2015-06-22 22:47:27 +02:00
|
|
|
"""
|
|
|
|
.. module: service
|
|
|
|
:platform: Unix
|
|
|
|
:synopsis: This module contains all of the services level functions used to
|
|
|
|
administer roles in Lemur
|
|
|
|
|
2018-05-29 19:18:16 +02:00
|
|
|
:copyright: (c) 2018 by Netflix Inc., see AUTHORS for more
|
2015-06-22 22:47:27 +02:00
|
|
|
:license: Apache, see LICENSE for more details.
|
|
|
|
|
|
|
|
.. moduleauthor:: Kevin Glisson <kglisson@netflix.com>
|
|
|
|
"""
|
|
|
|
from lemur import database
|
|
|
|
from lemur.roles.models import Role
|
|
|
|
from lemur.users.models import User
|
2021-01-28 04:10:13 +01:00
|
|
|
from lemur.logs import service as log_service
|
2015-06-22 22:47:27 +02:00
|
|
|
|
2015-07-21 22:06:13 +02:00
|
|
|
|
2015-06-22 22:47:27 +02:00
|
|
|
def update(role_id, name, description, users):
|
|
|
|
"""
|
|
|
|
Update a role
|
|
|
|
|
|
|
|
:param role_id:
|
|
|
|
:param name:
|
|
|
|
:param description:
|
|
|
|
:param users:
|
|
|
|
:return:
|
|
|
|
"""
|
|
|
|
role = get(role_id)
|
|
|
|
role.name = name
|
|
|
|
role.description = description
|
2016-07-07 22:03:10 +02:00
|
|
|
role.users = users
|
2015-06-22 22:47:27 +02:00
|
|
|
database.update(role)
|
2021-01-28 04:10:13 +01:00
|
|
|
|
|
|
|
log_service.audit_log("update_role", name, f"Role with id {role_id} updated")
|
2015-06-22 22:47:27 +02:00
|
|
|
return role
|
|
|
|
|
|
|
|
|
2017-12-11 22:51:45 +01:00
|
|
|
def set_third_party(role_id, third_party_status=False):
|
|
|
|
"""
|
|
|
|
Sets a role to be a third party role. A user should pretty much never
|
|
|
|
call this directly.
|
|
|
|
|
|
|
|
:param role_id:
|
|
|
|
:param third_party_status:
|
|
|
|
:return:
|
|
|
|
"""
|
|
|
|
role = get(role_id)
|
|
|
|
role.third_party = third_party_status
|
|
|
|
database.update(role)
|
2021-01-28 04:10:13 +01:00
|
|
|
|
|
|
|
log_service.audit_log("update_role", role.name, f"Updated third_party_status={third_party_status}")
|
2017-12-11 22:51:45 +01:00
|
|
|
return role
|
|
|
|
|
|
|
|
|
2019-05-16 16:57:02 +02:00
|
|
|
def create(
|
|
|
|
name, password=None, description=None, username=None, users=None, third_party=False
|
|
|
|
):
|
2015-06-22 22:47:27 +02:00
|
|
|
"""
|
|
|
|
Create a new role
|
|
|
|
|
|
|
|
:param name:
|
|
|
|
:param users:
|
|
|
|
:param description:
|
|
|
|
:param username:
|
|
|
|
:param password:
|
|
|
|
:return:
|
|
|
|
"""
|
2019-05-16 16:57:02 +02:00
|
|
|
role = Role(
|
|
|
|
name=name,
|
|
|
|
description=description,
|
|
|
|
username=username,
|
|
|
|
password=password,
|
|
|
|
third_party=third_party,
|
|
|
|
)
|
2016-07-07 22:03:10 +02:00
|
|
|
|
2015-06-22 22:47:27 +02:00
|
|
|
if users:
|
2016-07-04 23:32:46 +02:00
|
|
|
role.users = users
|
2016-07-07 22:03:10 +02:00
|
|
|
|
2021-01-28 04:10:13 +01:00
|
|
|
log_service.audit_log("create_role", name, "Creating new role")
|
2015-06-22 22:47:27 +02:00
|
|
|
return database.create(role)
|
|
|
|
|
|
|
|
|
|
|
|
def get(role_id):
|
|
|
|
"""
|
|
|
|
Retrieve a role by ID
|
|
|
|
|
|
|
|
:param role_id:
|
|
|
|
:return:
|
|
|
|
"""
|
|
|
|
return database.get(Role, role_id)
|
|
|
|
|
|
|
|
|
|
|
|
def get_by_name(role_name):
|
|
|
|
"""
|
2016-12-14 18:29:04 +01:00
|
|
|
Retrieve a role by its name
|
2015-06-22 22:47:27 +02:00
|
|
|
|
|
|
|
:param role_name:
|
|
|
|
:return:
|
|
|
|
"""
|
2019-05-16 16:57:02 +02:00
|
|
|
return database.get(Role, role_name, field="name")
|
2015-06-22 22:47:27 +02:00
|
|
|
|
|
|
|
|
|
|
|
def delete(role_id):
|
|
|
|
"""
|
|
|
|
Remove a role
|
|
|
|
|
|
|
|
:param role_id:
|
|
|
|
:return:
|
|
|
|
"""
|
2021-01-28 04:10:13 +01:00
|
|
|
|
|
|
|
role = get(role_id)
|
|
|
|
log_service.audit_log("delete_role", role.name, "Deleting role")
|
|
|
|
return database.delete(role)
|
2015-06-22 22:47:27 +02:00
|
|
|
|
|
|
|
|
|
|
|
def render(args):
|
|
|
|
"""
|
|
|
|
Helper that filters subsets of roles depending on the parameters
|
|
|
|
passed to the REST Api
|
|
|
|
|
|
|
|
:param args:
|
|
|
|
:return:
|
|
|
|
"""
|
|
|
|
query = database.session_query(Role)
|
2019-05-16 16:57:02 +02:00
|
|
|
filt = args.pop("filter")
|
|
|
|
user_id = args.pop("user_id", None)
|
|
|
|
authority_id = args.pop("authority_id", None)
|
2015-06-22 22:47:27 +02:00
|
|
|
|
|
|
|
if user_id:
|
|
|
|
query = query.filter(Role.users.any(User.id == user_id))
|
|
|
|
|
|
|
|
if authority_id:
|
|
|
|
query = query.filter(Role.authority_id == authority_id)
|
|
|
|
|
|
|
|
if filt:
|
2019-05-16 16:57:02 +02:00
|
|
|
terms = filt.split(";")
|
2015-06-22 22:47:27 +02:00
|
|
|
query = database.filter(query, Role, terms)
|
|
|
|
|
2016-05-12 21:38:44 +02:00
|
|
|
return database.sort_and_page(query, Role, args)
|
2020-10-10 01:55:19 +02:00
|
|
|
|
|
|
|
|
|
|
|
def get_or_create(role_name, description):
|
|
|
|
role = get_by_name(role_name)
|
|
|
|
if not role:
|
|
|
|
role = create(name=role_name, description=description)
|
|
|
|
|
|
|
|
return role
|