########################################################################## # # pgAdmin 4 - PostgreSQL Tools # # Copyright (C) 2013 - 2024, The pgAdmin Development Team # This software is released under the PostgreSQL Licence # ########################################################################## import re from functools import wraps import pgadmin.browser.server_groups as sg import json from flask import render_template, request, jsonify, current_app from flask_babel import gettext as _ import dateutil.parser as dateutil_parser from pgadmin.browser.collection import CollectionNodeModule from pgadmin.browser.utils import PGChildNodeView from pgadmin.utils.ajax import make_json_response, \ make_response as ajax_response, precondition_required, \ internal_server_error, forbidden, success_return, gone from pgadmin.utils.driver import get_driver from pgadmin.utils.constants import ERROR_FETCHING_ROLE_INFORMATION from pgadmin.utils.exception import ExecuteError from config import PG_DEFAULT_DRIVER from flask_babel import gettext _REASSIGN_OWN_SQL = 'reassign_own.sql' class RoleModule(CollectionNodeModule): _NODE_TYPE = 'role' _COLLECTION_LABEL = _("Login/Group Roles") def __init__(self, *args, **kwargs): self.min_ver = None self.max_ver = None super().__init__(*args, **kwargs) def get_nodes(self, gid, sid): """ Generate the collection node """ if self.show_node: yield self.generate_browser_collection_node(sid) @property def node_inode(self): """ Override this property to make the node as leaf node. """ return False @property def script_load(self): """ Load the module script for server, when any of the server-group node is initialized. """ return sg.ServerGroupModule.node_type @property def csssnippets(self): """ Returns a snippet of css to include in the page """ snippets = [ render_template( self._COLLECTION_CSS, node_type=self.node_type ), render_template("roles/css/role.css")] for submodule in self.submodules: snippets.extend(submodule.csssnippets) return snippets @property def module_use_template_javascript(self): """ Returns whether Jinja2 template is used for generating the javascript module. """ return False blueprint = RoleModule(__name__) class RoleView(PGChildNodeView): node_type = 'role' parent_ids = [ {'type': 'int', 'id': 'gid'}, {'type': 'int', 'id': 'sid'} ] ids = [ {'type': 'int', 'id': 'rid'} ] operations = dict({ 'obj': [ {'get': 'properties', 'delete': 'drop', 'put': 'update'}, {'get': 'list', 'post': 'create', 'delete': 'drop'}, ], 'nodes': [{'get': 'node'}, {'get': 'nodes'}], 'sql': [{'get': 'sql'}], 'msql': [{'get': 'msql'}, {'get': 'msql'}], 'dependency': [{'get': 'dependencies'}], 'dependent': [{'get': 'dependents'}], 'children': [{'get': 'children'}], 'vopts': [{}, {'get': 'voptions'}], 'variables': [{'get': 'variables'}], 'reassign': [{'get': 'get_reassign_own_sql', 'post': 'role_reassign_own'}] }) def _validate_input_dict_for_new(self, data, req_keys): """ This functions validates the input dict and check for required keys in the dict when creating a new object :param data: input dict :param req_keys: required keys :return: Valid or Invalid """ if not isinstance(data, list): return False for item in data: if not isinstance(item, dict): return False for a_key in req_keys: if a_key not in item: return False return True def _validate_input_dict_for_update( self, data, req_add_keys, req_delete_keys): """ This functions validates the input dict and check for required keys in the dict when updating an existing object :param data: input dict :param req_add_keys: required keys when adding, updating :param req_delete_keys: required keys when deleting :return: Valid or Invalid """ if not isinstance(data, dict): return False for op in ['added', 'deleted', 'changed']: op_data = data.get(op, []) check_keys = req_add_keys \ if op in ['added', 'changed'] else req_delete_keys if not self._validate_input_dict_for_new(op_data, check_keys): return False return True def _validate_rolvaliduntil(self, data): """ Validate the rolvaliduntil in input data dict :param data: role data :return: valid or invalid message """ if 'rolvaliduntil' in data: # Make date explicit so that it works with every # postgres database datestyle format try: if data['rolvaliduntil'] is not None and \ data['rolvaliduntil'] != '' and \ len(data['rolvaliduntil']) > 0: data['rolvaliduntil'] = dateutil_parser.parse( data['rolvaliduntil'] ).isoformat() except Exception: return _("Date format is invalid.") return None def _validate_rolconnlimit(self, data): """ Validate the rolconnlimit data dict :param data: role data :return: valid or invalid message """ if 'rolconnlimit' in data: # If roleconnlimit is empty string then set it to -1 if data['rolconnlimit'] == '': data['rolconnlimit'] = -1 if data['rolconnlimit'] is not None: data['rolconnlimit'] = int(data['rolconnlimit']) if not isinstance(data['rolconnlimit'], int) or \ data['rolconnlimit'] < -1: return _("Connection limit must be an integer value " "or equal to -1.") return None def _process_rolemembership(self, id, data): """ Process the input rolemembership list to appropriate keys :param id: id of role :param data: input role data """ def _part_dict_list(dict_list, condition, list_key=None): ret_val = [] for d in dict_list: if condition(d): ret_val.append(d[list_key]) return ret_val if id == -1: data['members'] = [] data['admins'] = [] data['admins'] = _part_dict_list( data['rolmembership'], lambda d: d['admin'], 'role') data['members'] = _part_dict_list( data['rolmembership'], lambda d: not d['admin'], 'role') else: data['admins'] = _part_dict_list( data['rolmembership'].get('added', []), lambda d: d['admin'], 'role') data['members'] = _part_dict_list( data['rolmembership'].get('added', []), lambda d: not d['admin'], 'role') data['admins'].extend(_part_dict_list( data['rolmembership'].get('changed', []), lambda d: d['admin'], 'role')) data['revoked_admins'] = _part_dict_list( data['rolmembership'].get('changed', []), lambda d: not d['admin'], 'role') data['revoked'] = _part_dict_list( data['rolmembership'].get('deleted', []), lambda _: True, 'role') def _process_rolmembers(self, id, data): """ Parser role members. :param id: :param data: """ def _part_dict_list(dict_list, condition, list_key=None): ret_val = [] for d in dict_list: if condition(d): ret_val.append(d[list_key]) return ret_val if id == -1: data['rol_members'] = [] data['rol_admins'] = [] data['rol_admins'] = _part_dict_list( data['rolmembers'], lambda d: d['admin'], 'role') data['rol_members'] = _part_dict_list( data['rolmembers'], lambda d: not d['admin'], 'role') else: data['rol_admins'] = _part_dict_list( data['rolmembers'].get('added', []), lambda d: d['admin'], 'role') data['rol_members'] = _part_dict_list( data['rolmembers'].get('added', []), lambda d: not d['admin'], 'role') data['rol_admins'].extend(_part_dict_list( data['rolmembers'].get('changed', []), lambda d: d['admin'], 'role')) data['rol_revoked_admins'] = _part_dict_list( data['rolmembers'].get('changed', []), lambda d: not d['admin'], 'role') data['rol_revoked'] = _part_dict_list( data['rolmembers'].get('deleted', []), lambda _: True, 'role') def _validate_rolemembers(self, id, data): """ Validate the rolmembers data dict :param data: role data :return: valid or invalid message """ if 'rolmembers' not in data: return None if id == -1: msg = _(""" Role members information must be passed as an array of JSON objects in the following format: rolmembers:[{ role: [rolename], admin: True/False }, ... ]""") if not self._validate_input_dict_for_new(data['rolmembers'], ['role', 'admin']): return msg self._process_rolmembers(id, data) return None msg = _(""" Role membership information must be passed as a string representing an array of JSON objects in the following format: rolmembers:{ 'added': [{ role: [rolename], admin: True/False }, ... ], 'deleted': [{ role: [rolename], admin: True/False }, ... ], 'updated': [{ role: [rolename], admin: True/False }, ... ] """) if not self._validate_input_dict_for_update(data['rolmembers'], ['role', 'admin'], ['role']): return msg self._process_rolmembers(id, data) return None def _validate_rolemembership(self, id, data): """ Validate the rolmembership data dict :param data: role data :return: valid or invalid message """ if 'rolmembership' not in data: return None if id == -1: msg = _(""" Role membership information must be passed as an array of JSON objects in the following format: rolmembership:[{ role: [rolename], admin: True/False }, ... ]""") if not self._validate_input_dict_for_new( data['rolmembership'], ['role', 'admin']): return msg self._process_rolemembership(id, data) return None msg = _(""" Role membership information must be passed as a string representing an array of JSON objects in the following format: rolmembership:{ 'added': [{ role: [rolename], admin: True/False }, ... ], 'deleted': [{ role: [rolename], admin: True/False }, ... ], 'updated': [{ role: [rolename], admin: True/False }, ... ] """) if not self._validate_input_dict_for_update( data['rolmembership'], ['role', 'admin'], ['role']): return msg self._process_rolemembership(id, data) return None def _validate_seclabels(self, id, data): """ Validate the seclabels data dict :param data: role data :return: valid or invalid message """ if 'seclabels' not in data or self.manager.version < 90200: return None if id == -1: msg = _(""" Security Label must be passed as an array of JSON objects in the following format: seclabels:[{ provider: , label: