def default_sharing(self, id):
"""Change a user's default sharing.
.. :quickref: User; Change default sharing
When used on another user account, requires the `manage_users` permission.
:param id: user id.
:>json User user: modified user.
"""
self.ensure_permission(id)
user = User(get_or_404(User.get_collection(), _id=id))
groups = request.form.get('groups', '').split(',')
for group in groups:
if group in user['groups']:
break
else:
flash('You have to at least keep one of your groups.', 'danger')
return redirect({'user': clean_users(user)}, request.referrer)
user.update_value('default_sharing', groups)
return redirect({'user': clean_users(user)}, request.referrer)
def get(self, id):
"""Get a user.
.. :quickref: User; Get a user
The user is returned in the ``user`` field.
:param id: user id
:>json ObjectId _id: user's ObjectId.
:>json string name: full name.
:>json string: email address.
:>json boolean enabled: ``True`` if the user is enabled.
:>json list groups: list of groups the user belongs to.
:>json list default_sharing: list of groups used by the user as default sharing preferences.
:>json list permissions: list of user's permissions
"""
self.ensure_permission(id)
user = User(get_or_404(User.get_collection(), _id=id))
return render(
{
'user': clean_users(user),
'permissions': dispatcher.permissions
}, 'users/profile.html')
def update(self, id):
"""Update a user.
.. :quickref: User; Update existing user
Requires the `manage_users` permission.
When succesful, the new user will be returned in the ``user`` field.
Otherwise, an ``errors`` field will list errors.
:form name: full name
:form email: email address
:form groups: comma-delimited list of groups
:form permission_VALUE: specify a value different than ``0`` or ``False``
for all permissions the user should have.
"""
name = request.form.get('name')
email = request.form.get('email').lower()
groups = [g for g in request.form.get('groups', '').split(',') if g]
user = User(get_or_404(User.get_collection(), _id=id))
if not self._valid_form(name, email, groups, user['email']):
return validation_error()
user['name'] = name
user['email'] = email
user['groups'] = groups
user['permissions'] = self.get_permissions(user['permissions'])
user.save()
return redirect({'user': clean_users(user)},
url_for('UsersView:get', id=user['_id']))
def index(self):
"""Get the list of analyses.
.. :quickref: Analysis; Get the list of analyses
Response is paginated and will only contain 25 results. The most recent
analyses appear first.
:query page: page number.
:type page: int
:>json list analyses: list of analyses (see :http:get:`/analyses/(id)` for details on the format of an analysis).
"""
page = int(request.args.get('page', 1))
analyses = current_user.analyses.find().sort('_id', DESCENDING).limit(PER_PAGE).skip((page - 1) * PER_PAGE)
pagination = Pagination(page=page, per_page=PER_PAGE, total=analyses.count(), css_framework='bootstrap3')
analyses = {'analyses': clean_analyses(list(analyses))}
for analysis in analyses['analyses']:
file = current_user.files.find_one({'_id': analysis['file']})
analysis['file'] = clean_files(file)
if 'analyst' in analysis:
analyst = store.users.find_one({'_id': analysis['analyst']})
analysis['analyst'] = clean_users(analyst)
return render(analyses, 'analyses/index.html', ctx={'data': analyses, 'pagination': pagination})
def return_file(file):
analyses = list(current_user.analyses.find({'_id': {'$in': file['file']['analysis']}}))
file['av_modules'] = [m.name for m in dispatcher.get_antivirus_modules()]
for analysis in analyses:
if 'analyst' in analysis:
analyst = store.users.find_one({'_id': analysis['analyst']})
analysis['analyst'] = clean_users(analyst)
file['file']['analysis'] = clean_analyses(analyses)
return render(file, 'files/show.html', ctx={
'data': file,
'options': dispatcher.options,
'comments_enabled': comments_enabled()})
def disable(self, id):
"""Disable a user.
.. :quickref: User; Disable a user
Requires the `manage_users` permission.
:param id: user id.
:>json User user: modified user.
