Show More
@@ -1,818 +1,822 | |||||
1 | # -*- coding: utf-8 -*- |
|
1 | # -*- coding: utf-8 -*- | |
2 |
|
2 | |||
3 | # Copyright (C) 2011-2017 RhodeCode GmbH |
|
3 | # Copyright (C) 2011-2017 RhodeCode GmbH | |
4 | # |
|
4 | # | |
5 | # This program is free software: you can redistribute it and/or modify |
|
5 | # This program is free software: you can redistribute it and/or modify | |
6 | # it under the terms of the GNU Affero General Public License, version 3 |
|
6 | # it under the terms of the GNU Affero General Public License, version 3 | |
7 | # (only), as published by the Free Software Foundation. |
|
7 | # (only), as published by the Free Software Foundation. | |
8 | # |
|
8 | # | |
9 | # This program is distributed in the hope that it will be useful, |
|
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU General Public License for more details. |
|
12 | # GNU General Public License for more details. | |
13 | # |
|
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License |
|
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | # |
|
16 | # | |
17 | # This program is dual-licensed. If you wish to learn more about the |
|
17 | # This program is dual-licensed. If you wish to learn more about the | |
18 | # RhodeCode Enterprise Edition, including its added features, Support services, |
|
18 | # RhodeCode Enterprise Edition, including its added features, Support services, | |
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ |
|
19 | # and proprietary license terms, please see https://rhodecode.com/licenses/ | |
20 |
|
20 | |||
21 | import logging |
|
21 | import logging | |
22 |
|
22 | |||
23 | from rhodecode.api import ( |
|
23 | from rhodecode.api import ( | |
24 | jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError) |
|
24 | jsonrpc_method, JSONRPCError, JSONRPCForbidden, JSONRPCValidationError) | |
25 | from rhodecode.api.utils import ( |
|
25 | from rhodecode.api.utils import ( | |
26 | Optional, OAttr, store_update, has_superadmin_permission, get_origin, |
|
26 | Optional, OAttr, store_update, has_superadmin_permission, get_origin, | |
27 | get_user_or_error, get_user_group_or_error, get_perm_or_error) |
|
27 | get_user_or_error, get_user_group_or_error, get_perm_or_error) | |
28 | from rhodecode.lib import audit_logger |
|
28 | from rhodecode.lib import audit_logger | |
29 | from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi |
|
29 | from rhodecode.lib.auth import HasUserGroupPermissionAnyApi, HasPermissionAnyApi | |
30 | from rhodecode.lib.exceptions import UserGroupAssignedException |
|
30 | from rhodecode.lib.exceptions import UserGroupAssignedException | |
31 | from rhodecode.model.db import Session |
|
31 | from rhodecode.model.db import Session | |
32 | from rhodecode.model.scm import UserGroupList |
|
32 | from rhodecode.model.scm import UserGroupList | |
33 | from rhodecode.model.user_group import UserGroupModel |
|
33 | from rhodecode.model.user_group import UserGroupModel | |
34 | from rhodecode.model import validation_schema |
|
34 | from rhodecode.model import validation_schema | |
35 | from rhodecode.model.validation_schema.schemas import user_group_schema |
|
35 | from rhodecode.model.validation_schema.schemas import user_group_schema | |
36 |
|
36 | |||
37 | log = logging.getLogger(__name__) |
|
37 | log = logging.getLogger(__name__) | |
38 |
|
38 | |||
39 |
|
39 | |||
40 | @jsonrpc_method() |
|
40 | @jsonrpc_method() | |
41 | def get_user_group(request, apiuser, usergroupid): |
|
41 | def get_user_group(request, apiuser, usergroupid): | |
42 | """ |
|
42 | """ | |
43 | Returns the data of an existing user group. |
|
43 | Returns the data of an existing user group. | |
44 |
|
44 | |||
45 | This command can only be run using an |authtoken| with admin rights to |
|
45 | This command can only be run using an |authtoken| with admin rights to | |
46 | the specified repository. |
|
46 | the specified repository. | |
47 |
|
47 | |||
48 | :param apiuser: This is filled automatically from the |authtoken|. |
|
48 | :param apiuser: This is filled automatically from the |authtoken|. | |
49 | :type apiuser: AuthUser |
|
49 | :type apiuser: AuthUser | |
50 | :param usergroupid: Set the user group from which to return data. |
|
50 | :param usergroupid: Set the user group from which to return data. | |
51 | :type usergroupid: str or int |
|
51 | :type usergroupid: str or int | |
52 |
|
52 | |||
53 | Example error output: |
|
53 | Example error output: | |
54 |
|
54 | |||
55 | .. code-block:: bash |
|
55 | .. code-block:: bash | |
56 |
|
56 | |||
57 | { |
|
57 | { | |
58 | "error": null, |
|
58 | "error": null, | |
59 | "id": <id>, |
|
59 | "id": <id>, | |
60 | "result": { |
|
60 | "result": { | |
61 | "active": true, |
|
61 | "active": true, | |
62 | "group_description": "group description", |
|
62 | "group_description": "group description", | |
63 | "group_name": "group name", |
|
63 | "group_name": "group name", | |
64 | "members": [ |
|
64 | "members": [ | |
65 | { |
|
65 | { | |
66 | "name": "owner-name", |
|
66 | "name": "owner-name", | |
67 | "origin": "owner", |
|
67 | "origin": "owner", | |
68 | "permission": "usergroup.admin", |
|
68 | "permission": "usergroup.admin", | |
69 | "type": "user" |
|
69 | "type": "user" | |
70 | }, |
|
70 | }, | |
71 | { |
|
71 | { | |
72 | { |
|
72 | { | |
73 | "name": "user name", |
|
73 | "name": "user name", | |
74 | "origin": "permission", |
|
74 | "origin": "permission", | |
75 | "permission": "usergroup.admin", |
|
75 | "permission": "usergroup.admin", | |
76 | "type": "user" |
|
76 | "type": "user" | |
77 | }, |
|
77 | }, | |
78 | { |
|
78 | { | |
79 | "name": "user group name", |
|
79 | "name": "user group name", | |
80 | "origin": "permission", |
|
80 | "origin": "permission", | |
81 | "permission": "usergroup.write", |
|
81 | "permission": "usergroup.write", | |
82 | "type": "user_group" |
|
82 | "type": "user_group" | |
83 | } |
|
83 | } | |
84 | ], |
|
84 | ], | |
85 | "owner": "owner name", |
|
85 | "owner": "owner name", | |
86 | "users": [], |
|
86 | "users": [], | |
87 | "users_group_id": 2 |
|
87 | "users_group_id": 2 | |
88 | } |
|
88 | } | |
89 | } |
|
89 | } | |
90 |
|
90 | |||
91 | """ |
|
91 | """ | |
92 |
|
92 | |||
93 | user_group = get_user_group_or_error(usergroupid) |
|
93 | user_group = get_user_group_or_error(usergroupid) | |
94 | if not has_superadmin_permission(apiuser): |
|
94 | if not has_superadmin_permission(apiuser): | |
95 | # check if we have at least read permission for this user group ! |
|
95 | # check if we have at least read permission for this user group ! | |
96 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
96 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
97 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
97 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
98 | user=apiuser, user_group_name=user_group.users_group_name): |
|
98 | user=apiuser, user_group_name=user_group.users_group_name): | |
99 | raise JSONRPCError('user group `%s` does not exist' % ( |
|
99 | raise JSONRPCError('user group `%s` does not exist' % ( | |
100 | usergroupid,)) |
|
100 | usergroupid,)) | |
101 |
|
101 | |||
102 | permissions = [] |
|
102 | permissions = [] | |
103 | for _user in user_group.permissions(): |
|
103 | for _user in user_group.permissions(): | |
104 | user_data = { |
|
104 | user_data = { | |
105 | 'name': _user.username, |
|
105 | 'name': _user.username, | |
