def changePassword(self, request):
'''
Allows users to change their own password, after confirming a password recovery.
'''
if request.user.is_authenticated():
return Response(
{
'error':
"An already logged in user can't recover a password!"
},
status=status.HTTP_400_BAD_REQUEST)
hash = request.data.get('hash', None)
new_password = request.data.get('password', None)
if hash != None and new_password != None:
try:
userRecovery = UserRecovery.getUserRecovery(hash=hash)
userRecovery.setNewPassword(new_password)
History.new(event=History.EDIT,
actor=userRecovery.user,
object=userRecovery.user,
authorized=[userRecovery.user])
return Response({'success': True}, status=status.HTTP_200_OK)
except (UserRecovery.DoesNotExist, AttributeError):
return Response({
'error':
"Either the request does not exist, or it has expired."
})
return Response({'error': "This request is not valid."})
def recover(self, request):
''' Allows users to ask for password recovery(which needs to be confirmed).
'''
if request.user.is_authenticated():
return Response({
'error':
"An already logged in user can't recover a password!"
})
email = request.data.get('email', None)
if email != None:
email = email.lower()
try:
usr = User.objects.get(email=email)
ur = UserRecovery(user=usr)
ur.save()
History.new(event=History.RECOVER,
actor=usr,
object=ur,
authorized=[usr])
return Response({'success': True})
except User.DoesNotExist:
pass
return Response(
{'error': "An user with this email does not exist."})
def retrieve(self, request, *args, **kwargs):
"""
Retrieve a task details, by id
"""
History.new(event=History.ACCESS, actor=request.user, object=self.get_object())
return super(TaskViewSet, self).retrieve(request, args, kwargs)
def create(self, request, *args, **kwargs):
"""
Insert a new workflow
"""
request.data[u'owner'] = request.user.id
d = copy.deepcopy(request.data)
request.data.pop('tasks')
# first round without tasks, to get reference to workflow instance
serializer, headers = create_serializer(self, request)
# create tasks...
wf = serializer.save()
d = self.__linkTasks(d, wf)
print d
serializer = WorkflowSerializer(instance=wf, data=d, partial=True)
serializer.is_valid(raise_exception=True)
# add tasks dependencies
serializer.save()
History.new(event=History.ADD,
actor=request.user,
object=serializer.instance)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def invite(self, request):
'''
Allows a user to register anothers users. Being then put on a waiting list to be approved.
'''
userList = []
for usr in request.data:
email = usr.get('email', None)
password = "******" #Default password, the user will be notice to change it. This needs to be changed
if email != None:
email = email.lower()
try:
usr = User.objects.get(email=email)
userList += [usr]
except User.DoesNotExist:
try:
usr['first_name'] = usr['firstName']
usr['last_name'] = usr['lastName']
except:
usr['first_name'] = ""
usr['last_name'] = ""
usr['username'] = email[:30]
usr['email'] = email
usr['profile'] = {
'detail_mode': Profile.get_default_detail_mode()
}
serializer = UserSerializer(data=usr)
valid = serializer.is_valid(raise_exception=True)
if valid:
new_user = serializer.save()
new_user.set_password(password)
new_user.is_active = True #I decide let the userbe active in the first place because this is a invite
new_user.save()
userList += [new_user]
ur = UserRecovery(user=new_user)
ur.save()
History.new(event=History.INVITE,
actor=request.user,
object=ur,
authorized=[new_user])
else:
return Response({
'error':
"Email are mandatory fields on registering a new user"
})
serializer_context = {
'request': request,
}
serializerAll = UserSerializer(userList,
many=True,
context=serializer_context)
return Response(serializerAll.data)
def retrieve(self, request, *args, **kwargs):
"""
Retrieve a resource details, by hash
"""
History.new(event=History.ACCESS,
actor=request.user,
object=self.get_object())
return super(ResourceViewSet, self).retrieve(request, args, kwargs)
def register(self, request):
'''
Allows users to register themselves. Being then put on a waiting list to be approved.
'''
if request.user.is_authenticated():
return Response(
{
'error':
"An already registered user can't register new users!"