"""
user = User(get_or_404(User.get_collection(), _id=id))
user.update_value('enabled', False)
return redirect({'user': clean_users(user)},
url_for('UsersView:index'))
def reset_api(self, id):
"""Reset a user's API key.
.. :quickref: User; Reset API key
When used on another user account, requires the `manage_users` permission.
:param id: user id.
:>json User user: modified user.
"""
self.ensure_permission(id)
user = User(get_or_404(User.get_collection(), _id=id))
user.update_value('api_key', User.generate_api_key())
return redirect({'user': clean_users(user)}, request.referrer)
def get(self, id):
"""Get the object with `id`.
.. :quickref: File; Get an object
Resulting object is in the ``file`` field.
:param id: id of the object.
:>json dict _id: ObjectId dict.
:>json string md5: MD5 hash.
:>json string sha1: SHA1 hash.
:>json string sha256: SHA256 hash.
:>json string type: FAME type.
:>json string mime: mime type.
:>json string detailed_type: detailed type.
:>json list groups: list of groups (as strings) that have access to this file.
:>json list owners: list of groups (as strings) that submitted this file.
:>json list probable_names: list of probable names (as strings).
:>json list analysis: list of analyses' ObjectIds.
:>json list parent_analyses: list of analyses (as ObjectIds) that extracted this object.
:>json dict antivirus: dict with antivirus names as keys.
"""
file = {'file': clean_files(get_or_404(current_user.files, _id=id))}
analyses = list(
current_user.analyses.find(
{'_id': {
'$in': file['file']['analysis']
}}))
file['av_modules'] = [
m.name for m in dispatcher.get_antivirus_modules()
]
for analysis in analyses:
if 'analyst' in analysis:
analyst = store.users.find_one({'_id': analysis['analyst']})
analysis['analyst'] = clean_users(analyst)
file['file']['analysis'] = clean_analyses(analyses)
return render(file,
'files/show.html',
ctx={
'data': file,
'options': dispatcher.options
})
def index(self):
"""Get all users.
.. :quickref: User; Get the list of users
Requires the `manage_users` permission.
The result is in the ``users`` field.
:>jsonarr ObjectId _id: user's ObjectId.
:>jsonarr string name: full name.
:>jsonarr string: email address.
:>jsonarr boolean enabled: ``True`` if the user is enabled.
:>jsonarr list groups: list of groups the user belongs to.
:>jsonarr list default_sharing: list of groups used by the user as default sharing preferences.
:>jsonarr list permissions: list of user's permissions
"""
users = {"users": clean_users(list(User.find()))}
return render(users, 'users/index.html')
def create(self):
"""Create a user.
.. :quickref: User; Create new user
Requires the `manage_users` permission.
When succesful, the new user will be returned in the ``user`` field.
Otherwise, an ``errors`` field will list errors.
:form name: full name
:form email: email address
:form groups: comma-delimited list of groups
:form permission_VALUE: specify a value different than ``0`` or ``False``
for all permissions the user should have.
"""
name = request.form.get('name')
email = request.form.get('email').lower()
groups = [g for g in request.form.get('groups', '').split(',') if g]
if not self._valid_form(name, email, groups):
return validation_error()
user = User({
'name': name,
'email': email.lower(),
'groups': groups,
'default_sharing': groups,
'permissions': self.get_permissions(),
'enabled': True
})
if not auth_module.create_user(user):
return validation_error()
user.save()
return redirect({'user': clean_users(user)},
url_for('UsersView:index'))
def return_file(file):
analyses = list(
current_user.analyses.find({"_id": {
"$in": file["file"]["analysis"]
}}))
file["av_modules"] = [m.name for m in dispatcher.get_antivirus_modules()]
for analysis in analyses:
if "analyst" in analysis:
analyst = store.users.find_one({"_id": analysis["analyst"]})
analysis["analyst"] = clean_users(analyst)
file["file"]["analysis"] = clean_analyses(analyses)
return render(
file,
"files/show.html",
ctx={
"data": file,
"options": dispatcher.options,
"comments_enabled": comments_enabled()
},
)
