Beispiel #1
0
    def set_access_rules(self, request, pk):
        res, _, _ = authorize(request, pk, full=True, superuser=True)

        access_rules_form = utils.create_form(
            SetAccessRules.SetAccessRulesForm, request)
        if access_rules_form.is_valid():
            r = access_rules_form.cleaned_data

            # get the user or group by ID
            # try username first, then email address, then primary key
            if r['principalType'] == 'user':
                tgt = user_from_id(r['principalID'])
                ret = hydroshare.set_access_rules(user=tgt,
                                                  pk=res,
                                                  access=r['access'],
                                                  allow=r['allow'])
            else:
                tgt = group_from_id(r['principalID'])
                ret = hydroshare.set_access_rules(group=tgt,
                                                  pk=res,
                                                  access=r['access'],
                                                  allow=r['allow'])
        else:
            distribute_form = utils.create_form(
                SetAccessRules.SetDoNotDistributeForm, request)
            if distribute_form.is_valid():
                r = distribute_form.cleaned_data
                ret = hydroshare.set_access_rules(pk=res,
                                                  access=r['access'],
                                                  allow=r['allow'])
            else:
                return HttpResponseBadRequest('Invalid request')

        return HttpResponse(ret, content_type='text/plain')
Beispiel #2
0
    def update_resource(self, pk):
        authorize(self.request, pk, edit=True)

        params = utils.create_form(ResourceCRUD.UpdateResourceForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            res = hydroshare.update_resource(
                pk,
                edit_users=r['edit_users'],
                view_users=r['view_users'],
                edit_groups=r['edit_groups'],
                view_groups=r['view_groups'],
                keywords=r['keywords'],
                dublin_metadata=json.loads(r['dublin_metadata'])
                if r['dublin_metadata'] else {},
                **{
                    k: v
                    for k, v in self.request.REQUEST.items() if k not in r
                })
            return HttpResponse(res.short_id,
                                content_type='text/plain',
                                status='204')
        else:
            raise exceptions.ValidationError(params.errors)
Beispiel #3
0
    def create_account(self):
        if not get_user(self.request).is_superuser:
            if settings.DEBUG or ("hydroshare.org" in self.request.META.get(
                    'HTTP_REFERER', '')):  # fixme insecure vs spoofed header
                active = False
            else:
                raise exceptions.PermissionDenied(
                    "user must be superuser to create an account")
        else:
            active = True

        params = utils.create_form(CreateOrListAccounts.CreateAccountForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            ret = hydroshare.create_account(email=r['email'],
                                            username=r['username'],
                                            first_name=r['first_name'],
                                            last_name=r['last_name'],
                                            superuser=r['superuser'],
                                            password=r['password'],
                                            groups=r['groups'],
                                            active=active)

            return HttpResponse(ret, content_type='text/plain')
Beispiel #4
0
    def get_resource_list(self):
        params = utils.create_form(GetResourceList.GetResourceListForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            if r['dc']:
                r['dc'] = json.loads(r['dc'])
            else:
                r['dc'] = {}

            ret = []
            resource_table = hydroshare.get_resource_list(**r)
            originator = get_user(self.request)

            for resources in resource_table:
                for r in filter(
                        lambda x: x.public or x.view_users.filter(
                            pk=originator.pk).exists() or x.view_groups.
                        filter(pk__in=[g.pk for g in originator.groups.all()]),
                        resources):
                    ret.append(r.short_id)

            return json_or_jsonp(self.request, ret)
        else:
            raise exceptions.ValidationError('invalid request')
Beispiel #5
0
    def create_resource(self):
        if not get_user(self.request).is_authenticated():
            print self.request.user
            raise exceptions.PermissionDenied('user must be logged in.')

