Home Explore Help
Sign In
RRT
/
pbx
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

users rights implementaion

Hal De 4 years ago
parent
7d2549dc28
commit
2e91fad282
1 changed files with 28 additions and 1 deletions
Unified View Show Diff Stats
  1. 28 1
      app/app.py

+ 28 - 1
app/app.py
View File 

@@ -641,7 +641,6 @@ async def rebindLostDevices():
 
         await setUserDeviceStates(user, device, ast) # Set device states for users device
 
         await setUserDeviceStates(user, device, ast) # Set device states for users device
 
         await setUserDevice(user, device)            # Bind device to user
 
         await setUserDevice(user, device)            # Bind device to user
 
     app.cache['usermap'][device] = user
 
     app.cache['usermap'][device] = user
 
-  app.logger.warning(pformat(app.cache['usermap']))
 
 
 
 async def userStateChangeCallback(user, state, prevState = None):
 
 async def userStateChangeCallback(user, state, prevState = None):
 
   reply = None
 
   reply = None
 
@@ -673,6 +672,8 @@ class AtXfer(Resource):
 
   async def get(self, userA, userB):
 
   async def get(self, userA, userB):
 
     '''Attended call transfer
 
     '''Attended call transfer
 
     '''
 
     '''
 
+    if (userA != request.user) and (not request.admin):
 
+      abort(401)
 
     channel = await getUserChannel(userA)
 
     channel = await getUserChannel(userA)
 
     if not channel:
 
     if not channel:
 
       return noUserChannel(userA)
 
       return noUserChannel(userA)
 
@@ -696,6 +697,8 @@ class BXfer(Resource):
 
   async def get(self, userA, userB):
 
   async def get(self, userA, userB):
 
     '''Blind call transfer
 
     '''Blind call transfer
 
     '''
 
     '''
 
+    if (userA != request.user) and (not request.admin):
 
+      abort(401)
 
     channel = await getUserChannel(userA)
 
     channel = await getUserChannel(userA)
 
     if not channel:
 
     if not channel:
 
       return noUserChannel(userA)
 
       return noUserChannel(userA)
 
@@ -719,6 +722,8 @@ class Originate(Resource):
 
   async def get(self, user, number):
 
   async def get(self, user, number):
 
     '''Originate call
 
     '''Originate call
 
     '''
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     device = await getUserDevice(user)
 
     device = await getUserDevice(user)
 
     if device in NONEs:
 
     if device in NONEs:
 
       return noUserDevice(user)
 
       return noUserDevice(user)
 
@@ -744,6 +749,8 @@ class Hangup(Resource):
 
   async def get(self, user):
 
   async def get(self, user):
 
     '''Call hangup
 
     '''Call hangup
 
     '''
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     channel = await getUserChannel(user)
 
     channel = await getUserChannel(user)
 
     if not channel:
 
     if not channel:
 
       return noUserChannel(user)
 
       return noUserChannel(user)
 
@@ -782,6 +789,8 @@ class UserState(Resource):
 
     '''Returns user's combined state.
 
     '''Returns user's combined state.
 
     One of: available, away, dnd, inuse, busy, unavailable, ringing
 
     One of: available, away, dnd, inuse, busy, unavailable, ringing
 
     '''
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
       return noUser(user)
 
     return successReply({'user':user,'state':getUserStateCombined(user)})
 
     return successReply({'user':user,'state':getUserStateCombined(user)})
 
@@ -796,6 +805,8 @@ class PresenceState(Resource):
 
     '''Returns user's presence state.
 
     '''Returns user's presence state.
 
     One of: not_set, unavailable, available, away, xa, chat, dnd
 
     One of: not_set, unavailable, available, away, xa, chat, dnd
 
     '''
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
       return noUser(user)
 
     return successReply({'user':user,'state':app.cache['pstates'].get(user, 'not_set')})
 
     return successReply({'user':user,'state':app.cache['pstates'].get(user, 'not_set')})
 
@@ -813,6 +824,8 @@ class SetPresenceState(Resource):
 
     '''Sets user's presence state.
 
     '''Sets user's presence state.
 
