def index(self):
if not request.environ.get('repoze.who.identity'):
abort(401, "Not Authorised")
ident = request.environ.get('repoze.who.identity')
c.ident = ident
c.granary_list = ag.authz(ident, permission=['administrator', 'manager'])
http_method = request.environ['REQUEST_METHOD']
if http_method == 'GET':
if not 'administrator' in ident['permissions'] and not 'manager' in ident['permissions']:
abort(403, "Do not have administrator or manager credentials")
else:
if not 'administrator' in ident['permissions']:
abort(403, "Do not have administrator credentials")
if http_method == "GET":
#c.granary = ag.granary
# conneg return
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
return render("/admin_silos.html")
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(list(c.granary_list))
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/html
return render("admin_silos.html")
elif http_method == "POST":
params = request.POST
if 'silo' in params:
if ag.granary.issilo(params['silo']):
abort(403, "The silo %s exists"%params['silo'])
if not allowable_id2(params['silo']):
response.content_type = "text/plain"
response.status_int = 400
response.status = "400 Bad request. Silo name not valid"
return "Silo name can contain only the following characters - %s and has to be more than 1 character"%ag.naming_rule_humanized
#NOTE:
#If any userid in params['administrators']/params['managers']/params['submitters'] does not exist, return 403
#if administartor list is empty, append current user to administartor list
#Owner is the superset of adminstrators, managers and submitters
existing_users = list_usernames()
owners = []
admins = []
managers = []
submitters = []
#if 'owners' in params and params['owners']:
# owners = [x.strip() for x in kw['owners'].split(",") if x]
if 'administrators' in params and params['administrators']:
admins = [x.strip() for x in params['administrators'].split(",") if x]
owners.extend(admins)
if 'managers' in params and params['managers']:
managers = [x.strip() for x in params['managers'].split(",") if x]
owners.extend(managers)
if 'submitters' in params and params['submitters']:
submitters = [x.strip() for x in params['submitters'].split(",") if x]
owners.extend(submitters)
if not admins:
owners.append(ident['user'].user_name)
admins.append(ident['user'].user_name)
owners = list(set(owners))
for o in owners:
if not o in existing_users:
abort (403, "User %s does not exist"%o)
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
# Create new silo
silo = params['silo']
g_root = config.get("granary.uri_root", "info:")
c.silo = ag.granary.get_rdf_silo(silo, uri_base="%s%s/datasets/" % (g_root, silo))
ag.granary._register_silos()
kw = {}
for term in accepted_params:
if term in params:
kw[term] = params[term]
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
du = ag.granary.disk_usage_silo(silo)
kw['disk_usage'] = du
ag.granary.describe_silo(silo, **kw)
ag.granary.sync()
# Add silo to database
add_silo(silo)
try:
ag.b.silo_creation(silo, ident=ident['repoze.who.userid'])
except:
pass
#Add users belonging to the silo, to the database
all_silo_users = []
for a in admins:
all_silo_users.append((a, 'administrator'))
for a in managers:
all_silo_users.append((a, 'manager'))
for a in submitters:
all_silo_users.append((a, 'submitter'))
add_group_users(params['silo'], all_silo_users)
ag.granary.state.revert()
ag.granary._register_silos()
# conneg return
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
redirect(url(controller="datasets", action="siloview", silo=silo))
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = "text/plain"
response.status_int = 201
response.status = "201 Created"
response.headers['Content-Location'] = url(controller="datasets", action="siloview", silo=silo)
return "201 Created Silo %s" % silo
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
# Whoops - nothing satisfies - return text/plain
response.content_type = "text/plain"
response.status_int = 201
response.status = "201 Created"
response.headers['Content-Location'] = url(controller="datasets", action="siloview", silo=silo)
return "201 Created Silo %s" % silo
else:
response.content_type = "text/plain"
response.status_int = 400
response.status = "400 Bad Request"
return "400 Bad request. No valid parameters found."
