def _authenticate(request, application):
""" Check the authentication of the current user. """
if not request.user.is_authenticated():
return {
'is_applicant': False, 'is_leader': False,
'is_delegate': False, 'is_admin': common.is_admin(request),
}
person = request.user
auth = application.authenticate(person)
auth["is_admin"] = common.is_admin(request)
return auth
def can_edit(self, request):
# The same as can_view, except normal project members cannot edit
person = request.user
if not person.is_authenticated():
return False
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegate==person can edit any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Leader==person can edit projects they lead
if self.projectmembership_set.filter(
person=person,
is_project_leader=True,
).exists():
return True
return False
def user_list(request, queryset=None, title=None):
if queryset is None:
queryset = Person.objects.all()
if not common.is_admin(request):
queryset = queryset.filter(pk=request.user.pk)
queryset = queryset.select_related()
q_filter = PersonFilter(request.GET, queryset=queryset)
table = PersonTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
context = {
'table': table,
'filter': q_filter,
'spec': spec,
'title': title or "Person list",
}
return render(template_name="karaage/people/person_list.html",
context=context,
request=request)
def institute_list(request):
queryset = Institute.objects.all()
if not is_admin(request):
queryset = institute_list.filter(is_active=True,
delegates=request.user)
q_filter = InstituteFilter(request.GET, queryset=queryset)
table = InstituteTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(template_name='karaage/institutes/institute_list.html',
context={
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Institute list",
},
request=request)
def project_list(request, queryset=None):
if queryset is None:
queryset = Project.objects.all()
if not util.is_admin(request):
queryset = queryset.filter(
Q(leaders=request.user, is_active=True)
| Q(institute__delegates=request.user, is_active=True)
| Q(group__members=request.user, is_active=True)).distinct()
queryset = queryset.select_related()
q_filter = ProjectFilter(request.GET, queryset=queryset)
table = ProjectTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render_to_response('karaage/projects/project_list.html', {
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Project list",
},
context_instance=RequestContext(request))
def can_view(self, request):
person = request.user
if not person.is_authenticated:
return False
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegate==person can view any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Leader==person can view projects they lead
tmp = self.leaders.filter(pk=person.pk)
if tmp.count() > 0:
return True
# person can view own projects
tmp = self.group.members.filter(pk=person.pk)
if tmp.count() > 0:
return True
return False
def can_view(self, request):
# if user not authenticated, no access
if not request.user.is_authenticated():
return False
# ensure person making request isn't deleted.
if not request.user.is_active:
return False
# ensure person making request isn't locked.
if request.user.is_locked():
return False
# if user is admin, full access
if is_admin(request):
return True
# ensure this account is not locked
if self.is_locked():
return False
# ensure this account is not deleted
if self.date_deleted is not None:
return False
# ensure person owning account isn't locked.
if self.person.is_locked():
return False
# ensure person owning account isn't deleted.
if not self.person.is_active:
return False
return True
def user_list(request, queryset=None, title=None):
if queryset is None:
queryset = Person.objects.all()
if not common.is_admin(request):
queryset = queryset.filter(pk=request.user.pk)
queryset = queryset.select_related()
filter = PersonFilter(request.GET, queryset=queryset)
table = PersonTable(filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
context = {
'table': table,
'filter': filter,
'spec': spec,
'title': title or "Person list",
}
return render_to_response(
"karaage/people/person_list.html", context,
context_instance=RequestContext(request))
def application_list(request):
""" a user wants to see all applications possible. """
if util.is_admin(request):
queryset = Application.objects.all()
else:
queryset = Application.objects.get_for_applicant(request.user)
filter = ApplicationFilter(request.GET, queryset=queryset)
table = ApplicationTable(filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in filter.form.cleaned_data.iteritems():
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render_to_response(
"applications/application_list.html",
{
'table': table,
'filter': filter,
'spec': spec,
'title': "Application list",
},
context_instance=RequestContext(request))
def can_edit(self, request):
# The same as can_view, except normal project members cannot edit
person = request.user
if not person.is_authenticated:
return False
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegate==person can edit any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Leader==person can edit projects they lead
tmp = self.leaders.filter(pk=person.pk)
if tmp.count() > 0:
return True
return False
def institute_list(request):
queryset = Institute.objects.all()
if not is_admin(request):
queryset = institute_list.filter(
is_active=True, delegates=request.user)
q_filter = InstituteFilter(request.GET, queryset=queryset)
table = InstituteTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(
template_name='karaage/institutes/institute_list.html',
context={
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Institute list",
},
request=request)
def can_view(self, request):
# if user not authenticated, no access
if not request.user.is_authenticated():
return False
# ensure person making request isn't deleted.
if not request.user.is_active:
