Coverage for src/edwh_auth_rbac/rbac.py: 56%
88 statements
« prev ^ index » next coverage.py v7.5.1, created at 2024-05-16 17:13 +0200
« prev ^ index » next coverage.py v7.5.1, created at 2024-05-16 17:13 +0200
1import logging
3from pydal import DAL
4from . import model
5from .model import Password, key_lookup, DEFAULT_STARTS, DEFAULT_ENDS, unstr_datetime, DEFAULT
7_pylog = logging.getLogger(__name__)
8_pylog.setLevel(logging.INFO)
11class AuthRbac:
12 name = 'auth_rbac'
14 def __init__(self, db: DAL):
15 self.db = db
17 @staticmethod
18 def _error(msg):
19 print('ERROR:', msg)
21 # gebruik event en rpc live templates (mobiel)
23 def add_user(self, email, firstname, fullname, password, member_of):
24 # check if exists
25 email = email.lower().strip()
26 user = model.get_user(self.db, email)
27 if user:
28 raise ValueError('User already exists')
29 else:
30 object_id = model.add_identity(self.db, email, password, member_of, firstname=firstname, fullname=fullname,
31 object_type='user')
32 rec = model.get_user(self.db, object_id)
33 return dict(
34 object_id=rec.object_id,
35 email=rec.email,
36 firstname=rec.firstname,
37 fullname=rec.fullname,
38 )
40 def add_item(self, email, name, password, member_of):
41 # check if exists
42 email = email.lower().strip()
43 item = model.get_identity(self.db, email, 'item')
44 if item:
45 raise ValueError('Item already exists')
46 else:
47 object_id = model.add_identity(self.db, email, name, None, password, member_of, object_type='item')
48 rec = model.get_identity(self.db, object_id, object_type='item')
49 return dict(
50 object_id=rec.object_id,
51 email=rec.email,
52 name=rec.firstname
53 )
55 def add_identity(self, email, name, password, member_of, object_type):
56 # check if exists
57 email = email.lower().strip()
58 if not isinstance(object_type, str):
59 raise ValueError('object_type should be a string')
60 identity = model.get_identity(self.db, email, object_type)
61 if identity:
62 raise ValueError('Item already exists')
63 else:
64 object_id = model.add_identity(self.db, email, name, None, password, member_of, object_type=object_type)
65 rec = model.get_identity(self.db, object_id, object_type=object_type)
66 return dict(
67 object_id=rec.object_id,
68 email=rec.email,
69 name=rec.name
70 )
72 def add_group(self, email, name, member_of):
73 # check if exists
74 email = email.lower().strip()
75 group = model.get_group(self.db, email)
76 if group:
77 raise ValueError('Group already exists')
78 else:
79 object_id = model.add_group(self.db, email, name, member_of)
80 rec = model.get_group(self.db, object_id)
81 return dict(
82 object_id=rec.object_id,
83 email=rec.email,
84 name=rec.firstname
85 )
87 def update_identity(self, object_id, email=None, name=None, firstname=None, lastname=None, fullname=None,
88 password=None):
89 user = model.get_identity(self.db, object_id)
90 user.update_record(
91 email=email.lower().strip() if email else user.email,
92 firstname=name if name else firstname if firstname else user.firstname,
93 lastname=lastname if lastname else user.lastname,
94 fullname=fullname if fullname else user.fullname,
95 password=Password.encode(password) if password else user.encoded_password,
96 )
97 self.db.commit()
99 def get_user(self, key, return_memberhips=False):
100 rec = model.get_user(self.db, key)
101 result = dict(
102 object_id=rec.object_id,
103 email=rec.email,
104 firstname=rec.firstname,
105 fullname=rec.fullname,
106 )
107 if return_memberhips:
108 result['memberships'] = [dict(
109 object_id=m.object_id,
110 object_type=m.object_type,
111 email=m.email,
112 firstname=m.firstname,
113 fullname=m.fullname,
114 ) for m in model.get_memberships(self.db, rec.object_id, bare=False)]
115 return result
117 def get_group(self, key, return_members=True):
118 group_rec = model.get_group(self.db, key)
119 members = []
120 if return_members:
121 members = model.get_members(self.db, group_rec.object_id, bare=False)
122 members = [
123 dict(
124 object_id=member.object_id,
125 object_type=member.object_type,
126 email=member.email,
127 name=member.firstname,
128 )
129 for member in members
130 ]
132 result = dict(
133 object_id=group_rec.object_id,
134 email=group_rec.email,
135 name=group_rec.firstname
136 )
137 if return_members:
138 result['members'] = members
139 return result
141 def authenticate_user(self, key, password):
142 return model.authenticate_user(self.db, key=key, password=password)
144 def add_membership(self, identity_key, group_key):
145 return model.add_membership(self.db, identity_key, group_key)
147 def remove_membership(self, identity_key, group_key):
148 return model.remove_membership(self.db, identity_key, group_key)
150 def has_membership(self, user_or_group_key, group_key):
151 key = key_lookup(self.db, user_or_group_key)
152 group = key_lookup(self.db, group_key)
153 memberships = [m.object_id for m in model.get_memberships(self.db, key, bare=False)]
154 return group in memberships
156 def add_permission(self, identity_key, target_oid, privilege, starts=DEFAULT_STARTS, ends=DEFAULT_ENDS):
157 starts = unstr_datetime(starts)
158 ends = unstr_datetime(ends)
159 model.add_permission(self.db, identity_key, target_oid, privilege, starts, ends)
161 def has_permission(self, identity_key, target_oid, privilege, when=None):
162 when = DEFAULT if when is None else unstr_datetime(when)
163 return model.has_permission(self.db, identity_key, target_oid, privilege, when)
165 def remove_permission(self, identity_key, target_oid, privilege, when=None):
166 when = DEFAULT if when is None else unstr_datetime(when)
167 return model.remove_permission(self.db, identity_key, target_oid, privilege, when=when)