def doc_download_private(request, path, doc):
"""Download view that requires user to login, then checks authorization."""
if userHasUserPermission(request.user, doc.project):
return serve(request, path, document_root=settings.PROJECTS_ROOT)
else:
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
def secure_data_download(request, path, project):
# TODO: generalize authorization by looking up regular expressions matching path
if userHasUserPermission(request.user, project):
return serve(request, path, document_root=settings.DATA_ROOT)
else:
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
def doc_download_private(request, path, doc):
"""Download view that requires user to login, then checks authorization."""
if userHasUserPermission(request.user, doc.project):
return serve(request, path, document_root=settings.PROJECTS_ROOT)
else:
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
def secure_data_download(request, path, project):
# TODO: generalize authorization by looking up regular expressions matching path
if userHasUserPermission(request.user, project):
return serve(request, path, document_root=settings.DATA_ROOT)
else:
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
def userCanView(user, post):
# private pages can be viewed only by group members
if post.is_private:
return userHasUserPermission(user, post.project)
# public pages are viewable by everybody
else:
return True
def userCanView(user, post):
# private pages can be viewed only by group members
if post.is_private:
return userHasUserPermission(user, post.project)
# public pages are viewable by everybody
else:
return True
def search(request, project_short_name):
"""
Entry point for all search requests (GET/POST).
Loads project-specific configuration.
"""
# store this URL at session scope so other pages can reload the last search
request.session[LAST_SEARCH_URL] = request.get_full_path(
) # relative search page URL + optional query string
fromRedirectFlag = False
if request.session.get(SEARCH_REDIRECT, None):
fromRedirectFlag = True
# remove POST redirect flag from session
del request.session[SEARCH_REDIRECT]
# retrieve project from database
project = get_object_or_404(Project, short_name__iexact=project_short_name)
# check permission
if project.private:
if request.user.is_anonymous():
return HttpResponseRedirect(
reverse('login') + "?next=%s" % request.path)
else:
if not userHasUserPermission(request.user, project):
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
config = _getSearchConfig(request, project)
if config:
# config.printme()
# pass on project as extra argument to search
# also include possible custom template
return search_config(request,
config,
extra={
'project':
project,
'title2':
'%s Data Search' % project.short_name,
'template':
getQueryDict(request).get(TEMPLATE, None)
},
fromRedirectFlag=fromRedirectFlag)
# search is not configured for this project
else:
messages = [
'Searching is not enabled for this project.',
'Please contact the project administrators for further assistance.'
]
return render(request, 'cog/common/message.html', {
'project': project,
'messages': messages,
'title2': 'Data Search'
})
def doc_list(request, project_short_name):
project = get_object_or_404(Project, short_name__iexact=project_short_name)
# query by project
qset = Q(project=project)
#list_title = 'All Documents'
# do not list private documents unless user is a project member
if request.user.is_anonymous() or not userHasUserPermission(
request.user, project):
qset = qset & Q(is_private=False)
# optional query parameters
query = request.GET.get('query', '')
if query:
qset = qset & (Q(title__icontains=query) | Q(
description__icontains=query) | Q(path__icontains=query))
#list_title = "Search Results for '%s'" % query
# document type
filter_by = request.GET.get('filter_by', DOCUMENT_TYPE_ALL)
# validate 'filter_by' value
if filter_by.lower() not in VALID_FILTER_BY_VALUES:
raise Exception("Invalid 'filter_by' value")
if filter_by != DOCUMENT_TYPE_ALL:
types = DOCUMENT_TYPES[filter_by]
_qset = Q(path__iendswith=types[0])
for type in types[1:]:
_qset = _qset | Q(path__iendswith=type)
#list_title += ", type: %s, " % filter_by
qset = qset & _qset
order_by = request.GET.get('order_by', 'title')
