Beispiel #1
0
    def get_object(self, queryset=None):
        '''  :returns: "Permission Denied" page if the course/activity is inactive OR deleted AND the user is not an instructor, OR if user is not a member of the course, OR if svtivity membership is on AND the user is not a member. '''

        activity = super(ActivityViewPermissionMixin, self).get_object(queryset)
        course = activity.collection
        user = self.request.user
        # if course is inactive or deleted and user doesn't have edit_course
        # perm, then raise 403
        if not course.is_active or course.is_deleted:
            if not user.has_perm("core.edit_course", course):
                raise PermissionDenied()

        # if activity is inactive or deleted and user doesn't have edit_course
        # perm, then raise 403
        if not activity.is_active or activity.is_deleted:
            if not user.has_perm("core.edit_course", course):
                raise PermissionDenied()

        # if user is not an instructor check the following:
        # if activity membership is on, check if user can view_activity. Otherwise
        # just check if user can course_view.
        if not user.has_perm('edit_course', course):
            if activity.permission_control == True:
                print get_perms(user, course)
                print get_perms(user, activity)
                if not user.has_perm("view_activity", activity):
                    raise PermissionDenied()
            else:
                if not get_perms(user, course):
                    raise PermissionDenied()

        return activity
Beispiel #2
0
    def form_valid(self, form):
        '''
       # actualiza los miembros del equipo del proyecto que se hayan especifico

        #:param form: formulario de edición del proyecto
        '''
        self.object = form.save()
        formset = self.TeamMemberInlineFormSet(self.request.POST, instance=self.object)
        if formset.is_valid():
            # borramos todos los permisos asociados al usuario en el proyecto antes de volver a asignar los nuevos
            proyecto = self.object
            for form in formset:
                if form.has_changed():  #solo los formularios con cambios efectuados
                    user = form.cleaned_data['usuario']
                    if('usuario' in form.changed_data and 'usuario' in form.initial): #si se cambia el usuario, borrar permisos del usuario anterior
                        original_user = get_object_or_404(User, pk=form.initial['usuario'])
                        for perm in get_perms(original_user, proyecto):
                            remove_perm(perm, original_user, proyecto)
                    else:
                        for perm in get_perms(user, proyecto):
                            remove_perm(perm, user, proyecto)

            formset.save()
            return HttpResponseRedirect(reverse('project_list'))

        return render(self.request, self.get_template_names(), {'form': form, 'formset': formset},
                      context_instance=RequestContext(self.request))
    def test_activation_valid(self):
        """
        Valid activation of an user.

        Activation of an user with a valid ``activation_key`` should activate
        the user and set a new invalid ``activation_key`` that is defined in
        the setting ``USERENA_ACTIVATED``.

        """
        user = UserenaSignup.objects.create_user(**self.user_info)
        active_user = UserenaSignup.objects.activate_user(user.userena_signup.activation_key)
        profile = get_user_profile(user=active_user)

        # The returned user should be the same as the one just created.
        self.failUnlessEqual(user, active_user)

        # The user should now be active.
        self.failUnless(active_user.is_active)

        # The user should have permission to view and change its profile
        self.failUnless('view_profile' in get_perms(active_user, profile))
        self.failUnless('change_profile' in get_perms(active_user, profile))

        # The activation key should be the same as in the settings
        self.assertEqual(active_user.userena_signup.activation_key,
                         userena_settings.USERENA_ACTIVATED)
    def test_activation_valid(self):
        """
        Valid activation of an user.

        Activation of an user with a valid ``activation_key`` should activate
        the user and set a new invalid ``activation_key`` that is defined in
        the setting ``ACCOUNTS_ACTIVATED``.

        """
        user = Account.objects.create_user(**self.user_info)
        active_user = Account.objects.activate_user(user.username,
                                                          user.account.activation_key)

        # The returned user should be the same as the one just created.
        self.failUnlessEqual(user, active_user)

        # The user should now be active.
        self.failUnless(active_user.is_active)

        # The user should have permission to view and change its profile
        self.failUnless('view_profile' in get_perms(active_user, active_user.get_profile()))
        self.failUnless('change_profile' in get_perms(active_user, active_user.get_profile()))

        # The activation key should be the same as in the settings
        self.assertEqual(active_user.account.activation_key,
                         accounts_settings.ACCOUNTS_ACTIVATED)
Beispiel #5
0
 def perms(self, regex, chan, nick, **kwargs):
     username = regex.group('username').lower()
     # if user is bot_admin or if user is inquiring about themself...
     if self.get_auth().is_authorised(nick,  '#', 'bot_admin') or \
     (username == nick.lower() and self.get_auth().is_authenticated(nick)):
         try:
             user = User.objects.get(username__iexact = username)
         except User.DoesNotExist:
             self.notice(nick, "Unknown user")
             return
         
         self.notice(nick, "=== Network Permissions ===")
         for net_obj in NetworkPermissions.objects.all():
             
             perms = get_perms(user, net_obj)
             self.notice(nick, "{} {}".format(net_obj.network,
                                                 ", ".join(perms)))
         last_perms = None
         for room_obj in RoomPermissions.objects.all():
             
             perms = get_perms(user, room_obj)
             if perms:
                 if last_perms == None:
                     self.notice(nick, "\n=== Room Permissions ===")
                 self.notice(nick, "{} {} {}".format(room_obj.network,
                                             room_obj.room,
                                             ", ".join(perms))) 
     else:
         self.msg(chan, "You are not authorised or not logged in") 
 def test_direct_perms_only(self):
     admin = User.objects.create(username='******', is_superuser=True)
     self.user1.groups.add(self.group1)
     self.user2.groups.add(self.group1)
     assign_perm("change_contenttype", self.user1, self.obj1)
     assign_perm("delete_contenttype", admin, self.obj1)
     assign_perm("delete_contenttype", self.group1, self.obj1)
     expected = set([self.user1, self.user2, admin])
     result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=True)
     self.assertEqual(set(result), expected)
     self.assertEqual(set(get_user_perms(self.user1, self.obj1)), set(['change_contenttype']))
     self.assertEqual(set(get_user_perms(self.user2, self.obj1)), set([]))
     self.assertEqual(set(get_user_perms(admin, self.obj1)), set(['delete_contenttype']))
     result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=False)
     expected = set([self.user1, admin])
     self.assertEqual(set(result), expected)
     self.assertEqual(set(get_group_perms(self.user1, self.obj1)), set(['delete_contenttype']))
     self.assertEqual(set(get_group_perms(self.user2, self.obj1)), set(['delete_contenttype']))
     self.assertEqual(set(get_group_perms(self.group1, self.obj1)), set(['delete_contenttype']))
     self.assertEqual(set(get_group_perms(self.group2, self.obj1)), set([]))
     self.assertEqual(set(get_group_perms(admin, self.obj1)), set([]))
     self.assertEqual(set(get_perms(admin, self.obj1)), set(['add_contenttype', 'change_contenttype', 'delete_contenttype']))
     self.assertEqual(set(get_perms(self.user1, self.obj1)), set(['change_contenttype', 'delete_contenttype']))
     self.assertEqual(set(get_perms(self.user2, self.obj1)), set(['delete_contenttype']))
     self.assertEqual(set(get_perms(self.group1, self.obj1)), set(['delete_contenttype']))
     self.assertEqual(set(get_perms(self.group2, self.obj1)), set([]))
Beispiel #7
0
    def form_valid(self, form):
        """
        Comprobar validez del formulario

        :param form: formulario recibido
        :return: URL de redireccion correcta
        """
        super(EditRol, self).form_valid(form)
        # eliminamos permisos anteriores
        self.object.permissions.clear()
        escogidas = get_selected_perms(self.request.POST)
        for permname in escogidas:
            perm = Permission.objects.get(codename=permname)
            self.object.permissions.add(perm)
        # actualizamos los permisos de los miembros de equipos que tienen este rol
        team_members_set = self.object.miembroequipo_set.all()
        for team_member in team_members_set:
            user = team_member.usuario
            project = team_member.proyecto
            # borramos todos los permisos que tiene asociado el usuario en el proyecto
            for perm in get_perms(user, project):
                if perm!='view_project': #cuidamos de no eliminar permiso de ver proyecto
                    remove_perm(perm, user, project)
            #borramos todos los permisos que tiene asociado el usuario a los User Stories del proyecto
            for us in UserStory.objects.filter(desarrollador=user, proyecto=project):
                for perm in get_perms(user, us):
                    remove_perm(perm, user, us)

            all_roles = team_member.roles.all()
            for role in all_roles:
                team_member.roles.remove(role)  #desacociamos al usuario de los demas roles con los que contaba (para que se eliminen los permisos anteriores)
                team_member.roles.add(role)  #volvemos a agregar para que se copien los permisos actualizados
        return HttpResponseRedirect(self.get_success_url())
Beispiel #8
0
    def cmd_copyperms(self, network_old, network_new):
        perm_obj = NetworkPermissions.objects.get(network=network_old)
        if not NetworkPermissions.objects.filter(network = network_new).exists():
            obj.network = network_new
            obj.pk = None
            obj.save()
        else:
            obj = NetworkPermissions.objects.get(network = network_new)

        net_obj = NetworkPermissions.objects.get(network = network_old)
        for user in User.objects.all():
            perms = get_perms(user, net_obj)
            for perm in perms:
                assign_perm(perm, user, obj)
                

        perm_objs = RoomPermissions.objects.filter(network=network_old)
        for obj in perm_objs:
            room = obj.room
            if not RoomPermissions.objects.filter(network = network_new, room=room).exists():
                obj.network = network_new
                obj.pk = None
                obj.save()
            else:
                obj = RoomPermissions.objects.get(network = network_new, room=room)                

            net_obj = RoomPermissions.objects.get(network = network_old, room=room)
            for user in User.objects.all():
                perms = get_perms(user, net_obj)
                for perm in perms:
                    assign_perm(perm, user, obj)
        self.stdout.write("Successfully copied permissions to new network")
    def test_view_manage_group(self):
        self._login_superuser()
        url = reverse("admin:%s_%s_permissions_manage_group" % self.obj_info, args=[self.obj.pk, self.group.id])
        response = self.client.get(url)
        self.assertEqual(response.status_code, 200)

        choices = set([c[0] for c in response.context["form"].fields["permissions"].choices])
        self.assertEqual(set([p.codename for p in get_perms_for_model(self.obj)]), choices)

        # Add some perms and check if changes were persisted
        perms = ["change_%s" % self.obj_info[1], "delete_%s" % self.obj_info[1]]
        data = {"permissions": perms}
        response = self.client.post(url, data, follow=True)
        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)

        self.assertEqual(set(get_perms(self.group, self.obj)), set(perms))

        # Remove perm and check if change was persisted
        perms = ["delete_%s" % self.obj_info[1]]
        data = {"permissions": perms}
        response = self.client.post(url, data, follow=True)
        self.assertEqual(len(response.redirect_chain), 1)
        self.assertEqual(response.redirect_chain[0][1], 302)

        self.assertEqual(set(get_perms(self.group, self.obj)), set(perms))
Beispiel #10
0
    def get(self, request, uuid, format=None):

        params = request.query_params
        data_set_uuid = params.get('data_set_uuid', None)
        # requires data_set_uuid to check perms
        if data_set_uuid:
            data_set = get_object_or_404(DataSet, uuid=data_set_uuid)
            public_group = ExtendedGroup.objects.public_group()

            if request.user.has_perm('core.read_dataset', data_set) or \
                    'read_dataset' in get_perms(public_group, data_set):
                solr_params = generate_solr_params_for_assay(params, uuid)
            elif request.user.has_perm('core.read_meta_dataset', data_set) or \
                    'read_meta_dataset' in get_perms(public_group, data_set):
                solr_params = generate_solr_params_for_assay(
                    params,
                    uuid,
                    ['REFINERY_DOWNLOAD_URL', 'REFINERY_NAME']
                )
            else:
                message = 'User does not have read permissions.'
                return Response(message, status=status.HTTP_401_UNAUTHORIZED)

            solr_response = search_solr(solr_params, 'data_set_manager')
            solr_response_json = format_solr_response(solr_response)

            return Response(solr_response_json)
        else:
            return Response(
                'Requires data set uuid.',
                status=status.HTTP_400_BAD_REQUEST
            )
Beispiel #11
0
def repo_viz( request, username, repo_name ):
    '''
        View repo <repo_name> under user <username>.