return False
# ensure person making request isn't locked.
if request.user.is_locked():
return False
# if user is admin, full access
if is_admin(request):
return True
# ensure this account is not locked
if self.is_locked():
return False
# ensure this account is not deleted
if self.date_deleted is not None:
return False
# ensure person owning account isn't locked.
if self.person.is_locked():
return False
# ensure person owning account isn't deleted.
if not self.person.is_active:
return False
return True
def project_list(request, queryset=None):
if queryset is None:
queryset = Project.objects.all()
if not util.is_admin(request):
queryset = queryset.filter(
Q(leaders=request.user, is_active=True) |
Q(institute__delegates=request.user, is_active=True) |
Q(group__members=request.user, is_active=True)).distinct()
queryset = queryset.select_related()
q_filter = ProjectFilter(request.GET, queryset=queryset)
table = ProjectTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(
template_name='karaage/projects/project_list.html',
context={
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Project list",
},
request=request)
def edit_account(request, account_id):
account = get_object_or_404(Account, pk=account_id)
if not account.can_edit(request):
return HttpResponseForbidden(
'<h1>Access Denied</h1>'
'<p>You do not have permission to edit details '
'of this account.</p>')
if common.is_admin(request):
person = account.person
username = account.username
form = AdminAccountForm(
data=request.POST or None,
instance=account, person=person, initial={'username': username})
else:
person = request.user
assert account.person == person
form = UserAccountForm(
data=request.POST or None, instance=account)
if request.method == 'POST':
if form.is_valid():
account = form.save()
person = account.person
return HttpResponseRedirect(person.get_absolute_url())
return render_to_response(
'karaage/machines/account_form.html',
{'form': form, 'person': person, 'account': account},
context_instance=RequestContext(request))
def can_view(self, request):
person = request.user
if not person.is_authenticated:
return False
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegate==person can view any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Leader==person can view projects they lead
tmp = self.leaders.filter(pk=person.pk)
if tmp.count() > 0:
return True
# person can view own projects
tmp = self.group.members.filter(pk=person.pk)
if tmp.count() > 0:
return True
return False
def edit_account(request, account_id):
account = get_object_or_404(Account, pk=account_id)
if not account.can_edit(request):
return HttpResponseForbidden(
'<h1>Access Denied</h1>'
'<p>You do not have permission to edit details '
'of this account.</p>')
if common.is_admin(request):
person = account.person
username = account.username
form = AdminAccountForm(data=request.POST or None,
instance=account,
person=person,
initial={'username': username})
else:
person = request.user
assert account.person == person
form = UserAccountForm(data=request.POST or None, instance=account)
if request.method == 'POST':
if form.is_valid():
account = form.save()
person = account.person
return HttpResponseRedirect(person.get_absolute_url())
return render_to_response('karaage/machines/account_form.html', {
'form': form,
'person': person,
'account': account
},
context_instance=RequestContext(request))
def can_edit(self, request):
# The same as can_view, except normal project members cannot edit
person = request.user
if not person.is_authenticated:
return False
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegate==person can edit any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Leader==person can edit projects they lead
tmp = self.leaders.filter(pk=person.pk)
if tmp.count() > 0:
return True
return False
def application_list(request):
""" a user wants to see all applications possible. """
if util.is_admin(request):
queryset = Application.objects.all()
else:
queryset = Application.objects.get_for_applicant(request.user)
q_filter = ApplicationFilter(request.GET, queryset=queryset)
table = ApplicationTable(q_filter.qs.order_by("-expires"))
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(
template_name="kgapplications/application_list.html",
context={
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Application list",
},
request=request)
def application_list(request):
""" a user wants to see all applications possible. """
if util.is_admin(request):
queryset = Application.objects.all()
else:
queryset = Application.objects.get_for_applicant(request.user)
q_filter = ApplicationFilter(request.GET, queryset=queryset)
table = ApplicationTable(q_filter.qs.order_by("-expires"))
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(template_name="kgapplications/application_list.html",
context={
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Application list",
},
request=request)
def _get_roles_for_request(request, application):
""" Check the authentication of the current user. """
roles = application.get_roles_for_person(request.user)
if common.is_admin(request):
roles.add("is_admin")
roles.add('is_authorised')
return roles
def project_application_partc(request, token):
if is_admin(request):
try:
project_application = get_object_or_404(ProjectApplication,