# validate 'order_by' value
if order_by.lower() not in VALID_ORDER_BY_VALUES:
raise Exception("Invalid 'order_by' value")
#list_title += ", order by %s" % order_by
# execute query, order by descending update date
results = Doc.objects.filter(qset).distinct().order_by(order_by)
list_title = "Total Number of Matching Documents: %d" % len(results)
return render(
request, 'cog/doc/doc_list.html', {
"object_list": paginate(results, request, max_counts_per_page=100),
'project': project,
'title': '%s Files' % project.short_name,
"query": query,
"order_by": order_by,
"filter_by": filter_by,
"list_title": list_title
})
def doc_list(request, project_short_name):
project = get_object_or_404(Project, short_name__iexact=project_short_name)
# query by project
qset = Q(project=project)
#list_title = 'All Documents'
# do not list private documents unless user is a project member
if request.user.is_anonymous() or not userHasUserPermission(request.user, project):
qset = qset & Q(is_private=False)
# optional query parameters
query = request.GET.get('query', '')
if query:
qset = qset & (
Q(title__icontains=query) |
Q(description__icontains=query) |
Q(path__icontains=query)
)
#list_title = "Search Results for '%s'" % query
# document type
filter_by = request.GET.get('filter_by', DOCUMENT_TYPE_ALL)
# validate 'filter_by' value
if filter_by.lower() not in VALID_FILTER_BY_VALUES:
raise Exception("Invalid 'filter_by' value")
if filter_by != DOCUMENT_TYPE_ALL:
types = DOCUMENT_TYPES[filter_by]
_qset = Q(path__iendswith=types[0])
for type in types[1:]:
_qset = _qset | Q(path__iendswith=type)
#list_title += ", type: %s, " % filter_by
qset = qset & _qset
order_by = request.GET.get('order_by', 'title')
# validate 'order_by' value
if order_by.lower() not in VALID_ORDER_BY_VALUES:
raise Exception("Invalid 'order_by' value")
#list_title += ", order by %s" % order_by
# execute query, order by descending update date
results = Doc.objects.filter(qset).distinct().order_by(order_by)
list_title = "Total Number of Matching Documents: %d" % len(results)
return render(request,
'cog/doc/doc_list.html',
{"object_list": paginate(results, request, max_counts_per_page=100),
'project': project, 'title': '%s Files' % project.short_name,
"query": query, "order_by": order_by, "filter_by": filter_by,
"list_title":list_title})
def isVisible(self, user):
if self.active == False:
return False
elif self.private == False:
return True
elif userHasUserPermission(user, self):
return True
elif userHasContributorPermission(user, self):
return True
elif userHasAdminPermission(user, self):
return True
else:
return False
def search(request, project_short_name):
"""
Entry point for all search requests (GET/POST).
Loads project-specific configuration.
"""
# store this URL at session scope so other pages can reload the last search
request.session[LAST_SEARCH_URL] = request.get_full_path() # relative search page URL + optional query string
fromRedirectFlag = False
if request.session.get(SEARCH_REDIRECT, None):
fromRedirectFlag = True
# remove POST redirect flag from session
del request.session[SEARCH_REDIRECT]
# retrieve project from database
project = get_object_or_404(Project, short_name__iexact=project_short_name)
# check permission
if project.private:
if request.user.is_anonymous():
return HttpResponseRedirect(reverse('login')+"?next=%s" % request.path)
else:
if not userHasUserPermission(request.user, project):
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
config = _getSearchConfig(request, project)
if config:
# config.printme()
# pass on project as extra argument to search
# also include possible custom template
return search_config(request, config, extra={'project': project,
'title2': '%s Data Search'% project.short_name,
'template':getQueryDict(request).get(TEMPLATE,None) },
fromRedirectFlag=fromRedirectFlag)
# search is not configured for this project
else:
messages = ['Searching is not enabled for this project.',
'Please contact the project administrators for further assistance.']
return render(request,
'cog/common/message.html',
{'project': project, 'messages': messages, 'title2': 'Data Search'})
def hasUserPermission(user, project):
return userHasUserPermission(user, project)
def hasUserPermission(user, project):
return userHasUserPermission(user, project)