def delete_perm(db_session, permission: str, requester):
"""
Removes a permission from the system
:param db_session: The postgres session to be used.
:param permission: String The permission to be removed (name or ID).
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username".
:return:
:raises HTTPRequestError: Can't delete a system permission.
"""
try:
perm = Permission.get_by_name_or_id(permission)
if perm.type == PermissionTypeEnum.api:
db_session.execute(
UserPermission.__table__.delete(
UserPermission.permission_id == perm.id))
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.permission_id == perm.id))
cache.delete_key(action=perm.method, resource=perm.path)
LOGGER.info(
f"permission {perm.name} deleted by {requester['username']}")
LOGGER.info(perm.safe_dict())
db_session.delete(perm)
db_session.commit()
MVUserPermission.refresh()
MVGroupPermission.refresh()
else:
raise HTTPRequestError(405, "Can't delete a system permission")
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
def add_user_group(db_session, user, group, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404,
f"No user found with this ID or name: {user}")
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(
404, f"No group found with this ID or name: {group}")
if db_session.query(UserGroup).filter_by(user_id=user.id,
group_id=group.id).one_or_none():
raise HTTPRequestError(409, "User is already a member of the group")
r = UserGroup(user_id=user.id, group_id=group.id)
db_session.add(r)
cache.delete_key(userid=user.id)
user.reset_token()
db_session.add(user)
log().info(
f"user {user.username} added to group {group.name} by {requester['username']}"
)
db_session.commit()
def delete_user(db_session, user, requester):
try:
user = User.getByNameOrID(user)
if user.id == requester['userid']:
raise HTTPRequestError(400, "a user can't remove himself")
db_session.execute(
UserPermission.__table__.delete(UserPermission.user_id == user.id))
db_session.execute(
UserGroup.__table__.delete(UserGroup.user_id == user.id))
cache.delete_key(userid=user.id)
# The user is not hardDeleted.
# it should be copied to inactiveUser table
inactiveTables.PasswdInactive.createInactiveFromUser(
db_session,
user,
)
inactiveTables.UserInactive.createInactiveFromUser(
db_session, user, requester['userid'])
password.expire_password_reset_requests(db_session, user.id)
db_session.delete(user)
log().info(
'user ' + user.username + ' deleted by ' + requester['username'],
user.safeDict())
return user
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID")
def delete_user(db_session, username: str, requester):
"""
Deletes an user from the system
:param db_session: The postgres session to be used
:param username: String The user to be removed
:param requester: Who is creating this user. This is a dictionary with two keys:
"userid" and "username"
:return: The removed user
:raises HTTPRequestError: If the user tries to remove itself.
:raises HTTPRequestError: Can't delete the admin user.
:raises HTTPRequestError: If the user is not in the database.
"""
try:
user = User.get_by_name_or_id(username)
if user.id == requester['userid']:
raise HTTPRequestError(400, "a user can't remove himself")
elif user.username == 'admin':
raise HTTPRequestError(405, "Can't delete the admin user")
db_session.execute(
UserPermission.__table__.delete(UserPermission.user_id == user.id))
db_session.execute(
UserGroup.__table__.delete(UserGroup.user_id == user.id))
cache.delete_key(userid=user.id)
