Show More
| @@ -1,895 +1,899 b'' | |||||
| 1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
| 2 |
|
2 | |||
| 3 | # Copyright (C) 2011-2019 RhodeCode GmbH |
|
3 | # Copyright (C) 2011-2019 RhodeCode GmbH | |
| 4 | # |
|
4 | # | |
| 5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
| 6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
| 7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
| 8 | # |
|
8 | # | |
| 9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
| 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| 12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
| 13 | # |
|
13 | # | |
| 14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
| 15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
| 16 | # |
|
16 | # | |
| 17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
| 18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
| 19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
| 20 |
|
20 | |||
| 21 | import logging |
|
21 | import logging | |
| 22 |
|
22 | |||
| 23 | from rhodecode.api import ( |
|
23 | from rhodecode.api import ( | |
| 24 | jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError) |
|
24 | jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError) | |
| 25 | from rhodecode.api.utils import ( |
|
25 | from rhodecode.api.utils import ( | |
| 26 | Optional, OAttr, store_update, has_superadmin_permission, get_origin, |
|
26 | Optional, OAttr, store_update, has_superadmin_permission, get_origin, | |
| 27 | get_user_or_error, get_user_group_or_error, get_perm_or_error) |
|
27 | get_user_or_error, get_user_group_or_error, get_perm_or_error) | |
| 28 | from rhodecode.lib import audit_logger |
|
28 | from rhodecode.lib import audit_logger | |
| 29 | from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi |
|
29 | from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi | |
| 30 | from rhodecode.lib.exceptions import UserGroupAssignedException |
|
30 | from rhodecode.lib.exceptions import UserGroupAssignedException | |
| 31 | from rhodecode.model.db import Session |
|
31 | from rhodecode.model.db import Session | |
| 32 | from rhodecode.model.scm import UserGroupList |
|
32 | from rhodecode.model.scm import UserGroupList | |
| 33 | from rhodecode.model.user_group import UserGroupModel |
|
33 | from rhodecode.model.user_group import UserGroupModel | |
| 34 | from rhodecode.model import validation_schema |
|
34 | from rhodecode.model import validation_schema | |
| 35 | from rhodecode.model.validation_schema.schemas import user_group_schema |
|
35 | from rhodecode.model.validation_schema.schemas import user_group_schema | |
| 36 |
|
36 | |||
| 37 | log = logging.getLogger(__name__) |
|
37 | log = logging.getLogger(__name__) | |
| 38 |
|
38 | |||
| 39 |
|
39 | |||
| 40 | @jsonrpc_method() |
|
40 | @jsonrpc_method() | |
| 41 | def get_user_group(request, apiuser, usergroupid): |
|
41 | def get_user_group(request, apiuser, usergroupid): | |
| 42 | """ |
|
42 | """ | |
| 43 | Returns the data of an existing user group. |
|
43 | Returns the data of an existing user group. | |
| 44 |
|
44 | |||
| 45 | This command can only be run using an |authtoken| with admin rights to |
|
45 | This command can only be run using an |authtoken| with admin rights to | |
| 46 | the specified repository. |
|
46 | the specified repository. | |
| 47 |
|
47 | |||
| 48 | :param apiuser: This is filled automatically from the |authtoken|. |
|
48 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 49 | :type apiuser: AuthUser |
|
49 | :type apiuser: AuthUser | |
| 50 | :param usergroupid: Set the user group from which to return data. |
|
50 | :param usergroupid: Set the user group from which to return data. | |
| 51 | :type usergroupid: str or int |
|
51 | :type usergroupid: str or int | |
| 52 |
|
52 | |||
| 53 | Example error output: |
|
53 | Example error output: | |
| 54 |
|
54 | |||
| 55 | .. code-block:: bash |
|
55 | .. code-block:: bash | |
| 56 |
|
56 | |||
| 57 | { |
|
57 | { | |
| 58 | "error": null, |
|
58 | "error": null, | |
| 59 | "id": <id>, |
|
59 | "id": <id>, | |
| 60 | "result": { |
|
60 | "result": { | |
| 61 | "active": true, |
|
61 | "active": true, | |
| 62 | "group_description": "group description", |
|
62 | "group_description": "group description", | |
| 63 | "group_name": "group name", |
|
63 | "group_name": "group name", | |
| 64 | "permissions": [ |
|
64 | "permissions": [ | |
| 65 | { |
|
65 | { | |
| 66 | "name": "owner-name", |
|
66 | "name": "owner-name", | |
| 67 | "origin": "owner", |
|
67 | "origin": "owner", | |
| 68 | "permission": "usergroup.admin", |
|
68 | "permission": "usergroup.admin", | |
| 69 | "type": "user" |
|
69 | "type": "user" | |
| 70 | }, |
|
70 | }, | |
| 71 | { |
|
71 | { | |
| 72 | { |
|
72 | { | |
| 73 | "name": "user name", |
|
73 | "name": "user name", | |
| 74 | "origin": "permission", |
|
74 | "origin": "permission", | |
| 75 | "permission": "usergroup.admin", |
|
75 | "permission": "usergroup.admin", | |
| 76 | "type": "user" |
|
76 | "type": "user" | |
| 77 | }, |
|
77 | }, | |
| 78 | { |
|
78 | { | |
| 79 | "name": "user group name", |
|
79 | "name": "user group name", | |
| 80 | "origin": "permission", |
|
80 | "origin": "permission", | |
| 81 | "permission": "usergroup.write", |
|
81 | "permission": "usergroup.write", | |
| 82 | "type": "user_group" |
|
82 | "type": "user_group" | |
| 83 | } |
|
83 | } | |
| 84 | ], |
|
84 | ], | |
| 85 | "permissions_summary": { |
|
85 | "permissions_summary": { | |
| 86 | "repositories": { |
|
86 | "repositories": { | |
| 87 | "aa-root-level-repo-1": "repository.admin" |
|
87 | "aa-root-level-repo-1": "repository.admin" | |
| 88 | }, |
|
88 | }, | |
| 89 | "repositories_groups": {} |
|
89 | "repositories_groups": {} | |
| 90 | }, |
|
90 | }, | |
| 91 | "owner": "owner name", |
|
91 | "owner": "owner name", | |
| 92 | "users": [], |
|
92 | "users": [], | |
| 93 | "users_group_id": 2 |
|
93 | "users_group_id": 2 | |
| 94 | } |
|
94 | } | |
| 95 | } |
|
95 | } | |
| 96 |
|
96 | |||
| 97 | """ |
|
97 | """ | |
| 98 |
|
98 | |||
| 99 | user_group = get_user_group_or_error(usergroupid) |
|
99 | user_group = get_user_group_or_error(usergroupid) | |
| 100 | if not has_superadmin_permission(apiuser): |
|
100 | if not has_superadmin_permission(apiuser): | |
| 101 | # check if we have at least read permission for this user group ! |
|
101 | # check if we have at least read permission for this user group ! | |
| 102 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
102 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
| 103 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
103 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 104 | user=apiuser, user_group_name=user_group.users_group_name): |
|
104 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 105 | raise JSONRPCError('user group `%s` does not exist' % ( |
|
105 | raise JSONRPCError('user group `%s` does not exist' % ( | |
| 106 | usergroupid,)) |
|
106 | usergroupid,)) | |
| 107 |
|
107 | |||
| 108 | permissions = [] |
|
108 | permissions = [] | |
| 109 | for _user in user_group.permissions(): |
|
109 | for _user in user_group.permissions(): | |
| 110 | user_data = { |
|
110 | user_data = { | |
| 111 | 'name': _user.username, |
|
111 | 'name': _user.username, | |
| 112 | 'permission': _user.permission, |
|
112 | 'permission': _user.permission, | |
| 113 | 'origin': get_origin(_user), |
|
113 | 'origin': get_origin(_user), | |
| 114 | 'type': "user", |
|
114 | 'type': "user", | |
| 115 | } |
|
115 | } | |
| 116 | permissions.append(user_data) |
|
116 | permissions.append(user_data) | |
| 117 |
|
117 | |||
| 118 | for _user_group in user_group.permission_user_groups(): |
|
118 | for _user_group in user_group.permission_user_groups(): | |
| 119 | user_group_data = { |
|
119 | user_group_data = { | |
| 120 | 'name': _user_group.users_group_name, |
|
120 | 'name': _user_group.users_group_name, | |
| 121 | 'permission': _user_group.permission, |
|
121 | 'permission': _user_group.permission, | |
| 122 | 'origin': get_origin(_user_group), |
|
122 | 'origin': get_origin(_user_group), | |
| 123 | 'type': "user_group", |
|
123 | 'type': "user_group", | |
| 124 | } |
|
124 | } | |
| 125 | permissions.append(user_group_data) |
|
