/[shmookey]/portconf/pyaaa/pyaaa.py


UCC Code Repository

Diff of /portconf/pyaaa/pyaaa.py

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 119 by shmookey, Wed Jun 4 14:15:39 2008 UTC revision 120 by shmookey, Thu Jun 5 07:30:56 2008 UTC
# Line 53  class SafeBase: Line 53  class SafeBase:
53                  self._groups = []                  self._groups = []
54                  self._uid = -1                  self._uid = -1
55                  self._recordCache = []                  self._recordCache = []
56                    self._admin = False
57    
58          def __GetDatabaseCursor (self):          def __GetDatabaseCursor (self):
59                  if self._db == None:                  if self._db == None:
# Line 63  class SafeBase: Line 64  class SafeBase:
64          def _Login (self, username, password):          def _Login (self, username, password):
65                  if not auth.Authenticate (username, password): raise InvalidLogin ()                  if not auth.Authenticate (username, password): raise InvalidLogin ()
66                  cur = self.__GetDatabaseCursor ()                  cur = self.__GetDatabaseCursor ()
67                  query = "SELECT * FROM %s_users WHERE name = '%s'" % (dbPref, username)                  query = "SELECT admin FROM %s_users WHERE name = '%s'" % (dbPref, username)
68                  cur.execute (query)                  try:
69                            cur.execute (query)
70                    except pgdb.DatabaseError, details:
71                            Log.Message ("User %s triggered a database error in _Login (authenticated). Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
72                            raise DatabaseError ()
73                  if cur.rowcount == 0:                  if cur.rowcount == 0:
74                          Log.Message ("User %s does not exist." % username, "pyaaa.py", "ERROR")                          Log.Message ("User %s does not exist." % username, "pyaaa.py", "ERROR")
75                          raise InvalidLogin ()                          raise InvalidLogin ()
76                    result = cur.fetchone ()
77                    self._admin = result[0]
78                  self._username = username                  self._username = username
79                  self._sessionid = str(uuid.uuid4 ())                  self._sessionid = str(uuid.uuid4 ())
80                  expiry = time.time () + 3600 # an hour                  expiry = time.time () + 3600 # an hour
81                  query = "INSERT INTO %s_sessions (username, sid, expiry) VALUES ('%s', '%s', %d)" % (dbPref, username, self._sessionid, expiry)                  query = "INSERT INTO %s_sessions (username, sid, expiry) VALUES ('%s', '%s', %d)" % (dbPref, username, self._sessionid, expiry)
82                  cur.execute (query)                  try:
83                            cur.execute (query)
84                    except pgdb.DatabaseError, details:
85                            Log.Message ("User %s triggered a database error in _Login (authenticated). Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
86                            raise DatabaseError ()
87                  self._db.commit ()                  self._db.commit ()
88                  Log.Message ("User %s logs in." % username, "pyaaa.py", "INFO")                  Log.Message ("User %s logs in." % username, "pyaaa.py", "INFO")
89                  return self._sessionid                  return self._sessionid
# Line 80  class SafeBase: Line 91  class SafeBase:
91          def _Logout (self):          def _Logout (self):
92                  cur = self.__GetDatabaseCursor ()                  cur = self.__GetDatabaseCursor ()
93                  query = "DELETE FROM %s_sessions WHERE sid = '%s'" % (dbPref, self._sessionid)                  query = "DELETE FROM %s_sessions WHERE sid = '%s'" % (dbPref, self._sessionid)
94                  cur.execute (query)                  try:
95                            cur.execute (query)
96                    except pgdb.DatabaseError, details:
97                            Log.Message ("User %s triggered a database error in _Logout. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
98                            raise DatabaseError ()
99                  self._db.commit ()                  self._db.commit ()
100                  self.username = ""                  self.username = ""
101                  self.sessionid = ""                  self.sessionid = ""
# Line 89  class SafeBase: Line 104  class SafeBase:
104          def _Resume (self, session):          def _Resume (self, session):
105                  cur = self.__GetDatabaseCursor ()                  cur = self.__GetDatabaseCursor ()
106                  query = "SELECT id, username, expiry FROM %s_sessions WHERE sid = '%s'" % (dbPref, session)                  query = "SELECT id, username, expiry FROM %s_sessions WHERE sid = '%s'" % (dbPref, session)
107                  cur.execute (query)                  try:
108                            cur.execute (query)
109                    except pgdb.DatabaseError, details:
110                            Log.Message ("User %s triggered a database error in _Resume. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
111                            raise DatabaseError ()
112                  if cur.rowcount == 0:                  if cur.rowcount == 0:
113                          Log.Message ("Session %s is invalid." % session, "pyaaa.py", "ERROR")                          Log.Message ("Session %s is invalid." % session, "pyaaa.py", "ERROR")
114                          raise InvalidSession ()                          raise InvalidSession ()
