def save(self, **kwargs):
if self.remove:
self.__remove_user()
else:
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# apply same role to forms under the project
for xform in self.project.xform_set.all():
# check if there is xform meta perms set
meta_perms = xform.metadata_set \
.filter(data_type='xform_meta_perms')
if meta_perms:
meta_perm = meta_perms[0].data_value.split("|")
if len(meta_perm) > 1:
if role in [EditorRole, EditorMinorRole]:
role = ROLES.get(meta_perm[0])
elif role in [
DataEntryRole, DataEntryMinorRole,
DataEntryOnlyRole
]:
role = ROLES.get(meta_perm[1])
role.add(self.user, xform)
for dataview in self.project.dataview_set.all():
if dataview.matches_parent:
role.add(self.user, dataview.xform)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def update_role_by_meta_xform_perms(xform):
"""
Updates users role in a xform based on meta permissions set on the form.
"""
# load meta xform perms
metadata = MetaData.xform_meta_permission(xform)
editor_role_list = [EditorRole, EditorMinorRole]
editor_role = {role.name: role for role in editor_role_list}
dataentry_role_list = [
DataEntryMinorRole, DataEntryOnlyRole, DataEntryRole
]
dataentry_role = {role.name: role for role in dataentry_role_list}
if metadata:
meta_perms = metadata.data_value.split('|')
# update roles
users = get_xform_users(xform)
for user in users:
role = users.get(user).get('role')
if role in editor_role:
role = ROLES.get(meta_perms[0])
role.add(user, xform)
if role in dataentry_role:
role = ROLES.get(meta_perms[1])
role.add(user, xform)
def save(self, **kwargs):
if self.remove:
self.__remove_user()
else:
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# apply same role to forms under the project
for xform in self.project.xform_set.all():
# check if there is xform meta perms set
meta_perms = xform.metadata_set \
.filter(data_type='xform_meta_perms')
if meta_perms:
meta_perm = meta_perms[0].data_value.split("|")
if len(meta_perm) > 1:
if role in [EditorRole, EditorMinorRole]:
role = ROLES.get(meta_perm[0])
elif role in [DataEntryRole, DataEntryMinorRole,
DataEntryOnlyRole]:
role = ROLES.get(meta_perm[1])
role.add(self.user, xform)
for dataview in self.project.dataview_set.all():
if dataview.matches_parent:
role.add(self.user, dataview.xform)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def update_role_by_meta_xform_perms(xform):
"""
Updates users role in a xform based on meta permissions set on the form.
"""
# load meta xform perms
metadata = MetaData.xform_meta_permission(xform)
editor_role_list = [EditorRole, EditorMinorRole]
editor_role = {role.name: role for role in editor_role_list}
dataentry_role_list = [
DataEntryMinorRole, DataEntryOnlyRole, DataEntryRole
]
dataentry_role = {role.name: role for role in dataentry_role_list}
if metadata:
meta_perms = metadata.data_value.split('|')
# update roles
users = get_xform_users(xform)
for user in users:
role = users.get(user).get('role')
if role in editor_role:
role = ROLES.get(meta_perms[0])
role.add(user, xform)
if role in dataentry_role:
role = ROLES.get(meta_perms[1])
role.add(user, xform)
def validate(self, attrs):
"""
Validate url if we are adding a media uri instead of a media file
"""
value = attrs.get('data_value')
data_type = attrs.get('data_type')
data_file = attrs.get('data_file')
if not ('project' in attrs or 'xform' in attrs or 'instance' in attrs):
raise serializers.ValidationError({
'missing_field':
_(u"`xform` or `project` or `instance`"
"field is required.")
})
if data_type == 'media' and data_file is None:
try:
URLValidator()(value)
except ValidationError:
parts = value.split()
if len(parts) < 3:
raise serializers.ValidationError({
'data_value':
_(u"Expecting 'xform [xform id] [media name]' "
"or 'dataview [dataview id] [media name]' "
"or a valid URL.")
})
obj = get_linked_object(parts)
if obj:
xform = obj.xform if isinstance(obj, DataView) else obj
request = self.context['request']
user_has_role = ManagerRole.user_has_role
has_perm = user_has_role(request.user, xform) or \
user_has_role(request.user, obj.project)
if not has_perm:
raise serializers.ValidationError({
'data_value':
_(u"User has no permission to "
"the dataview.")