def siloview(self, silo):
if not request.environ.get('repoze.who.identity'):
abort(401, "Not Authorised")
if not ag.granary.issilo(silo):
abort(404)
ident = request.environ.get('repoze.who.identity')
c.ident = ident
c.silo = silo
silos = ag.authz(ident, permission=['administrator', 'manager'])
if not silo in silos:
abort(403, "Do not have administrator or manager credentials for silo %s"%silo)
user_groups = list_user_groups(ident['user'].user_name)
if ('*', 'administrator') in user_groups:
#User is super user
c.roles = ["admin", "manager", "user"]
elif (silo, 'administrator') in user_groups:
c.roles = ["admin", "manager", "user"]
elif (silo, 'manager') in user_groups:
c.roles = ["manager", "user"]
else:
abort(403, "Do not have administrator or manager credentials for silo %s"%silo)
http_method = request.environ['REQUEST_METHOD']
c.kw = ag.granary.describe_silo(silo)
if http_method == "GET":
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
return render("/admin_siloview.html")
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(dict(c.kw))
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/html
return render("/admin_siloview.html")
elif http_method == "POST":
params = request.POST
#Get existing owners, admins, managers and submitters
owners = []
admins = []
managers = []
submitters = []
if 'owners' in c.kw and c.kw['owners']:
owners = [x.strip() for x in c.kw['owners'].split(",") if x]
if 'administrators' in c.kw and c.kw['administrators']:
admins = [x.strip() for x in c.kw['administrators'].split(",") if x]
if 'managers' in c.kw and c.kw['managers']:
managers = [x.strip() for x in c.kw['managers'].split(",") if x]
if 'submitters' in c.kw and c.kw['submitters']:
submitters = [x.strip() for x in c.kw['submitters'].split(",") if x]
#Get new members
new_owners = []
#Get new admins
new_admins = []
if 'administrators' in params and params['administrators']:
returned_admins = [x.strip() for x in params['administrators'].split(",") if x]
new_admins = [x for x in returned_admins if not x in admins]
new_owners.extend(new_admins)
#Get new managers
new_managers = []
if 'managers' in params and params['managers']:
returned_managers = [x.strip() for x in params['managers'].split(",") if x]
new_managers = [x for x in returned_managers if not x in managers]
new_owners.extend(new_managers)
#Get new submitters
new_submitters = []
if 'submitters' in params and params['submitters']:
returned_submitters = [x.strip() for x in params['submitters'].split(",") if x]
new_submitters = [x for x in returned_submitters if not x in submitters]
new_owners.extend(new_submitters)
#Check if the new members exist. If not return 403
existing_users = list_usernames()
new_owners = list(set(new_owners))
for o in new_owners:
if not o in existing_users:
abort (403, "User %s does not exist"%o)
if new_admins and not 'admin' in c.roles:
abort (403, "Only administrators can assing users to role 'administrator'")
owners.extend(new_owners)
new_admins = list(set(new_admins))
admins.extend(new_admins)
new_managers = list(set(new_managers))
managers.extend(new_managers)
new_submitters = list(set(new_submitters))
submitters.extend(new_submitters)
# Update silo info
updateMetadata = False
for term in accepted_params:
if term in params and not term in ['owners', 'administrators', 'managers', 'submitters'] and params[term]:
c.kw[term] = params[term]
updateMetadata = True
if new_owners or new_admins or new_managers or new_submitters or updateMetadata:
new_silo_users = []
if new_owners:
c.kw['owners'] = ','.join(owners)
if new_admins:
c.kw['administrators'] = ','.join(admins)
for a in new_admins:
new_silo_users.append((a, 'administrator'))
if new_managers:
c.kw['managers'] = ','.join(managers)
for a in new_managers:
new_silo_users.append((a, 'manager'))
if new_submitters:
c.kw['submitters'] = ','.join(submitters)
for a in new_submitters:
new_silo_users.append((a, 'submitter'))
#Add metadat changes to the silo
ag.granary.describe_silo(silo, **c.kw)
ag.granary.sync()
#Add new silo users into database
if new_silo_users:
add_group_users(silo, new_silo_users)
if updateMetadata:
try:
ag.b.silo_change(silo, ident=ident['repoze.who.userid'])
except:
pass
# conneg return
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
c.message = "Metadata updated"
c.kw = ag.granary.describe_silo(silo)
return render("/admin_siloview.html")
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = "text/plain"
response.status_int = 204
response.status = "204 Updated"
#return "Updated Silo %s" % silo
return
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
# Whoops - nothing satisfies - return text/plain
response.content_type = "text/plain"
response.status_int = 204
response.status = "204 Updated"
return
elif http_method == "DELETE":
