def org_team_get():
"""
Returns a list of teams in the given organization.
"""
if not g.client.team_access:
return api_result('error', error='no_team_access')
org_userids = request.values.getlist('org')
if not org_userids:
return api_result('error', error='no_org_provided')
organizations = Organization.all(userids=org_userids)
if not organizations:
return api_result('error', error='no_such_organization')
orgteams = {}
for org in organizations:
# If client has access to team information, make a list of teams.
# XXX: Should trusted clients have access anyway? Will this be an abuse
# of the trusted flag? It was originally meant to only bypass user authorization
# on login to HasGeek websites as that would have been very confusing to users.
# XXX: Return user list here?
if g.client in org.clients_with_team_access():
orgteams[org.userid] = [{'userid': team.userid,
'org': org.userid,
'title': team.title,
'owners': team == org.owners} for team in org.teams]
return api_result('ok', org_teams=orgteams)
def user_get_by_userid():
"""
Returns user or organization with the given userid (Lastuser internal userid)
"""
userid = request.values.get('userid')
if not userid:
return api_result('error', error='no_userid_provided')
user = User.get(userid=userid, defercols=True)
if user:
return api_result('ok',
type='user',
userid=user.userid,
buid=user.userid,
name=user.username,
title=user.fullname,
label=user.pickername,
timezone=user.timezone,
oldids=[o.userid for o in user.oldids])
else:
org = Organization.get(userid=userid, defercols=True)
if org:
return api_result('ok',
type='organization',
userid=org.userid,
buid=org.userid,
name=org.name,
title=org.title,
label=org.pickername)
return api_result('error', error='not_found')
def validate(self):
rv = super(PermissionForm, self).validate()
if not rv:
return False
if not valid_username(self.name.data):
self.name.errors.append(_("Name contains invalid characters"))
return False
existing = Permission.get(name=self.name.data, allusers=True)
if existing and existing.id != self.edit_id:
self.name.errors.append(_("A global permission with that name already exists"))
return False
if self.context.data == self.edit_user.buid:
existing = Permission.get(name=self.name.data, user=self.edit_user)
else:
org = Organization.get(buid=self.context.data)
if org:
existing = Permission.get(name=self.name.data, org=org)
else:
existing = None
if existing and existing.id != self.edit_id:
self.name.errors.append(_("You have another permission with the same name"))
return False
return True
def user_get_by_userid():
"""
Returns user or organization with the given userid (Lastuser internal userid)
"""
userid = request.values.get('userid')
if not userid:
return api_result('error', error='no_userid_provided')
user = User.get(userid=userid, defercols=True)
if user:
return api_result('ok',
type='user',
userid=user.userid,
buid=user.userid,
name=user.username,
title=user.fullname,
label=user.pickername,
timezone=user.timezone,
oldids=[o.userid for o in user.oldids])
else:
org = Organization.get(userid=userid, defercols=True)
if org:
return api_result('ok',
type='organization',
userid=org.userid,
buid=org.userid,
name=org.name,
title=org.title,
label=org.pickername)
return api_result('error', error='not_found')
def user_get_by_userids(userid):
"""
Returns users and organizations with the given userids (Lastuser internal userid).