     Allowed states: not_set | unavailable | available | away | xa | chat | dnd
 
     Allowed states: not_set | unavailable | available | away | xa | chat | dnd
 
     '''
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if state not in presenceStates:
 
     if state not in presenceStates:
 
       return invalidState(state)
 
       return invalidState(state)
 
     if user not in app.cache['ustates']:
 
     if user not in app.cache['ustates']:
 
@@ -834,6 +847,8 @@ class UsersDevices(Resource):
 
   async def get(self):
 
   async def get(self):
 
     '''Returns users to device maping.
 
     '''Returns users to device maping.
 
     '''
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     data = {}
 
     data = {}
 
     for user in app.cache['ustates']:
 
     for user in app.cache['ustates']:
 
       device = await getUserDevice(user)
 
       device = await getUserDevice(user)
 
@@ -858,6 +873,8 @@ class UserDeviceBind(Resource):
 
     Any device user was previously bound to, is unbound.
 
     Any device user was previously bound to, is unbound.
 
     Any user previously bound to device is unbound also.
 
     Any user previously bound to device is unbound also.
 
     '''
 
     '''
 
+    if (device != request.device) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
       return noUser(user)
 
     dial = await getDeviceDial(device) # Check if device exists in astdb
 
     dial = await getDeviceDial(device) # Check if device exists in astdb
 
@@ -894,6 +911,8 @@ class DeviceUnBind(Resource):
 
     '''Unbinds any user from device.
 
     '''Unbinds any user from device.
 
     Device is checked for existance.
 
     Device is checked for existance.
 
     '''
 
     '''
 
+    if (device != request.device) and (not request.admin):
 
+      abort(401)
 
     dial = await getDeviceDial(device) # Check if device exists in astdb
 
     dial = await getDeviceDial(device) # Check if device exists in astdb
 
     if dial is None:
 
     if dial is None:
 
       return noDevice(device)
 
       return noDevice(device)
 
@@ -921,6 +940,8 @@ class CDR(Resource):
 
     '''Returns CDR data, groupped by logical call id.
 
     '''Returns CDR data, groupped by logical call id.
 
     All request arguments are optional.
 
     All request arguments are optional.
 
     '''
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     start = parseDatetime(request.args.get('start'))
 
     start = parseDatetime(request.args.get('start'))
 
     end = parseDatetime(request.args.get('end'))
 
     end = parseDatetime(request.args.get('end'))
 
     cdr = await getCDR(start, end)
 
     cdr = await getCDR(start, end)
 
@@ -937,6 +958,8 @@ class CEL(Resource):
 
     '''Returns CEL data, groupped by logical call id.
 
     '''Returns CEL data, groupped by logical call id.
 
     All request arguments are optional.
 
     All request arguments are optional.
 
     '''
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     start = parseDatetime(request.args.get('start'))
 
     start = parseDatetime(request.args.get('start'))
 
     end = parseDatetime(request.args.get('end'))
 
     end = parseDatetime(request.args.get('end'))
 
     cel = await getCEL(start, end)
 
     cel = await getCEL(start, end)
 
@@ -953,6 +976,8 @@ class Calls(Resource):
 
     '''Returns aggregated call data JSON. Draft implementation.
 
     '''Returns aggregated call data JSON. Draft implementation.
 
     All request arguments are optional.
 
     All request arguments are optional.
 
     '''
 
     '''
 
+    if not request.admin:
 
+      abort(401)
 
     calls = []
 
     calls = []
 
     start = parseDatetime(request.args.get('start'))
 
     start = parseDatetime(request.args.get('start'))
 
     end = parseDatetime(request.args.get('end'))
 
     end = parseDatetime(request.args.get('end'))
 
@@ -986,6 +1011,8 @@ class UserCalls(Resource):
 
   async def get(self, user):
 
   async def get(self, user):
 
     '''Returns user's call stats.
 
     '''Returns user's call stats.
 
     '''
 
     '''
 
+    if (user != request.user) and (not request.admin):
 
+      abort(401)
 
     if user not in app.cache['ustates']:
 
     if user not in app.cache['ustates']:
 
       return noUser(user)
 
       return noUser(user)
 
     cdr = await getUserCDR(user,
 
     cdr = await getUserCDR(user,