})
else:
raise serializers.ValidationError(
{'data_value': _(u"Invalid url '%s'." % value)})
else:
# check if we have a value for the filename.
if not os.path.basename(urlparse(value).path):
raise serializers.ValidationError({
'data_value':
_(u"Cannot get filename from URL %s. URL should "
u"include the filename e.g "
u"http://example.com/data.csv" % value)
})
if data_type == XFORM_META_PERMS:
perms = value.split('|')
if len(perms) != 2 or not set(perms).issubset(set(ROLES.keys())):
raise serializers.ValidationError(
_(u"Format 'role'|'role' or Invalid role"))
return attrs
def members(self, request, *args, **kwargs):
organization = self.get_object()
status_code = status.HTTP_200_OK
data = []
username = request.DATA.get('username') or request.QUERY_PARAMS.get(
'username')
if request.method in ['DELETE', 'POST', 'PUT'] and not username:
status_code = status.HTTP_400_BAD_REQUEST
data = {'username': [_(u"This field is required.")]}
elif request.method == 'POST':
data, status_code = _add_username_to_organization(
organization, username)
elif request.method == 'PUT':
role = request.DATA.get('role')
role_cls = ROLES.get(role)
if not role or not role_cls:
status_code = status.HTTP_400_BAD_REQUEST
message = (_(u"'%s' is not a valid role." %
role) if role else _(u"This field is required."))
data = {'role': [message]}
else:
_update_username_role(organization, username, role_cls)
elif request.method == 'DELETE':
data, status_code = _remove_username_to_organization(
organization, username)
if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]:
members = get_organization_members(organization)
data = [u.username for u in members]
return Response(data, status=status_code)
def __remove_user(self):
role = ROLES.get(self.role)
if role and self.user and self.project:
remove_xform_permissions(self.project, self.user, role)
remove_dataview_permissions(self.project, self.user, role)
role._remove_obj_permissions(self.user, self.project)
def set_project_perms_to_xform(xform, project):
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(project,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user != xform.created_by:
role.add(user, xform)
else:
OwnerRole.add(user, xform)
def __remove_user(self):
role = ROLES.get(self.role)
if role and self.user and self.project:
remove_xform_permissions(self.project, self.user, role)
remove_dataview_permissions(self.project, self.user, role)
role._remove_obj_permissions(self.user, self.project)
def members(self, request, *args, **kwargs):
organization = self.get_object()
status_code = status.HTTP_200_OK
data = []
username = request.DATA.get('username') or request.QUERY_PARAMS.get(
'username')
if request.method in ['DELETE', 'POST', 'PUT'] and not username:
status_code = status.HTTP_400_BAD_REQUEST
data = {'username': [_(u"This field is required.")]}
elif request.method == 'POST':
data, status_code = _add_username_to_organization(
organization, username)
elif request.method == 'PUT':
role = request.DATA.get('role')
role_cls = ROLES.get(role)
if not role or not role_cls:
status_code = status.HTTP_400_BAD_REQUEST
message = (_(u"'%s' is not a valid role." % role) if role
else _(u"This field is required."))
