- Orc RoleHierarchy - support RDP, Support Agent + buttons

Tested!
dev-linux
Ivan Maslov 4 years ago
parent 2e73292fc6
commit 4c31b27bf6

@ -39,9 +39,12 @@ if __name__ == "__main__": # New init way - allow run as module -m PyOpenRPA.Orc
# del lUACClientDict["pyOpenRPADict"]["RDPKeyDict"] # del lUACClientDict["pyOpenRPADict"]["RDPKeyDict"]
# del lUACClientDict["pyOpenRPADict"]["AgentKeyDict"] # del lUACClientDict["pyOpenRPADict"]["AgentKeyDict"]
# del lUACClientDict["pyOpenRPADict"]["CPKeyDict"] # del lUACClientDict["pyOpenRPADict"]["CPKeyDict"]
Orchestrator.OrchestratorUACUpdate(inGSettings=gSettings, inADLoginStr="ND", inADStr="", inADIsDefaultBool=True, inURLList=[], inCPAllowKeyList=[], inRoleHierarchyAllowedDict=lUACClientDict) #lUACClientDict["pyOpenRPADict"]["CPKeyDict"]["VersionCheck"]=True
#lUACClientDict["pyOpenRPADict"]["CPKeyDict"]["TEST"]=True
lUACClientDict["pyOpenRPADict"]["AgentKeyDict"]["DESKTOP----;ND"]=True
Orchestrator.OrchestratorUACUpdate(inGSettings=gSettings, inADLoginStr="ND", inADStr="", inADIsDefaultBool=True, inURLList=[], inRoleHierarchyAllowedDict=lUACClientDict)
# TEST Add User IMaslov - Add Login IMaslov to superuser of the Orchestrator # TEST Add User IMaslov - Add Login IMaslov to superuser of the Orchestrator
Orchestrator.OrchestratorUACUpdate(inGSettings=gSettings, inADLoginStr="IMaslov", inADStr="", inADIsDefaultBool=True, inURLList=[], inCPAllowKeyList=[]) Orchestrator.OrchestratorUACUpdate(inGSettings=gSettings, inADLoginStr="IMaslov", inADStr="", inADIsDefaultBool=True, inURLList=[])
# TEST Add Supertoken for the all access between robots # TEST Add Supertoken for the all access between robots
Orchestrator.OrchestratorUACSuperTokenUpdate(inGSettings=gSettings, inSuperTokenStr="1992-04-03-0643-ru-b4ff-openrpa52zzz") Orchestrator.OrchestratorUACSuperTokenUpdate(inGSettings=gSettings, inSuperTokenStr="1992-04-03-0643-ru-b4ff-openrpa52zzz")

