diff --git a/server/src/uds/REST/handlers.py b/server/src/uds/REST/handlers.py index e8a9795b..612de13c 100644 --- a/server/src/uds/REST/handlers.py +++ b/server/src/uds/REST/handlers.py @@ -37,6 +37,8 @@ from __future__ import unicode_literals from django.contrib.sessions.backends.db import SessionStore from uds.core.util.Config import GlobalConfig +from uds.core.auths.auth import getRootUser +from uds.models import Authenticator import logging @@ -80,6 +82,13 @@ class ResponseError(HandlerError): pass +class NotSupportedError(HandlerError): + ''' + Some elements do not support some operations (as searching over an authenticator that does not supports it) + ''' + pass + + class Handler(object): ''' REST requests handler base class @@ -88,7 +97,7 @@ class Handler(object): name = None # If name is not used, name will be the class name in lower case path = None # Path for this method, so we can do /auth/login, /auth/logout, /auth/auths in a simple way authenticated = True # By default, all handlers needs authentication - needs_admin = False # By default, the methods will be accessible by anyone if nothine else indicated + needs_admin = False # By default, the methods will be accessible by anyone if nothing else indicated needs_staff = False # By default, staff # method names: 'get', 'post', 'put', 'patch', 'delete', 'head', 'options', 'trace' @@ -108,6 +117,7 @@ class Handler(object): self._kwargs = kwargs self._headers = {} self._authToken = None + self._user = None if self.authenticated: # Only retrieve auth related data on authenticated handlers try: self._authToken = self._request.META.get(AUTH_TOKEN_HEADER, '') @@ -127,6 +137,8 @@ class Handler(object): if self.needs_staff and not self.getValue('staff_member'): raise AccessDenied() + self._user = self.getUser() + def headers(self): ''' Returns the headers of the REST request (all) @@ -246,3 +258,17 @@ class Handler(object): True if user of this REST request is member of staff ''' return self.getValue('staff_member') and True or False + + def getUser(self): + ''' + If user is staff member, returns his Associated user on auth + ''' + logger.debug('REST : {}'.format(self._session)) + authId = self.getValue('auth') + username = self.getValue('username') + # Maybe it's root user?? + if (GlobalConfig.SUPER_USER_ALLOW_WEBACCESS.getBool(True) and + username == GlobalConfig.SUPER_USER_LOGIN.get(True) and + authId == -1): + return getRootUser() + return Authenticator.objects.get(pk=authId).users.get(name=username)