id=token)
except ValueError:
project_application = get_object_or_404(ProjectApplication,
secret_token=token)
else:
try:
project_application = ProjectApplication.objects.get(
secret_token=token,
state__in=[ProjectApplication.NEW, ProjectApplication.OPEN],
expires__gte=datetime.datetime.now())
except ProjectApplication.DoesNotExist:
return render(
request,
'project_application/old_userapplication.html',
{
'help_email': settings.ACCOUNTS_EMAIL,
},
)
if request.method == 'POST':
form = ProjectApplicationPartCForm(request.POST,
instance=project_application)
if form.is_valid():
project_application = form.save()
messages.info(request, 'Resources: Saved')
if 'menu' in request.POST:
return HttpResponseRedirect(
reverse('project_application_submit',
args=[project_application.secret_token]))
if 'parta' in request.POST:
return HttpResponseRedirect(
reverse('project_application_parta',
args=[project_application.secret_token]))
if 'partb' in request.POST:
return HttpResponseRedirect(
reverse('project_application_partb',
args=[project_application.secret_token]))
if 'partc' in request.POST:
return HttpResponseRedirect(
reverse('project_application_partc',
args=[project_application.secret_token]))
else:
form = ProjectApplicationPartCForm(instance=project_application)
return render(
request,
'project_application/project_application_partc_form.html',
{
'form': form,
'project_application': project_application,
},
)
def software_detail(request, software_id):
if not util.is_admin(request):
return join_package(request, software_id)
software = get_object_or_404(Software, pk=software_id)
return render_to_response(
'software/software_detail.html',
locals(),
context_instance=RequestContext(request))
def _get_roles_for_request(request, application):
""" Check the authentication of the current user. """
roles = application.get_roles_for_person(request.user)
if common.is_admin(request):
roles.add("is_admin")
roles.add('is_authorised')
return roles
def common(request):
""" Set context with common variables. """
ctx = {}
ctx['SHIB_SUPPORTED'] = settings.SHIB_SUPPORTED
ctx['org_name'] = settings.ACCOUNTS_ORG_NAME
ctx['accounts_email'] = settings.ACCOUNTS_EMAIL
ctx['is_admin'] = is_admin(request)
return ctx
def common(request):
""" Set context with common variables. """
ctx = {
'SHIB_SUPPORTED': settings.SHIB_SUPPORTED,
'org_name': settings.ACCOUNTS_ORG_NAME,
'accounts_email': settings.ACCOUNTS_EMAIL,
'is_admin': is_admin(request)
}
return ctx
def requires_attention(self, request):
person = request.user
query = Q(projectapplication__project__in=person.leads.all(), state=ProjectApplication.WAITING_FOR_LEADER)
query = query | Q(
projectapplication__institute__in=person.delegate_for.all(), state=ProjectApplication.WAITING_FOR_DELEGATE
)
if is_admin(request):
query = query | Q(state=Application.WAITING_FOR_ADMIN)
query = query | Q(state=ProjectApplication.DUPLICATE, projectapplication__isnull=False)
return self.get_queryset().filter(query)
def project_application_list(request, queryset=None):
if not is_admin(request):
return HttpResponseRedirect(reverse('linkto_project_application'),
{'custom_footer': custom_footer})
if queryset == None:
queryset = ProjectApplication.objects.all()
q_filter = ProjectApplicationFilter(request.GET, queryset=queryset)
# Want to show application ID but link to use secret token
# so have to remap to 'application_id' here and in tables.py
app_ids = ProjectApplication.objects.values('id',
'secret_token').order_by()
token_ids = {item['id']: item['secret_token'] for item in app_ids}
proj_ids = Project.objects.values('pid', 'id').order_by()
proj_to_id = {item['pid']: item['id'] for item in proj_ids}
results = list(q_filter.qs.all()) # get a copy
for item in results:
if item.id in token_ids:
# monkey patch 'application_id'
item.application_id = token_ids[item.id]
if item.project:
item.project_id = item.project.id
item.pid = item.project.pid
try:
item.supervisor = ProjectApplicationMember.objects.get(
project_application=item.id, is_supervisor=True).__unicode__()
except ProjectApplicationMemebers.DoesNotExist:
pass
table = ProjectApplicationTable(results)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(
request,
'project_application/admin_project_application_list.html',
{
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Project Application list",
'custom_footer': custom_footer,
},
)
def can_edit(self, request):
# if we can't view this account, we can't edit it either
if not self.can_view(request):
return False
if not is_admin(request):
# if not admin, ensure we are the person being altered
if self.person != request.user:
return False
return True
def can_edit(self, request):
# if we can't view this account, we can't edit it either
if not self.can_view(request):
return False
if not is_admin(request):
# if not admin, ensure we are the person being altered
if self.person != request.user:
return False
return True
def can_view(self, request):
from karaage.projects.models import Project
person = request.user
if not person.is_authenticated():
return False
# ensure person making request isn't deleted.
if not person.is_active:
return False
# ensure person making request isn't locked.
if person.is_locked():
return False
# staff members can view everything
if is_admin(request):