data = {'role': [message]}
else:
_update_username_role(organization, username, role_cls)
elif request.method == 'DELETE':
data, status_code = _remove_username_to_organization(
organization, username)
if status_code in [status.HTTP_200_OK, status.HTTP_201_CREATED]:
members = get_organization_members(organization)
data = [u.username for u in members]
return Response(data, status=status_code)
def save(self, **kwargs):
if self.remove:
return self.remove_team()
role = ROLES.get(self.role)
if role and self.team and self.project:
role.add(self.team, self.project)
def remove_team(self):
role = ROLES.get(self.role)
if role and self.team and self.project:
role._remove_obj_permissions(self.team, self.project)
for xform in self.project.xform_set.all():
role._remove_obj_permissions(self.team, xform)
def remove_user(self):
role = ROLES.get(self.role)
if role and self.user and self.project:
role._remove_obj_permissions(self.user, self.project)
# remove role from project forms as well
for xform in self.project.xform_set.all():
role._remove_obj_permissions(self.user, xform)
def save(self, **kwargs):
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# add readonly role to forms under the project
for px in self.project.projectxform_set.all():
ReadOnlyRole.add(self.user, px.xform)
def remove_user(self):
role = ROLES.get(self.role)
if role and self.user and self.project:
role._remove_obj_permissions(self.user, self.project)
# remove role from project forms as well
for xform in self.project.xform_set.all():
role._remove_obj_permissions(self.user, xform)
def save(self, **kwargs):
role = ROLES.get(self.role)
# # check if there is xform meta perms set
meta_perms = self.xform.metadata_set\
.filter(data_type='xform_meta_perms')
if meta_perms:
meta_perm = meta_perms[0].data_value.split("|")
if len(meta_perm) > 1:
if role in [EditorRole, EditorMinorRole]:
role = ROLES.get(meta_perm[0])
elif role in [DataEntryRole, DataEntryMinorRole,
DataEntryOnlyRole]:
role = ROLES.get(meta_perm[1])
if role and self.user and self.xform:
role.add(self.user, self.xform)
def save(self, **kwargs):
if self.remove:
return self.remove_team()
role = ROLES.get(self.role)
if role and self.team and self.project:
role.add(self.team, self.project)
for xform in self.project.xform_set.all():
role.add(self.team, xform)
def remove_team(self):
role = ROLES.get(self.role)
if role and self.team and self.project:
role._remove_obj_permissions(self.team, self.project)
for xform in self.project.xform_set.all():
role._remove_obj_permissions(self.team, xform)
for dataview in self.project.dataview_set.all():
role._remove_obj_permissions(self.team, dataview.xform)
def save(self, **kwargs):
role = ROLES.get(self.role)
# # check if there is xform meta perms set
meta_perms = self.xform.metadata_set\
.filter(data_type='xform_meta_perms')
if meta_perms:
meta_perm = meta_perms[0].data_value.split("|")
if len(meta_perm) > 1:
if role in [EditorRole, EditorMinorRole]:
role = ROLES.get(meta_perm[0])
elif role in [
DataEntryRole, DataEntryMinorRole, DataEntryOnlyRole
]:
role = ROLES.get(meta_perm[1])
if role and self.user and self.xform:
role.add(self.user, self.xform)
def set_project_perms_to_xform(xform, project):
"""
Apply project permissions to a form, this usually happens when a new form
is being published or it is being moved to a new project.
"""
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
# clear existing permissions
for perm in get_object_users_with_permissions(xform,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if role and (user != xform.user and project.user != user
and project.created_by != user):
role.remove_obj_permissions(user, xform)
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(project,
with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user == xform.created_by:
OwnerRole.add(user, xform)
else:
if role:
role.add(user, xform)
def set_project_perms_to_xform(xform, project):
"""
Apply project permissions to a form, this usually happens when a new form
is being published or it is being moved to a new project.
"""
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
# clear existing permissions
for perm in get_object_users_with_permissions(
xform, with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if role and (user != xform.user and project.user != user and
project.created_by != user):
role.remove_obj_permissions(user, xform)
owners = project.organization.team_set.filter(
name="{}#{}".format(project.organization.username, OWNER_TEAM_NAME),
organization=project.organization)
if owners:
OwnerRole.add(owners[0], xform)
for perm in get_object_users_with_permissions(
project, with_group_users=True):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user == xform.created_by:
OwnerRole.add(user, xform)
else:
if role:
role.add(user, xform)
def _set_organization_role_to_user(organization, user, role):
role_cls = ROLES.get(role)
role_cls.add(user, organization)
owners_team = get_organization_owners_team(organization)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
def save(self, **kwargs):
if self.remove:
self.remove_user()
else:
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# add readonly role to forms under the project
for xform in self.project.xform_set.all():
ReadOnlyRole.add(self.user, xform)
def save(self, **kwargs):
if self.remove:
self.remove_user()
else:
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# apply same role to forms under the project
for xform in self.project.xform_set.all():
role.add(self.user, xform)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def _set_organization_role_to_user(organization, user, role):
role_cls = ROLES.get(role)
role_cls.add(user, organization)
owners_team = get_organization_owners_team(organization)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
# add user to org projects
for project in organization.user.project_org.all():
ShareProject(project, user.username, role).save()
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
def save(self, **kwargs):
if self.remove:
self.remove_user()
else:
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
# apply same role to forms under the project
for xform in self.project.xform_set.all():
role.add(self.user, xform)
# clear cache
safe_delete('{}{}'.format(PROJ_PERM_CACHE, self.project.pk))
def _check_set_role(request, organization, username, required=False):
"""
Confirms the role and assigns the role to the organization
"""
role = request.data.get('role')
role_cls = ROLES.get(role)
if not role or not role_cls:
if required:
message = (_(u"'%s' is not a valid role." %
role) if role else _(u"This field is required."))