125 | permissions.append(user_group_data) | |
| 126 |
|
126 | |||
| 127 | data = user_group.get_api_data() |
|
127 | data = user_group.get_api_data() | |
| 128 | data["permissions"] = permissions |
|
128 | data["permissions"] = permissions | |
| 129 | data["permissions_summary"] = UserGroupModel().get_perms_summary( |
|
129 | data["permissions_summary"] = UserGroupModel().get_perms_summary( | |
| 130 | user_group.users_group_id) |
|
130 | user_group.users_group_id) | |
| 131 | return data |
|
131 | return data | |
| 132 |
|
132 | |||
| 133 |
|
133 | |||
| 134 | @jsonrpc_method() |
|
134 | @jsonrpc_method() | |
| 135 | def get_user_groups(request, apiuser): |
|
135 | def get_user_groups(request, apiuser): | |
| 136 | """ |
|
136 | """ | |
| 137 | Lists all the existing user groups within RhodeCode. |
|
137 | Lists all the existing user groups within RhodeCode. | |
| 138 |
|
138 | |||
| 139 | This command can only be run using an |authtoken| with admin rights to |
|
139 | This command can only be run using an |authtoken| with admin rights to | |
| 140 | the specified repository. |
|
140 | the specified repository. | |
| 141 |
|
141 | |||
| 142 | This command takes the following options: |
|
142 | This command takes the following options: | |
| 143 |
|
143 | |||
| 144 | :param apiuser: This is filled automatically from the |authtoken|. |
|
144 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 145 | :type apiuser: AuthUser |
|
145 | :type apiuser: AuthUser | |
| 146 |
|
146 | |||
| 147 | Example error output: |
|
147 | Example error output: | |
| 148 |
|
148 | |||
| 149 | .. code-block:: bash |
|
149 | .. code-block:: bash | |
| 150 |
|
150 | |||
| 151 | id : <id_given_in_input> |
|
151 | id : <id_given_in_input> | |
| 152 | result : [<user_group_obj>,...] |
|
152 | result : [<user_group_obj>,...] | |
| 153 | error : null |
|
153 | error : null | |
| 154 | """ |
|
154 | """ | |
| 155 |
|
155 | |||
| 156 | include_secrets = has_superadmin_permission(apiuser) |
|
156 | include_secrets = has_superadmin_permission(apiuser) | |
| 157 |
|
157 | |||
| 158 | result = [] |
|
158 | result = [] | |
| 159 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
159 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
| 160 | extras = {'user': apiuser} |
|
160 | extras = {'user': apiuser} | |
| 161 | for user_group in UserGroupList(UserGroupModel().get_all(), |
|
161 | for user_group in UserGroupList(UserGroupModel().get_all(), | |
| 162 | perm_set=_perms, extra_kwargs=extras): |
|
162 | perm_set=_perms, extra_kwargs=extras): | |
| 163 | result.append( |
|
163 | result.append( | |
| 164 | user_group.get_api_data(include_secrets=include_secrets)) |
|
164 | user_group.get_api_data(include_secrets=include_secrets)) | |
| 165 | return result |
|
165 | return result | |
| 166 |
|
166 | |||
| 167 |
|
167 | |||
| 168 | @jsonrpc_method() |
|
168 | @jsonrpc_method() | |
| 169 | def create_user_group( |
|
169 | def create_user_group( | |
| 170 | request, apiuser, group_name, description=Optional(''), |
|
170 | request, apiuser, group_name, description=Optional(''), | |
| 171 | owner=Optional(OAttr('apiuser')), active=Optional(True), |
|
171 | owner=Optional(OAttr('apiuser')), active=Optional(True), | |
| 172 | sync=Optional(None)): |
|
172 | sync=Optional(None)): | |
| 173 | """ |
|
173 | """ | |
| 174 | Creates a new user group. |
|
174 | Creates a new user group. | |
| 175 |
|
175 | |||
| 176 | This command can only be run using an |authtoken| with admin rights to |
|
176 | This command can only be run using an |authtoken| with admin rights to | |
| 177 | the specified repository. |
|
177 | the specified repository. | |
| 178 |
|
178 | |||
| 179 | This command takes the following options: |
|
179 | This command takes the following options: | |
| 180 |
|
180 | |||
| 181 | :param apiuser: This is filled automatically from the |authtoken|. |
|
181 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 182 | :type apiuser: AuthUser |
|
182 | :type apiuser: AuthUser | |
| 183 | :param group_name: Set the name of the new user group. |
|
183 | :param group_name: Set the name of the new user group. | |
| 184 | :type group_name: str |
|
184 | :type group_name: str | |
| 185 | :param description: Give a description of the new user group. |
|
185 | :param description: Give a description of the new user group. | |
| 186 | :type description: str |
|
186 | :type description: str | |
| 187 | :param owner: Set the owner of the new user group. |
|
187 | :param owner: Set the owner of the new user group. | |
| 188 | If not set, the owner is the |authtoken| user. |
|
188 | If not set, the owner is the |authtoken| user. | |
| 189 | :type owner: Optional(str or int) |
|
189 | :type owner: Optional(str or int) | |
| 190 | :param active: Set this group as active. |
|
190 | :param active: Set this group as active. | |
| 191 | :type active: Optional(``True`` | ``False``) |
|
191 | :type active: Optional(``True`` | ``False``) | |
| 192 | :param sync: Set enabled or disabled the automatically sync from |
|
192 | :param sync: Set enabled or disabled the automatically sync from | |
| 193 | external authentication types like ldap. |
|
193 | external authentication types like ldap. If User Group will be named like | |
|
|
194 | one from e.g ldap and sync flag is enabled members will be synced automatically. | |||
|
|
195 | Sync type when enabled via API is set to `manual_api` | |||
| 194 | :type sync: Optional(``True`` | ``False``) |
|
196 | :type sync: Optional(``True`` | ``False``) | |
| 195 |
|
197 | |||
| 196 | Example output: |
|
198 | Example output: | |
| 197 |
|
199 | |||
| 198 | .. code-block:: bash |
|
200 | .. code-block:: bash | |
| 199 |
|
201 | |||
| 200 | id : <id_given_in_input> |
|
202 | id : <id_given_in_input> | |
| 201 | result: { |
|
203 | result: { | |
| 202 | "msg": "created new user group `<groupname>`", |
|
204 | "msg": "created new user group `<groupname>`", | |
| 203 | "user_group": <user_group_object> |
|
205 | "user_group": <user_group_object> | |
| 204 | } |
|
206 | } | |
| 205 | error: null |
|
207 | error: null | |
| 206 |
|
208 | |||
| 207 | Example error output: |
|
209 | Example error output: | |
| 208 |
|
210 | |||
| 209 | .. code-block:: bash |
|
211 | .. code-block:: bash | |
| 210 |
|
212 | |||
| 211 | id : <id_given_in_input> |
|
213 | id : <id_given_in_input> | |
| 212 | result : null |
|
214 | result : null | |
| 213 | error : { |
|
215 | error : { | |
| 214 | "user group `<group name>` already exist" |
|
216 | "user group `<group name>` already exist" | |
| 215 | or |
|
217 | or | |
| 216 | "failed to create group `<group name>`" |
|
218 | "failed to create group `<group name>`" | |
| 217 | } |
|
219 | } | |
| 218 |
|
220 | |||
| 219 | """ |
|
221 | """ | |
| 220 |
|
222 | |||
| 221 | if not has_superadmin_permission(apiuser): |
|
223 | if not has_superadmin_permission(apiuser): | |
| 222 | if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser): |
|
224 | if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser): | |
| 223 | raise JSONRPCForbidden() |
|
225 | raise JSONRPCForbidden() | |
| 224 |
|
226 | |||
| 225 | if UserGroupModel().get_by_name(group_name): |
|
227 | if UserGroupModel().get_by_name(group_name): | |
| 226 | raise JSONRPCError("user group `%s` already exist" % (group_name,)) |
|
228 | raise JSONRPCError("user group `%s` already exist" % (group_name,)) | |
| 227 |
|
229 | |||
| 228 | if isinstance(owner, Optional): |
|
230 | if isinstance(owner, Optional): | |
| 229 | owner = apiuser.user_id |
|
231 | owner = apiuser.user_id | |
| 230 |
|
232 | |||
| 231 | owner = get_user_or_error(owner) |
|
233 | owner = get_user_or_error(owner) | |
| 232 | active = Optional.extract(active) |
|
234 | active = Optional.extract(active) | |
| 233 | description = Optional.extract(description) |
|
235 | description = Optional.extract(description) | |
| 234 | sync = Optional.extract(sync) |
|
236 | sync = Optional.extract(sync) | |
| 235 |
|
237 | |||
| 236 | # set the sync option based on group_data |
|
238 | # set the sync option based on group_data | |
| 237 | group_data = None |
|
239 | group_data = None | |
| 238 | if sync: |
|
240 | if sync: | |
| 239 | group_data = { |
|
241 | group_data = { | |
| 240 | 'extern_type': 'manual_api', |
|
242 | 'extern_type': 'manual_api', | |
| 241 | 'extern_type_set_by': apiuser.username |
|
243 | 'extern_type_set_by': apiuser.username | |
| 242 | } |
|
244 | } | |
| 243 |
|
245 | |||
| 244 | schema = user_group_schema.UserGroupSchema().bind( |
|
246 | schema = user_group_schema.UserGroupSchema().bind( | |
| 245 | # user caller |
|
247 | # user caller | |
| 246 | user=apiuser) |
|
248 | user=apiuser) | |
| 247 | try: |
|
249 | try: | |
| 248 | schema_data = schema.deserialize(dict( |
|
250 | schema_data = schema.deserialize(dict( | |
| 249 | user_group_name=group_name, |
|
251 | user_group_name=group_name, | |
| 250 | user_group_description=description, |
|
252 | user_group_description=description, | |
| 251 | user_group_owner=owner.username, |
|
253 | user_group_owner=owner.username, | |
| 252 | user_group_active=active, |
|
254 | user_group_active=active, | |
| 253 | )) |
|
255 | )) | |
| 254 | except validation_schema.Invalid as err: |
|
256 | except validation_schema.Invalid as err: | |
| 255 | raise JSONRPCValidationError(colander_exc=err) |
|
257 | raise JSONRPCValidationError(colander_exc=err) | |
| 256 |
|
258 | |||
| 257 | try: |
|
259 | try: | |
| 258 | user_group = UserGroupModel().create( |
|
260 | user_group = UserGroupModel().create( | |
| 259 | name=schema_data['user_group_name'], |
|
261 | name=schema_data['user_group_name'], | |
| 260 | description=schema_data['user_group_description'], |
|
262 | description=schema_data['user_group_description'], | |
| 261 | owner=owner, |
|
263 | owner=owner, | |
| 262 | active=schema_data['user_group_active'], group_data=group_data) |
|
264 | active=schema_data['user_group_active'], group_data=group_data) | |
| 263 | Session().flush() |
|
265 | Session().flush() | |
| 264 | creation_data = user_group.get_api_data() |
|
266 | creation_data = user_group.get_api_data() | |
| 265 | audit_logger.store_api( |
|
267 | audit_logger.store_api( | |
| 266 | 'user_group.create', action_data={'data': creation_data}, |
|
268 | 'user_group.create', action_data={'data': creation_data}, | |
| 267 | user=apiuser) |
|
269 | user=apiuser) | |
| 268 | Session().commit() |
|
270 | Session().commit() | |
| 269 | return { |
|
271 | return { | |
| 270 | 'msg': 'created new user group `%s`' % group_name, |
|
272 | 'msg': 'created new user group `%s`' % group_name, | |
| 271 | 'user_group': creation_data |
|
273 | 'user_group': creation_data | |
| 272 | } |
|
274 | } | |
| 273 | except Exception: |
|
275 | except Exception: | |
| 274 | log.exception("Error occurred during creation of user group") |
|
276 | log.exception("Error occurred during creation of user group") | |
| 275 | raise JSONRPCError('failed to create group `%s`' % (group_name,)) |
|
277 | raise JSONRPCError('failed to create group `%s`' % (group_name,)) | |
| 276 |
|
278 | |||
| 277 |
|
279 | |||
| 278 | @jsonrpc_method() |
|
280 | @jsonrpc_method() | |
| 279 | def update_user_group(request, apiuser, usergroupid, group_name=Optional(''), |
|
281 | def update_user_group(request, apiuser, usergroupid, group_name=Optional(''), | |
| 280 | description=Optional(''), owner=Optional(None), |
|
282 | description=Optional(''), owner=Optional(None), | |
| 281 | active=Optional(True), sync=Optional(None)): |
|
283 | active=Optional(True), sync=Optional(None)): | |
| 282 | """ |
|
284 | """ | |
| 283 | Updates the specified `user group` with the details provided. |
|
285 | Updates the specified `user group` with the details provided. | |
| 284 |
|
286 | |||
| 285 | This command can only be run using an |authtoken| with admin rights to |
|
287 | This command can only be run using an |authtoken| with admin rights to | |
| 286 | the specified repository. |
|
288 | the specified repository. | |
| 287 |
|
289 | |||
| 288 | :param apiuser: This is filled automatically from the |authtoken|. |
|
290 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 289 | :type apiuser: AuthUser |
|
291 | :type apiuser: AuthUser | |
| 290 | :param usergroupid: Set the id of the `user group` to update. |
|
292 | :param usergroupid: Set the id of the `user group` to update. | |
| 291 | :type usergroupid: str or int |
|
293 | :type usergroupid: str or int | |
| 292 | :param group_name: Set the new name the `user group` |
|
294 | :param group_name: Set the new name the `user group` | |
| 293 | :type group_name: str |
|
295 | :type group_name: str | |
| 294 | :param description: Give a description for the `user group` |
|
296 | :param description: Give a description for the `user group` | |
| 295 | :type description: str |
|
297 | :type description: str | |
| 296 | :param owner: Set the owner of the `user group`. |
|
298 | :param owner: Set the owner of the `user group`. | |
| 297 | :type owner: Optional(str or int) |
|
299 | :type owner: Optional(str or int) | |
| 298 | :param active: Set the group as active. |
|
300 | :param active: Set the group as active. | |
| 299 | :type active: Optional(``True`` | ``False``) |
|
301 | :type active: Optional(``True`` | ``False``) | |
| 300 | :param sync: Set enabled or disabled the automatically sync from |
|
302 | :param sync: Set enabled or disabled the automatically sync from | |
| 301 | external authentication types like ldap. |
|
303 | external authentication types like ldap. If User Group will be named like | |
|
|
304 | one from e.g ldap and sync flag is enabled members will be synced automatically. | |||
|
|
305 | Sync type when enabled via API is set to `manual_api` | |||
| 302 | :type sync: Optional(``True`` | ``False``) |
|
306 | :type sync: Optional(``True`` | ``False``) | |
| 303 |
|
307 | |||
| 304 | Example output: |
|
308 | Example output: | |
| 305 |
|
309 | |||
| 306 | .. code-block:: bash |
|
310 | .. code-block:: bash | |
| 307 |
|
311 | |||
| 308 | id : <id_given_in_input> |
|
312 | id : <id_given_in_input> | |
| 309 | result : { |
|
313 | result : { | |
| 310 | "msg": 'updated user group ID:<user group id> <user group name>', |
|
314 | "msg": 'updated user group ID:<user group id> <user group name>', | |
| 311 | "user_group": <user_group_object> |
|
315 | "user_group": <user_group_object> | |
| 312 | } |
|
316 | } | |
| 313 | error : null |
|
317 | error : null | |
| 314 |
|
318 | |||
| 315 | Example error output: |
|
319 | Example error output: | |
| 316 |
|
320 | |||
| 317 | .. code-block:: bash |
|
321 | .. code-block:: bash | |
| 318 |
|
322 | |||
| 319 | id : <id_given_in_input> |
|
323 | id : <id_given_in_input> | |
| 320 | result : null |
|
324 | result : null | |
| 321 | error : { |
|
325 | error : { | |
| 322 | "failed to update user group `<user group name>`" |
|
326 | "failed to update user group `<user group name>`" | |
| 323 | } |
|
327 | } | |
| 324 |
|
328 | |||
| 325 | """ |
|
329 | """ | |
| 326 |
|
330 | |||
| 327 | user_group = get_user_group_or_error(usergroupid) |
|
331 | user_group = get_user_group_or_error(usergroupid) | |
| 328 | include_secrets = False |
|
332 | include_secrets = False | |
| 329 | if not has_superadmin_permission(apiuser): |
|
333 | if not has_superadmin_permission(apiuser): | |
| 330 | # check if we have admin permission for this user group ! |
|
334 | # check if we have admin permission for this user group ! | |
| 331 | _perms = ('usergroup.admin',) |
|
335 | _perms = ('usergroup.admin',) | |
| 332 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
336 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 333 | user=apiuser, user_group_name=user_group.users_group_name): |
|
337 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 334 | raise JSONRPCError( |
|
338 | raise JSONRPCError( | |
| 335 | 'user group `%s` does not exist' % (usergroupid,)) |
|
339 | 'user group `%s` does not exist' % (usergroupid,)) | |
| 336 | else: |
|
340 | else: | |
| 337 | include_secrets = True |
|
341 | include_secrets = True | |
| 338 |
|
342 | |||
| 339 | if not isinstance(owner, Optional): |
|
343 | if not isinstance(owner, Optional): | |
| 340 | owner = get_user_or_error(owner) |
|
344 | owner = get_user_or_error(owner) | |
| 341 |
|
345 | |||
| 342 | old_data = user_group.get_api_data() |
|
346 | old_data = user_group.get_api_data() | |
| 343 | updates = {} |
|
347 | updates = {} | |
| 344 | store_update(updates, group_name, 'users_group_name') |
|
348 | store_update(updates, group_name, 'users_group_name') | |
| 345 | store_update(updates, description, 'user_group_description') |
|
349 | store_update(updates, description, 'user_group_description') | |
| 346 | store_update(updates, owner, 'user') |
|
350 | store_update(updates, owner, 'user') | |
| 347 | store_update(updates, active, 'users_group_active') |
|
351 | store_update(updates, active, 'users_group_active') | |
| 348 |
|
352 | |||
| 349 | sync = Optional.extract(sync) |
|
353 | sync = Optional.extract(sync) | |
| 350 | group_data = None |
|
354 | group_data = None | |
| 351 | if sync is True: |
|
355 | if sync is True: | |
| 352 | group_data = { |
|
356 | group_data = { | |
| 353 | 'extern_type': 'manual_api', |
|
357 | 'extern_type': 'manual_api', | |
| 354 | 'extern_type_set_by': apiuser.username |
|
358 | 'extern_type_set_by': apiuser.username | |
| 355 | } |
|
359 | } | |
| 356 | if sync is False: |
|
360 | if sync is False: | |
| 357 | group_data = user_group.group_data |
|
361 | group_data = user_group.group_data | |
| 358 | if group_data and "extern_type" in group_data: |
|
362 | if group_data and "extern_type" in group_data: | |
| 359 | del group_data["extern_type"] |
|
363 | del group_data["extern_type"] | |
| 360 |
|
364 | |||
| 361 | try: |
|
365 | try: | |
| 362 | UserGroupModel().update(user_group, updates, group_data=group_data) |
|
366 | UserGroupModel().update(user_group, updates, group_data=group_data) | |
| 363 | audit_logger.store_api( |
|
367 | audit_logger.store_api( | |
| 364 | 'user_group.edit', action_data={'old_data': old_data}, |
|
368 | 'user_group.edit', action_data={'old_data': old_data}, | |
| 365 | user=apiuser) |
|
369 | user=apiuser) | |
| 366 | Session().commit() |
|
370 | Session().commit() | |
| 367 | return { |
|
371 | return { | |
| 368 | 'msg': 'updated user group ID:%s %s' % ( |
|
372 | 'msg': 'updated user group ID:%s %s' % ( | |
| 369 | user_group.users_group_id, user_group.users_group_name), |
|
373 | user_group.users_group_id, user_group.users_group_name), | |
| 370 | 'user_group': user_group.get_api_data( |
|
374 | 'user_group': user_group.get_api_data( | |
| 371 | include_secrets=include_secrets) |
|
375 | include_secrets=include_secrets) | |
| 372 | } |
|
376 | } | |
| 373 | except Exception: |
|
377 | except Exception: | |
| 374 | log.exception("Error occurred during update of user group") |
|
378 | log.exception("Error occurred during update of user group") | |
| 375 | raise JSONRPCError( |
|
379 | raise JSONRPCError( | |
| 376 | 'failed to update user group `%s`' % (usergroupid,)) |
|
380 | 'failed to update user group `%s`' % (usergroupid,)) | |
| 377 |
|
381 | |||
| 378 |
|
382 | |||
| 379 | @jsonrpc_method() |
|
383 | @jsonrpc_method() | |
| 380 | def delete_user_group(request, apiuser, usergroupid): |
|
384 | def delete_user_group(request, apiuser, usergroupid): | |
| 381 | """ |
|
385 | """ | |
| 382 | Deletes the specified `user group`. |
|
386 | Deletes the specified `user group`. | |
| 383 |
|
387 | |||
| 384 | This command can only be run using an |authtoken| with admin rights to |
|
388 | This command can only be run using an |authtoken| with admin rights to | |
| 385 | the specified repository. |
|
389 | the specified repository. | |
| 386 |
|
390 | |||
| 387 | This command takes the following options: |
|
391 | This command takes the following options: | |
| 388 |
|
392 | |||
| 389 | :param apiuser: filled automatically from apikey |
|
393 | :param apiuser: filled automatically from apikey | |
| 390 | :type apiuser: AuthUser |
|
394 | :type apiuser: AuthUser | |
| 391 | :param usergroupid: |
|
395 | :param usergroupid: | |
| 392 | :type usergroupid: int |
|
396 | :type usergroupid: int | |
| 393 |
|
397 | |||
| 394 | Example output: |
|
398 | Example output: | |
| 395 |
|
399 | |||
| 396 | .. code-block:: bash |
|
400 | .. code-block:: bash | |
| 397 |
|
401 | |||
| 398 | id : <id_given_in_input> |
|
402 | id : <id_given_in_input> | |
| 399 | result : { |
|
403 | result : { | |
| 400 | "msg": "deleted user group ID:<user_group_id> <user_group_name>" |
|
404 | "msg": "deleted user group ID:<user_group_id> <user_group_name>" | |
| 401 | } |
|
405 | } | |
| 402 | error : null |
|
406 | error : null | |
| 403 |
|
407 | |||
| 404 | Example error output: |
|
408 | Example error output: | |
| 405 |
|
409 | |||
| 406 | .. code-block:: bash |
|
410 | .. code-block:: bash | |
| 407 |
|
411 | |||
| 408 | id : <id_given_in_input> |
|
412 | id : <id_given_in_input> | |
| 409 | result : null |
|
413 | result : null | |
| 410 | error : { |
|
414 | error : { | |
| 411 | "failed to delete user group ID:<user_group_id> <user_group_name>" |
|
415 | "failed to delete user group ID:<user_group_id> <user_group_name>" | |
| 412 | or |
|
416 | or | |
| 413 | "RepoGroup assigned to <repo_groups_list>" |
|
417 | "RepoGroup assigned to <repo_groups_list>" | |
| 414 | } |
|
418 | } | |
| 415 |
|
419 | |||
| 416 | """ |
|
420 | """ | |
| 417 |
|
421 | |||
| 418 | user_group = get_user_group_or_error(usergroupid) |
|
422 | user_group = get_user_group_or_error(usergroupid) | |
| 419 | if not has_superadmin_permission(apiuser): |
|
423 | if not has_superadmin_permission(apiuser): | |
| 420 | # check if we have admin permission for this user group ! |
|
424 | # check if we have admin permission for this user group ! | |
| 421 | _perms = ('usergroup.admin',) |
|
425 | _perms = ('usergroup.admin',) | |
| 422 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
426 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 423 | user=apiuser, user_group_name=user_group.users_group_name): |
|
427 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 424 | raise JSONRPCError( |
|
428 | raise JSONRPCError( | |
| 425 | 'user group `%s` does not exist' % (usergroupid,)) |
|
429 | 'user group `%s` does not exist' % (usergroupid,)) | |
| 426 |
|
430 | |||
| 427 | old_data = user_group.get_api_data() |
|
431 | old_data = user_group.get_api_data() | |
| 428 | try: |
|
432 | try: | |
| 429 | UserGroupModel().delete(user_group) |
|
433 | UserGroupModel().delete(user_group) | |
| 430 | audit_logger.store_api( |
|
434 | audit_logger.store_api( | |
| 431 | 'user_group.delete', action_data={'old_data': old_data}, |
|
435 | 'user_group.delete', action_data={'old_data': old_data}, | |
| 432 | user=apiuser) |
|
436 | user=apiuser) | |
| 433 | Session().commit() |
|
437 | Session().commit() | |
| 434 | return { |
|
438 | return { | |
| 435 | 'msg': 'deleted user group ID:%s %s' % ( |
|
439 | 'msg': 'deleted user group ID:%s %s' % ( | |
| 436 | user_group.users_group_id, user_group.users_group_name), |
|
440 | user_group.users_group_id, user_group.users_group_name), | |
| 437 | 'user_group': None |
|
441 | 'user_group': None | |
| 438 | } |
|
442 | } | |
| 439 | except UserGroupAssignedException as e: |
|
443 | except UserGroupAssignedException as e: | |
| 440 | log.exception("UserGroupAssigned error") |
|
444 | log.exception("UserGroupAssigned error") | |
| 441 | raise JSONRPCError(str(e)) |
|
445 | raise JSONRPCError(str(e)) | |
| 442 | except Exception: |
|
446 | except Exception: | |
| 443 | log.exception("Error occurred during deletion of user group") |
|
447 | log.exception("Error occurred during deletion of user group") | |
| 444 | raise JSONRPCError( |
|
448 | raise JSONRPCError( | |
| 445 | 'failed to delete user group ID:%s %s' %( |
|
449 | 'failed to delete user group ID:%s %s' %( | |
| 446 | user_group.users_group_id, user_group.users_group_name)) |
|
450 | user_group.users_group_id, user_group.users_group_name)) | |
| 447 |
|
451 | |||
| 448 |
|
452 | |||
| 449 | @jsonrpc_method() |
|
453 | @jsonrpc_method() | |
| 450 | def add_user_to_user_group(request, apiuser, usergroupid, userid): |
|
454 | def add_user_to_user_group(request, apiuser, usergroupid, userid): | |
| 451 | """ |
|
455 | """ | |
| 452 | Adds a user to a `user group`. If the user already exists in the group |
|
456 | Adds a user to a `user group`. If the user already exists in the group | |
| 453 | this command will return false. |
|
457 | this command will return false. | |
| 454 |
|
458 | |||
| 455 | This command can only be run using an |authtoken| with admin rights to |
|
459 | This command can only be run using an |authtoken| with admin rights to | |
