def changePassword(self, request): ''' Allows users to change their own password, after confirming a password recovery. ''' if request.user.is_authenticated(): return Response( { 'error': "An already logged in user can't recover a password!" }, status=status.HTTP_400_BAD_REQUEST) hash = request.data.get('hash', None) new_password = request.data.get('password', None) if hash != None and new_password != None: try: userRecovery = UserRecovery.getUserRecovery(hash=hash) userRecovery.setNewPassword(new_password) History.new(event=History.EDIT, actor=userRecovery.user, object=userRecovery.user, authorized=[userRecovery.user]) return Response({'success': True}, status=status.HTTP_200_OK) except (UserRecovery.DoesNotExist, AttributeError): return Response({ 'error': "Either the request does not exist, or it has expired." }) return Response({'error': "This request is not valid."})
def recover(self, request): ''' Allows users to ask for password recovery(which needs to be confirmed). ''' if request.user.is_authenticated(): return Response({ 'error': "An already logged in user can't recover a password!" }) email = request.data.get('email', None) if email != None: email = email.lower() try: usr = User.objects.get(email=email) ur = UserRecovery(user=usr) ur.save() History.new(event=History.RECOVER, actor=usr, object=ur, authorized=[usr]) return Response({'success': True}) except User.DoesNotExist: pass return Response( {'error': "An user with this email does not exist."})
def retrieve(self, request, *args, **kwargs): """ Retrieve a task details, by id """ History.new(event=History.ACCESS, actor=request.user, object=self.get_object()) return super(TaskViewSet, self).retrieve(request, args, kwargs)
def create(self, request, *args, **kwargs): """ Insert a new workflow """ request.data[u'owner'] = request.user.id d = copy.deepcopy(request.data) request.data.pop('tasks') # first round without tasks, to get reference to workflow instance serializer, headers = create_serializer(self, request) # create tasks... wf = serializer.save() d = self.__linkTasks(d, wf) print d serializer = WorkflowSerializer(instance=wf, data=d, partial=True) serializer.is_valid(raise_exception=True) # add tasks dependencies serializer.save() History.new(event=History.ADD, actor=request.user, object=serializer.instance) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def invite(self, request): ''' Allows a user to register anothers users. Being then put on a waiting list to be approved. ''' userList = [] for usr in request.data: email = usr.get('email', None) password = "******" #Default password, the user will be notice to change it. This needs to be changed if email != None: email = email.lower() try: usr = User.objects.get(email=email) userList += [usr] except User.DoesNotExist: try: usr['first_name'] = usr['firstName'] usr['last_name'] = usr['lastName'] except: usr['first_name'] = "" usr['last_name'] = "" usr['username'] = email[:30] usr['email'] = email usr['profile'] = { 'detail_mode': Profile.get_default_detail_mode() } serializer = UserSerializer(data=usr) valid = serializer.is_valid(raise_exception=True) if valid: new_user = serializer.save() new_user.set_password(password) new_user.is_active = True #I decide let the userbe active in the first place because this is a invite new_user.save() userList += [new_user] ur = UserRecovery(user=new_user) ur.save() History.new(event=History.INVITE, actor=request.user, object=ur, authorized=[new_user]) else: return Response({ 'error': "Email are mandatory fields on registering a new user" }) serializer_context = { 'request': request, } serializerAll = UserSerializer(userList, many=True, context=serializer_context) return Response(serializerAll.data)
def retrieve(self, request, *args, **kwargs): """ Retrieve a resource details, by hash """ History.new(event=History.ACCESS, actor=request.user, object=self.get_object()) return super(ResourceViewSet, self).retrieve(request, args, kwargs)
