def contribute_to_program_view(sender, obj=None, context=None):
if obj.context_id != None and \
permissions.is_allowed_read('Role', 1) and \
permissions.is_allowed_read('UserRole', obj.context_id) and \
permissions.is_allowed_create('UserRole', obj.context_id) and \
permissions.is_allowed_update('UserRole', obj.context_id) and \
permissions.is_allowed_delete('UserRole', obj.context_id):
return 'permissions/programs/_role_assignments.haml'
return None
def contribute_to_program_view(sender, obj=None, context=None):
if obj.context_id is not None and \
rbac_permissions.is_allowed_read('Role', None, 1) and \
rbac_permissions.is_allowed_read('UserRole', None, obj.context_id) and \
rbac_permissions.is_allowed_create('UserRole', None, obj.context_id) and \
rbac_permissions.is_allowed_update('UserRole', None, obj.context_id) and \
rbac_permissions.is_allowed_delete('UserRole', None, obj.context_id):
return 'permissions/programs/_role_assignments.haml'
return None
def get(self, id):
with benchmark("Query for object"):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if 'Accept' in self.request.headers and \
'text/html' not in self.request.headers['Accept']:
return current_app.make_response(
('text/html', 406, [('Content-Type', 'text/plain')]))
if not permissions.is_allowed_read(self.model.__name__, obj.id,
obj.context_id):
raise Forbidden()
if not permissions.is_allowed_view_object_page_for(obj):
raise Forbidden()
with benchmark("Render"):
rendered_template = self.render_template_for_object(obj)
# FIXME: Etag based on rendered output, or object itself?
# if 'If-None-Match' in self.request.headers and \
# self.request.headers['If-None-Match'] == self.etag(object_for_json):
# return current_app.make_response((
# '', 304, [('Etag', self.etag(object_for_json))]))
return rendered_template
def get(self, id):
with benchmark("Query for object"):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if 'Accept' in self.request.headers and \
'text/html' not in self.request.headers['Accept']:
return current_app.make_response((
'text/html', 406, [('Content-Type', 'text/plain')]))
if not permissions.is_allowed_read(self.model.__name__, obj.id,
obj.context_id):
raise Forbidden()
if not permissions.is_allowed_view_object_page_for(obj):
raise Forbidden()
with benchmark("Render"):
rendered_template = self.render_template_for_object(obj)
# FIXME: Etag based on rendered output, or object itself?
# if 'If-None-Match' in self.request.headers and \
# self.request.headers['If-None-Match'] == self.etag(object_for_json):
# return current_app.make_response((
# '', 304, [('Etag', self.etag(object_for_json))]))
return rendered_template
def import_processes():
from werkzeug import secure_filename
from ggrc.converters.common import ImportException
from ggrc.converters.systems import SystemsConverter
from ggrc.converters.import_helper import handle_csv_import
if not permissions.is_allowed_read("/admin", 1):
raise Forbidden()
if request.method == 'POST':
if 'cancel' in request.form:
return import_redirect('/admin')
dry_run = not ('confirm' in request.form)
csv_file = request.files['file']
try:
if csv_file and allowed_file(csv_file.filename):
filename = secure_filename(csv_file.filename)
converter = handle_csv_import(SystemsConverter, csv_file, dry_run = dry_run, is_biz_process='1')
if dry_run:
return render_template("systems/import_result.haml",
converter = converter, results=converter.objects, heading_map=converter.object_map)
else:
count = len(converter.objects)
flash(u'Successfully imported {} process{}'.format(count, 'es' if count > 1 else ''), 'notice')
return import_redirect("/admin")
else:
file_msg = "Could not import: invalid csv file."
return render_template("directives/import_errors.haml", exception_message = file_msg)
except ImportException as e:
return render_template("directives/import_errors.haml", exception_message = str(e))
return render_template("systems/import.haml", import_kind = 'Processes')
def admin_reindex():
"""Simple re-index of all indexable objects
"""
if not permissions.is_allowed_read("/admin", 1):
raise Forbidden()
from ggrc.fulltext import get_indexer
from ggrc.fulltext.recordbuilder import fts_record_for
indexer = get_indexer()
indexer.delete_all_records(False)
from ggrc.models import all_models
from ggrc.app import db
# Find all models then remove base classes
models = set(all_models.all_models) -\
set([all_models.Directive, all_models.SystemOrProcess])
for model in models:
mapper_class = model._sa_class_manager.mapper.base_mapper.class_
query = model.query.options(
db.undefer_group(mapper_class.__name__+'_complete'),
)
for instance in query.all():
indexer.create_record(fts_record_for(instance), False)
db.session.commit()
return app.make_response((
'success', 200, [('Content-Type', 'text/html')]))
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_type, object_id, None):
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
ids_query = db.session.query(acl.object_id).join(acr).filter(
acr.read == 1,
acl.object_type == "Assessment",
acl.person_id == get_current_user_id(),
acl.object_id.in_(ids_query),
)
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group(
"Assessment_complete",
),
orm.Load(models.Assessment).joinedload(
"audit"
).undefer_group(
"Audit_complete",
),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions"
).undefer_group(
"CustomAttributeDefinitons_complete",
),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values"
).undefer_group(
"CustomAttributeValues_complete",
),
).filter(
models.Assessment.id.in_(ids_query)
)
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
total = query.count()
if limit:
query = pagination.apply_limit(query, limit)
