def post(self, request):
""" Assign the record to a workspace.
Args:
request:
Returns:
"""
document_ids = request.POST.getlist('document_id[]', [])
workspace_id = request.POST.get('workspace_id', None)
if workspace_id is None or workspace_id == '':
workspace = None
else:
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except DoesNotExist:
return HttpResponseBadRequest("The selected workspace does not exist anymore.")
except Exception as exc:
return HttpResponseBadRequest("Something wrong happened.")
for data_id in document_ids:
try:
self.api.assign(self.api.get_by_id(data_id, request.user),
workspace,
request.user)
except AccessControlError as ace:
return HttpResponseBadRequest(str(ace))
except Exception as exc:
return HttpResponseBadRequest("Something wrong happened.")
return HttpResponse(json.dumps({}), content_type='application/javascript')
def _add_or_remove_to_user_or_group_right_to_workspace(request, pk, user_or_group_id, func, get_group_or_user_func):
""" Add
Args:
request:
pk:
user_or_group_id:
func:
get_group_or_user_func
Returns:
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Get user
user_or_group = get_group_or_user_func(user_or_group_id)
# Add right
func(workspace_object, user_or_group, request.user)
# Return response
return Response(status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def switch_right(request):
""" Switch user's right for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get('workspace_id', None)
object_id = request.POST.get('object_id', None)
group_or_user = request.POST.get('group_or_user', None)
action = request.POST.get('action', None)
value = request.POST.get('value', None) == 'true'
try:
workspace = workspace_api.get_by_id(str(workspace_id))
if group_or_user == USER:
_switch_user_right(object_id, action, value, workspace, request.user)
if group_or_user == GROUP:
_switch_group_right(object_id, action, value, workspace, request.user)
except AccessControlError as ace:
return HttpResponseBadRequest(str(ace))
except DoesNotExist as dne:
return HttpResponseBadRequest(str(dne))
except Exception as exc:
return HttpResponseBadRequest('Something wrong happened.')
return HttpResponse(json.dumps({}), content_type='application/javascript')
def set_workspace_public(request, pk):
""" Set the workspace public.
Args:
request:
pk:
Returns:
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Set the workspace public
workspace_api.set_workspace_public(workspace_object, request.user)
# Return response
return Response(status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def _list_of_users_or_groups_to_response(pk, func, user, serializer):
""" List of users or groups to response.
Args:
pk:
func:
user:
Returns:
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Get list User
list_user = func(workspace_object, user)
# Serialize object
serializer = serializer(list_user, many=True)
# Return response
return Response(serializer.data, status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def delete(self, request, pk):
""" Delete a workspace
Args:
request:
pk:
Returns:
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# delete object
workspace_api.delete(workspace_object, request.user)
# Return response
return Response(status=status.HTTP_204_NO_CONTENT)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def switch_right(request):
""" Switch user's right for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get('workspace_id', None)
object_id = request.POST.get('object_id', None)
group_or_user = request.POST.get('group_or_user', None)
action = request.POST.get('action', None)
value = request.POST.get('value', None) == 'true'
try:
workspace = workspace_api.get_by_id(str(workspace_id))
if group_or_user == USER:
_switch_user_right(object_id, action, value, workspace,
request.user)
if group_or_user == GROUP:
_switch_group_right(object_id, action, value, workspace,
request.user)
except AccessControlError, ace:
return HttpResponseBadRequest(ace.message)
def get(self, request, pk):
""" Get Workspace from db
Args:
request: HTTP request
pk: ObjectId
Returns:
Workspace
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Serialize object
serializer = WorkspaceSerializer(workspace_object)
# Return response
return Response(serializer.data)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def add_group_right_to_workspace(request):
""" Add rights to group for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get('workspace_id', None)
groups_ids = request.POST.getlist('groups_id[]', [])
is_read_checked = request.POST.get('read', None) == 'true'
is_write_checked = request.POST.get('write', None) == 'true'
if len(groups_ids) == 0:
return HttpResponseBadRequest("You need to select at least one group.")
if not is_read_checked and not is_write_checked:
return HttpResponseBadRequest(
"You need to select at least one permission (read and/or write).")
try:
workspace = workspace_api.get_by_id(str(workspace_id))
for group in group_api.get_all_groups_by_list_id(groups_ids):
if is_read_checked:
workspace_api.add_group_read_access_to_workspace(
workspace, group, request.user)
if is_write_checked:
workspace_api.add_group_write_access_to_workspace(
workspace, group, request.user)
except AccessControlError, ace:
return HttpResponseBadRequest(ace.message)
def load_add_group_form(request):
""" Load the form to list the groups with no access to the workspace.