        Does the checks necessary to determine whether the current user has the
        authority to view the current repository.
    '''

    # Grab the user/organization based on the username
    account = user_or_organization( username )
    if account is None:
        return HttpResponse( status=404 )

    # Grab the repository
    repo = Repository.objects.get_by_username( repo_name, username )
    if repo is None:
        return HttpResponse( status=404 )

    # Grab all the permissions!
    permissions = []
    if request.user.is_authenticated():
        permissions = get_perms( request.user, repo )
        for org in request.user.organization_users.all():
            permissions.extend( get_perms( org, repo ) )

    # Check to see if the user has access to view this survey
    if not repo.is_public and 'view_repository' not in permissions:
        return HttpResponse( 'Unauthorized', status=401 )

    # Grab the data for this repository
    data = db.data.find( { 'repo': ObjectId( repo.mongo_id ) },
                         { 'survey_label': False,
                           'user': False } )\
                  .sort( [ ('timestamp', pymongo.DESCENDING ) ] )

    data = dehydrate_survey( data )

    # Is some unknown user looking at this data?
    # TODO: Make the privatizer take into account
    # geospatial location
    # if 'view_raw' not in permissions:
    #     data = privatize_geo( repo, data )

    usePerms = get_users_with_perms( repo, attach_perms=True )
    usePerms.pop( account, None )

    if isinstance( account, User ):
        account_name = account.username
    else:
        account_name = account.name

    return render_to_response( 'visualize.html',
                               { 'repo': repo,
                                 'sid': repo.mongo_id,
                                 'data': json.dumps( data ),
                                 'permissions': permissions,
                                 'account': account,
                                 'account_name': account_name,
                                 'users_perms': usePerms },
                               context_instance=RequestContext(request) )
Beispiel #12
0
def has_all_permissions(user_or_group, obj, permissions):
    all_perms = get_perms(user_or_group, obj)
    for inherit in get_inherited_objects(obj):
        all_perms += get_perms(user_or_group, inherit)
    for perm in permissions:
        if perm not in all_perms:
            return False
    return True
def data_set(request, data_set_uuid, analysis_uuid=None):
    data_set = get_object_or_404(DataSet, uuid=data_set_uuid)
    public_group = ExtendedGroup.objects.public_group()

    if not request.user.has_perm('core.read_dataset', data_set):
        if not 'read_dataset' in get_perms(public_group, data_set):
            if request.user.is_authenticated():
                return HttpResponseForbidden(custom_error_page(request, '403.html', {user: request.user, 'msg': "view this data set"}))
            else:
                return HttpResponse(custom_error_page(request, '401.html', {'msg': "view this data set"}), status='401')

    #get studies
    investigation = data_set.get_investigation()
    studies = investigation.study_set.all()
    
    # If repository mode, only return workflows tagged for the repository
    if (settings.REFINERY_REPOSITORY_MODE):
        workflows = Workflow.objects.filter(show_in_repository_mode=True)
    else:
        workflows = Workflow.objects.all()
    
    study_uuid = studies[0].uuid
    study_id = studies[0].id # used for solr field postfixes: FIELDNAME_STUDYID_ASSAY_ID_FIELDTYPE
    assay_uuid = studies[0].assay_set.all()[0].uuid
    assay_id = studies[0].assay_set.all()[0].id # used for solr field postfixes: FIELDNAME_STUDYID_ASSAY_ID_FIELDTYPE
    
    # TODO: catch errors
    isatab_archive = None
    pre_isatab_archive = None
    
    try:
        if investigation.isarchive_file is not None:
            isatab_archive = FileStoreItem.objects.get(uuid=investigation.isarchive_file)
    except:
        pass

    try:
        if investigation.pre_isarchive_file is not None:
            pre_isatab_archive = FileStoreItem.objects.get(uuid=investigation.pre_isarchive_file)
    except:
        pass

    return render_to_response('core/data_set.html', 
                              {
                                "data_set": data_set,
                                "analysis_uuid": analysis_uuid,
                                "studies": studies,
                                "study_uuid": study_uuid,
                                "study_id": study_id,
                                "assay_uuid": assay_uuid,
                                "assay_id": assay_id,
                                "has_change_dataset_permission": 'change_dataset' in get_perms(request.user, data_set),
                                "workflows": workflows,
                                "isatab_archive": isatab_archive,
                                "pre_isatab_archive": pre_isatab_archive,                             
                              },
                              context_instance=RequestContext(request))
Beispiel #14
0
 def get_form_class(self):
     """
     Retorna el tipo de formulario que se mostrará en el template. En caso de que
     el usuario cuente con el permiso de editar userstory se le permitirá cambiar la actividad
     del User Story.
     """
     actual_fields = ['estado_actividad']
     if 'editar_userstory' in get_perms(self.request.user, self.get_object().proyecto) or \
                     'editar_mi_userstory' in get_perms(self.request.user, self.get_object()):
         actual_fields.insert(1, 'actividad')
     return modelform_factory(UserStory, form=RegistrarActividadForm, fields=actual_fields)
Beispiel #15
0
    def check_permissions(self):
        """
        Checks that all permissions are set correctly for the users.

        :return: A set of users whose permissions was wrong.

        """
        # Variable to supply some feedback
        changed_permissions = []
        changed_users = []
        warnings = []

        # Check that all the permissions are available.
        for model, perms in ASSIGNED_PERMISSIONS.items():
            if model == 'profile':
                model_obj = get_profile_model()
            else:
                model_obj = get_user_model()

            model_content_type = ContentType.objects.get_for_model(model_obj)

            for perm in perms:
                try:
                    Permission.objects.get(codename=perm[0],
                                           content_type=model_content_type)
                except Permission.DoesNotExist:
                    changed_permissions.append(perm[1])
                    Permission.objects.create(name=perm[1],
                                              codename=perm[0],
                                              content_type=model_content_type)

        # it is safe to rely on settings.ANONYMOUS_USER_ID since it is a
        # requirement of django-guardian
        for user in get_user_model().objects.exclude(id=settings.ANONYMOUS_USER_ID):
            try:
                user_profile = get_user_profile(user=user)
            except ObjectDoesNotExist:
                warnings.append(_("No profile found for %(username)s") \
                                % {'username': user.username})
            else:
                all_permissions = get_perms(user, user_profile) + get_perms(user, user)

                for model, perms in ASSIGNED_PERMISSIONS.items():
                    if model == 'profile':
                        perm_object = get_user_profile(user=user)
                    else:
                        perm_object = user

                    for perm in perms:
                        if perm[0] not in all_permissions:
                            assign_perm(perm[0], user, perm_object)
                            changed_users.append(user)

        return (changed_permissions, changed_users, warnings)
Beispiel #16
0
    def test_team_members_meta_perms_restrictions(self):
        self._team_create()
        self._publish_xls_form_to_project()
        user_alice = self._create_user('alice', 'alice')

        members_team = Team.objects.get(
            name='%s#%s' % (self.organization.user.username, 'members'))

        # add alice to members team
        add_user_to_team(members_team, user_alice)

        # confirm that the team and members have no permissions on form
        self.assertFalse(get_perms(members_team, self.xform))
        self.assertFalse(get_perms(user_alice, self.xform))

        # share project to team
        view = TeamViewSet.as_view({
            'get': 'list',
            'post': 'share'})

        post_data = {
            'role': EditorRole.name,
            'project': self.project.pk,
            'remove': False
        }
        request = self.factory.post('/', data=post_data, **self.extra)
        response = view(request, pk=members_team.pk)
        self.assertEqual(response.status_code, 204)

        # team members should have editor permissions now
        alice_perms = get_perms(user_alice, self.xform)
        alice_role = get_role(alice_perms, self.xform)
        self.assertEqual(EditorRole.name, alice_role)
        self.assertTrue(EditorRole.user_has_role(user_alice, self.xform))

        # change meta permissions
        meta_view = MetaDataViewSet.as_view({
            'post': 'create',
            'put': 'update'
        })

        data = {
            'data_type': XFORM_META_PERMS,
            'data_value': 'editor-minor|dataentry',
            'xform': self.xform.pk
        }

        request = self.factory.post('/', data, **self.extra)
        response = meta_view(request)
        self.assertEqual(response.status_code, 201)

        # members should now have EditorMinor role
        self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
Beispiel #17
0
    def _check_assigned_permissions(self, user, user_profile, changed_users,
                                    warnings):
        all_permissions = get_perms(
            user, user_profile) + get_perms(user, user)

        for model, perms in ASSIGNED_PERMISSIONS.items():
            perm_object = self._get_perm_object(model, user)

            for perm in perms:
                if perm[0] not in all_permissions:
                    assign_perm(perm[0], user, perm_object)
                    changed_users.append(user)
        return changed_users, warnings
Beispiel #18
0
 def test_clear_permissions(self):
     """
     Test for roles_clear_repo_permissions
     """
     self.assertListEqual(
         sorted(get_perms(self.user, self.repo)),
         sorted(RepoPermission.administrator_permissions())
     )
     api.roles_clear_repo_permissions(self.repo)
     self.assertListEqual(
         get_perms(self.user, self.repo),
         []
     )
Beispiel #19
0
 def dispatch(self, request, *args, **kwargs):
     """
     Comprobación de permisos hecha antes de la llamada al dispatch que inicia el proceso de respuesta al request de la url
     :param request: request hecho por el cliente
     :param args: argumentos adicionales posicionales
     :param kwargs: argumentos adicionales en forma de diccionario
     :return: PermissionDenied si el usuario no cuenta con permisos
     """
     if 'editar_userstory' in get_perms(request.user, self.get_object().proyecto):
         return super(UpdateUserStory, self).dispatch(request, *args, **kwargs)
     elif 'editar_mi_userstory' in get_perms(self.request.user, self.get_object()):
         return super(UpdateUserStory, self).dispatch(request, *args, **kwargs)
     else:
         raise PermissionDenied()
    def check_permissions(self):
        """
        Checks that all permissions are set correctly for the users.

        :return: A set of users whose permissions was wrong.

