import logging import json from app import app from flask import request from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error, log_action, internal_only, NotFound, require_user_admin, format_date, InvalidToken, require_scope, format_date, hide_if, show_if, parse_args, query_param, abort) from endpoints.api.logs import get_logs from data import model from auth.permissions import SuperUserPermission from auth.auth_context import get_authenticated_user import features logger = logging.getLogger(__name__) @resource('/v1/superuser/logs') @internal_only @show_if(features.SUPER_USERS) class SuperUserLogs(ApiResource): """ Resource for fetching all logs in the system. """ @nickname('listAllLogs') @parse_args @query_param('starttime', 'Earliest time from which to get logs. (%m/%d/%Y %Z)', type=str) @query_param('endtime', 'Latest time to which to get logs. (%m/%d/%Y %Z)', type=str) @query_param('performer', 'Username for which to filter logs.', type=str) def get(self, args): """ List the logs for the current system. """ if SuperUserPermission().can(): performer_name = args['performer'] start_time = args['starttime'] end_time = args['endtime'] return get_logs(start_time, end_time) abort(403) @resource('/v1/superuser/seats') @internal_only @show_if(features.SUPER_USERS) @hide_if(features.BILLING) class SeatUsage(ApiResource): """ Resource for managing the seats granted in the license for the system. """ @nickname('getSeatCount') def get(self): """ Returns the current number of seats being used in the system. """ if SuperUserPermission().can(): return { 'count': model.get_active_user_count(), 'allowed': app.config.get('LICENSE_USER_LIMIT', 0) } abort(403) def user_view(user): return { 'username': user.username, 'email': user.email, 'verified': user.verified, 'super_user': user.username in app.config['SUPER_USERS'] } @resource('/v1/superuser/users/') @internal_only @show_if(features.SUPER_USERS) class SuperUserList(ApiResource): """ Resource for listing users in the system. """ @nickname('listAllUsers') def get(self): """ Returns a list of all users in the system. """ if SuperUserPermission().can(): users = model.get_active_users() return { 'users': [user_view(user) for user in users] } abort(403) @resource('/v1/superuser/users/') @internal_only @show_if(features.SUPER_USERS) class SuperUserManagement(ApiResource): """ Resource for managing users in the system. """ schemas = { 'UpdateUser': { 'id': 'UpdateUser', 'type': 'object', 'description': 'Description of updates for a user', 'properties': { 'password': { 'type': 'string', 'description': 'The new password for the user', }, 'email': { 'type': 'string', 'description': 'The new e-mail address for the user', } }, }, } @nickname('getInstallUser') def get(self, username): """ Returns information about the specified user. """ if SuperUserPermission().can(): user = model.get_user(username) if not user or user.organization or user.robot: abort(404) return user_view(user) abort(403) @nickname('deleteInstallUser') def delete(self, username): """ Deletes the specified user. """ if SuperUserPermission().can(): user = model.get_user(username) if not user or user.organization or user.robot: abort(404) if username in app.config['SUPER_USERS']: abort(403) model.delete_user(user) return 'Deleted', 204 abort(403) @nickname('changeInstallUser') @validate_json_request('UpdateUser') def put(self, username): """ Updates information about the specified user. """ if SuperUserPermission().can(): user = model.get_user(username) if not user or user.organization or user.robot: abort(404) if username in app.config['SUPER_USERS']: abort(403) user_data = request.get_json() if 'password' in user_data: model.change_password(user, user_data['password']) if 'email' in user_data: model.update_email(user, user_data['email']) return user_view(user) abort(403)