@ -1,20 +1,87 @@
import subprocess def subprocess():
lCMD = "for /l %x in (1, 1, 5) do echo %x && ping 127.0.0.1 -n 2" import subprocess
lCMD = "git status" lCMD = "for /l %x in (1, 1, 5) do echo %x && ping 127.0.0.1 -n 2"
proc = subprocess.Popen(f'cmd /c {lCMD}', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) lCMD = "git status"
# proc = subprocess.Popen('notepad', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) proc = subprocess.Popen(f'cmd /c {lCMD}', stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
#proc = subprocess.Popen('cmd /c git status', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) # proc = subprocess.Popen('notepad', stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
#proc = subprocess.run(f'cmd /c {lCMD}', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) #proc = subprocess.Popen('cmd /c git status', stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
print(123) #proc = subprocess.run(f'cmd /c {lCMD}', stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
#import pdb print(123)
#pdb.set_trace() #import pdb
#tmp = proc.stdout.read() #pdb.set_trace()
lListenBool = True #tmp = proc.stdout.read()
while lListenBool: lListenBool = True
while lListenBool:
tmp = proc.stdout.readline() tmp = proc.stdout.readline()
if tmp == b"": if tmp == b"":
lListenBool = False lListenBool = False
#tmp = proc.stdout #tmp = proc.stdout
#print(tmp) #print(tmp)
print(tmp.decode("cp866")) print(tmp.decode("cp866"))
print("Happy end") print("Happy end")
def merge(a, b, path=None):
"merges b into a"
if path is None: path = []
for key in b:
if key in a:
if isinstance(a[key], dict) and isinstance(b[key], dict):
merge(a[key], b[key], path + [str(key)])
elif a[key] == b[key]:
pass # same leaf value
else:
raise Exception('Conflict at %s' % '.'.join(path + [str(key)]))
else:
a[key] = b[key]
return a
# works
#print(merge({1:{"a":"A"},2:{"b":"B"}}, {2:{"c":"C"},3:{"d":"D"}}))
# has conflict
#merge({1:{"a":"A"},2:{"b":"B"}}, {1:{"a":"A"},2:{"u":"C"}})
lUACClientDictOld = {
"pyOpenRPADict": {
"CPKeyDict": { # Empty dict - all access
"yy":1,
"Test":12
# "CPKeyStr"{
# }
},
"RDPKeyDict": { # Empty dict - all access
# "RDPKeyStr"{
# "FullscreenBool": True,
# "IgnoreBool":True,
# "ReconnectBool": True
# "NothingBool": True # USe option if you dont want to give some access to the RDP controls
# }
},
"AgentKeyDict": { # Empty dict - all access
# "AgentKeyStr"{
# }
},
"AdminDict": { # Empty dict - all access
"LogViewerBool": True, # Show log viewer on the web page
"CMDInputBool": True, # Execute CMD on the server side and result to the logs
"ScreenshotViewerBool": True, # Show button to look screenshots
"RestartOrchestratorBool": True, # Restart orchestrator activity
"RestartOrchestratorGITPullBool": True, # Turn off (RDP remember) orc + git pull + Turn on (rdp remember)
"RestartPCBool": True, # Send CMD to restart pc
"NothingBool": True # USe option if you dont want to give some access to the RDP controls
},
"ActivityDict": { # Empty dict - all access
"ActivityListExecuteBool": True, # Execute activity at the current thread
"ActivityListAppendProcessorQueueBool": True # Append activity to the processor queue
}
}
}
lUACClientDictNew = {
"pyOpenRPADict": {
"CPKeyDict": { # Empty dict - all access
"Test":True
}
}
}
print(merge(lUACClientDictOld, lUACClientDictNew))

@ -1,7 +1,7 @@
# Def to check inGSettings and update structure to the backward compatibility # Def to check inGSettings and update structure to the backward compatibility
# !!! ATTENTION: Backward compatibility has been started from v1.1.13 !!! # !!! ATTENTION: Backward compatibility has been started from v1.1.13 !!!
# So you can use config of the orchestrator 1.1.13 in new Orchestrator versions and all will be ok :) (hope it's true) # So you can use config of the orchestrator 1.1.13 in new Orchestrator versions and all will be ok :) (hope it's true)
import win32security, json, datetime, time import win32security, json, datetime, time, copy
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# Backward compatibility Web defs up to v1.2.0 # Backward compatibility Web defs up to v1.2.0
@ -361,3 +361,26 @@ def Update(inGSettings):
inGSettings["AgentDict"]= {} inGSettings["AgentDict"]= {}
if lL: lL.warning( if lL: lL.warning(
f"Backward compatibility (v1.1.20 to v1.2.0): Create new attribute 'AgentDict'") # Log about compatibility f"Backward compatibility (v1.1.20 to v1.2.0): Create new attribute 'AgentDict'") # Log about compatibility
# Alg to convert UAC ControlPanelAllawedList to UACClient hierarchy
# if inGSettings["Server"]["AccessUsers"]["FlagCredentialsAsk"] is True:
# lUserRights = inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"][(inRequest.OpenRPA["Domain"].upper(), inRequest.OpenRPA["User"].upper())]
# if len(lUserRights["ControlPanelKeyAllowedList"]) > 0 and lItem["KeyStr"] not in lUserRights["ControlPanelKeyAllowedList"]:
# lUACBool = False # UAC Check is not passed - False for user
lShowWarnBool = False
# # Convert to UACClient dict
lRuleDomainUserDeepCopyDict = copy.deepcopy(inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"])
for lItemKeyTurple in lRuleDomainUserDeepCopyDict:
lDomainUpperStr = lItemKeyTurple[0]
lUserUpperStr = lItemKeyTurple[1]
lItemDict = lRuleDomainUserDeepCopyDict[lItemKeyTurple]
if "ControlPanelKeyAllowedList" in lItemDict:
lShowWarnBool = True
lUACClientDict = {"pyOpenRPADict":{"CPKeyDict":{}}}
for lAllowedKeyItemStr in lItemDict["ControlPanelKeyAllowedList"]:
lUACClientDict["pyOpenRPADict"]["CPKeyDict"][lAllowedKeyItemStr]=True # Convert
# Send update UACDict for user by the list
Orchestrator.OrchestratorUACUpdate(inGSettings=inGSettings,inADLoginStr=lUserUpperStr, inADStr=lDomainUpperStr, inRoleHierarchyAllowedDict=lUACClientDict)
# remove "ControlPanelKeyAllowedList"
del inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"][lItemKeyTurple]["ControlPanelKeyAllowedList"]
if lShowWarnBool: # Show only 1 warning per all run
if lL: lL.warning(f"Backward compatibility (v1.1.20 to v1.2.0): Convert CP allowed list to UAC Client hierarchy (consolidated)") # Log about compatibility

