def create_group(db_session, group_data, requester):
"""
Create a new group
:param db_session: The postgres session to be used.
:param group_data: The group data. This is a simple dictionary with "name" and
"description" keys.
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username".
:return: The new group.
"""
group_data = {k: group_data[k] for k in group_data if k in Group.fillable}
check_group(group_data)
if db_session.query(
Group.name).filter_by(name=group_data['name']).one_or_none():
raise HTTPRequestError(400,
f"Group name {group_data['name']} is in use.")
group_data['created_by'] = requester['userid']
group = Group(**group_data)
LOGGER.info(f"group {group.name} created by {requester['username']}")
LOGGER.info(group.safe_dict())
db_session.add(group)
db_session.commit()
return group
def create_group(db_session, group_data, requester):
group_data = {k: group_data[k] for k in group_data if k in Group.fillable}
check_group(group_data)
another_group = db_session.query(Group.id) \
.filter_by(name=group_data['name']).one_or_none()
if another_group:
raise HTTPRequestError(
400, "Group name '" + group_data['name'] + "' is in use.")
group_data['created_by'] = requester['userid']
g = Group(**group_data)
log().info('group ' + g.name + ' created by ' + requester['username'],
g.safeDict())
return g
def add_permissions_group():
predef_group_perm = [
{
"name": "admin",
"permission": [
'all_all'
]
},
{
"name": "user",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup',
'ro_alarms',
'ro_ca',
'wo_sign'
]
}
]
for group in predef_group_perm:
group_id = Group.getByNameOrID(group['name']).id
for perm in group['permission']:
perm_id = Permission.getByNameOrID(perm).id
r = GroupPermission(group_id=group_id, permission_id=perm_id)
db.session.add(r)
db.session.commit()
def get_group_users(db_session, group):
try:
group = Group.getByNameOrID(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this name or ID")
else:
return group.users
def add_user_group(db_session, user, group, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404,
f"No user found with this ID or name: {user}")
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(
404, f"No group found with this ID or name: {group}")
if db_session.query(UserGroup).filter_by(user_id=user.id,
group_id=group.id).one_or_none():
raise HTTPRequestError(409, "User is already a member of the group")
r = UserGroup(user_id=user.id, group_id=group.id)
db_session.add(r)
cache.delete_key(userid=user.id)
user.reset_token()
db_session.add(user)
log().info(
f"user {user.username} added to group {group.name} by {requester['username']}"
)
db_session.commit()
def getGroupUsers(dbSession, group):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this name or ID")
else:
return group.users
def get_group_permissions(db_session, group):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this name or ID")
else:
return group.permissions
def add_permissions_group():
predef_group_perm = [
{
"name": "testadm",
"permission": [
'all_all'
]
},
{
"name": "testuser",
"permission": [
'all_template',
'all_device',
'all_flows',
'ro_history',
'ro_ca',
'wo_sign',
"ro_socketio",
"all_import",
"ro_export",
"all_image"
]
}
]
for group in predef_group_perm:
group_id = Group.get_by_name_or_id(group['name']).id
for perm in group['permission']:
perm_id = Permission.get_by_name_or_id(perm).id
r = GroupPermission(group_id=group_id, permission_id=perm_id)
db.session.add(r)
db.session.commit()
def update_group(db_session, group, group_data, requester):
group_data = {k: group_data[k] for k in group_data if k in Group.fillable}
check_group(group_data)
try:
group = Group.get_by_name_or_id(group)
for key, value in group_data.items():
setattr(group, key, value)
db_session.add(group)
log().info(
'group ' + group.name + ' updated by ' + requester['username'],
group_data)
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
def updateGroup(dbSession, group, groupData, requester):
groupData = {k: groupData[k] for k in groupData if k in Group.fillable}
checkGroup(groupData)
try:
group = Group.getByNameOrID(group)
if 'name' in groupData.keys() and group.name != groupData['name']:
raise HTTPRequestError(400, "groups name can't be changed")
for key, value in groupData.items():
setattr(group, key, value)
dbSession.add(group)
log().info('group ' + group.name + ' updated by '
+ requester['username'],
groupData)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
def delete_group(db_session, group, requester):
try:
group = Group.getByNameOrID(group)
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.group_id == group.id))
db_session.execute(
UserGroup.__table__.delete(UserGroup.group_id == group.id))
cache.delete_key()
log().info(