}, status.HTTP_400_BAD_REQUEST)
dataRequest = request.data.copy()
password = dataRequest.pop('password', None)
email = dataRequest.get('email', None)
if email != None and password != None:
email = email.lower()
try:
user = User.objects.get(email=email)
return Response(
{'error': "An user with this email already exists"},
status=status.HTTP_400_BAD_REQUEST)
except User.DoesNotExist:
if (not 'username' in dataRequest):
dataRequest['username'] = email[:30]
dataRequest['email'] = email
serializer = UserSerializer(data=dataRequest,
context={'request': request})
user_validated = serializer.is_valid(raise_exception=True)
if user_validated:
new_user = serializer.save()
new_user.set_password(password)
new_user.is_active = False
new_user.save()
staff = User.objects.filter(is_staff=True)
History.new(event=History.ADD,
actor=new_user,
object=new_user,
authorized=staff)
return Response(serializer.data,
status=status.HTTP_201_CREATED)
return Response({'error': "User details invalid"},
status=status.HTTP_400_BAD_REQUEST)
return Response(
{
'error':
"Email and password are mandatory fields on registering a new user"
},
status=status.HTTP_400_BAD_REQUEST)
def retrieve(self, request, *args, **kwargs):
"""
Retrieve a form, by id
"""
instance = self.get_object()
History.new(event=History.ACCESS, actor=request.user, object=instance)
return Response(FormSerializer(instance).data)
def retrieve(self, request, *args, **kwargs):
"""
Retrieve a result, by id
"""
instance = self.get_object()
History.new(event=History.ACCESS, actor=request.user, object=instance, related=[instance.processtaskuser.processtask.process])
return super(ResultViewSet, self).retrieve(request, args, kwargs)
def reject(self, comment):
self.status = ProcessTaskUser.REJECTED
self.save()
History.new(event=History.REJECT,
actor=self.user,
object=self,
observations=comment)
self.processtask.refreshState()
self.processtask.move()
def create(self, request, *args, **kwargs):
"""
Add a result as a response to a task
"""
serializer, headers = create_serializer(self, request)
History.new(event=History.ADD, actor=request.user, object=serializer.instance)
return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def retrieve(self, request, *args, **kwargs):
"""
Retrieve a workflow, by id including related tasks
"""
History.new(event=History.ACCESS,
actor=request.user,
object=self.get_object())
return Response(WorkflowDetailSerializer(self.get_object()).data)
def destroy(self, request, *args, **kwargs):
"""
Delete a form, by id
"""
instance = self.get_object()
instance.removed = True
instance.save()
History.new(event=History.DELETE, actor=request.user, object=instance)
return Response(status=status.HTTP_204_NO_CONTENT)
def update(self, request, *args, **kwargs):
"""
Update a task
"""
partial = kwargs.pop('partial', False)
instance = self.get_object()
serializer = instance.init_serializer(instance=instance, data=request.data, partial=partial)
serializer.is_valid(raise_exception=True)
self.perform_update(serializer)
History.new(event=History.EDIT, actor=request.user, object=instance)
return Response(serializer.data)
def fork(self, request, hash=None):
"""
Duplicates a public or owned workflow, returning the duplicate
"""
workflow = self.get_object()
if workflow.permissions().forkable:
new_workflow = workflow.fork(owner=request.user)
History.new(event=History.ADD,
actor=request.user,
object=new_workflow)
return Response(WorkflowSerializer(new_workflow).data)
return Response({"error": "Workflow isn't forkable"}, 403)
def create(self, request, *args, **kwargs):
"""
Insert a new Form
"""
request.data[u'creator'] = request.user.id
serializer, headers = create_serializer(self, request)
History.new(event=History.ADD,
actor=request.user,
object=serializer.instance)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
def register(self, request):
''' Allows users to register themselves. Being then put on a waiting list to be approved.
'''
if request.user.is_authenticated():
return Response({
'error':
"An already registered user can't register new users!"
