: p.safe_dict(), perms))
return make_response(json.dumps({"permissions": permissions_safe}, default=json_serial), 200)
except HTTPRequestError as err:
return format_response(err.errorCode, err.message)