@ -163,8 +163,8 @@ def OrchestratorSessionSave(inGSettings=None): ## Orchestrator session save
return True return True
# Update user access # Update user access
def OrchestratorUACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inCPAllowKeyList=[], inRoleHierarchyAllowedDict={}): def OrchestratorUACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBool=True, inURLList=[], inCPAllowKeyList=[], inRoleHierarchyAllowedDict={}):
# Backward compatibility lUserTurple = (inADStr.upper(),inADLoginStr.upper()) # Create turple key for inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"]
if inURLList==[]: if inURLList==[] and lUserTurple not in inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"]: # Backward compatibility if user is not exist
inURLList=[ inURLList=[
{ {
"Method": "GET", "Method": "GET",
@ -181,10 +181,14 @@ def OrchestratorUACUpdate(inGSettings, inADLoginStr, inADStr="", inADIsDefaultBo
"FlagAccess": True "FlagAccess": True
} }
] ]
# Check RoleHierarchyAllowedDict in gSettings for the old role hierarchy - include in result.
if lUserTurple in inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"] and "RoleHierarchyAllowedDict" in inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]:
lRoleHierarchyAllowedOLDDict = inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"][lUserTurple]["RoleHierarchyAllowedDict"]
Server.__ComplexDictMerge2to1__(in1Dict=inRoleHierarchyAllowedDict, in2Dict=lRoleHierarchyAllowedOLDDict) # Merge dict 2 into dict 1
# Create Access item # Create Access item
lRuleDomainUserDict = { lRuleDomainUserDict = {
"MethodMatchURLBeforeList": inURLList, "MethodMatchURLBeforeList": inURLList,
"ControlPanelKeyAllowedList": inCPAllowKeyList, #["TestControlPanel", "RobotRDPActive","RobotScreenActive", "ControlPanel_Template"] # If empty - all is allowed
"RoleHierarchyAllowedDict": inRoleHierarchyAllowedDict "RoleHierarchyAllowedDict": inRoleHierarchyAllowedDict
} }
# Case add domain + user # Case add domain + user

@ -26,6 +26,22 @@ from . import ServerSettings
import copy import copy
# Tool to merge complex dictionaries
def __ComplexDictMerge2to1__(in1Dict, in2Dict):
lPathList=None
if lPathList is None: lPathList = []
for lKeyStr in in2Dict:
if lKeyStr in in1Dict:
if isinstance(in1Dict[lKeyStr], dict) and isinstance(in2Dict[lKeyStr], dict):
__ComplexDictMerge2to1__(in1Dict[lKeyStr], in2Dict[lKeyStr], lPathList + [str(lKeyStr)])
elif in1Dict[lKeyStr] == in2Dict[lKeyStr]:
pass # same leaf value
else:
raise Exception('Conflict at %s' % '.'.join(lPathList + [str(lKeyStr)]))
else:
in1Dict[lKeyStr] = in2Dict[lKeyStr]
return in1Dict
#Authenticate function () #Authenticate function ()
# return dict # return dict
# { # {
@ -194,6 +210,8 @@ def UserAccessCheckBefore(inMethod, inRequest):
# HTTPRequestHandler class # HTTPRequestHandler class
class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): class testHTTPServer_RequestHandler(BaseHTTPRequestHandler):
# Def to check User Role access grants # Def to check User Role access grants
def UACClientCheck(self, inRoleKeyList): # Alias
return self.UserRoleAccessAsk(inRoleKeyList=inRoleKeyList)
def UserRoleAccessAsk(self, inRoleKeyList): def UserRoleAccessAsk(self, inRoleKeyList):
lResult = True # Init flag lResult = True # Init flag
lRoleHierarchyDict = self.UserRoleHierarchyGet() # get the Hierarchy lRoleHierarchyDict = self.UserRoleHierarchyGet() # get the Hierarchy

