groups.py
191 lines
| 6.5 KiB
| text/x-python
|
PythonLexer
r0 | # -*- coding: utf-8 -*- | |||
r112 | # Copyright 2010 - 2017 RhodeCode GmbH and the AppEnlight project authors | |||
r0 | # | |||
r112 | # Licensed under the Apache License, Version 2.0 (the "License"); | |||
# you may not use this file except in compliance with the License. | ||||
# You may obtain a copy of the License at | ||||
r0 | # | |||
r112 | # http://www.apache.org/licenses/LICENSE-2.0 | |||
r0 | # | |||
r112 | # Unless required by applicable law or agreed to in writing, software | |||
# distributed under the License is distributed on an "AS IS" BASIS, | ||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
# See the License for the specific language governing permissions and | ||||
# limitations under the License. | ||||
r0 | ||||
import logging | ||||
from pyramid.view import view_config | ||||
from pyramid.httpexceptions import HTTPUnprocessableEntity, HTTPNotFound | ||||
from appenlight.lib.utils import permission_tuple_to_dict | ||||
from appenlight.models.services.config import ConfigService | ||||
from appenlight.models.group import Group | ||||
from appenlight.models.services.group import GroupService | ||||
from appenlight.models.user import User | ||||
from appenlight.models import DBSession | ||||
from appenlight import forms | ||||
from webob.multidict import MultiDict | ||||
log = logging.getLogger(__name__) | ||||
_ = str | ||||
@view_config(route_name='groups_no_id', renderer='json', | ||||
request_method="GET", permission='authenticated') | ||||
def groups_list(request): | ||||
""" | ||||
Returns groups list | ||||
""" | ||||
groups = Group.all().order_by(Group.group_name) | ||||
list_groups = ConfigService.by_key_and_section( | ||||
'list_groups_to_non_admins', 'global') | ||||
r33 | if list_groups.value or request.has_permission('root_administration'): | |||
r0 | return [g.get_dict() for g in groups] | |||
else: | ||||
return [] | ||||
@view_config(route_name='groups_no_id', renderer='json', | ||||
request_method="POST", permission='root_administration') | ||||
def groups_create(request): | ||||
""" | ||||
Returns groups list | ||||
""" | ||||
form = forms.GroupCreateForm( | ||||
MultiDict(request.safe_json_body or {}), csrf_context=request) | ||||
if form.validate(): | ||||
log.info('registering group') | ||||
group = Group() | ||||
# insert new group here | ||||
DBSession.add(group) | ||||
form.populate_obj(group) | ||||
request.session.flash(_('Group created')) | ||||
DBSession.flush() | ||||
return group.get_dict(include_perms=True) | ||||
else: | ||||
return HTTPUnprocessableEntity(body=form.errors_json) | ||||
@view_config(route_name='groups', renderer='json', | ||||
request_method="DELETE", permission='root_administration') | ||||
def groups_DELETE(request): | ||||
""" | ||||
Removes a groups permanently from db | ||||
""" | ||||
msg = _('You cannot remove administrator group from the system') | ||||
group = GroupService.by_id(request.matchdict.get('group_id')) | ||||
if group: | ||||
if group.id == 1: | ||||
request.session.flash(msg, 'warning') | ||||
else: | ||||
DBSession.delete(group) | ||||
request.session.flash(_('Group removed')) | ||||
return True | ||||
request.response.status = 422 | ||||
return False | ||||
@view_config(route_name='groups', renderer='json', | ||||
request_method="GET", permission='root_administration') | ||||
@view_config(route_name='groups', renderer='json', | ||||
request_method="PATCH", permission='root_administration') | ||||
def group_update(request): | ||||
""" | ||||
Updates group object | ||||
""" | ||||
group = GroupService.by_id(request.matchdict.get('group_id')) | ||||
if not group: | ||||
return HTTPNotFound() | ||||
if request.method == 'PATCH': | ||||
form = forms.GroupCreateForm( | ||||
MultiDict(request.unsafe_json_body), csrf_context=request) | ||||
form._modified_group = group | ||||
if form.validate(): | ||||
form.populate_obj(group) | ||||
else: | ||||
return HTTPUnprocessableEntity(body=form.errors_json) | ||||
return group.get_dict(include_perms=True) | ||||
@view_config(route_name='groups_property', | ||||
match_param='key=resource_permissions', | ||||
renderer='json', permission='root_administration') | ||||
def groups_resource_permissions_list(request): | ||||
""" | ||||
Get list of permissions assigned to specific resources | ||||
""" | ||||
group = GroupService.by_id(request.matchdict.get('group_id')) | ||||
if not group: | ||||
return HTTPNotFound() | ||||
return [permission_tuple_to_dict(perm) for perm in | ||||
group.resources_with_possible_perms()] | ||||
@view_config(route_name='groups_property', | ||||
match_param='key=users', request_method="GET", | ||||
renderer='json', permission='root_administration') | ||||
def groups_users_list(request): | ||||
""" | ||||
Get list of permissions assigned to specific resources | ||||
""" | ||||
group = GroupService.by_id(request.matchdict.get('group_id')) | ||||
if not group: | ||||
return HTTPNotFound() | ||||
props = ['user_name', 'id', 'first_name', 'last_name', 'email', | ||||
'last_login_date', 'status'] | ||||
users_dicts = [] | ||||
for user in group.users: | ||||
u_dict = user.get_dict(include_keys=props) | ||||
u_dict['gravatar_url'] = user.gravatar_url(s=20) | ||||
users_dicts.append(u_dict) | ||||
return users_dicts | ||||
@view_config(route_name='groups_property', | ||||
match_param='key=users', request_method="DELETE", | ||||
renderer='json', permission='root_administration') | ||||
def groups_users_remove(request): | ||||
""" | ||||
Get list of permissions assigned to specific resources | ||||
""" | ||||
group = GroupService.by_id(request.matchdict.get('group_id')) | ||||
user = User.by_user_name(request.GET.get('user_name')) | ||||
if not group or not user: | ||||
return HTTPNotFound() | ||||
if len(group.users) > 1: | ||||
group.users.remove(user) | ||||
msg = "User removed from group" | ||||
request.session.flash(msg) | ||||
group.member_count = group.users_dynamic.count() | ||||
return True | ||||
msg = "Administrator group needs to contain at least one user" | ||||
request.session.flash(msg, 'warning') | ||||
return False | ||||
@view_config(route_name='groups_property', | ||||
match_param='key=users', request_method="POST", | ||||
renderer='json', permission='root_administration') | ||||
def groups_users_add(request): | ||||
""" | ||||
Get list of permissions assigned to specific resources | ||||
""" | ||||
group = GroupService.by_id(request.matchdict.get('group_id')) | ||||
user = User.by_user_name(request.unsafe_json_body.get('user_name')) | ||||
if not user: | ||||
user = User.by_email(request.unsafe_json_body.get('user_name')) | ||||
if not group or not user: | ||||
return HTTPNotFound() | ||||
if user not in group.users: | ||||
group.users.append(user) | ||||
group.member_count = group.users_dynamic.count() | ||||
props = ['user_name', 'id', 'first_name', 'last_name', 'email', | ||||
'last_login_date', 'status'] | ||||
u_dict = user.get_dict(include_keys=props) | ||||
u_dict['gravatar_url'] = user.gravatar_url(s=20) | ||||
return u_dict | ||||