106 | 'permission': _user.permission, |
|
106 | 'permission': _user.permission, | |
107 | 'origin': get_origin(_user), |
|
107 | 'origin': get_origin(_user), | |
108 | 'type': "user", |
|
108 | 'type': "user", | |
109 | } |
|
109 | } | |
110 | permissions.append(user_data) |
|
110 | permissions.append(user_data) | |
111 |
|
111 | |||
112 | for _user_group in user_group.permission_user_groups(): |
|
112 | for _user_group in user_group.permission_user_groups(): | |
113 | user_group_data = { |
|
113 | user_group_data = { | |
114 | 'name': _user_group.users_group_name, |
|
114 | 'name': _user_group.users_group_name, | |
115 | 'permission': _user_group.permission, |
|
115 | 'permission': _user_group.permission, | |
116 | 'origin': get_origin(_user_group), |
|
116 | 'origin': get_origin(_user_group), | |
117 | 'type': "user_group", |
|
117 | 'type': "user_group", | |
118 | } |
|
118 | } | |
119 | permissions.append(user_group_data) |
|
119 | permissions.append(user_group_data) | |
120 |
|
120 | |||
121 | data = user_group.get_api_data() |
|
121 | data = user_group.get_api_data() | |
122 | data['members'] = permissions |
|
122 | data['members'] = permissions | |
123 |
|
123 | |||
124 | return data |
|
124 | return data | |
125 |
|
125 | |||
126 |
|
126 | |||
127 | @jsonrpc_method() |
|
127 | @jsonrpc_method() | |
128 | def get_user_groups(request, apiuser): |
|
128 | def get_user_groups(request, apiuser): | |
129 | """ |
|
129 | """ | |
130 | Lists all the existing user groups within RhodeCode. |
|
130 | Lists all the existing user groups within RhodeCode. | |
131 |
|
131 | |||
132 | This command can only be run using an |authtoken| with admin rights to |
|
132 | This command can only be run using an |authtoken| with admin rights to | |
133 | the specified repository. |
|
133 | the specified repository. | |
134 |
|
134 | |||
135 | This command takes the following options: |
|
135 | This command takes the following options: | |
136 |
|
136 | |||
137 | :param apiuser: This is filled automatically from the |authtoken|. |
|
137 | :param apiuser: This is filled automatically from the |authtoken|. | |
138 | :type apiuser: AuthUser |
|
138 | :type apiuser: AuthUser | |
139 |
|
139 | |||
140 | Example error output: |
|
140 | Example error output: | |
141 |
|
141 | |||
142 | .. code-block:: bash |
|
142 | .. code-block:: bash | |
143 |
|
143 | |||
144 | id : <id_given_in_input> |
|
144 | id : <id_given_in_input> | |
145 | result : [<user_group_obj>,...] |
|
145 | result : [<user_group_obj>,...] | |
146 | error : null |
|
146 | error : null | |
147 | """ |
|
147 | """ | |
148 |
|
148 | |||
149 | include_secrets = has_superadmin_permission(apiuser) |
|
149 | include_secrets = has_superadmin_permission(apiuser) | |
150 |
|
150 | |||
151 | result = [] |
|
151 | result = [] | |
152 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
152 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
153 | extras = {'user': apiuser} |
|
153 | extras = {'user': apiuser} | |
154 | for user_group in UserGroupList(UserGroupModel().get_all(), |
|
154 | for user_group in UserGroupList(UserGroupModel().get_all(), | |
155 | perm_set=_perms, extra_kwargs=extras): |
|
155 | perm_set=_perms, extra_kwargs=extras): | |
156 | result.append( |
|
156 | result.append( | |
157 | user_group.get_api_data(include_secrets=include_secrets)) |
|
157 | user_group.get_api_data(include_secrets=include_secrets)) | |
158 | return result |
|
158 | return result | |
159 |
|
159 | |||
160 |
|
160 | |||
161 | @jsonrpc_method() |
|
161 | @jsonrpc_method() | |
162 | def create_user_group( |
|
162 | def create_user_group( | |
163 | request, apiuser, group_name, description=Optional(''), |
|
163 | request, apiuser, group_name, description=Optional(''), | |
164 | owner=Optional(OAttr('apiuser')), active=Optional(True)): |
|
164 | owner=Optional(OAttr('apiuser')), active=Optional(True)): | |
165 | """ |
|
165 | """ | |
166 | Creates a new user group. |
|
166 | Creates a new user group. | |
167 |
|
167 | |||
168 | This command can only be run using an |authtoken| with admin rights to |
|
168 | This command can only be run using an |authtoken| with admin rights to | |
169 | the specified repository. |
|
169 | the specified repository. | |
170 |
|
170 | |||
171 | This command takes the following options: |
|
171 | This command takes the following options: | |
172 |
|
172 | |||
173 | :param apiuser: This is filled automatically from the |authtoken|. |
|
173 | :param apiuser: This is filled automatically from the |authtoken|. | |
174 | :type apiuser: AuthUser |
|
174 | :type apiuser: AuthUser | |
175 | :param group_name: Set the name of the new user group. |
|
175 | :param group_name: Set the name of the new user group. | |
176 | :type group_name: str |
|
176 | :type group_name: str | |
177 | :param description: Give a description of the new user group. |
|
177 | :param description: Give a description of the new user group. | |
178 | :type description: str |
|
178 | :type description: str | |
179 | :param owner: Set the owner of the new user group. |
|
179 | :param owner: Set the owner of the new user group. | |
180 | If not set, the owner is the |authtoken| user. |
|
180 | If not set, the owner is the |authtoken| user. | |
181 | :type owner: Optional(str or int) |
|
181 | :type owner: Optional(str or int) | |
182 | :param active: Set this group as active. |
|
182 | :param active: Set this group as active. | |
183 | :type active: Optional(``True`` | ``False``) |
|
183 | :type active: Optional(``True`` | ``False``) | |
184 |
|
184 | |||
185 | Example output: |
|
185 | Example output: | |
186 |
|
186 | |||
187 | .. code-block:: bash |
|
187 | .. code-block:: bash | |
188 |
|
188 | |||
189 | id : <id_given_in_input> |
|
189 | id : <id_given_in_input> | |
190 | result: { |
|
190 | result: { | |
191 | "msg": "created new user group `<groupname>`", |
|
191 | "msg": "created new user group `<groupname>`", | |
192 | "user_group": <user_group_object> |
|
192 | "user_group": <user_group_object> | |
193 | } |
|
193 | } | |
194 | error: null |
|
194 | error: null | |
195 |
|
195 | |||
196 | Example error output: |
|
196 | Example error output: | |
197 |
|
197 | |||
198 | .. code-block:: bash |
|
198 | .. code-block:: bash | |
199 |
|
199 | |||
200 | id : <id_given_in_input> |
|
200 | id : <id_given_in_input> | |
201 | result : null |
|
201 | result : null | |
202 | error : { |
|
202 | error : { | |
203 | "user group `<group name>` already exist" |
|
203 | "user group `<group name>` already exist" | |
204 | or |
|
204 | or | |
205 | "failed to create group `<group name>`" |
|
205 | "failed to create group `<group name>`" | |
206 | } |
|
206 | } | |
207 |
|
207 | |||
208 | """ |
|
208 | """ | |
209 |
|
209 | |||
210 | if not has_superadmin_permission(apiuser): |
|
210 | if not has_superadmin_permission(apiuser): | |
211 | if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser): |
|
211 | if not HasPermissionAnyApi('hg.usergroup.create.true')(user=apiuser): | |
212 | raise JSONRPCForbidden() |
|
212 | raise JSONRPCForbidden() | |
213 |
|
213 | |||
214 | if UserGroupModel().get_by_name(group_name): |
|
214 | if UserGroupModel().get_by_name(group_name): | |
215 | raise JSONRPCError("user group `%s` already exist" % (group_name,)) |
|
215 | raise JSONRPCError("user group `%s` already exist" % (group_name,)) | |
216 |
|
216 | |||
217 | if isinstance(owner, Optional): |
|
217 | if isinstance(owner, Optional): | |
