Infra
/
lemur
5
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
lemur/lemur/users/views.py

402 lines
11 KiB
Python
Raw Normal View History

initial commit
2015-06-22 22:47:27 +02:00
"""
.. module: lemur.user.views
:platform: Unix
:copyright: (c) 2015 by Netflix Inc., see AUTHORS for more
:license: Apache, see LICENSE for more details.
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
"""
from flask import g, Blueprint
from flask.ext.restful import reqparse, Api, fields
from lemur.users import service
from lemur.certificates import service as certificate_service
from lemur.roles import service as role_service
from lemur.auth.service import AuthenticatedResource
from lemur.auth.permissions import admin_permission
from lemur.common.utils import marshal_items, paginated_parser
mod = Blueprint('users', __name__)
api = Api(mod)
FIELDS = {
'username': fields.String,
'active': fields.Boolean,
'email': fields.String,
'profileImage': fields.String(attribute='profile_picture'),
'id': fields.Integer,
}
def roles(values):
"""
Validate that the passed in roles exist.
:param values:
:return: :raise ValueError:
"""
rs = []
for role in values:
r = role_service.get(role['id'])
if not r:
raise ValueError("Role {0} does not exist".format(role['name']))
rs.append(r)
return rs
class UsersList(AuthenticatedResource):
""" Defines the 'users' endpoint """
def __init__(self):
self.reqparse = reqparse.RequestParser()
super(UsersList, self).__init__()
@marshal_items(FIELDS)
def get(self):
"""
.. http:get:: /users
The current user list
**Example request**:
.. sourcecode:: http
GET /users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"items": [
{
"id": 2,
"active": True,
"email": "user2@example.com",
"username": "user2",
"profileImage": null
},
{
"id": 1,
"active": False,
"email": "user1@example.com",
"username": "user1",
"profileImage": null
}
]
"total": 2
}
:query sortBy: field to sort on
:query sortDir: acs or desc
:query page: int. default is 1
:query filter: key value pair. format is k=v;
:query limit: limit number. default is 10
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
parser = paginated_parser.copy()
parser.add_argument('owner', type=str, location='args')
parser.add_argument('id', type=str, location='args')
args = parser.parse_args()
return service.render(args)
@admin_permission.require(http_exception=403)
@marshal_items(FIELDS)
def post(self):
"""
.. http:post:: /users
Creates a new user
**Example request**:
.. sourcecode:: http
POST /users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"username": "user3",
"email": "user3@example.com",
"active": true,
"roles": []
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 3,
"active": True,
"email": "user3@example.com,
"username": "user3",
"profileImage": null
}
:arg username: username for new user
:arg email: email address for new user
:arg password: password for new user
:arg active: boolean, if the user is currently active
:arg roles: list, roles that the user should be apart of
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
self.reqparse.add_argument('username', type=str, location='json', required=True)
self.reqparse.add_argument('email', type=str, location='json', required=True)
Add Google SSO This pull request adds Google SSO support. There are two main changes: 1. Add the Google auth view resource 2. Make passwords optional when creating a new user. This allows an admin to create a user without a password so that they can only login via Google.
2015-12-22 00:34:07 +01:00
self.reqparse.add_argument('password', type=str, location='json', default=None)
initial commit
2015-06-22 22:47:27 +02:00
self.reqparse.add_argument('active', type=bool, default=True, location='json')
self.reqparse.add_argument('roles', type=roles, default=[], location='json')
args = self.reqparse.parse_args()
return service.create(args['username'], args['password'], args['email'], args['active'], None, args['roles'])
class Users(AuthenticatedResource):
def __init__(self):
self.reqparse = reqparse.RequestParser()
super(Users, self).__init__()
@marshal_items(FIELDS)
def get(self, user_id):
"""
.. http:get:: /users/1
Get a specific user
**Example request**:
.. sourcecode:: http
GET /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"active": false,
"email": "user1@example.com",
"username": "user1",
"profileImage": null
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return service.get(user_id)
@admin_permission.require(http_exception=403)
@marshal_items(FIELDS)
def put(self, user_id):
"""
.. http:put:: /users/1
Update a user
**Example request**:
.. sourcecode:: http
PUT /users/1 HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
{
"username": "user1",
"email": "user1@example.com",
"active": false,
"roles": []
}
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"username": "user1",
"email": "user1@example.com",
"active": false,
"profileImage": null
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
self.reqparse.add_argument('username', type=str, location='json', required=True)
self.reqparse.add_argument('email', type=str, location='json', required=True)
self.reqparse.add_argument('active', type=bool, location='json', required=True)
self.reqparse.add_argument('roles', type=roles, default=[], location='json', required=True)
args = self.reqparse.parse_args()
return service.update(user_id, args['username'], args['email'], args['active'], None, args['roles'])
class CertificateUsers(AuthenticatedResource):
def __init__(self):
self.reqparse = reqparse.RequestParser()
super(CertificateUsers, self).__init__()
@marshal_items(FIELDS)
def get(self, certificate_id):
"""
.. http:get:: /certificates/1/creator
Get a certificate's creator
**Example request**:
.. sourcecode:: http
GET /certificates/1/creator HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"active": false,
"email": "user1@example.com",
"username": "user1",
"profileImage": null
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return certificate_service.get(certificate_id).user
class RoleUsers(AuthenticatedResource):
def __init__(self):
self.reqparse = reqparse.RequestParser()
super(RoleUsers, self).__init__()
@marshal_items(FIELDS)
def get(self, role_id):
"""
.. http:get:: /roles/1/users
Get all users associated with a role
**Example request**:
.. sourcecode:: http
GET /roles/1/users HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"items": [
{
"id": 2,
"active": True,
"email": "user2@example.com",
"username": "user2",
"profileImage": null
},
{
"id": 1,
"active": False,
"email": "user1@example.com",
"username": "user1",
"profileImage": null
}
]
"total": 2
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return role_service.get(role_id).users
class Me(AuthenticatedResource):
def __init__(self):
super(Me, self).__init__()
@marshal_items(FIELDS)
def get(self):
"""
.. http:get:: /auth/me
Get the currently authenticated user
**Example request**:
.. sourcecode:: http
GET /auth/me HTTP/1.1
Host: example.com
Accept: application/json, text/javascript
**Example response**:
.. sourcecode:: http
HTTP/1.1 200 OK
Vary: Accept
Content-Type: text/javascript
{
"id": 1,
"active": false,
"email": "user1@example.com",
"username": "user1",
"profileImage": null
}
:reqheader Authorization: OAuth token to authenticate
:statuscode 200: no error
"""
return g.current_user.as_dict()
api.add_resource(Me, '/auth/me', endpoint='me')
api.add_resource(UsersList, '/users', endpoint='users')
api.add_resource(Users, '/users/<int:user_id>', endpoint='user')
api.add_resource(CertificateUsers, '/certificates/<int:certificate_id>/creator', endpoint='certificateCreator')
api.add_resource(RoleUsers, '/roles/<int:role_id>/users', endpoint='roleUsers')