def dump(self, groupname=None, role_type=None): if not groupname: stmt = select( [ People.privacy, People.username, People.email, People.human_name, "'user'", 's.sponsored' ], from_obj=PeopleTable.outerjoin( select([ PersonRoles.sponsor_id, func.count(PersonRoles.sponsor_id).label('sponsored') ]).group_by(PersonRoles.sponsor_id).correlate().alias( 's'))).order_by(People.username) else: stmt = select( [ People.privacy, People.username, People.email, People.human_name, PersonRoles.role_type, 's.sponsored' ], from_obj=GroupsTable.join(PersonRolesTable).join( PeopleTable, onclause=PeopleTable.c.id == PersonRolesTable.c.person_id). outerjoin( select([ PersonRoles.sponsor_id, func.count(PersonRoles.sponsor_id).label('sponsored') ]).where( and_(PersonRoles.group_id == Groups.id, Groups.name == groupname)).group_by( PersonRoles.sponsor_id).correlate().alias('s') )).where( and_(Groups.name == groupname, PersonRoles.role_status == 'approved')).order_by( People.username) people = [] if identity.in_any_group(config.get('admingroup', 'accounts'), config.get('systemgroup', 'fas-system')): user = '******' elif identity.current.anonymous: user = '******' else: user = '******' username = identity.current.user_name for row in stmt.execute(): person = list(row[1:]) if not row['sponsored']: person[-1] = 0 if row['privacy'] and user != 'admin' \ and username != row['username']: # filter private data person[2] = u'' people.append(person) return dict(people=people)
def dump(self, groupname=None, role_type=None): if not groupname: stmt = select([People.privacy, People.username, People.email, People.human_name, "'user'", 's.sponsored'], from_obj=PeopleTable.outerjoin(select([PersonRoles.sponsor_id, func.count(PersonRoles.sponsor_id).label('sponsored')] ).group_by(PersonRoles.sponsor_id ).correlate().alias('s') )).order_by(People.username) else: stmt = select([People.privacy, People.username, People.email, People.human_name, PersonRoles.role_type, 's.sponsored'], from_obj=GroupsTable.join(PersonRolesTable).join(PeopleTable, onclause=PeopleTable.c.id==PersonRolesTable.c.person_id ).outerjoin(select([PersonRoles.sponsor_id, func.count(PersonRoles.sponsor_id).label('sponsored')] ).where(and_( PersonRoles.group_id==Groups.id, Groups.name==groupname)).group_by( PersonRoles.sponsor_id).correlate().alias('s') )).where(and_(Groups.name==groupname, PersonRoles.role_status=='approved') ).order_by(People.username) people = [] if identity.in_any_group(config.get('admingroup', 'accounts'), config.get('systemgroup', 'fas-system')): user = '******' elif identity.current.anonymous: user = '******' else: user = '******' username = identity.current.user_name for row in stmt.execute(): person = list(row[1:]) if not row['sponsored']: person[-1] = 0 if row['privacy'] and user != 'admin' \ and username != row['username']: # filter private data person[2] = u'' people.append(person) return dict(people=people)
def filter_private(self, user='******', trust_argument=False): '''Filter out data marked private unless the user is authorized. Some data in this class can only be released if the user has not asked for it to be private. Calling this method will filter the information out so it doesn't go anywhere. This method will disconnect the data structure from being persisted in the database and then remove the information that the user should not be allowed to see. If it's an admin, then all data will be returned. If it's anything else, parts of the information will be removed. Note that it is not foolproof. For instance, a template could be written that traverses from people to groups to a different person and retrieves information from there. However, this would not be a standard use of this method so we should know when we're doing non-standard things and filter the data there as well. ''' person_data = DictContainer() try: if not trust_argument: if identity.in_any_group(admin_group, system_group): # Admin and system are the same for now user = '******' elif identity.current.user_name == self.username: user = '******' elif identity.current.anonymous: user = '******' elif self.privacy: user = '******' else: user = '******' for field in self.allow_fields[user]: person_data[field] = self.__dict__[field] # thirdparty users need to get some things so that users can login to # their boxes. if identity.in_group(thirdparty_group): for field in self.allow_fields['thirdparty']: person_data[field] = self.__dict__[field] except: # Typically this exception means this was called by shell for field in self.allow_fields[user]: person_data[field] = self.__dict__.get(field, '') # Instead of None password fields, we set it to '*' for easier fasClient # parsing if 'password' not in person_data: person_data['password'] = '******' # Make sure we have empty fields for the rest of the info for field in self.allow_fields['complete']: if field not in person_data: person_data[field] = None person_data['group_roles'] = {} for field in self.roles: person_data['group_roles'][field.groupname] = field person_data['memberships'] = list(self.memberships) person_data['roles'] = self.roles return person_data
def filter_private(self, user='******'): '''Filter out data marked private unless the user is authorized. Some data in this class can only be released if the user has not asked for it to be private. Calling this method will filter the information out so it doesn't go anywhere. This method will disconnect the data structure from being persisted in the database and then remove the information that the user should not be allowed to see. If it's an admin, then all data will be returned. If it's anything else, parts of the information will be removed. Note that it is not foolproof. For instance, a template could be written that traverses from people to groups to a different person and retrieves information from there. However, this would not be a standard use of this method so we should know when we're doing non-standard things and filter the data there as well. ''' person_data = DictContainer() try: if identity.in_any_group(admin_group, system_group): # Admin and system are the same for now user ='******' elif identity.current.user_name == self.username: user = '******' elif identity.current.anonymous: user = '******' elif self.privacy: user = '******' else: user = '******' for field in self.allow_fields[user]: person_data[field] = self.__dict__[field] # thirdparty users need to get some things so that users can login to # their boxes. if identity.in_group(thirdparty_group): for field in self.allow_fields['thirdparty']: person_data[field] = self.__dict__[field] except: # Typically this exception means this was called by shell for field in self.allow_fields[user]: person_data[field] = self.__dict__[field] # Instead of None password fields, we set it to '*' for easier fasClient # parsing if 'password' not in person_data: person_data['password'] = '******' # Make sure we have empty fields for the rest of the info for field in self.allow_fields['complete']: if field not in person_data: person_data[field] = None person_data['group_roles'] = {} for field in self.roles: person_data['group_roles'][field.groupname] = field person_data['memberships'] = list(self.memberships) person_data['roles'] = self.roles return person_data
def test_in_any_group(self): """Test the predicate for requiring at least one group.""" assert self.met(in_any_group('guest', 'edit', 'user')) assert not self.met(in_all_groups('guest', 'user'))