1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import time
20 import sys
21 from spacewalk.common.rhnLog import log_debug
22 from spacewalk.common.rhnException import rhnFault
23 from spacewalk.common.rhnTranslate import _
24 from spacewalk.common.rhnTB import add_to_seclist
25
26 from spacewalk.server import rhnSQL, rhnUser
27
28
30
32 self.org_id = None
33 self.user_id = None
34 self.groups = []
35
36 - def auth(self, login, password):
50
52 user_instance = rhnUser.session_reload(session_string)
53 try:
54 self.groups, self.org_id, self.user_id = getUserGroupsFromUserInstance(user_instance)
55 except rhnFault:
56 e = sys.exc_info()[1]
57 if e.code == 2:
58
59
60 time.sleep(2)
61 raise
62
63 log_debug(4, "Groups: %s; org_id: %s; user_id: %s" % (
64 self.groups, self.org_id, self.user_id))
65
67 if 'org_admin' in self.groups:
68 log_debug(4, "Is org admin")
69 return 1
70 log_debug(4, "Is NOT org admin")
71 return 0
72
74 if 'org_admin' in self.groups:
75 log_debug(4, "Is channel admin because isa org admin")
76 return 1
77 if 'channel_admin' in self.groups:
78 log_debug(4, "Is channel admin")
79 return 1
80 log_debug(4, "Is NOT channel admin")
81 return 0
82
84
85
86
87
88
89 if 'orgId' not in info:
90 info['orgId'] = self.org_id
91 log_debug(4, "info[orgId]", info['orgId'], "org id", self.org_id)
92
93 org_id = info['orgId']
94
95 if org_id == '':
96
97 raise rhnFault(4,
98 _("You are not authorized to manage packages in the null org"))
99
100 if org_id and self.org_id != org_id:
101
102 raise rhnFault(32,
103 _("You are not allowed to manage packages in the %s org") %
104 org_id)
105
106
107
108
109 if self.isOrgAdmin() or self.isChannelAdmin():
110 log_debug(4, "Org authorized (org_admin or channel_admin)")
111 return
112
113
114 if user_manages_channels(self.user_id):
115 log_debug(4, "Org authorized (user manages a channel)")
116 return
117
118
119
120 raise rhnFault(32,
121 _("You are not allowed to perform administrative tasks"))
122
124 log_debug(4, channels)
125 if not channels:
126 return
127
128
129
130
131 h = rhnSQL.prepare("""
132 select rhn_channel.user_role_check(id, :user_id, 'manage') manage
133 from rhnChannel
134 where label = :channel
135 """)
136
137 for channel in channels:
138 h.execute(channel=channel, user_id=self.user_id)
139
140 row = h.fetchone_dict()
141
142 if not row or not row['manage']:
143 raise rhnFault(32,
144 _("You are not allowed to manage channel %s, or that "
145 "channel does not exist") % channel)
146
147 log_debug(4, "User %s allowed to manage channel %s" %
148 (self.user_id, channel))
149
150 return None
151
152
153
154
156 log_debug(4, user_instance.getid())
157 user = user_instance
158
159 if not user:
160 log_debug("null user")
161 raise rhnFault(2)
162
163
164
165
166 org_id = user.contact['org_id']
167 user_id = user.getid()
168 h = rhnSQL.prepare("""
169 select ugt.label
170 from rhnUserGroupType ugt,
171 rhnUserGroup ug,
172 rhnUserGroupMembers ugm
173 where ugm.user_id = :user_id
174 and ugm.user_group_id = ug.id
175 and ug.group_type = ugt.id
176 """)
177 h.execute(user_id=user_id)
178 groups = []
179 while 1:
180 row = h.fetchone_dict()
181 if not row:
182 break
183 groups.append(row['label'])
184 return groups, org_id, user_id
185
186
204
205
207 h = rhnSQL.prepare("""
208 select distinct 1
209 from rhnChannel
210 where rhn_channel.user_role_check(id, :user_id, 'manage') = 1
211 """)
212
213 h.execute(user_id=user_id)
214 row = h.fetchone_dict()
215
216 return (row is not None)
217