diff --git a/Orchestrator/Settings/SettingsOrchestratorExample.py b/Orchestrator/Settings/SettingsOrchestratorExample.py index f023aebc..97552b72 100644 --- a/Orchestrator/Settings/SettingsOrchestratorExample.py +++ b/Orchestrator/Settings/SettingsOrchestratorExample.py @@ -101,8 +101,19 @@ def Settings(): # "FlagAccess": True # } # ], - # "ControlPanelKeyAllowedList":[] # If empty - all is allowed - #} + # "ControlPanelKeyAllowedList":[], # If empty - all is allowed + # "RoleHierarchyAllowedDict": { + # "Orchestrator":{ + # "Controls": { + # "RestartOrchestrator": {}, # Feature to restart orchestrator on virtual machine + # "LookMachineScreenshots": {} # Feature to look machina screenshots + # }, + # "RDPActive": { # Robot RDP active module + # "ListRead": {} # Access to read RDP session list + # } + # } + # } + # } }, "RuleMethodMatchURLBeforeList": [ #General MethodMatchURL list (no domain/user) # { diff --git a/Orchestrator/Template_Settings_AccessUser.py b/Orchestrator/Template_Settings_AccessUser.py index 1b7febbd..62644543 100644 --- a/Orchestrator/Template_Settings_AccessUser.py +++ b/Orchestrator/Template_Settings_AccessUser.py @@ -1,3 +1,19 @@ +# Role model - if len of keys in dict is 0 - all access. If at least len is 1 - only this access +# "Orchestrator":{ +# "Controls": { +# "RestartOrchestrator": {}, # Feature to restart orchestrator on virtual machine +# "LookMachineScreenshots": {} # Feature to look machina screenshots +# }, +# "RDPActive": { # Robot RDP active module +# "ListRead": {} # Access to read RDP session list +# } +# } +# } +# USAGE in .py +# inRequest. +# inRequest.OpenRPA["DefUserRoleAccessAsk"](["Orchestrator","RDPActive","Controls"]) - return True or False +# inRequest.OpenRPA["DefUserRoleHierarchyGet"]() - Return dict of the role hierarchy or {} + # Init Section gUserNameStr = "Login" # User name without domain name gDomainNameStr = "" # DOMAIN or EMPTY str if no domain diff --git a/Sources/pyOpenRPA/Orchestrator/Server.py b/Sources/pyOpenRPA/Orchestrator/Server.py index be70002d..08d6b2cc 100644 --- a/Sources/pyOpenRPA/Orchestrator/Server.py +++ b/Sources/pyOpenRPA/Orchestrator/Server.py @@ -22,6 +22,8 @@ from http import cookies global gSettingsDict from . import ServerSettings import copy + + #Authenticate function () # return dict # { @@ -33,10 +35,6 @@ def AuthenticateVerify(inRequest): ###################################### #Way 1 - try to find AuthToken lCookies = cookies.SimpleCookie(inRequest.headers.get("Cookie", "")) - inRequest.OpenRPA = {} - inRequest.OpenRPA["AuthToken"] = None - inRequest.OpenRPA["Domain"] = None - inRequest.OpenRPA["User"] = None #pdb.set_trace() if "AuthToken" in lCookies: lCookieAuthToken = lCookies.get("AuthToken", "").value @@ -193,6 +191,34 @@ def UserAccessCheckBefore(inMethod, inRequest): return lResult # HTTPRequestHandler class class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): + # Def to check User Role access grants + def UserRoleAccessAsk(self, inRoleKeyList): + lResult = True # Init flag + lRoleHierarchyDict = self.UserRoleHierarchyGet() # get the Hierarchy + # Try to get value from key list + lKeyValue = lRoleHierarchyDict # Init the base + for lItem in inRoleKeyList: + if type(lKeyValue) is dict: + if lItem in lKeyValue: # Has key + lKeyValue = lKeyValue[lItem] # Get the value and go to the next loop iteration + else: # Else branch - true or false + if len(lKeyValue)>0: # False - if Dict has some elements + lResult = False # Set the False Flag + else: + lResult = True # Set the True flag + break # Stop the loop + else: # Has element with no detalization - return True + lResult = True # Set the flag + break # Close the loop + return lResult # Return the result + + # Def to get hierarchy of the current user roles + # if return {} - all is available + def UserRoleHierarchyGet(self): + lDomainUpperStr = self.OpenRPA["Domain"].upper() + lUserUpperStr = self.OpenRPA["User"].upper() + return gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("RuleDomainUserDict", {}).get((lDomainUpperStr, lUserUpperStr), {}).get("RoleHierarchyAllowedDict", {}) + #Tech def #return {"headers":[],"body":"","statuscode":111} def