def removeUser(self, currentuser, usertoberemovednick): #permit(self.isSystemUser(currentuser), "Only System User can remove users") #any logged in user not system user will be failed by this. authorize(False, self, currentuser, None) remuser=self.getUserForNick(currentuser, usertoberemovednick) self.session.delete(remuser) return OK
def removeUser(self, currentuser, usertoberemovednick): #permit(self.isSystemUser(currentuser), "Only System User can remove users") #any logged in user not system user will be failed by this. authorize(False, self, currentuser, None) remuser=self.getUserForNick(currentuser, usertoberemovednick) #CONSIDER: remove user from users collection, but not his name elsewhere. remuser.delete(safe=True) return OK
def postableInvitesForUser(self, currentuser, useras, ptypestr=None): "given a user, find their invitations to postables" authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) allpostables = useras.postablesinvitedto if ptypestr: postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables if e["ptype"] == ptypestr] else: postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables] return postables
def ownerOfPostables(self, currentuser, useras, ptypestr=None): "return the postables the user is an owner of" authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) allpostables = useras.postablesowned if ptypestr: postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables if e["ptype"] == ptypestr] else: postables = [{"fqpn": e["fqpn"], "ptype": e["ptype"]} for e in allpostables] return postables
def acceptInviteToApp(self, currentuser, fullyQualifiedAppName, me, authspec): app=self.getApp(currentuser, fullyQualifiedAppName) authorize(False, self, currentuser, me) permit(self.isInvitedToApp(me, app), "User %s must be invited to app %s" % (me.nick, app.fqin)) try: me.applicationsin.append(app) except: doabort('BAD_REQ', "Failed in user %s accepting invite to app %s" % (me.nick, app.fqin)) return me
def acceptInviteToGroup(self, currentuser, fullyQualifiedGroupName, me, authspec): grp=self.getGroup(currentuser, fullyQualifiedGroupName) authorize(False, self, currentuser, me) permit(self.isInvitedToGroup(me, grp), "User %s must be invited to group %s" % (me.nick, grp.fqin)) #permit(self.isInvitedToGroup(me, grp) or self.isSystemUser(currentuser), "User %s must be invited to group %s or currentuser must be systemuser" % (me.nick, grp.fqin)) try: me.groupsin.append(grp) except: doabort('BAD_REQ', "Failed in user %s accepting invite to group %s" % (me.nick, grp.fqin)) return me
def addApp(self, currentuser, appspec): authorize(False, self, currentuser, currentuser) appspec=validatespec(appspec, "app") appspec['appgroup']=True try: newapp=Application(**appspec) except: doabort('BAD_REQ', "Failed adding app %s" % appspec['name']) self.session.add(newapp) #self.commit()#needed due to full lookup in addUserToApp. fixthis self.addUserToApp(currentuser, newapp, newapp.creator, None) return newapp
def addGroup(self, currentuser, groupspec): authorize(False, self, currentuser, currentuser) vspec=validatespec(groupspec, "group") try: newgroup=Group(**vspec) except: doabort('BAD_REQ', "Failed adding group %s" % groupspec['name']) #Also add user to private default group and public group self.session.add(newgroup) #self.commit()#needed as in addUserToGroup you do a full lookup. fix this! #print newgroup.fqin, newgroup.creator.info(), '<<<<<<' self.addUserToGroup(currentuser, newgroup, newgroup.creator, None) return newgroup