| 456 | the specified user group. |
|
460 | the specified user group. | |
| 457 |
|
461 | |||
| 458 | This command takes the following options: |
|
462 | This command takes the following options: | |
| 459 |
|
463 | |||
| 460 | :param apiuser: This is filled automatically from the |authtoken|. |
|
464 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 461 | :type apiuser: AuthUser |
|
465 | :type apiuser: AuthUser | |
| 462 | :param usergroupid: Set the name of the `user group` to which a |
|
466 | :param usergroupid: Set the name of the `user group` to which a | |
| 463 | user will be added. |
|
467 | user will be added. | |
| 464 | :type usergroupid: int |
|
468 | :type usergroupid: int | |
| 465 | :param userid: Set the `user_id` of the user to add to the group. |
|
469 | :param userid: Set the `user_id` of the user to add to the group. | |
| 466 | :type userid: int |
|
470 | :type userid: int | |
| 467 |
|
471 | |||
| 468 | Example output: |
|
472 | Example output: | |
| 469 |
|
473 | |||
| 470 | .. code-block:: bash |
|
474 | .. code-block:: bash | |
| 471 |
|
475 | |||
| 472 | id : <id_given_in_input> |
|
476 | id : <id_given_in_input> | |
| 473 | result : { |
|
477 | result : { | |
| 474 | "success": True|False # depends on if member is in group |
|
478 | "success": True|False # depends on if member is in group | |
| 475 | "msg": "added member `<username>` to user group `<groupname>` | |
|
479 | "msg": "added member `<username>` to user group `<groupname>` | | |
| 476 | User is already in that group" |
|
480 | User is already in that group" | |
| 477 |
|
481 | |||
| 478 | } |
|
482 | } | |
| 479 | error : null |
|
483 | error : null | |
| 480 |
|
484 | |||
| 481 | Example error output: |
|
485 | Example error output: | |
| 482 |
|
486 | |||
| 483 | .. code-block:: bash |
|
487 | .. code-block:: bash | |
| 484 |
|
488 | |||
| 485 | id : <id_given_in_input> |
|
489 | id : <id_given_in_input> | |
| 486 | result : null |
|
490 | result : null | |
| 487 | error : { |
|
491 | error : { | |
| 488 | "failed to add member to user group `<user_group_name>`" |
|
492 | "failed to add member to user group `<user_group_name>`" | |
| 489 | } |
|
493 | } | |
| 490 |
|
494 | |||
| 491 | """ |
|
495 | """ | |
| 492 |
|
496 | |||
| 493 | user = get_user_or_error(userid) |
|
497 | user = get_user_or_error(userid) | |
| 494 | user_group = get_user_group_or_error(usergroupid) |
|
498 | user_group = get_user_group_or_error(usergroupid) | |
| 495 | if not has_superadmin_permission(apiuser): |
|
499 | if not has_superadmin_permission(apiuser): | |
| 496 | # check if we have admin permission for this user group ! |
|
500 | # check if we have admin permission for this user group ! | |
| 497 | _perms = ('usergroup.admin',) |
|
501 | _perms = ('usergroup.admin',) | |
| 498 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
502 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 499 | user=apiuser, user_group_name=user_group.users_group_name): |
|
503 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 500 | raise JSONRPCError('user group `%s` does not exist' % ( |
|
504 | raise JSONRPCError('user group `%s` does not exist' % ( | |
| 501 | usergroupid,)) |
|
505 | usergroupid,)) | |
| 502 |
|
506 | |||
| 503 | old_values = user_group.get_api_data() |
|
507 | old_values = user_group.get_api_data() | |
| 504 | try: |
|
508 | try: | |
| 505 | ugm = UserGroupModel().add_user_to_group(user_group, user) |
|
509 | ugm = UserGroupModel().add_user_to_group(user_group, user) | |
| 506 | success = True if ugm is not True else False |
|
510 | success = True if ugm is not True else False | |
| 507 | msg = 'added member `%s` to user group `%s`' % ( |
|
511 | msg = 'added member `%s` to user group `%s`' % ( | |
| 508 | user.username, user_group.users_group_name |
|
512 | user.username, user_group.users_group_name | |
| 509 | ) |
|
513 | ) | |
| 510 | msg = msg if success else 'User is already in that group' |
|
514 | msg = msg if success else 'User is already in that group' | |
| 511 | if success: |
|
515 | if success: | |
| 512 | user_data = user.get_api_data() |
|
516 | user_data = user.get_api_data() | |
| 513 | audit_logger.store_api( |
|
517 | audit_logger.store_api( | |
| 514 | 'user_group.edit.member.add', |
|
518 | 'user_group.edit.member.add', | |
| 515 | action_data={'user': user_data, 'old_data': old_values}, |
|
519 | action_data={'user': user_data, 'old_data': old_values}, | |
| 516 | user=apiuser) |
|
520 | user=apiuser) | |
| 517 |
|
521 | |||
| 518 | Session().commit() |
|
522 | Session().commit() | |
| 519 |
|
523 | |||
| 520 | return { |
|
524 | return { | |
| 521 | 'success': success, |
|
525 | 'success': success, | |
| 522 | 'msg': msg |
|
526 | 'msg': msg | |
| 523 | } |
|
527 | } | |
| 524 | except Exception: |
|
528 | except Exception: | |
| 525 | log.exception("Error occurred during adding a member to user group") |
|
529 | log.exception("Error occurred during adding a member to user group") | |
| 526 | raise JSONRPCError( |
|
530 | raise JSONRPCError( | |
| 527 | 'failed to add member to user group `%s`' % ( |
|
531 | 'failed to add member to user group `%s`' % ( | |
| 528 | user_group.users_group_name, |
|
532 | user_group.users_group_name, | |
| 529 | ) |
|
533 | ) | |
| 530 | ) |
|
534 | ) | |
| 531 |
|
535 | |||
| 532 |
|
536 | |||
| 533 | @jsonrpc_method() |
|
537 | @jsonrpc_method() | |
| 534 | def remove_user_from_user_group(request, apiuser, usergroupid, userid): |
|
538 | def remove_user_from_user_group(request, apiuser, usergroupid, userid): | |
| 535 | """ |
|
539 | """ | |
| 536 | Removes a user from a user group. |
|
540 | Removes a user from a user group. | |
| 537 |
|
541 | |||
| 538 | * If the specified user is not in the group, this command will return |
|
542 | * If the specified user is not in the group, this command will return | |
| 539 | `false`. |
|
543 | `false`. | |
| 540 |
|
544 | |||
| 541 | This command can only be run using an |authtoken| with admin rights to |
|
545 | This command can only be run using an |authtoken| with admin rights to | |
| 542 | the specified user group. |
|
546 | the specified user group. | |
| 543 |
|
547 | |||
| 544 | :param apiuser: This is filled automatically from the |authtoken|. |
|
548 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 545 | :type apiuser: AuthUser |
|
549 | :type apiuser: AuthUser | |
| 546 | :param usergroupid: Sets the user group name. |
|
550 | :param usergroupid: Sets the user group name. | |
| 547 | :type usergroupid: str or int |
|
551 | :type usergroupid: str or int | |
| 548 | :param userid: The user you wish to remove from |RCE|. |
|
552 | :param userid: The user you wish to remove from |RCE|. | |
| 549 | :type userid: str or int |
|
553 | :type userid: str or int | |
| 550 |
|
554 | |||
| 551 | Example output: |
|
555 | Example output: | |
| 552 |
|
556 | |||
| 553 | .. code-block:: bash |
|
557 | .. code-block:: bash | |
| 554 |
|
558 | |||
| 555 | id : <id_given_in_input> |
|
559 | id : <id_given_in_input> | |
| 556 | result: { |
|
560 | result: { | |
| 557 | "success": True|False, # depends on if member is in group |
|
561 | "success": True|False, # depends on if member is in group | |
| 558 | "msg": "removed member <username> from user group <groupname> | |
|
562 | "msg": "removed member <username> from user group <groupname> | | |
| 559 | User wasn't in group" |
|
563 | User wasn't in group" | |
| 560 | } |
|
564 | } | |
| 561 | error: null |
|
565 | error: null | |
| 562 |
|
566 | |||
| 563 | """ |
|
567 | """ | |
| 564 |
|
568 | |||
| 565 | user = get_user_or_error(userid) |
|
569 | user = get_user_or_error(userid) | |
| 566 | user_group = get_user_group_or_error(usergroupid) |
|
570 | user_group = get_user_group_or_error(usergroupid) | |
| 567 | if not has_superadmin_permission(apiuser): |
|
571 | if not has_superadmin_permission(apiuser): | |
| 568 | # check if we have admin permission for this user group ! |
|
572 | # check if we have admin permission for this user group ! | |
| 569 | _perms = ('usergroup.admin',) |
|
573 | _perms = ('usergroup.admin',) | |
| 570 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
574 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 571 | user=apiuser, user_group_name=user_group.users_group_name): |