This is identical to get_by_userid but accepts multiple userids and returns a list
of matching users and organizations
"""
if not userid:
return api_result('error', error='no_userid_provided', _jsonp=True)
users = User.all(buids=userid)
orgs = Organization.all(buids=userid)
return api_result(
'ok',
_jsonp=True,
results=[{
'type': 'user',
'buid': u.buid,
'userid': u.buid,
'uuid': u.uuid,
'name': u.username,
'title': u.fullname,
'label': u.pickername,
'timezone': u.timezone,
'oldids': [o.buid for o in u.oldids],
'olduuids': [o.uuid for o in u.oldids],
} for u in users] + [{
'type': 'organization',
'buid': o.buid,
'userid': o.buid,
'uuid': o.uuid,
'name': o.name,
'title': o.fullname,
'label': o.pickername,
} for o in orgs],
)
def validate(self):
rv = super(PermissionForm, self).validate()
if not rv:
return False
if not valid_username(self.name.data):
self.name.errors.append("Name contains invalid characters")
return False
existing = Permission.get(name=self.name.data, allusers=True)
if existing and existing.id != self.edit_id:
self.name.errors.append(
"A global permission with that name already exists")
return False
if self.context.data == self.edit_user.userid:
existing = Permission.get(name=self.name.data, user=self.edit_user)
else:
org = Organization.get(userid=self.context.data)
if org:
existing = Permission.get(name=self.name.data, org=org)
else:
existing = None
if existing and existing.id != self.edit_id:
self.name.errors.append(
"You have another permission with the same name")
return False
return True
def user_get_by_userids(userid):
"""
Returns users and organizations with the given userids (Lastuser internal userid).
This is identical to get_by_userid but accepts multiple userids and returns a list
of matching users and organizations
"""
if not userid:
return api_result('error', error='no_userid_provided')
users = User.all(userids=userid)
orgs = Organization.all(userids=userid)
return api_result('ok',
results=[
{'type': 'user',
'buid': u.userid,
'userid': u.userid,
'name': u.username,
'title': u.fullname,
'label': u.pickername,
'timezone': u.timezone,
'oldids': [o.userid for o in u.oldids]} for u in users] + [
{'type': 'organization',
'buid': o.userid,
'userid': o.userid,
'name': o.name,
'title': o.fullname,
'label': o.pickername} for o in orgs]
)
def org_team_get():
"""
Returns a list of teams in the given organization.
"""
if not g.client.team_access:
return api_result('error', error='no_team_access')
org_userids = request.values.getlist('org')
if not org_userids:
return api_result('error', error='no_org_provided')
organizations = Organization.all(userids=org_userids)
if not organizations:
return api_result('error', error='no_such_organization')
orgteams = {}
for org in organizations:
# If client has access to team information, make a list of teams.
# XXX: Should trusted clients have access anyway? Will this be an abuse
# of the trusted flag? It was originally meant to only bypass user authorization
# on login to HasGeek websites as that would have been very confusing to users.
# XXX: Return user list here?
if g.client in org.clients_with_team_access():
orgteams[org.userid] = [{
'userid': team.userid,
'org': org.userid,
'title': team.title,
'owners': team == org.owners
} for team in org.teams]
return api_result('ok', org_teams=orgteams)
def validate_username(self, field):
if field.data in current_app.config['RESERVED_USERNAMES']:
raise forms.ValidationError, _("This name is reserved")
if not valid_username(field.data):
raise forms.ValidationError(_(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes"))
existing = User.get(username=field.data) or Organization.get(name=field.data)
if existing is not None:
raise forms.ValidationError(_("This username is taken"))
def validate_name(self, field):
if not valid_username(field.data):
raise wtforms.ValidationError("Invalid characters in name")
if field.data in current_app.config['RESERVED_USERNAMES']:
raise wtforms.ValidationError("That name is reserved")
existing = User.get(username=field.data)
if existing is not None:
raise wtforms.ValidationError("That name is taken")
existing = Organization.get(name=field.data)