def addPostable(self, currentuser, useras, ptypestr, postablespec): "the useras adds a postable. currently either currentuser=superuser or useras" # authorize(False, self, currentuser, currentuser) authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) postablespec["creator"] = useras.basic.fqin postablespec = augmentspec(postablespec, ptypestr) a = postablespec["basic"].name.find(":") b = postablespec["basic"].name.find("/") if a != -1 or b != -1: doabort("BAD_REQ", "Failed adding postable due to presence of : or / %s" % (postablespec["basic"].name)) ptype = gettype(postablespec["basic"].fqin) try: # print "do we exist",postablespec['basic'].fqin p = ptype.objects.get(basic__fqin=postablespec["basic"].fqin) # print "postable exists", p.basic.fqin return useras, p except: # print "In addPostable", ptypestr, ptype try: newpostable = ptype(**postablespec) newpostable.save(safe=True) # how to save it together? userq = User.objects(basic__fqin=newpostable.owner) user = userq.get() newpe = is_pe_in_mble(newpostable, user.postablesowned) # memb = is_me_in_pble(memberable, postable.members) # this would be added a second time but we are protected by this line above! if newpe == False: newpe = PostableEmbedded( ptype=ptypestr, fqpn=newpostable.basic.fqin, owner=user.adsid, pname=newpostable.presentable_name(), readwrite=True, description=newpostable.basic.description, ) res = userq.update(safe_update=True, push__postablesowned=newpe) ##print "result", res, currentuser.groupsowned, currentuser.to_json() except: doabort("BAD_REQ", "Failed adding postable %s %s" % (ptype.__name__, postablespec["basic"].fqin)) # BUG changerw must be appropriate here! self.addMemberableToPostable( currentuser, useras, newpostable.basic.fqin, newpostable.basic.creator, changerw=False, ownermode=True ) ##print "autoRELOAD?", userq.get().to_json() newpostable.reload() return user, newpostable
def addGroup(self, currentuser, groupspec): authorize(False, self, currentuser, currentuser) groupspec=augmentspec(groupspec, "group") #print "GROUPSPEC", groupspec, groupspec['basic'].fqin try: newgroup=Group(**groupspec) newgroup.save(safe=True) #how to save it together? userq= User.objects(nick=newgroup.owner) res=userq.update(safe_update=True, push__groupsowned=newgroup.basic.fqin) #print "result", res, currentuser.groupsowned, currentuser.to_json() except: import sys print sys.exc_info() doabort('BAD_REQ', "Failed adding group %s" % groupspec['basic'].name) self.addUserToGroup(currentuser, newgroup.basic.fqin, newgroup.basic.creator) return newgroup
def addApp(self, currentuser, appspec): authorize(False, self, currentuser, currentuser) appspec=augmentspec(appspec, "app") print "APPSPEC", appspec try: newapp=App(**appspec) newapp.save(safe=True) userq= User.objects(nick=newapp.owner) userq.update(safe_update=True, push__appsowned=newapp.basic.fqin) except: import sys print sys.exc_info() doabort('BAD_REQ', "Failed adding app %s" % appspec['basic'].name) #self.commit()#needed due to full lookup in addUserToApp. fixthis self.addUserToApp(currentuser, newapp.basic.fqin, newapp.basic.creator) return newapp
def toggleRWForMembership(self, currentuser, useras, fqpn, memberable): ptype = gettype(fqpn) memberablefqin = memberable.basic.fqin mtype = gettype(memberablefqin) # print "types", fqpn, ptype, memberablefqin,mtype postableq = ptype.objects(basic__fqin=fqpn) # memberableq=mtype.objects(basic__fqin=memberablefqin) # BUG currently restricted admission. Later we will want groups and apps proxying for users. authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) try: postable = postableq.get() # memberable=memberableq.get() except: doabort( "BAD_REQ", "No such unique memberable %s %s postable %s %s" % (mtype.__name__, memberablefqin, ptype.__name__, fqpn), ) members = postable.members postables = memberable.postablesin # BUG make faster by using a mongo search # REAL BIG BUG: need to flip on both if memberablefqin == "adsgut/user:anonymouse": # you are guaranteed (sort of) that public group is also member. memberable2 = Group.objects(basic__fqin="adsgut/group:public").get() memberablefqin = memberable2.basic.fqin postables = memberable2.postablesin if memberablefqin == "adsgut/group:public": memberable2 = memberable for me in members: if me.fqmn == memberablefqin: me.readwrite = not me.readwrite for p in postables: if p.fqpn == fqpn: p.readwrite = not p.readwrite # CHECK: does this make the change we want, or do we need explicit update? # postableq.update(safe_update=True) # memberableq.update(safe_update=True) postable.save(safe=True) memberable.save(safe=True) if memberablefqin == "adsgut/group:public": memberable2.save(safe=True) return memberable, postable
