本文整理汇总了Python中grouper.models.audit_log.AuditLog类的典型用法代码示例。如果您正苦于以下问题:Python AuditLog类的具体用法?Python AuditLog怎么用?Python AuditLog使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了AuditLog类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: edit_member
def edit_member(self, requester, user_or_group, reason, **kwargs):
""" Edit an existing member (User or Group) of a group.
This takes the same parameters as add_member, except that we do not allow you to set
a status: this only works on existing members.
Any option that is not passed is not updated, and instead, the existing value for this
user is kept.
"""
logging.debug(
"Editing member (%s) in %s", user_or_group.name, self.groupname
)
persist_group_member_changes(
session=self.session,
group=self,
requester=requester,
member=user_or_group,
status="actioned",
reason=reason,
**kwargs
)
member_type = user_or_group.member_type
message = "Edit member {} {}: {}".format(
OBJ_TYPES_IDX[member_type].lower(), user_or_group.name, reason)
AuditLog.log(self.session, requester.id, 'edit_member',
message, on_group_id=self.id)示例2: post
def post(self):
form = TagCreateForm(self.request.arguments)
if not form.validate():
return self.render(
"tag-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
tag = PublicKeyTag(
name=form.data["tagname"],
description=form.data["description"],
)
try:
tag.add(self.session)
self.session.flush()
except IntegrityError:
self.session.rollback()
form.tagname.errors.append(
"{} already exists".format(form.data["tagname"])
)
return self.render(
"tag-create.html", form=form,
alerts=self.get_form_alerts(form.errors)
)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'create_tag',
'Created new tag.', on_tag_id=tag.id)
return self.redirect("/tags/{}?refresh=yes".format(tag.name))示例3: test_group_logdump
def test_group_logdump(make_session, session, users, groups, tmpdir):
make_session.return_value = session
groupname = 'team-sre'
group_id = groups[groupname].id
yesterday = date.today() - timedelta(days=1)
fn = tmpdir.join('out.csv').strpath
call_main('group', 'log_dump', groupname, yesterday.isoformat(), '--outfile', fn)
with open(fn, 'r') as fh:
out = fh.read()
assert not out, 'nothing yet'
AuditLog.log(session, users['[email protected]'].id, 'make_noise', 'making some noise',
on_group_id=group_id)
session.commit()
call_main('group', 'log_dump', groupname, yesterday.isoformat(), '--outfile', fn)
with open(fn, 'r') as fh:
entries = [x for x in csv.reader(fh)]
assert len(entries) == 1, 'should capture our new audit log entry'
log_time, actor, description, action, extra = entries[0]
assert groupname in extra示例4: post
def post(self, *args, **kwargs):
# type: (*Any, **Any) -> None
user_id = kwargs.get("user_id") # type: Optional[int]
name = kwargs.get("name") # type: Optional[str]
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
form = UserGitHubForm(self.request.arguments)
if not form.validate():
return self.render(
"user-github.html", form=form, user=user, alerts=self.get_form_alerts(form.errors)
)
new_username = form.data["username"]
if new_username == "":
new_username = None
set_user_metadata(self.session, user.id, USER_METADATA_GITHUB_USERNAME_KEY, new_username)
AuditLog.log(
self.session,
self.current_user.id,
"changed_github_username",
"Changed GitHub username: {}".format(form.data["username"]),
on_user_id=user.id,
)
return self.redirect("/users/{}?refresh=yes".format(user.name))示例5: post
def post(self, *args, **kwargs):
# type: (*Any, **Any) -> None
user_id = kwargs.get("user_id") # type: Optional[int]
name = kwargs.get("name") # type: Optional[str]
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
form = UserShellForm(self.request.arguments)
form.shell.choices = settings().shell
if not form.validate():
return self.render(
"user-shell.html", form=form, user=user, alerts=self.get_form_alerts(form.errors)
)
set_user_metadata(self.session, user.id, USER_METADATA_SHELL_KEY, form.data["shell"])
AuditLog.log(
self.session,
self.current_user.id,
"changed_shell",
"Changed shell: {}".format(form.data["shell"]),
on_user_id=user.id,
)
return self.redirect("/users/{}?refresh=yes".format(user.name))示例6: post
def post(self, user_id=None, name=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
form = UserPasswordForm(self.request.arguments)
if not form.validate():
return self.render("user-password-add.html", form=form, user=user, alerts=self.get_form_alerts(form.errors))
pass_name = form.data["name"]
password = form.data["password"]
try:
add_new_user_password(self.session, pass_name, password, user.id)
except PasswordAlreadyExists:
self.session.rollback()
form.name.errors.append("Name already in use.")
return self.render("user-password-add.html", form=form, user=user, alerts=self.get_form_alerts(form.errors))
AuditLog.log(
self.session,
self.current_user.id,
"add_password",
"Added password: {}".format(pass_name),
on_user_id=user.id,
)
email_context = {"actioner": self.current_user.name, "changed_user": user.name, "pass_name": pass_name}
send_email(self.session, [user.name], "User password created", "user_password_created", settings, email_context)
return self.redirect("/users/{}?refresh=yes".format(user.name))示例7: disable_permission_auditing
def disable_permission_auditing(session, permission_name, actor_user_id):
"""Set a permission as audited.
Args:
session(models.base.session.Session): database session
permission_name(str): name of permission in question
actor_user_id(int): id of user who is disabling auditing
"""
permission = get_permission(session, permission_name)
if not permission:
raise NoSuchPermission(name=permission_name)
permission.audited = False
AuditLog.log(
session,
actor_user_id,
"disable_auditing",
"Disabled auditing.",
on_permission_id=permission.id,
)
Counter.incr(session, "updates")
session.commit()示例8: post
def post(self, user_id=None, name=None, key_id=None, tag_id=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
try:
key = get_public_key(self.session, user.id, key_id)
except KeyNotFound:
return self.notfound()
tag = PublicKeyTag.get(self.session, id=tag_id)
if not tag:
return self.notfound()
try:
remove_tag_from_public_key(self.session, key, tag)
except TagNotOnKey:
return self.redirect("/users/{}?refresh=yes".format(user.name))
AuditLog.log(self.session, self.current_user.id, 'untag_public_key',
'Untagged public key: {}'.format(key.fingerprint),
on_tag_id=tag.id, on_user_id=user.id)
return self.redirect("/users/{}?refresh=yes".format(user.name))示例9: post
def post(self, group_id=None, name=None):
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
members = group.my_members()
if not user_role(self.current_user, members) in ("owner", "np-owner"):
return self.forbidden()
# Enabling and disabling service accounts via the group endpoints is forbidden
# because we need the preserve_membership data that is only available via the
# UserEnable form.
if is_role_user(self.session, group=group):
return self.forbidden()
group.disable()
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'disable_group',
'Disabled group.', on_group_id=group.id)
if group.audit:
# complete the audit
group.audit.complete = True
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'complete_audit',
'Disabling group completes group audit.', on_group_id=group.id)
return self.redirect("/groups/{}?refresh=yes".format(group.name))示例10: notify_nonauditor_promoted
def notify_nonauditor_promoted(settings, session, user, auditors_group, group_names):
# type: (Settings, Session, User, Group, Set[str]) -> None
"""Send notification that a nonauditor has been promoted to be an auditor.
Handles email notification and audit logging.
Args:
settings: Grouper Settings object for current run.
session: Object for db session.
user: The user that has been promoted.
auditors_group: The auditors group
group_names: The audited groups in which the user was previously a non-auditor approver.
"""
member_name = user.username
recipients = [member_name]
auditors_group_name = auditors_group.groupname
audit_data = {
"action": "nonauditor_promoted",
"actor_id": user.id,
"description": "Added {} to group {}".format(member_name, auditors_group_name),
}
AuditLog.log(session, on_user_id=user.id, on_group_id=auditors_group.id, **audit_data)
email_context = {"auditors_group_name": auditors_group_name, "member_name": member_name}
send_email(
session=session,
recipients=recipients,
subject='Added as member to group "{}"'.format(auditors_group_name),
template="nonauditor_promoted",
settings=settings,
context=email_context,
)示例11: post
def post(self, user_id=None, name=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
try:
if user.role_user:
disable_role_user(self.session, user=user)
else:
disable_user(self.session, user)
except PluginRejectedDisablingUser as e:
alert = Alert("danger", str(e))
return self.redirect("/users/{}".format(user.name), alerts=[alert])
self.session.commit()
AuditLog.log(
self.session,
self.current_user.id,
"disable_user",
"Disabled user.",
on_user_id=user.id,
)
return self.redirect("/users/{}?refresh=yes".format(user.name))示例12: test_group_logdump
def test_group_logdump(session, tmpdir, users, groups): # noqa: F811
groupname = "team-sre"
group_id = groups[groupname].id
yesterday = date.today() - timedelta(days=1)
fn = tmpdir.join("out.csv").strpath
call_main(
session, tmpdir, "group", "log_dump", groupname, yesterday.isoformat(), "--outfile", fn
)
with open(fn, "r") as fh:
out = fh.read()
assert not out, "nothing yet"
AuditLog.log(
session, users["[email protected]"].id, "make_noise", "making some noise", on_group_id=group_id
)
session.commit()
call_main(
session, tmpdir, "group", "log_dump", groupname, yesterday.isoformat(), "--outfile", fn
)
with open(fn, "r") as fh:
entries = [x for x in csv.reader(fh)]
assert len(entries) == 1, "should capture our new audit log entry"
log_time, actor, description, action, extra = entries[0]
assert groupname in extra示例13: post
def post(self, user_id=None, name=None):
user = User.get(self.session, user_id, name)
if not user:
return self.notfound()
if not self.check_access(self.session, self.current_user, user):
return self.forbidden()
form = UserEnableForm(self.request.arguments)
if not form.validate():
# TODO: add error message
return self.redirect("/users/{}?refresh=yes".format(user.name))
if user.role_user:
enable_service_account(self.session, actor=self.current_user,
preserve_membership=form.preserve_membership.data, user=user)
else:
enable_user(self.session, user, self.current_user,
preserve_membership=form.preserve_membership.data)
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'enable_user',
'Enabled user.', on_user_id=user.id)
return self.redirect("/users/{}?refresh=yes".format(user.name))示例14: post
def post(self, group_id=None, name=None):
group = Group.get(self.session, group_id, name)
if not group:
return self.notfound()
if not self.current_user.can_manage(group):
return self.forbidden()
form = GroupRemoveForm(self.request.arguments)
if not form.validate():
return self.send_error(status_code=400)
member_type, member_name = form.data["member_type"], form.data["member"]
members = group.my_members()
if not members.get((member_type.capitalize(), member_name), None):
return self.notfound()
removed_member = get_user_or_group(self.session, member_name, user_or_group=member_type)
if self.current_user == removed_member:
return self.send_error(
status_code=400,
reason="Can't remove yourself. Leave group instead."
)
group.revoke_member(self.current_user, removed_member, "Removed by owner/np-owner/manager")
AuditLog.log(self.session, self.current_user.id, 'remove_from_group',
'{} was removed from the group.'.format(removed_member.name),
on_group_id=group.id, on_user_id=removed_member.id)
return self.redirect("/groups/{}?refresh=yes".format(group.name))示例15: post
def post(self, name=None, mapping_id=None):
grantable = self.current_user.my_grantable_permissions()
if not grantable:
return self.forbidden()
mapping = PermissionMap.get(self.session, id=mapping_id)
if not mapping:
return self.notfound()
allowed = False
for perm in grantable:
if perm[0].name == mapping.permission.name:
if matches_glob(perm[1], mapping.argument):
allowed = True
if not allowed:
return self.forbidden()
permission = mapping.permission
group = mapping.group
mapping.delete(self.session)
Counter.incr(self.session, "updates")
self.session.commit()
AuditLog.log(self.session, self.current_user.id, 'revoke_permission',
'Revoked permission with argument: {}'.format(mapping.argument),
on_group_id=group.id, on_permission_id=permission.id)
return self.redirect('/groups/{}?refresh=yes'.format(group.name))