'group ' + group.name + ' deleted by ' + requester['username'],
group.safeDict())
db_session.delete(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
def add_user_groups():
predef_user_group = [
{
"name": "testadm",
"groups": ["testadm"]
},
]
for user in predef_user_group:
user_id = User.get_by_name_or_id(user['name']).id
for group_name in user['groups']:
r = UserGroup(user_id=user_id,
group_id=Group.get_by_name_or_id(group_name).id)
db.session.add(r)
db.session.commit()
def add_user_groups():
predef_user_group = [
{
"name": "admin",
"groups": ["admin"]
},
]
for user in predef_user_group:
user_id = User.getByNameOrID(user['name']).id
for group_name in user['groups']:
r = UserGroup(user_id=user_id,
group_id=Group.getByNameOrID(group_name).id)
db.session.add(r)
db.session.commit()
def create_groups():
predef_groups = [{
"name": "testadm",
"description": "Group with the highest access privilege"
}, {
"name":
"testuser",
"description":
"This groups can do anything, except manage users"
}]
for g in predef_groups:
# mark the group as automatically created
g['created_by'] = 0
group = Group(**g)
db.session.add(group)
db.session.commit()
def remove_user_group(db_session, user, group, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
relation = db_session.query(UserGroup) \
.filter_by(user_id=user.id, group_id=group.id).one()
db_session.delete(relation)
cache.delete_key(userid=user.id)
log().info(f"user {user.username} removed from {group.name} by {requester['username']}")
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "User is not a member of the group")
def removeGroupPermission(dbSession, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = dbSession.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
dbSession.delete(relation)
cache.deleteKey(action=perm.method, resource=perm.path)
log().info('permission ' + perm.name + ' removed from '
' group ' + group.name + ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def removeUserGroup(dbSession, user, group, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
relation = dbSession.query(UserGroup) \
.filter_by(user_id=user.id, group_id=group.id).one()
dbSession.delete(relation)
cache.deleteKey(userid=user.id)
log().info('user ' + user.username + ' removed from ' + group.name +
' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "User is not a member of the group")
def addUserGroup(dbSession, user, group, requester):
try:
user = User.getByNameOrID(user)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
if dbSession.query(UserGroup).filter_by(user_id=user.id,
group_id=group.id).one_or_none():
raise HTTPRequestError(409, "User is already a member of the group")
r = UserGroup(user_id=user.id, group_id=group.id)
dbSession.add(r)
cache.deleteKey(userid=user.id)
log().info('user ' + user.username + ' added to group ' + group.name +
' by ' + requester['username'])
def addGroupPermission(dbSession, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if dbSession.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
dbSession.add(r)
cache.deleteKey(action=perm.method, resource=perm.path)
log().info('permission ' + perm.name + ' added to group ' + group.name +
' by ' + requester['username'])
def remove_group_permission(db_session, group, permission, requester):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
MVGroupPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def add_group_permission(db_session, group, permission, requester):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
MVGroupPermission.refresh()
db_session.commit()
def delete_group(db_session, group, requester):
try:
group = Group.get_by_name_or_id(group)
if group.name == 'admin':
raise HTTPRequestError(405, "Can't delete admin group")
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.group_id == group.id))
db_session.execute(
UserGroup.__table__.delete(UserGroup.group_id == group.id))
cache.delete_key()
LOGGER.info(
'group ' + group.name + ' deleted by ' + requester['username'],
group.safe_dict())
db_session.delete(group)
MVGroupPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
def addPermissionsGroup():
predefGroupPerm = [
{
"name": "admin",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup',
'all_user',
'all_pap'
]
},
{
"name": "user",
"permission": [
'all_template',
'all_device',
'all_flows',
'all_history',
'all_metric',
'all_mashup'
]
}
]
for g in predefGroupPerm:
groupId = Group.getByNameOrID(g['name']).id
for perm in g['permission']:
permId = Permission.getByNameOrID(perm).id
r = GroupPermission(group_id=groupId, permission_id=permId)
db.session.add(r)
db.session.commit()
def get_group(db_session, group):
try:
group = Group.get_by_name_or_id(group)
return group
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