return True
# we don't allow people to see inactive accounts.
if not self.is_active:
return False
# person can view own self
if self.id == person.id:
return True
# Institute delegate==person can view any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Institute delegate==person can view people in projects that are a
# member of institute
if Project.objects.filter(group__members=self.id) \
.filter(institute__delegates=person):
return True
# person can view people in projects they belong to
tmp = Project.objects.filter(group__members=self.id) \
.filter(group__members=person.id) \
.filter(is_active=True)
if tmp.count() > 0:
return True
# Leader==person can view people in projects they lead
if Project.objects.filter(
projectmembership__is_project_leader=True,
projectmembership__person=person,
is_active=True,
).exists():
return True
return False
def check_auth(self, request):
"""
to ensure that nobody can get your data via json simply by knowing the
URL. public facing forms should write a custom LookupChannel to
implement as you wish. also you could choose to return
HttpResponseForbidden("who are you?") instead of raising
PermissionDenied (401 response)
"""
if not request.user.is_authenticated():
raise PermissionDenied
if not is_admin(request):
raise PermissionDenied
def requires_attention(self, request):
person = request.user
query = Q(projectapplication__project__in=person.leads.all(),
state=ProjectApplication.WAITING_FOR_LEADER)
query = query | Q(
projectapplication__institute__in=person.delegate_for.all(),
state=ProjectApplication.WAITING_FOR_DELEGATE)
if is_admin(request):
query = query | Q(state=Application.WAITING_FOR_ADMIN)
query = query | Q(state=ProjectApplication.DUPLICATE,
projectapplication__isnull=False)
return self.get_queryset().filter(query)
def check_auth(self, request):
"""
to ensure that nobody can get your data via json simply by knowing the
URL. public facing forms should write a custom LookupChannel to
implement as you wish. also you could choose to return
HttpResponseForbidden("who are you?") instead of raising
PermissionDenied (401 response)
"""
if not request.user.is_authenticated:
raise PermissionDenied
if not is_admin(request):
raise PermissionDenied
def can_view(self, request):
from karaage.projects.models import Project
person = request.user
if not person.is_authenticated():
return False
# ensure person making request isn't deleted.
if not person.is_active:
return False
# ensure person making request isn't locked.
if person.is_locked():
return False
# staff members can view everything
if is_admin(request):
return True
# we don't allow people to see inactive accounts.
if not self.is_active:
return False
# person can view own self
if self.id == person.id:
return True
# Institute delegate==person can view any member of institute
if self.institute.is_active:
if person in self.institute.delegates.all():
return True
# Institute delegate==person can view people in projects that are a
# member of institute
if Project.objects.filter(group__members=self.id) \
.filter(institute__delegates=person):
return True
# person can view people in projects they belong to
tmp = Project.objects.filter(group__members=self.id) \
.filter(group__members=person.id) \
.filter(is_active=True)
if tmp.count() > 0:
return True
# Leader==person can view people in projects they lead
tmp = Project.objects.filter(group__members=self.id) \
.filter(leaders=person.id) \
.filter(is_active=True)
if tmp.count() > 0:
return True
return False
def common(request):
""" Set context with common variables. """
ctx = {
'SHIB_SUPPORTED': settings.SHIB_SUPPORTED,
'org_name': settings.ACCOUNTS_ORG_NAME,
'accounts_email': settings.ACCOUNTS_EMAIL,
'is_admin': is_admin(request),
'kgversion': __version__,
'BUILD_DATE': settings.BUILD_DATE,
'VCS_REF': settings.VCS_REF,
'SLURM_VER': settings.SLURM_VER,
}
return ctx
def common(request):
""" Set context with common variables. """
ctx = {}
ctx['GRAPH_URL'] = settings.GRAPH_URL
ctx['SHIB_SUPPORTED'] = settings.SHIB_SUPPORTED
ctx['org_name'] = settings.ACCOUNTS_ORG_NAME
ctx['accounts_email'] = settings.ACCOUNTS_EMAIL
ctx['is_admin'] = is_admin(request)
for hook in get_hooks("context"):
context = hook(request)
ctx.update(context)
return ctx
def add_edit_project(request, project_id=None):
if project_id is None:
project = None
old_pid = None
flag = 1
else:
project = get_object_or_404(Project, id=project_id)
old_pid = project.pid
flag = 2
if util.is_admin(request):
# JH add initial pid
initial_pid = cutil.getDefaultProjectPid()
form = ProjectForm(instance=project,
data=request.POST or None,
pid_initial=initial_pid)
else:
if not project.can_edit(request):
return HttpResponseForbidden('<h1>Access Denied</h1>')
form = UserProjectForm(instance=project, data=request.POST or None)
if request.method == 'POST':
if form.is_valid():
project = form.save(commit=False)
if project_id is not None:
# if project is being edited, project_id cannot change.
project.pid = old_pid
elif not project.pid:
# if project was being created, did the user give a project_id
# we should use? If not, then we have to generate one
# ourselves.
project.pid = get_new_pid(project.institute)
project.save()
approved_by = request.user
project.activate(approved_by)
form.save_m2m()
if flag == 1:
messages.success(request,
"Project '%s' created succesfully" % project)
else:
messages.success(request,
"Project '%s' edited succesfully" % project)
return HttpResponseRedirect(project.get_absolute_url())
return render_to_response('karaage/projects/project_form.html',
locals(),
context_instance=RequestContext(request))
def common(request):
""" Set context with common variables. """
ctx = {
'AAF_RAPID_CONNECT_ENABLED': settings.AAF_RAPID_CONNECT_ENABLED,
'org_name': settings.ACCOUNTS_ORG_NAME,
'accounts_email': settings.ACCOUNTS_EMAIL,
'is_admin': is_admin(request),
'kgversion': __version__,
'VERSION': settings.VERSION,
'BUILD_DATE': settings.BUILD_DATE,
'VCS_REF': settings.VCS_REF,
'SLURM_VER': settings.SLURM_VER,
}
return ctx
def add_edit_project(request, project_id=None):
if project_id is None:
project = None
old_pid = None
flag = 1
else:
project = get_object_or_404(Project, id=project_id)
old_pid = project.pid
flag = 2
if util.is_admin(request):
# JH add initial pid
initial_pid = cutil.getDefaultProjectPid()
form = ProjectForm(instance=project, data=request.POST or None, pid_initial = initial_pid)
else:
if not project.can_edit(request):
return HttpResponseForbidden('<h1>Access Denied</h1>')
form = UserProjectForm(instance=project, data=request.POST or None)
if request.method == 'POST':
if form.is_valid():
project = form.save(commit=False)
if project_id is not None:
# if project is being edited, project_id cannot change.
project.pid = old_pid
elif not project.pid:
# if project was being created, did the user give a project_id
# we should use? If not, then we have to generate one
# ourselves.
project.pid = get_new_pid(project.institute)
project.save()
approved_by = request.user
project.activate(approved_by)
form.save_m2m()
if flag == 1:
messages.success(
request, "Project '%s' created succesfully" % project)
else:
messages.success(
request, "Project '%s' edited succesfully" % project)
return HttpResponseRedirect(project.get_absolute_url())
return render_to_response(
'karaage/projects/project_form.html',
locals(),
context_instance=RequestContext(request))
def software_detail(request, software_id):
software = get_object_or_404(Software, pk=software_id)
software_license = software.get_current_license()
person = request.user
license_agreements = SoftwareLicenseAgreement.objects \
.filter(person=person, license=software_license)
agreement = None
if license_agreements.count() > 0:
agreement = license_agreements.latest()
# we only list applications for current software license
applications = SoftwareApplication.objects.filter(
software_license__software=software_license)
applications = applications.exclude(state='C')
applications_table = ApplicationTable(applications)
config = tables.RequestConfig(request, paginate={"per_page": 5})
config.configure(applications_table)
open_applications = SoftwareApplication.objects.get_for_applicant(person)
open_applications = open_applications.filter(
software_license=software_license)
if agreement is None and software_license is not None \
and len(open_applications) == 0 and request.method == 'POST':
if software.restricted and not util.is_admin(request):
log.add(software, "New application created for %s" % request.user)
return new_application(request, software_license)
SoftwareLicenseAgreement.objects.create(
person=person,
license=software_license,
date=datetime.datetime.today(),
)
person.add_group(software.group)
log.add(
software,
"Approved join (not restricted) for %s" % request.user)
messages.success(request, "Approved access to %s." % software)
return HttpResponseRedirect(reverse('kg_profile_software'))
return render_to_response(
'kgsoftware/software_detail.html',
locals(),
context_instance=RequestContext(request))
def send_invitation(request, project_id=None):
""" The logged in project leader wants to invite somebody to their project.
"""
project = None
if project_id is not None:
project = get_object_or_404(Project, id=project_id)
if project is None:
if not is_admin(request):
return HttpResponseForbidden('<h1>Access Denied</h1>')
else:
if not project.can_edit(request):
return HttpResponseForbidden('<h1>Access Denied</h1>')
return _send_invitation(request, project)
def send_invitation(request, project_id=None):
""" The logged in project leader wants to invite somebody to their project.
"""
project = None
if project_id is not None:
project = get_object_or_404(Project, pid=project_id)
if project is None:
if not is_admin(request):
return HttpResponseForbidden('<h1>Access Denied</h1>')
else:
if not project.can_edit(request):
return HttpResponseForbidden('<h1>Access Denied</h1>')
return _send_invitation(request, project)
def send_invitation(request, project_id=None):
""" The logged in project leader wants to invite somebody to their project.
