Add ability to regenerate robot account credentials

2014-08-25 17:19:23 -04:00 · 2014-08-25 17:19:23 -04:00 · a129aac94b
commit a129aac94b
parent 837630359c
11 changed files with 307 additions and 8 deletions
--- a/endpoints/api/robot.py
+++ b/endpoints/api/robot.py
@ -35,6 +35,14 @@ class UserRobotList(ApiResource):
@internal_only
 class UserRobot(ApiResource):
  """ Resource for managing a user's robots. """
+  @require_user_admin
+  @nickname('getUserRobot')
+  def get(self, robot_shortname):
+    """ Returns the user's robot with the specified name. """
+    parent = get_authenticated_user()
+    robot, password = model.get_robot(robot_shortname, parent)
+    return robot_view(robot.username, password)
+
  @require_user_admin
  @nickname('createUserRobot')
  def put(self, robot_shortname):
@ -79,6 +87,18 @@ class OrgRobotList(ApiResource):
@related_user_resource(UserRobot)
 class OrgRobot(ApiResource):
  """ Resource for managing an organization's robots. """
+  @require_scope(scopes.ORG_ADMIN)
+  @nickname('getOrgRobot')
+  def get(self, orgname, robot_shortname):
+    """ Returns the organization's robot with the specified name. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      parent = model.get_organization(orgname)
+      robot, password = model.get_robot(robot_shortname, parent)
+      return robot_view(robot.username, password)
+    
+    raise Unauthorized()
+
  @require_scope(scopes.ORG_ADMIN)
  @nickname('createOrgRobot')
  def put(self, orgname, robot_shortname):
@ -103,3 +123,38 @@ class OrgRobot(ApiResource):
      return 'Deleted', 204

    raise Unauthorized()
+
+
+@resource('/v1/user/robots/<robot_shortname>/regenerate')
+@path_param('robot_shortname', 'The short name for the robot, without any user or organization prefix')
+@internal_only
+class RegenerateUserRobot(ApiResource):
+  """ Resource for regenerate an organization's robot's token. """
+  @require_user_admin
+  @nickname('regenerateUserRobotToken')
+  def post(self, robot_shortname):
+    """ Regenerates the token for a user's robot. """
+    parent = get_authenticated_user()
+    robot, password = model.regenerate_robot_token(robot_shortname, parent)
+    log_action('regenerate_robot_token', parent.username,  {'robot': robot_shortname})
+    return robot_view(robot.username, password)
+
+
+@resource('/v1/organization/<orgname>/robots/<robot_shortname>/regenerate')
+@path_param('orgname', 'The name of the organization')
+@path_param('robot_shortname', 'The short name for the robot, without any user or organization prefix')
+@related_user_resource(RegenerateUserRobot)
+class RegenerateOrgRobot(ApiResource):
+  """ Resource for regenerate an organization's robot's token. """
+  @require_scope(scopes.ORG_ADMIN)
+  @nickname('regenerateOrgRobotToken')
+  def post(self, orgname, robot_shortname):
+    """ Regenerates the token for an organization robot. """
+    permission = AdministerOrganizationPermission(orgname)
+    if permission.can():
+      parent = model.get_organization(orgname)
+      robot, password = model.regenerate_robot_token(robot_shortname, parent)
+      log_action('regenerate_robot_token', orgname,  {'robot': robot_shortname})
+      return robot_view(robot.username, password)
+
+    raise Unauthorized()