haproxy-wi/app/routes/user/routes.py

import json

from flask import render_template, request, jsonify, g, abort
from flask_login import login_required

from app.routes.user import bp
import app.modules.db.sql as sql
import app.modules.db.user as user_sql
import app.modules.db.group as group_sql
import app.modules.common.common as common
import app.modules.roxywi.user as roxywi_user
import app.modules.roxywi.auth as roxywi_auth
import app.modules.roxywi.common as roxywi_common
from app.middleware import get_user_params


@bp.before_request
@login_required
def before_request():
    """ Protect all the admin endpoints. """
    pass


@bp.route('', methods=['POST', 'PUT', 'DELETE'])
@get_user_params()
def create_user():
    roxywi_auth.page_for_admin(level=2)
    json_data = request.get_json()

    if request.method == 'POST':
        email = common.checkAjaxInput(json_data['email'])
        password = common.checkAjaxInput(json_data['password'])
        role = int(json_data['role'])
        new_user = common.checkAjaxInput(json_data['username'])
        enabled = int(json_data['enabled'])
        group_id = int(json_data['user_group'])
        lang = roxywi_common.get_user_lang_for_flask()
        current_user_role_id = g.user_params['role']
        if not roxywi_common.check_user_group_for_flask():
            return roxywi_common.handle_json_exceptions('Wrong group', 'Roxy-WI server', '')
        if current_user_role_id < role:
            return roxywi_common.handle_json_exceptions('Wrong role', 'Roxy-WI server', '')
        try:
            user_id = roxywi_user.create_user(new_user, email, password, role, enabled, group_id)
        except Exception as e:
            return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', 'Cannot create a new user')
        else:
            return jsonify({'status': 'created', 'id': user_id, 'data': render_template(
                'ajax/new_user.html', users=user_sql.select_users(user=new_user), groups=group_sql.select_groups(),
                roles=sql.select_roles(), adding=1, lang=lang
            )})
    elif request.method == 'PUT':
        user_id = int(json_data['user_id'])
        user_name = common.checkAjaxInput(json_data['username'])
        email = common.checkAjaxInput(json_data['email'])
        enabled = int(json_data['enabled'])
        if roxywi_common.check_user_group_for_flask():
            try:
                user_sql.update_user_from_admin_area(user_name, email, user_id, enabled)
            except Exception as e:
                return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', 'Cannot update user')
            roxywi_common.logging(user_name, ' has been updated user ', roxywi=1, login=1)
            return jsonify({'status': 'updated'})
    elif request.method == 'DELETE':
        roxywi_auth.page_for_admin(level=2)
        user_id = int(json_data['user_id'])
        try:
            roxywi_user.delete_user(user_id)
            return jsonify({'status': 'deleted'})
        except Exception as e:
            return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', f'Cannot delete the user {user_id}')
    else:
        abort(405)


@bp.route('/ldap/<username>')
def get_ldap_email(username):
    roxywi_auth.page_for_admin(level=2)

    return roxywi_user.get_ldap_email(username)


@bp.post('/password')
def update_password():
    password = request.form.get('updatepassowrd')
    uuid = request.form.get('uuid')
    user_id_from_get = request.form.get('id')

    return roxywi_user.update_user_password(password, uuid, user_id_from_get)


@bp.route('/services/<int:user_id>', methods=['GET', 'POST'])
def show_user_services(user_id):
    if request.method == 'GET':
        return roxywi_user.get_user_services(user_id)
    else:
        json_data = request.get_json()
        user = json_data['username']
        user_services = json_data['services']
        try:
            roxywi_user.change_user_services(user, user_id, user_services)
            return jsonify({'status': 'updated'})
        except Exception as e:
            return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', 'Cannot change user services')


@bp.route('/group', methods=['GET', 'PUT'])
def get_current_group():
    if request.method == 'GET':
        uuid = common.checkAjaxInput(request.cookies.get('uuid'))
        group = common.checkAjaxInput(request.cookies.get('group'))
        return roxywi_user.get_user_active_group(uuid, group)
    elif request.method == 'PUT':
        group_id = common.checkAjaxInput(request.form.get('group'))
        user_uuid = common.checkAjaxInput(request.form.get('uuid'))

        return roxywi_user.change_user_active_group(group_id, user_uuid)


@bp.route('/groups/<int:user_id>')
def show_user_groups_and_roles(user_id):
    lang = roxywi_common.get_user_lang_for_flask()

    return roxywi_user.show_user_groups_and_roles(user_id, lang)