        params = utils.create_form(ResourceCRUD.CreateResourceForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            res = hydroshare.create_resource(
                resource_type=r['resource_type'],
                owner=self.request.user,
                title=r['title'],
                edit_users=r['edit_users'],
                view_users=r['view_users'],
                edit_groups=r['edit_groups'],
                view_groups=r['view_groups'],
                keywords=r['keywords'],
                dublin_metadata=json.loads(r['dublin_metadata'])
                if r['dublin_metadata'] else {},
                files=self.request.FILES.values(),
                **{
                    k: v
                    for k, v in self.request.REQUEST.items() if k not in r
                })
            return HttpResponse(res.short_id, content_type='text/plain')
        else:
            raise exceptions.ValidationError(params.errors)
Beispiel #6
0
 def set_resource_owner(self, request, pk):
     res, _, _ = authorize(request, pk, full=True, superuser=True)
     params = utils.create_form(SetResourceOwner.SetResourceOwnerForm,
                                self.request)
     if params.is_valid():
         r = params.cleaned_data
         tgt = user_from_id(r['user'])
         return HttpResponse(hydroshare.set_resource_owner(pk=res,
                                                           user=tgt),
                             content_type='text/plain',
                             status='201')
     else:
         raise exceptions.ValidationError("invalid input parameters")
Beispiel #7
0
 def set_resource_owner(self, request, pk):
     res, _, _ = authorize(request, pk, full=True, superuser=True)
     params = utils.create_form(SetResourceOwner.SetResourceOwnerForm, self.request)
     if params.is_valid():
         r = params.cleaned_data
         tgt = user_from_id(r['user'])
         return HttpResponse(
             hydroshare.set_resource_owner(pk=res, user=tgt),
             content_type='text/plain',
             status='201'
         )
     else:
         raise exceptions.ValidationError("invalid input parameters")
Beispiel #8
0
    def list_groups(self):
        params = utils.create_form(CreateOrListGroups.ListGroupsForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            res = GroupResource()
            bundles = []
            for g in hydroshare.list_groups(r['query'], r['start'], r['count']):
                bundle = res.build_bundle(obj=g, request=self.request)
                bundles.append(res.full_dehydrate(bundle, for_list=True))
            list_json = res.serialize(None, bundles, "application/json")

            return json_or_jsonp(self.request, list_json)
        else:
            raise exceptions.ValidationError('invalid request')
Beispiel #9
0
    def set_access_rules(self, request, pk):
        res, _, _ = authorize(request, pk, full=True, superuser=True)

        access_rules_form = utils.create_form(SetAccessRules.SetAccessRulesForm, request)
        if access_rules_form.is_valid():
            r = access_rules_form.cleaned_data

            # get the user or group by ID
            # try username first, then email address, then primary key
            if r['principalType'] == 'user':
                tgt = user_from_id(r['principalID'])
                ret = hydroshare.set_access_rules(user=tgt, pk=res, access=r['access'], allow=r['allow'])
            else:
                tgt = group_from_id(r['principalID'])
                ret = hydroshare.set_access_rules(group=tgt, pk=res, access=r['access'], allow=r['allow'])
        else:
            distribute_form = utils.create_form(SetAccessRules.SetDoNotDistributeForm, request)
            if distribute_form.is_valid():
                r = distribute_form.cleaned_data
                ret = hydroshare.set_access_rules(pk=res, access=r['access'], allow=r['allow'])
            else:
                return HttpResponseBadRequest('Invalid request')

        return HttpResponse(ret, content_type='text/plain')
Beispiel #10
0
    def create_group(self):
        creator = get_user(self.request)
        if not get_user(self.request).is_authenticated():
            raise exceptions.PermissionDenied("user must be authenticated to create a group.")

        params = utils.create_form(CreateOrListGroups.CreateGroupForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            r['owners'] = set(r['owners']) if r['owners'] else set()
            r['owners'].add(creator)

            g = hydroshare.create_group(**r)
            return HttpResponse(g.name, content_type='text/plain', status='201')
        else:
            raise exceptions.ValidationError('invalid request')
Beispiel #11
0
    def list_groups(self):
        params = utils.create_form(CreateOrListGroups.ListGroupsForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            res = GroupResource()
            bundles = []
            for g in hydroshare.list_groups(r['query'], r['start'],
                                            r['count']):
                bundle = res.build_bundle(obj=g, request=self.request)
                bundles.append(res.full_dehydrate(bundle, for_list=True))
            list_json = res.serialize(None, bundles, "application/json")

            return json_or_jsonp(self.request, list_json)
        else:
            raise exceptions.ValidationError('invalid request')
Beispiel #12
0
    def create_group(self):
        creator = get_user(self.request)
        if not get_user(self.request).is_authenticated():
            raise exceptions.PermissionDenied(
                "user must be authenticated to create a group.")