# Deletion of an entire Silo...
# Serious consequences follow this action
# Walk through all the items, emit a delete msg for each
# and then remove the silo
todelete_silo = ag.granary.get_rdf_silo(silo)
#for item in todelete_silo.list_items():
# try:
# ag.b.deletion(silo, item, ident=ident['repoze.who.userid'])
# except:
# pass
ag.granary.delete_silo(silo)
try:
ag.b.silo_deletion(silo, ident=ident['repoze.who.userid'])
except:
pass
try:
del ag.granary.state[silo]
except:
pass
ag.granary.sync()
ag.granary._register_silos()
#Delete silo from database
delete_silo(silo)
# conneg return
accept_list = None
response.content_type = "text/plain"
response.status_int = 200
response.status = "200 OK"
return "{'ok':'true'}"
def sync_members(g):
# NOTE: g._register_silos() IS AN EXPENSIVE OPERATION.
# THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY
#g = ag.granary
g.state.revert()
g._register_silos()
granary_list = g.silos
granary_list_database = list_silos()
usernames = list_usernames()
for silo in granary_list:
if not silo in granary_list_database:
add_silo(silo)
kw = g.describe_silo(silo)
#Get existing owners, admins, managers and submitters from silo metadata
owners = []
admins = []
managers = []
submitters = []
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
# Check users in silo metadata are valid users
owners = [x for x in owners if x in usernames]
admins = [x for x in admins if x in usernames]
managers = [x for x in managers if x in usernames]
submitters = [x for x in submitters if x in usernames]
#Synchronize members in silo metadata with users in database
d_admins = []
d_managers = []
d_sunbmitters = []
if silo in granary_list_database:
d_admins, d_managers, d_submitters = list_group_usernames(silo)
admins.extend(d_admins)
managers.extend(d_managers)
submitters.extend(d_submitters)
# Ensure users are listed just once in silo metadata and owner is superset
owners.extend(admins)
owners.extend(managers)
owners.extend(submitters)
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
owners = list(set(owners))
# Add users in silo metadata to the database
new_silo_users = []
for a in admins:
if not a in d_admins:
new_silo_users.append((a, 'administrator'))
for a in managers:
if not a in d_managers:
new_silo_users.append((a, 'manager'))
for a in new_submitters:
if not a in d_submitters:
new_silo_users.append((a, 'submitter'))
if new_silo_users:
add_group_users(silo, new_silo_users)
#Write members into silo
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
g.describe_silo(silo, **kw)
g.sync()
return
def silouserview(self, silo, username):
if not request.environ.get('repoze.who.identity'):
abort(401, "Not Authorised")
if not ag.granary.issilo(silo):
abort(404)
ident = request.environ.get('repoze.who.identity')
http_method = request.environ['REQUEST_METHOD']
if http_method == 'GET':
silos = ag.authz(ident)
if not silo in silos:
abort(403, "User is not a member of the silo %s"%silo)
if not ('administrator' in ident['permissions'] or \
'manager' in ident['permissions'] or ident['user'].user_name == username):
abort(403, "Do not have administrator or manager credentials to view profiles of other users")
else:
silos = ag.authz(ident, permission=['administrator', 'manager'])
if not silo in silos:
abort(403, "Do not have administrator or manager credentials for silo %s"%silo)
if not ('administrator' in ident['permissions'] or 'manager' in ident['permissions']):
abort(403, "Do not have administrator or manager credentials")
existing_users = list_usernames()
if not username in existing_users:
abort(404, "User not found")
c.ident = ident
c.silo = silo
c.username = username
if http_method == "GET":
a, m, s = list_group_usernames(silo)
if not (username in a or username in m or username in s):
abort(404, "User not found in silo")
c.user = list_user(username)
#if 'groups' in c.user and c.user['groups']:
# for i in c.user['groups']:
# if i[0] != silo:
# c.user['groups'].remove(i)
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
return render("/silo_user.html")
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(c.user)
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/plain
response.content_type = 'application/json; charset="UTF-8"'
response.status_int = 200
response.status = "200 OK"
return simplejson.dumps(c.user)
elif http_method == "POST":
params = request.POST
if not ('role' in params and params['role'] and params['role'] in ['administrator', 'manager', 'submitter']):
abort(400, "Parameters 'role' not found or is invalid")
kw = ag.granary.describe_silo(silo)
#Get existing owners, admins, managers and users
owners = []
admins = []
managers = []
submitters = []
if 'owners' in kw and kw['owners']:
owners = [x.strip() for x in kw['owners'].split(",") if x]
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
to_remove = []
to_add = []
if params['role'] == 'administrator':
if not 'administrator' in ident['permissions']:
abort(403, "Need to be administrator to add user to role admin")
if not username in admins:
to_add.append((username, 'administrator'))
admins.append(username)
if not username in owners:
owners.append(username)
if username in managers:
managers.remove(username)
to_remove.append((username, 'manager'))
if username in submitters:
submitters.remove(username)
to_remove.append((username, 'submitter'))
elif params['role'] == 'manager':
if not username in managers:
to_add.append((username, 'manager'))
managers.append(username)
if not username in owners:
owners.append(username)
if username in admins:
if not 'administrator' in ident['permissions']:
abort(403, "Need to be admin to modify user of role admin")
if len(admins) == 1:
abort(403, "Add another administrator to silo before updating user role")
admins.remove(username)
to_remove.append((username, 'administrator'))
if username in submitters:
submitters.remove(username)
to_remove.append((username, 'submitter'))
elif params['role'] == 'submitter':
if not username in submitters:
to_add.append((username, 'submitter'))
submitters.append(username)
if not username in owners:
owners.append(username)
if username in admins:
if not 'administrator' in ident['permissions']:
abort(403, "Need to be admin to modify user of role admin")
if len(admins) == 1:
abort(403, "Add another administrator to silo before updating user role")
admins.remove(username)
to_remove.append((username, 'administrator'))
if username in managers:
if len(managers) == 1 and len(admins) == 0:
abort(403, "Add another administrator or manager to silo before updating user role")
managers.remove(username)
to_remove.append((username, 'manager'))
owners = list(set(owners))
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
# Update silo info
if to_remove or to_add:
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
ag.granary.describe_silo(silo, **kw)
ag.granary.sync()
#Add new silo users into database
if to_add:
add_group_users(silo, to_add)
response.status_int = 201
response.status = "201 Created"
response.headers['Content-Location'] = url(controller="users", action="silouserview", silo=silo, username=username)
response_message = "201 Created"
if to_remove:
delete_group_users(silo, to_remove)
response.status_int = 204
response.status = "204 Updated"
response_message = None
else:
response.status_int = 400
response.status = "400 Bad Request"
response_message = "No updates to user role"
#Conneg return
accept_list = None
if 'HTTP_ACCEPT' in request.environ:
try:
accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
except:
accept_list= [MT("text", "html")]
if not accept_list:
accept_list= [MT("text", "html")]
mimetype = accept_list.pop(0)
while(mimetype):
if str(mimetype).lower() in ["text/html", "text/xhtml"]:
redirect(url(controller="users", action="silouserview", silo=silo, username=username))
elif str(mimetype).lower() in ["text/plain", "application/json"]:
response.content_type = 'application/json; charset="UTF-8"'