"""
if is_admin(request):
project = None
if project_id is not None:
project = get_object_or_404(Project, pid=project_id)
form = forms.AdminInviteUserApplicationForm
else:
person = request.user
project = get_object_or_404(Project, pid=project_id)
if project_id is None:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
if person not in project.leaders.all():
return HttpResponseBadRequest("<h1>Bad Request</h1>")
form = forms.LeaderInviteUserApplicationForm
return _send_invitation(request, project, form)
def project_application_pdf(request, token):
if is_admin(request):
try:
project_application = get_object_or_404(ProjectApplication,
id=token)
except ValueError:
project_application = get_object_or_404(ProjectApplication,
secret_token=token)
else:
try:
project_application = ProjectApplication.objects.get(
secret_token=token, expires__gte=datetime.datetime.now())
except ProjectApplication.DoesNotExist:
return render(
request,
'project_application/old_userapplication.html',
{
'help_email': settings.ACCOUNTS_EMAIL,
},
)
return project_application_to_pdf(project_application)
def software_detail(request, software_id):
software = get_object_or_404(Software, pk=software_id)
software_license = software.get_current_license()
person = request.user
license_agreements = SoftwareLicenseAgreement.objects \
.filter(person=person, license=software_license)
agreement = None
if license_agreements.count() > 0:
agreement = license_agreements.latest()
# we only list applications for current software license
applications = get_applications(software_license)
application_table = get_application_table(request, applications)
open_applications = get_applications_for_person(person, software_license)
if agreement is None and software_license is not None \
and len(open_applications) == 0 and request.method == 'POST':
if software.restricted and not util.is_admin(request):
log.add(software, "New application created for %s" % request.user)
return new_application(request, software_license)
SoftwareLicenseAgreement.objects.create(
person=person,
license=software_license,
date=datetime.datetime.today(),
)
person.add_group(software.group)
log.add(
software,
"Approved join (not restricted) for %s" % request.user)
messages.success(request, "Approved access to %s." % software)
return HttpResponseRedirect(reverse('kg_profile_software'))
return render(
template_name='kgsoftware/software_detail.html',
context=locals(),
request=request)
def software_detail(request, software_id):
software = get_object_or_404(Software, pk=software_id)
software_license = software.get_current_license()
person = request.user
license_agreements = SoftwareLicenseAgreement.objects \
.filter(person=person, license=software_license)
agreement = None
if license_agreements.count() > 0:
agreement = license_agreements.latest()
# we only list applications for current software license
applications = get_applications(software_license)
application_table = get_application_table(request, applications)
open_applications = get_applications_for_person(person, software_license)
if agreement is None and software_license is not None \
and len(open_applications) == 0 and request.method == 'POST':
if software.restricted and not util.is_admin(request):
log.add(software, "New application created for %s" % request.user)
return new_application(request, software_license)
SoftwareLicenseAgreement.objects.create(
person=person,
license=software_license,
date=datetime.datetime.today(),
)
person.add_group(software.group)
log.add(
software,
"Approved join (not restricted) for %s" % request.user)
messages.success(request, "Approved access to %s." % software)
return HttpResponseRedirect(reverse('kg_profile_software'))
return render(
template_name='kgsoftware/software_detail.html',
context=locals(),
request=request)
def software_list(request):
if not util.is_admin(request):
return _software_list_non_admin(request)
queryset = Software.objects.all().select_related()
filter = SoftwareFilter(request.GET, queryset=queryset)
table = SoftwareTable(filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render_to_response('kgsoftware/software_list.html', {
'table': table,
'filter': filter,
'spec': spec,
'title': "Software list",
},
context_instance=RequestContext(request))
def can_view(self, request):
person = request.user
if not person.is_authenticated():
return False
# staff members can view everything
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegates==person can view institute
if person in self.delegates.all():
return True
return False
def software_list(request):
if not util.is_admin(request):
return _software_list_non_admin(request)
queryset = Software.objects.all().select_related()
q_filter = SoftwareFilter(request.GET, queryset=queryset)
table = SoftwareTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render(
template_name='kgsoftware/software_list.html',
context={
'table': table,
'filter': q_filter,
'spec': spec,
'title': "Software list",
},
request=request)
def software_list(request):
if not util.is_admin(request):
return join_package_list(request)
queryset = Software.objects.all().select_related()
filter = SoftwareFilter(request.GET, queryset=queryset)
