Accueil Explorer Aide
Connexion
RRT
/
pbx
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

users rights implementaion

Hal De il y a 4 ans
Parent
7d2549dc28
commit
2e91fad282
1 fichiers modifiés avec 28 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 28 1
      app/app.py

+ 28 - 1
app/app.py
Voir le fichier 

@@ -641,7 +641,6 @@ async def rebindLostDevices():
 
         await setUserDeviceStates(user, device, ast) # Set device states for users device
 
         await setUserDevice(user, device)            # Bind device to user
 
     app.cache['usermap'][device] = user
 
-  app.logger.warning(pformat(app.cache['usermap']))
 
 
 async def userStateChangeCallback(user, state, prevState = None):
 
   reply = None
 
@@ -673,6 +672,8 @@ class AtXfer(Resource):
 
   async def get(self, userA, userB):
 
     '''Attended call transfer
 
     '''
 
+    if (userA != request.user) and (not request.admin):
 
+      abort(401)
 
     channel = await getUserChannel(userA)
 
     if not channel:
 
       return noUserChannel(userA)
 
@@ -696,6 +697,8 @@ class BXfer(Resource):
 
   async def get(self, userA, userB):
 
     '''Blind call transfer
 
     '''
 
+    if (userA != request.user) and (not request.admin):
 
+      abort(401)
 
     channel = await getUserChannel(userA)
 
     if not channel:
 
       return noUserChannel(userA)
 
@@ -719,6 +722,8 @@ class Originate(Resource):
 
   async def get(self, user, number):
 
     '''Originate call
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     device = await getUserDevice(user)
 
     if device in NONEs:
 
       return noUserDevice(user)
 
@@ -744,6 +749,8 @@ class Hangup(Resource):
 
   async def get(self, user):
 
     '''Call hangup
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     channel = await getUserChannel(user)
 
     if not channel:
 
       return noUserChannel(user)
 
@@ -782,6 +789,8 @@ class UserState(Resource):
 
     '''Returns user's combined state.
 
     One of: available, away, dnd, inuse, busy, unavailable, ringing
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
     return successReply({'user':user,'state':getUserStateCombined(user)})
 
@@ -796,6 +805,8 @@ class PresenceState(Resource):
 
     '''Returns user's presence state.
 
     One of: not_set, unavailable, available, away, xa, chat, dnd
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
     return successReply({'user':user,'state':app.cache['pstates'].get(user, 'not_set')})
 
@@ -813,6 +824,8 @@ class SetPresenceState(Resource):
 
     '''Sets user's presence state.
 
     Allowed states: not_set | unavailable | available | away | xa | chat | dnd
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if state not in presenceStates:
 
       return invalidState(state)
 
     if user not in app.cache['ustates']:
 
@@ -834,6 +847,8 @@ class UsersDevices(Resource):
 
   async def get(self):
 
     '''Returns users to device maping.
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     data = {}
 
     for user in app.cache['ustates']:
 
       device = await getUserDevice(user)
 
@@ -858,6 +873,8 @@ class UserDeviceBind(Resource):
 
     Any device user was previously bound to, is unbound.
 
     Any user previously bound to device is unbound also.
 
     '''
 
+    if (device != request.device) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
     dial = await getDeviceDial(device) # Check if device exists in astdb
 
@@ -894,6 +911,8 @@ class DeviceUnBind(Resource):
 
     '''Unbinds any user from device.
 
     Device is checked for existance.
 
     '''
 
+    if (device != request.device) and (not request.admin):
 
+      abort(401)
 
     dial = await getDeviceDial(device) # Check if device exists in astdb
 
     if dial is None:
 
       return noDevice(device)
 
@@ -921,6 +940,8 @@ class CDR(Resource):
 
     '''Returns CDR data, groupped by logical call id.
 
     All request arguments are optional.
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     start = parseDatetime(request.args.get('start'))
 
     end = parseDatetime(request.args.get('end'))
 
     cdr = await getCDR(start, end)
 
@@ -937,6 +958,8 @@ class CEL(Resource):
 
     '''Returns CEL data, groupped by logical call id.
 
     All request arguments are optional.
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     start = parseDatetime(request.args.get('start'))
 
     end = parseDatetime(request.args.get('end'))
 
     cel = await getCEL(start, end)
 
@@ -953,6 +976,8 @@ class Calls(Resource):
 
     '''Returns aggregated call data JSON. Draft implementation.
 
     All request arguments are optional.
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     calls = []
 
     start = parseDatetime(request.args.get('start'))
 
     end = parseDatetime(request.args.get('end'))
 
@@ -986,6 +1011,8 @@ class UserCalls(Resource):
 
   async def get(self, user):
 
     '''Returns user's call stats.
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
     cdr = await getUserCDR(user,