return response_message
try:
mimetype = accept_list.pop(0)
except IndexError:
mimetype = None
#Whoops nothing satisfies - return text/plain
response.content_type = 'application/json; charset="UTF-8"'
return response_message
elif http_method == "DELETE":
kw = ag.granary.describe_silo(silo)
#Get existing owners, admins, managers and users
owners = []
admins = []
managers = []
submitters = []
if 'owners' in kw and kw['owners']:
owners = [x.strip() for x in kw['owners'].split(",") if x]
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
#Gather user roles to delete
to_remove = []
if username in admins:
if not 'administrator' in ident['permissions']:
abort(403, "Need to be admin to modify user of role admin")
if len(admins) == 1:
abort(403, "Add another administrator to silo before deleting user")
to_remove.append((username, 'administrator'))
admins.remove(username)
if username in managers:
if len(managers) == 1 and len(admins) == 0:
abort(403, "Add another administrator or manager to silo before deleting user")
managers.remove(username)
to_remove.append((username, 'manager'))
if username in submitters:
submitters.remove(username)
to_remove.append((username, 'submitter'))
if username in owners:
owners.remove(username)
owners = list(set(owners))
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
if to_remove:
# Update silo info
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
ag.granary.describe_silo(silo, **kw)
ag.granary.sync()
delete_group_users(silo, to_remove)
else:
abort(400, "No user to delete")
accept_list = None
response.content_type = "text/plain"
response.status_int = 200
response.status = "200 OK"
return "{'ok':'true'}"
def sync_members(g):
# NOTE: g._register_silos() IS AN EXPENSIVE OPERATION.
# THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY
#g = ag.granary
g.state.revert()
g._register_silos()
granary_list = g.silos
granary_list_database = list_silos()
usernames = list_usernames()
for silo in granary_list:
if not silo in granary_list_database:
add_silo(silo)
kw = g.describe_silo(silo)
#Get existing owners, admins, managers and submitters from silo metadata
owners = []
admins = []
managers = []
submitters = []
if 'administrators' in kw and kw['administrators']:
admins = [x.strip() for x in kw['administrators'].split(",") if x]
if 'managers' in kw and kw['managers']:
managers = [x.strip() for x in kw['managers'].split(",") if x]
if 'submitters' in kw and kw['submitters']:
submitters = [x.strip() for x in kw['submitters'].split(",") if x]
# Check users in silo metadata are valid users
owners = [x for x in owners if x in usernames]
admins = [x for x in admins if x in usernames]
managers = [x for x in managers if x in usernames]
submitters = [x for x in submitters if x in usernames]
#Synchronize members in silo metadata with users in database
d_admins = []
d_managers = []
d_sunbmitters = []
if silo in granary_list_database:
d_admins, d_managers, d_submitters = list_group_usernames(silo)
admins.extend(d_admins)
managers.extend(d_managers)
submitters.extend(d_submitters)
# Ensure users are listed just once in silo metadata and owner is superset
owners.extend(admins)
owners.extend(managers)
owners.extend(submitters)
admins = list(set(admins))
managers = list(set(managers))
submitters = list(set(submitters))
owners = list(set(owners))
# Add users in silo metadata to the database
new_silo_users = []
for a in admins:
if not a in d_admins:
new_silo_users.append((a, 'administrator'))
for a in managers:
if not a in d_managers:
new_silo_users.append((a, 'manager'))
for a in new_submitters:
if not a in d_submitters:
new_silo_users.append((a, 'submitter'))
if new_silo_users:
add_group_users(silo, new_silo_users)
#Write members into silo
kw['owners'] = ','.join(owners)
kw['administrators'] = ','.join(admins)
kw['managers'] = ','.join(managers)
kw['submitters'] = ','.join(submitters)
g.describe_silo(silo, **kw)
g.sync()
return
