def edit_permission(req, id): ctx = Context() found = False p = ctx.get_permission(id) if p is None: raise Http404 p.description = req.POST['description'] p.type = req.POST['type'] constraint_types = req.POST["constraint_types"].strip() and \ req.POST['constraint_types'].split("\n") or [] constraints = req.POST["constraints"].strip() and \ req.POST['constraints'].split("\n") or [] p.constraints = [] for i, t in enumerate(constraint_types): p.add_constraint(t, constraints[i]) for i in xrange(len(ctx.permissions)): if ctx.permissions[i].id == id: ctx.permissions[i] = p break ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def get_user(req, id): ctx = Context() user = ctx.get_user(id=id) if not user: raise Http404 resp = [] resp.append("'name': '%s'" % user.name.replace("'", "\\'")) resp.append("'login': '******'" % user.login.replace("'", "\\'")) resp.append("'superuser': %s" % str(user.superuser).lower()) resp.append("'roles': ['%s']" % "','".join([r.id for r in user.roles])) return HttpResponse("{%s}" % ",".join(resp))
def delete_user(req, id): ctx = Context() found = False for i in xrange(len(ctx.users)): if ctx.users[i].login == id: del ctx.users[i] found = True break if not found: raise Http404 ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def get_role(req, id): ctx = Context() role = ctx.get_role(id) if role is None: raise Http404 data = [] data.append("'id': '%s'" % role.id) data.append("'description': '%s'" % role.description) data.append("'permissions': ['%s']" % "','".join([p.id.replace("'", "\\'") for p in role.permissions])) return HttpResponse("{%s}" % ",".join(data), "text/plain")
def add_role(req): ctx = Context() if not req.POST: raise HttpError(400, "Invalid Request") id = req.POST['id'] description = req.POST['description'] permissions = req.POST['permissions'].strip() and req.POST['permissions'].split(",") or [] if id in [p.id for p in ctx.roles]: return HttpResponse("{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}") ctx.add_role(id, description, permissions) ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def get_role(req, id): ctx = Context() role = ctx.get_role(id) if role is None: raise Http404 data = [] data.append("'id': '%s'" % role.id) data.append("'description': '%s'" % role.description) data.append( "'permissions': ['%s']" % "','".join([p.id.replace("'", "\\'") for p in role.permissions])) return HttpResponse("{%s}" % ",".join(data), "text/plain")
def roles_get_all(req): ctx = Context() return HttpResponse("[%s]" % ",".join([ "{'value': '%s', 'description': '%s'}" % (r.id.replace("'", "\\'"), r.description.replace("'", "\\'")) for r in ctx.roles ]))
def login(req): logger.debug("aeeeeeeeee") response = HttpResponse() error = "" errorclass = "hide" if req.POST: ctx = Context() user = ctx.get_user(req.POST['login'], req.POST['password']) if user: req.session['umit_user'] = user return HttpResponseRedirect("/html/") else: error = "Incorrect username or password" errorclass = "" response.loadTemplate("html/login.html") return response % {"error": error, "errorclass": errorclass}
class SecurityContextTestCase(unittest.TestCase): logger = getLogger("SecurityContextTestCase") file = "security.xml.sample" def setUp(self): self.context = Context() self.logger.debug(str(len(self.context.roles))) def tearDown(self): del self.context def testPermissions(self): self.assertTrue(len(self.context.permissions) == 5) self.assertEqual(self.context.permissions[0].id, "allow-all") self.assertEqual(self.context.permissions[2].id, "deny-localhost") self.assertEqual(len(self.context.permissions[2].constraints), 2) def testRoles(self): self.assertTrue(len(self.context.roles) == 2) self.assertEqual(self.context.roles[1].id, "administrator") def testUsers(self): self.assertTrue(len(self.context.users) == 2) u = self.context.get_user("user1", "123") self.assertTrue(u is not None) command = "nmap -v localhost" self.assertFalse(u.is_permitted(command))