else:
message = _(u"'%s' is not a valid role." % role)
return status.HTTP_400_BAD_REQUEST, {'role': [message]}
else:
data, status_code = _update_username_role(organization, username,
role_cls)
if status_code not in [status.HTTP_200_OK, status.HTTP_201_CREATED]:
return (status_code, data)
owners_team = get_organization_owners_team(organization)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
data = {
'username': [
_(u"User `%(username)s` does not exist." %
{'username': username})
]
}
return (status.HTTP_400_BAD_REQUEST, data)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
return (status.HTTP_200_OK, []) if request.method == 'PUT' \
else (status.HTTP_201_CREATED, [])
def set_project_perms_to_xform(xform, project):
# allows us to still use xform.shared and xform.shared_data as before
# only switch if xform.shared is False
xform_is_shared = xform.shared or xform.shared_data
if not xform_is_shared and project.shared != xform.shared:
xform.shared = project.shared
xform.shared_data = project.shared
xform.save()
for perm in get_object_users_with_permissions(project):
user = perm['user']
role_name = perm['role']
role = ROLES.get(role_name)
if user != xform.created_by:
role.add(user, xform)
else:
OwnerRole.add(user, xform)
def remove_user_from_organization(organization, user):
"""Remove a user from an organization"""
team = get_organization_members_team(organization)
remove_user_from_team(team, user)
owners_team = get_organization_owners_team(organization)
remove_user_from_team(owners_team, user)
role = get_role_in_org(user, organization)
role_cls = ROLES.get(role)
if role_cls:
# Remove object permissions
role_cls.remove_obj_permissions(user, organization)
role_cls.remove_obj_permissions(user, organization.userprofile_ptr)
# Remove user from all org projects
for project in organization.user.project_org.all():
ShareProject(project, user.username, role, remove=True).save()
def _check_set_role(request, organization, username, required=False):
"""
Confirms the role and assigns the role to the organization
"""
role = request.DATA.get('role')
role_cls = ROLES.get(role)
if not role or not role_cls:
if required:
message = (_(u"'%s' is not a valid role." % role) if role
else _(u"This field is required."))
else:
message = _(u"'%s' is not a valid role." % role)
return status.HTTP_400_BAD_REQUEST, {'role': [message]}
else:
_update_username_role(organization, username, role_cls)
owners_team = get_organization_owners_team(organization)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
data = {'username': [_(u"User `%(username)s` does not exist."
% {'username': username})]}
return (status.HTTP_400_BAD_REQUEST, data)
# add the owner to owners team
if role == OwnerRole.name:
add_user_to_team(owners_team, user)
if role != OwnerRole.name:
remove_user_from_team(owners_team, user)
return (status.HTTP_200_OK, []) if request.method == 'PUT' \
else (status.HTTP_201_CREATED, [])
def save(self, **kwargs):
role = ROLES.get(self.role)
if role and self.user and self.xform:
role.add(self.user, self.xform)
def remove_team(self):
role = ROLES.get(self.role)
if role and self.team and self.project:
role._remove_obj_permissions(self.team, self.project)
def _set_xform_permission(role, user, xform):
role_class = ROLES.get(role)
if role_class:
role_class.add(user, xform)
def _set_xform_permission(role, user, xform):
role_class = ROLES.get(role)
if role_class:
role_class.add(user, xform)
def remove_user(self):
role = ROLES.get(self.role)
if role and self.user and self.project:
role._remove_obj_permissions(self.user, self.project)
def save(self, **kwargs):
role = ROLES.get(self.role)
if role and self.user and self.project:
role.add(self.user, self.project)
