100 lines
3.1 KiB
Python
Executable File
100 lines
3.1 KiB
Python
Executable File
#!/bin/python3
|
|
import os
|
|
import sys
|
|
import logging
|
|
import requests
|
|
import json
|
|
import argparse
|
|
|
|
from lib import digest
|
|
from lib.diffie_hellman import *
|
|
from subject import main
|
|
|
|
logging.basicConfig(format='%(levelname)s\t- %(message)s')
|
|
logger = logging.getLogger()
|
|
logger.setLevel(logging.INFO)
|
|
|
|
state = main(sys.argv)
|
|
|
|
BASE_DIR = os.path.join(os.path.expanduser('~'), '.sio/')
|
|
|
|
#session file - document name - +/- - role - permission
|
|
def aclDoc(args):
|
|
parser = argparse.ArgumentParser()
|
|
|
|
parser.add_argument("-k", '--key', nargs=1, help="Path to the key file")
|
|
parser.add_argument("-r", '--repo', nargs=1, help="Address:Port of the repository")
|
|
parser.add_argument("-v", '--verbose', help="Increase verbosity", action="store_true")
|
|
|
|
parser.add_argument('session', nargs='?', default=None)
|
|
parser.add_argument('name', nargs='?',default=None)
|
|
parser.add_argument('change', nargs='?',default=None)
|
|
parser.add_argument('role', nargs='?',default=None)
|
|
parser.add_argument('permission', nargs='?',default=None)
|
|
|
|
args = parser.parse_args()
|
|
|
|
#Check number of arguments
|
|
if not args.session or not args.role or not args.permission or not args.change or not args.name:
|
|
logger.error("Need session file, document name, +/- , role and permission.")
|
|
sys.exit(1)
|
|
|
|
# Check for session file
|
|
if (not os.path.isfile(BASE_DIR + args.session)):
|
|
logger.error("File '" + args.session + "' not found.")
|
|
sys.exit(1)
|
|
|
|
# Get session file content
|
|
with open(BASE_DIR + args.session, 'r') as f:
|
|
args.session = json.load(f)
|
|
|
|
# Check permission
|
|
if args.permission not in ['DOC_ACL', 'DOC_READ', 'DOC_DELETE']:
|
|
logger.error("Permission is not valid.")
|
|
sys.exit(1)
|
|
|
|
# Check change operation
|
|
if args.change == '+':
|
|
change = 'add'
|
|
elif args.change == '-':
|
|
change = 'remove'
|
|
else:
|
|
logger.error("Invalid change operation (+ or -).")
|
|
sys.exit(1)
|
|
|
|
document_handle = digest.get_hash(bytes(args.name, encoding='utf-8'))
|
|
|
|
derived_key = bytes.fromhex(args.session['derived_key'])
|
|
payload = json.dumps({'role' : args.role, 'perm' : args.permission, 'operation' : change})
|
|
try:
|
|
payload = encrypt(payload, derived_key).hex()
|
|
except Exception:
|
|
logger.error("Failed to encrypt the content")
|
|
sys.exit(-1)
|
|
|
|
headers = {
|
|
'Authorization': args.session['token'],
|
|
'Content-Type': 'application/octet-stream'
|
|
}
|
|
|
|
try:
|
|
req = requests.post(f'http://{state['REP_ADDRESS']}/file/acl/{document_handle}',
|
|
data=payload,
|
|
headers=headers)
|
|
req.raise_for_status()
|
|
except requests.exceptions.HTTPError:
|
|
logger.error("%d: %s", req.status_code, req.json()['error'])
|
|
sys.exit(-1)
|
|
except requests.exceptions.RequestException as errex:
|
|
logger.error("Failed to obtain response from server.")
|
|
sys.exit(-1)
|
|
|
|
# Operation success
|
|
if req.status_code == 200:
|
|
logger.info("ACL changed succesfully.")
|
|
sys.exit(0)
|
|
logger.error("Failed to change ACL")
|
|
sys.exit(-1)
|
|
|
|
if __name__ == '__main__':
|
|
aclDoc(sys.argv[1:]) |