})
password = request.data.pop('password', None)
email = request.data.get('email', None)
if email != None and password != None:
email = email.lower()
try:
usr = User.objects.get(email=email)
return Response(
{'error': "An user with this email already exists"})
except User.DoesNotExist:
request.data['username'] = email[:30]
request.data['email'] = email
serializer = UserSerializer(data=request.data,
context={'request': request})
valid = serializer.is_valid(raise_exception=True)
if valid:
new_user = serializer.save()
new_user.set_password(password)
new_user.is_active = False
new_user.save()
History.new(event=History.ADD,
actor=new_user,
object=new_user,
authorized=User.objects.filter(is_staff=True))
return Response(serializer.data)
return Response({'error': "User details invalid"})
return Response({
'error':
"Email and password are mandatory fields on registering a new user"
})
def warnLateDeadlines():
allProcess = Process.allWithDelay()
for process in allProcess:
ptasks = ProcessTask.all(process=process).filter(
status=ProcessTask.RUNNING, deadline__lt=timezone.now())
for ptask in ptasks:
if ((((ptask.deadline - timezone.now()).days + 1) %
process.days_after_delay) == 0):
pusers = ptask.users()
for puser in pusers:
if (puser.finished == False):
History.new(event=History.LATE,
actor=puser.user,
object=puser,
authorized=[puser.user],
related=[puser.processtask.process])
def resignRejectedUser(self, oldUser, newUser):
tasks = ProcessTaskUser.all(processtask=self).filter(user=oldUser)
exists = ProcessTaskUser.all(processtask=self).filter(
user=newUser).count()
if exists == 0 or int(oldUser) == int(newUser):
for task in tasks:
task.changeUser(newUser)
History.new(event=History.ADD,
actor=task.processtask.process.executioner,
object=task.processtask.process,
authorized=[newUser],
related=[task.processtask.process])
else:
for task in tasks:
task.delete()
self.save()
def warnBeforeDeadlines():
allProcess = Process.allWithNotificationBeforeDelay()
for process in allProcess:
ptasks = ProcessTask.all(process=process).filter(
status=ProcessTask.RUNNING)
for ptask in ptasks:
if (((ptask.deadline - timezone.now()).days +
1) == process.days_before_delay):
pusers = ptask.users()
for puser in pusers:
if (puser.finished == False):
History.new(event=History.REMAINDER,
actor=puser.user,
object=puser,
authorized=[puser.user],
related=[puser.processtask.process])
def update(self, request, *args, **kwargs):
"""
Update an already existing form
"""
request.data[u'creator'] = request.user.id
instance = self.get_object()
serializer = FormSerializer(instance=instance,
data=request.data,
partial=True)
serializer.is_valid(raise_exception=True)
self.perform_update(serializer)
History.new(event=History.EDIT, actor=request.user, object=instance)
return Response(serializer.data)
def submit(self, request, hash=None):
"""
Submits a result as complete
"""
result = self.get_object()
this_ptu = result.processtaskuser
process = this_ptu.processtask.process
this_ptu.finish()
users = []
auths = this_ptu.processtask.users().order_by('user').distinct('user')
for ptu in auths:
users.append(ptu.user)
users.append(process.executioner)
History.new(event=History.ADD, actor=this_ptu.user, object=result, authorized=users, related=[process])
return Response(GenericResultSerializer(self.get_object()).data)
def activate(self, request):
'''Activates an inactive user. Can only be used by staff users to activate other users.
'''
email = None
if request.method == 'GET':
email = request.GET.get('email', None)
else:
email = request.data.get('email', None)
if request.user.is_staff and email != None:
email = email.lower()
try:
usr = User.objects.get(email=email)
if not usr.is_active:
usr.is_active = True
usr.save()
users = [usr]
staff = User.objects.filter(is_staff=True)
for user in staff:
users.append(user)
History.new(event=History.APPROVE,
actor=request.user,
object=usr,
authorized=users)
return Response({'success': True})
return Response({'error': 'User already activated'})
except User.DoesNotExist:
return Response({
'error':
"Can't activate user, %s it doesn't exist" % email
})
return Response({'error': "Invalid or not authorized request"})
def update(self, request, *args, **kwargs):
"""
Update a existing workflow
"""
instance = self.get_object()
if instance.owner != request.user:
raise PermissionDenied
# create tasks if they dont exist, and replace links... i couldnt think of a better way to do this...
# without implicating several connections. or this
d = self.__linkTasks(request.data.copy(), instance)
serializer = WorkflowSerializer(instance=instance,
data=d,
partial=True)
serializer.is_valid(raise_exception=True)
self.perform_update(serializer)
History.new(event=History.EDIT, actor=request.user, object=instance)
return Response(serializer.data)
def changepassword(self, request):
''' Allows users to change their own password, after confirming a password recovery.
'''
if request.user.is_authenticated():
return Response({
'error':
"An already logged in user can't recover a password!"