# note that using pagination.get_total_count here would return wrong counts
# due to query being an eager query.
return query.all(), total
def admin_reindex():
"""Calls a webhook that reindexes indexable objects
"""
if not permissions.is_allowed_read("/admin", None, 1):
raise Forbidden()
task_queue = create_task("reindex", url_for(reindex.__name__), reindex)
return task_queue.make_response(
app.make_response(("scheduled %s" % task_queue.name, 200,
[('Content-Type', 'text/html')])))
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
user_role = get_current_user().system_wide_role
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_type, object_id, None) and \
user_role != SystemWideRoles.CREATOR:
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
acp = models.all_models.AccessControlPerson
ids_query = db.session.query(acl.object_id).join(acr).join(
acp, acl.base_id == acp.ac_list_id).filter(
acr.read == 1,
acl.object_type == "Assessment",
acp.person_id == get_current_user_id(),
acl.object_id.in_(ids_query),
)
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group("Assessment_complete", ),
orm.Load(models.Assessment).joinedload("audit").undefer_group(
"Audit_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions").undefer_group(
"CustomAttributeDefinitons_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values").undefer_group(
"CustomAttributeValues_complete", ),
).filter(models.Assessment.id.in_(ids_query))
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
if limit:
objs = pagination.apply_limit(query, limit).all()
total = query.count()
else:
objs = query.all()
total = len(objs)
# note that using pagination.get_total_count here would return wrong counts
# due to query being an eager query.
return objs, total
def admin_reindex():
"""Calls a webhook that reindexes indexable objects
"""
if not permissions.is_allowed_read("/admin", None, 1):
raise Forbidden()
task_queue = create_task("reindex", url_for(reindex.__name__), reindex)
return task_queue.make_response(
app.make_response(("scheduled %s" % task_queue.name, 200,
[('Content-Type', 'text/html')])))
def get(self, id):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if 'Accept' in self.request.headers and\
'text/html' not in self.request.headers['Accept']:
return current_app.make_response((
'text/html', 406, [('Content-Type', 'text/plain')]))
if not permissions.is_allowed_read(self.model.__name__, obj.context_id):
raise Forbidden()
return redirect(view_url_for(obj))
def get(self, id):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if 'Accept' in self.request.headers and\
'text/html' not in self.request.headers['Accept']:
return current_app.make_response(
('text/html', 406, [('Content-Type', 'text/plain')]))
if not permissions.is_allowed_read(self.model.__name__, obj.id,
obj.context_id):
raise Forbidden()
return redirect(view_url_for(obj))
def export_systems():
from ggrc.converters.systems import SystemsConverter
from ggrc.converters.import_helper import handle_converter_csv_export
from ggrc.models.all_models import System
if not permissions.is_allowed_read("/admin", 1):
raise Forbidden()
options = {}
options['export'] = True
systems = System.query.filter_by(is_biz_process=False).all()
filename = "SYSTEMS.csv"
return handle_converter_csv_export(filename, systems, SystemsConverter, **options)
def export_people():
from ggrc.converters.people import PeopleConverter
from ggrc.converters.import_helper import handle_converter_csv_export
from ggrc.models.all_models import Person
if not permissions.is_allowed_read("/admin", 1):
raise Forbidden()
options = {}
options['export'] = True
people = Person.query.all()
filename = "PEOPLE.csv"
return handle_converter_csv_export(filename, people, PeopleConverter, **options)
def export_processes():
from ggrc.converters.systems import SystemsConverter
from ggrc.converters.import_helper import handle_converter_csv_export
from ggrc.models.all_models import Process
if not permissions.is_allowed_read("/admin", 1):
raise Forbidden()
options = {}
options['export'] = True
options['is_biz_process'] = '1'
procs = Process.query.all()
filename = "PROCESSES.csv"
return handle_converter_csv_export(filename, procs, SystemsConverter, **options)
def get(self, id):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if "Accept" in self.request.headers and "application/json" not in self.request.headers["Accept"]:
return current_app.make_response(("application/json", 406, [("Content-Type", "text/plain")]))
if not permissions.is_allowed_read(self.model.__name__, obj.context_id):
raise Forbidden()
object_for_json = self.object_for_json(obj)
if "If-None-Match" in self.request.headers and self.request.headers["If-None-Match"] == self.etag(
object_for_json
):
return current_app.make_response(("", 304, [("Etag", self.etag(object_for_json))]))
