Completed
Pull Request — master (#2920)
by Anthony
05:32
created

UserDB.get_permission_assignments()   A

Complexity

Conditions 1

Size

Total Lines 3

Duplication

Lines 0
Ratio 0 %

Importance

Changes 1
Bugs 0 Features 1
Metric Value
cc 1
c 1
b 0
f 1
dl 0
loc 3
rs 10
1
# Licensed to the StackStorm, Inc ('StackStorm') under one or more
2
# contributor license agreements.  See the NOTICE file distributed with
3
# this work for additional information regarding copyright ownership.
4
# The ASF licenses this file to You under the Apache License, Version 2.0
5
# (the "License"); you may not use this file except in compliance with
6
# the License.  You may obtain a copy of the License at
7
#
8
#     http://www.apache.org/licenses/LICENSE-2.0
9
#
10
# Unless required by applicable law or agreed to in writing, software
11
# distributed under the License is distributed on an "AS IS" BASIS,
12
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
# See the License for the specific language governing permissions and
14
# limitations under the License.
15
16
import copy
17
import mongoengine as me
18
19
from st2common.constants.secrets import MASKED_ATTRIBUTE_VALUE
20
from st2common.constants.types import ResourceType
21
from st2common.fields import ComplexDateTimeField
22
from st2common.models.db import stormbase
23
from st2common.services.rbac import get_roles_for_user
24
from st2common.util import date as date_utils
25
26
__all__ = [
27
    'UserDB',
28
    'TokenDB',
29
    'ApiKeyDB'
30
]
31
32
33
class UserDB(stormbase.StormFoundationDB):
34
    name = me.StringField(required=True, unique=True)
35
    is_service = me.BooleanField(required=True, default=False)
36
    chatops_id = me.StringField(required=False, unique=True)
37
38
    def get_roles(self):
39
        """
40
        Retrieve roles assigned to that user.
41
42
        :rtype: ``list`` of :class:`RoleDB`
43
        """
44
        result = get_roles_for_user(user_db=self)
45
        return result
46
47
    def get_permission_assignments(self):
48
        # TODO
49
        pass
50
51
52
class TokenDB(stormbase.StormFoundationDB):
53
    user = me.StringField(required=True)
54
    token = me.StringField(required=True, unique=True)
55
    expiry = me.DateTimeField(required=True)
56
    metadata = me.DictField(required=False,
57
                            help_text='Arbitrary metadata associated with this token')
58
59
60
class ApiKeyDB(stormbase.StormFoundationDB, stormbase.UIDFieldMixin):
0 ignored issues
show
Documentation introduced by
Empty class docstring
Loading history...
61
    """
62
    """
63
    RESOURCE_TYPE = ResourceType.API_KEY
64
    UID_FIELDS = ['key_hash']
65
66
    user = me.StringField(required=True)
67
    key_hash = me.StringField(required=True, unique=True)
68
    metadata = me.DictField(required=False,
69
                            help_text='Arbitrary metadata associated with this token')
70
    created_at = ComplexDateTimeField(default=date_utils.get_datetime_utc_now,
71
                                      help_text='The creation time of this ApiKey.')
72
    enabled = me.BooleanField(required=True, default=True,
73
                              help_text='A flag indicating whether the ApiKey is enabled.')
74
75
    meta = {
76
        'indexes': [
77
            {'fields': ['user']},
78
            {'fields': ['key_hash']}
79
        ]
80
    }
81
82
    def __init__(self, *args, **values):
83
        super(ApiKeyDB, self).__init__(*args, **values)
84
        self.uid = self.get_uid()
85
86
    def mask_secrets(self, value):
87
        result = copy.deepcopy(value)
88
89
        # In theory the key_hash is safe to return as it is one way. On the other
90
        # hand given that this is actually a secret no real point in letting the hash
91
        # escape. Since uid contains key_hash masking that as well.
92
        result['key_hash'] = MASKED_ATTRIBUTE_VALUE
93
        result['uid'] = MASKED_ATTRIBUTE_VALUE
94
        return result
95
96
97
MODELS = [UserDB, TokenDB, ApiKeyDB]
98