|
575 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 572 | raise JSONRPCError( |
|
576 | raise JSONRPCError( | |
| 573 | 'user group `%s` does not exist' % (usergroupid,)) |
|
577 | 'user group `%s` does not exist' % (usergroupid,)) | |
| 574 |
|
578 | |||
| 575 | old_values = user_group.get_api_data() |
|
579 | old_values = user_group.get_api_data() | |
| 576 | try: |
|
580 | try: | |
| 577 | success = UserGroupModel().remove_user_from_group(user_group, user) |
|
581 | success = UserGroupModel().remove_user_from_group(user_group, user) | |
| 578 | msg = 'removed member `%s` from user group `%s`' % ( |
|
582 | msg = 'removed member `%s` from user group `%s`' % ( | |
| 579 | user.username, user_group.users_group_name |
|
583 | user.username, user_group.users_group_name | |
| 580 | ) |
|
584 | ) | |
| 581 | msg = msg if success else "User wasn't in group" |
|
585 | msg = msg if success else "User wasn't in group" | |
| 582 | if success: |
|
586 | if success: | |
| 583 | user_data = user.get_api_data() |
|
587 | user_data = user.get_api_data() | |
| 584 | audit_logger.store_api( |
|
588 | audit_logger.store_api( | |
| 585 | 'user_group.edit.member.delete', |
|
589 | 'user_group.edit.member.delete', | |
| 586 | action_data={'user': user_data, 'old_data': old_values}, |
|
590 | action_data={'user': user_data, 'old_data': old_values}, | |
| 587 | user=apiuser) |
|
591 | user=apiuser) | |
| 588 |
|
592 | |||
| 589 | Session().commit() |
|
593 | Session().commit() | |
| 590 | return {'success': success, 'msg': msg} |
|
594 | return {'success': success, 'msg': msg} | |
| 591 | except Exception: |
|
595 | except Exception: | |
| 592 | log.exception("Error occurred during removing an member from user group") |
|
596 | log.exception("Error occurred during removing an member from user group") | |
| 593 | raise JSONRPCError( |
|
597 | raise JSONRPCError( | |
| 594 | 'failed to remove member from user group `%s`' % ( |
|
598 | 'failed to remove member from user group `%s`' % ( | |
| 595 | user_group.users_group_name, |
|
599 | user_group.users_group_name, | |
| 596 | ) |
|
600 | ) | |
| 597 | ) |
|
601 | ) | |
| 598 |
|
602 | |||
| 599 |
|
603 | |||
| 600 | @jsonrpc_method() |
|
604 | @jsonrpc_method() | |
| 601 | def grant_user_permission_to_user_group( |
|
605 | def grant_user_permission_to_user_group( | |
| 602 | request, apiuser, usergroupid, userid, perm): |
|
606 | request, apiuser, usergroupid, userid, perm): | |
| 603 | """ |
|
607 | """ | |
| 604 | Set permissions for a user in a user group. |
|
608 | Set permissions for a user in a user group. | |
| 605 |
|
609 | |||
| 606 | :param apiuser: This is filled automatically from the |authtoken|. |
|
610 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 607 | :type apiuser: AuthUser |
|
611 | :type apiuser: AuthUser | |
| 608 | :param usergroupid: Set the user group to edit permissions on. |
|
612 | :param usergroupid: Set the user group to edit permissions on. | |
| 609 | :type usergroupid: str or int |
|
613 | :type usergroupid: str or int | |
| 610 | :param userid: Set the user from whom you wish to set permissions. |
|
614 | :param userid: Set the user from whom you wish to set permissions. | |
| 611 | :type userid: str |
|
615 | :type userid: str | |
| 612 | :param perm: (usergroup.(none|read|write|admin)) |
|
616 | :param perm: (usergroup.(none|read|write|admin)) | |
| 613 | :type perm: str |
|
617 | :type perm: str | |
| 614 |
|
618 | |||
| 615 | Example output: |
|
619 | Example output: | |
| 616 |
|
620 | |||
| 617 | .. code-block:: bash |
|
621 | .. code-block:: bash | |
| 618 |
|
622 | |||
| 619 | id : <id_given_in_input> |
|
623 | id : <id_given_in_input> | |
| 620 | result : { |
|
624 | result : { | |
| 621 | "msg": "Granted perm: `<perm_name>` for user: `<username>` in user group: `<user_group_name>`", |
|
625 | "msg": "Granted perm: `<perm_name>` for user: `<username>` in user group: `<user_group_name>`", | |
| 622 | "success": true |
|
626 | "success": true | |
| 623 | } |
|
627 | } | |
| 624 | error : null |
|
628 | error : null | |
| 625 | """ |
|
629 | """ | |
| 626 |
|
630 | |||
| 627 | user_group = get_user_group_or_error(usergroupid) |
|
631 | user_group = get_user_group_or_error(usergroupid) | |
| 628 |
|
632 | |||
| 629 | if not has_superadmin_permission(apiuser): |
|
633 | if not has_superadmin_permission(apiuser): | |
| 630 | # check if we have admin permission for this user group ! |
|
634 | # check if we have admin permission for this user group ! | |
| 631 | _perms = ('usergroup.admin',) |
|
635 | _perms = ('usergroup.admin',) | |
| 632 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
636 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 633 | user=apiuser, user_group_name=user_group.users_group_name): |
|
637 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 634 | raise JSONRPCError( |
|
638 | raise JSONRPCError( | |
| 635 | 'user group `%s` does not exist' % (usergroupid,)) |
|
639 | 'user group `%s` does not exist' % (usergroupid,)) | |
| 636 |
|
640 | |||
| 637 | user = get_user_or_error(userid) |
|
641 | user = get_user_or_error(userid) | |
| 638 | perm = get_perm_or_error(perm, prefix='usergroup.') |
|
642 | perm = get_perm_or_error(perm, prefix='usergroup.') | |
| 639 |
|
643 | |||
| 640 | try: |
|
644 | try: | |
| 641 | changes = UserGroupModel().grant_user_permission( |
|
645 | changes = UserGroupModel().grant_user_permission( | |
| 642 | user_group=user_group, user=user, perm=perm) |
|
646 | user_group=user_group, user=user, perm=perm) | |
| 643 |
|
647 | |||
| 644 | action_data = { |
|
648 | action_data = { | |
| 645 | 'added': changes['added'], |
|
649 | 'added': changes['added'], | |
| 646 | 'updated': changes['updated'], |
|
650 | 'updated': changes['updated'], | |
| 647 | 'deleted': changes['deleted'], |
|
651 | 'deleted': changes['deleted'], | |
| 648 | } |
|
652 | } | |
| 649 | audit_logger.store_api( |
|
653 | audit_logger.store_api( | |
| 650 | 'user_group.edit.permissions', action_data=action_data, |
|
654 | 'user_group.edit.permissions', action_data=action_data, | |
| 651 | user=apiuser) |
|
655 | user=apiuser) | |
| 652 |
|
656 | |||
| 653 | Session().commit() |
|
657 | Session().commit() | |
| 654 | return { |
|
658 | return { | |
| 655 | 'msg': |
|
659 | 'msg': | |
| 656 | 'Granted perm: `%s` for user: `%s` in user group: `%s`' % ( |
|
660 | 'Granted perm: `%s` for user: `%s` in user group: `%s`' % ( | |
| 657 | perm.permission_name, user.username, |
|
661 | perm.permission_name, user.username, | |
| 658 | user_group.users_group_name |
|
662 | user_group.users_group_name | |
| 659 | ), |
|
663 | ), | |
| 660 | 'success': True |
|
664 | 'success': True | |
| 661 | } |
|
665 | } | |
| 662 | except Exception: |
|
666 | except Exception: | |
| 663 | log.exception("Error occurred during editing permissions " |
|
667 | log.exception("Error occurred during editing permissions " | |
| 664 | "for user in user group") |
|
668 | "for user in user group") | |
| 665 | raise JSONRPCError( |
|
669 | raise JSONRPCError( | |
| 666 | 'failed to edit permission for user: ' |
|
670 | 'failed to edit permission for user: ' | |
| 667 | '`%s` in user group: `%s`' % ( |
|
671 | '`%s` in user group: `%s`' % ( | |
| 668 | userid, user_group.users_group_name)) |
|
672 | userid, user_group.users_group_name)) | |
| 669 |
|
673 | |||
| 670 |
|
674 | |||
| 671 | @jsonrpc_method() |
|
675 | @jsonrpc_method() | |
| 672 | def revoke_user_permission_from_user_group( |
|
676 | def revoke_user_permission_from_user_group( | |
| 673 | request, apiuser, usergroupid, userid): |
|
677 | request, apiuser, usergroupid, userid): | |
| 674 | """ |
|
678 | """ | |
| 675 | Revoke a users permissions in a user group. |
|
679 | Revoke a users permissions in a user group. | |
| 676 |
|
680 | |||
| 677 | :param apiuser: This is filled automatically from the |authtoken|. |
|
681 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 678 | :type apiuser: AuthUser |
|
682 | :type apiuser: AuthUser | |
| 679 | :param usergroupid: Set the user group from which to revoke the user |
|
683 | :param usergroupid: Set the user group from which to revoke the user | |
| 680 | permissions. |
|
684 | permissions. | |
| 681 | :type: usergroupid: str or int |
|