def register(self, request): ''' Allows users to register themselves. Being then put on a waiting list to be approved. ''' if request.user.is_authenticated(): return Response( { 'error': "An already registered user can't register new users!" }, status.HTTP_400_BAD_REQUEST) dataRequest = request.data.copy() password = dataRequest.pop('password', None) email = dataRequest.get('email', None) if email != None and password != None: email = email.lower() try: user = User.objects.get(email=email) return Response( {'error': "An user with this email already exists"}, status=status.HTTP_400_BAD_REQUEST) except User.DoesNotExist: if (not 'username' in dataRequest): dataRequest['username'] = email[:30] dataRequest['email'] = email serializer = UserSerializer(data=dataRequest, context={'request': request}) user_validated = serializer.is_valid(raise_exception=True) if user_validated: new_user = serializer.save() new_user.set_password(password) new_user.is_active = False new_user.save() staff = User.objects.filter(is_staff=True) History.new(event=History.ADD, actor=new_user, object=new_user, authorized=staff) return Response(serializer.data, status=status.HTTP_201_CREATED) return Response({'error': "User details invalid"}, status=status.HTTP_400_BAD_REQUEST) return Response( { 'error': "Email and password are mandatory fields on registering a new user" }, status=status.HTTP_400_BAD_REQUEST)
def retrieve(self, request, *args, **kwargs): """ Retrieve a form, by id """ instance = self.get_object() History.new(event=History.ACCESS, actor=request.user, object=instance) return Response(FormSerializer(instance).data)
def retrieve(self, request, *args, **kwargs): """ Retrieve a result, by id """ instance = self.get_object() History.new(event=History.ACCESS, actor=request.user, object=instance, related=[instance.processtaskuser.processtask.process]) return super(ResultViewSet, self).retrieve(request, args, kwargs)
def reject(self, comment): self.status = ProcessTaskUser.REJECTED self.save() History.new(event=History.REJECT, actor=self.user, object=self, observations=comment) self.processtask.refreshState() self.processtask.move()
def create(self, request, *args, **kwargs): """ Add a result as a response to a task """ serializer, headers = create_serializer(self, request) History.new(event=History.ADD, actor=request.user, object=serializer.instance) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def retrieve(self, request, *args, **kwargs): """ Retrieve a workflow, by id including related tasks """ History.new(event=History.ACCESS, actor=request.user, object=self.get_object()) return Response(WorkflowDetailSerializer(self.get_object()).data)
def destroy(self, request, *args, **kwargs): """ Delete a form, by id """ instance = self.get_object() instance.removed = True instance.save() History.new(event=History.DELETE, actor=request.user, object=instance) return Response(status=status.HTTP_204_NO_CONTENT)
def update(self, request, *args, **kwargs): """ Update a task """ partial = kwargs.pop('partial', False) instance = self.get_object() serializer = instance.init_serializer(instance=instance, data=request.data, partial=partial) serializer.is_valid(raise_exception=True) self.perform_update(serializer) History.new(event=History.EDIT, actor=request.user, object=instance) return Response(serializer.data)
def fork(self, request, hash=None): """ Duplicates a public or owned workflow, returning the duplicate """ workflow = self.get_object() if workflow.permissions().forkable: new_workflow = workflow.fork(owner=request.user) History.new(event=History.ADD, actor=request.user, object=new_workflow) return Response(WorkflowSerializer(new_workflow).data) return Response({"error": "Workflow isn't forkable"}, 403)
def create(self, request, *args, **kwargs): """ Insert a new Form """ request.data[u'creator'] = request.user.id serializer, headers = create_serializer(self, request) History.new(event=History.ADD, actor=request.user, object=serializer.instance) return Response(serializer.data, status=status.HTTP_201_CREATED, headers=headers)
def register(self, request): ''' Allows users to register themselves. Being then put on a waiting list to be approved. ''' if request.user.is_authenticated(): return Response({ 'error': "An already registered user can't register new users!" }) password = request.data.pop('password', None) email = request.data.get('email', None) if email != None and password != None: email = email.lower() try: usr = User.objects.get(email=email) return Response( {'error': "An user with this email already exists"}) except User.DoesNotExist: request.data['username'] = email[:30] request.data['email'] = email serializer = UserSerializer(data=request.data, context={'request': request}) valid = serializer.is_valid(raise_exception=True) if valid: new_user = serializer.save() new_user.set_password(password) new_user.is_active = False new_user.save() History.new(event=History.ADD, actor=new_user, object=new_user, authorized=User.objects.filter(is_staff=True)) return Response(serializer.data) return Response({'error': "User details invalid"}) return Response({ 'error': "Email and password are mandatory fields on registering a new user" })
def warnLateDeadlines(): allProcess = Process.allWithDelay() for process in allProcess: ptasks = ProcessTask.all(process=process).filter( status=ProcessTask.RUNNING, deadline__lt=timezone.now()) for ptask in ptasks: if ((((ptask.deadline - timezone.now()).days + 1) % process.days_after_delay) == 0): pusers = ptask.users() for puser in pusers: if (puser.finished == False): History.new(event=History.LATE, actor=puser.user, object=puser, authorized=[puser.user], related=[puser.processtask.process])
def resignRejectedUser(self, oldUser, newUser): tasks = ProcessTaskUser.all(processtask=self).filter(user=oldUser) exists = ProcessTaskUser.all(processtask=self).filter( user=newUser).count() if exists == 0 or int(oldUser) == int(newUser): for task in tasks: task.changeUser(newUser) History.new(event=History.ADD, actor=task.processtask.process.executioner, object=task.processtask.process, authorized=[newUser], related=[task.processtask.process]) else: for task in tasks: task.delete() self.save()
def warnBeforeDeadlines(): allProcess = Process.allWithNotificationBeforeDelay() for process in allProcess: ptasks = ProcessTask.all(process=process).filter( status=ProcessTask.RUNNING) for ptask in ptasks: if (((ptask.deadline - timezone.now()).days + 1) == process.days_before_delay): pusers = ptask.users() for puser in pusers: if (puser.finished == False): History.new(event=History.REMAINDER, actor=puser.user, object=puser, authorized=[puser.user], related=[puser.processtask.process])
def update(self, request, *args, **kwargs): """ Update an already existing form """ request.data[u'creator'] = request.user.id instance = self.get_object() serializer = FormSerializer(instance=instance, data=request.data, partial=True) serializer.is_valid(raise_exception=True) self.perform_update(serializer) History.new(event=History.EDIT, actor=request.user, object=instance) return Response(serializer.data)
def submit(self, request, hash=None): """ Submits a result as complete """ result = self.get_object() this_ptu = result.processtaskuser process = this_ptu.processtask.process this_ptu.finish() users = [] auths = this_ptu.processtask.users().order_by('user').distinct('user') for ptu in auths: users.append(ptu.user) users.append(process.executioner) History.new(event=History.ADD, actor=this_ptu.user, object=result, authorized=users, related=[process]) return Response(GenericResultSerializer(self.get_object()).data)
def activate(self, request): '''Activates an inactive user. Can only be used by staff users to activate other users. ''' email = None if request.method == 'GET': email = request.GET.get('email', None) else: email = request.data.get('email', None) if request.user.is_staff and email != None: email = email.lower() try: usr = User.objects.get(email=email) if not usr.is_active: usr.is_active = True usr.save() users = [usr] staff = User.objects.filter(is_staff=True) for user in staff: users.append(user) History.new(event=History.APPROVE, actor=request.user, object=usr, authorized=users) return Response({'success': True}) return Response({'error': 'User already activated'}) except User.DoesNotExist: return Response({ 'error': "Can't activate user, %s it doesn't exist" % email }) return Response({'error': "Invalid or not authorized request"})
def update(self, request, *args, **kwargs): """ Update a existing workflow """ instance = self.get_object() if instance.owner != request.user: raise PermissionDenied # create tasks if they dont exist, and replace links... i couldnt think of a better way to do this... # without implicating several connections. or this d = self.__linkTasks(request.data.copy(), instance) serializer = WorkflowSerializer(instance=instance, data=d, partial=True) serializer.is_valid(raise_exception=True) self.perform_update(serializer) History.new(event=History.EDIT, actor=request.user, object=instance) return Response(serializer.data)
def changepassword(self, request): ''' Allows users to change their own password, after confirming a password recovery. ''' if request.user.is_authenticated(): return Response({ 'error': "An already logged in user can't recover a password!" }) hash = request.data.get('hash', None) new_pass = request.data.get('password', None) if hash != None and new_pass != None: try: ur = UserRecovery.objects.get(hash=hash, used=False, validity__gt=timezone.now()) ur.user.set_password(new_pass) ur.user.save() ur.used = True ur.save() History.new(event=History.EDIT, actor=ur.user, object=ur.user, authorized=[ur.user]) return Response({'success': True}) except UserRecovery.DoesNotExist: return Response({ 'error': "Either the request does not exist, or it has expired." }) return Response({'error': "This request is not valid."})
def comment(self, request, hash): ''' Either returns a list of all comments on a given result, when the type of request is get_full_name or adds a new comment if the request method is 'post' ''' # get the file servefile = Resource.all().get(hash=hash) if request.method == 'POST': content = request.data.get('comment', None) if content: comm = { 'comment': content, 'user': request.user.id, 'resource': servefile.id } #rc = ResourceComment(resource=servefile, user=request.user, comment=content) rcs = ResourceCommentSerializer(data=comm) if rcs.is_valid(raise_exception=True): rcs.save() History.new(event=History.COMMENT, actor=request.user, object=servefile) return Response({'comment': rcs.data}) return Response({'error': 'Request must contain a comment'}) # else if get return Response({ 'comments': ResourceCommentSerializer(servefile.resourcecomment_set, many=True).data })
def recoverPassword(self, request): ''' Allows users to ask for password recovery(which needs to be confirmed). ''' if request.user.is_authenticated(): return Response( { 'error': "An already logged in user can't recover a password!" }, status.HTTP_400_BAD_REQUEST) email = request.data.get('email', None) if email != None: email = email.lower() try: user = User.objects.get(email=email) userRecovery = UserRecovery(user=user) userRecovery.save() History.new(event=History.RECOVER, actor=user, object=userRecovery, authorized=[user]) return Response({'success': True}, status.HTTP_200_OK) except User.DoesNotExist: pass return Response( {'error': "An user with this email does not exist."}) return Response({ 'error': "Email is a mandatory field when a password is recover." })
def move(self): ''' Reaccess tasks status (so we can move the state machine forward) ''' ptasks = self.tasks() if self.status == Process.WAITING: watasks = ProcessTask.all(process=self).filter( status=ProcessTask.WAITING_AVAILABILITY).count() if watasks == 0: self.status = Process.RUNNING self.save() History.new(event=History.RUN, actor=self.executioner, object=self) self.move() else: wlist = ptasks.filter(status=ProcessTask.WAITING) for ptask in wlist: move = True deps = ptask.task.dependencies() for dep in deps: pdep = ptasks.get(task=dep.dependency) if not (pdep.status == ProcessTask.FINISHED or pdep.status == ProcessTask.CANCELED): move = False if ptask.allow_sbe: ptus = ProcessTaskUser.all(processtask=pdep) for ptu in ptus: if ptu.status == ProcessTaskUser.FINISHED or ptu.status == ProcessTaskUser.CANCELED or ptu.finished: ptask.status = ProcessTask.RUNNING ptus2 = ProcessTaskUser.all(processtask=ptask) for ptu2 in ptus2: if (ptu.user == ptu2.user): ptu2.status = ProcessTaskUser.RUNNING ptu2.save() History.new(event=History.RUN, actor=ptu.user, object=ptu, authorized=[ptu.user], related=[ptask.process]) ptask.save() if move: ptask.status = ProcessTask.RUNNING ptus = ProcessTaskUser.all(processtask=ptask) for ptu in ptus: if ptu.status == ProcessTaskUser.ACCEPTED or ptu.status == ProcessTaskUser.WAITING: ptu.status = ProcessTaskUser.RUNNING ptu.save() ptask.save() pusers = ptask.users() for puser in pusers: History.new(event=History.RUN, actor=puser.user, object=puser, authorized=[puser.user], related=[ptask.process]) if ptasks.filter( Q(status=ProcessTask.WAITING) | Q(status=ProcessTask.RUNNING) | Q(status=ProcessTask.IMPROVING)).count( ) == 0: # and self.status != Process.FINISHED: self.status = Process.FINISHED self.end_date = timezone.now() History.new(event=History.DONE, actor=self.executioner, object=self) self.save()