table = SoftwareTable(filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in filter.form.cleaned_data.iteritems():
if value is not None and value != "":
name = name.replace('_', ' ').capitalize()
spec.append((name, value))
return render_to_response(
'software/software_list.html',
{
'table': table,
'filter': filter,
'spec': spec,
'title': "Software list",
},
context_instance=RequestContext(request))
def can_view(self, request):
person = request.user
if not person.is_authenticated():
return False
# staff members can view everything
if is_admin(request):
return True
if not self.is_active:
return False
if not person.is_active:
return False
if person.is_locked():
return False
# Institute delegates==person can view institute
if person in self.delegates.all():
return True
return False
def project_application_view(request, token):
if is_admin(request):
try:
project_application = get_object_or_404(ProjectApplication,
id=token)
except ValueError:
project_application = get_object_or_404(ProjectApplication,
secret_token=token)
else:
try:
project_application = ProjectApplication.objects.get(
secret_token=token,
state__in=[ProjectApplication.WAITING_FOR_ADMIN],
expires__gte=datetime.datetime.now())
except ProjectApplication.DoesNotExist:
return render(
request,
'project_application/old_userapplication.html',
{
'help_email': settings.ACCOUNTS_EMAIL,
},
)
members = ProjectApplicationMember.objects.filter(
project_application=project_application)
supervisor = members.get(is_supervisor=True)
return render(
request,
'project_application/project_application_view.html',
{
'project_application': project_application,
'members': members,
'supervisor': supervisor,
},
)
def application_list(request):
""" a user wants to see all applications possible. """
if util.is_admin(request):
queryset = Application.objects.all()
else:
queryset = Application.objects.get_for_applicant(request.user)
q_filter = ApplicationFilter(request.GET, queryset=queryset)
table = ApplicationTable(q_filter.qs)
tables.RequestConfig(request).configure(table)
spec = []
for name, value in six.iteritems(q_filter.form.cleaned_data):
if value is not None and value != "":
name = name.replace("_", " ").capitalize()
spec.append((name, value))
return render_to_response(
"kgapplications/application_list.html",
{"table": table, "filter": q_filter, "spec": spec, "title": "Application list"},
context_instance=RequestContext(request),
)
def index(request):
if settings.ADMIN_REQUIRED or is_admin(request):
return admin_index(request)
return render(
template_name='karaage/common/index.html', request=request)
def index(request):
if settings.ADMIN_REQUIRED or is_admin(request):
return admin_index(request)
return render_to_response(
'karaage/common/index.html', context_instance=RequestContext(request))
def project_application_parta(request, token):
if is_admin(request):
try:
project_application = get_object_or_404(ProjectApplication,
id=token)
except ValueError:
project_application = get_object_or_404(ProjectApplication,
secret_token=token)
else:
try:
project_application = ProjectApplication.objects.get(
secret_token=token,
state__in=[ProjectApplication.NEW, ProjectApplication.OPEN],
expires__gte=datetime.datetime.now())
except ProjectApplication.DoesNotExist:
return render(
request,
'project_application/old_userapplication.html',
{
'help_email': settings.ACCOUNTS_EMAIL,
},
)
queryset = ProjectApplicationMember.objects.filter(
project_application=project_application)
# use Selects for Institute, Faculty, Department
# collect all known inst/fac/sch and any saved in application
inst_choice = sorted(
set([('', 'Type here or select from list')] +
list(Institute.objects.values_list('name', 'name')) + list(
queryset.exclude(institute__isnull=True).values_list(
'institute', 'institute'))))
fac_choice = sorted(
set([('', 'Type here or select from list')] + list(
ProjectApplicationFaculty.objects.exclude(
faculty__isnull=True).values_list('faculty', 'faculty')) +
list(
queryset.exclude(
faculty__isnull=True).values_list('faculty', 'faculty'))))
sch_choice = sorted(
set([('', 'Type here or select from list')] + list(
ProjectApplicationFaculty.objects.exclude(
school__isnull=True).values_list('school', 'school')) + list(
queryset.exclude(department__isnull=True).values_list(
'department', 'department'))))
MemberInLineFormSet = inlineformset_factory(
ProjectApplication,
ProjectApplicationMember,
formset=ProjectApplicationMemberFormSet,
form=ProjectApplicationMemberForm,
widgets={
'institute': forms.Select(choices=inst_choice),
'faculty': forms.Select(choices=fac_choice),
'department': forms.Select(choices=sch_choice),
},
can_order=True)
# pass list to javascript
inst_fac_sch = ProjectApplicationFaculty.objects.exclude(
institute__isnull=True)
all_choices = {}
for item in inst_fac_sch:
all_choices.setdefault(item.institute.name,
{}).setdefault(item.faculty or '',
[]).append(item.school or '')
# Add data entered from members
for memb in queryset:
inst = memb.institute or ''
fac = memb.faculty or ''
sch = memb.department or ''
if ((inst not in all_choices) or (fac not in all_choices[inst])
or (sch not in all_choices[inst][fac])):
all_choices.setdefault(inst, {}).setdefault(fac, []).append(sch)
all_choices = json.dumps(all_choices)
if request.method == 'POST':