def delete_permission(req, id): ctx = Context() found = False for i in xrange(len(ctx.permissions)): if ctx.permissions[i].id == id: del ctx.permissions[i] found = True break if not found: raise Http404 for i in xrange(len(ctx.roles)): for j in xrange(len(ctx.roles[i].permissions)): if ctx.roles[i].permissions[j].id == id: del ctx.roles[i].permissions[j] ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def permissions_search(req): if not req.POST: raise HttpError(400, "Invalid Request") search = req.POST.get("search", "") ctx = Context() permissions = [ p for p in ctx.permissions if search.lower() in p.id.lower() ] data = [] for p in permissions: pdata = [] pdata.append("'id': '%s'" % p.id.replace("'", "\\'")) pdata.append("'description': '%s'" % p.description.replace("'", "\\'")) pdata.append("'type': '%s'" % p.type.replace("'", "\\'")) cdata = [] for c in p.constraints: ccdata = [] ccdata.append("'type': '%s'" % c.type.replace("'", "\\'")) ccdata.append("'content': '%s'" % c.content.replace("'", "\\'").replace("\\", "\\\\")) cdata.append("{%s}" % ",".join(ccdata)) pdata.append("'constraints': [%s]" % ",".join(cdata)) data.append("{%s}" % ",".join(pdata)) return HttpResponse("[%s]" % ",".join(data), "text/plain")
def add_user(req): ctx = Context() if not req.POST: raise HttpError(400, "Invalid Request") login = req.POST['login'] name = req.POST['name'] roles = req.POST['roles'].strip() and req.POST['roles'].split(",") or [] superuser = (req.POST['superuser'] == "yes") password = req.POST['password'] if login in [u.login for u in ctx.users]: return HttpResponse("{'result': 'FAIL', 'error': 'This login name already exists. Please, choose other.'}") ctx.add_user(name, login, password, superuser, roles) ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def users_search(req): ctx = Context() users = [] search = req.POST['search'] for u in ctx.users: if (search.lower() in u.login.lower()) or (search.lower() in u.name.lower()): users.append(u) return HttpResponse(__users_to_json(users))
def get_permission(req, id): ctx = Context() perm = ctx.get_permission(id) if perm is None: raise Http404 data = [] data.append("'id': '%s'" % perm.id.replace("'", "\\'")) data.append("'description': '%s'" % perm.description.replace("'", "\\'").replace("\n", "\\n'+\n'")) data.append("'type': '%s'" % perm.type.replace("'", "\\'")) ccdata = [] for c in perm.constraints: cdata = [] cdata.append("'type': '%s'" % c.type) cdata.append("'content': '%s'" % c.content.replace("'", "\\'").replace("\\", "\\\\").replace("\n", "\\n'+\n'")) ccdata.append("{%s}" % ",".join(cdata)) data.append("'constraints': [%s]" % ",".join(ccdata)) return HttpResponse("{%s}" % ",".join(data))
def add_permission(req): ctx = Context() id = req.POST["id"] description = req.POST["description"] type = req.POST["type"] constraint_types = req.POST["constraint_types"].strip() and \ req.POST['constraint_types'].split("\n") or [] constraints = req.POST["constraints"].strip() and \ req.POST['constraints'].split("\n") or [] if id in [p.id for p in ctx.permissions]: return HttpResponse("{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}") p = Permission(id, type) p.description = description for i, t in enumerate(constraint_types): p.add_constraint(t, constraints[i]) ctx.permissions.append(p) ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def login(req): resp = HttpResponse() ctx = Context() if req.POST: resp['Content-type'] = "text/plain" user = ctx.get_user(req.POST['login'], req.POST['password']) if req.GET.has_key("json"): if user: req.session['umit_user'] = user resp.write('OK') else: resp.write('FAIL') return resp else: if user: req.session['umit_user'] = user return HttpResponseRedirect("/") else: resp.loadTemplate("login.html") return resp