Args:
request:
Returns:
"""
workspace_id = request.POST.get('workspace_id', None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except exceptions.ModelError:
return HttpResponseBadRequest('Invalid input.')
except Exception:
return HttpResponseBadRequest('An unexpected error occurred.')
try:
# We retrieve all groups with no access
groups_with_no_access = list(
workspace_api.get_list_group_with_no_access_workspace(
workspace, request.user))
if len(groups_with_no_access) > 0:
group_utils.remove_list_object_from_list(groups_with_no_access, [
group_api.get_anonymous_group(),
group_api.get_default_group()
])
if len(groups_with_no_access) == 0:
return HttpResponseBadRequest(
"There is no groups that can be added.")
form = GroupRightForm(groups_with_no_access)
except AccessControlError, ace:
return HttpResponseBadRequest(ace.message)
def load_add_user_form(request):
""" Load the form to list the users with no access to the workspace.
Args:
request:
Returns:
"""
workspace_id = request.POST.get('workspace_id', None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except exceptions.ModelError:
return HttpResponseBadRequest('Invalid input.')
except Exception:
return HttpResponseBadRequest('An unexpected error occurred.')
try:
# We retrieve all users with no access
users_with_no_access = list(
workspace_api.get_list_user_with_no_access_workspace(
workspace, request.user))
# We remove the owner of the workspace
if len(users_with_no_access) > 0:
users_with_no_access.remove(
user_api.get_user_by_id(workspace.owner))
if len(users_with_no_access) == 0:
return HttpResponseBadRequest(
"There is no users that can be added.")
form = UserRightForm(users_with_no_access)
except AccessControlError, ace:
return HttpResponseBadRequest(ace.message)
def is_workspace_public(request, pk):
""" Is the workspace public
Args:
request: HTTP request
pk: ObjectId
Returns:
- code: 200
content: Boolean
- code: 404
content: Object was not found
- code: 500
content: Internal server error
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Return response
return Response(workspace_api.is_workspace_public(workspace_object),
status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def add_group_right_to_workspace(request):
""" Add rights to group for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get('workspace_id', None)
groups_ids = request.POST.getlist('groups_id[]', [])
is_read_checked = request.POST.get('read', None) == 'true'
is_write_checked = request.POST.get('write', None) == 'true'
if len(groups_ids) == 0:
return HttpResponseBadRequest("You need to select at least one group.")
if not is_read_checked and not is_write_checked:
return HttpResponseBadRequest("You need to select at least one permission (read and/or write).")
try:
workspace = workspace_api.get_by_id(str(workspace_id))
for group in group_api.get_all_groups_by_list_id(groups_ids):
if is_read_checked:
workspace_api.add_group_read_access_to_workspace(workspace, group, request.user)
if is_write_checked:
workspace_api.add_group_write_access_to_workspace(workspace, group, request.user)
except AccessControlError as ace:
return HttpResponseBadRequest(str(ace))
except DoesNotExist as dne:
return HttpResponseBadRequest(str(dne))
except Exception as exc:
return HttpResponseBadRequest('Something wrong happened.')
return HttpResponse(json.dumps({}), content_type='application/javascript')
def remove_user_or_group_rights(request):
""" Remove user's right for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get('workspace_id', None)
object_id = request.POST.get('object_id', None)
group_or_user = request.POST.get('group_or_user', None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
if group_or_user == USER:
_remove_user_rights(object_id, workspace, request.user)
if group_or_user == GROUP:
_remove_group_rights(object_id, workspace, request.user)
except AccessControlError as ace:
return HttpResponseBadRequest(str(ace))
except ModelError:
return HttpResponseBadRequest('Invalid input.')
except DoesNotExist as dne:
return HttpResponseBadRequest(str(dne))
except Exception:
return HttpResponseBadRequest('Something wrong happened.')
return HttpResponse(json.dumps({}), content_type='application/javascript')
def get(self, request, workspace_id, *args, **kwargs):
workspace = workspace_api.get_by_id(workspace_id)
try:
workspace_data = workspace_data_api.get_all_by_workspace(
workspace, request.user)
except AccessControlError, ace:
workspace_data = []
def load_add_group_form(request):
"""Load the form to list the groups with no access to the workspace.