218 | owner = apiuser.user_id |
|
218 | owner = apiuser.user_id | |
219 |
|
219 | |||
220 | owner = get_user_or_error(owner) |
|
220 | owner = get_user_or_error(owner) | |
221 | active = Optional.extract(active) |
|
221 | active = Optional.extract(active) | |
222 | description = Optional.extract(description) |
|
222 | description = Optional.extract(description) | |
223 |
|
223 | |||
224 | schema = user_group_schema.UserGroupSchema().bind( |
|
224 | schema = user_group_schema.UserGroupSchema().bind( | |
225 | # user caller |
|
225 | # user caller | |
226 | user=apiuser) |
|
226 | user=apiuser) | |
227 | try: |
|
227 | try: | |
228 | schema_data = schema.deserialize(dict( |
|
228 | schema_data = schema.deserialize(dict( | |
229 | user_group_name=group_name, |
|
229 | user_group_name=group_name, | |
230 | user_group_description=description, |
|
230 | user_group_description=description, | |
231 | user_group_owner=owner.username, |
|
231 | user_group_owner=owner.username, | |
232 | user_group_active=active, |
|
232 | user_group_active=active, | |
233 | )) |
|
233 | )) | |
234 | except validation_schema.Invalid as err: |
|
234 | except validation_schema.Invalid as err: | |
235 | raise JSONRPCValidationError(colander_exc=err) |
|
235 | raise JSONRPCValidationError(colander_exc=err) | |
236 |
|
236 | |||
237 | try: |
|
237 | try: | |
238 | user_group = UserGroupModel().create( |
|
238 | user_group = UserGroupModel().create( | |
239 | name=schema_data['user_group_name'], |
|
239 | name=schema_data['user_group_name'], | |
240 | description=schema_data['user_group_description'], |
|
240 | description=schema_data['user_group_description'], | |
241 | owner=owner, |
|
241 | owner=owner, | |
242 | active=schema_data['user_group_active']) |
|
242 | active=schema_data['user_group_active']) | |
243 | Session().flush() |
|
243 | Session().flush() | |
244 | creation_data = user_group.get_api_data() |
|
244 | creation_data = user_group.get_api_data() | |
245 | audit_logger.store_api( |
|
245 | audit_logger.store_api( | |
246 | 'user_group.create', action_data={'data': creation_data}, |
|
246 | 'user_group.create', action_data={'data': creation_data}, | |
247 | user=apiuser) |
|
247 | user=apiuser) | |
248 | Session().commit() |
|
248 | Session().commit() | |
249 | return { |
|
249 | return { | |
250 | 'msg': 'created new user group `%s`' % group_name, |
|
250 | 'msg': 'created new user group `%s`' % group_name, | |
251 | 'user_group': creation_data |
|
251 | 'user_group': creation_data | |
252 | } |
|
252 | } | |
253 | except Exception: |
|
253 | except Exception: | |
254 | log.exception("Error occurred during creation of user group") |
|
254 | log.exception("Error occurred during creation of user group") | |
255 | raise JSONRPCError('failed to create group `%s`' % (group_name,)) |
|
255 | raise JSONRPCError('failed to create group `%s`' % (group_name,)) | |
256 |
|
256 | |||
257 |
|
257 | |||
258 | @jsonrpc_method() |
|
258 | @jsonrpc_method() | |
259 | def update_user_group(request, apiuser, usergroupid, group_name=Optional(''), |
|
259 | def update_user_group(request, apiuser, usergroupid, group_name=Optional(''), | |
260 | description=Optional(''), owner=Optional(None), |
|
260 | description=Optional(''), owner=Optional(None), | |
261 | active=Optional(True)): |
|
261 | active=Optional(True)): | |
262 | """ |
|
262 | """ | |
263 | Updates the specified `user group` with the details provided. |
|
263 | Updates the specified `user group` with the details provided. | |
264 |
|
264 | |||
265 | This command can only be run using an |authtoken| with admin rights to |
|
265 | This command can only be run using an |authtoken| with admin rights to | |
266 | the specified repository. |
|
266 | the specified repository. | |
267 |
|
267 | |||
268 | :param apiuser: This is filled automatically from the |authtoken|. |
|
268 | :param apiuser: This is filled automatically from the |authtoken|. | |
269 | :type apiuser: AuthUser |
|
269 | :type apiuser: AuthUser | |
270 | :param usergroupid: Set the id of the `user group` to update. |
|
270 | :param usergroupid: Set the id of the `user group` to update. | |
271 | :type usergroupid: str or int |
|
271 | :type usergroupid: str or int | |
272 | :param group_name: Set the new name the `user group` |
|
272 | :param group_name: Set the new name the `user group` | |
273 | :type group_name: str |
|
273 | :type group_name: str | |
274 | :param description: Give a description for the `user group` |
|
274 | :param description: Give a description for the `user group` | |
275 | :type description: str |
|
275 | :type description: str | |
276 | :param owner: Set the owner of the `user group`. |
|
276 | :param owner: Set the owner of the `user group`. | |
277 | :type owner: Optional(str or int) |
|
277 | :type owner: Optional(str or int) | |
278 | :param active: Set the group as active. |
|
278 | :param active: Set the group as active. | |
279 | :type active: Optional(``True`` | ``False``) |
|
279 | :type active: Optional(``True`` | ``False``) | |
280 |
|
280 | |||
281 | Example output: |
|
281 | Example output: | |
282 |
|
282 | |||
283 | .. code-block:: bash |
|
283 | .. code-block:: bash | |
284 |
|
284 | |||
285 | id : <id_given_in_input> |
|
285 | id : <id_given_in_input> | |
286 | result : { |
|
286 | result : { | |
287 | "msg": 'updated user group ID:<user group id> <user group name>', |
|
287 | "msg": 'updated user group ID:<user group id> <user group name>', | |
288 | "user_group": <user_group_object> |
|
288 | "user_group": <user_group_object> | |
289 | } |
|
289 | } | |
290 | error : null |
|
290 | error : null | |
291 |
|
291 | |||
292 | Example error output: |
|
292 | Example error output: | |
293 |
|
293 | |||
294 | .. code-block:: bash |
|
294 | .. code-block:: bash | |
295 |
|
295 | |||
296 | id : <id_given_in_input> |
|
296 | id : <id_given_in_input> | |
297 | result : null |
|
297 | result : null | |
298 | error : { |
|
298 | error : { | |
299 | "failed to update user group `<user group name>`" |
|
299 | "failed to update user group `<user group name>`" | |
300 | } |
|
300 | } | |
301 |
|
301 | |||
302 | """ |
|
302 | """ | |
303 |
|
303 | |||
304 | user_group = get_user_group_or_error(usergroupid) |
|
304 | user_group = get_user_group_or_error(usergroupid) | |
305 | include_secrets = False |
|
305 | include_secrets = False | |
306 | if not has_superadmin_permission(apiuser): |
|
306 | if not has_superadmin_permission(apiuser): | |
307 | # check if we have admin permission for this user group ! |
|
307 | # check if we have admin permission for this user group ! | |
308 | _perms = ('usergroup.admin',) |
|
308 | _perms = ('usergroup.admin',) | |
309 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
309 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
310 | user=apiuser, user_group_name=user_group.users_group_name): |
|
310 | user=apiuser, user_group_name=user_group.users_group_name): | |
311 | raise JSONRPCError( |
|
311 | raise JSONRPCError( | |
312 | 'user group `%s` does not exist' % (usergroupid,)) |
|
312 | 'user group `%s` does not exist' % (usergroupid,)) | |
313 | else: |
|
313 | else: | |
314 | include_secrets = True |
|
314 | include_secrets = True | |
315 |
|
315 | |||
316 | if not isinstance(owner, Optional): |
|
316 | if not isinstance(owner, Optional): | |
317 | owner = get_user_or_error(owner) |
|
317 | owner = get_user_or_error(owner) | |
318 |
|
318 | |||
319 | old_data = user_group.get_api_data() |
|
319 | old_data = user_group.get_api_data() | |
320 | updates = {} |
|
320 | updates = {} | |
321 | store_update(updates, group_name, 'users_group_name') |
|
321 | store_update(updates, group_name, 'users_group_name') | |
322 | store_update(updates, description, 'user_group_description') |
|
322 | store_update(updates, description, 'user_group_description') | |
323 | store_update(updates, owner, 'user') |
|
323 | store_update(updates, owner, 'user') | |
324 | store_update(updates, active, 'users_group_active') |
|
324 | store_update(updates, active, 'users_group_active') | |
325 | try: |
|
325 | try: | |
326 | UserGroupModel().update(user_group, updates) |
|
326 | UserGroupModel().update(user_group, updates) | |
327 | audit_logger.store_api( |
|
327 | audit_logger.store_api( | |
328 | 'user_group.edit', action_data={'old_data': old_data}, |
|
328 | 'user_group.edit', action_data={'old_data': old_data}, | |
329 | user=apiuser) |
|
329 | user=apiuser) | |
330 | Session().commit() |
|
330 | Session().commit() | |
331 | return { |
|
331 | return { | |
332 | 'msg': 'updated user group ID:%s %s' % ( |
|
332 | 'msg': 'updated user group ID:%s %s' % ( | |
333 | user_group.users_group_id, user_group.users_group_name), |
|
333 | user_group.users_group_id, user_group.users_group_name), | |
334 | 'user_group': user_group.get_api_data( |
|
334 | 'user_group': user_group.get_api_data( | |
335 | include_secrets=include_secrets) |
|
335 | include_secrets=include_secrets) | |
336 | } |
|
336 | } | |
337 | except Exception: |
|
337 | except Exception: | |
338 | log.exception("Error occurred during update of user group") |
|
338 | log.exception("Error occurred during update of user group") | |
339 | raise JSONRPCError( |
|
339 | raise JSONRPCError( | |
340 | 'failed to update user group `%s`' % (usergroupid,)) |
|
340 | 'failed to update user group `%s`' % (usergroupid,)) | |
341 |
|
341 | |||
342 |
|
342 | |||
343 | @jsonrpc_method() |
|
343 | @jsonrpc_method() | |
344 | def delete_user_group(request, apiuser, usergroupid): |
|
344 | def delete_user_group(request, apiuser, usergroupid): | |
345 | """ |
|
345 | """ | |
346 | Deletes the specified `user group`. |
|
346 | Deletes the specified `user group`. | |
347 |
|
347 | |||
348 | This command can only be run using an |authtoken| with admin rights to |
|
348 | This command can only be run using an |authtoken| with admin rights to | |
349 | the specified repository. |
|
349 | the specified repository. | |
350 |
|
350 | |||
351 | This command takes the following options: |
|
351 | This command takes the following options: | |
352 |
|
352 | |||
353 | :param apiuser: filled automatically from apikey |
|
353 | :param apiuser: filled automatically from apikey | |
354 | :type apiuser: AuthUser |
|
354 | :type apiuser: AuthUser | |
355 | :param usergroupid: |
|
355 | :param usergroupid: | |
356 | :type usergroupid: int |
|
356 | :type usergroupid: int | |
357 |
|
357 | |||
358 | Example output: |
|
358 | Example output: | |
359 |
|
359 | |||
360 | .. code-block:: bash |
|
360 | .. code-block:: bash | |
361 |
|
361 | |||
362 | id : <id_given_in_input> |
|
362 | id : <id_given_in_input> | |
363 | result : { |
|
363 | result : { | |
364 | "msg": "deleted user group ID:<user_group_id> <user_group_name>" |
|
364 | "msg": "deleted user group ID:<user_group_id> <user_group_name>" | |
365 | } |
|
365 | } | |
366 | error : null |
|
366 | error : null | |
367 |
|
367 | |||
368 | Example error output: |
|
368 | Example error output: | |
369 |
|
369 | |||
370 | .. code-block:: bash |
|
370 | .. code-block:: bash | |
371 |
|
371 | |||
372 | id : <id_given_in_input> |
|
372 | id : <id_given_in_input> | |
373 | result : null |
|
373 | result : null | |
374 | error : { |
|
374 | error : { | |
375 | "failed to delete user group ID:<user_group_id> <user_group_name>" |
|
375 | "failed to delete user group ID:<user_group_id> <user_group_name>" | |
376 | or |
|
376 | or | |
377 | "RepoGroup assigned to <repo_groups_list>" |
|
377 | "RepoGroup assigned to <repo_groups_list>" | |
378 | } |
|
378 | } | |
379 |
|
379 | |||
380 | """ |
|
380 | """ | |
381 |
|
381 | |||
382 | user_group = get_user_group_or_error(usergroupid) |
|
382 | user_group = get_user_group_or_error(usergroupid) | |
383 | if not has_superadmin_permission(apiuser): |
|
383 | if not has_superadmin_permission(apiuser): | |
384 | # check if we have admin permission for this user group ! |
|
384 | # check if we have admin permission for this user group ! | |
385 | _perms = ('usergroup.admin',) |
|
385 | _perms = ('usergroup.admin',) | |
386 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
386 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
387 | user=apiuser, user_group_name=user_group.users_group_name): |
|
387 | user=apiuser, user_group_name=user_group.users_group_name): | |
388 | raise JSONRPCError( |
|
388 | raise JSONRPCError( | |
389 | 'user group `%s` does not exist' % (usergroupid,)) |
|
389 | 'user group `%s` does not exist' % (usergroupid,)) | |
390 |
|
390 | |||
391 | old_data = user_group.get_api_data() |
|
391 | old_data = user_group.get_api_data() | |
392 | try: |
|
392 | try: | |
393 | UserGroupModel().delete(user_group) |
|
393 | UserGroupModel().delete(user_group) | |
394 | audit_logger.store_api( |
|
394 | audit_logger.store_api( | |
395 | 'user_group.delete', action_data={'old_data': old_data}, |
|
395 | 'user_group.delete', action_data={'old_data': old_data}, | |
396 | user=apiuser) |
|
396 | user=apiuser) | |
397 | Session().commit() |
|
397 | Session().commit() | |
398 | return { |
|
398 | return { | |
399 | 'msg': 'deleted user group ID:%s %s' % ( |
|
399 | 'msg': 'deleted user group ID:%s %s' % ( | |
400 | user_group.users_group_id, user_group.users_group_name), |
|
400 | user_group.users_group_id, user_group.users_group_name), | |
401 | 'user_group': None |
|
401 | 'user_group': None | |
402 | } |
|
402 | } | |
403 | except UserGroupAssignedException as e: |
|
403 | except UserGroupAssignedException as e: | |
404 | log.exception("UserGroupAssigned error") |
|
404 | log.exception("UserGroupAssigned error") | |
405 | raise JSONRPCError(str(e)) |
|
405 | raise JSONRPCError(str(e)) | |
406 | except Exception: |
|
406 | except Exception: | |
407 | log.exception("Error occurred during deletion of user group") |
|
407 | log.exception("Error occurred during deletion of user group") | |
408 | raise JSONRPCError( |
|
408 | raise JSONRPCError( | |
409 | 'failed to delete user group ID:%s %s' %( |
|
409 | 'failed to delete user group ID:%s %s' %( | |
410 | user_group.users_group_id, user_group.users_group_name)) |
|
410 | user_group.users_group_id, user_group.users_group_name)) | |
411 |
|
411 | |||
412 |
|
412 | |||
413 | @jsonrpc_method() |
|
413 | @jsonrpc_method() | |
414 | def add_user_to_user_group(request, apiuser, usergroupid, userid): |
|
414 | def add_user_to_user_group(request, apiuser, usergroupid, userid): | |
415 | """ |
|
415 | """ | |
416 | Adds a user to a `user group`. If the user already exists in the group |
|
416 | Adds a user to a `user group`. If the user already exists in the group | |
417 | this command will return false. |
|
417 | this command will return false. | |
418 |
|
418 | |||
419 | This command can only be run using an |authtoken| with admin rights to |
|
419 | This command can only be run using an |authtoken| with admin rights to | |
420 | the specified user group. |
|
420 | the specified user group. | |
421 |
|
421 | |||
422 | This command takes the following options: |
|
422 | This command takes the following options: | |
423 |
|
423 | |||
424 | :param apiuser: This is filled automatically from the |authtoken|. |
|
424 | :param apiuser: This is filled automatically from the |authtoken|. | |
425 | :type apiuser: AuthUser |
|
425 | :type apiuser: AuthUser | |
426 | :param usergroupid: Set the name of the `user group` to which a |
|
426 | :param usergroupid: Set the name of the `user group` to which a | |
427 | user will be added. |
|
427 | user will be added. | |
428 | :type usergroupid: int |
|
428 | :type usergroupid: int | |
429 | :param userid: Set the `user_id` of the user to add to the group. |
|
429 | :param userid: Set the `user_id` of the user to add to the group. | |
430 | :type userid: int |
|
430 | :type userid: int | |
431 |
|
431 | |||
432 | Example output: |
|
432 | Example output: | |
433 |
|
433 | |||
434 | .. code-block:: bash |
|
434 | .. code-block:: bash | |
435 |
|
435 | |||
436 | id : <id_given_in_input> |
|
436 | id : <id_given_in_input> | |
437 | result : { |
|
437 | result : { | |
438 | "success": True|False # depends on if member is in group |
|
438 | "success": True|False # depends on if member is in group | |
439 | "msg": "added member `<username>` to user group `<groupname>` | |
|
439 | "msg": "added member `<username>` to user group `<groupname>` | | |
440 | User is already in that group" |
|
440 | User is already in that group" | |
441 |
|
441 | |||
442 | } |
|
442 | } | |
443 | error : null |
|
443 | error : null | |
444 |
|
444 | |||
445 | Example error output: |
|
445 | Example error output: | |
446 |
|
446 | |||
447 | .. code-block:: bash |
|
447 | .. code-block:: bash | |
448 |
|
448 | |||
449 | id : <id_given_in_input> |
|
449 | id : <id_given_in_input> | |
450 | result : null |
|
450 | result : null | |
451 | error : { |
|
451 | error : { | |
452 | "failed to add member to user group `<user_group_name>`" |
|
452 | "failed to add member to user group `<user_group_name>`" | |
453 | } |
|
453 | } | |
454 |
|
454 | |||
455 | """ |
|
455 | """ | |
456 |
|
456 | |||
457 | user = get_user_or_error(userid) |
|
457 | user = get_user_or_error(userid) | |
458 | user_group = get_user_group_or_error(usergroupid) |
|
458 | user_group = get_user_group_or_error(usergroupid) | |
459 | if not has_superadmin_permission(apiuser): |
|
459 | if not has_superadmin_permission(apiuser): | |
460 | # check if we have admin permission for this user group ! |
|
460 | # check if we have admin permission for this user group ! | |
461 | _perms = ('usergroup.admin',) |
|
461 | _perms = ('usergroup.admin',) | |
462 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
462 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
463 | user=apiuser, user_group_name=user_group.users_group_name): |
|
463 | user=apiuser, user_group_name=user_group.users_group_name): | |
464 | raise JSONRPCError('user group `%s` does not exist' % ( |
|
464 | raise JSONRPCError('user group `%s` does not exist' % ( | |
465 | usergroupid,)) |
|
465 | usergroupid,)) | |
466 |
|
466 | |||
|
467 | old_values = user_group.get_api_data() | |||
467 | try: |
|
468 | try: | |
468 | ugm = UserGroupModel().add_user_to_group(user_group, user) |
|
469 | ugm = UserGroupModel().add_user_to_group(user_group, user) | |
469 | success = True if ugm is not True else False |
|
470 | success = True if ugm is not True else False | |
470 | msg = 'added member `%s` to user group `%s`' % ( |
|
471 | msg = 'added member `%s` to user group `%s`' % ( | |
471 | user.username, user_group.users_group_name |
|
472 | user.username, user_group.users_group_name | |
472 | ) |
|
473 | ) | |
473 | msg = msg if success else 'User is already in that group' |
|
474 | msg = msg if success else 'User is already in that group' | |
474 | if success: |
|
475 | if success: | |
475 | user_data = user.get_api_data() |
|
476 | user_data = user.get_api_data() | |
476 | audit_logger.store_api( |
|
477 | audit_logger.store_api( | |
477 |
'user_group.edit.member.add', |
|
478 | 'user_group.edit.member.add', | |
|
479 | action_data={'user': user_data, 'old_data': old_values}, | |||
478 | user=apiuser) |
|
480 | user=apiuser) | |
479 |
|
481 | |||
480 | Session().commit() |
|
482 | Session().commit() | |
481 |
|
483 | |||
482 | return { |
|
484 | return { | |
483 | 'success': success, |
|
485 | 'success': success, | |
484 | 'msg': msg |
|
486 | 'msg': msg | |
485 | } |
|
487 | } | |
486 | except Exception: |
|
488 | except Exception: | |
487 | log.exception("Error occurred during adding a member to user group") |
|
489 | log.exception("Error occurred during adding a member to user group") | |
488 | raise JSONRPCError( |
|
490 | raise JSONRPCError( | |
489 | 'failed to add member to user group `%s`' % ( |
|
491 | 'failed to add member to user group `%s`' % ( | |
490 | user_group.users_group_name, |
|
492 | user_group.users_group_name, | |
491 | ) |
|
493 | ) | |
492 | ) |
|
494 | ) | |
493 |
|
495 | |||
494 |
|
496 | |||
495 | @jsonrpc_method() |
|
497 | @jsonrpc_method() | |
496 | def remove_user_from_user_group(request, apiuser, usergroupid, userid): |
|
498 | def remove_user_from_user_group(request, apiuser, usergroupid, userid): | |
497 | """ |
|
499 | """ | |
498 | Removes a user from a user group. |
|
500 | Removes a user from a user group. | |
499 |
|
501 | |||
500 | * If the specified user is not in the group, this command will return |
|
502 | * If the specified user is not in the group, this command will return | |
501 | `false`. |
|
503 | `false`. | |
502 |
|
504 | |||
503 | This command can only be run using an |authtoken| with admin rights to |
|
505 | This command can only be run using an |authtoken| with admin rights to | |
504 | the specified user group. |
|
506 | the specified user group. | |
505 |
|
507 | |||
506 | :param apiuser: This is filled automatically from the |authtoken|. |
|
508 | :param apiuser: This is filled automatically from the |authtoken|. | |
507 | :type apiuser: AuthUser |
|
509 | :type apiuser: AuthUser | |
508 | :param usergroupid: Sets the user group name. |
|
510 | :param usergroupid: Sets the user group name. | |
509 | :type usergroupid: str or int |
|
511 | :type usergroupid: str or int | |
510 | :param userid: The user you wish to remove from |RCE|. |
|
512 | :param userid: The user you wish to remove from |RCE|. | |
511 | :type userid: str or int |
|
513 | :type userid: str or int | |
512 |
|
514 | |||
513 | Example output: |
|
515 | Example output: | |
514 |
|
516 | |||
515 | .. code-block:: bash |
|
517 | .. code-block:: bash | |
516 |
|
518 | |||
517 | id : <id_given_in_input> |
|
519 | id : <id_given_in_input> | |
518 | result: { |
|
520 | result: { | |
519 | "success": True|False, # depends on if member is in group |
|
521 | "success": True|False, # depends on if member is in group | |
520 | "msg": "removed member <username> from user group <groupname> | |
|
522 | "msg": "removed member <username> from user group <groupname> | | |
521 | User wasn't in group" |
|
523 | User wasn't in group" | |
522 | } |
|
524 | } | |
523 | error: null |
|
525 | error: null | |
524 |
|
526 | |||
525 | """ |
|
527 | """ | |
526 |
|
528 | |||
527 | user = get_user_or_error(userid) |
|
529 | user = get_user_or_error(userid) | |
528 | user_group = get_user_group_or_error(usergroupid) |
|
