diff --git a/app/controllers/api/v1/admin/clients_controller.rb b/app/controllers/api/v1/admin/clients_controller.rb new file mode 100644 index 0000000..7afc833 --- /dev/null +++ b/app/controllers/api/v1/admin/clients_controller.rb @@ -0,0 +1,25 @@ +class Api::V1::Admin::ClientsController < Api::BaseController + before_action :require_api_admin_login + + # GET /api/admin/clients/unverified + def unverified + hosts = Host.unverified + + admin_api_render(hosts) + end + + private + + def require_api_admin_login + if !current_api_user || !current_api_user.admin? + head :forbidden + end + end + + # Wrapper method to simplify object rendering for api + def admin_api_render(object) + render json: object.to_json(for_admin_api: true) + end +end + + diff --git a/app/models/host.rb b/app/models/host.rb index bf953a8..bad03bc 100644 --- a/app/models/host.rb +++ b/app/models/host.rb @@ -1,412 +1,425 @@ # The bacula database must be independent from all of our application logic. # For this reason we have Host which is the application equivalent of a Bacula Client. # # A host is being created from our application. When it receives all the configuration # which is required it gets dispatched to bacula through some configuration files. After # that, a client with the exact same config is generated by bacula. class Host < ActiveRecord::Base establish_connection ARCHIVING_CONF include Configuration::Host STATUSES = { pending: 0, configured: 1, dispatched: 2, deployed: 3, updated: 4, redispatched: 5, for_removal: 6, inactive: 7, blocked: 8 } # The default file daemon port DEFAULT_PORT = 9102 enum origin: { institutional: 0, vima: 1, okeanos: 2 } serialize :email_recipients, JSON has_many :ownerships has_many :users, through: :ownerships, inverse_of: :hosts has_many :invitations belongs_to :client, class_name: :Client, foreign_key: :name, primary_key: :name belongs_to :verifier, class_name: :User, foreign_key: :verifier_id, primary_key: :id has_many :filesets, dependent: :destroy has_many :job_templates, dependent: :destroy has_many :schedules, dependent: :destroy validates :file_retention, :job_retention, :port, :password, presence: true validates :port, :quota, numericality: { greater_than: 0 } validates :fqdn, presence: true, uniqueness: true validate :fqdn_format validate :valid_recipients scope :not_baculized, -> { joins("left join #{Client.table_name} on #{Client.table_name}.Name = hosts.name"). where(Client.table_name => { Name: nil }) } scope :in_bacula, -> { where( status: STATUSES.select { |k,_| [:deployed, :updated, :redispatched, :for_removal].include? k }.values ) } scope :unverified, -> { where(verified: false) } before_validation :set_retention, :unset_baculized, :sanitize_name, :sanitize_email_recipients, :set_password, :set_port, :set_quota state_machine :status, initial: :pending do STATUSES.each do |status_name, value| state status_name, value: value end after_transition [:dispatched, :redispatched, :configured, :updated] => :deployed do |host| host.job_templates.enabled. update_all(baculized: true, baculized_at: Time.now, updated_at: Time.now) end event :add_configuration do transition [:pending, :dispatched, :inactive] => :configured end event :dispatch do transition :configured => :dispatched end event :redispatch do transition :updated => :redispatched end event :set_deployed do transition [:dispatched, :redispatched, :configured, :updated] => :deployed end event :change_deployed_config do transition [:deployed, :redispatched, :for_removal] => :updated end event :mark_for_removal do transition [:dispatched, :deployed, :updated, :redispatched] => :for_removal end event :set_inactive do transition [:configured, :deployed, :dispatched, :updated, :redispatched] => :inactive end event :disable do transition all => :pending end event :block do transition all - [:blocked] => :blocked end event :unblock do transition :blocked => :pending end end # API serializer # Override `as_json` method to personalize for API use. def as_json(opts={}) if for_api = opts.delete(:for_api) api_json + elsif for_admin = opts.delete(:for_admin_api) + admin_api_json else super(opts) end end # Determines if a host has enabled jobs in order to be dispatched to Bacula # # @return [Boolean] def bacula_ready? job_templates.enabled.any? end # Shows the host's auto_prune setting def auto_prune_human client_settings[:autoprune] end # Uploads the host's config to bacula # Reloads bacula server # # It updates the host's status accordingly def dispatch_to_bacula return false if not needs_dispatch? bacula_handler.deploy_config end # Removes a Host from bacula configuration. # Reloads bacula server # # If all go well it changes the host's status and returns true # # @param force[Boolean] forces removal def remove_from_bacula(force=false) return false if not (force || needs_revoke?) bacula_handler.undeploy_config end # Determines if a host needs a simple config # # @return [Boolean] def needs_simple_config? job_templates.none? end # Restores a host's backup to a preselected location # # @param fileset_id[Integer] the desired fileset # @param location[String] the desired restore location # @param restore_point[Datetime] the desired restore_point datetime # @param restore_client[String]] the desired restore client def restore(file_set_id, location, restore_point=nil, restore_client=nil) return false if not restorable? job_ids = client.get_job_ids(file_set_id, restore_point) file_set_name = FileSet.find(file_set_id).file_set bacula_handler.restore(job_ids, file_set_name, restore_point, location, restore_client) end # Runs the given backup job ASAP def backup_now(job_name) bacula_handler.backup_now(job_name) end # Disables all jobs and sends the configuration to Bacula def disable_jobs_and_update job_templates.update_all(enabled: false) bacula_handler.deploy_config end # Disables all jobs if needed and then locks the host def disable_jobs_and_lock return false if can_set_inactive? && !disable_jobs_and_update block end # Determinex weather a host: # # * has all it takes to be deployed but # * the config is not yet sent to bacula # # @return [Boolean] def needs_dispatch? verified? && (can_dispatch? || can_redispatch?) end # Determines weather a host is marked for removal # # @return [Boolean] def needs_revoke? for_removal? end # Handles the host's job changes by updating the host's status def recalculate add_configuration || change_deployed_config end # Fetches an info message concerning the host's deploy status def display_message if !verified? { message: 'Your host needs to be verified by an admin', severity: :alert } elsif pending? { message: 'client not configured yet', severity: :alert } elsif configured? || dispatched? { message: 'client not deployed to Bacula', severity: :alert } elsif updated? || redispatched? { message: 'client configuration changed, deploy needed', severity: :alert } elsif for_removal? { message: 'pending client configuration withdraw', severity: :error } elsif inactive? { message: 'client disabled', severity: :alert } elsif blocked? { message: 'client disabled by admin.', severity: :error } end end # Determines if a host can issue a restore job. # # @return [Boolean] true if the host's client can issue a restore job def restorable? client.present? && client.is_backed_up? end # @return [User] the first of the host's users def first_user users.order('ownerships.created_at asc').first end # Marks the host as verified and sets the relevant metadata # # @param admin_verifier[Integer] the verifier's id def verify(admin_verifier) self.verified = true self.verifier_id = admin_verifier self.verified_at = Time.now recipients = users.pluck(:email) if save UserMailer.notify_for_verification(recipients, self).deliver if recipients.any? return true end false end # Creates the RejectedHost and then destroys the initial host # # @param rejecter_id[Integer] the responsible admin's id # @param reason[Text] the reject reason def reject(rejecter_id, reason) return false if verified? transaction do rejected_host = RejectedHost.new rejected_host.user = users.first rejected_host.rejecter_id = rejecter_id rejected_host.fqdn = fqdn rejected_host.name = name rejected_host.host_created_at = created_at rejected_host.reason = reason rejected_host.save! recipients = users.pluck(:email) destroy! UserMailer.notify_for_rejection(recipients, self, reason).deliver if recipients.any? true end end # Determines if a host can be disabled or not. # Equivalent to is_deployed # # @return [Boolean] def can_be_disabled? dispatched? || deployed? || updated? || redispatched? end # Determines if a host is inserted manually from the user or # provided as an option from a list by the system via a third party # like ViMa or Okeanos # # @return [Boolean] def manually_inserted? institutional? end # Resets the hosts token # # @return [Boolean] def recalculate_token self.password = token save end private # automatic setters def sanitize_name self.name = fqdn end # Sets the file and job retention according to the global settings def set_retention self.file_retention = client_settings[:file_retention] self.file_retention_period_type = client_settings[:file_retention_period_type] self.job_retention = client_settings[:job_retention] self.job_retention_period_type = client_settings[:job_retention_period_type] end def unset_baculized self.baculized = false if new_record? true end def sanitize_email_recipients self.email_recipients.reject!(&:blank?) end def set_password return true if persisted? self.password = token end def token Digest::SHA256.hexdigest( Time.now.to_s + Rails.application.secrets.salt + fqdn.to_s ) end def set_port return true if persisted? self.port = DEFAULT_PORT end def set_quota return true if persisted? self.quota = ConfigurationSetting.client_quota end # validation def fqdn_format regex = /(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{1,63}(? 'application#faq' post 'grnet' => 'application#grnet' get 'institutional' => 'application#institutional' match 'vima', to: 'application#vima', :via => [:get, :post] get 'logout' => 'application#logout' resources :clients, only: [:index, :show] do member do get :jobs get :logs get :stats post :stats get :users get :restore post :run_restore post :restore_selected delete :remove_user end collection do post :index end end resources :clients, only: [], param: :client_id do member do get :tree end end resources :invitations, only: [:create] get '/invitations/:host_id/:verification_code/accept' => 'invitations#accept', as: :accept_invitation resources :hosts, only: [:new, :create, :show, :edit, :update, :destroy] do member do post :submit_config post :disable post :regenerate_token delete :revoke get :fd_config end collection do get :fetch_vima_hosts, to: 'hosts#fetch_vima_hosts', as: :fetch_vima end resources :simple_configs, only: [:new, :create] resources :jobs, only: [:new, :create, :show, :edit, :update, :destroy] do member do patch :toggle_enable post :backup_now end end resources :filesets, only: [:show, :new, :create, :edit, :update, :destroy] resources :schedules, only: [:show, :new, :edit, :create, :update, :destroy] end resources :users, only: :show do member do patch :generate_token end end namespace :admin do match '/', to: 'base#index', via: [:get, :post] get '/login' => 'base#login', as: :login get '/raiser' => 'base#raiser', as: :raiser resources :settings, only: [:index, :new, :create, :edit, :update] do member do delete :reset end end resources :clients, only: [:index, :show] do member do get :jobs get :logs get :stats post :stats get :configuration post :disable post :block post :unblock delete :revoke end collection do get :obsolete end end resources :hosts, only: [] do collection do get :unverified get :rejected get :pending end member do post :verify post :reject put :set_quota end end resources :users, only: [:index, :new, :create, :show, :edit, :update] do member do patch :ban patch :unban patch :revoke_admin patch :grant_admin end end resources :pools, only: [:index, :new, :create] resources :faqs end namespace :api, defaults: { format: :json } do scope module: :v1, constraints: ApiVersion.new(version: 1, default: true) do resources :clients, only: [:index, :show] do member do post :backup post :restore end end + namespace :admin do + resources :clients, only: [] do + collection do + get :unverified + end + end + end end end end