def read(self, request, path, name):
# Protect the resources from not authorized downloads
if path.startswith('assets'):
err_code, err_msg = self._validate_asset_permissions(
request.user, path, name)
elif path.startswith('bills'):
err_code, err_msg = self._validate_invoice_permissions(
request.user, name)
else:
err_code, err_msg = 404, 'Resource not found'
local_path = os.path.join(path, name)
if err_code is None and not os.path.isfile(
os.path.join(settings.MEDIA_ROOT, local_path)):
err_code, err_msg = 404, 'Resource not found'
if err_code is not None:
response = build_response(request, err_code, err_msg)
elif not getattr(settings, 'USE_XSENDFILE', False):
response = serve(request,
local_path,
document_root=settings.MEDIA_ROOT)
else:
response = HttpResponse()
response['X-Sendfile'] = smart_str(local_path)
return response
def create(self, request):
# Get user info
try:
data = json.loads(request.raw_post_data)
if not 'username' in data or not 'message' in data:
raise Exception('')
except:
return build_response(request, 400, 'Invalid Json content')
try:
user = User.objects.get(username=data['username'])
except:
return build_response(request, 400, 'Invalid user')
try:
# Send email
fromaddr = settings.WSTOREMAIL
toaddrs = settings.WSTOREPROVIDERREQUEST
msg = 'Subject: Provider request: ' + user.username + '\n'
msg += user.userprofile.complete_name + '\n'
msg += data['message']
# Credentials (if needed)
username = settings.WSTOREMAILUSER
password = settings.WSTOREMAILPASS
# The mail is sent
server = smtplib.SMTP('smtp.gmail.com:587')
server.starttls()
server.login(username, password)
server.sendmail(fromaddr, toaddrs, msg)
server.quit()
except:
return build_response(request, 400, 'Problem sending the email')
user.userprofile.provider_requested = True
user.userprofile.save()
return build_response(request, 200, 'OK')
def create(self, request):
# Get user info
try:
data = json.loads(request.raw_post_data)
if not 'username' in data or not 'message' in data:
raise Exception('')
except:
return build_response(request, 400, 'Invalid Json content')
try:
user = User.objects.get(username=data['username'])
except:
return build_response(request, 400, 'Invalid user')
try:
# Send email
fromaddr = settings.WSTOREMAIL
toaddrs = settings.WSTOREPROVIDERREQUEST
msg = 'Subject: Provider request: ' + user.username + '\n'
msg += user.userprofile.complete_name + '\n'
msg += data['message']
# Credentials (if needed)
username = settings.WSTOREMAILUSER
password = settings.WSTOREMAILPASS
# The mail is sent
server = smtplib.SMTP('smtp.gmail.com:587')
server.starttls()
server.login(username, password)
server.sendmail(fromaddr, toaddrs, msg)
server.quit()
except:
return build_response(request, 400, 'Problem sending the email')
user.userprofile.provider_requested = True
user.userprofile.save()
return build_response(request, 200, 'OK')
def home_details(request, org, name, version):
context = _load_home_context(request)
context['loader'] = 'details'
try:
owner_org = Organization.objects.get(name=org)
offering = Offering.objects.get(owner_organization=owner_org, name=name, version=version)
offering_info = get_offering_info(offering, request.user)
except:
return build_response(request, 404, 'Not found')
context['info'] = mark_safe(json.dumps(offering_info))
return render(request, 'index.html', context)
def home_details(request, org, name, version):
context = _load_home_context(request)
context['loader'] = 'details'
try:
owner_org = Organization.objects.get(name=org)
offering = Offering.objects.get(owner_organization=owner_org,
name=name,
version=version)
offering_info = get_offering_info(offering, request.user)
except:
return build_response(request, 404, 'Not found')
context['info'] = mark_safe(json.dumps(offering_info))
return render(request, 'index.html', context)
def admin(request):
if request.user.is_staff:
context = {'oil': settings.OILAUTH, 'portal': settings.PORTALINSTANCE}
# Include Portals URLs if needed
if settings.PORTALINSTANCE:
context['main'] = MAIN_PORTAL_URL
context['cloud'] = CLOUD_PORTAL_URL
context['mashup'] = MASHUP_PORTAL_URL
context['account'] = ACCOUNT_PORTAL_URL
context['data'] = DATA_PORTAL_URL
return render(request, 'admin/admin.html', context)
else:
return build_response(request, 403, 'Forbidden')
def admin(request):
if request.user.is_staff:
context = {
'oil': settings.OILAUTH,
'portal': settings.PORTALINSTANCE
}
# Include Portals URLs if needed
if settings.PORTALINSTANCE:
context['main'] = MAIN_PORTAL_URL
context['cloud'] = CLOUD_PORTAL_URL
context['mashup'] = MASHUP_PORTAL_URL
context['account'] = ACCOUNT_PORTAL_URL
return render(request, 'admin/admin.html', context)
else:
return build_response(request, 403, 'Forbidden')
def organization(request):
if not settings.OILAUTH:
profile = UserProfile.objects.get(user=request.user)
context = {
'roles': profile.get_current_roles(),
'organization': profile.current_organization.name,
'oil': settings.OILAUTH,
'portal': settings.PORTALINSTANCE
}
# Include Portals URLs if needed
if settings.PORTALINSTANCE:
context['main'] = MAIN_PORTAL_URL
context['cloud'] = CLOUD_PORTAL_URL
context['mashup'] = MASHUP_PORTAL_URL
context['account'] = ACCOUNT_PORTAL_URL
context['data'] = DATA_PORTAL_URL
return render(request, 'organizations/organization_template.html', context)
else:
return build_response(request, 403, 'This view is not enabled with iDM auth')
def read(self, request, path, name):
# Protect the resources from not authorized downloads
if path.startswith('assets'):
err_code, err_msg = self._validate_asset_permissions(request.user, path, name)