685 | :type: usergroupid: str or int | |
| 682 | :param userid: Set the userid of the user whose permissions will be |
|
686 | :param userid: Set the userid of the user whose permissions will be | |
| 683 | revoked. |
|
687 | revoked. | |
| 684 | :type userid: str |
|
688 | :type userid: str | |
| 685 |
|
689 | |||
| 686 | Example output: |
|
690 | Example output: | |
| 687 |
|
691 | |||
| 688 | .. code-block:: bash |
|
692 | .. code-block:: bash | |
| 689 |
|
693 | |||
| 690 | id : <id_given_in_input> |
|
694 | id : <id_given_in_input> | |
| 691 | result : { |
|
695 | result : { | |
| 692 | "msg": "Revoked perm for user: `<username>` in user group: `<user_group_name>`", |
|
696 | "msg": "Revoked perm for user: `<username>` in user group: `<user_group_name>`", | |
| 693 | "success": true |
|
697 | "success": true | |
| 694 | } |
|
698 | } | |
| 695 | error : null |
|
699 | error : null | |
| 696 | """ |
|
700 | """ | |
| 697 |
|
701 | |||
| 698 | user_group = get_user_group_or_error(usergroupid) |
|
702 | user_group = get_user_group_or_error(usergroupid) | |
| 699 |
|
703 | |||
| 700 | if not has_superadmin_permission(apiuser): |
|
704 | if not has_superadmin_permission(apiuser): | |
| 701 | # check if we have admin permission for this user group ! |
|
705 | # check if we have admin permission for this user group ! | |
| 702 | _perms = ('usergroup.admin',) |
|
706 | _perms = ('usergroup.admin',) | |
| 703 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
707 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 704 | user=apiuser, user_group_name=user_group.users_group_name): |
|
708 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 705 | raise JSONRPCError( |
|
709 | raise JSONRPCError( | |
| 706 | 'user group `%s` does not exist' % (usergroupid,)) |
|
710 | 'user group `%s` does not exist' % (usergroupid,)) | |
| 707 |
|
711 | |||
| 708 | user = get_user_or_error(userid) |
|
712 | user = get_user_or_error(userid) | |
| 709 |
|
713 | |||
| 710 | try: |
|
714 | try: | |
| 711 | changes = UserGroupModel().revoke_user_permission( |
|
715 | changes = UserGroupModel().revoke_user_permission( | |
| 712 | user_group=user_group, user=user) |
|
716 | user_group=user_group, user=user) | |
| 713 | action_data = { |
|
717 | action_data = { | |
| 714 | 'added': changes['added'], |
|
718 | 'added': changes['added'], | |
| 715 | 'updated': changes['updated'], |
|
719 | 'updated': changes['updated'], | |
| 716 | 'deleted': changes['deleted'], |
|
720 | 'deleted': changes['deleted'], | |
| 717 | } |
|
721 | } | |
| 718 | audit_logger.store_api( |
|
722 | audit_logger.store_api( | |
| 719 | 'user_group.edit.permissions', action_data=action_data, |
|
723 | 'user_group.edit.permissions', action_data=action_data, | |
| 720 | user=apiuser) |
|
724 | user=apiuser) | |
| 721 |
|
725 | |||
| 722 | Session().commit() |
|
726 | Session().commit() | |
| 723 | return { |
|
727 | return { | |
| 724 | 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % ( |
|
728 | 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % ( | |
| 725 | user.username, user_group.users_group_name |
|
729 | user.username, user_group.users_group_name | |
| 726 | ), |
|
730 | ), | |
| 727 | 'success': True |
|
731 | 'success': True | |
| 728 | } |
|
732 | } | |
| 729 | except Exception: |
|
733 | except Exception: | |
| 730 | log.exception("Error occurred during editing permissions " |
|
734 | log.exception("Error occurred during editing permissions " | |
| 731 | "for user in user group") |
|
735 | "for user in user group") | |
| 732 | raise JSONRPCError( |
|
736 | raise JSONRPCError( | |
| 733 | 'failed to edit permission for user: `%s` in user group: `%s`' |
|
737 | 'failed to edit permission for user: `%s` in user group: `%s`' | |
| 734 | % (userid, user_group.users_group_name)) |
|
738 | % (userid, user_group.users_group_name)) | |
| 735 |
|
739 | |||
| 736 |
|
740 | |||
| 737 | @jsonrpc_method() |
|
741 | @jsonrpc_method() | |
| 738 | def grant_user_group_permission_to_user_group( |
|
742 | def grant_user_group_permission_to_user_group( | |
| 739 | request, apiuser, usergroupid, sourceusergroupid, perm): |
|
743 | request, apiuser, usergroupid, sourceusergroupid, perm): | |
| 740 | """ |
|
744 | """ | |
| 741 | Give one user group permissions to another user group. |
|
745 | Give one user group permissions to another user group. | |
| 742 |
|
746 | |||
| 743 | :param apiuser: This is filled automatically from the |authtoken|. |
|
747 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 744 | :type apiuser: AuthUser |
|
748 | :type apiuser: AuthUser | |
| 745 | :param usergroupid: Set the user group on which to edit permissions. |
|
749 | :param usergroupid: Set the user group on which to edit permissions. | |
| 746 | :type usergroupid: str or int |
|
750 | :type usergroupid: str or int | |
| 747 | :param sourceusergroupid: Set the source user group to which |
|
751 | :param sourceusergroupid: Set the source user group to which | |
| 748 | access/permissions will be granted. |
|
752 | access/permissions will be granted. | |
| 749 | :type sourceusergroupid: str or int |
|
753 | :type sourceusergroupid: str or int | |
| 750 | :param perm: (usergroup.(none|read|write|admin)) |
|
754 | :param perm: (usergroup.(none|read|write|admin)) | |
| 751 | :type perm: str |
|
755 | :type perm: str | |
| 752 |
|
756 | |||
| 753 | Example output: |
|
757 | Example output: | |
| 754 |
|
758 | |||
| 755 | .. code-block:: bash |
|
759 | .. code-block:: bash | |
| 756 |
|
760 | |||
| 757 | id : <id_given_in_input> |
|
761 | id : <id_given_in_input> | |
| 758 | result : { |
|
762 | result : { | |
| 759 | "msg": "Granted perm: `<perm_name>` for user group: `<source_user_group_name>` in user group: `<user_group_name>`", |
|
763 | "msg": "Granted perm: `<perm_name>` for user group: `<source_user_group_name>` in user group: `<user_group_name>`", | |
| 760 | "success": true |
|
764 | "success": true | |
| 761 | } |
|
765 | } | |
| 762 | error : null |
|
766 | error : null | |
| 763 | """ |
|
767 | """ | |
| 764 |
|
768 | |||
| 765 | user_group = get_user_group_or_error(sourceusergroupid) |
|
769 | user_group = get_user_group_or_error(sourceusergroupid) | |
| 766 | target_user_group = get_user_group_or_error(usergroupid) |
|
770 | target_user_group = get_user_group_or_error(usergroupid) | |
| 767 | perm = get_perm_or_error(perm, prefix='usergroup.') |
|
771 | perm = get_perm_or_error(perm, prefix='usergroup.') | |
| 768 |
|
772 | |||
| 769 | if not has_superadmin_permission(apiuser): |
|
773 | if not has_superadmin_permission(apiuser): | |
| 770 | # check if we have admin permission for this user group ! |
|
774 | # check if we have admin permission for this user group ! | |
| 771 | _perms = ('usergroup.admin',) |
|
775 | _perms = ('usergroup.admin',) | |
| 772 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
776 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 773 | user=apiuser, |
|
777 | user=apiuser, | |
| 774 | user_group_name=target_user_group.users_group_name): |
|
778 | user_group_name=target_user_group.users_group_name): | |
| 775 | raise JSONRPCError( |
|
779 | raise JSONRPCError( | |
| 776 | 'to user group `%s` does not exist' % (usergroupid,)) |
|
780 | 'to user group `%s` does not exist' % (usergroupid,)) | |
| 777 |
|
781 | |||
| 778 | # check if we have at least read permission for source user group ! |
|
782 | # check if we have at least read permission for source user group ! | |
| 779 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
783 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
| 780 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
784 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 781 | user=apiuser, user_group_name=user_group.users_group_name): |
|
785 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 782 | raise JSONRPCError( |
|
786 | raise JSONRPCError( | |
| 783 | 'user group `%s` does not exist' % (sourceusergroupid,)) |
|
787 | 'user group `%s` does not exist' % (sourceusergroupid,)) | |
| 784 |
|
788 | |||
| 785 | try: |
|
789 | try: | |
| 786 | changes = UserGroupModel().grant_user_group_permission( |
|
790 | changes = UserGroupModel().grant_user_group_permission( | |
| 787 | target_user_group=target_user_group, |
|
