160 lines
		
	
	
	
		
			4.4 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			160 lines
		
	
	
	
		
			4.4 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| import logging
 | |
| import json
 | |
| 
 | |
| from app import app
 | |
| 
 | |
| from flask import request
 | |
| 
 | |
| from endpoints.api import (ApiResource, nickname, resource, validate_json_request, request_error,
 | |
|                            log_action, internal_only, NotFound, require_user_admin, format_date,
 | |
|                            InvalidToken, require_scope, format_date, hide_if, show_if, parse_args,
 | |
|                            query_param, abort)
 | |
| 
 | |
| from endpoints.api.logs import get_logs
 | |
| 
 | |
| from data import model
 | |
| from auth.permissions import SuperUserPermission
 | |
| from auth.auth_context import get_authenticated_user
 | |
| 
 | |
| import features
 | |
| 
 | |
| logger = logging.getLogger(__name__)
 | |
| 
 | |
| @resource('/v1/superuser/logs')
 | |
| @internal_only
 | |
| @show_if(features.SUPER_USERS)
 | |
| class SuperUserLogs(ApiResource):
 | |
|   """ Resource for fetching all logs in the system. """
 | |
|   @nickname('listAllLogs')
 | |
|   @parse_args
 | |
|   @query_param('starttime', 'Earliest time from which to get logs. (%m/%d/%Y %Z)', type=str)
 | |
|   @query_param('endtime', 'Latest time to which to get logs. (%m/%d/%Y %Z)', type=str)
 | |
|   @query_param('performer', 'Username for which to filter logs.', type=str)
 | |
|   def get(self, args):
 | |
|     """ List the logs for the current system. """
 | |
|     if SuperUserPermission().can():
 | |
|       performer_name = args['performer']
 | |
|       start_time = args['starttime']
 | |
|       end_time = args['endtime']
 | |
|         
 | |
|       return get_logs(start_time, end_time)
 | |
| 
 | |
|     abort(403)
 | |
| 
 | |
| 
 | |
| @resource('/v1/superuser/seats')
 | |
| @internal_only
 | |
| @show_if(features.SUPER_USERS)
 | |
| @hide_if(features.BILLING)
 | |
| class SeatUsage(ApiResource):
 | |
|   """ Resource for managing the seats granted in the license for the system. """
 | |
|   @nickname('getSeatCount')
 | |
|   def get(self):
 | |
|     """ Returns the current number of seats being used in the system. """
 | |
|     if SuperUserPermission().can():
 | |
|         return {
 | |
|           'count': model.get_active_user_count(),
 | |
|           'allowed': app.config.get('LICENSE_SEAT_COUNT', 0)
 | |
|         }
 | |
| 
 | |
|     abort(403)
 | |
| 
 | |
| 
 | |
| def user_view(user):
 | |
|   return  {
 | |
|     'username': user.username,
 | |
|     'email': user.email,
 | |
|     'verified': user.verified,
 | |
|     'super_user': user.username in app.config['SUPER_USERS']
 | |
|   }
 | |
| 
 | |
| @resource('/v1/superuser/users/')
 | |
| @internal_only
 | |
| @show_if(features.SUPER_USERS)
 | |
| class SuperUserList(ApiResource):
 | |
|   """ Resource for listing users in the system. """
 | |
|   @nickname('listAllUsers')
 | |
|   def get(self):
 | |
|     """ Returns a list of all users in the system. """
 | |
|     if SuperUserPermission().can():
 | |
|       users = model.get_active_users()
 | |
|       return {
 | |
|         'users': [user_view(user) for user in users]
 | |
|       }
 | |
| 
 | |
|     abort(403)
 | |
| 
 | |
| 
 | |
| @resource('/v1/superuser/users/<username>')
 | |
| @internal_only
 | |
| @show_if(features.SUPER_USERS)
 | |
| class SuperUserManagement(ApiResource):
 | |
|   """ Resource for managing users in the system. """
 | |
|   schemas = {
 | |
|     'UpdateUser': {
 | |
|       'id': 'UpdateUser',
 | |
|       'type': 'object',
 | |
|       'description': 'Description of updates for a user',
 | |
|       'properties': {
 | |
|         'password': {
 | |
|           'type': 'string',
 | |
|           'description': 'The new password for the user',
 | |
|         },
 | |
|         'email': {
 | |
|           'type': 'string',
 | |
|           'description': 'The new e-mail address for the user',
 | |
|         }
 | |
|       },
 | |
|     },
 | |
|   }
 | |
| 
 | |
|   @nickname('getInstallUser')
 | |
|   def get(self, username):
 | |
|     """ Returns information about the specified user. """
 | |
|     if SuperUserPermission().can():
 | |
|         user = model.get_user(username)
 | |
|         if not user or user.organization or user.robot:
 | |
|           abort(404)
 | |
|             
 | |
|         return user_view(user)
 | |
| 
 | |
|     abort(403)
 | |
| 
 | |
|   @nickname('deleteInstallUser')
 | |
|   def delete(self, username):
 | |
|     """ Deletes the specified user. """
 | |
|     if SuperUserPermission().can():
 | |
|       user = model.get_user(username)
 | |
|       if not user or user.organization or user.robot:
 | |
|         abort(404)
 | |
| 
 | |
|       if username in app.config['SUPER_USERS']:
 | |
|           abort(403)
 | |
| 
 | |
|       model.delete_user(user)
 | |
|       return 'Deleted', 204
 | |
| 
 | |
|     abort(403)
 | |
| 
 | |
|   @nickname('changeInstallUser')
 | |
|   @validate_json_request('UpdateUser')
 | |
|   def put(self, username):
 | |
|     """ Updates information about the specified user. """
 | |
|     if SuperUserPermission().can():
 | |
|         user = model.get_user(username)
 | |
|         if not user or user.organization or user.robot:
 | |
|           abort(404)
 | |
| 
 | |
|         if username in app.config['SUPER_USERS']:
 | |
|           abort(403)
 | |
| 
 | |
|         user_data = request.get_json()
 | |
|         if 'password' in user_data:
 | |
|           model.change_password(user, user_data['password'])
 | |
| 
 | |
|         if 'email' in user_data:
 | |
|           model.update_email(user, user_data['email'])
 | |
|       
 | |
|         return user_view(user)
 | |
| 
 | |
|     abort(403)
 |