def acceptInviteToApp(self, currentuser, fqan, menick): appq=Group.objects(basic__fqin=fqan) userq= User.objects(nick=menick) try: me=userq.get() except: doabort('BAD_REQ', "No such user %s" % menick) try: app=appq.get() except: doabort('BAD_REQ', "No such app %s" % fqan) authorize(False, self, currentuser, me) permit(self.isInvitedToApp(me, app.basic.fqin), "User %s must be invited to app %s" % (menick, fqan)) try: userq.update(safe_update=True, push__appsin=fqan, pull__appsinvitedto=fqan) appq.update(safe_update=True, push__members=menick) except: doabort('BAD_REQ', "Failed in user %s accepting invite to app %s" % (menick, fqan)) return menick
def acceptInviteToGroup(self, currentuser, fqgn, menick): grpq=Group.objects(basic__fqin=fqgn) userq= User.objects(nick=menick) try: me=userq.get() except: doabort('BAD_REQ', "No such user %s" % menick) try: grp=grpq.get() except: doabort('BAD_REQ', "No such group %s" % fqgn) authorize(False, self, currentuser, me) print "JJJJJ", me.groupsinvitedto permit(self.isInvitedToGroup(me, grp.basic.fqin), "User %s must be invited to group %s" % (menick, fqgn)) try: userq.update(safe_update=True, push__groupsin=fqgn, pull__groupsinvitedto=fqgn) grpq.update(safe_update=True, push__members=menick) except: doabort('BAD_REQ', "Failed in user %s accepting invite to group %s" % (menick, fqgn)) return menick
def acceptInviteToPostable(self, currentuser, fqpn, me): "do i accept the invite?" ptype = gettype(fqpn) postableq = ptype.objects(basic__fqin=fqpn) # userq= User.objects(basic__fqin=mefqin) # try: # me=userq.get() # except: # doabort('BAD_REQ', "No such user %s" % mefqin) mefqin = me.basic.fqin try: postable = postableq.get() except: doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn)) authorize(False, self, currentuser, me) permit( self.isInvitedToPostable(currentuser, me, postable), "User %s must be invited to postable %s %s" % (mefqin, ptype.__name__, fqpn), ) try: inviteds = postable.inviteds memb = None for inv in inviteds: if inv.fqmn == mefqin: memb = inv pe = None for uinv in me.postablesinvitedto: if uinv.fqpn == fqpn: pe = uinv if memb == None or pe == None: doabort("BAD_REQ", "User %s was never invited to postable %s %s" % (mefqin, ptype.__name__, fqpn)) me.update(safe_update=True, push__postablesin=pe, pull__postablesinvitedto__fqpn=pe.fqpn) postableq.update(safe_update=True, push__members=memb, pull__inviteds__fqmn=memb.fqmn) except: doabort("BAD_REQ", "Failed in user %s accepting invite to gpostable %s %s" % (mefqin, ptype.__name__, fqpn)) me.reload() return me, postableq.get()
def appInvitationsForUser(self, currentuser, useras): authorize(False, self, currentuser, useras) #permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick) apps=useras.applicationsinvitedto return [e.info() for e in apps]
def getUserInfo(self, currentuser, useras): authorize(False, self, currentuser, useras) return useras.info()
def ownerOfApps(self, currentuser, useras): authorize(False, self, currentuser, useras) #permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick) applications=useras.appsowned return [e.info() for e in applications]
def groupsForUser(self, currentuser, useras): authorize(False, self, currentuser, useras) #permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick) groups=useras.groupsin return [e.info() for e in groups]
def allApps(self, currentuser): authorize(False, self, currentuser, None) apps=self.session.query(Application).filter_by(appgroup=True).all() return [e.info() for e in apps]
def ownerOfGroups(self, currentuser, useras): authorize(False, self, currentuser, useras) #permit(currentuser==useras or self.isSystemUser(currentuser), "User %s not authorized or not systemuser" % currentuser.nick) groups=useras.groupsowned #print "GROUPS", groups return [e.info() for e in groups]
