def roles(values):
"""
Validate that the passed in roles exist.
:param values:
:return: :raise ValueError:
"""
rs = []
for role in values:
r = role_service.get(role['id'])
if not r:
raise ValueError("Role {0} does not exist".format(role['name']))
rs.append(r)
return rs
def roles(values):
"""
Validate that the passed in roles exist.
:param values:
:return: :raise ValueError:
"""
rs = []
for role in values:
r = role_service.get(role['id'])
if not r:
raise ValueError("Role {0} does not exist".format(role['name']))
rs.append(r)
return rs
def get(self, role_id):
"""
.. http:get:: /roles/1/credentials
View a roles credentials
**Example request**:
.. sourcecode:: http
GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"username": "******",
"password": "******"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
permission = RoleMemberPermission(role_id)
if permission.can():
role = service.get(role_id)
response = make_response(
jsonify(username=role.username, password=role.password), 200
)
response.headers["cache-control"] = "private, max-age=0, no-cache, no-store"
response.headers["pragma"] = "no-cache"
log_service.audit_log("view_role_credentials", role.name, "View role username and password")
return response
return (
dict(
message="You are not authorized to view the credentials for this role."
),
403,
)
def get(self, role_id):
"""
.. http:get:: /roles/1/users
Get all users associated with a role
**Example request**:
.. sourcecode:: http
GET /roles/1/users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"items": [
{
"id": 2,
"active": True,
"email": "*****@*****.**",
"username": "******",
"profileImage": null
},
{
"id": 1,
"active": False,
"email": "*****@*****.**",
"username": "******",
"profileImage": null
}
]
"total": 2
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return role_service.get(role_id).users
def get(self, role_id):
"""
.. http:get:: /roles/1/users
Get all users associated with a role
**Example request**:
.. sourcecode:: http
GET /roles/1/users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"items": [
{
"id": 2,
"active": True,
"email": "*****@*****.**",
"username": "******",
"profileImage": null
},
{
"id": 1,
"active": False,
"email": "*****@*****.**",
"username": "******",
"profileImage": null
}
]
"total": 2
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return role_service.get(role_id).users
def get(self, role_id):
"""
.. http:get:: /roles/1
Get a particular role
**Example request**:
.. sourcecode:: http
GET /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "role1",
"description": "this is role1"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
# we want to make sure that we cannot view roles that we are not members of
permission = RoleMemberPermission(role_id)
if permission.can():
return service.get(role_id)
return (
dict(
message=
"You are not allowed to view a role which you are not a member of."
),
403,
)
def get(self, role_id):
"""
.. http:get:: /roles/1
Get a particular role
**Example request**:
.. sourcecode:: http
GET /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "role1",
"description": "this is role1"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
# we want to make sure that we cannot view roles that we are not members of
if not g.current_user.is_admin:
user_role_ids = set([r.id for r in g.current_user.roles])
if role_id not in user_role_ids:
return dict(
message=
"You are not allowed to view a role which you are not a member of"
), 403
return service.get(role_id)
def get(self, role_id):
"""
.. http:get:: /roles/1/credentials
View a roles credentials
**Example request**:
.. sourcecode:: http
GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"username: "******",
"password": "******"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
permission = ViewRoleCredentialsPermission(role_id)
if permission.can():
role = service.get(role_id)
response = make_response(
jsonify(username=role.username, password=role.password), 200)
response.headers[
'cache-control'] = 'private, max-age=0, no-cache, no-store'
response.headers['pragma'] = 'no-cache'
return response
abort(403)
def get(self, role_id):
"""
.. http:get:: /roles/1
Get a particular role
**Example request**:
.. sourcecode:: http
GET /roles/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"name": "role1",
"description": "this is role1"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
# we want to make sure that we cannot view roles that we are not members of
if not g.current_user.is_admin:
user_role_ids = set([r.id for r in g.current_user.roles])
if role_id not in user_role_ids:
return dict(message="You are not allowed to view a role which you are not a member of"), 403
return service.get(role_id)
def get(self, role_id):
"""
.. http:get:: /roles/1/credentials
View a roles credentials
**Example request**:
.. sourcecode:: http
GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"username: "******",
"password": "******"
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
:statuscode 403: unauthenticated
"""
permission = ViewRoleCredentialsPermission(role_id)
if permission.can():
role = service.get(role_id)
response = make_response(jsonify(username=role.username, password=role.password), 200)
response.headers['cache-control'] = 'private, max-age=0, no-cache, no-store'
response.headers['pragma'] = 'no-cache'
return response
abort(403)