@ -20,16 +20,19 @@ from . import SettingsTemplate
# Generate CP # Generate CP
# Return {"Key":{"",""}} # Return {"Key":{"",""}}
def HiddenCPDictGenerate(inRequest, inGSettings): def HiddenCPDictGenerate(inRequest, inGSettings):
dUAC = inRequest.UACClientCheck # Alias.
lUACCPTemplateKeyList=["pyOpenRPADict","CPKeyDict"]
lL = inGSettings["Logger"] # Alias for logger lL = inGSettings["Logger"] # Alias for logger
# Create result JSON # Create result JSON
lCPDict = {} lCPDict = {}
lRenderFunctionsRobotList = inGSettings["ControlPanelDict"]["RobotList"] lRenderFunctionsRobotList = inGSettings["ControlPanelDict"]["RobotList"]
for lItem in lRenderFunctionsRobotList: for lItem in lRenderFunctionsRobotList:
lUACBool = True # Check if render function is applicable User Access Rights (UAC) lUACBool = dUAC(inRoleKeyList=lUACCPTemplateKeyList+[lItem["KeyStr"]]) # Check if render function is applicable User Access Rights (UAC)
if inGSettings["Server"]["AccessUsers"]["FlagCredentialsAsk"] is True: if lItem["KeyStr"]=="VersionCheck": lUACBool=True # For backward compatibility for the old fron version which not reload page when new orch version is comming
lUserRights = inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"][(inRequest.OpenRPA["Domain"].upper(), inRequest.OpenRPA["User"].upper())] #if inGSettings["Server"]["AccessUsers"]["FlagCredentialsAsk"] is True:
if len(lUserRights["ControlPanelKeyAllowedList"]) > 0 and lItem["KeyStr"] not in lUserRights["ControlPanelKeyAllowedList"]: # lUserRights = inGSettings["Server"]["AccessUsers"]["RuleDomainUserDict"][(inRequest.OpenRPA["Domain"].upper(), inRequest.OpenRPA["User"].upper())]
lUACBool = False # UAC Check is not passed - False for user # if len(lUserRights["ControlPanelKeyAllowedList"]) > 0 and lItem["KeyStr"] not in lUserRights["ControlPanelKeyAllowedList"]:
# lUACBool = False # UAC Check is not passed - False for user
if lUACBool: # Run function if UAC is TRUE if lUACBool: # Run function if UAC is TRUE
# Выполнить вызов и записать результат # Выполнить вызов и записать результат
# Call def (inRequest, inGSettings) or def (inGSettings) # Call def (inRequest, inGSettings) or def (inGSettings)
@ -57,9 +60,13 @@ def HiddenCPDictGenerate(inRequest, inGSettings):
# Return {"Key":{"",""}} # Return {"Key":{"",""}}
def HiddenRDPDictGenerate(inRequest, inGSettings): def HiddenRDPDictGenerate(inRequest, inGSettings):
dUAC = inRequest.UACClientCheck # Alias.
lUACRDPTemplateKeyList=["pyOpenRPADict","RDPKeyDict"]
lRDPDict = {"HandlebarsList":[]} lRDPDict = {"HandlebarsList":[]}
# Iterate throught the RDP list # Iterate throught the RDP list
for lRDPSessionKeyStrItem in inGSettings["RobotRDPActive"]["RDPList"]: for lRDPSessionKeyStrItem in inGSettings["RobotRDPActive"]["RDPList"]:
# Check UAC
if dUAC(inRoleKeyList=lUACRDPTemplateKeyList+[lRDPSessionKeyStrItem]):
lRDPConfiguration = inGSettings["RobotRDPActive"]["RDPList"][ lRDPConfiguration = inGSettings["RobotRDPActive"]["RDPList"][
lRDPSessionKeyStrItem] # Get the configuration dict lRDPSessionKeyStrItem] # Get the configuration dict
lDataItemDict = {"SessionKeyStr": "", "SessionHexStr": "", "IsFullScreenBool": False, lDataItemDict = {"SessionKeyStr": "", "SessionHexStr": "", "IsFullScreenBool": False,
@ -77,10 +84,14 @@ def HiddenRDPDictGenerate(inRequest, inGSettings):
# Return {"HostNameUpperStr;UserUpperStr":{"IsListenBool":True}, "HandlebarsList":[{"HostnameUpperStr":"","UserUpperStr":"","IsListenBool":True}]} # Return {"HostNameUpperStr;UserUpperStr":{"IsListenBool":True}, "HandlebarsList":[{"HostnameUpperStr":"","UserUpperStr":"","IsListenBool":True}]}
def HiddenAgentDictGenerate(inRequest, inGSettings): def HiddenAgentDictGenerate(inRequest, inGSettings):
dUAC = inRequest.UACClientCheck # Alias.
lUACAgentTemplateKeyList=["pyOpenRPADict","AgentKeyDict"]
lAgentDict = {"HandlebarsList":[]} lAgentDict = {"HandlebarsList":[]}
# Iterate throught the RDP list # Iterate throught the RDP list
for lAgentItemKeyStrItem in inGSettings["AgentDict"]: for lAgentItemKeyStrItem in inGSettings["AgentDict"]:
# Check UAC
lKeyStr = f"{lAgentItemKeyStrItem[0]};{lAgentItemKeyStrItem[1]}" # turple ("HostNameUpperStr","UserUpperStr") > Str "HostNameUpperStr;UserUpperStr" lKeyStr = f"{lAgentItemKeyStrItem[0]};{lAgentItemKeyStrItem[1]}" # turple ("HostNameUpperStr","UserUpperStr") > Str "HostNameUpperStr;UserUpperStr"
if dUAC(inRoleKeyList=lUACAgentTemplateKeyList+[lKeyStr]):
lDataItemDict = inGSettings["AgentDict"][lAgentItemKeyStrItem] lDataItemDict = inGSettings["AgentDict"][lAgentItemKeyStrItem]
lAgentDict[lKeyStr]=lDataItemDict lAgentDict[lKeyStr]=lDataItemDict
lHandlebarsDataItemDict = copy.deepcopy(lDataItemDict) lHandlebarsDataItemDict = copy.deepcopy(lDataItemDict)