530 | user_group = get_user_group_or_error(usergroupid) | |
529 | if not has_superadmin_permission(apiuser): |
|
531 | if not has_superadmin_permission(apiuser): | |
530 | # check if we have admin permission for this user group ! |
|
532 | # check if we have admin permission for this user group ! | |
531 | _perms = ('usergroup.admin',) |
|
533 | _perms = ('usergroup.admin',) | |
532 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
534 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
533 | user=apiuser, user_group_name=user_group.users_group_name): |
|
535 | user=apiuser, user_group_name=user_group.users_group_name): | |
534 | raise JSONRPCError( |
|
536 | raise JSONRPCError( | |
535 | 'user group `%s` does not exist' % (usergroupid,)) |
|
537 | 'user group `%s` does not exist' % (usergroupid,)) | |
536 |
|
538 | |||
|
539 | old_values = user_group.get_api_data() | |||
537 | try: |
|
540 | try: | |
538 | success = UserGroupModel().remove_user_from_group(user_group, user) |
|
541 | success = UserGroupModel().remove_user_from_group(user_group, user) | |
539 | msg = 'removed member `%s` from user group `%s`' % ( |
|
542 | msg = 'removed member `%s` from user group `%s`' % ( | |
540 | user.username, user_group.users_group_name |
|
543 | user.username, user_group.users_group_name | |
541 | ) |
|
544 | ) | |
542 | msg = msg if success else "User wasn't in group" |
|
545 | msg = msg if success else "User wasn't in group" | |
543 | if success: |
|
546 | if success: | |
544 | user_data = user.get_api_data() |
|
547 | user_data = user.get_api_data() | |
545 | audit_logger.store_api( |
|
548 | audit_logger.store_api( | |
546 |
'user_group.edit.member.delete', |
|
549 | 'user_group.edit.member.delete', | |
|
550 | action_data={'user': user_data, 'old_data': old_values}, | |||
547 | user=apiuser) |
|
551 | user=apiuser) | |
548 |
|
552 | |||
549 | Session().commit() |
|
553 | Session().commit() | |
550 | return {'success': success, 'msg': msg} |
|
554 | return {'success': success, 'msg': msg} | |
551 | except Exception: |
|
555 | except Exception: | |
552 | log.exception("Error occurred during removing an member from user group") |
|
556 | log.exception("Error occurred during removing an member from user group") | |
553 | raise JSONRPCError( |
|
557 | raise JSONRPCError( | |
554 | 'failed to remove member from user group `%s`' % ( |
|
558 | 'failed to remove member from user group `%s`' % ( | |
555 | user_group.users_group_name, |
|
559 | user_group.users_group_name, | |
556 | ) |
|
560 | ) | |
557 | ) |
|
561 | ) | |
558 |
|
562 | |||
559 |
|
563 | |||
560 | @jsonrpc_method() |
|
564 | @jsonrpc_method() | |
561 | def grant_user_permission_to_user_group( |
|
565 | def grant_user_permission_to_user_group( | |
562 | request, apiuser, usergroupid, userid, perm): |
|
566 | request, apiuser, usergroupid, userid, perm): | |
563 | """ |
|
567 | """ | |
564 | Set permissions for a user in a user group. |
|
568 | Set permissions for a user in a user group. | |
565 |
|
569 | |||
566 | :param apiuser: This is filled automatically from the |authtoken|. |
|
570 | :param apiuser: This is filled automatically from the |authtoken|. | |
567 | :type apiuser: AuthUser |
|
571 | :type apiuser: AuthUser | |
568 | :param usergroupid: Set the user group to edit permissions on. |
|
572 | :param usergroupid: Set the user group to edit permissions on. | |
569 | :type usergroupid: str or int |
|
573 | :type usergroupid: str or int | |
570 | :param userid: Set the user from whom you wish to set permissions. |
|
574 | :param userid: Set the user from whom you wish to set permissions. | |
571 | :type userid: str |
|
575 | :type userid: str | |
572 | :param perm: (usergroup.(none|read|write|admin)) |
|
576 | :param perm: (usergroup.(none|read|write|admin)) | |
573 | :type perm: str |
|
577 | :type perm: str | |
574 |
|
578 | |||
575 | Example output: |
|
579 | Example output: | |
576 |
|
580 | |||
577 | .. code-block:: bash |
|
581 | .. code-block:: bash | |
578 |
|
582 | |||
579 | id : <id_given_in_input> |
|
583 | id : <id_given_in_input> | |
580 | result : { |
|
584 | result : { | |
581 | "msg": "Granted perm: `<perm_name>` for user: `<username>` in user group: `<user_group_name>`", |
|
585 | "msg": "Granted perm: `<perm_name>` for user: `<username>` in user group: `<user_group_name>`", | |
582 | "success": true |
|
586 | "success": true | |
583 | } |
|
587 | } | |
584 | error : null |
|
588 | error : null | |
585 | """ |
|
589 | """ | |
586 |
|
590 | |||
587 | user_group = get_user_group_or_error(usergroupid) |
|
591 | user_group = get_user_group_or_error(usergroupid) | |
588 |
|
592 | |||
589 | if not has_superadmin_permission(apiuser): |
|
593 | if not has_superadmin_permission(apiuser): | |
590 | # check if we have admin permission for this user group ! |
|
594 | # check if we have admin permission for this user group ! | |
591 | _perms = ('usergroup.admin',) |
|
595 | _perms = ('usergroup.admin',) | |
592 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
596 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
593 | user=apiuser, user_group_name=user_group.users_group_name): |
|
597 | user=apiuser, user_group_name=user_group.users_group_name): | |
594 | raise JSONRPCError( |
|
598 | raise JSONRPCError( | |
595 | 'user group `%s` does not exist' % (usergroupid,)) |
|
599 | 'user group `%s` does not exist' % (usergroupid,)) | |
596 |
|
600 | |||
597 | user = get_user_or_error(userid) |
|
601 | user = get_user_or_error(userid) | |
598 | perm = get_perm_or_error(perm, prefix='usergroup.') |
|
602 | perm = get_perm_or_error(perm, prefix='usergroup.') | |
599 |
|
603 | |||
600 | try: |
|
604 | try: | |
601 | UserGroupModel().grant_user_permission( |
|
605 | UserGroupModel().grant_user_permission( | |
602 | user_group=user_group, user=user, perm=perm) |
|
606 | user_group=user_group, user=user, perm=perm) | |
603 | Session().commit() |
|
607 | Session().commit() | |
604 | return { |
|
608 | return { | |
605 | 'msg': |
|
609 | 'msg': | |
606 | 'Granted perm: `%s` for user: `%s` in user group: `%s`' % ( |
|
610 | 'Granted perm: `%s` for user: `%s` in user group: `%s`' % ( | |
607 | perm.permission_name, user.username, |
|
611 | perm.permission_name, user.username, | |
608 | user_group.users_group_name |
|
612 | user_group.users_group_name | |
609 | ), |
|
613 | ), | |
610 | 'success': True |
|
614 | 'success': True | |
611 | } |
|
615 | } | |
612 | except Exception: |
|
616 | except Exception: | |
613 | log.exception("Error occurred during editing permissions " |
|
617 | log.exception("Error occurred during editing permissions " | |
614 | "for user in user group") |
|
618 | "for user in user group") | |
615 | raise JSONRPCError( |
|
619 | raise JSONRPCError( | |
616 | 'failed to edit permission for user: ' |
|
620 | 'failed to edit permission for user: ' | |
617 | '`%s` in user group: `%s`' % ( |
|
621 | '`%s` in user group: `%s`' % ( | |
618 | userid, user_group.users_group_name)) |
|
622 | userid, user_group.users_group_name)) | |
619 |
|
623 | |||
620 |
|
624 | |||
621 | @jsonrpc_method() |
|
625 | @jsonrpc_method() | |
622 | def revoke_user_permission_from_user_group( |
|
626 | def revoke_user_permission_from_user_group( | |
623 | request, apiuser, usergroupid, userid): |
|
627 | request, apiuser, usergroupid, userid): | |
624 | """ |
|
628 | """ | |
625 | Revoke a users permissions in a user group. |
|
629 | Revoke a users permissions in a user group. | |
626 |