# is_supervisor are shown as one radio select group
# need to convert back to checkbox POST format
# Process: POST data needs renaming so member forset can
# validate/clean/save. Form clean enforces change of state
# Form validation prevents deleting selected item, so one must always
# be selected (test for this?)
post = request.POST.copy()
if 'is_supervisor' in post.keys():
selected = post['is_supervisor']
post[selected + '-is_supervisor'] = u'on'
member_formset = MemberInLineFormSet(post,
instance=project_application,
queryset=queryset)
if member_formset.is_valid():
member_formset.save()
# catch case where no one selected
if not queryset.filter(is_supervisor=True).exists():
queryset.filter(
email__iexact=project_application.created_by).update(
is_supervisor=True)
messages.info(request, 'Personnel: Saved')
if 'menu' in request.POST:
return HttpResponseRedirect(
reverse('project_application_submit',
args=[project_application.secret_token]))
if 'parta' in request.POST:
return HttpResponseRedirect(
reverse('project_application_parta',
args=[project_application.secret_token]))
if 'partb' in request.POST:
return HttpResponseRedirect(
reverse('project_application_partb',
args=[project_application.secret_token]))
if 'partc' in request.POST:
return HttpResponseRedirect(
reverse('project_application_partc',
args=[project_application.secret_token]))
else:
member_formset = MemberInLineFormSet(instance=project_application,
queryset=queryset)
return render(
request,
'project_application/project_application_parta_form.html',
{
'project_application': project_application,
'member_formset': member_formset,
'all_choices': all_choices,
'help_email': settings.ACCOUNTS_EMAIL,
},
)
def submit_project_application(request, token):
if is_admin(request):
try:
project_application = get_object_or_404(ProjectApplication,
id=token)
except ValueError:
project_application = get_object_or_404(ProjectApplication,
secret_token=token)
else:
try:
project_application = ProjectApplication.objects.get(
secret_token=token,
state__in=[
ProjectApplication.NEW, ProjectApplication.OPEN,
ProjectApplication.WAITING_FOR_ADMIN
],
expires__gte=datetime.datetime.now())
except ProjectApplication.DoesNotExist:
return render(
request,
'project_application/old_userapplication.html',
{
'help_email': settings.ACCOUNTS_EMAIL,
},
)
if project_application.state == ProjectApplication.WAITING_FOR_ADMIN:
return HttpResponseRedirect(
reverse('view_project_application',
args=[project_application.secret_token]))
if project_application.state != ProjectApplication.OPEN:
project_application.state = ProjectApplication.OPEN
project_application.save()
# completeness tests
def partaOK(project_application):
# ppl = project_application.project_application_project_application_member_set.select_related()
ppl = ProjectApplicationMember.objects.filter(
project_application=project_application)
has_all = True
has_supervisor = False
has_leader = False
for prs in ppl:
if not (prs.email and prs.title and prs.first_name
and prs.last_name and prs.institute and prs.faculty
and prs.department and prs.telephone and prs.level
and prs.role):
has_all = False
has_supervisor |= prs.is_supervisor
has_leader |= prs.is_leader
return (has_all and has_supervisor and has_leader)
def partbOK(project_application):
if not (project_application.title and project_application.summary
and project_application.FOR):
return False
return True
def partcOK(project_application):
return True
complete = {
'a': partaOK(project_application),
'b': partbOK(project_application),
'c': partcOK(project_application),
}
complete_all = complete['a'] and complete['b'] and complete['c']
if request.method == 'POST':
form = ProjectApplicationTacForm(request.POST,
instance=project_application,
prefix='tac')
if form.is_valid():
form.save()
if complete_all and project_application.tac:
# if user or admin, change state
if 'action' in request.POST or 'adminsubmit' in request.POST:
project_application.state = ProjectApplication.WAITING_FOR_ADMIN
project_application.submitted_date = datetime.datetime.now(
)
project_application.save()
messages.info(request, 'Application marked as submitted')
elif 'adminunsubmit' in request.POST:
project_application.state = ProjectApplication.OPEN
project_application.save()
messages.info(
request,
'Application has been unsubmitted (marked as open)')
# notifications only if submitted by user
if 'action' in request.POST:
pdf = project_application_to_pdf_doc(project_application)
send_submit_receipt(project_application, pdf)
#TODO: WRONG need to derive url, not hardcode!
link = '%s/apply/%s/' % (settings.REGISTRATION_BASE_URL,
project_application.secret_token)
send_notify_admin(project_application, link)
#NOTE: could go to waiting for review?
project_application.state = ProjectApplication.WAITING_FOR_ADMIN
project_application.save()
return HttpResponseRedirect(
reverse('project_application_done',
args=[project_application.secret_token]))
else:
form = ProjectApplicationTacForm(instance=project_application,
prefix='tac')
return render(
request,
'project_application/submit_project_application_form.html',
{
'help_email': settings.ACCOUNTS_EMAIL,
'project_application': project_application,
'form': form,
'complete': complete,
'complete_all': complete_all,
},
)
