This repository has been archived by the owner on Apr 23, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 6
/
request.py
204 lines (172 loc) · 9.52 KB
/
request.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
import MySQLdb as mysql
import redis
from flask import g, render_template, request, session, url_for
from cortex import app
from cortex.lib.errors import fatalerr, logerr
from cortex.lib.user import (
does_user_have_any_puppet_permission,
does_user_have_permission,
does_user_have_puppet_permission,
does_user_have_system_permission,
does_user_have_workflow_permission)
################################################################################
@app.teardown_request
def teardown_request(_ex=None):
"""In order to fix some database locking issues with system name
allocation, seemingly caused by database transaction lingering around,
force the database to close at the end of the request."""
if hasattr(g, "db"):
g.db.close()
################################################################################
@app.before_request
def before_request():
"""This function is run before the request is handled by Flask. It is used
to connect to MySQL and Redis, and to tell old Internet Explorer versions
to go away.
"""
# Check for MSIE version <= 10.0
if (request.user_agent.browser == "msie" and int(round(float(request.user_agent.version))) <= 10):
return render_template('foad.html')
# Connect to redis
try:
g.redis = redis.StrictRedis(host=app.config['REDIS_HOST'], port=app.config['REDIS_PORT'], db=0, decode_responses=True)
g.redis.get('foo') # it doesnt matter that this key doesnt exist, its just to force a test call to redis.
except Exception:
logerr()
return fatalerr(message='Cortex could not connect to the REDIS server')
# Connect to database
try:
g.db = mysql.connect(host=app.config['MYSQL_HOST'], port=app.config['MYSQL_PORT'], user=app.config['MYSQL_USER'], passwd=app.config['MYSQL_PASS'], db=app.config['MYSQL_NAME'], charset="utf8")
except Exception:
logerr()
return fatalerr(message='Cortex could not connect to the MariaDB server')
# This would ideally go in app.py, but it can't as it depends on
# cortex.lib.user which it can't import due to a cyclic dependency
app.jinja_env.globals['does_user_have_permission'] = does_user_have_permission
app.jinja_env.globals['does_user_have_system_permission'] = does_user_have_system_permission
app.jinja_env.globals['does_user_have_puppet_permission'] = does_user_have_puppet_permission
# Continue processing the request
return None
################################################################################
@app.context_processor
def context_processor():
"""This function is called on every page load. It injects a 'workflows'
variable in to every render_template call, which is used to populate the
Workflows menu on the page. It also injects the list of menu items
and the items in the menus."""
# We return a dictionary with each key being a variable to set
# within the template.
injectdata = dict()
# Inject the workflows variable which is a list of loaded workflows. We
# filter this to just the ones the user is allowed to use.
injectdata['workflows'] = []
for func in app.wf_functions:
if func['menu']:
if does_user_have_workflow_permission(func['permission']):
injectdata['workflows'].append(func)
# Inject the menu items
# Favourites menu
favourites = []
if does_user_have_permission("systems.own.view") or does_user_have_permission("systems.all.view"):
favourites = [{'link': url_for('favourites'), 'title': 'All Favourites', 'icon': 'fa-star'}]
for fav_class in app.config['FAVOURITE_CLASSES']:
favourites.append({'link': url_for('favourites', system_type=fav_class), 'title': 'Favourited ' + fav_class + ' systems', 'icon': 'fa-star'})
# Set up the Systems menu, based on a single permission
systems = []
if does_user_have_permission("systems.own.view") or does_user_have_permission("systems.all.view"):
systems.append({'link': url_for('systems_list'), 'title': 'All systems', 'icon': 'fa-list'})
if does_user_have_permission("systems.all.view"):
systems.append({'link': url_for('systems_nocmdb'), 'title': 'Systems without a CMBD record', 'icon': 'fa-list'})
systems.append({'link': url_for('systems_expired'), 'title': 'Expired systems', 'icon': 'fa-list'})
# Set up the VMware menu, based on a single permission
vmware = []
if does_user_have_permission("vmware.view"):
vmware = [
{'link': url_for('vmware_os'), 'title': 'Operating systems', 'icon': 'fa-pie-chart'},
{'link': url_for('vmware_hwtools'), 'title': 'Hardware & tools', 'icon': 'fa-pie-chart'},
{'link': url_for('vmware_specs'), 'title': 'RAM & CPU', 'icon': 'fa-pie-chart'},
{'link': url_for('vmware_clusters'), 'title': 'Clusters', 'icon': 'fa-cubes'},
{'link': url_for('vmware_data'), 'title': 'VM data', 'icon': 'fa-th'},
{'link': url_for('vmware_data_unlinked'), 'title': 'Unlinked VMs', 'icon': 'fa-frown-o'},