@bp.post('/groups/save')
def change_user_groups_and_roles():
    user = common.checkAjaxInput(request.form.get('changeUserGroupsUser'))
    groups_and_roles = json.loads(request.form.get('jsonDatas'))
    user_uuid = request.cookies.get('uuid')

    return roxywi_user.save_user_group_and_role(user, groups_and_roles, user_uuid)


@bp.route('/group/name/<int:group_id>')
def get_group_name_by_id(group_id):
    return group_sql.get_group_name_by_id(group_id)
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`import json`

v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`from flask import render_template, request, jsonify, g, abort`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`from flask_login import login_required`

			`from app.routes.user import bp`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-30 08:48:54 +00:00			`import app.modules.db.sql as sql`
v7.2.1.0 https://roxy-wi.org/changelog#7_2_1 2024-03-03 07:11:48 +00:00			`import app.modules.db.user as user_sql`
			`import app.modules.db.group as group_sql`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-30 08:48:54 +00:00			`import app.modules.common.common as common`
			`import app.modules.roxywi.user as roxywi_user`
			`import app.modules.roxywi.auth as roxywi_auth`
			`import app.modules.roxywi.common as roxywi_common`
v7.2.5.0: Add middleware to get user params in create methods This commit adjusts the 'create_user' and 'create_server' routes to include a decorator for getting user parameters. This will improve the handling of these methods, ensuring they receive any necessary user specific parameters. 2024-05-03 16:58:43 +00:00			`from app.middleware import get_user_params`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00

			`@bp.before_request`
			`@login_required`
			`def before_request():`
v7.2.1.0 https://roxy-wi.org/changelog#7_2_1 2024-03-03 07:11:48 +00:00			`""" Protect all the admin endpoints. """`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`pass`


v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`@bp.route('', methods=['POST', 'PUT', 'DELETE'])`
v7.2.5.0: Add middleware to get user params in create methods This commit adjusts the 'create_user' and 'create_server' routes to include a decorator for getting user parameters. This will improve the handling of these methods, ensuring they receive any necessary user specific parameters. 2024-05-03 16:58:43 +00:00			`@get_user_params()`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`def create_user():`
			`roxywi_auth.page_for_admin(level=2)`
v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`json_data = request.get_json()`

			`if request.method == 'POST':`
			`email = common.checkAjaxInput(json_data['email'])`
			`password = common.checkAjaxInput(json_data['password'])`
			`role = int(json_data['role'])`
			`new_user = common.checkAjaxInput(json_data['username'])`
			`enabled = int(json_data['enabled'])`
			`group_id = int(json_data['user_group'])`
			`lang = roxywi_common.get_user_lang_for_flask()`
			`current_user_role_id = g.user_params['role']`
			`if not roxywi_common.check_user_group_for_flask():`
			`return roxywi_common.handle_json_exceptions('Wrong group', 'Roxy-WI server', '')`
			`if current_user_role_id < role:`
			`return roxywi_common.handle_json_exceptions('Wrong role', 'Roxy-WI server', '')`
			`try:`
			`user_id = roxywi_user.create_user(new_user, email, password, role, enabled, group_id)`
			`except Exception as e:`
			`return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', 'Cannot create a new user')`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`else:`
v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`return jsonify({'status': 'created', 'id': user_id, 'data': render_template(`
			`'ajax/new_user.html', users=user_sql.select_users(user=new_user), groups=group_sql.select_groups(),`
			`roles=sql.select_roles(), adding=1, lang=lang`
			`)})`
			`elif request.method == 'PUT':`
			`user_id = int(json_data['user_id'])`
			`user_name = common.checkAjaxInput(json_data['username'])`
			`email = common.checkAjaxInput(json_data['email'])`
			`enabled = int(json_data['enabled'])`
			`if roxywi_common.check_user_group_for_flask():`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`try:`
v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`user_sql.update_user_from_admin_area(user_name, email, user_id, enabled)`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`except Exception as e:`
v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', 'Cannot update user')`
			`roxywi_common.logging(user_name, ' has been updated user ', roxywi=1, login=1)`
			`return jsonify({'status': 'updated'})`
			`elif request.method == 'DELETE':`
			`roxywi_auth.page_for_admin(level=2)`
			`user_id = int(json_data['user_id'])`
			`try:`
			`roxywi_user.delete_user(user_id)`
			`return jsonify({'status': 'deleted'})`
			`except Exception as e:`
			`return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', f'Cannot delete the user {user_id}')`
			`else:`
			`abort(405)`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00

			`@bp.route('/ldap/<username>')`
			`def get_ldap_email(username):`
			`roxywi_auth.page_for_admin(level=2)`

			`return roxywi_user.get_ldap_email(username)`


			`@bp.post('/password')`
			`def update_password():`
			`password = request.form.get('updatepassowrd')`
			`uuid = request.form.get('uuid')`
			`user_id_from_get = request.form.get('id')`

			`return roxywi_user.update_user_password(password, uuid, user_id_from_get)`


			`@bp.route('/services/<int:user_id>', methods=['GET', 'POST'])`
			`def show_user_services(user_id):`
			`if request.method == 'GET':`
			`return roxywi_user.get_user_services(user_id)`
			`else:`
v7.3.1.0: Refactor server-side code to use JSON-based APIs The commit refactors the server-side modules of the Roxy-WI web interface to use JSON-based APIs for improved data exchange. Specifically, methods for user, group and SSH management have been updated to accept and return JSON data. Simultaneously, error handling is improved to give more informative responses instead of plain strings. The client-side JavaScript code is also refactored to accommodate these changes. Additionally, some minor corrections are made in the UI templates. 2024-06-16 16:20:18 +00:00			`json_data = request.get_json()`
			`user = json_data['username']`
			`user_services = json_data['services']`
			`try:`
			`roxywi_user.change_user_services(user, user_id, user_services)`
			`return jsonify({'status': 'updated'})`
			`except Exception as e:`
			`return roxywi_common.handle_json_exceptions(e, 'Roxy-WI server', 'Cannot change user services')`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00

v7.2.5.0: Refactor execution of group changes in user settings This commit streamlines the way user group data is handled, both in scripts and server-side logic. The group settings URL has been simplified and the logic for updating user groups also has been optimized. Eliminated unnecessary checks in the user.py module, and updated the routing logic for group data to utilize a single route with HTTP GET and PUT methods. Removed unsuccessful group changing errors. 2024-05-15 18:35:38 +00:00			`@bp.route('/group', methods=['GET', 'PUT'])`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00			`def get_current_group():`
v7.2.5.0: Refactor execution of group changes in user settings This commit streamlines the way user group data is handled, both in scripts and server-side logic. The group settings URL has been simplified and the logic for updating user groups also has been optimized. Eliminated unnecessary checks in the user.py module, and updated the routing logic for group data to utilize a single route with HTTP GET and PUT methods. Removed unsuccessful group changing errors. 2024-05-15 18:35:38 +00:00			`if request.method == 'GET':`
			`uuid = common.checkAjaxInput(request.cookies.get('uuid'))`
			`group = common.checkAjaxInput(request.cookies.get('group'))`
			`return roxywi_user.get_user_active_group(uuid, group)`
			`elif request.method == 'PUT':`
			`group_id = common.checkAjaxInput(request.form.get('group'))`
			`user_uuid = common.checkAjaxInput(request.form.get('uuid'))`

			`return roxywi_user.change_user_active_group(group_id, user_uuid)`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00

			`@bp.route('/groups/<int:user_id>')`
			`def show_user_groups_and_roles(user_id):`
			`lang = roxywi_common.get_user_lang_for_flask()`

			`return roxywi_user.show_user_groups_and_roles(user_id, lang)`


			`@bp.post('/groups/save')`
			`def change_user_groups_and_roles():`
			`user = common.checkAjaxInput(request.form.get('changeUserGroupsUser'))`
			`groups_and_roles = json.loads(request.form.get('jsonDatas'))`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-10-03 19:56:34 +00:00			`user_uuid = request.cookies.get('uuid')`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-10-03 19:56:34 +00:00			`return roxywi_user.save_user_group_and_role(user, groups_and_roles, user_uuid)`
v7.0.0.0 Changelog: https://roxy-wi.org/changelog#7.0.0 2023-09-17 09:42:39 +00:00

			`@bp.route('/group/name/<int:group_id>')`
			`def get_group_name_by_id(group_id):`
v7.2.1.0 https://roxy-wi.org/changelog#7_2_1 2024-03-03 07:11:48 +00:00			`return group_sql.get_group_name_by_id(group_id)`