def apply_rules_instances(user, args=None):
q = Instance.query
if not user.is_admin:
q1 = q.filter_by(user_id=user.id)
if is_group_manager(
user
): # show only the instances of the blueprints which the group manager holds
group_blueprints_id = get_group_blueprint_ids_for_instances(
user, manager=True)
q2 = q.filter(Instance.blueprint_id.in_(group_blueprints_id))
q = q1.union(q2)
else:
q = q1
if args is None or not args.get('show_deleted'):
q = q.filter(Instance.state != Instance.STATE_DELETED)
if args is not None:
if 'instance_id' in args:
q = q.filter_by(id=args.get('instance_id'))
if args.get('show_only_mine'):
q = q.filter_by(user_id=user.id)
if 'offset' in args:
q = q.offset(args.get('offset'))
if 'limit' in args:
q = q.limit(args.get('limit'))
return q
def post(self):
form = BlueprintForm()
if not form.validate_on_submit():
logging.warn("validation error on create blueprint")
return form.errors, 422
user = g.user
blueprint = Blueprint()
blueprint.name = form.name.data
template_id = form.template_id.data
template = BlueprintTemplate.query.filter_by(id=template_id).first()
if not template:
abort(422)
blueprint.template_id = template_id
group_id = form.group_id.data
group = Group.query.filter_by(id=group_id).first()
if not group:
abort(422)
if not user.is_admin and not is_group_manager(user, group):
logging.warn("invalid group for the user")
abort(403)
blueprint.group_id = group_id
if 'name' in form.config.data:
form.config.data.pop('name', None)
blueprint.config = form.config.data
try:
validate_max_lifetime_blueprint(
blueprint) # Validate the maximum lifetime from config
except ValueError:
timeformat_error = {
"timeformat error":
"pattern should be [days]d [hours]h [minutes]m"
}
return timeformat_error, 422
db.session.add(blueprint)
db.session.commit()
def login(user_info):
eppn = user_info['eppn']
user = User.query.filter_by(email=eppn).first()
if not user:
user = create_user(eppn, password=uuid.uuid4().hex)
if not user.is_active:
user.is_active = True
db.session.commit()
if user.is_blocked:
error_description = 'You have been blocked, contact your administrator'
return render_template(
'error.html',
error_title='User Blocked',
error_description=error_description
)
token = user.generate_auth_token(app.config['SECRET_KEY'])
return render_template(
'login.html',
token=token,
username=eppn,
is_admin=user.is_admin,
is_group_owner=user.is_group_owner,
is_group_manager=is_group_manager(user),
userid=user.id
)
def put(self, blueprint_id):
form = BlueprintForm()
if not form.validate_on_submit():
logging.warn("validation error on update blueprint config")
return form.errors, 422
user = g.user
blueprint = Blueprint.query.filter_by(id=blueprint_id).first()
if not blueprint:
abort(404)
if not user.is_admin and not is_group_manager(user, blueprint.group):
logging.warn("invalid group for the user")
abort(403)
blueprint.name = form.config.data.get('name') or form.name.data
if 'name' in form.config.data:
form.config.data.pop('name', None)
blueprint.config = form.config.data
if form.is_enabled.raw_data:
blueprint.is_enabled = form.is_enabled.raw_data[0]
else:
blueprint.is_enabled = False
try:
validate_max_lifetime_blueprint(
blueprint) # Validate the maximum lifetime from config
except ValueError:
timeformat_error = {
"timeformat error":
"pattern should be [days]d [hours]h [minutes]m"
}
return timeformat_error, 422
db.session.add(blueprint)
db.session.commit()
def delete(self, instance_id):
user = g.user
query = Instance.query.filter_by(id=instance_id)
if not user.is_admin and not is_group_manager(user):
query = query.filter_by(user_id=user.id)
instance = query.first()
if not instance:
abort(404)
group = instance.blueprint.group
if not user.is_admin and not is_group_manager(user, group) and instance.user_id != user.id:
abort(403)
instance.to_be_deleted = True
instance.state = Instance.STATE_DELETING
instance.deprovisioned_at = datetime.datetime.utcnow()
db.session.commit()
if not app.dynamic_config.get('SKIP_TASK_QUEUE'):
run_update.delay(instance.id)
def login(user_info):
eppn = user_info['eppn']
user = User.query.filter_by(eppn=eppn).first()
if not user:
user = create_user(eppn, password=uuid.uuid4().hex, email_id=user_info['email_id'])
if not user.email_id:
user = update_email(eppn, email_id=user_info['email_id'])
if not user.is_active:
user.is_active = True
db.session.commit()
if user.is_blocked:
error_description = 'You have been blocked, contact your administrator'
return render_template(
'error.html',
error_title='User Blocked',
error_description=error_description
)
if user.is_admin:
icons = admin_icons
elif user.is_group_owner:
icons = group_owner_icons
elif is_group_manager(user):
icons = group_manager_icons
else:
icons = user_icons
token = user.generate_auth_token(app.config['SECRET_KEY'])
return render_template(
'login.html',
token=token,
username=eppn,
is_admin=user.is_admin,
is_group_owner=user.is_group_owner,
is_group_manager=is_group_manager(user),
userid=user.id,
icon_value=icons
)
def process_blueprint(blueprint):