# Line 105  class SafeBase: Line 124  class SafeBase:
124                                  cur.execute (upquery)                                  cur.execute (upquery)
125                                  self._db.commit ()                                  self._db.commit ()
126                                  self._username = result[1]                                  self._username = result[1]
127                                    adminquery = "SELECT admin FROM %s_users WHERE name = '%s'" % (dbPref, result[1])
128                                    cur.execute (adminquery)
129                                    adresult = cur.fetchone ()
130                                    self._admin = adresult [0]
131                                  self._sessionid = session                                  self._sessionid = session
132                                  return self._username                                  return self._username
133                  Log.Message ("Session %s has expired." % session, "pyaaa.py", "ERROR")                  Log.Message ("Session %s has expired." % session, "pyaaa.py", "ERROR")
# Line 114  class SafeBase: Line 137  class SafeBase:
137                  if self._uid == -1:                  if self._uid == -1:
138                          cur = self.__GetDatabaseCursor ()                          cur = self.__GetDatabaseCursor ()
139                          query = "SELECT id FROM %s_users WHERE name = '%s'" % (dbPref, self._username)                          query = "SELECT id FROM %s_users WHERE name = '%s'" % (dbPref, self._username)
140                          cur.execute (query)                          try:
141                                    cur.execute (query)
142                            except pgdb.DatabaseError, details:
143                                    Log.Message ("User %s triggered a database error in GetUID. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
144                                    raise DatabaseError ()
145                          if cur.rowcount == 0:                          if cur.rowcount == 0:
146                                  Log.Message ("No matching UID for user %s" % self._username, "pyaaa.py", "ERROR")                                  Log.Message ("No matching UID for user %s" % self._username, "pyaaa.py", "ERROR")
147                                  raise InconsistentDatabase ()                                  raise InconsistentDatabase ()
# Line 127  class SafeBase: Line 154  class SafeBase:
154                  if self._groups == []:                  if self._groups == []:
155                          cur = self.__GetDatabaseCursor ()                          cur = self.__GetDatabaseCursor ()
156                          query = "SELECT gid FROM %s_memberships WHERE uid = %d" % (dbPref, self._GetUID ())                          query = "SELECT gid FROM %s_memberships WHERE uid = %d" % (dbPref, self._GetUID ())
157                          cur.execute (query)                          try:
158                                    cur.execute (query)
159                            except pgdb.DatabaseError, details:
160                                    Log.Message ("User %s triggered a database error in GetGroups. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
161                                    raise DatabaseError ()
162                          results = cur.fetchall ()                          results = cur.fetchall ()
163                          self._groups = [i[0] for i in results]                          self._groups = [i[0] for i in results]
164    
# Line 149  class SafeBase: Line 180  class SafeBase:
180                                  gid = %d AND                                  gid = %d AND
181                                  isUser = 't'                                  isUser = 't'
182                                  ORDER BY classid DESC, recordid DESC, fieldid DESC""" % (dbPref, tableName, fieldName, recordID, self._GetUID () )                                  ORDER BY classid DESC, recordid DESC, fieldid DESC""" % (dbPref, tableName, fieldName, recordID, self._GetUID () )
183                  cur.execute (query)                  try:
184                            cur.execute (query)
185                    except pgdb.DatabaseError, details:
186                            Log.Message ("User %s triggered a database error in IsFieldAllowed. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
187                            raise DatabaseError ()
188                  results = cur.fetchall ()                  results = cur.fetchall ()
189                  #except: raise DatabaseNotInitialised ()                  #except: raise DatabaseNotInitialised ()
190                  for rule in results:                  for rule in results:
# Line 167  class SafeBase: Line 202  class SafeBase:
202                                  (%s) AND                                  (%s) AND
203                                  isUser = 'f'                                  isUser = 'f'
204                                  ORDER BY classid DESC, recordid DESC, fieldid DESC""" % (dbPref, tableName, fieldName, recordID, groupCheck )                                  ORDER BY classid DESC, recordid DESC, fieldid DESC""" % (dbPref, tableName, fieldName, recordID, groupCheck )
205                  cur.execute (query)                  try:
206                            cur.execute (query)
207                    except pgdb.DatabaseError, details:
208                            Log.Message ("User %s triggered a database error in IsFieldAllowed. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
