- Add support for super users

- Add a super user API - Add a super user interface
2014-04-10 00:26:55 -04:00 · 2014-04-10 00:26:55 -04:00 · 0e320c964f
commit 0e320c964f
parent 4d4f3b1c18
15 changed files with 524 additions and 33 deletions
--- a/endpoints/api/superuser.py
+++ b/endpoints/api/superuser.py
@ -0,0 +1,160 @@
+import logging
+import json
+
+from app import app
+
+from flask import request
+
+from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
+                           log_action, internal_only, NotFound, require_user_admin, format_date,
+                           InvalidToken, require_scope, format_date, hide_if, show_if, parse_args,
+                           query_param, abort)
+
+from endpoints.api.logs import get_logs
+
+from data import model
+from auth.permissions import SuperUserPermission
+from auth.auth_context import get_authenticated_user
+
+import features
+
+logger = logging.getLogger(__name__)
+
+@resource('/v1/superuser/logs')
+@internal_only
+@show_if(features.SUPER_USERS)
+class SuperUserLogs(ApiResource):
+  """ Resource for fetching all logs in the system. """
+  @nickname('listAllLogs')
+  @parse_args
+  @query_param('starttime', 'Earliest time from which to get logs. (%m/%d/%Y %Z)', type=str)
+  @query_param('endtime', 'Latest time to which to get logs. (%m/%d/%Y %Z)', type=str)
+  @query_param('performer', 'Username for which to filter logs.', type=str)
+  def get(self, args):
+    """ List the logs for the current system. """
+    if SuperUserPermission().can():
+      performer_name = args['performer']
+      start_time = args['starttime']
+      end_time = args['endtime']
+        
+      return get_logs(start_time, end_time)
+
+    abort(403)
+
+
+@resource('/v1/superuser/seats')
+@internal_only
+@show_if(features.SUPER_USERS)
+@hide_if(features.BILLING)
+class SeatUsage(ApiResource):
+  """ Resource for managing the seats granted in the license for the system. """
+  @nickname('getSeatCount')
+  def get(self):
+    """ Returns the current number of seats being used in the system. """
+    if SuperUserPermission().can():
+        return {
+          'count': model.get_active_user_count(),
+          'allowed': app.config.get('LICENSE_SEAT_COUNT', 0)
+        }
+
+    abort(403)
+
+
+def user_view(user):
+  return  {
+    'username': user.username,
+    'email': user.email,
+    'verified': user.verified,
+    'super_user': user.username in app.config['SUPER_USERS']
+  }
+
+@resource('/v1/superuser/users/')
+@internal_only
+@show_if(features.SUPER_USERS)
+class SuperUserList(ApiResource):
+  """ Resource for listing users in the system. """
+  @nickname('listAllUsers')
+  def get(self):
+    """ Returns a list of all users in the system. """
+    if SuperUserPermission().can():
+      users = model.get_active_users()
+      return {
+        'users': [user_view(user) for user in users]
+      }
+
+    abort(403)
+
+
+@resource('/v1/superuser/users/<username>')
+@internal_only
+@show_if(features.SUPER_USERS)
+class SuperUserManagement(ApiResource):
+  """ Resource for managing users in the system. """
+  schemas = {
+    'UpdateUser': {
+      'id': 'UpdateUser',
+      'type': 'object',
+      'description': 'Description of updates for a user',
+      'properties': {
+        'password': {
+          'type': 'string',
+          'description': 'The new password for the user',
+        },
+        'email': {
+          'type': 'string',
+          'description': 'The new e-mail address for the user',
+        }
+      },
+    },
+  }
+
+  @nickname('getInstallUser')
+  def get(self, username):
+    """ Returns information about the specified user. """
+    if SuperUserPermission().can():
+        user = model.get_user(username)
+        if not user or user.organization or user.robot:
+          abort(404)
+            
+        return user_view(user)
+
+    abort(403)
+
+  @nickname('deleteInstallUser')
+  def delete(self, username):
+    """ Deletes the specified user. """
+    if SuperUserPermission().can():
+      user = model.get_user(username)
+      if not user or user.organization or user.robot:
+        abort(404)
+
+      if username in app.config['SUPER_USERS']:
+          abort(403)
+
+      model.delete_user(user)
+      return 'Deleted', 204
+
+    abort(403)
+
+  @nickname('changeInstallUser')
+  @validate_json_request('UpdateUser')
+  def put(self, username):
+    """ Updates information about the specified user. """
+    if SuperUserPermission().can():
+        user = model.get_user(username)
+        if not user or user.organization or user.robot:
+          abort(404)
+
+        if username in app.config['SUPER_USERS']:
+          abort(403)
+
+        user_data = request.get_json()
+        if 'password' in user_data:
+          model.change_password(user, user_data['password'])
+
+        if 'email' in user_data:
+          model.update_email(user, user_data['email'])
+      
+        return user_view(user)
+
+    abort(403)