diff options
| author |  RaNaN <Mast3rRaNaN@hotmail.de>
| 2012-08-13 17:40:10 +0200 |
|---|---|---|
| committer | RaNaN <Mast3rRaNaN@hotmail.de>
| 2012-08-13 17:40:10 +0200 |
| commit | 941e3021000e59020f66419cc2156aee30972121 (patch) | |
| tree | 49332fb148dd50c0ee78e4c20336c2848921bc1a /module/Api.py | |
| parent | merge (diff) | |
| download | pyload-941e3021000e59020f66419cc2156aee30972121.tar.xz | |
working login
Diffstat (limited to 'module/Api.py')
| -rw-r--r-- | module/Api.py | 63 |
1 files changed, 32 insertions, 31 deletions
diff --git a/module/Api.py b/module/Api.py index 388dfd283..26a6c757f 100644 --- a/module/Api.py +++ b/module/Api.py @@ -37,7 +37,7 @@ if activated: else: from remote.socketbackend.ttypes import * -from datatypes import PyFile +from datatypes.PyFile import PyFile from utils import compare_time, to_string, bits_set, get_index from utils.fs import free_space from common.packagetools import parseNames @@ -103,21 +103,26 @@ urlmatcher = re.compile(r"((https?|ftps?|xdcc|sftp):((//)|(\\\\))+[\w\d:#@%/;$() def has_permission(userPermission, Permission): return bits_set(Permission, userPermission) +from datatypes.User import User class UserApi(object): """ Proxy object for api that provides all methods in user context """ def __init__(self, api, user): self.api = api - self.user = user + self._user = user def __getattr__(self, item): f = self.api.__getattribute__(item) if f.func_name in user_context: - return partial(f, user=self.user) + return partial(f, user=self._user) return f + @property + def user(self): + return self._user + # TODO: fix permissions, user context manager class Api(Iface): @@ -138,31 +143,31 @@ class Api(Iface): def __init__(self, core): self.core = core + self.user_apis = {} - self.t = self.withUserContext("TestUser") - - print self.t.getServerVersion() - - # TODO, create user instance - def withUserContext(self, user): + def withUserContext(self, uid): """ Returns a proxy version of the api, to call method in user context - :param user: user id + :param uid: user or userData instance or uid :return: :class:`UserApi` """ - return UserApi(self, user) + if uid not in self.user_apis: + user = self.core.db.getUserData(uid=uid) + if not user: #TODO: anonymous user? + return None + + self.user_apis[uid] = UserApi(self, User.fromUserData(self, user)) + return self.user_apis[uid] ########################## # Server Status ########################## - @UserContext #TODO: only for testing @RequirePerm(Permission.All) def getServerVersion(self): """pyLoad Core version """ - print user return self.core.version @RequirePerm(Permission.Status) @@ -873,7 +878,7 @@ class Api(Iface): @RequirePerm(Permission.Status) def getEvents(self, uuid): - """Lists occured events, may be affected to changes in future. + """Lists occurred events, may be affected to changes in future. :param uuid: self assigned string uuid which has to be unique :return: list of `Events` @@ -925,6 +930,8 @@ class Api(Iface): # Auth+User Information ############################# + # TODO + @RequirePerm(Permission.All) def login(self, username, password, remoteip=None): """Login into pyLoad, this **must** be called when using rpc before any methods can be used. @@ -946,48 +953,42 @@ class Api(Iface): """ if self.core.config["remote"]["nolocalauth"] and remoteip == "127.0.0.1": return "local" - if self.core.startedInGui and remoteip == "127.0.0.1": - return "local" self.core.log.info(_("User '%s' tried to log in") % username) return self.core.db.checkAuth(username, password) - def isAuthorized(self, func, userdata): + def isAuthorized(self, func, user): """checks if the user is authorized for specific method :param func: function name - :param userdata: dictionary of user data + :param user: `User` :return: boolean """ - if userdata == "local" or userdata["role"] == ROLE.ADMIN: + if user.isAdmin(): return True - elif func in perm_map and has_permission(userdata["permission"], perm_map[func]): + elif func in perm_map and user.hasPermission(perm_map[func]): return True else: return False - + # TODO @RequirePerm(Permission.All) def getUserData(self, username, password): """similar to `checkAuth` but returns UserData thrift type """ user = self.checkAuth(username, password) - if user: - return UserData(user["name"], user["email"], user["role"], user["permission"], user["template"]) + if not user: + raise UserDoesNotExists(username) - raise UserDoesNotExists(username) + return user.toUserData() def getAllUserData(self): """returns all known user and info""" - res = {} - for user, data in self.core.db.getAllUserData().iteritems(): - res[user] = UserData(user, data["email"], data["role"], data["permission"], data["template"]) - - return res + return self.core.db.getAllUserData() - def changePassword(self, user, oldpw, newpw): + def changePassword(self, username, oldpw, newpw): """ changes password for specific user """ - return self.core.db.changePassword(user, oldpw, newpw) + return self.core.db.changePassword(username, oldpw, newpw) def setUserPermission(self, user, permission, role): self.core.db.setPermission(user, permission) |