def post(self, request):
""" Add permissions to a resource
Add new permissions for a existing group and resource object
Args:
request: Django rest framework request
Returns:
Http status code
"""
if 'permissions' not in request.data:
return BossHTTPError("Permission are not included in the request", ErrorCodes.INVALID_URL)
else:
perm_list = dict(request.data)['permissions']
if 'group' not in request.data:
return BossHTTPError("Group are not included in the request", ErrorCodes.INVALID_URL)
if 'collection' not in request.data:
return BossHTTPError("Invalid resource or missing resource name in request", ErrorCodes.INVALID_URL)
group_name = request.data.get('group', None)
collection = request.data.get('collection', None)
experiment = request.data.get('experiment', None)
channel = request.data.get('channel', None)
try:
# public group can only have read permission
if group_name == 'public' and not (set(perm_list).issubset({'read', 'read_volumetric_data'})):
return BossHTTPError("The public group can only have read permissions",
ErrorCodes.INVALID_POST_ARGUMENT)
# If the user is not a member or maintainer of the group, they cannot assign permissions
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError('The user {} is not a member or maintainer of the group {} '.
format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION)
resource_object = self.get_object(collection, experiment, channel)
if resource_object is None:
return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE)
resource = resource_object[0]
if request.user.has_perm("assign_group", resource):
BossPermissionManager.add_permissions_group(group_name, resource, perm_list)
return Response(status=status.HTTP_201_CREATED)
else:
return BossPermissionError('assign group', collection)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except Permission.DoesNotExist:
return BossHTTPError("Invalid permissions in post".format(request.data['permissions']),
ErrorCodes.UNRECOGNIZED_PERMISSION)
except BossError as err:
return err.to_http()
def patch(self, request):
""" Patch permissions for a resource
Remove specific permissions for a existing group and resource object
Args:
request: Django rest framework request
Returns:
Http status code
"""
if 'permissions' not in request.data:
return BossHTTPError("Permission are not included in the request", ErrorCodes. UNABLE_TO_VALIDATE)
else:
perm_list = dict(request.data)['permissions']
if 'group' not in request.data:
return BossHTTPError("Group are not included in the request", ErrorCodes. UNABLE_TO_VALIDATE)
if 'collection' not in request.data:
return BossHTTPError("Invalid resource or missing resource name in request", ErrorCodes. UNABLE_TO_VALIDATE)
group_name = request.data.get('group', None)
collection = request.data.get('collection', None)
experiment = request.data.get('experiment', None)
channel = request.data.get('channel', None)
try:
# public group can only have read permission
if group_name == 'public' and (len(perm_list) != 1 or perm_list[0] != 'read'):
return BossHTTPError("The public group can only have read permissions",
ErrorCodes.INVALID_POST_ARGUMENT)
# If the user is not a member or maintainer of the group, they cannot patch permissions
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError('The user {} is not a member or maintainer of the group {} '.
format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION)
resource_object = self.get_object(collection, experiment, channel)
if resource_object is None:
return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE)
resource = resource_object[0]
# remove all existing permission for the group
if request.user.has_perm("remove_group", resource) and request.user.has_perm("assign_group", resource):
BossPermissionManager.delete_all_permissions_group(group_name, resource)
BossPermissionManager.add_permissions_group(group_name, resource, perm_list)
return Response(status=status.HTTP_200_OK)
else:
return BossPermissionError('remove group', resource.name)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except Permission.DoesNotExist:
return BossHTTPError("Invalid permissions in post".format(request.data['permissions']),
ErrorCodes.UNRECOGNIZED_PERMISSION)
except BossError as err:
return err.to_http()
def delete(self, request):
""" Delete permissions for a resource object
Remove specific permissions for a existing group and resource object
Args:
request: Django rest framework request
Returns:
Http status code
"""
if 'group' not in request.query_params:
return BossHTTPError("Group are not included in the request",
ErrorCodes.INVALID_URL)
if 'collection' not in request.query_params:
return BossHTTPError(
"Invalid resource or missing resource name in request",
ErrorCodes.INVALID_URL)
group_name = request.query_params.get('group', None)
collection = request.query_params.get('collection', None)
experiment = request.query_params.get('experiment', None)
channel = request.query_params.get('channel', None)
try:
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError(
'The user {} is not a member or maintainer of the group {} '
.format(request.user.username,
group_name), ErrorCodes.MISSING_PERMISSION)
resource_object = self.get_object(collection, experiment, channel)
if resource_object is None:
return BossHTTPError("Unable to validate the resource",
ErrorCodes.UNABLE_TO_VALIDATE)
if request.user.has_perm("remove_group", resource_object[0]):
BossPermissionManager.delete_all_permissions_group(
group_name, resource_object[0])
return Response(status=status.HTTP_204_NO_CONTENT)
else:
return BossPermissionError('remove group',
resource_object[0].name)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except Permission.DoesNotExist:
return BossHTTPError(
"Invalid permissions in post".format(
request.data['permissions']),
ErrorCodes.UNRECOGNIZED_PERMISSION)
except Exception as e:
return BossHTTPError("{}".format(e),
ErrorCodes.UNHANDLED_EXCEPTION)
except BossError as err:
return err.to_http()
def delete(self, request):
""" Delete permissions for a resource object
Remove specific permissions for a existing group and resource object
Args:
request: Django rest framework request
Returns:
Http status code
"""
if 'group' not in request.query_params:
return BossHTTPError("Group are not included in the request", ErrorCodes.INVALID_URL)
if 'collection' not in request.query_params:
return BossHTTPError("Invalid resource or missing resource name in request", ErrorCodes.INVALID_URL)
group_name = request.query_params.get('group', None)
collection = request.query_params.get('collection', None)
experiment = request.query_params.get('experiment', None)
channel = request.query_params.get('channel', None)
try:
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError('The user {} is not a member or maintainer of the group {} '.
format(request.user.username, group_name), ErrorCodes.MISSING_PERMISSION)
resource_object = self.get_object(collection, experiment, channel)
if resource_object is None:
return BossHTTPError("Unable to validate the resource", ErrorCodes.UNABLE_TO_VALIDATE)
if request.user.has_perm("remove_group", resource_object[0]):
BossPermissionManager.delete_all_permissions_group(group_name, resource_object[0])
return Response(status=status.HTTP_204_NO_CONTENT)
else:
return BossPermissionError('remove group', resource_object[0].name)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except Permission.DoesNotExist:
return BossHTTPError("Invalid permissions in post".format(request.data['permissions']),
ErrorCodes.UNRECOGNIZED_PERMISSION)
except Exception as e:
return BossHTTPError("{}".format(e), ErrorCodes.UNHANDLED_EXCEPTION)
except BossError as err:
return err.to_http()
def get(self, request, group_name, user_name=None):
"""
Gets the maintianer status of a user for a group
Args:
request: Django rest framework request
group_name: Group name from the request
user_name: User name from the request
Returns:
bool : True if the user is a member of the group
"""
try:
group = Group.objects.get(name=group_name)
bgroup = BossGroup.objects.get(group=group)
# Check for permissions. The logged in user has to be a member or group maintainer
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError(
'The user {} is not a member or maintainer of the group {} '
.format(request.user.username,
group_name), ErrorCodes.MISSING_PERMISSION)
if user_name is None:
# Return all maintainers for the group
list_maintainers = get_users_with_perms(bgroup)
maintainers = [user.username for user in list_maintainers]
data = {"maintainers": maintainers}
else:
# Both group name and user name are specified. Return the maintainer status for the user
usr = User.objects.get(username=user_name)
status = usr.has_perm("maintain_group", bgroup)
data = {"result": status}
return Response(data, status=200)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except User.DoesNotExist:
return BossUserNotFoundError(user_name)
def get(self, request, group_name, user_name=None):
"""
Gets the maintianer status of a user for a group
Args:
request: Django rest framework request
group_name: Group name from the request
user_name: User name from the request
Returns:
bool : True if the user is a member of the group
"""
try:
group = Group.objects.get(name=group_name)
bgroup = BossGroup.objects.get(group=group)
# Check for permissions. The logged in user has to be a member or group maintainer
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError('The user {} is not a member or maintainer of the group {} '
.format(request.user.username, group_name),
ErrorCodes.MISSING_PERMISSION)
if user_name is None:
# Return all maintainers for the group
list_maintainers = get_users_with_perms(bgroup)
maintainers = [user.username for user in list_maintainers]
data = {"maintainers": maintainers}
else:
# Both group name and user name are specified. Return the maintainer status for the user
usr = User.objects.get(username=user_name)
status = usr.has_perm("maintain_group", bgroup)
data = {"result": status}
return Response(data, status=200)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except User.DoesNotExist:
return BossUserNotFoundError(user_name)
def get(self, request, group_name, user_name=None):
"""
Gets the membership status of a user for a group
Args:
request: Django rest framework request
group_name: Group name from the request
user_name: User name from the request
Returns:
bool : True if the user is a member of the group
"""
try:
group = Group.objects.get(name=group_name)
# Check for permissions. The logged in user has to be a member or group maintainer
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError(
'The user {} is not a member or maintainer of the group {} '
.format(request.user.username,
group_name), ErrorCodes.MISSING_PERMISSION)
if user_name is None:
# Return all users for the group
list_users = group.user_set.all().values_list('username',
flat=True)
list_users = [name for name in list_users]
data = {"members": list_users}
else:
# Both group name and user name are specified. Return the membership status for the user
usr = User.objects.get(username=user_name)
status = group.user_set.filter(id=usr.id).exists()
data = {"result": status}
return Response(data, status=200)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except User.DoesNotExist:
return BossUserNotFoundError(user_name)
def get(self, request, group_name, user_name=None):
"""
Gets the membership status of a user for a group
Args:
request: Django rest framework request
group_name: Group name from the request
user_name: User name from the request
Returns:
bool : True if the user is a member of the group
"""
try:
group = Group.objects.get(name=group_name)
# Check for permissions. The logged in user has to be a member or group maintainer
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError('The user {} is not a member or maintainer of the group {} '
.format(request.user.username, group_name),
ErrorCodes.MISSING_PERMISSION)
if user_name is None:
# Return all users for the group
list_users = group.user_set.all().values_list('username', flat=True)
list_users = [name for name in list_users]
data = {"members": list_users}
else:
# Both group name and user name are specified. Return the membership status for the user
usr = User.objects.get(username=user_name)
status = group.user_set.filter(id=usr.id).exists()
data = {"result": status}
return Response(data, status=200)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except User.DoesNotExist:
return BossUserNotFoundError(user_name)
def get(self, request, group_name=None):
"""
Get all groups
Args:
request: Django rest framework request
group_name: Group name from the request
Returns:
Group if the group exists
"""
if group_name is not None:
try:
# Check for permissions. The logged in user has to be a member or group maintainer
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError('Unauthorized. The user {} is not a member or maintainer of the group {}'
.format(request.user.username, group_name),
ErrorCodes.MISSING_PERMISSION)
group = Group.objects.get(name=group_name)
bgroup = BossGroup.objects.get(group=group)
data = {"name": group.name, "owner": bgroup.creator.username}
resources = []
# get permission sets for models
col_perms = [perm.codename for perm in get_perms_for_model(Collection)]
exp_perms = [perm.codename for perm in get_perms_for_model(Experiment)]
channel_perms = [perm.codename for perm in get_perms_for_model(Channel)]
# get objects for the group
col_list = get_objects_for_group(group, perms=col_perms, klass=Collection, any_perm=True)
exp_list = get_objects_for_group(group, perms=exp_perms, klass=Experiment, any_perm=True)
ch_list = get_objects_for_group(group, perms=channel_perms, klass=Channel, any_perm=True)
for col in col_list:
obj = {'collection': col.name}
resources.append(obj)
for exp in exp_list:
obj = {'collection': exp.collection.name, 'experiment': exp.name}
resources.append(obj)
for ch in ch_list:
obj = {'collection': ch.experiment.collection.name, 'experiment': ch.experiment.name,
'channel': ch.name}
resources.append(obj)
data['resources'] = resources
return Response(data, status=200)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except BossGroup.DoesNotExist:
return BossHTTPError("The group {} is not configured correctly and does not have a creator. "
"Contact an admin to update it".format(group_name), ErrorCodes.UNABLE_TO_VALIDATE)
else:
# Get all the groups that the logged in user is a member of
list_member_groups = request.user.groups.values_list('name', flat=True)
member_groups = [name for name in list_member_groups]
# Get all groups that the user has maintainer permissions on
group_perms = [perm.codename for perm in get_perms_for_model(BossGroup)]
list_maintainer_groups = get_objects_for_user(request.user, group_perms, klass=BossGroup, any_perm=True)
maintainer_groups = [bgroup.group.name for bgroup in list_maintainer_groups]
if 'filter' in request.query_params and request.query_params['filter'] == 'member':
data = {'groups': member_groups}
return Response(data, status=200)
elif 'filter' in request.query_params and request.query_params['filter'] == 'maintainer':
data = {'groups': maintainer_groups}
return Response(data, status=200)
elif 'filter' not in request.query_params:
all_groups = list(set(member_groups).union(maintainer_groups))
data = {'groups': all_groups}
else:
return BossHTTPError('Unrecogizes value {} in filter. Valid parameters are member or maintainer.',
ErrorCodes.UNABLE_TO_VALIDATE)
return Response(data, status=200)
def get(self, request, group_name=None):
"""
Get all groups
Args:
request: Django rest framework request
group_name: Group name from the request
Returns:
Group if the group exists
"""
if group_name is not None:
try:
# Check for permissions. The logged in user has to be a member or group maintainer
if not check_is_member_or_maintainer(request.user, group_name):
return BossHTTPError(
'Unauthorized. The user {} is not a member or maintainer of the group {}'
.format(request.user.username,
group_name), ErrorCodes.MISSING_PERMISSION)
group = Group.objects.get(name=group_name)
bgroup = BossGroup.objects.get(group=group)
data = {"name": group.name, "owner": bgroup.creator.username}
resources = []
# get permission sets for models
col_perms = [
perm.codename for perm in get_perms_for_model(Collection)
]
exp_perms = [
perm.codename for perm in get_perms_for_model(Experiment)
]
channel_perms = [
perm.codename for perm in get_perms_for_model(Channel)
]
# get objects for the group
col_list = get_objects_for_group(group,
perms=col_perms,
klass=Collection,
any_perm=True)
exp_list = get_objects_for_group(group,
perms=exp_perms,
klass=Experiment,
any_perm=True)
ch_list = get_objects_for_group(group,
perms=channel_perms,
klass=Channel,
any_perm=True)
for col in col_list:
obj = {'collection': col.name}
resources.append(obj)
for exp in exp_list:
obj = {
'collection': exp.collection.name,
'experiment': exp.name
}
resources.append(obj)
for ch in ch_list:
obj = {
'collection': ch.experiment.collection.name,
'experiment': ch.experiment.name,
'channel': ch.name
}
resources.append(obj)
data['resources'] = resources
return Response(data, status=200)
except Group.DoesNotExist:
return BossGroupNotFoundError(group_name)
except BossGroup.DoesNotExist:
return BossHTTPError(
"The group {} is not configured correctly and does not have a creator. "
"Contact an admin to update it".format(group_name),
ErrorCodes.UNABLE_TO_VALIDATE)
else:
# Get all the groups that the logged in user is a member of
list_member_groups = request.user.groups.values_list('name',
flat=True)
member_groups = [name for name in list_member_groups]
# Get all groups that the user has maintainer permissions on
group_perms = [
perm.codename for perm in get_perms_for_model(BossGroup)
]
list_maintainer_groups = get_objects_for_user(request.user,
group_perms,
klass=BossGroup,
any_perm=True)
maintainer_groups = [
bgroup.group.name for bgroup in list_maintainer_groups
]
if 'filter' in request.query_params and request.query_params[
'filter'] == 'member':
data = {'groups': member_groups}
return Response(data, status=200)
elif 'filter' in request.query_params and request.query_params[
'filter'] == 'maintainer':
data = {'groups': maintainer_groups}
return Response(data, status=200)
elif 'filter' not in request.query_params:
all_groups = list(set(member_groups).union(maintainer_groups))
data = {'groups': all_groups}
else:
return BossHTTPError(
'Unrecogizes value {} in filter. Valid parameters are member or maintainer.',
ErrorCodes.UNABLE_TO_VALIDATE)
return Response(data, status=200)
