Completed
Pull Request — master (#2920)
by Anthony
03:59
created

UserDB.get_permission_assingments()   A

Complexity

Conditions 1

Size

Total Lines 3

Duplication

Lines 0
Ratio 0 %

Importance

Changes 0
Metric Value
cc 1
dl 0
loc 3
rs 10
c 0
b 0
f 0
1
# Licensed to the StackStorm, Inc ('StackStorm') under one or more
2
# contributor license agreements.  See the NOTICE file distributed with
3
# this work for additional information regarding copyright ownership.
4
# The ASF licenses this file to You under the Apache License, Version 2.0
5
# (the "License"); you may not use this file except in compliance with
6
# the License.  You may obtain a copy of the License at
7
#
8
#     http://www.apache.org/licenses/LICENSE-2.0
9
#
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License.
15
16
import copy
17
import mongoengine as me
18
19
from st2common.constants.secrets import MASKED_ATTRIBUTE_VALUE
20
from st2common.constants.types import ResourceType
21
from st2common.fields import ComplexDateTimeField
22
from st2common.models.db import stormbase
23
from st2common.services.rbac import get_roles_for_user
24
from st2common.util import date as date_utils
25
26
__all__ = [
27
    'UserDB',
28
    'TokenDB',
29
    'ApiKeyDB'
30
]
31
32
33
class UserDB(stormbase.StormFoundationDB):
34
    name = me.StringField(required=True, unique=True)
35
    is_service = me.BooleanField(required=True, default=False)
36
    nicknames = me.DictField(required=False,
37
                             help_text='"Nickname + origin" pairs for ChatOps auth')
38
39
    def get_roles(self):
40
        """
41
        Retrieve roles assigned to that user.
42
43
        :rtype: ``list`` of :class:`RoleDB`
44
        """
45
        result = get_roles_for_user(user_db=self)
46
        return result
47
48
    def get_permission_assignments(self):
49
        # TODO
50
        pass
51
52
53
class TokenDB(stormbase.StormFoundationDB):
54
    user = me.StringField(required=True)
55
    token = me.StringField(required=True, unique=True)
56
    expiry = me.DateTimeField(required=True)
57
    metadata = me.DictField(required=False,
58
                            help_text='Arbitrary metadata associated with this token')
59
60
61
class ApiKeyDB(stormbase.StormFoundationDB, stormbase.UIDFieldMixin):
0 ignored issues
show
Documentation introduced by
Empty class docstring
Loading history...
62
    """
63
    """
64
    RESOURCE_TYPE = ResourceType.API_KEY
65
    UID_FIELDS = ['key_hash']
66
67
    user = me.StringField(required=True)
68
    key_hash = me.StringField(required=True, unique=True)
69
    metadata = me.DictField(required=False,
70
                            help_text='Arbitrary metadata associated with this token')
71
    created_at = ComplexDateTimeField(default=date_utils.get_datetime_utc_now,
72
                                      help_text='The creation time of this ApiKey.')
73
    enabled = me.BooleanField(required=True, default=True,
74
                              help_text='A flag indicating whether the ApiKey is enabled.')
75
76
    meta = {
77
        'indexes': [
78
            {'fields': ['user']},
79
            {'fields': ['key_hash']}
80
        ]
81
    }
82
83
    def __init__(self, *args, **values):
84
        super(ApiKeyDB, self).__init__(*args, **values)
85
        self.uid = self.get_uid()
86
87
    def mask_secrets(self, value):
88
        result = copy.deepcopy(value)
89
90
        # In theory the key_hash is safe to return as it is one way. On the other
91
        # hand given that this is actually a secret no real point in letting the hash
92
        # escape. Since uid contains key_hash masking that as well.
93
        result['key_hash'] = MASKED_ATTRIBUTE_VALUE
94
        result['uid'] = MASKED_ATTRIBUTE_VALUE
95
        return result
96
97
98
MODELS = [UserDB, TokenDB, ApiKeyDB]
99