{'link': url_for('vmware_history'), 'title': 'History', 'icon': 'fa-line-chart'}
]
# Set up the Puppet menu, based on permissions
puppet = []
if does_user_have_permission("puppet.dashboard.view"):
puppet.append({'link': url_for('puppet_dashboard'), 'title': 'Dashboard', 'icon': 'fa-dashboard'})
if does_user_have_permission("puppet.environments.all.view") or does_user_have_any_puppet_permission("view"):
puppet.append({'link': url_for('puppet_environments'), 'title': 'Environments', 'icon': 'fa-envira'})
if does_user_have_permission("puppet.nodes.view"):
puppet.append({'link': url_for('puppet_nodes'), 'title': 'Nodes', 'icon': 'fa-server'})
if does_user_have_permission("puppet.default_classes.view"):
puppet.append({'link': url_for('puppet_enc_default'), 'title': 'Default classes', 'icon': 'fa-globe'})
if does_user_have_permission("puppet.dashboard.view"):
puppet.append({'link': url_for('puppet_radiator'), 'title': 'Radiator view', 'icon': 'fa-desktop'})
if does_user_have_permission("puppet.documentation.view"):
puppet.append({'link': url_for('puppet_documentation'), 'title': 'Documentation', 'icon': 'fa-file-code-o'})
if does_user_have_permission("puppet.nodes.view"):
puppet.append({'link': '*puppet_search', 'title': 'Configuration search', 'icon': 'fa-search'})
# Set up the certificates menu, based on permissions
certificates = []
if does_user_have_permission("certificates.view"):
certificates.append({'link': url_for('certificates'), 'title': 'Certificates', 'icon': 'fa-certificate'})
if does_user_have_permission("certificates.stats"):
certificates.append({'link': url_for('certificate_statistics'), 'title': 'Statistics', 'icon': 'fa-pie-chart'})
if does_user_have_permission("certificates.add"):
certificates.append({'link': url_for('certificates_add'), 'title': 'Add Certificate', 'icon': 'fa-plus'})
# Set up the Tenable.io/Security Scanning, based on permissions
tenable = []
if does_user_have_permission("tenable.view"):
tenable.append({'link': url_for('tenable.tenable_assets'), 'title': 'Tenable.io Assets', 'icon': 'fa-cubes'})
if does_user_have_permission("tenable.view"):
tenable.append({'link': url_for('tenable.tenable_agents'), 'title': 'Tenable.io Agents', 'icon': 'fa-user-secret'})
# Set up the Admin menu, based on permissions
admin = []
if does_user_have_permission("classes.view"):
admin.append({'link': url_for('admin_classes'), 'title': 'Classes', 'icon': 'fa-table'})
if does_user_have_permission("tasks.view"):
admin.append({'link': url_for('admin_tasks'), 'title': 'Tasks', 'icon': 'fa-tasks'})
if does_user_have_permission("events.view"):
admin.append({'link': url_for('admin_events'), 'title': 'Events', 'icon': 'fa-list-alt'})
if does_user_have_permission("specs.view"):
admin.append({'link': url_for('admin_specs'), 'title': 'VM Specs', 'icon': 'fa-sliders'})
if does_user_have_permission(["maintenance.vmware", "maintenance.cmdb", "maintenance.expire_vm", "maintenance.sync_puppet_servicenow", "maintenance.cert_scan", "maintenance.lock_workflows", "maintenance.rubrik_policy_check", "maintenance.student_vm"]):
admin.append({'link': url_for('admin_maint'), 'title': 'Maintenance', 'icon': 'fa-gears'})
if does_user_have_permission("systems.allocate_name"):
admin.append({'link': url_for('systems_new'), 'title': 'Allocate system name', 'icon': 'fa-plus'})
if does_user_have_permission("systems.add_existing"):
admin.append({'link': url_for('systems_add_existing'), 'title': 'Add existing system', 'icon': 'fa-plus'})
# Sets up the permissions menu
perms = []
if does_user_have_permission("admin.permissions"):
perms.append({'link': url_for('perms_roles'), 'title': 'Permission Roles', 'icon': 'fa-user-secret'})
perms.append({'link': url_for('systems_withperms'), 'title': 'Systems with permissions', 'icon': 'fa-list'})
# Set injectdata default options.
injectdata['menu'] = {'systems': systems, 'favourites': favourites, 'vmware': vmware, 'puppet': puppet, 'certificates': certificates, 'tenable': tenable, 'admin': admin, 'perms': perms}
injectdata['classic_layout'] = False
injectdata['sidebar_expand'] = False
if 'username' in session:
# Determine the layout mode for the user
try:
if g.redis.get('user:' + session['username'] + ":preferences:interface:layout") == "classic":
injectdata['classic_layout'] = True
except Exception:
pass
# Determine theme for the user
try:
if g.redis.get('user:' + session['username'] + ":preferences:interface:theme") == "dark":
injectdata['theme'] = "dark"
except Exception:
pass
# Determine whether to expand sidebar.
try:
if g.redis.get('user:' + session['username'] + ':preferences:interface:sidebar') == 'expand':
injectdata['sidebar_expand'] = True
except Exception:
pass
# Add the banner message.
try:
injectdata['banner_message'] = app.config['BANNER_MESSAGE']
except KeyError:
pass
return injectdata