return self.json_success_response(object_for_json, self.modified_at(obj))
def get(self, id):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if 'Accept' in self.request.headers and \
'application/json' not in self.request.headers['Accept']:
return current_app.make_response((
'application/json', 406, [('Content-Type', 'text/plain')]))
if not permissions.is_allowed_read(self.model.__name__, obj.context_id):
raise Forbidden()
object_for_json = self.object_for_json(obj)
if 'If-None-Match' in self.request.headers and \
self.request.headers['If-None-Match'] == self.etag(object_for_json):
return current_app.make_response((
'', 304, [('Etag', self.etag(object_for_json))]))
return self.json_success_response(
self.object_for_json(obj), self.modified_at(obj))
def get(self, id):
obj = self.get_object(id)
if obj is None:
return self.not_found_response()
if 'Accept' in self.request.headers and \
'application/json' not in self.request.headers['Accept']:
return current_app.make_response(
('application/json', 406, [('Content-Type', 'text/plain')]))
if not permissions.is_allowed_read(self.model.__name__,
obj.context_id):
raise Forbidden()
object_for_json = self.object_for_json(obj)
if 'If-None-Match' in self.request.headers and \
self.request.headers['If-None-Match'] == self.etag(object_for_json):
return current_app.make_response(
('', 304, [('Etag', self.etag(object_for_json))]))
return self.json_success_response(self.object_for_json(obj),
self.modified_at(obj))
def _get_assessments(self, model, object_type, object_id):
"""Get a list of assessments.
Get a list of assessments with all their data from the db, according to the
request GET parameters.
"""
ids_query = model.get_similar_objects_query(object_id, "Assessment")
order_by = self._get_order_by_parameter()
limit = self._get_limit_parameters()
if not permissions.has_system_wide_read():
if not permissions.is_allowed_read(object_id, object_type, None):
raise Forbidden()
acl = models.all_models.AccessControlList
acr = models.all_models.AccessControlRole
ids_query = db.session.query(acl.object_id).join(acr).filter(
acr.read.is_(True), acl.object_type == "Assessment",
acl.object_id.in_(ids_query))
query = models.Assessment.query.options(
orm.Load(models.Assessment).undefer_group("Assessment_complete", ),
orm.Load(models.Assessment).joinedload("audit").undefer_group(
"Audit_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_definitions").undefer_group(
"CustomAttributeDefinitons_complete", ),
orm.Load(models.Assessment).joinedload(
"custom_attribute_values").undefer_group(
"CustomAttributeValues_complete", ),
).filter(models.Assessment.id.in_(ids_query))
if order_by:
query = pagination.apply_order_by(
models.Assessment,
query,
order_by,
models.Assessment,
)
if limit:
query, total = pagination.apply_limit(query, limit)
else:
total = query.count()
return query, total
def import_people():
from werkzeug import secure_filename
from ggrc.converters.common import ImportException
from ggrc.converters.people import PeopleConverter
from ggrc.converters.import_helper import handle_csv_import
from ggrc.models import Person
import ggrc.views
if not permissions.is_allowed_read("/admin", 1):
raise Forbidden()
if request.method == 'POST':
if 'cancel' in request.form:
return import_redirect("/admin")
dry_run = not ('confirm' in request.form)
csv_file = request.files['file']
try:
if csv_file and allowed_file(csv_file.filename):
filename = secure_filename(csv_file.filename)
options = {}
options['dry_run'] = dry_run
converter = handle_csv_import(PeopleConverter, csv_file, **options)
if dry_run:
options['converter'] = converter
options['results'] = converter.objects
options['heading_map'] = converter.object_map
return render_template("people/import_result.haml", **options)
else:
count = len(converter.objects)
flash(u'Successfully imported {} person{}'.format(count, 's' if count > 1 else ''), 'notice')
return import_redirect("/admin")
else:
file_msg = "Could not import: invalid csv file."
return render_template("directives/import_errors.haml",
directive_id = "People", exception_message = file_msg)
except ImportException as e:
return render_template("directives/import_errors.haml",
directive_id = "People", exception_message = str(e))
return render_template("people/import.haml", import_kind = 'People')
def admin():
"""The admin dashboard page
"""
if not permissions.is_allowed_read("/admin", None, 1):
raise Forbidden()
return render_template("admin/index.haml")
def inclusion_filter(obj):
return permissions.is_allowed_read(obj.__class__.__name__, obj.context_id)
def admin():
"""The admin dashboard page
"""
if not permissions.is_allowed_read("/admin", None, 1):
raise Forbidden()
return render_template("admin/index.haml")
def inclusion_filter(obj):
return permissions.is_allowed_read(obj.__class__.__name__, obj.context_id)