# The user is not hardDeleted.
# it should be copied to inactiveUser table
inactiveTables.PasswdInactive.createInactiveFromUser(
db_session,
user,
)
inactiveTables.UserInactive.createInactiveFromUser(
db_session, user, requester['userid'])
password.expire_password_reset_requests(db_session, user.id)
db_session.delete(user)
LOGGER.info(f"user {user.username} deleted by {requester['username']}")
LOGGER.info(user.safe_dict())
kongUtils.remove_from_kong(user.username)
MVUserPermission.refresh()
MVGroupPermission.refresh()
db_session.commit()
if count_tenant_users(db_session, user.service) == 0:
LOGGER.info(
f"will emit tenant lifecycle event {user.service} - DELETE")
Publisher.send_notification({
"type": 'DELETE',
'tenant': user.service
})
return user
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID")
def delete_group(db_session, group, requester):
try:
group = Group.getByNameOrID(group)
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.group_id == group.id))
db_session.execute(
UserGroup.__table__.delete(UserGroup.group_id == group.id))
cache.delete_key()
log().info(
'group ' + group.name + ' deleted by ' + requester['username'],
group.safeDict())
db_session.delete(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
def delete_perm(db_session, permission, requester):
try:
perm = Permission.getByNameOrID(permission)
db_session.execute(
UserPermission.__table__.delete(
UserPermission.permission_id == perm.id))
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.permission_id == perm.id))
cache.delete_key(action=perm.method, resource=perm.path)
log().info(
'permission ' + str(perm.name) + ' deleted by ' +
requester['username'], perm.safeDict())
db_session.delete(perm)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
def remove_user_group(db_session, user, group, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.getByNameOrID(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
relation = db_session.query(UserGroup) \
.filter_by(user_id=user.id, group_id=group.id).one()
db_session.delete(relation)
cache.delete_key(userid=user.id)
log().info('user ' + user.username + ' removed from ' + group.name
+ ' by ' + requester['username'])
except sqlalchemy.orm.exc.NoResultFound:
raise HTTPRequestError(404, "User is not a member of the group")
def remove_user_group(db_session, user, group, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
relation = db_session.query(UserGroup) \
.filter_by(user_id=user.id, group_id=group.id).one()
db_session.delete(relation)
cache.delete_key(userid=user.id)
log().info(f"user {user.username} removed from {group.name} by {requester['username']}")
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "User is not a member of the group")
def remove_group_permission(db_session, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info('permission ' + perm.name + ' removed from '
' group ' + group.name + ' by ' + requester['username'])
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def add_group_permission(db_session, group, permission, requester):
try:
group = Group.getByNameOrID(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info('permission ' + perm.name + ' added to group ' + group.name
+ ' by ' + requester['username'])
def remove_group_permission(db_session, group, permission, requester):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} removed from group {group.name} by {requester['username']}")
MVGroupPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "Group does not have this permission")
def remove_user_permission(db_session, user, permission, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info('user ' + user.username + ' removed permission '
+ perm.name + ' by ' + requester['username'])
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "User does not have this permission")
def add_user_group(db_session, user, group, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
group = Group.getByNameOrID(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
if db_session.query(UserGroup).filter_by(
user_id=user.id,
group_id=group.id
).one_or_none():
raise HTTPRequestError(409, "User is already a member of the group")
r = UserGroup(user_id=user.id, group_id=group.id)
db_session.add(r)
cache.delete_key(userid=user.id)
log().info('user ' + user.username + ' added to group ' + group.name
+ ' by ' + requester['username'])
def add_user_permission(db_session, user, permission, requester):
try:
user = User.getByNameOrID(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.getByNameOrID(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
if db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "User already have this permission")
r = UserPermission(user_id=user.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info('user ' + user.username + ' received permission '
+ perm.name + ' by ' + requester['username'])
def add_group_permission(db_session, group, permission, requester):
try:
group = Group.get_by_name_or_id(group)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID or name")
if db_session.query(GroupPermission) \
.filter_by(group_id=group.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "Group already have this permission")
r = GroupPermission(group_id=group.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} added to group {group.name} by {requester['username']}")
MVGroupPermission.refresh()
db_session.commit()
def delete_group(db_session, group, requester):
try:
group = Group.get_by_name_or_id(group)
if group.name == 'admin':
raise HTTPRequestError(405, "Can't delete admin group")
db_session.execute(
GroupPermission.__table__.delete(
GroupPermission.group_id == group.id))
db_session.execute(
UserGroup.__table__.delete(UserGroup.group_id == group.id))
cache.delete_key()
LOGGER.info(
'group ' + group.name + ' deleted by ' + requester['username'],
group.safe_dict())
db_session.delete(group)
MVGroupPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No group found with this ID")
def remove_user_permission(db_session, user, permission, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
try:
relation = db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one()
db_session.delete(relation)
cache.delete_key(userid=user.id,
action=perm.method,
resource=perm.path)
log().info(f"permission {perm.name} for user {user.username} was revoked by {requester['username']}")
MVUserPermission.refresh()
db_session.commit()
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "User does not have this permission")
def add_user_permission(db_session, user, permission, requester):
try:
user = User.get_by_name_or_id(user)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No user found with this ID or name")
try:
perm = Permission.get_by_name_or_id(permission)
except orm_exceptions.NoResultFound:
raise HTTPRequestError(404, "No permission found with this ID")
if db_session.query(UserPermission) \
.filter_by(user_id=user.id, permission_id=perm.id).one_or_none():
raise HTTPRequestError(409, "User already have this permission")
r = UserPermission(user_id=user.id, permission_id=perm.id)
db_session.add(r)
cache.delete_key(userid=user.id, action=perm.method, resource=perm.path)
MVUserPermission.refresh()
db_session.commit()
log().info(
f"user {user.username} received permission {perm.name} by {requester['username']}"
)
def drop_cache():
cache.delete_key()
return format_response(200)