def get_permission(req, id): ctx = Context() perm = ctx.get_permission(id) if perm is None: raise Http404 data = [] data.append("'id': '%s'" % perm.id.replace("'", "\\'")) data.append("'description': '%s'" % perm.description.replace("'", "\\'").replace("\n", "\\n'+\n'")) data.append("'type': '%s'" % perm.type.replace("'", "\\'")) ccdata = [] for c in perm.constraints: cdata = [] cdata.append("'type': '%s'" % c.type) cdata.append("'content': '%s'" % c.content.replace("'", "\\'").replace( "\\", "\\\\").replace("\n", "\\n'+\n'")) ccdata.append("{%s}" % ",".join(cdata)) data.append("'constraints': [%s]" % ",".join(ccdata)) return HttpResponse("{%s}" % ",".join(data))
def add_permission(req): ctx = Context() id = req.POST["id"] description = req.POST["description"] type = req.POST["type"] constraint_types = req.POST["constraint_types"].strip() and \ req.POST['constraint_types'].split("\n") or [] constraints = req.POST["constraints"].strip() and \ req.POST['constraints'].split("\n") or [] if id in [p.id for p in ctx.permissions]: return HttpResponse( "{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}" ) p = Permission(id, type) p.description = description for i, t in enumerate(constraint_types): p.add_constraint(t, constraints[i]) ctx.permissions.append(p) ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def roles_search(req): if not req.POST: raise HttpError(400, "Invalid Request") search = req.POST.get("search", "") ctx = Context() roles = [r for r in ctx.roles if search.lower() in r.id.lower()] data = [] for r in roles: rdata = [] rdata.append("'id': '%s'" % r.id.replace("'", "\\'")) rdata.append("'description': '%s'" % r.description.replace("'", "\\'")) rdata.append( "'permissions': ['%s']" % "','".join([p.id.replace("'", "\\'") for p in r.permissions])) data.append("{%s}" % ",".join(rdata)) return HttpResponse("[%s]" % ",".join(data), "text/plain")
def edit_role(req, id): ctx = Context() role = ctx.get_role(id=id) if not role: raise Http404 role.description = req.POST['description'] role.permissions = [] for id in (req.POST['permissions'].strip() and req.POST['permissions'].split(",") or []): role.permissions.append(ctx.get_permission(id)) for i in xrange(len(ctx.roles)): if ctx.roles[i].id == id: ctx.roles[i] = role break ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def add_role(req): ctx = Context() if not req.POST: raise HttpError(400, "Invalid Request") id = req.POST['id'] description = req.POST['description'] permissions = req.POST['permissions'].strip( ) and req.POST['permissions'].split(",") or [] if id in [p.id for p in ctx.roles]: return HttpResponse( "{'result': 'FAIL', 'error': 'This id already exists. Please, choose other.'}" ) ctx.add_role(id, description, permissions) ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def add_user(req): ctx = Context() if not req.POST: raise HttpError(400, "Invalid Request") login = req.POST['login'] name = req.POST['name'] roles = req.POST['roles'].strip() and req.POST['roles'].split(",") or [] superuser = (req.POST['superuser'] == "yes") password = req.POST['password'] if login in [u.login for u in ctx.users]: return HttpResponse( "{'result': 'FAIL', 'error': 'This login name already exists. Please, choose other.'}" ) ctx.add_user(name, login, password, superuser, roles) ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def edit_user(req, id): ctx = Context() user = ctx.get_user(id=id) if not user: raise Http404 user.name = req.POST['name'] user.roles = [] for id in (req.POST['roles'].strip() and req.POST['roles'].split(",") or []): user.roles.append(ctx.get_role(id)) user.superuser = (req.POST['superuser'] == "yes") if req.POST['password'].strip(): password = req.POST['password'] for i in xrange(len(ctx.users)): if ctx.users[i].login == id: ctx.users[i] = user break ctx.write_xml() return HttpResponse("{'result': 'OK'}")
def permissions_get_all(req): ctx = Context() return HttpResponse( "['%s']" % "','".join([p.id.replace("'", "\\'") for p in ctx.permissions]))
def setUp(self): self.context = Context() self.logger.debug(str(len(self.context.roles)))
def users_get_all(req): ctx = Context() return HttpResponse(__users_to_json(ctx.users))