})
hash = request.data.get('hash', None)
new_pass = request.data.get('password', None)
if hash != None and new_pass != None:
try:
ur = UserRecovery.objects.get(hash=hash,
used=False,
validity__gt=timezone.now())
ur.user.set_password(new_pass)
ur.user.save()
ur.used = True
ur.save()
History.new(event=History.EDIT,
actor=ur.user,
object=ur.user,
authorized=[ur.user])
return Response({'success': True})
except UserRecovery.DoesNotExist:
return Response({
'error':
"Either the request does not exist, or it has expired."
})
return Response({'error': "This request is not valid."})
def comment(self, request, hash):
'''
Either returns a list of all comments on a given result, when the type of request is get_full_name
or adds a new comment if the request method is 'post'
'''
# get the file
servefile = Resource.all().get(hash=hash)
if request.method == 'POST':
content = request.data.get('comment', None)
if content:
comm = {
'comment': content,
'user': request.user.id,
'resource': servefile.id
}
#rc = ResourceComment(resource=servefile, user=request.user, comment=content)
rcs = ResourceCommentSerializer(data=comm)
if rcs.is_valid(raise_exception=True):
rcs.save()
History.new(event=History.COMMENT,
actor=request.user,
object=servefile)
return Response({'comment': rcs.data})
return Response({'error': 'Request must contain a comment'})
# else if get
return Response({
'comments':
ResourceCommentSerializer(servefile.resourcecomment_set,
many=True).data
})
def recoverPassword(self, request):
'''
Allows users to ask for password recovery(which needs to be confirmed).
'''
if request.user.is_authenticated():
return Response(
{
'error':
"An already logged in user can't recover a password!"
}, status.HTTP_400_BAD_REQUEST)
email = request.data.get('email', None)
if email != None:
email = email.lower()
try:
user = User.objects.get(email=email)
userRecovery = UserRecovery(user=user)
userRecovery.save()
History.new(event=History.RECOVER,
actor=user,
object=userRecovery,
authorized=[user])
return Response({'success': True}, status.HTTP_200_OK)
except User.DoesNotExist:
pass
return Response(
{'error': "An user with this email does not exist."})
return Response({
'error':
"Email is a mandatory field when a password is recover."
})
def move(self):
'''
Reaccess tasks status (so we can move the state machine forward)
'''
ptasks = self.tasks()
if self.status == Process.WAITING:
watasks = ProcessTask.all(process=self).filter(
status=ProcessTask.WAITING_AVAILABILITY).count()
if watasks == 0:
self.status = Process.RUNNING
self.save()
History.new(event=History.RUN,
actor=self.executioner,
object=self)
self.move()
else:
wlist = ptasks.filter(status=ProcessTask.WAITING)
for ptask in wlist:
move = True
deps = ptask.task.dependencies()
for dep in deps:
pdep = ptasks.get(task=dep.dependency)
if not (pdep.status == ProcessTask.FINISHED
or pdep.status == ProcessTask.CANCELED):
move = False
if ptask.allow_sbe:
ptus = ProcessTaskUser.all(processtask=pdep)
for ptu in ptus:
if ptu.status == ProcessTaskUser.FINISHED or ptu.status == ProcessTaskUser.CANCELED or ptu.finished:
ptask.status = ProcessTask.RUNNING
ptus2 = ProcessTaskUser.all(processtask=ptask)
for ptu2 in ptus2:
if (ptu.user == ptu2.user):
ptu2.status = ProcessTaskUser.RUNNING
ptu2.save()
History.new(event=History.RUN,
actor=ptu.user,
object=ptu,
authorized=[ptu.user],
related=[ptask.process])
ptask.save()
if move:
ptask.status = ProcessTask.RUNNING
ptus = ProcessTaskUser.all(processtask=ptask)
for ptu in ptus:
if ptu.status == ProcessTaskUser.ACCEPTED or ptu.status == ProcessTaskUser.WAITING:
ptu.status = ProcessTaskUser.RUNNING
ptu.save()
ptask.save()
pusers = ptask.users()
for puser in pusers:
History.new(event=History.RUN,
actor=puser.user,
object=puser,
authorized=[puser.user],
related=[ptask.process])
if ptasks.filter(
Q(status=ProcessTask.WAITING)
| Q(status=ProcessTask.RUNNING)
| Q(status=ProcessTask.IMPROVING)).count(
) == 0: # and self.status != Process.FINISHED:
self.status = Process.FINISHED
self.end_date = timezone.now()
History.new(event=History.DONE,
actor=self.executioner,
object=self)
self.save()