791 | target_user_group=target_user_group, | |
| 788 | user_group=user_group, perm=perm) |
|
792 | user_group=user_group, perm=perm) | |
| 789 |
|
793 | |||
| 790 | action_data = { |
|
794 | action_data = { | |
| 791 | 'added': changes['added'], |
|
795 | 'added': changes['added'], | |
| 792 | 'updated': changes['updated'], |
|
796 | 'updated': changes['updated'], | |
| 793 | 'deleted': changes['deleted'], |
|
797 | 'deleted': changes['deleted'], | |
| 794 | } |
|
798 | } | |
| 795 | audit_logger.store_api( |
|
799 | audit_logger.store_api( | |
| 796 | 'user_group.edit.permissions', action_data=action_data, |
|
800 | 'user_group.edit.permissions', action_data=action_data, | |
| 797 | user=apiuser) |
|
801 | user=apiuser) | |
| 798 |
|
802 | |||
| 799 | Session().commit() |
|
803 | Session().commit() | |
| 800 | return { |
|
804 | return { | |
| 801 | 'msg': 'Granted perm: `%s` for user group: `%s` ' |
|
805 | 'msg': 'Granted perm: `%s` for user group: `%s` ' | |
| 802 | 'in user group: `%s`' % ( |
|
806 | 'in user group: `%s`' % ( | |
| 803 | perm.permission_name, user_group.users_group_name, |
|
807 | perm.permission_name, user_group.users_group_name, | |
| 804 | target_user_group.users_group_name |
|
808 | target_user_group.users_group_name | |
| 805 | ), |
|
809 | ), | |
| 806 | 'success': True |
|
810 | 'success': True | |
| 807 | } |
|
811 | } | |
| 808 | except Exception: |
|
812 | except Exception: | |
| 809 | log.exception("Error occurred during editing permissions " |
|
813 | log.exception("Error occurred during editing permissions " | |
| 810 | "for user group in user group") |
|
814 | "for user group in user group") | |
| 811 | raise JSONRPCError( |
|
815 | raise JSONRPCError( | |
| 812 | 'failed to edit permission for user group: `%s` in ' |
|
816 | 'failed to edit permission for user group: `%s` in ' | |
| 813 | 'user group: `%s`' % ( |
|
817 | 'user group: `%s`' % ( | |
| 814 | sourceusergroupid, target_user_group.users_group_name |
|
818 | sourceusergroupid, target_user_group.users_group_name | |
| 815 | ) |
|
819 | ) | |
| 816 | ) |
|
820 | ) | |
| 817 |
|
821 | |||
| 818 |
|
822 | |||
| 819 | @jsonrpc_method() |
|
823 | @jsonrpc_method() | |
| 820 | def revoke_user_group_permission_from_user_group( |
|
824 | def revoke_user_group_permission_from_user_group( | |
| 821 | request, apiuser, usergroupid, sourceusergroupid): |
|
825 | request, apiuser, usergroupid, sourceusergroupid): | |
| 822 | """ |
|
826 | """ | |
| 823 | Revoke the permissions that one user group has to another. |
|
827 | Revoke the permissions that one user group has to another. | |
| 824 |
|
828 | |||
| 825 | :param apiuser: This is filled automatically from the |authtoken|. |
|
829 | :param apiuser: This is filled automatically from the |authtoken|. | |
| 826 | :type apiuser: AuthUser |
|
830 | :type apiuser: AuthUser | |
| 827 | :param usergroupid: Set the user group on which to edit permissions. |
|
831 | :param usergroupid: Set the user group on which to edit permissions. | |
| 828 | :type usergroupid: str or int |
|
832 | :type usergroupid: str or int | |
| 829 | :param sourceusergroupid: Set the user group from which permissions |
|
833 | :param sourceusergroupid: Set the user group from which permissions | |
| 830 | are revoked. |
|
834 | are revoked. | |
| 831 | :type sourceusergroupid: str or int |
|
835 | :type sourceusergroupid: str or int | |
| 832 |
|
836 | |||
| 833 | Example output: |
|
837 | Example output: | |
| 834 |
|
838 | |||
| 835 | .. code-block:: bash |
|
839 | .. code-block:: bash | |
| 836 |
|
840 | |||
| 837 | id : <id_given_in_input> |
|
841 | id : <id_given_in_input> | |
| 838 | result : { |
|
842 | result : { | |
| 839 | "msg": "Revoked perm for user group: `<user_group_name>` in user group: `<target_user_group_name>`", |
|
843 | "msg": "Revoked perm for user group: `<user_group_name>` in user group: `<target_user_group_name>`", | |
| 840 | "success": true |
|
844 | "success": true | |
| 841 | } |
|
845 | } | |
| 842 | error : null |
|
846 | error : null | |
| 843 | """ |
|
847 | """ | |
| 844 |
|
848 | |||
| 845 | user_group = get_user_group_or_error(sourceusergroupid) |
|
849 | user_group = get_user_group_or_error(sourceusergroupid) | |
| 846 | target_user_group = get_user_group_or_error(usergroupid) |
|
850 | target_user_group = get_user_group_or_error(usergroupid) | |
| 847 |
|
851 | |||
| 848 | if not has_superadmin_permission(apiuser): |
|
852 | if not has_superadmin_permission(apiuser): | |
| 849 | # check if we have admin permission for this user group ! |
|
853 | # check if we have admin permission for this user group ! | |
| 850 | _perms = ('usergroup.admin',) |
|
854 | _perms = ('usergroup.admin',) | |
| 851 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
855 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 852 | user=apiuser, |
|
856 | user=apiuser, | |
| 853 | user_group_name=target_user_group.users_group_name): |
|
857 | user_group_name=target_user_group.users_group_name): | |
| 854 | raise JSONRPCError( |
|
858 | raise JSONRPCError( | |
| 855 | 'to user group `%s` does not exist' % (usergroupid,)) |
|
859 | 'to user group `%s` does not exist' % (usergroupid,)) | |
| 856 |
|
860 | |||
| 857 | # check if we have at least read permission |
|
861 | # check if we have at least read permission | |
| 858 | # for the source user group ! |
|
862 | # for the source user group ! | |
| 859 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
863 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
| 860 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
864 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
| 861 | user=apiuser, user_group_name=user_group.users_group_name): |
|
865 | user=apiuser, user_group_name=user_group.users_group_name): | |
| 862 | raise JSONRPCError( |
|
866 | raise JSONRPCError( | |
| 863 | 'user group `%s` does not exist' % (sourceusergroupid,)) |
|
867 | 'user group `%s` does not exist' % (sourceusergroupid,)) | |
| 864 |
|
868 | |||
| 865 | try: |
|
869 | try: | |
| 866 | changes = UserGroupModel().revoke_user_group_permission( |
|
870 | changes = UserGroupModel().revoke_user_group_permission( | |
| 867 | target_user_group=target_user_group, user_group=user_group) |
|
871 | target_user_group=target_user_group, user_group=user_group) | |
| 868 | action_data = { |
|
872 | action_data = { | |
| 869 | 'added': changes['added'], |
|
873 | 'added': changes['added'], | |
| 870 | 'updated': changes['updated'], |
|
874 | 'updated': changes['updated'], | |
| 871 | 'deleted': changes['deleted'], |
|
875 | 'deleted': changes['deleted'], | |
| 872 | } |
|
876 | } | |
| 873 | audit_logger.store_api( |
|
877 | audit_logger.store_api( | |
| 874 | 'user_group.edit.permissions', action_data=action_data, |
|
878 | 'user_group.edit.permissions', action_data=action_data, | |
| 875 | user=apiuser) |
|
879 | user=apiuser) | |
| 876 |
|
880 | |||
| 877 | Session().commit() |
|
881 | Session().commit() | |
| 878 |
|
882 | |||
| 879 | return { |
|
883 | return { | |
| 880 | 'msg': 'Revoked perm for user group: ' |
|
884 | 'msg': 'Revoked perm for user group: ' | |
| 881 | '`%s` in user group: `%s`' % ( |
|
885 | '`%s` in user group: `%s`' % ( | |
| 882 | user_group.users_group_name, |
|
886 | user_group.users_group_name, | |
| 883 | target_user_group.users_group_name |
|
887 | target_user_group.users_group_name | |
| 884 | ), |
|
888 | ), | |
| 885 | 'success': True |
|
889 | 'success': True | |
| 886 | } |
|
890 | } | |
| 887 | except Exception: |
|
891 | except Exception: | |
| 888 | log.exception("Error occurred during editing permissions " |
|
892 | log.exception("Error occurred during editing permissions " | |
| 889 | "for user group in user group") |
|
893 | "for user group in user group") | |
| 890 | raise JSONRPCError( |
|
894 | raise JSONRPCError( | |
| 891 | 'failed to edit permission for user group: ' |
|
895 | 'failed to edit permission for user group: ' | |
| 892 | '`%s` in user group: `%s`' % ( |
|
896 | '`%s` in user group: `%s`' % ( | |
| 893 | sourceusergroupid, target_user_group.users_group_name |
|
897 | sourceusergroupid, target_user_group.users_group_name | |
| 894 | ) |
|
898 | ) | |
| 895 | ) |
|
899 | ) | |
General Comments 0
You need to be logged in to leave comments.
Login now