if existing is not None and existing.id != self.edit_id:
raise wtforms.ValidationError("That name is taken")
def validate_username(self, field):
if field.data in current_app.config['RESERVED_USERNAMES']:
raise forms.ValidationError, _("This name is reserved")
if not valid_username(field.data):
raise forms.ValidationError(
_(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes"
))
existing = User.get(username=field.data) or Organization.get(
name=field.data)
if existing is not None:
raise forms.ValidationError(_("This username is taken"))
def new(self):
form = OrganizationForm()
form.name.description = current_app.config.get('ORG_NAME_REASON')
form.title.description = current_app.config.get('ORG_TITLE_REASON')
if form.validate_on_submit():
org = Organization()
form.populate_obj(org)
if current_auth.user not in org.owners.users:
org.owners.users.append(current_auth.user)
if current_auth.user not in org.members.users:
org.members.users.append(current_auth.user)
db.session.add(org)
db.session.commit()
org_data_changed.send(org, changes=['new'], user=current_auth.user)
return render_redirect(org.url_for('view'), code=303)
return render_form(form=form,
title=_("New organization"),
formid='org_new',
submit=_("Create"),
ajax=False)
def org_new():
form = OrganizationForm()
form.name.description = current_app.config.get('ORG_NAME_REASON')
form.title.description = current_app.config.get('ORG_TITLE_REASON')
if form.validate_on_submit():
org = Organization()
form.populate_obj(org)
org.owners.users.append(g.user)
db.session.add(org)
db.session.commit()
org_data_changed.send(org, changes=['new'], user=g.user)
return render_redirect(url_for('.org_info', name=org.name), code=303)
return render_form(form=form,
title="New Organization",
formid="org_new",
submit="Create",
ajax=False)
def validate_name(self, field):
if not valid_username(field.data):
raise forms.ValidationError(_("Invalid characters in name"))
if field.data in current_app.config['RESERVED_USERNAMES']:
raise forms.ValidationError(_("This name is reserved"))
existing = User.get(username=field.data)
if existing is not None:
if existing == current_auth.user:
raise forms.ValidationError(Markup(_(u"This is <em>your</em> current username. "
u'You must change it first from <a href="{profile}">your profile</a> '
u"before you can assign it to an organization").format(
profile=url_for('profile'))))
else:
raise forms.ValidationError(_("This name is taken"))
existing = Organization.get(name=field.data)
if existing is not None and existing.id != self.edit_id:
raise forms.ValidationError(_("This name is taken"))
def make_fixtures(self):
"""
Create users, attach them to organizations. Create test client app, add test
resource, action and message.
"""
crusoe = User(username=u"crusoe",
fullname=u"Crusoe Celebrity Dachshund")
oakley = User(username=u"oakley")
piglet = User(username=u"piglet")
nameless = User(fullname="Nameless")
db.session.add_all([crusoe, oakley, piglet, nameless])
self.crusoe = crusoe
self.oakley = oakley
self.piglet = piglet
self.nameless = nameless
crusoe_email = UserEmail(email=u"*****@*****.**",
primary=True,
user=crusoe)
crusoe_phone = UserPhone(phone=u"+8080808080",
primary=True,
user=crusoe)
oakley_email = UserEmail(email=u"*****@*****.**", user=oakley)
db.session.add_all([crusoe_email, crusoe_phone, oakley_email])
self.crusoe_email = crusoe_email
self.crusoe_phone = crusoe_phone
batdog = Organization(name=u'batdog', title=u'Batdog')
batdog.owners.users.append(crusoe)
batdog.members.users.append(oakley)
db.session.add(batdog)
self.batdog = batdog
specialdachs = Organization(name=u"specialdachs",
title=u"Special Dachshunds")
specialdachs.owners.users.append(oakley)
specialdachs.members.users.append(piglet)
db.session.add(specialdachs)
self.specialdachs = specialdachs
client = Client(title=u"Batdog Adventures",
org=batdog,
confidential=True,
namespace=u'fun.batdogadventures.com',
website=u"http://batdogadventures.com")
db.session.add(client)
self.client = client
dachshunds = Team(title=u"Dachshunds", org=batdog)
db.session.add(dachshunds)
self.dachshunds = dachshunds
team_client_permission = TeamClientPermissions(