        """
        # Variable to supply some feedback
        changed_permissions = []
        changed_users = []
        warnings = []

        # Check that all the permissions are available.
        for model, perms in ASSIGNED_PERMISSIONS.items():
            if model == 'profile':
                model_obj = get_profile_model()
            else: model_obj = User
            model_content_type = ContentType.objects.get_for_model(model_obj)
            for perm in perms:
                try:
                    Permission.objects.get(codename=perm[0],
                                           content_type=model_content_type)
                except Permission.DoesNotExist:
                    changed_permissions.append(perm[1])
                    Permission.objects.create(name=perm[1],
                                              codename=perm[0],
                                              content_type=model_content_type)

        for user in User.objects.all():
            if not user.username == 'AnonymousUser':
                try:
                    user_profile = user.get_profile()
                except get_profile_model().DoesNotExist:
                    warnings.append(_("No profile found for %(username)s") \
                                        % {'username': user.username})
                else:
                    all_permissions = get_perms(user, user_profile) + get_perms(user, user)

                    for model, perms in ASSIGNED_PERMISSIONS.items():
                        if model == 'profile':
                            perm_object = user.get_profile()
                        else: perm_object = user

                        for perm in perms:
                            if perm[0] not in all_permissions:
                                assign(perm[0], user, perm_object)
                                changed_users.append(user)

        return (changed_permissions, changed_users, warnings)
Beispiel #21
0
    def obj_perms_manage_group_view(self, request, object_pk, group_id):
        """
        Manages selected groups' permissions for current object.
        """
        group = get_object_or_404(Group, id=group_id)
        obj = get_object_or_404(self.queryset(request), pk=object_pk)
        form_class = self.get_obj_perms_manage_group_form()
        form = form_class(group, obj, request.POST or None)

        if request.method == 'POST' and form.is_valid():
            form.save_obj_perms()
            msg = ugettext("Permissions saved.")
            messages.success(request, msg)
            info = (
                self.admin_site.name,
                self.model._meta.app_label,
                self.model._meta.module_name
            )
            url = reverse(
                '%s:%s_%s_permissions_manage_group' % info,
                args=[obj.pk, group.id]
            )
            return redirect(url)

        context = self.get_obj_perms_base_context(request, obj)
        context['group_obj'] = group
        context['group_perms'] = get_perms(group, obj)
        context['form'] = form

        return render_to_response(self.get_obj_perms_manage_group_template(),
            context, RequestContext(request, current_app=self.admin_site.name))
Beispiel #22
0
    def destroy(self, request, pk):
        """
        Delete a CheckListItem
        """
        if not request.user.is_authenticated():
            return Response(
                    data={
                        'detail': 'Authentication required',
                        },
                    status=403,
                    )
        check_list_item = CheckListItem.objects.get(id=pk)

        perms = get_perms(
                user_or_group=request.user,
                obj=check_list_item.check_list,
                )

        if 'change_checklist' not in perms:
            return Response(
                    data={
                        'detail': 'Permission denied',
                        },
                    status=403,
                    )

        check_list_item.delete()

        return Response(
                status=204,
                )
Beispiel #23
0
    def retrieve(self, request, pk=None):
        if not request.user.is_authenticated():
            return Response(
                    data={
                        'detail': 'Authentication required',
                        },
                    status=403,
                    )
        budget_category = BudgetCategory.objects.get(id=pk)

        perms = get_perms(
                user_or_group=request.user,
                obj=budget_category.budget,
                )

        if 'view_budget' not in perms:
            return Response(
                    data={
                        'detail': 'Permission denied',
                        },
                    status=403,
                    )

        serializer = self.serializer_class(budget_category)

        return Response(
                data=serializer.data,
                status=200,
                )
Beispiel #24
0
    def retrieve(self, request, pk=None):
        if not request.user.is_authenticated():
            return Response(
                    data={
                        'detail': 'Authentication required',
                        },
                    status=403,
                    )
        check_list_item = CheckListItem.objects.get(id=pk)

        perms = get_perms(
                user_or_group=request.user,
                obj=check_list_item.check_list,
                )

        if 'view_checklist' not in perms:
            return Response(
                    data={
                        'detail': 'Permission denied',
                        },
                    status=403,
                    )

        serializer = self.serializer_class(check_list_item)

        return Response(
                data=serializer.data,
                status=200,
                )
Beispiel #25
0
    def obj_perms_manage_user_view(self, request, object_pk, user_id):
        """
        Manages selected users' permissions for current object.
        """
        user = get_object_or_404(get_user_model(), pk=user_id)
        obj = get_object_or_404(self.queryset(request), pk=object_pk)
        form_class = self.get_obj_perms_manage_user_form()
        form = form_class(user, obj, request.POST or None)

        if request.method == 'POST' and form.is_valid():
            form.save_obj_perms()
            msg = ugettext("Permissions saved.")
            messages.success(request, msg)
            info = (
                self.admin_site.name,
                self.model._meta.app_label,
                get_model_name(self.model)
            )
            url = reverse(
                '%s:%s_%s_permissions_manage_user' % info,
                args=[obj.pk, user.pk]
            )
            return redirect(url)

        context = self.get_obj_perms_base_context(request, obj)
        context['user_obj'] = user
        context['user_perms'] = get_perms(user, obj)
        context['form'] = form

        return render_to_response(self.get_obj_perms_manage_user_template(),
            context, RequestContext(request, current_app=self.admin_site.name))
Beispiel #26
0
def reports_index_view(request, graph_slug):
    graph = get_object_or_404(Graph, slug=graph_slug)
    # We get the modal variable
    as_modal = bool(request.GET.get("asModal", False))
    user = request.user
    if as_modal:
        render = render_to_string
    else:
        render = render_to_response
    perms = get_perms(user, graph)
    broader_context = {
        "graph": graph,
        "view_reports": 'view_graph_reports' in perms,
        "add_reports": 'add_graph_reports' in perms,
        "edit_reports": 'change_graph_reports' in perms,
        "delete_reports": 'delete_graph_reports' in perms,
        "as_modal": as_modal}
    response = render('reports_base.html',
                      context_instance=RequestContext(request,
                                                      broader_context))
    if as_modal:
        response = {'type': 'html',
                    'action': 'reports_main',
                    'html': response}
        return HttpResponse(json.dumps(response), status=200,
                            content_type='application/json')
    else:
        return response
Beispiel #27
0
def get_role_in_org(user, organization):
    perms = get_perms(user, organization)

    if "is_org_owner" in perms:
        return OwnerRole.name
    else:
        return get_role(perms, organization) or MemberRole.name
Beispiel #28
0
def map_detail(request, mapid, snapshot=None, template='maps/map_detail.html'):
    '''
    The view that show details of each map
    '''

    map_obj = _resolve_map(request, mapid, 'base.view_resourcebase', _PERMISSION_MSG_VIEW)

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    if request.user != map_obj.owner and not request.user.is_superuser:
        Map.objects.filter(id=map_obj.id).update(popular_count=F('popular_count') + 1)

    if snapshot is None:
        config = map_obj.viewer_json(request.user)
    else:
        config = snapshot_config(snapshot, map_obj, request.user)

    config = json.dumps(config)
    layers = MapLayer.objects.filter(map=map_obj.id)

    context_dict = {
        'config': config,
        'resource': map_obj,
        'layers': layers,
        'perms_list': get_perms(request.user, map_obj.get_self_resource()),
        'permissions_json': _perms_info_json(map_obj),
        "documents": get_related_documents(map_obj),
    }

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(request, map_obj)

    return render_to_response(template, RequestContext(request, context_dict))
Beispiel #29
0
def edit(request, machine_id):
    hosts = get_all_host(request)
    images = get_all_image(request)
    form = None
    try:
        machine = Machine.objects.get(id=machine_id)
    except Machine.DoesNotExist:
        raise Http404
    if 'control_machine' not in get_perms(request.user, machine):
        raise Http404
    if request.method == 'POST':
        print request.POST
        form = MachineEditForm(request.POST)
        if form.is_valid():
            data = form.cleaned_data
            machine.name=data['name']
            machine.arch=data['arch']
            machine.vmem=data['vmem']
            machine.virtio=data['virtio']
            machine.vcpu=data['vcpu']
            machine.image=data['image']
            machine.host=data['host']
            machine.description=data['description']
            machine.save()
            messages.success(request, "Machine successful updated!")
            return HttpResponseRedirect(reverse('machines_edit', args=[machine.id]))
    return render(request, 'machine/machine_id.html', {
                        'current_url': ['machines'],
                        'machine': machine,
                        'form': form,
                        'hosts': hosts,
                        'images': images,
                        'title': 'Edit Machine'
                        })
Beispiel #30
0
    def save(self, commit=True):
        """
        Saves granted permissions and removes those switched off.
        """
        member, project = self.membership.member, self.membership.project

        granted_perms = self.cleaned_data['permissions']
        logging.info("Granted perms: %s" % granted_perms)
        member_perms = get_perms(member, project)
        # Grant permissions
        for perm in granted_perms:
            if perm not in member_perms:
                assign(perm, member, project)
                self._message('info', _("Permission added: %s" % perm))
        # Remove permissions
        for perm in member_perms:
            if perm not in granted_perms:
                remove_perm(perm, member, project)
                # notify user if perm is still granted by member's groups
                groups_with_perm = member.groups.filter(
                    groupobjectpermission__permission__codename=perm)
                if groups_with_perm:
                    messages.warning(self.request, _("Permission %(perm)s is "
                        "still granted for %(user)s as following group(s) "
                        "has/have it: %(groups)s" % {
                            'perm': perm,
                            'user': member,
                            'groups': ', '.join(
                                (str(group) for group in groups_with_perm)
                            )
                        }))
                self._message('warning', _("Permission removed: %s" % perm))
Beispiel #31
0
 def get_permissions(self, obj):
     return list(
         map(lambda p: p.replace("_project", ""),
             get_perms(self.context['request'].user, obj)))
Beispiel #32
0
def appinstance_detail(request, appinstanceid):
    """
    The view that show details of each document
    """
    appinstance = None
    try:
        appinstance = resolve_appinstance(request, appinstanceid,
                                          'base.view_resourcebase',
                                          PERMISSION_MSG_VIEW)

    except Http404:
        return HttpResponse(loader.render_to_string(
            '404.html', RequestContext(request, {})),
                            status=404)

    except PermissionDenied:
        return HttpResponse(loader.render_to_string(
            '401.html',
            RequestContext(request, {
                'error_message':
                _("You are not allowed to view this document.")
            })),
                            status=403)

    if appinstance is None:
        return HttpResponse('An unknown error has occured.',
                            mimetype="text/plain",
                            status=401)

    else:
        if request.user != appinstance.owner and not request.user.is_superuser:
            AppInstance.objects.filter(id=appinstance.id).update(
                popular_count=F('popular_count') + 1)
        set_thumbnail_link = appinstance.link_set.filter(
            link_type='appinstance_thumbnail')
        context_dict = {
            'perms_list': get_perms(request.user,
                                    appinstance.get_self_resource()),
            'permissions_json': _perms_info_json(appinstance),
            'resource': appinstance,
            # 'appinstance_links': appinstance_links,
            'set_thumbnail_link': set_thumbnail_link
            # 'imgtypes': IMGTYPES,
            # 'related': related
        }

        if settings.SOCIAL_ORIGINS:
            context_dict["social_links"] = build_social_links(
                request, appinstance)

        if getattr(settings, 'EXIF_ENABLED', False):
            try:
                from geonode.contrib.exif.utils import exif_extract_dict
                exif = exif_extract_dict(appinstance)
                if exif:
                    context_dict['exif_data'] = exif
            except BaseException as e:
                logger.error(e.message + "Exif extraction failed.")

        return render_to_response("app_manager/appinstance_detail.html",
                                  RequestContext(request, context_dict))
Beispiel #33
0
 def get_permissions(self, obj):
     auth = get_user_auth(self.context['request'])
     if not auth.user:
         return []
     return get_perms(auth.user, obj)
Beispiel #34
0
def test_municipality_moderator_gets_edit_perm(hobby, user):
    assert 'change_hobby' not in get_perms(user, hobby)
    hobby.municipality.moderators.add(user)
    assert 'change_hobby' in get_perms(user, hobby)
    hobby.municipality.moderators.remove(user)
    assert 'change_hobby' not in get_perms(user, hobby)
    def post(self, request, file_id):
        """ Update file content"""

        try:
            the_file = get_object_or_404(File, pk=int(file_id))
        except ValueError:
            return HttpResponseForbidden('Not a valid File ID')

