def dump(self, groupname=None, role_type=None):
if not groupname:
stmt = select(
[
People.privacy, People.username, People.email,
People.human_name, "'user'", 's.sponsored'
],
from_obj=PeopleTable.outerjoin(
select([
PersonRoles.sponsor_id,
func.count(PersonRoles.sponsor_id).label('sponsored')
]).group_by(PersonRoles.sponsor_id).correlate().alias(
's'))).order_by(People.username)
else:
stmt = select(
[
People.privacy, People.username, People.email,
People.human_name, PersonRoles.role_type, 's.sponsored'
],
from_obj=GroupsTable.join(PersonRolesTable).join(
PeopleTable,
onclause=PeopleTable.c.id == PersonRolesTable.c.person_id).
outerjoin(
select([
PersonRoles.sponsor_id,
func.count(PersonRoles.sponsor_id).label('sponsored')
]).where(
and_(PersonRoles.group_id == Groups.id,
Groups.name == groupname)).group_by(
PersonRoles.sponsor_id).correlate().alias('s')
)).where(
and_(Groups.name == groupname,
PersonRoles.role_status == 'approved')).order_by(
People.username)
people = []
if identity.in_any_group(config.get('admingroup', 'accounts'),
config.get('systemgroup', 'fas-system')):
user = '******'
elif identity.current.anonymous:
user = '******'
else:
user = '******'
username = identity.current.user_name
for row in stmt.execute():
person = list(row[1:])
if not row['sponsored']:
person[-1] = 0
if row['privacy'] and user != 'admin' \
and username != row['username']:
# filter private data
person[2] = u''
people.append(person)
return dict(people=people)
def dump(self, groupname=None, role_type=None):
if not groupname:
stmt = select([People.privacy, People.username, People.email,
People.human_name, "'user'", 's.sponsored'],
from_obj=PeopleTable.outerjoin(select([PersonRoles.sponsor_id,
func.count(PersonRoles.sponsor_id).label('sponsored')]
).group_by(PersonRoles.sponsor_id
).correlate().alias('s')
)).order_by(People.username)
else:
stmt = select([People.privacy, People.username, People.email,
People.human_name, PersonRoles.role_type, 's.sponsored'],
from_obj=GroupsTable.join(PersonRolesTable).join(PeopleTable,
onclause=PeopleTable.c.id==PersonRolesTable.c.person_id
).outerjoin(select([PersonRoles.sponsor_id,
func.count(PersonRoles.sponsor_id).label('sponsored')]
).where(and_(
PersonRoles.group_id==Groups.id,
Groups.name==groupname)).group_by(
PersonRoles.sponsor_id).correlate().alias('s')
)).where(and_(Groups.name==groupname,
PersonRoles.role_status=='approved')
).order_by(People.username)
people = []
if identity.in_any_group(config.get('admingroup', 'accounts'),
config.get('systemgroup', 'fas-system')):
user = '******'
elif identity.current.anonymous:
user = '******'
else:
user = '******'
username = identity.current.user_name
for row in stmt.execute():
person = list(row[1:])
if not row['sponsored']:
person[-1] = 0
if row['privacy'] and user != 'admin' \
and username != row['username']:
# filter private data
person[2] = u''
people.append(person)
return dict(people=people)
def filter_private(self, user='******', trust_argument=False):
'''Filter out data marked private unless the user is authorized.
Some data in this class can only be released if the user has not asked
for it to be private. Calling this method will filter the information
out so it doesn't go anywhere.
This method will disconnect the data structure from being persisted in
the database and then remove the information that the user should not
be allowed to see.
If it's an admin, then all data will be returned. If it's
anything else, parts of the information will be removed.
Note that it is not foolproof. For instance, a template could be
written that traverses from people to groups to a different person
and retrieves information from there. However, this would not be a
standard use of this method so we should know when we're doing
non-standard things and filter the data there as well.
'''
person_data = DictContainer()
try:
if not trust_argument:
if identity.in_any_group(admin_group, system_group):
# Admin and system are the same for now
user = '******'
elif identity.current.user_name == self.username:
user = '******'
elif identity.current.anonymous:
user = '******'
elif self.privacy:
user = '******'
else:
user = '******'
for field in self.allow_fields[user]:
person_data[field] = self.__dict__[field]
# thirdparty users need to get some things so that users can login to
# their boxes.
if identity.in_group(thirdparty_group):
for field in self.allow_fields['thirdparty']:
person_data[field] = self.__dict__[field]
except:
# Typically this exception means this was called by shell
for field in self.allow_fields[user]:
person_data[field] = self.__dict__.get(field, '')
# Instead of None password fields, we set it to '*' for easier fasClient
# parsing
if 'password' not in person_data:
person_data['password'] = '******'
# Make sure we have empty fields for the rest of the info
for field in self.allow_fields['complete']:
if field not in person_data:
person_data[field] = None
person_data['group_roles'] = {}
for field in self.roles:
person_data['group_roles'][field.groupname] = field
person_data['memberships'] = list(self.memberships)
person_data['roles'] = self.roles
return person_data
def filter_private(self, user='******'):
'''Filter out data marked private unless the user is authorized.
Some data in this class can only be released if the user has not asked
for it to be private. Calling this method will filter the information
out so it doesn't go anywhere.
This method will disconnect the data structure from being persisted in
the database and then remove the information that the user should not
be allowed to see.
If it's an admin, then all data will be returned. If it's
anything else, parts of the information will be removed.
Note that it is not foolproof. For instance, a template could be
written that traverses from people to groups to a different person
and retrieves information from there. However, this would not be a
standard use of this method so we should know when we're doing
non-standard things and filter the data there as well.
'''
person_data = DictContainer()
try:
if identity.in_any_group(admin_group, system_group):
# Admin and system are the same for now
user ='******'
elif identity.current.user_name == self.username:
user = '******'
elif identity.current.anonymous:
user = '******'
elif self.privacy:
user = '******'
else:
user = '******'
for field in self.allow_fields[user]:
person_data[field] = self.__dict__[field]
# thirdparty users need to get some things so that users can login to
# their boxes.
if identity.in_group(thirdparty_group):
for field in self.allow_fields['thirdparty']:
person_data[field] = self.__dict__[field]
except:
# Typically this exception means this was called by shell
for field in self.allow_fields[user]:
person_data[field] = self.__dict__[field]
# Instead of None password fields, we set it to '*' for easier fasClient
# parsing
if 'password' not in person_data:
person_data['password'] = '******'
# Make sure we have empty fields for the rest of the info
for field in self.allow_fields['complete']:
if field not in person_data:
person_data[field] = None
person_data['group_roles'] = {}
for field in self.roles:
person_data['group_roles'][field.groupname] = field
person_data['memberships'] = list(self.memberships)
person_data['roles'] = self.roles
return person_data
def test_in_any_group(self):
"""Test the predicate for requiring at least one group."""
assert self.met(in_any_group('guest', 'edit', 'user'))
assert not self.met(in_all_groups('guest', 'user'))