URLItemCheckDo(self, inURLItem, inMethod): @@ -287,6 +313,12 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): # Write content as utf-8 data self.wfile.write(inResponseDict["Body"]) def do_GET(self): + self.OpenRPA = {} + self.OpenRPA["AuthToken"] = None + self.OpenRPA["Domain"] = None + self.OpenRPA["User"] = None + self.OpenRPA["DefUserRoleAccessAsk"]=self.UserRoleAccessAsk # Alias for def + self.OpenRPA["DefUserRoleHierarchyGet"]=self.UserRoleHierarchyGet # Alias for def # Prepare result dict lResponseDict = {"Headers": {}, "SetCookies": {}, "Body": b"", "StatusCode": None} self.OpenRPAResponseDict = lResponseDict @@ -350,6 +382,13 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): self.end_headers() # POST def do_POST(self): + lL = gSettingsDict["Logger"] + self.OpenRPA = {} + self.OpenRPA["AuthToken"] = None + self.OpenRPA["Domain"] = None + self.OpenRPA["User"] = None + self.OpenRPA["DefUserRoleAccessAsk"]=self.UserRoleAccessAsk # Alias for def + self.OpenRPA["DefUserRoleHierarchyGet"]=self.UserRoleHierarchyGet # Alias for def # Prepare result dict #pdb.set_trace() lResponseDict = {"Headers": {}, "SetCookies":{}, "Body": b"", "StatusCode": None} @@ -360,8 +399,14 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): ##################################### lFlagAccessUserBlock=False lAuthenticateDict = {"Domain": "", "User": ""} + lIsSuperToken = False # Is supertoken if gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("FlagCredentialsAsk", False): lAuthenticateDict = AuthenticateVerify(self) + # Get Flag is supertoken (True|False) + lDomainUpperStr = self.OpenRPA["Domain"].upper() + lUserUpperStr = self.OpenRPA["User"].upper() + lIsSuperToken = gSettingsDict.get("Server", {}).get("AccessUsers", {}).get("AuthTokensDict", {}).get( + (lDomainUpperStr, lUserUpperStr), {}).get("FlagDoNotExpire", False) if not lAuthenticateDict["User"]: lFlagAccessUserBlock=True if lFlagAccessUserBlock: @@ -401,6 +446,9 @@ class testHTTPServer_RequestHandler(BaseHTTPRequestHandler): # Send headers self.send_header('Content-type','application/json') self.end_headers() + # Logging info about processor activity if not SuperToken () + if not lIsSuperToken: + if lL: lL.info(f"Server:: User activity from web. Domain: {self.OpenRPA['Domain']}, Username: {self.OpenRPA['User']}, Activity: {lInputObject}") # Send message back to client message = json.dumps(Processor.ActivityListOrDict(lInputObject)) # Write content as utf-8 data diff --git a/Sources/pyOpenRPA/Orchestrator/ServerSettings.py b/Sources/pyOpenRPA/Orchestrator/ServerSettings.py index e30e1c30..464f7eaa 100644 --- a/Sources/pyOpenRPA/Orchestrator/ServerSettings.py +++ b/Sources/pyOpenRPA/Orchestrator/ServerSettings.py @@ -47,6 +47,16 @@ def Monitor_ControlPanelDictGet(inRequest,inGlobalDict): # Write content as utf-8 data inResponseDict["Body"] = bytes(message, "utf8") +# UserAccess get rights hierarchy dict in json +def UserRoleHierarchyGet(inRequest,inGlobalDict): + inResponseDict = inRequest.OpenRPAResponseDict + # Create result JSON + lResultDict = inRequest.OpenRPA["DefUserRoleHierarchyGet"]() # Get the User Role Hierarchy list + # Send message back to client + message = json.dumps(lResultDict) + # Write content as utf-8 data + inResponseDict["Body"] = bytes(message, "utf8") + def GetScreenshot(inRequest,inGlobalDict): # Get Screenshot def SaveScreenshot(inFilePath): @@ -90,7 +100,8 @@ def SettingsUpdate(inGlobalConfiguration): {"Method":"GET", "URL": "/3rdParty/Handlebars/handlebars-v4.1.2.js", "MatchType": "EqualCase", "ResponseFilePath": os.path.join(lOrchestratorFolder, "..