def allUsers(self, currentuser): authorize(False, self, currentuser, None) users=self.session.query(User).filter_by(systemuser=False).all() return [e.info() for e in users]
def allGroups(self, currentuser): authorize(False, self, currentuser, None) groups=self.session.query(Group).filter_by(appgroup=False, personalgroup=False).all() return [e.info() for e in groups]
def groupsForUser(self, currentuser, useras): authorize(False, self, currentuser, useras) groups=useras.groupsin return groups
def getUserInfo(self, currentuser, nick): user=self.getUserForNick(currentuser, nick) authorize(False, self, currentuser, user) # permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) # permit(self.isMemberOfGroup(usertobenewowner, grp) or self.isSystemUser(usertobenewowner), " User %s must be member of grp %s or systemuser" % (currentuser.nick, grp.fqin)) return user
def groupInvitationsForUser(self, currentuser, useras): authorize(False, self, currentuser, useras) groups=useras.groupsinvitedto return groups
def appsForUser(self, currentuser, useras): authorize(False, self, currentuser, useras) apps=useras.appsin return apps
def appInvitationsForUser(self, currentuser, useras): authorize(False, self, currentuser, useras) apps=useras.appsinvitedto return apps
def getUserInfoFromAdsid(self, currentuser, adsid): "gets user for nick only if you are superuser or that user" user = self.getUserForAdsid(currentuser, adsid) authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, user) return user
def addMemberableToPostable(self, currentuser, useras, fqpn, memberablefqin, changerw=False, ownermode=False): "add a user, group, or app to a postable=group, app, or library" ptype = gettype(fqpn) mtype = gettype(memberablefqin) # print "types in AMTP", fqpn, ptype, memberablefqin,mtype postableq = ptype.objects(basic__fqin=fqpn) memberableq = mtype.objects(basic__fqin=memberablefqin) # BUG currently restricted admission. Later we will want groups and apps proxying for users. authorize(LOGGEDIN_A_SUPERUSER_O_USERAS, self, currentuser, useras) try: postable = postableq.get() except: doabort("BAD_REQ", "No such postable %s %s" % (ptype.__name__, fqpn)) try: memberable = memberableq.get() except: doabort("BAD_REQ", "No such memberable %s %s" % (mtype.__name__, memberablefqin)) if fqpn != "adsgut/group:public": # print "Adding to POSTABLE ", memberable.basic.fqin, postable.basic.fqin, currentuser.basic.fqin, useras.basic.fqin # special case so any user can add themselves to public group # permit(self.isOwnerOfGroup(currentuser, grp) or self.isSystemUser(currentuser), "User %s must be owner of group %s or systemuser" % (currentuser.nick, grp.fqin)) authorize_postable_owner(False, self, currentuser, useras, postable) try: if ownermode: rw = True else: if not changerw: rw = RWDEFMAP[ptype] else: rw = not RWDEFMAP[ptype] # BUG: weneed to check here that this is unique pe = is_pe_in_mble(postable, memberable.postablesin) # memb = is_me_in_pble(memberable, postable.members) # this would be added a second time but we are protected by this line above! if pe == False: pe = PostableEmbedded( ptype=ptype.classname, fqpn=postable.basic.fqin, owner=useras.adsid, pname=postable.presentable_name(), readwrite=rw, description=postable.basic.description, ) memberableq.update(safe_update=True, push__postablesin=pe) memb = is_me_in_pble(memberable, postable.members) if memb == False: memb = MembableEmbedded( mtype=mtype.classname, fqmn=memberablefqin, readwrite=rw, pname=memberable.presentable_name() ) # if we are already there this happened and do nothing.clearly we need to be careful postableq.update(safe_update=True, push__members=memb) except: doabort( "BAD_REQ", "Failed adding memberable %s %s to postable %s %s" % (mtype.__name__, memberablefqin, ptype.__name__, fqpn), ) memberable.reload() return memberable, postableq.get()