@ -71,6 +71,7 @@
- - def AgentOSFileTextDataStrCreate(inGSettings, inHostNameStr, inUserStr, inFilePathStr, inFileDataStr, inEncodingStr = "utf-8"): # Send text file to Agent (string) - - def AgentOSFileTextDataStrCreate(inGSettings, inHostNameStr, inUserStr, inFilePathStr, inFileDataStr, inEncodingStr = "utf-8"): # Send text file to Agent (string)
- Orc WEB: Create mGlobal.pyOpenRPA.ActivityListExecute({}) to test some activities from the front - Orc WEB: Create mGlobal.pyOpenRPA.ActivityListExecute({}) to test some activities from the front
- Orc - add log about send activity to agent - Orc - add log about send activity to agent
- Orc RoleHierarchy - support RDP, Support Agent + buttons
[1.1.0] [1.1.0]
After 2 month test prefinal with new improovements (+RobotRDPActive in Orchestrator + Easy ControlPanelTemplate) After 2 month test prefinal with new improovements (+RobotRDPActive in Orchestrator + Easy ControlPanelTemplate)
Beta before 1.1.0 (new way of OpenRPA with improvements. Sorry, but no backward compatibility)/ Backward compatibility will start from 1.0.1 Beta before 1.1.0 (new way of OpenRPA with improvements. Sorry, but no backward compatibility)/ Backward compatibility will start from 1.0.1

Loading…
Cancel
Save