diff --git a/src/caosdb/common/administration.py b/src/caosdb/common/administration.py
index 50f5a34ac9128bb1acedee1c1c6e5063f6ee5576..157518f82294257d7267b881e96d225ecce4304f 100644
--- a/src/caosdb/common/administration.py
+++ b/src/caosdb/common/administration.py
@@ -25,10 +25,11 @@
"""missing docstring."""
from lxml import etree
-from caosdb.exceptions import (ClientErrorException, AuthorizationException,
- EntityDoesNotExistError)
-from caosdb.connection.connection import get_connection
+
from caosdb.common.utils import xml2str
+from caosdb.connection.connection import get_connection
+from caosdb.exceptions import (AuthorizationException, ClientErrorException,
+ EntityDoesNotExistError)
def set_server_property(key, value):
@@ -68,8 +69,10 @@ def get_server_properties():
body = con._http_request(method="GET", path="_server_properties").response
xml = etree.parse(body)
props = dict()
+
for elem in xml.getroot():
props[elem.tag] = elem.text
+
return props
@@ -93,6 +96,7 @@ def get_server_property(key):
KeyError
If the server property is no defined.
"""
+
return get_server_properties()[key]
@@ -124,12 +128,16 @@ def _update_user(name, realm=None, password=None, status=None,
email=None, entity=None, **kwargs):
con = get_connection()
params = {}
+
if password is not None:
params["password"] = password
+
if status is not None:
params["status"] = status
+
if email is not None:
params["email"] = email
+
if entity is not None:
params["entity"] = str(entity)
try:
@@ -149,12 +157,16 @@ def _update_user(name, realm=None, password=None, status=None,
def _insert_user(name, password=None, status=None, email=None, entity=None, **kwargs):
con = get_connection()
params = {"username": name}
+
if password is not None:
params["password"] = password
+
if status is not None:
params["status"] = status
+
if email is not None:
params["email"] = email
+
if entity is not None:
params["entity"] = entity
try:
@@ -165,6 +177,7 @@ def _insert_user(name, password=None, status=None, email=None, entity=None, **kw
except ClientErrorException as e:
if e.status == 409:
e.msg = "User name is already in use."
+
if e.status == 422:
e.msg = "Maybe the password does not match the required standard?"
raise e
@@ -221,6 +234,7 @@ def _delete_role(name, **kwargs):
def _set_roles(username, roles, realm=None, **kwargs):
xml = etree.Element("Roles")
+
for r in roles:
xml.append(etree.Element("Role", name=r))
@@ -239,9 +253,11 @@ def _set_roles(username, roles, realm=None, **kwargs):
e.msg = "Role does not exist."
raise
ret = set()
+
for r in etree.fromstring(body)[0]:
if r.tag == "Role":
ret.add(r.get("name"))
+
return ret
@@ -256,9 +272,11 @@ def _get_roles(username, realm=None, **kwargs):
e.msg = "User does not exist."
raise
ret = set()
+
for r in etree.fromstring(body).xpath('/Response/Roles')[0]:
if r.tag == "Role":
ret.add(r.get("name"))
+
return ret
@@ -282,6 +300,7 @@ Returns
None
"""
xml = etree.Element("PermissionRules")
+
for p in permission_rules:
xml.append(p._to_xml())
@@ -336,8 +355,10 @@ priority : bool, optional
def _to_xml(self):
xml = etree.Element(self._action)
xml.set("permission", self._permission)
+
if self._priority is True:
xml.set("priority", "true")
+
return xml
@staticmethod
@@ -349,9 +370,11 @@ priority : bool, optional
def _parse_body(body):
xml = etree.fromstring(body)
ret = set()
+
for c in xml:
if c.tag in ["Grant", "Deny"]:
ret.add(PermissionRule._parse_element(c))
+
return ret
def __str__(self):
diff --git a/src/caosdb/utils/caosdb_admin.py b/src/caosdb/utils/caosdb_admin.py
index b3145390fc9de36da57fe3dd88996199f50a3ce7..e1253d30212f124fa07bf3dbcd2365a1e05abfdd 100755
--- a/src/caosdb/utils/caosdb_admin.py
+++ b/src/caosdb/utils/caosdb_admin.py
@@ -26,14 +26,14 @@
"""A small caosdb client with a focus on administration of the server."""
