Coverage for src/edwh_auth_rbac/rbac.py: 56%

88 statements  

« prev     ^ index     » next       coverage.py v7.5.1, created at 2024-05-16 17:13 +0200

1import logging 

2 

3from pydal import DAL 

4from . import model 

5from .model import Password, key_lookup, DEFAULT_STARTS, DEFAULT_ENDS, unstr_datetime, DEFAULT 

6 

7_pylog = logging.getLogger(__name__) 

8_pylog.setLevel(logging.INFO) 

9 

10 

11class AuthRbac: 

12 name = 'auth_rbac' 

13 

14 def __init__(self, db: DAL): 

15 self.db = db 

16 

17 @staticmethod 

18 def _error(msg): 

19 print('ERROR:', msg) 

20 

21 # gebruik event en rpc live templates (mobiel) 

22 

23 def add_user(self, email, firstname, fullname, password, member_of): 

24 # check if exists 

25 email = email.lower().strip() 

26 user = model.get_user(self.db, email) 

27 if user: 

28 raise ValueError('User already exists') 

29 else: 

30 object_id = model.add_identity(self.db, email, password, member_of, firstname=firstname, fullname=fullname, 

31 object_type='user') 

32 rec = model.get_user(self.db, object_id) 

33 return dict( 

34 object_id=rec.object_id, 

35 email=rec.email, 

36 firstname=rec.firstname, 

37 fullname=rec.fullname, 

38 ) 

39 

40 def add_item(self, email, name, password, member_of): 

41 # check if exists 

42 email = email.lower().strip() 

43 item = model.get_identity(self.db, email, 'item') 

44 if item: 

45 raise ValueError('Item already exists') 

46 else: 

47 object_id = model.add_identity(self.db, email, name, None, password, member_of, object_type='item') 

48 rec = model.get_identity(self.db, object_id, object_type='item') 

49 return dict( 

50 object_id=rec.object_id, 

51 email=rec.email, 

52 name=rec.firstname 

53 ) 

54 

55 def add_identity(self, email, name, password, member_of, object_type): 

56 # check if exists 

57 email = email.lower().strip() 

58 if not isinstance(object_type, str): 

59 raise ValueError('object_type should be a string') 

60 identity = model.get_identity(self.db, email, object_type) 

61 if identity: 

62 raise ValueError('Item already exists') 

63 else: 

64 object_id = model.add_identity(self.db, email, name, None, password, member_of, object_type=object_type) 

65 rec = model.get_identity(self.db, object_id, object_type=object_type) 

66 return dict( 

67 object_id=rec.object_id, 

68 email=rec.email, 

69 name=rec.name 

70 ) 

71 

72 def add_group(self, email, name, member_of): 

73 # check if exists 

74 email = email.lower().strip() 

75 group = model.get_group(self.db, email) 

76 if group: 

77 raise ValueError('Group already exists') 

78 else: 

79 object_id = model.add_group(self.db, email, name, member_of) 

80 rec = model.get_group(self.db, object_id) 

81 return dict( 

82 object_id=rec.object_id, 

83 email=rec.email, 

84 name=rec.firstname 

85 ) 

86 

87 def update_identity(self, object_id, email=None, name=None, firstname=None, lastname=None, fullname=None, 

88 password=None): 

89 user = model.get_identity(self.db, object_id) 

90 user.update_record( 

91 email=email.lower().strip() if email else user.email, 

92 firstname=name if name else firstname if firstname else user.firstname, 

93 lastname=lastname if lastname else user.lastname, 

94 fullname=fullname if fullname else user.fullname, 

95 password=Password.encode(password) if password else user.encoded_password, 

96 ) 

97 self.db.commit() 

98 

99 def get_user(self, key, return_memberhips=False): 

100 rec = model.get_user(self.db, key) 

101 result = dict( 

102 object_id=rec.object_id, 

103 email=rec.email, 

104 firstname=rec.firstname, 

105 fullname=rec.fullname, 

106 ) 

107 if return_memberhips: 

108 result['memberships'] = [dict( 

109 object_id=m.object_id, 

110 object_type=m.object_type, 

111 email=m.email, 

112 firstname=m.firstname, 

113 fullname=m.fullname, 

114 ) for m in model.get_memberships(self.db, rec.object_id, bare=False)] 

115 return result 

116 

117 def get_group(self, key, return_members=True): 

118 group_rec = model.get_group(self.db, key) 

119 members = [] 

120 if return_members: 

121 members = model.get_members(self.db, group_rec.object_id, bare=False) 

122 members = [ 

123 dict( 

124 object_id=member.object_id, 

125 object_type=member.object_type, 

126 email=member.email, 

127 name=member.firstname, 

128 ) 

129 for member in members 

130 ] 

131 

132 result = dict( 

133 object_id=group_rec.object_id, 

134 email=group_rec.email, 

135 name=group_rec.firstname 

136 ) 

137 if return_members: 

138 result['members'] = members 

139 return result 

140 

141 def authenticate_user(self, key, password): 

142 return model.authenticate_user(self.db, key=key, password=password) 

143 

144 def add_membership(self, identity_key, group_key): 

145 return model.add_membership(self.db, identity_key, group_key) 

146 

147 def remove_membership(self, identity_key, group_key): 

148 return model.remove_membership(self.db, identity_key, group_key) 

149 

150 def has_membership(self, user_or_group_key, group_key): 

151 key = key_lookup(self.db, user_or_group_key) 

152 group = key_lookup(self.db, group_key) 

153 memberships = [m.object_id for m in model.get_memberships(self.db, key, bare=False)] 

154 return group in memberships 

155 

156 def add_permission(self, identity_key, target_oid, privilege, starts=DEFAULT_STARTS, ends=DEFAULT_ENDS): 

157 starts = unstr_datetime(starts) 

158 ends = unstr_datetime(ends) 

159 model.add_permission(self.db, identity_key, target_oid, privilege, starts, ends) 

160 

161 def has_permission(self, identity_key, target_oid, privilege, when=None): 

162 when = DEFAULT if when is None else unstr_datetime(when) 

163 return model.has_permission(self.db, identity_key, target_oid, privilege, when) 

164 

165 def remove_permission(self, identity_key, target_oid, privilege, when=None): 

166 when = DEFAULT if when is None else unstr_datetime(when) 

167 return model.remove_permission(self.db, identity_key, target_oid, privilege, when=when)