Skip to content
Snippets Groups Projects
Commit 90953be6 authored by Quazgar's avatar Quazgar
Browse files

Merge branch 'f-msg-create_user' into 'dev' 

FIX: correct message was not printed

See merge request caosdb/caosdb-pylib!14
parents 77b2fa18 a6af55c2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/caosdb/common/administration.py
+ 26
3
View file @ 90953be6
...@@ -25,10 +25,11 @@ ...@@ -25,10 +25,11 @@
"""missing docstring.""" """missing docstring."""
from lxml import etree from lxml import etree
from caosdb.exceptions import (ClientErrorException, AuthorizationException,
EntityDoesNotExistError)
from caosdb.connection.connection import get_connection
from caosdb.common.utils import xml2str from caosdb.common.utils import xml2str
from caosdb.connection.connection import get_connection
from caosdb.exceptions import (AuthorizationException, ClientErrorException,
EntityDoesNotExistError)
def set_server_property(key, value): def set_server_property(key, value):
...@@ -68,8 +69,10 @@ def get_server_properties(): ...@@ -68,8 +69,10 @@ def get_server_properties():
body = con._http_request(method="GET", path="_server_properties").response body = con._http_request(method="GET", path="_server_properties").response
xml = etree.parse(body) xml = etree.parse(body)
props = dict() props = dict()
for elem in xml.getroot(): for elem in xml.getroot():
props[elem.tag] = elem.text props[elem.tag] = elem.text
return props return props
...@@ -93,6 +96,7 @@ def get_server_property(key): ...@@ -93,6 +96,7 @@ def get_server_property(key):
KeyError KeyError
If the server property is no defined. If the server property is no defined.
""" """
return get_server_properties()[key] return get_server_properties()[key]
...@@ -124,12 +128,16 @@ def _update_user(name, realm=None, password=None, status=None, ...@@ -124,12 +128,16 @@ def _update_user(name, realm=None, password=None, status=None,
email=None, entity=None, **kwargs): email=None, entity=None, **kwargs):
con = get_connection() con = get_connection()
params = {} params = {}
if password is not None: if password is not None:
params["password"] = password params["password"] = password
if status is not None: if status is not None:
params["status"] = status params["status"] = status
if email is not None: if email is not None:
params["email"] = email params["email"] = email
if entity is not None: if entity is not None:
params["entity"] = str(entity) params["entity"] = str(entity)
try: try:
...@@ -149,12 +157,16 @@ def _update_user(name, realm=None, password=None, status=None, ...@@ -149,12 +157,16 @@ def _update_user(name, realm=None, password=None, status=None,
def _insert_user(name, password=None, status=None, email=None, entity=None, **kwargs): def _insert_user(name, password=None, status=None, email=None, entity=None, **kwargs):
con = get_connection() con = get_connection()
params = {"username": name} params = {"username": name}
if password is not None: if password is not None:
params["password"] = password params["password"] = password
if status is not None: if status is not None:
params["status"] = status params["status"] = status
if email is not None: if email is not None:
params["email"] = email params["email"] = email
if entity is not None: if entity is not None:
params["entity"] = entity params["entity"] = entity
try: try:
...@@ -165,6 +177,7 @@ def _insert_user(name, password=None, status=None, email=None, entity=None, **kw ...@@ -165,6 +177,7 @@ def _insert_user(name, password=None, status=None, email=None, entity=None, **kw
except ClientErrorException as e: except ClientErrorException as e:
if e.status == 409: if e.status == 409:
e.msg = "User name is already in use." e.msg = "User name is already in use."
if e.status == 422: if e.status == 422:
e.msg = "Maybe the password does not match the required standard?" e.msg = "Maybe the password does not match the required standard?"
raise e raise e
...@@ -221,6 +234,7 @@ def _delete_role(name, **kwargs): ...@@ -221,6 +234,7 @@ def _delete_role(name, **kwargs):
def _set_roles(username, roles, realm=None, **kwargs): def _set_roles(username, roles, realm=None, **kwargs):
xml = etree.Element("Roles") xml = etree.Element("Roles")
for r in roles: for r in roles:
xml.append(etree.Element("Role", name=r)) xml.append(etree.Element("Role", name=r))
...@@ -239,9 +253,11 @@ def _set_roles(username, roles, realm=None, **kwargs): ...@@ -239,9 +253,11 @@ def _set_roles(username, roles, realm=None, **kwargs):
e.msg = "Role does not exist." e.msg = "Role does not exist."
raise raise
ret = set() ret = set()
for r in etree.fromstring(body)[0]: for r in etree.fromstring(body)[0]:
if r.tag == "Role": if r.tag == "Role":
ret.add(r.get("name")) ret.add(r.get("name"))
return ret return ret
...@@ -256,9 +272,11 @@ def _get_roles(username, realm=None, **kwargs): ...@@ -256,9 +272,11 @@ def _get_roles(username, realm=None, **kwargs):
e.msg = "User does not exist." e.msg = "User does not exist."
raise raise
ret = set() ret = set()
for r in etree.fromstring(body).xpath('/Response/Roles')[0]: for r in etree.fromstring(body).xpath('/Response/Roles')[0]:
if r.tag == "Role": if r.tag == "Role":
ret.add(r.get("name")) ret.add(r.get("name"))
return ret return ret
...@@ -282,6 +300,7 @@ Returns ...@@ -282,6 +300,7 @@ Returns
None None
""" """
xml = etree.Element("PermissionRules") xml = etree.Element("PermissionRules")
for p in permission_rules: for p in permission_rules:
xml.append(p._to_xml()) xml.append(p._to_xml())
...@@ -336,8 +355,10 @@ priority : bool, optional ...@@ -336,8 +355,10 @@ priority : bool, optional
def _to_xml(self): def _to_xml(self):
xml = etree.Element(self._action) xml = etree.Element(self._action)
xml.set("permission", self._permission) xml.set("permission", self._permission)
if self._priority is True: if self._priority is True:
xml.set("priority", "true") xml.set("priority", "true")
return xml return xml
@staticmethod @staticmethod
...@@ -349,9 +370,11 @@ priority : bool, optional ...@@ -349,9 +370,11 @@ priority : bool, optional
def _parse_body(body): def _parse_body(body):
xml = etree.fromstring(body) xml = etree.fromstring(body)
ret = set() ret = set()
for c in xml: for c in xml:
if c.tag in ["Grant", "Deny"]: if c.tag in ["Grant", "Deny"]:
ret.add(PermissionRule._parse_element(c)) ret.add(PermissionRule._parse_element(c))
return ret return ret
def __str__(self): def __str__(self):
......
src/caosdb/utils/caosdb_admin.py
+ 29
5
View file @ 90953be6
...@@ -26,13 +26,14 @@ ...@@ -26,13 +26,14 @@
"""A small caosdb client with a focus on administration of the server.""" """A small caosdb client with a focus on administration of the server."""
from __future__ import print_function, unicode_literals from __future__ import print_function, unicode_literals
import getpass import getpass
import sys import sys
from argparse import ArgumentParser, RawDescriptionHelpFormatter
import caosdb as db import caosdb as db
from caosdb import administration as admin from caosdb import administration as admin
from caosdb.exceptions import ClientErrorException
from argparse import ArgumentParser
from argparse import RawDescriptionHelpFormatter
__all__ = [] __all__ = []
__version__ = 0.3 __version__ = 0.3
...@@ -58,12 +59,14 @@ def do_delete_role(args): ...@@ -58,12 +59,14 @@ def do_delete_role(args):
def do_retrieve(args): def do_retrieve(args):
c = None c = None
if args.query: if args.query:
if len(args.entities) > 1: if len(args.entities) > 1:
raise Exception("Only one query at a time can be retrieved.") raise Exception("Only one query at a time can be retrieved.")
c = db.execute_query(args.entities[0], flags=eval(args.flags)) c = db.execute_query(args.entities[0], flags=eval(args.flags))
else: else:
c = db.Container() c = db.Container()
for i in args.entities: for i in args.entities:
try: try:
eid = int(i) eid = int(i)
...@@ -84,6 +87,7 @@ def do_update(args): ...@@ -84,6 +87,7 @@ def do_update(args):
def do_delete(args): def do_delete(args):
c = db.Container() c = db.Container()
for i in args.entities: for i in args.entities:
c.append(db.Entity(id=i)) c.append(db.Entity(id=i))
...@@ -104,17 +108,23 @@ def do_insert(args): ...@@ -104,17 +108,23 @@ def do_insert(args):
def _promt_for_pw(): def _promt_for_pw():
password = getpass.getpass(prompt="Please type password: ") password = getpass.getpass(prompt="Please type password: ")
password2 = getpass.getpass(prompt="Please type password again: ") password2 = getpass.getpass(prompt="Please type password again: ")
if password != password2: if password != password2:
raise Exception("Password strings didn't match") raise Exception("Password strings didn't match")
return password return password
def do_create_user(args): def do_create_user(args):
password = None password = None
if args.ask_password is True: if args.ask_password is True:
password = _promt_for_pw() password = _promt_for_pw()
admin._insert_user(name=args.user_name, try:
email=args.user_email, password=password) admin._insert_user(name=args.user_name,
email=args.user_email, password=password)
except ClientErrorException as e:
print(e.msg)
def do_activate_user(args): def do_activate_user(args):
...@@ -132,6 +142,7 @@ def do_set_user_password(args): ...@@ -132,6 +142,7 @@ def do_set_user_password(args):
def do_add_user_roles(args): def do_add_user_roles(args):
roles = admin._get_roles(user=args.user_name, realm=None) roles = admin._get_roles(user=args.user_name, realm=None)
for r in args.user_roles: for r in args.user_roles:
roles.add(r) roles.add(r)
admin._set_roles(user=args.user_name, roles=roles) admin._set_roles(user=args.user_name, roles=roles)
...@@ -139,6 +150,7 @@ def do_add_user_roles(args): ...@@ -139,6 +150,7 @@ def do_add_user_roles(args):
def do_remove_user_roles(args): def do_remove_user_roles(args):
roles = admin._get_roles(user=args.user_name, realm=None) roles = admin._get_roles(user=args.user_name, realm=None)
for r in args.user_roles: for r in args.user_roles:
if r in roles: if r in roles:
roles.remove(r) roles.remove(r)
...@@ -175,13 +187,16 @@ def do_retrieve_role_permissions(args): ...@@ -175,13 +187,16 @@ def do_retrieve_role_permissions(args):
def do_grant_role_permissions(args): def do_grant_role_permissions(args):
perms = admin._get_permissions(args.role_name) perms = admin._get_permissions(args.role_name)
for p in args.role_permissions: for p in args.role_permissions:
g = admin.PermissionRule( g = admin.PermissionRule(
action="Grant", permission=p, priority=args.permissions_priority) action="Grant", permission=p, priority=args.permissions_priority)
d = admin.PermissionRule( d = admin.PermissionRule(
action="Deny", permission=p, priority=args.permissions_priority) action="Deny", permission=p, priority=args.permissions_priority)
if g in perms: if g in perms:
perms.remove(g) perms.remove(g)
if d in perms: if d in perms:
perms.remove(d) perms.remove(d)
perms.add(g) perms.add(g)
...@@ -190,13 +205,16 @@ def do_grant_role_permissions(args): ...@@ -190,13 +205,16 @@ def do_grant_role_permissions(args):
def do_revoke_role_permissions(args): def do_revoke_role_permissions(args):
perms = admin._get_permissions(args.role_name) perms = admin._get_permissions(args.role_name)
for p in args.role_permissions: for p in args.role_permissions:
g = admin.PermissionRule( g = admin.PermissionRule(
action="Grant", permission=p, priority=args.permissions_priority) action="Grant", permission=p, priority=args.permissions_priority)
d = admin.PermissionRule( d = admin.PermissionRule(
action="Deny", permission=p, priority=args.permissions_priority) action="Deny", permission=p, priority=args.permissions_priority)
if g in perms: if g in perms:
perms.remove(g) perms.remove(g)
if d in perms: if d in perms:
perms.remove(d) perms.remove(d)
admin._set_permissions(role=args.role_name, permission_rules=perms) admin._set_permissions(role=args.role_name, permission_rules=perms)
...@@ -204,13 +222,16 @@ def do_revoke_role_permissions(args): ...@@ -204,13 +222,16 @@ def do_revoke_role_permissions(args):
def do_deny_role_permissions(args): def do_deny_role_permissions(args):
perms = admin._get_permissions(args.role_name) perms = admin._get_permissions(args.role_name)
for p in args.role_permissions: for p in args.role_permissions:
g = admin.PermissionRule( g = admin.PermissionRule(
action="Grant", permission=p, priority=args.permissions_priority) action="Grant", permission=p, priority=args.permissions_priority)
d = admin.PermissionRule( d = admin.PermissionRule(
action="Deny", permission=p, priority=args.permissions_priority) action="Deny", permission=p, priority=args.permissions_priority)
if g in perms: if g in perms:
perms.remove(g) perms.remove(g)
if d in perms: if d in perms:
perms.remove(d) perms.remove(d)
perms.add(d) perms.add(d)
...@@ -219,6 +240,7 @@ def do_deny_role_permissions(args): ...@@ -219,6 +240,7 @@ def do_deny_role_permissions(args):
def do_retrieve_entity_acl(args): def do_retrieve_entity_acl(args):
entities = db.execute_query(q=args.query, flags={"ACL": None}) entities = db.execute_query(q=args.query, flags={"ACL": None})
for entity in entities: for entity in entities:
print(entity.id) print(entity.id)
print(entity.acl) print(entity.acl)
...@@ -226,11 +248,13 @@ def do_retrieve_entity_acl(args): ...@@ -226,11 +248,13 @@ def do_retrieve_entity_acl(args):
def do_action_entity_permissions(args): def do_action_entity_permissions(args):
entities = db.execute_query(q=args.query, flags={"ACL": None}) entities = db.execute_query(q=args.query, flags={"ACL": None})
for entity in entities: for entity in entities:
for p in args.permissions: for p in args.permissions:
getattr(entity, args.action)(role=args.role, priority=args.priority, getattr(entity, args.action)(role=args.role, priority=args.priority,
permission=p) permission=p)
entities.update(flags={"ACL": None}) entities.update(flags={"ACL": None})
for entity in entities: for entity in entities:
print(entity.id) print(entity.id)
print(entity.acl) print(entity.acl)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment