ADD: Group and OU validation for BCD request

229062e4 · Alexander Kaschta · bc3d9d58 · 229062e4
Commit 229062e4 authored 1 month ago by Alexander Kaschta
--- a/api/bcd_request.py
+++ b/api/bcd_request.py
 from fastapi import APIRouter, Depends, HTTPException
 from starlette import status

-from api import get_conn
+from api import db, get_conn
 from model.bcd_request import BCDRequestModel, BCDProtectionRequirements, BCDSystemType, IPAddressVersion
 from model.wapi.cntl import APIToken, Mgr
 from util.auth import check_auth
+from util.wapi_util import execute_wapi_function

 router = APIRouter(
    prefix="/api/bcd_request",
@@ -13,19 +14,69 @@ router = APIRouter(
 js_mods = ['bcdrequest']


-# TODO: implement methods...
 @router.post('')
 async def handle_request(bcd_request: BCDRequestModel, token: APIToken = Depends(check_auth), conn=Depends(get_conn)):
    user = Mgr.check_token(conn, token)

-    if user:
-        return "Success"
+    ou_request = execute_wapi_function(conn, [
+        {"idx": "own_mgr2ou_list", "name": "cntl.mgr2ou.list", "old": {"is_own": True}},
+        {"idx": "unit_list", "name": "org.unit.list", "inner_join_ref": {"own_mgr2ou_list": "default"},
+         "old": {"sorting_params_list": ["sub_position"]}},
+        {"idx": "unit_list_superset", "name": "org.unit.list",
+         "inner_join_ref": {"unit_list": "api_func_org_unit_hierarchy_gfk_list_is_superset"}},
+        {"name": "cntl.mgr2ou.list", "inner_join_ref": {"unit_list_superset": "default"}, "idx": "mgr2ou_list"},
+        {"name": "cntl.mgr.list", "inner_join_ref": {"mgr2ou_list": "default"}, "idx": "mgr_list"},
+        {"name": "dns.fqdn2ou.list", "inner_join_ref": {"unit_list_superset": "default"}, "idx": "fqdn2ou_list"},
+        {"name": "nd.bcd2ou.list", "inner_join_ref": {"unit_list_superset": "default"}, "idx": "bcd2ou_list"},
+        {"name": "nd.bcd.list", "inner_join_ref": {"bcd2ou_list": "default"}, "idx": "bcd_list"},
+        {"name": "org.unit_type.list", "inner_join_ref": {"unit_list": "default"}, "idx": "unit_type_list"}])
+
+    ous = [item["short_name"] for item in ou_request["unit_list"]]
+
+    if bcd_request.oe not in ous:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail='User is not member of the specified organizational unit.'
+        )
+
+    group_request = execute_wapi_function(conn, [
+        {"idx": "current_ou", "name": "org.unit.list", "old": {"short_name": bcd_request.oe}},
+        {"idx": "child_ous", "name": "org.unit.list",
+         "inner_join_ref": {"current_ou": "api_func_org_unit_hierarchy_gfk_list_is_superset"}},
+        {"idx": "parent_ous", "name": "org.unit.list", "old": {"sorting_params_list": ["tree_level DESC"]},
+         "inner_join_ref": {"current_ou": "api_func_org_unit_hierarchy_gfk_list_is_subset"}},
+        {"name": "cntl.mgr2ou.list", "inner_join_ref": {"current_ou": "default"}, "idx": "mgr2ou_list"},
+        {"name": "cntl.mgr.list", "inner_join_ref": {"mgr2ou_list": "default"}, "idx": "mgr_list"},
+        {"name": "dns.fqdn2ou.list", "inner_join_ref": {"current_ou": "default"}, "idx": "fqdn2ou_list"},
+        {"name": "nd.bcd2ou.list", "inner_join_ref": {"current_ou": "default"}, "idx": "bcd2ou_list"},
+        {"name": "nd.bcd.list", "inner_join_ref": {"bcd2ou_list": "default"}, "idx": "bcd_list"},
+        {"name": "cntl.group.list", "inner_join_ref": {"child_ous": "default"},
+         "old": {"sorting_params_list": ["name"]}, "idx": "group_list"},
+        {"idx": "recursive_fqdn2ou_list", "name": "dns.fqdn2ou.list", "inner_join_ref": {"parent_ous": "default"},
+         "old": {"is_recursive": True}},
+        {"idx": "recursive_bcd2ou_list", "name": "nd.bcd2ou.list", "inner_join_ref": {"parent_ous": "default"},
+         "old": {"is_recursive": True}},
+        {"idx": "recursive_mgr2ou_list", "name": "cntl.mgr2ou.list", "inner_join_ref": {"parent_ous": "default"}},
+        {"idx": "recursive_mgr_list", "name": "cntl.mgr.list", "inner_join_ref": {"recursive_mgr2ou_list": "default"}},
+        {"idx": "recursive_bcd_list", "name": "nd.bcd.list", "inner_join_ref": {"recursive_bcd2ou_list": "default"}},
+        {"name": "org.unit_type.list", "inner_join_ref": {"current_ou": "default"}, "idx": "unit_type_list"}])
+
+    groups = [item["name"] for item in group_request["group_list"]]
+
+    if bcd_request.group not in groups:
+        raise HTTPException(
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail='Unknown group specified.'
+        )
+
+    if validate_bcd_request(bcd_request):
+        # TODO: Send e-mail
+        return {'result': 'success'}

    raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR)


 def validate_bcd_request(bcd_request: BCDRequestModel) -> bool:
-    # TODO: Check if provided user is part of the specified group

    if (bcd_request.protection_requirement == BCDProtectionRequirements.SPECIAL and
            bcd_request.protection_requirement_note is None):
@@ -133,7 +184,7 @@ def validate_bcd_request(bcd_request: BCDRequestModel) -> bool:
            detail='DHCP pools smaller than 2 devices are not offered.'
        )
    elif (bcd_request.dhcp and bcd_request.dhcp_pool and
-          bcd_request.dhcp_pool_size > 2**(32 - bcd_request.ipv4_subnet_size) - 5):
+          bcd_request.dhcp_pool_size > 2 ** (32 - bcd_request.ipv4_subnet_size) - 5):
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail='This subnet does not support this size of a DHCP pool.'