        params = utils.create_form(CreateOrListGroups.CreateGroupForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            r['owners'] = set(r['owners']) if r['owners'] else set()
            r['owners'].add(creator)

            g = hydroshare.create_group(**r)
            return HttpResponse(g.name,
                                content_type='text/plain',
                                status='201')
        else:
            raise exceptions.ValidationError('invalid request')
Beispiel #13
0
    def update_resource(self, pk):
        authorize(self.request, pk, edit=True)

        params = utils.create_form(ResourceCRUD.UpdateResourceForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            res = hydroshare.update_resource(
                pk,
                edit_users=r['edit_users'],
                view_users=r['view_users'],
                edit_groups=r['edit_groups'],
                view_groups=r['view_groups'],
                keywords=r['keywords'],
                metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {},
                **{k: v for k, v in self.request.REQUEST.items() if k not in r}
            )
            return HttpResponse(res.short_id, content_type='text/plain', status='204')
        else:
            raise exceptions.ValidationError(params.errors)
Beispiel #14
0
    def get_resource_list(self):
        params = utils.create_form(ResourceCRUD.GetResourceListForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            if r['dc']:
                r['dc'] = json.loads(r['dc'])
            else:
                r['dc'] = {}

            ret = []
            resource_table = hydroshare.get_resource_list(**r)
            originator = get_user(self.request)

            for resources in resource_table:
                for r in filter(lambda x: authorize(self.request, x.short_id, view=True), resources):
                    ret.append(r.short_id)

            return json_or_jsonp(self.request, ret)
        else:
            raise exceptions.ValidationError(params.errors)
Beispiel #15
0
    def get_resource_list(self):
        params = utils.create_form(GetResourceList.GetResourceListForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            if r['dc']:
                r['dc'] = json.loads(r['dc'])
            else:
                r['dc'] = {}

            ret = []
            resource_table = hydroshare.get_resource_list(**r)
            originator = get_user(self.request)

            for resources in resource_table:
                for r in filter(lambda x:
                                x.public or
                                x.view_users.filter(pk=originator.pk).exists() or
                                x.view_groups.filter(pk__in=[g.pk for g in originator.groups.all()]), resources):
                    ret.append(r.short_id)

            return json_or_jsonp(self.request, ret)
        else:
            raise exceptions.ValidationError('invalid request')
Beispiel #16
0
    def get_resource_list(self):
        params = utils.create_form(ResourceCRUD.GetResourceListForm,
                                   self.request)
        if params.is_valid():
            r = params.cleaned_data
            if r['dc']:
                r['dc'] = json.loads(r['dc'])
            else:
                r['dc'] = {}

            ret = []
            resource_table = hydroshare.get_resource_list(**r)
            originator = get_user(self.request)

            for resources in resource_table:
                for r in filter(
                        lambda x: authorize(
                            self.request, x.short_id, view=True), resources):
                    ret.append(r.short_id)

            return json_or_jsonp(self.request, ret)
        else:
            raise exceptions.ValidationError(params.errors)
Beispiel #17
0
    def create_account(self):
        if not get_user(self.request).is_superuser:
            if settings.DEBUG or ("hydroshare.org" in self.request.META.get('HTTP_REFERER', '')): # fixme insecure vs spoofed header
                active=False
            else:
                raise exceptions.PermissionDenied("user must be superuser to create an account")
        else:
            active=True

        params = utils.create_form(CreateOrListAccounts.CreateAccountForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            ret = hydroshare.create_account(
                email=r['email'],
                username=r['username'],
                first_name=r['first_name'],
                last_name=r['last_name'],
                superuser=r['superuser'],
                password=r['password'],
                groups=r['groups'],
                active=active
            )

            return HttpResponse(ret, content_type='text/plain')
Beispiel #18
0
    def create_resource(self):
        if not get_user(self.request).is_authenticated():
            print self.request.user
            raise exceptions.PermissionDenied('user must be logged in.')

        params = utils.create_form(ResourceCRUD.CreateResourceForm, self.request)
        if params.is_valid():
            r = params.cleaned_data
            res = hydroshare.create_resource(
                resource_type=r['resource_type'],
                owner=self.request.user,
                title=r['title'],
                edit_users=r['edit_users'],
                view_users=r['view_users'],
                edit_groups=r['edit_groups'],
                view_groups=r['view_groups'],
                keywords=r['keywords'],
                metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {},
                files=self.request.FILES.values(),
                **{k: v for k, v in self.request.REQUEST.items() if k not in r}
            )
            return HttpResponse(res.short_id, content_type='text/plain')
        else:
            raise exceptions.ValidationError(params.errors)