team=dachshunds, client=client, access_permissions=u"admin")
self.team_client_permission = team_client_permission
db.session.add(team_client_permission)
client_team_access = ClientTeamAccess(
org=batdog, client=client, access_level=CLIENT_TEAM_ACCESS.ALL)
db.session.add(client_team_access)
bdfl = Permission(name=u"bdfl", title=u"BDFL", user=crusoe)
db.session.add(bdfl)
self.bdfl = bdfl
user_client_permissions = UserClientPermissions(user=crusoe,
client=client)
db.session.add(user_client_permissions)
self.user_client_permissions = user_client_permissions
resource = Resource(name=u"test_resource",
title=u"Test Resource",
client=client)
db.session.add(resource)
self.resource = resource
resource_action = ResourceAction(name=u'Fun',
resource=resource,
title=u'fun')
db.session.add(resource_action)
self.resource_action = resource_action
action = ResourceAction(name=u"read", title=u"Read", resource=resource)
db.session.add(action)
self.action = action
message = SMSMessage(phone_number=crusoe_phone.phone,
transaction_id=u"Ruff" * 5,
message=u"Wuff Wuff")
db.session.add(message)
db.session.commit()
self.message = message
def loader(self, name=None):
if name:
obj = Organization.get(name=name)
if not obj:
abort(404)
return obj
# incase data exists from previously run tests
db.drop_all()
# create schema again
db.create_all()
# Add fixtures for test app
# user for CRUD workflow: creating client app
gustav = User(
username="******", fullname="Gustav 'world' Dachshund", password='******'
)
# org for associating with client
# client for CRUD workflow of defining perms *in* client
# spare user for CRUD workflow of assigning permissions
oakley = User(username="******", fullname="Oakley 'huh' Dachshund")
dachsunited = Organization(name="dachsunited", title="Dachs United")
dachsunited.owners.users.append(gustav)
dachshundworld = AuthClient(
title="Dachshund World",
org=dachsunited,
confidential=True,
website="http://gustavsdachshundworld.com",
)
db.session.add(gustav)
db.session.add(oakley)
db.session.add(dachsunited)
db.session.add(dachshundworld)
db.session.commit()
app.run('0.0.0.0')
def make_fixtures(self):
"""
Create users, attach them to organizations. Create test client app, add test
resource, action and message.
"""
crusoe = User(username="******", fullname="Crusoe Celebrity Dachshund")
oakley = User(username="******")
piglet = User(username="******")
nameless = User(fullname="Nameless")
db.session.add_all([crusoe, oakley, piglet, nameless])
self.crusoe = crusoe
self.oakley = oakley
self.piglet = piglet
self.nameless = nameless
crusoe_email = UserEmail(
email="*****@*****.**", user=crusoe, primary=True
)
crusoe_phone = UserPhone(phone="+8080808080", user=crusoe, primary=True)
oakley_email = UserEmail(email="*****@*****.**", user=oakley)
db.session.add_all([crusoe_email, crusoe_phone, oakley_email])
self.crusoe_email = crusoe_email
self.crusoe_phone = crusoe_phone
batdog = Organization(name='batdog', title='Batdog')
batdog.owners.users.append(crusoe)
db.session.add(batdog)
self.batdog = batdog
specialdachs = Organization(name="specialdachs", title="Special Dachshunds")
specialdachs.owners.users.append(oakley)
db.session.add(specialdachs)
self.specialdachs = specialdachs
auth_client = AuthClient(
title="Batdog Adventures",
organization=batdog,
confidential=True,
namespace='fun.batdogadventures.com',
website="http://batdogadventures.com",
)
db.session.add(auth_client)
self.auth_client = auth_client
dachshunds = Team(title="Dachshunds", organization=batdog)
db.session.add(dachshunds)
self.dachshunds = dachshunds
auth_client_team_permissions = AuthClientTeamPermissions(
team=dachshunds, auth_client=auth_client, access_permissions="admin"
)
self.auth_client_team_permissions = auth_client_team_permissions
db.session.add(auth_client_team_permissions)
auth_client_user_permissions = AuthClientUserPermissions(
user=crusoe, auth_client=auth_client
)
db.session.add(auth_client_user_permissions)
self.auth_client_user_permissions = auth_client_user_permissions
message = SMSMessage(
phone_number=crusoe_phone.phone,
transactionid="Ruff" * 5,
message="Wuff Wuff",
)
db.session.add(message)
db.session.commit()
self.message = message