        # Figure out perms
        can_edit = False
        can_read = False
        edit_perms = set(['can_edit_content', 'can_edit_child_content'])

        perm_set = set(get_perms(request.user, the_file))
        p = the_file.parent
        while p is not None:
            perm_set.update(get_perms(request.user, p))
            p = p.parent

        if perm_set:
            can_read = True

        if perm_set.intersection(edit_perms):
            can_edit = True

        if not (can_read or can_edit):
            return HttpResponseForbidden('Not permitted to access this file.')

        if can_edit:

            doc_body = request.POST.get('editor')
            # removing highlight
            doc_body = lowlight_properties(
                doc_body, the_file.package.properties.all())

            # The editor will only return the page  body so we have keep the
            # current head
            old_content = the_file.content.split('<body')
            new_content = ''.join([
                old_content[0],
                '<body>',
                doc_body,
                '</body></html>'
            ])

            the_file.content = new_content
            the_file.save()

            reversion.set_comment('Edited file content directly.')

        tree = user_permitted_tree(request.user)
        for key, value in tree.items():
            if key.id == the_file.package.id:
                package_tree = value
                break

        context = genreal_context(self.request)
        context['file'] = the_file
        context['package'] = the_file.package
        context['package_tree'] = package_tree
        context['can_read'] = can_read
        context['can_edit'] = can_edit
        context['perm_set'] = perm_set
        context['raw_url'] = reverse('rawfile', kwargs={'file_id': file_id})

        if the_file.file_type == 'Document':
            template = "file_document.html"
        elif the_file.file_type == 'Sheet':
            template = "file_sheet.html"
        else:
            template = "file_other.html"

        return render(
            request,
            template,
            context)
Beispiel #36
0
def layer_detail(request, layername, template='layers/layer_detail.html'):
    layer = _resolve_layer(request, layername, 'base.view_resourcebase',
                           _PERMISSION_MSG_VIEW)

    # assert False, str(layer_bbox)
    config = layer.attribute_config()

    # Add required parameters for GXP lazy-loading
    layer_bbox = layer.bbox
    bbox = [float(coord) for coord in list(layer_bbox[0:4])]
    config["srs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')
    config["bbox"] = bbox if config["srs"] != 'EPSG:900913' \
        else llbbox_to_mercator([float(coord) for coord in bbox])
    config["title"] = layer.title
    config["queryable"] = True

    if layer.storeType == "remoteStore":
        service = layer.service
        source_params = {
            "ptype": service.ptype,
            "remote": True,
            "url": service.base_url,
            "name": service.name
        }
        maplayer = GXPLayer(name=layer.typename,
                            ows_url=layer.ows_url,
                            layer_params=json.dumps(config),
                            source_params=json.dumps(source_params))
    else:
        maplayer = GXPLayer(name=layer.typename,
                            ows_url=layer.ows_url,
                            layer_params=json.dumps(config))

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    if request.user != layer.owner and not request.user.is_superuser:
        Layer.objects.filter(id=layer.id).update(
            popular_count=F('popular_count') + 1)

    # center/zoom don't matter; the viewer will center on the layer bounds
    map_obj = GXPMap(
        projection=getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913'))

    NON_WMS_BASE_LAYERS = [
        la for la in default_map_config()[1] if la.ows_url is None
    ]

    metadata = layer.link_set.metadata().filter(
        name__in=settings.DOWNLOAD_FORMATS_METADATA)

    granules = None
    all_granules = None
    filter = None
    if layer.is_mosaic:
        try:
            cat = gs_catalog
            cat._cache.clear()
            store = cat.get_store(layer.name)
            coverages = cat.mosaic_coverages(store)

            filter = None
            try:
                if request.GET["filter"]:
                    filter = request.GET["filter"]
            except:
                pass

            offset = 10 * (request.page - 1)
            granules = cat.mosaic_granules(
                coverages['coverages']['coverage'][0]['name'],
                store,
                limit=10,
                offset=offset,
                filter=filter)
            all_granules = cat.mosaic_granules(
                coverages['coverages']['coverage'][0]['name'],
                store,
                filter=filter)
        except:
            granules = {"features": []}
            all_granules = {"features": []}

    context_dict = {
        "resource": layer,
        'perms_list': get_perms(request.user, layer.get_self_resource()),
        "permissions_json": _perms_info_json(layer),
        "documents": get_related_documents(layer),
        "metadata": metadata,
        "is_layer": True,
        "wps_enabled": settings.OGC_SERVER['default']['WPS_ENABLED'],
        "granules": granules,
        "all_granules": all_granules,
        "filter": filter,
    }

    context_dict["viewer"] = json.dumps(
        map_obj.viewer_json(request.user, *(NON_WMS_BASE_LAYERS + [maplayer])))
    context_dict["preview"] = getattr(settings, 'LAYER_PREVIEW_LIBRARY',
                                      'leaflet')
    context_dict["crs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')

    if request.user.has_perm('download_resourcebase',
                             layer.get_self_resource()):
        if layer.storeType == 'dataStore':
            links = layer.link_set.download().filter(
                name__in=settings.DOWNLOAD_FORMATS_VECTOR)
        else:
            links = layer.link_set.download().filter(
                name__in=settings.DOWNLOAD_FORMATS_RASTER)
        context_dict["links"] = links

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(request, layer)

    return render_to_response(template, RequestContext(request, context_dict))
Beispiel #37
0
def update_gloss(request, glossid):
    """View to update a gloss model from the jeditable jquery form
    We are sent one field and value at a time, return the new value once we've updated it."""

    # Get the gloss object or raise a Http404 exception if the object does not exist.
    gloss = get_object_or_404(Gloss, id=glossid)

    # Make sure that the user has rights to edit this datasets glosses.
    if 'view_dataset' not in get_perms(request.user, gloss.dataset):
        return HttpResponseForbidden(
            _("You do not have permissions to edit Glosses of this dataset/lexicon."
              ))

    if request.method == "POST":
        # Update the user on Gloss.updated_by from request.user
        gloss.updated_by = request.user
        old_idgloss = str(gloss)

        field = request.POST.get('id', '')
        value = request.POST.get('value', '')

        if len(value) == 0:
            value = ' '

        elif value[0] == '_':
            value = value[1:]

        # in case we need multiple values
        values = request.POST.getlist('value[]')

        if field.startswith('keywords_'):
            language_code_2char = field.split('_')[1]
            return update_keywords(gloss,
                                   field,
                                   value,
                                   language_code_2char=language_code_2char)

        elif field.startswith('relationforeign'):
            return update_relationtoforeignsign(gloss, field, value)

        # Had to add field != 'relation_between_articulators' because I changed its field name, and it conflicted here.
        elif field.startswith(
                'relation') and field != 'relation_between_articulators':
            return update_relation(gloss, field, value)

        elif field.startswith('morphology-definition'):
            return update_morphology_definition(gloss, field, value)

        elif field == 'dialect':
            # expecting possibly multiple values
            try:
                gloss.dialect.clear()
                for value in values:
                    lang = Dialect.objects.get(name=value)
                    gloss.dialect.add(lang)
                gloss.save()
                newvalue = ", ".join(
                    [str(g.name) for g in gloss.dialect.all()])
            except:
                # Translators: HttpResponseBadRequest
                return HttpResponseBadRequest("%s %s" % _("Unknown Dialect"),
                                              values,
                                              content_type='text/plain')

        elif field.startswith('video_title'):
            # If editing video title, update the GlossVideo's title
            if request.user.has_perm('video.change_glossvideo'):
                # Get pk after string "video_title"
                video_pk = field.split('video_title')[1]
                newvalue = value
                try:
                    video = GlossVideo.objects.get(pk=video_pk)
                    video.title = value
                    video.save()
                except GlossVideo.DoesNotExist:
                    return HttpResponseBadRequest('{error} {values}'.format(
                        error=_('GlossVideo does not exist'), values=values),
                                                  content_type='text/plain')
            else:
                return HttpResponseForbidden(
                    'Missing permission: video.change_glossvideo')

        elif field.startswith('glossurl-'):
            if field == 'glossurl-create':
                GlossURL.objects.create(url=value, gloss_id=glossid)
                return HttpResponseRedirect(
                    reverse('dictionary:admin_gloss_view',
                            kwargs={'pk': gloss.id}))
            else:
                if request.user.has_perm('dictionary.change_gloss'):
                    glossurl_pk = field.split('glossurl-')[1]
                    newvalue = value
                    try:
                        glossurl = GlossURL.objects.get(pk=glossurl_pk)
                        glossurl.url = value
                        glossurl.save()
                    except GlossURL.DoesNotExist:
                        pass

        else:
            # Find if field is not in Gloss classes fields.
            if field not in [f.name for f in Gloss._meta.get_fields()]:
                # Translators: HttpResponseBadRequest
                return HttpResponseBadRequest(_("Unknown field"),
                                              content_type='text/plain')

            # Translate the value if a boolean
            if isinstance(Gloss._meta.get_field(field), NullBooleanField):
                newvalue = value
                value = (value == 'Yes')

            if value != ' ' or value != '':
                # See if the field is a ForeignKey
                if gloss._meta.get_field(
                        field).get_internal_type() == "ForeignKey":
                    gloss.__setattr__(
                        field, FieldChoice.objects.get(machine_value=value))
                else:
                    gloss.__setattr__(field, value)
                gloss.save()

                # If the value is not a Boolean, return the new value
                if not isinstance(value, bool):
                    f = Gloss._meta.get_field(field)
                    # for choice fields we want to return the 'display' version of the value
                    # Try to use get_choices to get correct choice names for FieldChoices
                    # If it doesn't work, go to exception and get flatchoices
                    try:
                        # valdict = dict(f.get_choices(include_blank=False))
                        valdict = dict(build_choice_list(field))
                    except:
                        valdict = dict(f.flatchoices)

                    # Some fields take ints
                    # if valdict.keys() != [] and type(valdict.keys()[0]) == int:
                    try:
                        newvalue = valdict.get(int(value), value)
                    # else:
                    except:
                        # either it's not an int or there's no flatchoices
                        # so here we use get with a default of the value itself
                        newvalue = valdict.get(value, value)

            # If field is idgloss and if the value has changed
            # Then change the filename on system and in glossvideo.videofile
            if field == 'idgloss' and newvalue != old_idgloss:
                try:
                    GlossVideo.rename_glosses_videos(gloss)
                except (OSError, IOError):
                    # Catch error, but don't do anything for now.
                    return HttpResponseServerError(
                        _("Error: Unable to change videofiles names."))

        return HttpResponse(newvalue, content_type='text/plain')

    else:
        return HttpResponseNotAllowed(['POST'])
Beispiel #38
0
 def _remove_obj_permissions(cls, user, obj):
     for perm in get_perms(user, obj):
         remove_perm(perm, user, obj)
def test_image_permission_with_public_job():
    g_reg_anon = Group.objects.get(
        name=settings.REGISTERED_AND_ANON_USERS_GROUP_NAME)
    g_reg = Group.objects.get(name=settings.REGISTERED_USERS_GROUP_NAME)

    job = AlgorithmJobFactory()

    output_image = ImageFactory()
    civ = ComponentInterfaceValueFactory(image=output_image)
    job.outputs.add(civ)

    assert "view_image" not in get_perms(g_reg, output_image)
    assert "view_image" not in get_perms(g_reg_anon, output_image)
    assert "view_image" not in get_perms(g_reg, job.inputs.first().image)
    assert "view_image" not in get_perms(g_reg_anon, job.inputs.first().image)

    job.public = True
    job.save()

    assert "view_image" not in get_perms(g_reg, output_image)
    assert "view_image" in get_perms(g_reg_anon, output_image)
    assert "view_image" not in get_perms(g_reg, job.inputs.first().image)
    assert "view_image" in get_perms(g_reg_anon, job.inputs.first().image)

    job.public = False
    job.save()

    assert "view_image" not in get_perms(g_reg, output_image)
    assert "view_image" not in get_perms(g_reg_anon, output_image)
    assert "view_image" not in get_perms(g_reg, job.inputs.first().image)
    assert "view_image" not in get_perms(g_reg_anon, job.inputs.first().image)
Beispiel #40
0
    def test_func(self):
        club = suite.models.Club.objects.get(pk=self.kwargs['club_id'])
        if 'can_create_event' not in get_perms(self.request.user, club):
            raise PermissionDenied

        return True
Beispiel #41
0
def document_detail(request, docid):
    """
    The view that show details of each document
    """
    try:
        document = _resolve_document(
            request,
            docid,
            'base.view_resourcebase',
            _PERMISSION_MSG_VIEW)
    except PermissionDenied:
        return HttpResponse(_("Not allowed"), status=403)
    except Exception:
        raise Http404(_("Not found"))
    if not document:
        raise Http404(_("Not found"))

    permission_manager = ManageResourceOwnerPermissions(document)
    permission_manager.set_owner_permissions_according_to_workflow()

    # Add metadata_author or poc if missing
    document.add_missing_metadata_author_or_poc()

    related = get_related_resources(document)

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    if request.user != document.owner and not request.user.is_superuser:
        Document.objects.filter(
            id=document.id).update(
            popular_count=F('popular_count') + 1)

    metadata = document.link_set.metadata().filter(
        name__in=settings.DOWNLOAD_FORMATS_METADATA)

    # Call this first in order to be sure "perms_list" is correct
    permissions_json = _perms_info_json(document)

    perms_list = get_perms(
        request.user,
        document.get_self_resource()) + get_perms(request.user, document)

    group = None
    if document.group:
        try:
            group = GroupProfile.objects.get(slug=document.group.name)
        except ObjectDoesNotExist:
            group = None

    access_token = None
    if request and request.user:
        access_token = get_or_create_token(request.user)
        if access_token and not access_token.is_expired():
            access_token = access_token.token
        else:
            access_token = None

    AUDIOTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == 'audio']
    IMGTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == 'image']
    VIDEOTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == 'video']

    context_dict = {
        'access_token': access_token,
        'resource': document,
        'perms_list': perms_list,
        'permissions_json': permissions_json,
        'group': group,
        'metadata': metadata,
        'audiotypes': AUDIOTYPES,
        'imgtypes': IMGTYPES,
        'videotypes': VIDEOTYPES,
        'mimetypemap': DOCUMENT_MIMETYPE_MAP,
        'related': related}

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(
            request, document)

    if getattr(settings, 'EXIF_ENABLED', False):
        try:
            from geonode.documents.exif.utils import exif_extract_dict
            exif = exif_extract_dict(document)
            if exif:
                context_dict['exif_data'] = exif
        except Exception:
            logger.error("Exif extraction failed.")

    if request.user.is_authenticated:
        if getattr(settings, 'FAVORITE_ENABLED', False):
            from geonode.favorite.utils import get_favorite_info
            context_dict["favorite_info"] = get_favorite_info(request.user, document)

    register_event(request, EventType.EVENT_VIEW, document)

    return render(
        request,
        "documents/document_detail.html",
        context=context_dict)
Beispiel #42
0
def test_user_has_no_edit_perm(hobby, user):
    assert 'change_hobby' not in get_perms(user, hobby)
Beispiel #43
0
def import_gloss_csv(request):
    """
    Check which objects exist and which not. Then show the user a list of glosses that will be added if user confirms.
    Store the glosses to be added into sessions.
    """
    glosses_new = []
    glosses_exists = []
    # Make sure that the session variables are flushed before using this view.
    if 'dataset_id' in request.session: del request.session['dataset_id']
    if 'glosses_new' in request.session: del request.session['glosses_new']

    if request.method == 'POST':
        form = CSVUploadForm(request.POST, request.FILES)
        if form.is_valid():
            dataset = form.cleaned_data['dataset']
            if 'view_dataset' not in get_perms(request.user, dataset):
                # If user has no permissions to dataset, raise PermissionDenied to show 403 template.
                msg = _(
                    "You do not have permissions to import glosses to this lexicon."
                )
                messages.error(request, msg)
                raise PermissionDenied(msg)
            try:
                glossreader = csv.reader(codecs.iterdecode(
                    form.cleaned_data['file'], 'utf-8'),
                                         delimiter=',',
                                         quotechar='"')
            except csv.Error as e:
                # Can't open file, remove session variables
                if 'dataset_id' in request.session:
                    del request.session['dataset_id']
                if 'glosses_new' in request.session:
                    del request.session['glosses_new']
                # Set a message to be shown so that the user knows what is going on.
                messages.add_message(request, messages.ERROR,
                                     _('Cannot open the file:' + str(e)))
                return render(
                    request,
                    'dictionary/import_gloss_csv.html',
                    {'import_csv_form': CSVUploadForm()},
                )
            except UnicodeDecodeError as e:
                # File is not UTF-8 encoded.
                messages.add_message(request, messages.ERROR,
                                     _('File must be UTF-8 encoded!'))
                return render(
                    request,
                    'dictionary/import_gloss_csv.html',
                    {'import_csv_form': CSVUploadForm()},
                )

            for row in glossreader:
                if glossreader.line_num == 1:
                    # Skip first line of CSV file.
                    continue
                try:
                    # Find out if the gloss already exists, if it does add to list of glosses not to be added.
                    gloss = Gloss.objects.get(dataset=dataset, idgloss=row[0])
                    glosses_exists.append(gloss)
                except Gloss.DoesNotExist:
                    # If gloss is not already in list, add glossdata to list of glosses to be added as a tuple.
                    if not any(row[0] in s for s in glosses_new):
                        glosses_new.append(tuple(row))
                except IndexError:
                    # If row[0] does not exist, continue to next iteration of loop.
                    continue

            # Store dataset's id and the list of glosses to be added in session.
            request.session['dataset_id'] = dataset.id
            request.session['glosses_new'] = glosses_new

            return render(
                request, 'dictionary/import_gloss_csv_confirmation.html', {
                    'glosses_new': glosses_new,
                    'glosses_exists': glosses_exists,
                    'dataset': dataset,
                })
        else:
            # If form is not valid, set a error message and return to the original form.
            messages.add_message(
                request, messages.ERROR,
                _('The provided CSV-file does not meet the requirements '
                  'or there is some other problem.'))
            return render(
                request,
                'dictionary/import_gloss_csv.html',
                {'import_csv_form': form},
            )
    else:
        # If request type is not POST, return to the original form.
        csv_form = CSVUploadForm()
        allowed_datasets = get_objects_for_user(request.user,
                                                'dictionary.view_dataset')
        # Make sure we only list datasets the user has permissions to.
        csv_form.fields["dataset"].queryset = csv_form.fields[
            "dataset"].queryset.filter(id__in=[x.id for x in allowed_datasets])
        return render(
            request,
            "dictionary/import_gloss_csv.html",
            {'import_csv_form': csv_form},
        )
Beispiel #44
0
def set_permissions(request,share,json=None):
    from smtplib import SMTPException
    emailed=[]
    created=[]
    failed=[]
#     if not request.user.has_perm('admin',share):
#         return json_response({'status':'error','error':'You do not have permission to write to this share.'})
    if json.has_key('groups'):
        for group, permissions in json['groups'].iteritems():
            g = Group.objects.get(id__iexact=group)
            current_perms = get_perms(g,share)
            removed_perms = list(set(current_perms) - set(permissions))
            added_perms = list(set(permissions) - set(current_perms))
            for u in g.user_set.all():
                if len(share.get_user_permissions(u,user_specific=True)) == 0 and len(added_perms) > 0 and json['email']:
                    email_users([u],'share/share_subject.txt','share/share_email_body.txt',{'user':u,'share':share,'sharer':request.user,'site_url':SITE_URL})
                    emailed.append(u.username)
            for perm in removed_perms:
                remove_perm(perm,g,share)
            for perm in added_perms:
                assign_perm(perm,g,share)
    if json.has_key('users'):
        for username, permissions in json['users'].iteritems():
            username = username.lower()
            try:
                u = User.objects.get(username__iexact=username)
                if len(share.get_user_permissions(u,user_specific=True)) == 0 and json['email']:
                    try:
                        email_users([u],'share/share_subject.txt','share/share_email_body.txt',{'user':u,'share':share,'sharer':request.user,'site_url':SITE_URL})
                        emailed.append(username)
                    except:
                        failed.append(username)
            except:
                if len(permissions) > 0:
                    password = User.objects.make_random_password()
                    u = User(username=username,email=username)
                    u.set_password(password)
                    u.save()
                    try:
                        email_users([u],'share/share_subject.txt','share/share_new_email_body.txt',{'user':u,'password':password,'share':share,'sharer':request.user,'site_url':SITE_URL})
                        created.append(username)
                    except:
                        failed.append(username)
                        u.delete()
            current_perms = share.get_user_permissions(u,user_specific=True)
            print 'CURRENT'
            print current_perms
            print 'PERMISSIONS'
            print permissions
            removed_perms = list(set(current_perms) - set(permissions))
            added_perms = list(set(permissions) - set(current_perms))
            print 'ADDING: '
            print added_perms
            print 'REMOVING: '
            print removed_perms
            for perm in removed_perms:
                if u.username not in failed:
                    remove_perm(perm,u,share)
            for perm in added_perms:
                if u.username not in failed:
                    assign_perm(perm,u,share)
    data = share.get_permissions(user_specific=True)
    data['messages']=[]
    if len(emailed) > 0:
        data['messages'].append({'type':'info','content':'%s has/have been emailed'%', '.join(emailed)})
    if len(created) > 0:
        data['messages'].append({'type':'info','content':'Accounts has/have been created and emails have been sent to the following email addresses: %s'%', '.join(created)})
    if len(failed) > 0:
        data['messages'].append({'type':'info','content':'Delivery has failed to the following addresses: %s'%', '.join(failed)})
    data['json']=json
    return json_response(data)
Beispiel #45
0
def document_detail(request, docid):
    """
    The view that show details of each document
    """
    document = None
    try:
        document = _resolve_document(request, docid, 'base.view_resourcebase',
                                     _PERMISSION_MSG_VIEW)

    except Http404:
        return HttpResponse(loader.render_to_string(
            '404.html', RequestContext(request, {})),
                            status=404)

    except PermissionDenied:
        return HttpResponse(loader.render_to_string(
            '401.html',
            RequestContext(request, {
                'error_message':
                _("You are not allowed to view this document.")
            })),
                            status=403)

    if document is None:
        return HttpResponse('An unknown error has occured.',
                            content_type="text/plain",
                            status=401)

    else:
        related = get_related_resources(document)

        # Update count for popularity ranking,
        # but do not includes admins or resource owners
        if request.user != document.owner and not request.user.is_superuser:
            Document.objects.filter(id=document.id).update(
                popular_count=F('popular_count') + 1)

        metadata = document.link_set.metadata().filter(
            name__in=settings.DOWNLOAD_FORMATS_METADATA)

        context_dict = {
            'perms_list': get_perms(request.user,
                                    document.get_self_resource()),
            'permissions_json': _perms_info_json(document),
            'resource': document,
            'metadata': metadata,
            'imgtypes': IMGTYPES,
            'related': related
        }

        if settings.SOCIAL_ORIGINS:
            context_dict["social_links"] = build_social_links(
                request, document)

        if getattr(settings, 'EXIF_ENABLED', False):
            try:
                from geonode.contrib.exif.utils import exif_extract_dict
                exif = exif_extract_dict(document)
                if exif:
                    context_dict['exif_data'] = exif
            except BaseException:
                print "Exif extraction failed."

        return render_to_response("documents/document_detail.html",
                                  RequestContext(request, context_dict))
Beispiel #46
0
def map_detail(request, mapid, snapshot=None, template='maps/map_detail.html'):
    '''
    The view that show details of each map
    '''

    map_obj = _resolve_map(
        request,
        mapid,
        'base.view_resourcebase',
        _PERMISSION_MSG_VIEW)

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    if request.user != map_obj.owner and not request.user.is_superuser:
        Map.objects.filter(
            id=map_obj.id).update(
            popular_count=F('popular_count') + 1)

    if 'access_token' in request.session:
        access_token = request.session['access_token']
    else:
        access_token = None

    if snapshot is None:
        config = map_obj.viewer_json(request.user, access_token)
    else:
        config = snapshot_config(snapshot, map_obj, request.user, access_token)

    config = json.dumps(config)
    layers = MapLayer.objects.filter(map=map_obj.id)
    links = map_obj.link_set.download()

    group = None
    if map_obj.group:
        try:
            group = GroupProfile.objects.get(slug=map_obj.group.name)
        except GroupProfile.DoesNotExist:
            group = None
    context_dict = {
        'config': config,
        'resource': map_obj,
        'group': group,
        'layers': layers,
        'perms_list': get_perms(request.user, map_obj.get_self_resource()),
        'permissions_json': _perms_info_json(map_obj),
        "documents": get_related_documents(map_obj),
        'links': links,
    }

    context_dict["preview"] = getattr(
        settings,
        'LAYER_PREVIEW_LIBRARY',
        '')
    context_dict["crs"] = getattr(
        settings,
        'DEFAULT_MAP_CRS',
        'EPSG:900913')

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(request, map_obj)

    return render_to_response(template, RequestContext(request, context_dict))
Beispiel #47
0
def test_creator_gets_edit_perm(hobby, user):
    assert hobby.created_by_id != user.pk
    assert 'change_hobby' not in get_perms(user, hobby)
    hobby.created_by = user
    hobby.save()
    assert 'change_hobby' in get_perms(user, hobby)
Beispiel #48
0
def layer_detail(request, layername, template='layers/layer_detail.html'):
    layer = _resolve_layer(request, layername, 'base.view_resourcebase',
                           _PERMISSION_MSG_VIEW)

    # assert False, str(layer_bbox)
    config = layer.attribute_config()

    # Add required parameters for GXP lazy-loading
    layer_bbox = layer.bbox
    bbox = [float(coord) for coord in list(layer_bbox[0:4])]
    if hasattr(layer, 'srid'):
        config['crs'] = {'type': 'name', 'properties': layer.srid}
    config["srs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')
    config["bbox"] = bbox if config["srs"] != 'EPSG:900913' \
        else llbbox_to_mercator([float(coord) for coord in bbox])
    config["title"] = layer.title
    config["queryable"] = True

    if layer.storeType == "remoteStore":
        service = layer.service
        source_params = {
            "ptype": service.ptype,
            "remote": True,
            "url": service.base_url,
            "name": service.name
        }
        maplayer = GXPLayer(name=layer.alternate,
                            ows_url=layer.ows_url,
                            layer_params=json.dumps(config),
                            source_params=json.dumps(source_params))
    else:
        maplayer = GXPLayer(name=layer.alternate,
                            ows_url=layer.ows_url,
                            layer_params=json.dumps(config))

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    layer.view_count_up(request.user)

    # center/zoom don't matter; the viewer will center on the layer bounds
    map_obj = GXPMap(
        projection=getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913'))

    NON_WMS_BASE_LAYERS = [
        la for la in default_map_config(request)[1] if la.ows_url is None
    ]

    metadata = layer.link_set.metadata().filter(
        name__in=settings.DOWNLOAD_FORMATS_METADATA)

    granules = None
    all_granules = None
    filter = None
    if layer.is_mosaic:
        try:
            cat = gs_catalog
            cat._cache.clear()
            store = cat.get_store(layer.name)
            coverages = cat.mosaic_coverages(store)

            filter = None
            try:
                if request.GET["filter"]:
                    filter = request.GET["filter"]
            except BaseException:
                pass

            offset = 10 * (request.page - 1)
            granules = cat.mosaic_granules(
                coverages['coverages']['coverage'][0]['name'],
                store,
                limit=10,
                offset=offset,
                filter=filter)
            all_granules = cat.mosaic_granules(
                coverages['coverages']['coverage'][0]['name'],
                store,
                filter=filter)
        except BaseException:
            granules = {"features": []}
            all_granules = {"features": []}

    group = None
    if layer.group:
        try:
            group = GroupProfile.objects.get(slug=layer.group.name)
        except GroupProfile.DoesNotExist:
            group = None
    # a flag to be used for qgis server
    show_popup = False
    if 'show_popup' in request.GET and request.GET["show_popup"]:
        show_popup = True

    context_dict = {
        'resource': layer,
        'group': group,
        'perms_list': get_perms(request.user, layer.get_self_resource()),
        "permissions_json": _perms_info_json(layer),
        "documents": get_related_documents(layer),
        "metadata": metadata,
        "is_layer": True,
        "wps_enabled": settings.OGC_SERVER['default']['WPS_ENABLED'],
        "granules": granules,
        "all_granules": all_granules,
        "show_popup": show_popup,
        "filter": filter,
    }

    if 'access_token' in request.session:
        access_token = request.session['access_token']
    else:
        u = uuid.uuid1()
        access_token = u.hex

    context_dict["viewer"] = json.dumps(
        map_obj.viewer_json(request.user, access_token,
                            *(NON_WMS_BASE_LAYERS + [maplayer])))
    context_dict["preview"] = getattr(settings, 'LAYER_PREVIEW_LIBRARY',
                                      'leaflet')
    context_dict["crs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')

    # provide bbox in EPSG:4326 for leaflet
    if context_dict["preview"] == 'leaflet':
        srid, wkt = layer.geographic_bounding_box.split(';')
        srid = re.findall(r'\d+', srid)
        geom = GEOSGeometry(wkt, srid=int(srid[0]))
        geom.transform(4326)
        context_dict["layer_bbox"] = ','.join([str(c) for c in geom.extent])

    if layer.storeType == 'dataStore':
        links = layer.link_set.download().filter(
            name__in=settings.DOWNLOAD_FORMATS_VECTOR)
    else:
        links = layer.link_set.download().filter(
            name__in=settings.DOWNLOAD_FORMATS_RASTER)
    links_view = [
        item for idx, item in enumerate(links)
        if item.url and 'wms' in item.url or 'gwc' in item.url
    ]
    links_download = [
        item for idx, item in enumerate(links)
        if item.url and 'wms' not in item.url and 'gwc' not in item.url
    ]
    for item in links_view:
        if item.url and access_token and 'access_token' not in item.url:
            params = {'access_token': access_token}
            item.url = Request('GET', item.url, params=params).prepare().url
    for item in links_download:
        if item.url and access_token and 'access_token' not in item.url:
            params = {'access_token': access_token}
            item.url = Request('GET', item.url, params=params).prepare().url

    if request.user.has_perm('view_resourcebase', layer.get_self_resource()):
        context_dict["links"] = links_view
    if request.user.has_perm('download_resourcebase',
                             layer.get_self_resource()):
        if layer.storeType == 'dataStore':
            links = layer.link_set.download().filter(
                name__in=settings.DOWNLOAD_FORMATS_VECTOR)
        else:
            links = layer.link_set.download().filter(
                name__in=settings.DOWNLOAD_FORMATS_RASTER)
        context_dict["links_download"] = links_download

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(request, layer)
    layers_names = layer.alternate
    try:
        if 'geonode' in layers_names:
            workspace, name = layers_names.split(':', 1)
        else:
            name = layers_names
    except:
        print "Can not identify workspace type and layername"

    context_dict["layer_name"] = json.dumps(layers_names)

    try:
        # get type of layer (raster or vector)
        if layer.storeType == 'coverageStore':
            context_dict["layer_type"] = "raster"
        elif layer.storeType == 'dataStore':
            context_dict["layer_type"] = "vector"

            location = "{location}{service}".format(
                **{
                    'location': settings.OGC_SERVER['default']['LOCATION'],
                    'service': 'wms',
                })
            # get schema for specific layer
            username = settings.OGC_SERVER['default']['USER']
            password = settings.OGC_SERVER['default']['PASSWORD']
            schema = get_schema(location,
                                name,
                                username=username,
                                password=password)

            # get the name of the column which holds the geometry
            if 'the_geom' in schema['properties']:
                schema['properties'].pop('the_geom', None)
            elif 'geom' in schema['properties']:
                schema['properties'].pop("geom", None)

            # filter the schema dict based on the values of layers_attributes
            layer_attributes_schema = []
            for key in schema['properties'].keys():
                layer_attributes_schema.append(key)

            filtered_attributes = layer_attributes_schema
            context_dict["schema"] = schema
            context_dict["filtered_attributes"] = filtered_attributes

    except:
        print "Possible error with OWSLib. Turning all available properties to string"

    # maps owned by user needed to fill the "add to existing map section" in template
    if request.user.is_authenticated():
        context_dict["maps"] = Map.objects.filter(owner=request.user)
    return TemplateResponse(request, template,
                            RequestContext(request, context_dict))
Beispiel #49
0
def test_anonymous_user_has_no_edit_perm(hobby, guardian_anonymous_user):
    assert 'change_hobby' not in get_perms(guardian_anonymous_user, hobby)
Beispiel #50
0
def get_team_project_default_permissions(team, project):
    perms = get_perms(team, project)

    return get_role(perms, project) or ""
Beispiel #51
0
    def create(self, validated_data):
        auth = get_user_auth(self.context['request'])
        user_id = validated_data.pop('_id', '')
        address = validated_data.pop('email', '')
        provider = self.context['provider']
        context = {
            'referrer': auth.user,
        }
        if user_id and address:
            raise ValidationError('Cannot specify both "id" and "email".')

        user = None
        if user_id:
            user = OSFUser.load(user_id)
        elif address:
            try:
                email = Email.objects.get(address=address.lower())
            except Email.DoesNotExist:
                full_name = validated_data.pop('fullname', '')
                if not full_name:
                    raise ValidationError('"full_name" is required when adding a moderator via email.')
                user = OSFUser.create_unregistered(full_name, email=address)
                user.add_unclaimed_record(
                    provider, referrer=auth.user,
                    given_name=full_name, email=address,
                )
                user.save()
                claim_url = user.get_claim_url(provider._id, external=True)
                context['claim_url'] = claim_url
            else:
                user = email.user
        else:
            raise ValidationError('Must specify either "id" or "email".')

        if not user:
            raise ValidationError('Unable to find specified user.')
        context['user'] = user
        context['provider'] = provider

        if bool(get_perms(user, provider)):
            raise ValidationError('Specified user is already a moderator.')
        if 'claim_url' in context:
            template = mails.CONFIRM_EMAIL_MODERATION(provider)
        else:
            template = mails.MODERATOR_ADDED(provider)

        perm_group = validated_data.pop('permission_group', '')
        if perm_group not in REVIEW_GROUPS:
            raise ValidationError('Unrecognized permission_group')
        context['notification_settings_url'] = '{}reviews/preprints/{}/notifications'.format(DOMAIN, provider._id)
        context['provider_name'] = provider.name
        context['is_reviews_moderator_notification'] = True
        context['is_admin'] = perm_group == ADMIN

        provider.add_to_group(user, perm_group)
        setattr(user, 'permission_group', perm_group)  # Allows reserialization
        mails.send_mail(
            user.username,
            template,
            **context
        )
        return user
Beispiel #52
0
def map_detail(request, mapid, snapshot=None, template='maps/map_detail.html'):
    '''
    The view that show details of each map
    '''
    map_obj = _resolve_map(
        request,
        mapid,
        'base.view_resourcebase',
        _PERMISSION_MSG_VIEW)

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    if request.user != map_obj.owner and not request.user.is_superuser:
        Map.objects.filter(
            id=map_obj.id).update(
            popular_count=F('popular_count') + 1)

    if snapshot is None:
        config = map_obj.viewer_json(request)
    else:
        config = snapshot_config(snapshot, map_obj, request)

    config = json.dumps(config)
    layers = MapLayer.objects.filter(map=map_obj.id)
    links = map_obj.link_set.download()

    group = None
    if map_obj.group:
        try:
            group = GroupProfile.objects.get(slug=map_obj.group.name)
        except GroupProfile.DoesNotExist:
            group = None
    context_dict = {
        'config': config,
        'resource': map_obj,
        'group': group,
        'layers': layers,
        'perms_list': get_perms(
            request.user,
            map_obj.get_self_resource()) + get_perms(request.user, map_obj),
        'permissions_json': _perms_info_json(map_obj),
        "documents": get_related_documents(map_obj),
        'links': links,
        'preview': getattr(
            settings,
            'GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY',
            'geoext'),
        'crs': getattr(
            settings,
            'DEFAULT_MAP_CRS',
            'EPSG:3857')
    }

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(request, map_obj)

    if request.user.is_authenticated():
        if getattr(settings, 'FAVORITE_ENABLED', False):
            from geonode.favorite.utils import get_favorite_info
            context_dict["favorite_info"] = get_favorite_info(request.user, map_obj)

    return render(request, template, context=context_dict)
Beispiel #53
0
    def form_valid(self, form):
        self.object = form.save()

        # Need to force lower case emails.
        self.object.username = self.object.username.lower()
        self.object.save()

        username = form.cleaned_data['username']
        language = form.cleaned_data['language']
        course = form.cleaned_data['course']
        perms = form.cleaned_data['perms']
        prog_id = form.cleaned_data['program_id']
        is_active = form.cleaned_data['is_active']

        self.ggvuser.program_id = prog_id
        self.ggvuser.language_pref = language
        self.ggvuser.save()

        #get_user_perms
        curr_permissions = get_perms(self.object, self.course)
        if not curr_permissions:
            curr_permissions = get_user_perms(self.object, self.course)

        # Username changed?
        if not self.object.email == username:
            self.object.email = username
            self.object.save()
            try:
                social_auth_obj = self.object.social_auth.all()[0]
                social_auth_obj.uid = self.object.email
                social_auth_obj.save()
            except:
                pass

        if not self.object.is_active == is_active:
            self.object.is_active = is_active
            self.object.save()

        # Change the user's course?.
        if not self.course.id == course.id:

            for i in curr_permissions:
                assign_perm(i, self.object, course)
                remove_perm(i, self.object, self.course)

            # Change course_context for user's bookmarks
            bks = self.object.bookmarker.all().filter(
                course_context=self.course)
            for i in bks:
                try:
                    i.course_context = course
                    i.save()
                except IntegrityError as e:
                    i.delete()

            self.course = course

        # Change the user's permissions?
        if perms not in curr_permissions:
            for i in curr_permissions:
                remove_perm(i, self.object, self.course)

            assign_perm(perms, self.object, self.course)

        return super(UpdateGgvUserAccountView, self).form_valid(form)
Beispiel #54
0
def get_object_perms(obj, user=None):
    """Return permissions for given object in Resolwe specific format.

    Function returns permissions for given object ``obj`` in following
    format::

       {
           "type": "group"/"user"/"public",
           "id": <group_or_user_id>,
           "name": <group_or_user_name>,
           "permissions": [<first_permission>, <second_permission>,...]
       }

    For ``public`` type ``id`` and ``name`` keys are omitted.

    If ``user`` parameter is given, permissions are limited only to
    given user, groups he belongs to and public permissions.

    :param obj: Resolwe's DB model's instance
    :type obj: a subclass of :class:`~resolwe.flow.models.base.BaseModel`
    :param user: Django user
    :type user: :class:`~django.contrib.auth.models.User` or :data:`None`
    :return: list of permissions object in described format
    :rtype: list

    """
    def format_permissions(perms):
        """Remove model name from permission."""
        ctype = ContentType.objects.get_for_model(obj)
        return [perm.replace('_{}'.format(ctype.name), '') for perm in perms]

    perms_list = []

    if user:
        if user.is_authenticated:
            user_perms, group_perms = get_user_group_perms(user, obj)
        else:
            user_perms, group_perms = [], []

        if user_perms != []:
            perms_list.append({
                'type': 'user',
                'id': user.pk,
                'name': user.get_full_name() or user.username,
                'permissions': format_permissions(user_perms),
            })

        if group_perms != []:
            for group_id, group_name, perms in group_perms:
                perms_list.append({
                    'type': 'group',
                    'id': group_id,
                    'name': group_name,
                    'permissions': format_permissions(perms),
                })
    else:
        user_options = {'attach_perms': True, 'with_group_users': False}
        for user, perms in six.iteritems(
                get_users_with_perms(obj, **user_options)):
            if user.username == settings.ANONYMOUS_USER_NAME:
                # public user is treated separately
                continue
            perms_list.append({
                'type': 'user',
                'id': user.pk,
                'name': user.get_full_name() or user.username,
                'permissions': format_permissions(perms),
            })

        group_options = {
            'attach_perms': True,
        }
        for group, perms in six.iteritems(
                get_groups_with_perms(obj, **group_options)):
            perms_list.append({
                'type': 'group',
                'id': group.pk,
                'name': group.name,
                'permissions': format_permissions(perms),
            })

    public_perms = get_perms(AnonymousUser(), obj)
    if public_perms != []:
        perms_list.append({
            'type': 'public',
            'permissions': format_permissions(public_perms),
        })

    return perms_list
Beispiel #55
0
def layer_detail(request, layername, template='layers/layer_detail.html'):
    try:
        user_role = request.GET['user_role']
    except:
        user_role=None

    layer = _resolve_layer(
        request,
        layername,
        'base.view_resourcebase',
        _PERMISSION_MSG_VIEW)

    user = request.user
    edit_permit = False
    if layer.owner == user and layer.status in ['DRAFT', 'ACTIVE', 'DENIED']:
        edit_permit = True
    elif user in layer.group.get_managers() and layer.status in ['PENDING', 'ACTIVE', 'DENIED']:
        edit_permit = True

    if not edit_permit and layer.status=='ACTIVE':
        edit_permit = True

    # if the edit request is not valid then just return from here
    if not edit_permit:
        return HttpResponse(
                        loader.render_to_string(
                            '401.html', RequestContext(
                            request, {
                            'error_message': _("You dont have permission to edit this layer.")})), status=401)
        # return  HttpResponse('You dont have permission to edit this layer')

    # assert False, str(layer_bbox)
    config = layer.attribute_config()

    # Add required parameters for GXP lazy-loading
    layer_bbox = layer.bbox
    bbox = [float(coord) for coord in list(layer_bbox[0:4])]
    config["srs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')
    config["bbox"] = bbox if config["srs"] != 'EPSG:900913' \
        else llbbox_to_mercator([float(coord) for coord in bbox])
    config["title"] = layer.title
    config["queryable"] = True

    if layer.storeType == "remoteStore":
        service = layer.service
        source_params = {
            "ptype": service.ptype,
            "remote": True,
            "url": service.base_url,
            "name": service.name}
        maplayer = GXPLayer(
            name=layer.typename,
            ows_url=layer.ows_url,
            layer_params=json.dumps(config),
            source_params=json.dumps(source_params))
    else:
        maplayer = GXPLayer(
            name=layer.typename,
            ows_url=layer.ows_url,
            layer_params=json.dumps(config))

    # Update count for popularity ranking,
    # but do not includes admins or resource owners
    if request.user != layer.owner and not request.user.is_superuser:
        Layer.objects.filter(
            id=layer.id).update(popular_count=F('popular_count') + 1)

    # center/zoom don't matter; the viewer will center on the layer bounds
    map_obj = GXPMap(projection=getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913'))

    NON_WMS_BASE_LAYERS = [
        la for la in default_map_config()[1] if la.ows_url is None]

    metadata = layer.link_set.metadata().filter(
        name__in=settings.DOWNLOAD_FORMATS_METADATA)

    granules = None
    all_granules = None
    filter = None
    if layer.is_mosaic:
        try:
            cat = gs_catalog
            cat._cache.clear()
            store = cat.get_store(layer.name)
            coverages = cat.mosaic_coverages(store)

            filter = None
            try:
                if request.GET["filter"]:
                    filter = request.GET["filter"]
            except:
                pass

            offset = 10 * (request.page - 1)
            granules = cat.mosaic_granules(coverages['coverages']['coverage'][0]['name'], store, limit=10,
                                           offset=offset, filter=filter)
            all_granules = cat.mosaic_granules(coverages['coverages']['coverage'][0]['name'], store, filter=filter)
        except:
            granules = {"features": []}
            all_granules = {"features": []}
    approve_form = ResourceApproveForm()
    deny_form = ResourceDenyForm()
    metadata_field_list = ['owner', 'title', 'date', 'date_type', 'edition', 'abstract', 'purpose',
                           'maintenance_frequency', 'regions', 'restriction_code_type', 'constraints_other', 'license',
                           'language', 'spatial_representation_type', 'resource_type', 'temporal_extent_start',
                           'temporal_extent_end', 'supplemental_information', 'data_quality_statement', 'thumbnail_url',
                            'elevation_regex', 'time_regex', 'keywords',
                           'category']
    if request.user == layer.owner or request.user in layer.group.get_managers():
        if not layer.attributes:
            messages.info(request, 'Please update layer metadata, missing some informations')
        elif not layer.metadata_author:
            messages.info(request, 'Please update layer metadata, missing some informations')
        else:
            for field in metadata_field_list:
                if not getattr(layer, layer._meta.get_field(field).name):
                    messages.info(request, 'Please update layer metadata, missing some informations')
                    break


    # layer_name = layer.service_typename
    # geoserver_user = OGC_SERVER['default']['USER']
    # geoserver_password = OGC_SERVER['default']['PASSWORD']
    # style_url = OGC_SERVER['default']['PUBLIC_LOCATION'] + "rest/layers/" + layer_name + ".json"
    # response1 = requests.get(style_url, auth=HTTPBasicAuth(geoserver_user, geoserver_password))
    # sld_file_name_url = response1.json()['layer']['defaultStyle']['href']
    # response2 = requests.get(sld_file_name_url, auth=HTTPBasicAuth(geoserver_user, geoserver_password))
    # file_name = response2.json()['style']['filename']
    # sld_file_url = OGC_SERVER['default']['PUBLIC_LOCATION'] + "rest/styles/" + file_name
    # sld_content = requests.get(sld_file_url, auth=HTTPBasicAuth(geoserver_user, geoserver_password)).content
    #
    # xlink = ''
    # try:
    #     dict1 = xmltodict.parse(sld_content)
    #     dict2 = dict1['sld:StyledLayerDescriptor']['sld:NamedLayer']['sld:UserStyle']['sld:FeatureTypeStyle']\
    #     ['sld:Rule']['sld:PointSymbolizer']
    #     xlink = dict2['sld:Graphic']['sld:ExternalGraphic']['sld:OnlineResource']['@xlink:href']
    # except:
    #     pass
    xlink = style_chart_legend_color(layer)

    context_dict = {
        "resource": layer,
        'perms_list': get_perms(request.user, layer.get_self_resource()),
        "permissions_json": _perms_info_json(layer),
        "documents": get_related_documents(layer),
        "metadata": metadata,
        "is_layer": True,
        "wps_enabled": settings.OGC_SERVER['default']['WPS_ENABLED'],
        "granules": granules,
        "all_granules": all_granules,
        "filter": filter,
        "user_role": user_role,
        "approve_form": approve_form,
        "deny_form": deny_form,
        "denied_comments": LayerAuditActivity.objects.filter(layer_submission_activity__layer=layer),
        "status": layer.status,
        "chart_link" : xlink
    }

    context_dict["viewer"] = json.dumps(
        map_obj.viewer_json(request.user, * (NON_WMS_BASE_LAYERS + [maplayer])))
    context_dict["preview"] = getattr(
        settings,
        'LAYER_PREVIEW_LIBRARY',
        'leaflet')

    if request.user.has_perm('download_resourcebase', layer.get_self_resource()):
        if layer.storeType == 'dataStore':
            links = layer.link_set.download().filter(
                name__in=settings.DOWNLOAD_FORMATS_VECTOR)
        else:
            links = layer.link_set.download().filter(
                name__in=settings.DOWNLOAD_FORMATS_RASTER)
        context_dict["links"] = links

    if settings.SOCIAL_ORIGINS:
        context_dict["social_links"] = build_social_links(request, layer)

    return render_to_response(template, RequestContext(request, context_dict))
Beispiel #56
0
def test_read_without_lock_ok(user_api_client, scan_decision, user):
    resp = user_api_client().get(f'/api/v1/scan-decisions/{scan_decision.id}')
    if not has_read_perm(get_perms(user, scan_decision.scan.experiment.project)):
        assert resp.status_code == 404
    else:
        assert resp.status_code == 200
    def test_moderated_upload(self):
        """
        Test if moderation flag works
        """
        with self.settings(ADMIN_MODERATE_UPLOADS=False):
            self.client.login(username=self.user, password=self.passwd)

            input_path = self._get_input_path()

            with open(input_path, 'rb') as f:
                data = {
                    'title': 'document title',
                    'doc_file': f,
                    'resource': '',
                    'extension': 'txt',
                    'permissions': '{}',
                }
                resp = self.client.post(self.document_upload_url, data=data)
                self.assertEqual(resp.status_code, 200)
            dname = 'document title'
            _d = Document.objects.get(title=dname)

            self.assertTrue(_d.is_published)
            uuid = _d.uuid
            _d.delete()

            from geonode.documents.utils import delete_orphaned_document_files
            _, document_files_before = storage.listdir(
                os.path.join("documents", "document"))
            deleted = delete_orphaned_document_files()
            _, document_files_after = storage.listdir(
                os.path.join("documents", "document"))
            self.assertTrue(len(deleted) > 0)
            self.assertEqual(
                set(deleted),
                set(document_files_before) - set(document_files_after))

            from geonode.base.utils import delete_orphaned_thumbs
            thumb_files_before = get_thumbs()
            deleted = delete_orphaned_thumbs()
            thumb_files_after = get_thumbs()
            if len(thumb_files_before):
                self.assertTrue(
                    len(deleted) > 0,
                    f"before: {thumb_files_before} - deleted: {deleted} - after: {thumb_files_after}"
                )
                self.assertEqual(
                    set(deleted),
                    set(thumb_files_before) - set(thumb_files_after),
                    f"deleted: {deleted} vs {set(thumb_files_before) - set(thumb_files_after)}"
                )

            fn = os.path.join(os.path.join("documents", "document"),
                              os.path.basename(input_path))
            self.assertFalse(storage.exists(fn))

            files = [thumb for thumb in get_thumbs() if uuid in thumb]
            self.assertEqual(len(files), 0)

        with self.settings(ADMIN_MODERATE_UPLOADS=True):
            self.client.login(username=self.user, password=self.passwd)

            norman = get_user_model().objects.get(username="******")
            group = GroupProfile.objects.get(slug="bar")
            input_path = self._get_input_path()
            with open(input_path, 'rb') as f:
                data = {
                    'title': 'document title',
                    'doc_file': f,
                    'resource': '',
                    'extension': 'txt',
                    'permissions': '{}',
                }
                resp = self.client.post(self.document_upload_url, data=data)
                self.assertEqual(resp.status_code, 200)
            dname = 'document title'
            _d = Document.objects.get(title=dname)
            self.assertFalse(_d.is_approved)
            self.assertTrue(_d.is_published)

            group.join(norman)
            self.assertFalse(group.user_is_role(norman, "manager"))
            GroupMember.objects.get(group=group, user=norman).promote()
            self.assertTrue(group.user_is_role(norman, "manager"))

            self.client.login(username="******", password="******")
            resp = self.client.get(reverse('document_detail', args=(_d.id, )))
            # Forbidden
            self.assertEqual(resp.status_code, 403)
            _d.group = group.group
            _d.save()
            resp = self.client.get(reverse('document_detail', args=(_d.id, )))
            # Allowed - edit permissions
            self.assertEqual(resp.status_code, 200)
            perms_list = get_perms(norman, _d.get_self_resource()) + get_perms(
                norman, _d)
            self.assertTrue('change_resourcebase_metadata' in perms_list)
            GroupMember.objects.get(group=group, user=norman).demote()
            self.assertFalse(group.user_is_role(norman, "manager"))
            resp = self.client.get(reverse('document_detail', args=(_d.id, )))
            # Allowed - no edit
            self.assertEqual(resp.status_code, 200)
            perms_list = get_perms(norman, _d.get_self_resource()) + get_perms(
                norman, _d)
            self.assertFalse('change_resourcebase_metadata' in perms_list)
            group.leave(norman)
Beispiel #58
0
    def post(self, request, *args, **kwargs):
        user = get_object_or_404(User, pk=kwargs['pk'])
        user_name = str(user)

        if request.user.pk == user.pk:
            messages.error(
                request,
                "You cannot delete yourself. Sorry. That would be weird.")
            return redirect('roster:admin_membership', pk=self.kwargs['pk'])

        # Billing Subscriptions
        BillingSubscription.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # Invoices
        Invoice.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # Payments
        Payment.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # Saved Cards
        UserStripeCard.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # Custom Billing Groups
        BillingGroupMembership.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # Roster
        Roster.objects.filter(
            user=user,
            event__league=self.league,
        ).delete()

        # Registration Data
        RegistrationData.objects.filter(
            user=user,
            event__league=self.league,
        ).delete()

        # Registration Invites
        RegistrationInvite.objects.filter(
            user=user,
            event__league=self.league,
        ).delete()

        # Legal Signatures
        # I suppose these could be emailed as a backup before they are deleted.
        # Seems like something we wouldn't want to lose?
        LegalSignature.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # User Logs
        UserLog.objects.filter(
            user=user,
            league=self.league,
        ).delete()

        # User Tags
        # currently no League field (uh... huh?) Can't delete now.

        # Remove permissions
        for perm in get_perms(user, self.league):
            remove_perm(perm, user, self.league)
        for perm in get_perms(user, self.league.organization):
            remove_perm(perm, user, self.league.organization)

        if BillingSubscription.objects.filter(user=user).exists() or \
            Invoice.objects.filter(user=user).exists() or \
            Payment.objects.filter(user=user).exists() or \
            UserStripeCard.objects.filter(user=user).exists() or \
            BillingGroupMembership.objects.filter(user=user).exists() or \
            Roster.objects.filter(user=user).exists() or \
            RegistrationData.objects.filter(user=user).exists() or \
            RegistrationInvite.objects.filter(user=user).exists() or \
            LegalSignature.objects.filter(user=user).exists() or \
            UserLog.objects.filter(user=user).exists():

            # User still exists in the system. Maybe we should care.
            pass
        else:
            messages.success(
                request,
                "<strong>{}</strong> is not a member of any other leagues on the system. They have been completely removed."
                .format(user_name))
            user.delete()

        messages.success(
            request,
            "Deleted user <strong>{}</strong> from database. They are now gone."
            .format(user_name))
        return redirect('roster:list')
Beispiel #59
0
 def get_context_data(self, **kwargs):
     context = super(FlujoList, self).get_context_data(**kwargs)
     context['proyecto_perms'] = get_perms(self.request.user, self.project)
     return context
Beispiel #60
0
    def get(self, request, *args, **kwargs):
        course = Course.objects.get(slug=self.kwargs['crs_slug'])
        is_instructor = 'instructor' in get_perms(self.request.user, course)
        is_student = 'access' in get_perms(self.request.user, course)
        """ User has previously completed or is staff. No viewing restrictions enforced. """
        if self.request.user.is_staff or is_instructor or self.completion_status.count(
        ):

            if not self.next_question:
                """ No more questions. Show student user the worksheet completion page. """
                if is_student and not is_instructor:
                    user_ws_status = UserWorksheetStatus.objects.filter(
                        user=self.request.user).get(
                            completed_worksheet=self.worksheet)
                    return HttpResponseRedirect(
                        reverse('worksheet_completed',
                                args=(self.kwargs['crs_slug'],
                                      user_ws_status.id)))

                return HttpResponseRedirect(
                    reverse('worksheet_user_report',
                            args=(self.kwargs['crs_slug'], self.worksheet.id,
                                  self.request.user.id)))

            return super(QuestionResponseView,
                         self).get(request, *args, **kwargs)
        """ User is not staff but viewing restrictions are not enforced if response not required. """
        if self.next_question:
            if not self.next_question['question'].response_required:
                return super(QuestionResponseView,
                             self).get(request, *args, **kwargs)
        """ Viewing restrictions enforced. """
        self.next_question = self.worksheet.get_next_question(
            self.request.user)
        """ If user's response queue is empty, user has completed worksheet, write completion status.
            Send user to worksheet report.
        """
        if not self.next_question:
            if not self.completion_status:
                user_ws_status = UserWorksheetStatus(
                    user=self.request.user,
                    completed_worksheet=self.worksheet,
                    score=self.worksheet.get_user_score(self.request.user))
                user_ws_status.save()
                self.completion_status = True

                logpath = reverse('worksheet_report',
                                  args=(
                                      self.kwargs['crs_slug'],
                                      self.worksheet.id,
                                  ))

                msg = '<a href="%s">%s</a>' % (logpath, self.worksheet.title)
                msg_detail = self.worksheet.lesson.title
                logged = ActivityLog(user=self.request.user,
                                     action='completed-worksheet',
                                     message=msg,
                                     message_detail=msg_detail)
                logged.save()
                """ Create notification for instructor(s) that the user has completed the worksheet """
                for i in course.instructor_list():
                    notification = Notification(
                        user_to_notify=i,
                        context='worksheet',
                        event=self.worksheet.notify_text(
                            crs_slug=course.slug, user=self.request.user))
                    notification.save()
                """ Send email to instructor(s) that the user has completed the worksheet. """
                SendWorksheetNotificationEmailToInstructors(
                    self.request, course, self.worksheet)

                return HttpResponseRedirect(
                    reverse('worksheet_completed',
                            args=(self.kwargs['crs_slug'], user_ws_status.id)))
        """
        Request parameter <j> is potentially overidden by next unanswered question
        in user's response queue.
        """
        if str(self.next_question['index']) != self.kwargs['j']:
            return HttpResponseRedirect(
                reverse('question_response',
                        args=(self.kwargs['crs_slug'], self.worksheet.id,
                              self.next_question['index'])))

        return super(QuestionResponseView, self).get(request, *args, **kwargs)