|
630 | |||
627 | :param apiuser: This is filled automatically from the |authtoken|. |
|
631 | :param apiuser: This is filled automatically from the |authtoken|. | |
628 | :type apiuser: AuthUser |
|
632 | :type apiuser: AuthUser | |
629 | :param usergroupid: Set the user group from which to revoke the user |
|
633 | :param usergroupid: Set the user group from which to revoke the user | |
630 | permissions. |
|
634 | permissions. | |
631 | :type: usergroupid: str or int |
|
635 | :type: usergroupid: str or int | |
632 | :param userid: Set the userid of the user whose permissions will be |
|
636 | :param userid: Set the userid of the user whose permissions will be | |
633 | revoked. |
|
637 | revoked. | |
634 | :type userid: str |
|
638 | :type userid: str | |
635 |
|
639 | |||
636 | Example output: |
|
640 | Example output: | |
637 |
|
641 | |||
638 | .. code-block:: bash |
|
642 | .. code-block:: bash | |
639 |
|
643 | |||
640 | id : <id_given_in_input> |
|
644 | id : <id_given_in_input> | |
641 | result : { |
|
645 | result : { | |
642 | "msg": "Revoked perm for user: `<username>` in user group: `<user_group_name>`", |
|
646 | "msg": "Revoked perm for user: `<username>` in user group: `<user_group_name>`", | |
643 | "success": true |
|
647 | "success": true | |
644 | } |
|
648 | } | |
645 | error : null |
|
649 | error : null | |
646 | """ |
|
650 | """ | |
647 |
|
651 | |||
648 | user_group = get_user_group_or_error(usergroupid) |
|
652 | user_group = get_user_group_or_error(usergroupid) | |
649 |
|
653 | |||
650 | if not has_superadmin_permission(apiuser): |
|
654 | if not has_superadmin_permission(apiuser): | |
651 | # check if we have admin permission for this user group ! |
|
655 | # check if we have admin permission for this user group ! | |
652 | _perms = ('usergroup.admin',) |
|
656 | _perms = ('usergroup.admin',) | |
653 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
657 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
654 | user=apiuser, user_group_name=user_group.users_group_name): |
|
658 | user=apiuser, user_group_name=user_group.users_group_name): | |
655 | raise JSONRPCError( |
|
659 | raise JSONRPCError( | |
656 | 'user group `%s` does not exist' % (usergroupid,)) |
|
660 | 'user group `%s` does not exist' % (usergroupid,)) | |
657 |
|
661 | |||
658 | user = get_user_or_error(userid) |
|
662 | user = get_user_or_error(userid) | |
659 |
|
663 | |||
660 | try: |
|
664 | try: | |
661 | UserGroupModel().revoke_user_permission( |
|
665 | UserGroupModel().revoke_user_permission( | |
662 | user_group=user_group, user=user) |
|
666 | user_group=user_group, user=user) | |
663 | Session().commit() |
|
667 | Session().commit() | |
664 | return { |
|
668 | return { | |
665 | 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % ( |
|
669 | 'msg': 'Revoked perm for user: `%s` in user group: `%s`' % ( | |
666 | user.username, user_group.users_group_name |
|
670 | user.username, user_group.users_group_name | |
667 | ), |
|
671 | ), | |
668 | 'success': True |
|
672 | 'success': True | |
669 | } |
|
673 | } | |
670 | except Exception: |
|
674 | except Exception: | |
671 | log.exception("Error occurred during editing permissions " |
|
675 | log.exception("Error occurred during editing permissions " | |
672 | "for user in user group") |
|
676 | "for user in user group") | |
673 | raise JSONRPCError( |
|
677 | raise JSONRPCError( | |
674 | 'failed to edit permission for user: `%s` in user group: `%s`' |
|
678 | 'failed to edit permission for user: `%s` in user group: `%s`' | |
675 | % (userid, user_group.users_group_name)) |
|
679 | % (userid, user_group.users_group_name)) | |
676 |
|
680 | |||
677 |
|
681 | |||
678 | @jsonrpc_method() |
|
682 | @jsonrpc_method() | |
679 | def grant_user_group_permission_to_user_group( |
|
683 | def grant_user_group_permission_to_user_group( | |
680 | request, apiuser, usergroupid, sourceusergroupid, perm): |
|
684 | request, apiuser, usergroupid, sourceusergroupid, perm): | |
681 | """ |
|
685 | """ | |
682 | Give one user group permissions to another user group. |
|
686 | Give one user group permissions to another user group. | |
683 |
|
687 | |||
684 | :param apiuser: This is filled automatically from the |authtoken|. |
|
688 | :param apiuser: This is filled automatically from the |authtoken|. | |
685 | :type apiuser: AuthUser |
|
689 | :type apiuser: AuthUser | |
686 | :param usergroupid: Set the user group on which to edit permissions. |
|
690 | :param usergroupid: Set the user group on which to edit permissions. | |
687 | :type usergroupid: str or int |
|
691 | :type usergroupid: str or int | |
688 | :param sourceusergroupid: Set the source user group to which |
|
692 | :param sourceusergroupid: Set the source user group to which | |
689 | access/permissions will be granted. |
|
693 | access/permissions will be granted. | |
690 | :type sourceusergroupid: str or int |
|
694 | :type sourceusergroupid: str or int | |
691 | :param perm: (usergroup.(none|read|write|admin)) |
|
695 | :param perm: (usergroup.(none|read|write|admin)) | |
692 | :type perm: str |
|
696 | :type perm: str | |
693 |
|
697 | |||
694 | Example output: |
|
698 | Example output: | |
695 |
|
699 | |||
696 | .. code-block:: bash |
|
700 | .. code-block:: bash | |
697 |
|
701 | |||
698 | id : <id_given_in_input> |
|
702 | id : <id_given_in_input> | |
699 | result : { |
|
703 | result : { | |
700 | "msg": "Granted perm: `<perm_name>` for user group: `<source_user_group_name>` in user group: `<user_group_name>`", |
|
704 | "msg": "Granted perm: `<perm_name>` for user group: `<source_user_group_name>` in user group: `<user_group_name>`", | |
701 | "success": true |
|
705 | "success": true | |
702 | } |
|
706 | } | |
703 | error : null |
|
707 | error : null | |
704 | """ |
|
708 | """ | |
705 |
|
709 | |||
706 | user_group = get_user_group_or_error(sourceusergroupid) |
|
710 | user_group = get_user_group_or_error(sourceusergroupid) | |
707 | target_user_group = get_user_group_or_error(usergroupid) |
|
711 | target_user_group = get_user_group_or_error(usergroupid) | |
708 | perm = get_perm_or_error(perm, prefix='usergroup.') |
|
712 | perm = get_perm_or_error(perm, prefix='usergroup.') | |
709 |
|
713 | |||
710 | if not has_superadmin_permission(apiuser): |
|
714 | if not has_superadmin_permission(apiuser): | |
711 | # check if we have admin permission for this user group ! |
|
715 | # check if we have admin permission for this user group ! | |
712 | _perms = ('usergroup.admin',) |
|
716 | _perms = ('usergroup.admin',) | |
713 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
717 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
714 | user=apiuser, |
|
718 | user=apiuser, | |
715 | user_group_name=target_user_group.users_group_name): |
|
719 | user_group_name=target_user_group.users_group_name): | |
716 | raise JSONRPCError( |
|
720 | raise JSONRPCError( | |
717 | 'to user group `%s` does not exist' % (usergroupid,)) |
|
721 | 'to user group `%s` does not exist' % (usergroupid,)) | |
718 |
|
722 | |||
719 | # check if we have at least read permission for source user group ! |
|
723 | # check if we have at least read permission for source user group ! | |
720 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
724 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
721 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
725 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