elif path.startswith('bills'):
err_code, err_msg = self._validate_invoice_permissions(request.user, name)
else:
err_code, err_msg = 404, 'Resource not found'
local_path = os.path.join(path, name)
if err_code is None and not os.path.isfile(os.path.join(settings.MEDIA_ROOT, local_path)):
err_code, err_msg = 404, 'Resource not found'
if err_code is not None:
response = build_response(request, err_code, err_msg)
elif not getattr(settings, 'USE_XSENDFILE', False):
response = serve(request, local_path, document_root=settings.MEDIA_ROOT)
else:
response = HttpResponse()
response['X-Sendfile'] = smart_str(local_path)
return response
def organization(request):
if not settings.OILAUTH:
profile = UserProfile.objects.get(user=request.user)
context = {
'roles': profile.get_current_roles(),
'organization': profile.current_organization.name,
'oil': settings.OILAUTH,
'portal': settings.PORTALINSTANCE
}
# Include Portals URLs if needed
if settings.PORTALINSTANCE:
context['main'] = MAIN_PORTAL_URL
context['cloud'] = CLOUD_PORTAL_URL
context['mashup'] = MASHUP_PORTAL_URL
context['account'] = ACCOUNT_PORTAL_URL
context['data'] = DATA_PORTAL_URL
return render(request, 'organizations/organization_template.html',
context)
else:
return build_response(request, 403,
'This view is not enabled with iDM auth')
def read(self, request, path, name):
if request.method != 'GET':
return build_response(request, 415, 'Method not supported')
dir_path = os.path.join(settings.MEDIA_ROOT, path)
# Protect the resources from not authorized downloads
if dir_path.endswith('resources'):
if request.user.is_anonymous():
return build_response(request, 401, 'Unauthorized')
# Check if the request user has access to the resource
splited_name = name.split('__')
prov = Organization.objects.get(name=splited_name[0])
resource = Resource.objects.get(provider=prov,
name=splited_name[1],
version=splited_name[2])
if not resource.open:
user_profile = UserProfile.objects.get(user=request.user)
found = False
# Check if the user has purchased an offering with the resource
# only if the offering is not open
for off in user_profile.offerings_purchased:
o = Offering.objects.get(pk=off)
for res in o.resources:
if str(res) == resource.pk:
found = True
break
if found:
break
if not found:
# Check if the user organization has an offering with the resource
for off in user_profile.current_organization.offerings_purchased:
o = Offering.objects.get(pk=off)
for res in o.resources:
if str(res) == resource.pk:
found = True
break
if found:
break
if not found:
return build_response(request, 404, 'Not found')
if dir_path.endswith('bills'):
if request.user.is_anonymous():
return build_response(request, 401, 'Unauthorized')
user_profile = UserProfile.objects.get(user=request.user)
purchase = Purchase.objects.get(ref=name[:24])
if purchase.organization_owned:
user_org = user_profile.current_organization
if not purchase.owner_organization.name == user_org.name:
return build_response(request, 404, 'Not found')
else:
if not purchase.customer == request.user:
return build_response(request, 404, 'Not found')
local_path = os.path.join(dir_path, name)
if not os.path.isfile(local_path):
return build_response(request, 404, 'Not found')
if not getattr(settings, 'USE_XSENDFILE', False):
return serve(request, local_path, document_root='/')
else:
response = HttpResponse()
response['X-Sendfile'] = smart_str(local_path)
return response
def read(self, request, path, name):
if request.method != 'GET':
return build_response(request, 415, 'Method not supported')
dir_path = os.path.join(settings.MEDIA_ROOT, path)
# Protect the resources from not authorized downloads
if dir_path.endswith('resources') :
if request.user.is_anonymous():
return build_response(request, 401, 'Unauthorized')
# Check if the request user has access to the resource
splited_name = name.split('__')
prov = Organization.objects.get(name=splited_name[0])
resource = Resource.objects.get(provider=prov, name=splited_name[1], version=splited_name[2])
if not resource.open:
user_profile = UserProfile.objects.get(user=request.user)
found = False
# Check if the user has purchased an offering with the resource
# only if the offering is not open
for off in user_profile.offerings_purchased:
o = Offering.objects.get(pk=off)
for res in o.resources:
if str(res) == resource.pk:
found = True
break
if found:
break
if not found:
# Check if the user organization has an offering with the resource
for off in user_profile.current_organization.offerings_purchased:
o = Offering.objects.get(pk=off)
for res in o.resources:
if str(res) == resource.pk:
found = True
break
if found:
break
if not found:
return build_response(request, 404, 'Not found')
if dir_path.endswith('bills'):
if request.user.is_anonymous():
return build_response(request, 401, 'Unauthorized')
user_profile = UserProfile.objects.get(user=request.user)
purchase = Purchase.objects.get(ref=name[:24])
if purchase.organization_owned:
user_org = user_profile.current_organization
if not purchase.owner_organization.name == user_org.name:
return build_response(request, 404, 'Not found')
else:
if not purchase.customer == request.user:
return build_response(request, 404, 'Not found')
local_path = os.path.join(dir_path, name)
if not os.path.isfile(local_path):
return build_response(request, 404, 'Not found')
if not getattr(settings, 'USE_XSENDFILE', False):
return serve(request, local_path, document_root='/')
else:
response = HttpResponse()
response['X-Sendfile'] = smart_str(local_path)
return response