user = g.user
template = blueprint.template
blueprint.schema = template.blueprint_schema
blueprint.form = template.blueprint_form
# Due to immutable nature of config field, whole dict needs to be reassigned.
# Issue #444 in github
blueprint_config = blueprint.config
blueprint_config['name'] = blueprint.name
blueprint.config = blueprint_config
blueprint.template_name = template.name
blueprint.group_name = blueprint.group.name
# rest of the code taken for refactoring from single blueprint GET query
blueprint.plugin = blueprint.template.plugin
if user.is_admin or is_group_manager(user, blueprint.group):
blueprint.manager = True
return blueprint
def put(self, blueprint_id):
user = g.user
blueprint = Blueprint.query.get_or_404(blueprint_id)
if blueprint.current_status == 'archived':
abort(422)
if not user.is_admin and not is_group_manager(user, blueprint.group):
logging.warn(
"user is {} not group manager for blueprint {}".format(
user.id, blueprint.group.id))
abort(403)
db.session.expunge(blueprint)
make_transient(blueprint)
blueprint.id = uuid.uuid4().hex
blueprint.name = format("%s - %s" % (blueprint.name, 'Copy'))
db.session.add(blueprint)
db.session.commit()
def post(self):
form = SessionCreateForm()
if not form.validate_on_submit():
logging.warn("validation error on user login")
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user and user.check_password(form.password.data):
return marshal({
'token': user.generate_auth_token(app.config['SECRET_KEY']),
'is_admin': user.is_admin,
'is_group_owner': user.is_group_owner,
'is_group_manager': is_group_manager(user),
'user_id': user.id
}, token_fields)
logging.warn("invalid login credentials for %s" % form.email.data)
return {
'message': 'Unauthorized',
'status': 401
}, 401
def get(self):
user = g.user
results = []
group_user_query = (GroupUserAssociation.query.filter_by(
user_id=user.id,
owner=False).order_by(GroupUserAssociation.manager.desc()))
group_user_objs = group_user_query.all()
for group_user_obj in group_user_objs:
group = group_user_obj.group
if re.match('^System.+',
group.name): # Do not show system level groups
continue
group.config = {}
group.user_config = {}
role = 'user'
if is_group_manager(user, group):
role = 'manager'
group.role = role
results.append(group)
return results
def apply_rules_instances(user, args=None):
q = Instance.query
if not user.is_admin:
q1 = q.filter_by(user_id=user.id)
if is_group_manager(user): # show only the instances of the blueprints which the group manager holds
group_blueprints_id = get_group_blueprint_ids_for_instances(user, manager=True)
q2 = q.filter(Instance.blueprint_id.in_(group_blueprints_id))
q = q1.union(q2)
else:
q = q1
if args is None or not args.get('show_deleted'):
q = q.filter(Instance.state != Instance.STATE_DELETED)
if args is not None:
if 'instance_id' in args:
q = q.filter_by(id=args.get('instance_id'))
if args.get('show_only_mine'):
q = q.filter_by(user_id=user.id)
if 'offset' in args:
q = q.offset(args.get('offset'))
if 'limit' in args:
q = q.limit(args.get('limit'))
return q