\\Resources\\Web\\Handlebars\\handlebars-v4.1.2.js"), "ResponseContentType": "application/javascript"}, {"Method": "GET", "URL": "/Monitor/ControlPanelDictGet", "MatchType": "Equal", "ResponseDefRequestGlobal": Monitor_ControlPanelDictGet, "ResponseContentType": "application/json"}, {"Method": "GET", "URL": "/GetScreenshot", "MatchType": "BeginWith", "ResponseDefRequestGlobal": GetScreenshot, "ResponseContentType": "image/png"}, - {"Method": "GET", "URL": "/Orchestrator/RobotRDPActive/ControlPanelDictGet", "MatchType": "Equal","ResponseDefRequestGlobal": RobotRDPActive_ControlPanelDictGet, "ResponseContentType": "application/json"} + {"Method": "GET", "URL": "/Orchestrator/RobotRDPActive/ControlPanelDictGet", "MatchType": "Equal","ResponseDefRequestGlobal": RobotRDPActive_ControlPanelDictGet, "ResponseContentType": "application/json"}, + {"Method": "POST", "URL": "/Orchestrator/UserRoleHierarchyGet", "MatchType": "Equal","ResponseDefRequestGlobal": UserRoleHierarchyGet, "ResponseContentType": "application/json"} ] inGlobalConfiguration["Server"]["URLList"]=inGlobalConfiguration["Server"]["URLList"]+lURLList return inGlobalConfiguration \ No newline at end of file diff --git a/Sources/pyOpenRPA/Orchestrator/Web/Index.xhtml b/Sources/pyOpenRPA/Orchestrator/Web/Index.xhtml index e64da833..48292227 100644 --- a/Sources/pyOpenRPA/Orchestrator/Web/Index.xhtml +++ b/Sources/pyOpenRPA/Orchestrator/Web/Index.xhtml @@ -388,37 +388,6 @@ dataType: "text" }); } - - /////////////////////////////// - ///Scheduler functions - /////////////////////////////// - - mGlobal.Scheduler = {} - mGlobal.Scheduler.ActivityTimeListShow = function() { - lData = [ - { - "Type":"GlobalDictKeyListValueGet", - "KeyList":["Scheduler","ActivityTimeList"] - } - ] - $.ajax({ - type: "POST", - url: 'Utils/Processor', - data: JSON.stringify(lData), - success: - function(lData,l2,l3) - { - var lResponseJSON=JSON.parse(lData) - lResponseJSON[0]["Result"].forEach(function(lItem){lItem["processPathName"]=("processPath" in lItem ? lItem["processPath"] : lItem["processName"])}) - ///Отправить запрос на формирование таблицы - lHTMLCode=mGlobal.GeneralGenerateHTMLCodeHandlebars(".openrpa-hidden-info-table-planloglist",lResponseJSON[0]); - ///Установить HTML код - $('.ui.modal.basic .content').html(lHTMLCode); - $('.ui.modal.basic').modal('show'); - }, - dataType: "text" - }); - } /////////////////////////////// ///Processor functions /////////////////////////////// @@ -507,32 +476,6 @@ dataType: "text" }); } - mGlobal.Processor.LogListShow = function() { - lData = [ - { - "Type":"GlobalDictKeyListValueGet", - "KeyList":["Processor","LogList"] - } - ] - ///Обнулить таблицу - $('.ui.modal.basic .content').html(""); - $.ajax({ - type: "POST", - url: 'Utils/Processor', - data: JSON.stringify(lData), - success: - function(lData,l2,l3) - { - var lResponseJSON=JSON.parse(lData) - ///Отправить запрос на формирование таблицы - lHTMLCode=mGlobal.GeneralGenerateHTMLCodeHandlebars(".openrpa-hidden-info-table-activitylogschedulelist",lResponseJSON["actionListResult"][0]) - ///Установить HTML код - $('.ui.modal.basic .content').html(lHTMLCode); - $('.ui.modal.basic').modal('show'); - }, - dataType: "text" - }); - } mGlobal.Server= {} mGlobal.Server.JSONGet=function(inMethod, inURL, inDataJSON, inCallback) { @@ -661,6 +604,37 @@ ///Установить HTML код lElementParentElement.insertAdjacentHTML("beforeend",lHTMLCode); } + // Check user roles and update the Orchestrator UI + mGlobal.UserRoleUpdate=function() { + $.ajax({ + type: "POST", + url: 'Orchestrator/UserRoleHierarchyGet', + data: "", + success: + function(lData,l2,l3) + { + var lResponseDict=JSON.parse(lData) + //Turn on the Lookmachine screenshot button + var lDict = ((lResponseDict["Orchestrator"] || {})["Controls"] || {}) // Get the Controls dict + if ("LookMachineScreenshots" in lDict || Object.keys(lDict).length == 0) { + $(".openrpa-control-lookmachinescreenshot").show() //Show button + } + //Turn on the restart orchestrator button + var lDict = ((lResponseDict["Orchestrator"] || {})["Controls"] || {}) // Get the Controls dict + if ("RestartOrchestrator" in lDict || Object.keys(lDict).length == 0) { + $(".openrpa-control-restartorchestrator").show() //Show button + } + //Turn on the rdp session list + var lDict = ((lResponseDict["Orchestrator"] || {})["RDPActive"] || {}) // Get the Controls dict + if ("ListRead" in lDict || Object.keys(lDict).length == 0) { + $(".openrpa-rdpactive-title").show() //Show section + $(".openrpa-robotrdpactive-control-panel-general").show() //Show section + } + }, + dataType: "text" + }); + } + mGlobal.UserRoleUpdate() // Cal the update User Roles function }) ; @@ -781,75 +755,20 @@

...

-

Robot RDP active list

+
- - - -