from __future__ import print_function, unicode_literals
+
import getpass
import sys
+from argparse import ArgumentParser, RawDescriptionHelpFormatter
+
import caosdb as db
from caosdb import administration as admin
-from argparse import ArgumentParser
-from argparse import RawDescriptionHelpFormatter
-
__all__ = []
__version__ = 0.3
__date__ = '2016-09-19'
@@ -58,12 +58,14 @@ def do_delete_role(args):
def do_retrieve(args):
c = None
+
if args.query:
if len(args.entities) > 1:
raise Exception("Only one query at a time can be retrieved.")
c = db.execute_query(args.entities[0], flags=eval(args.flags))
else:
c = db.Container()
+
for i in args.entities:
try:
eid = int(i)
@@ -84,6 +86,7 @@ def do_update(args):
def do_delete(args):
c = db.Container()
+
for i in args.entities:
c.append(db.Entity(id=i))
@@ -104,13 +107,16 @@ def do_insert(args):
def _promt_for_pw():
password = getpass.getpass(prompt="Please type password: ")
password2 = getpass.getpass(prompt="Please type password again: ")
+
if password != password2:
raise Exception("Password strings didn't match")
+
return password
def do_create_user(args):
password = None
+
if args.ask_password is True:
password = _promt_for_pw()
admin._insert_user(name=args.user_name,
@@ -132,6 +138,7 @@ def do_set_user_password(args):
def do_add_user_roles(args):
roles = admin._get_roles(user=args.user_name, realm=None)
+
for r in args.user_roles:
roles.add(r)
admin._set_roles(user=args.user_name, roles=roles)
@@ -139,6 +146,7 @@ def do_add_user_roles(args):
def do_remove_user_roles(args):
roles = admin._get_roles(user=args.user_name, realm=None)
+
for r in args.user_roles:
if r in roles:
roles.remove(r)
@@ -175,13 +183,16 @@ def do_retrieve_role_permissions(args):
def do_grant_role_permissions(args):
perms = admin._get_permissions(args.role_name)
+
for p in args.role_permissions:
g = admin.PermissionRule(
action="Grant", permission=p, priority=args.permissions_priority)
d = admin.PermissionRule(
action="Deny", permission=p, priority=args.permissions_priority)
+
if g in perms:
perms.remove(g)
+
if d in perms:
perms.remove(d)
perms.add(g)
@@ -190,13 +201,16 @@ def do_grant_role_permissions(args):
def do_revoke_role_permissions(args):
perms = admin._get_permissions(args.role_name)
+
for p in args.role_permissions:
g = admin.PermissionRule(
action="Grant", permission=p, priority=args.permissions_priority)
d = admin.PermissionRule(
action="Deny", permission=p, priority=args.permissions_priority)
+
if g in perms:
perms.remove(g)
+
if d in perms:
perms.remove(d)
admin._set_permissions(role=args.role_name, permission_rules=perms)
@@ -204,13 +218,16 @@ def do_revoke_role_permissions(args):
def do_deny_role_permissions(args):
perms = admin._get_permissions(args.role_name)
+
for p in args.role_permissions:
g = admin.PermissionRule(
action="Grant", permission=p, priority=args.permissions_priority)
d = admin.PermissionRule(
action="Deny", permission=p, priority=args.permissions_priority)
+
if g in perms:
perms.remove(g)
+
if d in perms:
perms.remove(d)
perms.add(d)
@@ -219,6 +236,7 @@ def do_deny_role_permissions(args):
def do_retrieve_entity_acl(args):
entities = db.execute_query(q=args.query, flags={"ACL": None})
+
for entity in entities:
print(entity.id)
print(entity.acl)
@@ -226,11 +244,13 @@ def do_retrieve_entity_acl(args):
def do_action_entity_permissions(args):
entities = db.execute_query(q=args.query, flags={"ACL": None})
+
for entity in entities:
for p in args.permissions:
getattr(entity, args.action)(role=args.role, priority=args.priority,
permission=p)
entities.update(flags={"ACL": None})
+
for entity in entities:
print(entity.id)
print(entity.acl)