def deleteRole(self, params): role_id = int(params[0]) session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.roles.delete'): role = Role.get_role(role_id) role.delete()
def get_grantable_roles(cls,user): """ Returns the Roles that can be granted to a User Basically returns all the roles that the sessionUser Owns and the ones that can be made up by the rights of the sessionUser as associative arrays in this style: array('name'=>$role->getName(),'id'=>$role->getId(),'granted'=>true) """ #HERE BE DRAGONS! Check algorithm session_user = Session.get_current_session_user() session_permissions = session_user.get_permissions() ret = [] roles = Role.get_roles() for role in roles: if session_user.has_role(role): ret.append({"name":role.get_name(), "id":role.get_id(), "granted": user.has_role(role)}) continue role_permissions = role.get_permissions() for role_permission in role_permissions: if role_permission not in session_permissions: break ret.append({"name":role.get_name(), "id":role.get_id(), "granted": user.has_role(role)}) continue return ret
def getCssPropertySet(self,params): try: module_id = int(params[0]) except TypeError: module_id = None try: widget_id = int(params[1]) except TypeError: widget_id = None if params[2] is not None: session = str(params[2]) else: session = None session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.css.edit'): css_manager = CSSManager() if module_id == None and widget_id == None and session == None: css_propertyset = css_manager.get_csspropertyset() else: css_propertyset = css_manager.get_csspropertyset(module_id,widget_id,session) data = css_propertyset.serialize_set() return data
def setCssPropertySet(self, params): data = params[0] session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.css.edit'): css_propertyset = CSSManager().create_csspropertyset_from_serial(data) css_propertyset.store()
def assign_to(self,user): """ Assigns this role to a user """ session_user = Session.get_current_session_user() db = Database() #check if sessionuser has role has_role = session_user.has_role(self) stmnt = "SELECT COUNT(URI_RIG_ID) AS CNT FROM USERRIGHTS WHERE URI_RIG_ID IN \ (SELECT RRI_RIG_ID FROM ROLERIGHTS WHERE RRI_ROL_ID = ? ) ;" cur = db.query(stmnt,(self._id,)) res = cur.fetchone()[0] has_all_permissions_of_role = res == len(self.get_permissions()) if not has_role and not has_all_permissions_of_role: raise PermissionException(PermissionException.get_msg(7)) for role in user.get_grantable_roles(): if role["name"] == self._name: stmnt = "UPDATE OR INSERT INTO USERROLES (URO_USR_ID, URO_ROL_ID) \ VALUES (?,?) MATCHING (URO_USR_ID, URO_ROL_ID) ;"; db.query(stmnt, (user.get_id(),self._id),commit=True) PokeManager.add_activity(ActivityType.USER) return raise PermissionException(PermissionException.get_msg(8))
def deleteUser(self, params): user_id = int(params[0]) session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.users.delete'): user = User.get_user_by_id(user_id) user.delete()
def createRole(self,params): data = params[0] session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.roles.create'): role = Role.create_role(data) return role.get_id()
def createUser(self,params): username = unicode(params[0]) password = unicode(params[1]) session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.users.create'): User.create_user(username,password) return True
def getInstanceId(self, params): session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.manageserverdata'): config = Configuration() return config.get_entry('core.instance_id') else: return None
def changeRendermode(self,params): mode = str(params[0]) session_user = Session.get_current_session_user() if not session_user.check_permission('skarphed.manageserverdata'): return False return Core().set_rendermode(mode)
def restartOperationDaemon(self,params): session_user = Session.get_current_session_user() if not session_user.check_permission("skarphed.manageserverdata"): return False configuration = Configuration() os.system("python "+configuration.get_entry("core.webpath")+\ "/operation_daemon.py restart "+ configuration.get_entry("core.instance_id"))
def revokeRoleFromUser(self, params): user_name = params[0] # TODO get user by id instead of name role_id = params[1] session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.users.grant_revoke'): role = Role.get_role(role_id) User.get_user_by_name(user_name).revoke_role(role)
def getRoles(self,params): session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.roles.view'): ret = [] for role in Permission.get_roles(): ret.append({"id":role.get_id(), "name": role.get_name()}) return ret return False
def revokeRightFromUser(self,params): user_id = int(params[0]) permission_name = str(params[1]) session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.users.grant_revoke'): user = User.get_user_by_id(user_id) user.revoke_permission(permission_name) return True
def revoke_from(self, user): """ Revokes a role from a user """ session_user = Session.get_current_session_user() db = Database() stmnt = "DELETE FROM USERROLES WHERE URO_USR_ID = ? AND URO_ROL_ID = ? ;"; db.query(stmnt,(user.get_id(),self._id),commit=True) PokeManager.add_activity(ActivityType.USER)
def changeMaintenanceMode(self, params): state = bool(params[0]) session_user = Session.get_current_session_user() if not session_user.check_permission('skarphed.manageserverdata'): return False if state: Core().activate_maintenance_mode() else: Core().deactivate_maintenance_mode() return True
def remove_permission(self, permission): """ removes a given permission from this role """ session_user = Session.get_current_session_user() if not session_user.check_permission(permission): raise PermissionException(PermissionException.get_msg(3)) db = Database() stmnt = "DELETE FROM ROLERIGHTS WHERE RRI_ROL_ID = ? AND RRI_RIG_ID = (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME = ?); " db.query(stmnt,(self._id,permission),commit=True) PokeManager.add_activity(ActivityType.ROLE)
def alterPassword(self, params): user_id = int(params[0]) new_password = unicode(params[1]) old_password = unicode(params[2]) session_user = Session.get_current_session_user() if user_id == session_user.get_id(): session_user.alter_password(new_password,old_password) else: if session_user.check_permission("skarphed.users.alter_password"): user = User.get_user_by_id(user_id) user.alter_password(new_password,"",True) return True
def add_permission(self, permission): """ adds a given permission to this role """ session_user = Session.get_current_session_user() if not session_user.check_permission(permission): raise PermissionException(PermissionException.get_msg(3)) db = Database() stmnt = "UPDATE OR INSERT INTO ROLERIGHTS (RRI_ROL_ID, RRI_RIG_ID) \ VALUES (?, (SELECT RIG_ID FROM RIGHTS WHERE RIG_NAME= ?)) \ MATCHING (RRI_ROL_ID, RRI_RIG_ID);"; db.query(stmnt,(self._id, permission),commit=True) PokeManager.add_activity(ActivityType.ROLE)
def store(self): """ Stores this binary into the database """ db = Database() data_io = base64.b64encode(self._data) md5 = md5hash(self._data).hexdigest() sha256 = sha256hash(self._data).hexdigest() if self._id is None: self.set_id(db.get_seq_next("BIN_GEN")) user_id = Session.get_current_session_user().get_id() stmnt = "UPDATE OR INSERT INTO BINARIES (BIN_ID, BIN_FILENAME, BIN_MIME, BIN_USR_OWNER, \ BIN_USR_LASTCHANGE, \ BIN_DATE_LASTCHANGE, BIN_SHA256, BIN_MD5, BIN_DATA) \ VALUES (?, ?, ?, ?, ?, CURRENT_TIMESTAMP, ?, ?, ? ) MATCHING (BIN_ID) ;" db.query(stmnt, (self._id, self._filename, self._mime, user_id, user_id, sha256, md5, data_io),commit=True)
def revoke_permission(self,permission, ignore_check=False): """ revokes a permission from the user """ db = Database() session_user = None if self.get_id() == ROOT_USER_ID and self.get_name() == "root": raise UserException(UserException.get_msg(16)) if not ignore_check: session_user = Session.get_current_session_user() permission_id = Permission.get_id_for_permission(permission) if permission_id is None: raise UserException(UserException.get_msg(5, permission)) if not ignore_check and not session_user.check_permission(permission): raise UserException(UserException.get_msg(8)) stmnt = "DELETE FROM USERRIGHTS WHERE URI_USR_ID = ? AND URI_RIG_ID = ? ;" db.query(stmnt,(self._id,permission_id),commit=True) PokeManager().add_activity(ActivityType.USER)
def get_grantable_permissions(cls,obj): """ Gets the rights that are assignable to either a User or a Role The function basically delivers all rights that are assigned to the sessionUser and whether the user to be edited has them granted or not. The return values are associative arrays that look like this: array('right'=>$sessionRight,'granted'=>true) """ db = Database() session_user = Session.get_current_session_user() session_permissions = Permission.get_permissions_for_user(session_user) result = [] result_permissions = [] skip_permissions = [] res2 = None if obj.__class__.__name__ == "User": stmnt1 = "SELECT RIG_NAME FROM RIGHTS INNER JOIN USERRIGHTS ON (RIG_ID = URI_RIG_ID) WHERE URI_USR_ID = ? ;" stmnt2 = "SELECT RIG_NAME FROM RIGHTS INNER JOIN ROLERIGHTS ON (RIG_ID = RRI_RIG_ID) INNER JOIN USERROLES ON (URO_ROL_ID = RRI_ROL_ID) WHERE URO_USR_ID = ? ;" cur = db.query(stmnt1,(obj.get_id(),)) res1 = list(set(cur.fetchallmap())) cur = db.query(stmnt2,(obj.get_id(),)) res2 = list(set(cur.fetchallmap())) elif obj.__class__.__name__ == "Role": stmnt = "SELECT RIG_NAME FROM RIGHTS INNER JOIN ROLERIGHTS ON (RIG_ID = RRI_RIG_ID) WHERE RRI_ROL_ID = ? ;" cur = db.query(stmnt,(obj.get_id(),)) res1 = list(set(cur.fetchallmap())) result_permissions = [row['RIG_NAME'] for row in res1] if res2 is not None: skip_permissions = [row['RIG_NAME'] for row in res2] for permission in session_permissions: if permission in skip_permissions: continue result.append({'right':permission,'granted':permission in result_permissions}) return result
def tortilla(*args,**kwargs): current_user = Session.get_current_session_user() if not cls.check_permission(permission, current_user): raise PermissionException(PermissionException.get_msg(15, info=permission)) func(*args, **kwargs)
def getUsers(self,params): session_user = Session.get_current_session_user() if session_user.check_permission('skarphed.users.view'): users = User.get_users_for_admin_interface() return users return False