UserDB.get_permission_assignments() - Code Metrics - Inspection of "[WIP] Extend auth to secure chatops" - StackStorm/st2 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#2920)

by Anthony

created 2016-09-23 05:43 UTC

UserDB.get_permission_assignments() A

↳ Parent: UserDB

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	1

Metric	Value
cc	1
c	1
b	0
f	1
dl	0
loc	3
rs	10

# Licensed to the StackStorm, Inc ('StackStorm') under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import copy
import mongoengine as me

from st2common.constants.secrets import MASKED_ATTRIBUTE_VALUE
from st2common.constants.types import ResourceType
from st2common.fields import ComplexDateTimeField
from st2common.models.db import stormbase
from st2common.services.rbac import get_roles_for_user
from st2common.util import date as date_utils

__all__ = [
    'UserDB',
    'TokenDB',
    'ApiKeyDB'
]


class UserDB(stormbase.StormFoundationDB):
    name = me.StringField(required=True, unique=True)
    is_service = me.BooleanField(required=True, default=False)
    chatops_id = me.StringField(required=False, unique=True)

    def get_roles(self):
        """
        Retrieve roles assigned to that user.

        :rtype: ``list`` of :class:`RoleDB`
        """
        result = get_roles_for_user(user_db=self)
        return result

    def get_permission_assignments(self):
        # TODO
        pass


class TokenDB(stormbase.StormFoundationDB):
    user = me.StringField(required=True)
    token = me.StringField(required=True, unique=True)
    expiry = me.DateTimeField(required=True)
    metadata = me.DictField(required=False,
                            help_text='Arbitrary metadata associated with this token')


class ApiKeyDB(stormbase.StormFoundationDB, stormbase.UIDFieldMixin):

    """
    """
    RESOURCE_TYPE = ResourceType.API_KEY
    UID_FIELDS = ['key_hash']

    user = me.StringField(required=True)
    key_hash = me.StringField(required=True, unique=True)
    metadata = me.DictField(required=False,
                            help_text='Arbitrary metadata associated with this token')
    created_at = ComplexDateTimeField(default=date_utils.get_datetime_utc_now,
                                      help_text='The creation time of this ApiKey.')
    enabled = me.BooleanField(required=True, default=True,
                              help_text='A flag indicating whether the ApiKey is enabled.')

    meta = {
        'indexes': [
            {'fields': ['user']},
            {'fields': ['key_hash']}
        ]
    }

    def __init__(self, *args, **values):
        super(ApiKeyDB, self).__init__(*args, **values)
        self.uid = self.get_uid()

    def mask_secrets(self, value):
        result = copy.deepcopy(value)

        # In theory the key_hash is safe to return as it is one way. On the other
        # hand given that this is actually a secret no real point in letting the hash
        # escape. Since uid contains key_hash masking that as well.
        result['key_hash'] = MASKED_ATTRIBUTE_VALUE
        result['uid'] = MASKED_ATTRIBUTE_VALUE
        return result


MODELS = [UserDB, TokenDB, ApiKeyDB]


1			# Licensed to the StackStorm, Inc ('StackStorm') under one or more
2			# contributor license agreements. See the NOTICE file distributed with
3			# this work for additional information regarding copyright ownership.
4			# The ASF licenses this file to You under the Apache License, Version 2.0
5			# (the "License"); you may not use this file except in compliance with
6			# the License. You may obtain a copy of the License at
7			#
8			# http://www.apache.org/licenses/LICENSE-2.0
9			#
10			# Unless required by applicable law or agreed to in writing, software
11			# distributed under the License is distributed on an "AS IS" BASIS,
12			# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13			# See the License for the specific language governing permissions and
14			# limitations under the License.
15
16			import copy
17			import mongoengine as me
18
19			from st2common.constants.secrets import MASKED_ATTRIBUTE_VALUE
20			from st2common.constants.types import ResourceType
21			from st2common.fields import ComplexDateTimeField
22			from st2common.models.db import stormbase
23			from st2common.services.rbac import get_roles_for_user
24			from st2common.util import date as date_utils
25
26			__all__ = [
27			'UserDB',
28			'TokenDB',
29			'ApiKeyDB'
30			]
31
32
33			class UserDB(stormbase.StormFoundationDB):
34			name = me.StringField(required=True, unique=True)
35			is_service = me.BooleanField(required=True, default=False)
36			chatops_id = me.StringField(required=False, unique=True)
37
38			def get_roles(self):
39			"""
40			Retrieve roles assigned to that user.
41
42			:rtype: ``list`` of :class:`RoleDB`
43			"""
44			result = get_roles_for_user(user_db=self)
45			return result
46
47			def get_permission_assignments(self):
48			# TODO
49			pass
50
51
52			class TokenDB(stormbase.StormFoundationDB):
53			user = me.StringField(required=True)
54			token = me.StringField(required=True, unique=True)
55			expiry = me.DateTimeField(required=True)
56			metadata = me.DictField(required=False,
57			help_text='Arbitrary metadata associated with this token')
58
59
60			class ApiKeyDB(stormbase.StormFoundationDB, stormbase.UIDFieldMixin):
			0 ignored issues – show Documentation introduced 2015-11-20 23:04 UTC by Report Bug Copy Issue Report Empty class docstring Loading history...
61			"""
62			"""
63			RESOURCE_TYPE = ResourceType.API_KEY
64			UID_FIELDS = ['key_hash']
65
66			user = me.StringField(required=True)
67			key_hash = me.StringField(required=True, unique=True)
68			metadata = me.DictField(required=False,
69			help_text='Arbitrary metadata associated with this token')
70			created_at = ComplexDateTimeField(default=date_utils.get_datetime_utc_now,
71			help_text='The creation time of this ApiKey.')
72			enabled = me.BooleanField(required=True, default=True,
73			help_text='A flag indicating whether the ApiKey is enabled.')
74
75			meta = {
76			'indexes': [
77			{'fields': ['user']},
78			{'fields': ['key_hash']}
79			]
80			}
81
82			def __init__(self, args, *values):
83			super(ApiKeyDB, self).__init__(args, *values)
84			self.uid = self.get_uid()
85
86			def mask_secrets(self, value):
87			result = copy.deepcopy(value)
88
89			# In theory the key_hash is safe to return as it is one way. On the other
90			# hand given that this is actually a secret no real point in letting the hash
91			# escape. Since uid contains key_hash masking that as well.
92			result['key_hash'] = MASKED_ATTRIBUTE_VALUE
93			result['uid'] = MASKED_ATTRIBUTE_VALUE
94			return result
95
96
97			MODELS = [UserDB, TokenDB, ApiKeyDB]
98

StackStorm / st2

Pull Request — master (#2920)

UserDB.get_permission_assignments() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like