722 | user=apiuser, user_group_name=user_group.users_group_name): |
|
726 | user=apiuser, user_group_name=user_group.users_group_name): | |
723 | raise JSONRPCError( |
|
727 | raise JSONRPCError( | |
724 | 'user group `%s` does not exist' % (sourceusergroupid,)) |
|
728 | 'user group `%s` does not exist' % (sourceusergroupid,)) | |
725 |
|
729 | |||
726 | try: |
|
730 | try: | |
727 | UserGroupModel().grant_user_group_permission( |
|
731 | UserGroupModel().grant_user_group_permission( | |
728 | target_user_group=target_user_group, |
|
732 | target_user_group=target_user_group, | |
729 | user_group=user_group, perm=perm) |
|
733 | user_group=user_group, perm=perm) | |
730 | Session().commit() |
|
734 | Session().commit() | |
731 |
|
735 | |||
732 | return { |
|
736 | return { | |
733 | 'msg': 'Granted perm: `%s` for user group: `%s` ' |
|
737 | 'msg': 'Granted perm: `%s` for user group: `%s` ' | |
734 | 'in user group: `%s`' % ( |
|
738 | 'in user group: `%s`' % ( | |
735 | perm.permission_name, user_group.users_group_name, |
|
739 | perm.permission_name, user_group.users_group_name, | |
736 | target_user_group.users_group_name |
|
740 | target_user_group.users_group_name | |
737 | ), |
|
741 | ), | |
738 | 'success': True |
|
742 | 'success': True | |
739 | } |
|
743 | } | |
740 | except Exception: |
|
744 | except Exception: | |
741 | log.exception("Error occurred during editing permissions " |
|
745 | log.exception("Error occurred during editing permissions " | |
742 | "for user group in user group") |
|
746 | "for user group in user group") | |
743 | raise JSONRPCError( |
|
747 | raise JSONRPCError( | |
744 | 'failed to edit permission for user group: `%s` in ' |
|
748 | 'failed to edit permission for user group: `%s` in ' | |
745 | 'user group: `%s`' % ( |
|
749 | 'user group: `%s`' % ( | |
746 | sourceusergroupid, target_user_group.users_group_name |
|
750 | sourceusergroupid, target_user_group.users_group_name | |
747 | ) |
|
751 | ) | |
748 | ) |
|
752 | ) | |
749 |
|
753 | |||
750 |
|
754 | |||
751 | @jsonrpc_method() |
|
755 | @jsonrpc_method() | |
752 | def revoke_user_group_permission_from_user_group( |
|
756 | def revoke_user_group_permission_from_user_group( | |
753 | request, apiuser, usergroupid, sourceusergroupid): |
|
757 | request, apiuser, usergroupid, sourceusergroupid): | |
754 | """ |
|
758 | """ | |
755 | Revoke the permissions that one user group has to another. |
|
759 | Revoke the permissions that one user group has to another. | |
756 |
|
760 | |||
757 | :param apiuser: This is filled automatically from the |authtoken|. |
|
761 | :param apiuser: This is filled automatically from the |authtoken|. | |
758 | :type apiuser: AuthUser |
|
762 | :type apiuser: AuthUser | |
759 | :param usergroupid: Set the user group on which to edit permissions. |
|
763 | :param usergroupid: Set the user group on which to edit permissions. | |
760 | :type usergroupid: str or int |
|
764 | :type usergroupid: str or int | |
761 | :param sourceusergroupid: Set the user group from which permissions |
|
765 | :param sourceusergroupid: Set the user group from which permissions | |
762 | are revoked. |
|
766 | are revoked. | |
763 | :type sourceusergroupid: str or int |
|
767 | :type sourceusergroupid: str or int | |
764 |
|
768 | |||
765 | Example output: |
|
769 | Example output: | |
766 |
|
770 | |||
767 | .. code-block:: bash |
|
771 | .. code-block:: bash | |
768 |
|
772 | |||
769 | id : <id_given_in_input> |
|
773 | id : <id_given_in_input> | |
770 | result : { |
|
774 | result : { | |
771 | "msg": "Revoked perm for user group: `<user_group_name>` in user group: `<target_user_group_name>`", |
|
775 | "msg": "Revoked perm for user group: `<user_group_name>` in user group: `<target_user_group_name>`", | |
772 | "success": true |
|
776 | "success": true | |
773 | } |
|
777 | } | |
774 | error : null |
|
778 | error : null | |
775 | """ |
|
779 | """ | |
776 |
|
780 | |||
777 | user_group = get_user_group_or_error(sourceusergroupid) |
|
781 | user_group = get_user_group_or_error(sourceusergroupid) | |
778 | target_user_group = get_user_group_or_error(usergroupid) |
|
782 | target_user_group = get_user_group_or_error(usergroupid) | |
779 |
|
783 | |||
780 | if not has_superadmin_permission(apiuser): |
|
784 | if not has_superadmin_permission(apiuser): | |
781 | # check if we have admin permission for this user group ! |
|
785 | # check if we have admin permission for this user group ! | |
782 | _perms = ('usergroup.admin',) |
|
786 | _perms = ('usergroup.admin',) | |
783 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
787 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
784 | user=apiuser, |
|
788 | user=apiuser, | |
785 | user_group_name=target_user_group.users_group_name): |
|
789 | user_group_name=target_user_group.users_group_name): | |
786 | raise JSONRPCError( |
|
790 | raise JSONRPCError( | |
787 | 'to user group `%s` does not exist' % (usergroupid,)) |
|
791 | 'to user group `%s` does not exist' % (usergroupid,)) | |
788 |
|
792 | |||
789 | # check if we have at least read permission |
|
793 | # check if we have at least read permission | |
790 | # for the source user group ! |
|
794 | # for the source user group ! | |
791 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) |
|
795 | _perms = ('usergroup.read', 'usergroup.write', 'usergroup.admin',) | |
792 | if not HasUserGroupPermissionAnyApi(*_perms)( |
|
796 | if not HasUserGroupPermissionAnyApi(*_perms)( | |
793 | user=apiuser, user_group_name=user_group.users_group_name): |
|
797 | user=apiuser, user_group_name=user_group.users_group_name): | |
794 | raise JSONRPCError( |
|
798 | raise JSONRPCError( | |
795 | 'user group `%s` does not exist' % (sourceusergroupid,)) |
|
799 | 'user group `%s` does not exist' % (sourceusergroupid,)) | |
796 |
|
800 | |||
797 | try: |
|
801 | try: | |
798 | UserGroupModel().revoke_user_group_permission( |
|
802 | UserGroupModel().revoke_user_group_permission( | |
799 | target_user_group=target_user_group, user_group=user_group) |
|
803 | target_user_group=target_user_group, user_group=user_group) | |
800 | Session().commit() |
|
804 | Session().commit() | |
801 |
|
805 | |||
802 | return { |
|
806 | return { | |
803 | 'msg': 'Revoked perm for user group: ' |
|
807 | 'msg': 'Revoked perm for user group: ' | |
804 | '`%s` in user group: `%s`' % ( |
|
808 | '`%s` in user group: `%s`' % ( | |
805 | user_group.users_group_name, |
|
809 | user_group.users_group_name, | |
806 | target_user_group.users_group_name |
|
810 | target_user_group.users_group_name | |
807 | ), |
|
811 | ), | |
808 | 'success': True |
|
812 | 'success': True | |
809 | } |
|
813 | } | |
810 | except Exception: |
|
814 | except Exception: | |
811 | log.exception("Error occurred during editing permissions " |
|
815 | log.exception("Error occurred during editing permissions " | |
812 | "for user group in user group") |
|
816 | "for user group in user group") | |
813 | raise JSONRPCError( |
|
817 | raise JSONRPCError( | |
814 | 'failed to edit permission for user group: ' |
|
818 | 'failed to edit permission for user group: ' | |
815 | '`%s` in user group: `%s`' % ( |
|
819 | '`%s` in user group: `%s`' % ( | |
816 | sourceusergroupid, target_user_group.users_group_name |
|
820 | sourceusergroupid, target_user_group.users_group_name | |
817 | ) |
|
821 | ) | |
818 | ) |
|
822 | ) |
General Comments 0
You need to be logged in to leave comments.
Login now