209                            raise DatabaseError ()
210                  results = cur.fetchall ()                  results = cur.fetchall ()
211                  # We can't use the normal 'for' iterator here because if we find a DENY rule we need to keep looking at the same level of specificness to see if there's an ALLOW to override it.                  # We can't use the normal 'for' iterator here because if we find a DENY rule we need to keep looking at the same level of specificness to see if there's an ALLOW to override it.
212                  # Therefore: iterate through results, if we find one that says ALLOW then allow it, if we find anything else then keep looking at the same degree of specificness with different groups                  # Therefore: iterate through results, if we find one that says ALLOW then allow it, if we find anything else then keep looking at the same degree of specificness with different groups
# Line 193  class SafeBase: Line 232  class SafeBase:
232                  # First get the ID                  # First get the ID
233                  # Might as well get all the data in one query:                  # Might as well get all the data in one query:
234                  query = "SELECT id, " + ", ".join(fieldsToRetrieve) + " FROM " + dbPref + "_" + className + " WHERE name = '" + instanceName + "'"                  query = "SELECT id, " + ", ".join(fieldsToRetrieve) + " FROM " + dbPref + "_" + className + " WHERE name = '" + instanceName + "'"
235                  #try:                  try:
236                  cur.execute (query)                          cur.execute (query)
237                  #except: raise UnrecognisedClass ()                  except pgdb.DatabaseError, details:
238                            Log.Message ("User %s triggered a database error in GetInfo. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
239                            raise DatabaseError ()
240                  if cur.rowcount == 0:                  if cur.rowcount == 0:
241                           raise UnrecognisedInstance ()                           raise UnrecognisedInstance ()
242                  results = cur.fetchone ()                  results = cur.fetchone ()
# Line 218  class SafeBase: Line 259  class SafeBase:
259                  records = []                  records = []
260                  cur = self.__GetDatabaseCursor ()                  cur = self.__GetDatabaseCursor ()
261                  query = "SELECT recordid FROM %s_permissions WHERE classid = '%s' AND gid = %d AND isUser = 't' AND action = 'ALLOW'" % (dbPref, classType, self._GetUID ())                  query = "SELECT recordid FROM %s_permissions WHERE classid = '%s' AND gid = %d AND isUser = 't' AND action = 'ALLOW'" % (dbPref, classType, self._GetUID ())
262                  cur.execute (query)                  try:
263                            cur.execute (query)
264                    except pgdb.DatabaseError, details:
265                            Log.Message ("User %s triggered a database error in GetRecords. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
266                            raise DatabaseError ()
267                  results = cur.fetchall ()                  results = cur.fetchall ()
268                  records += [ int(r[0]) for r in results ]                  records += [ int(r[0]) for r in results ]
269                  groupCheck = ""                  groupCheck = ""
270                  for group in self._GetGroups (): groupCheck += "gid = " + str(group) + " OR "                  for group in self._GetGroups (): groupCheck += "gid = " + str(group) + " OR "
271                  groupCheck = groupCheck [:-3]                  groupCheck = groupCheck [:-3]
272                  query = "SELECT recordid FROM %s_permissions WHERE classid = '%s' AND (%s) AND isUser = 'f' AND action = 'ALLOW'" % (dbPref, classType, groupCheck)                  query = "SELECT recordid FROM %s_permissions WHERE classid = '%s' AND (%s) AND isUser = 'f' AND action = 'ALLOW'" % (dbPref, classType, groupCheck)
273                  cur.execute (query)                  try:
274                            cur.execute (query)
275                    except pgdb.DatabaseError, details:
276                            Log.Message ("User %s triggered a database error in GetRecords. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
277                            raise DatabaseError ()
278                  results = cur.fetchall ()                  results = cur.fetchall ()
279                  records += [ int(r[0]) for r in results ]                  records += [ int(r[0]) for r in results ]
280    
# Line 243  class SafeBase: Line 292  class SafeBase:
292                                    
293                  cur = self.__GetDatabaseCursor ()                  cur = self.__GetDatabaseCursor ()
294                  query = "SELECT * FROM %s_%s" % (dbPref, classType)                  query = "SELECT * FROM %s_%s" % (dbPref, classType)
295                  cur.execute (query)                  try:
296                            cur.execute (query)
297                    except pgdb.DatabaseError, details:
298                            Log.Message ("User %s triggered a database error in GetRecordSummary. Details: %s" % (self._username, details), "pyaaa.py", "ERROR")
299                            raise DatabaseError ()
300                  return cur.fetchall ()                  return cur.fetchall ()
301    
302  class SafeObject (SafeBase):  class SafeObject (SafeBase):

Legend:
Removed from v.119  
changed lines
  Added in v.120

Managed by UCC Webmasters ViewVC Help
Powered by ViewVC 1.1.26