Args:
request:
Returns:
"""
workspace_id = request.POST.get("workspace_id", None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except exceptions.ModelError:
return HttpResponseBadRequest("Invalid input.")
except Exception:
return HttpResponseBadRequest("An unexpected error occurred.")
try:
# We retrieve all groups with no access
groups_with_no_access = list(
workspace_api.get_list_group_with_no_access_workspace(
workspace, request.user))
if len(groups_with_no_access) > 0:
group_utils.remove_list_object_from_list(
groups_with_no_access,
[
group_api.get_anonymous_group(),
group_api.get_default_group()
],
)
if len(groups_with_no_access) == 0:
return HttpResponseBadRequest(
"There is no groups that can be added.")
form = GroupRightForm(groups_with_no_access)
except AccessControlError as ace:
return HttpResponseBadRequest(escape(str(ace)))
except DoesNotExist as dne:
return HttpResponseBadRequest(escape(str(dne)))
except:
return HttpResponseBadRequest("Something wrong happened.")
context = {"add_group_form": form}
return HttpResponse(
json.dumps({
"form":
loader.render_to_string(
"core_main_app/user/workspaces/list/modals/add_group_form.html",
context,
)
}),
"application/javascript",
)
def get_workspace(self, workspace_id):
""" Get workspace from database
Args:
workspace_id:
Returns:
"""
try:
return workspace_api.get_by_id(workspace_id)
except exceptions.DoesNotExist:
raise Http404
def load_add_group_form(request):
""" Load the form to list the groups with no access to the workspace.
Args:
request:
Returns:
"""
workspace_id = request.POST.get('workspace_id', None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except Exception, exc:
return HttpResponseBadRequest(exc.message)
def load_add_user_form(request):
"""Load the form to list the users with no access to the workspace.
Args:
request:
Returns:
"""
workspace_id = request.POST.get("workspace_id", None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except exceptions.ModelError:
return HttpResponseBadRequest("Invalid input.")
except Exception:
return HttpResponseBadRequest("An unexpected error occurred.")
try:
# We retrieve all users with no access
users_with_no_access = list(
workspace_api.get_list_user_with_no_access_workspace(
workspace, request.user))
# We remove the owner of the workspace
if len(users_with_no_access) > 0:
users_with_no_access.remove(
user_api.get_user_by_id(workspace.owner))
if len(users_with_no_access) == 0:
return HttpResponseBadRequest(
"There is no users that can be added.")
form = UserRightForm(users_with_no_access)
except AccessControlError as ace:
return HttpResponseBadRequest(escape(str(ace)))
except DoesNotExist as dne:
return HttpResponseBadRequest(escape(str(dne)))
except:
return HttpResponseBadRequest("Something wrong happened.")
context = {"add_user_form": form}
return HttpResponse(
json.dumps({
"form":
loader.render_to_string(
"core_main_app/user/workspaces/list/modals/add_user_form.html",
context,
)
}),
"application/javascript",
)
def get_workspace(self, workspace_id):
""" Retrieve a Workspace
Args:
workspace_id: ObjectId
Returns:
- code: 404
content: Object was not found
"""
try:
return workspace_api.get_by_id(workspace_id)
except exceptions.DoesNotExist:
raise Http404
def _add_or_remove_to_user_or_group_right_to_workspace(request, pk,
user_or_group_id, func,
get_group_or_user_func):
""" Add or remove a right to a user or a group
Args:
request: HTTP request
pk: ObjectId
user_or_group_id: ObjectId
func: function
get_group_or_user_func: function
Returns:
- code: 200
content: None
- code: 403
content: Authentication error
- code: 404
content: Object was not found
- code: 500
content: Internal server error
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Get user
user_or_group = get_group_or_user_func(user_or_group_id)
# Add right
func(workspace_object, user_or_group, request.user)
# Return response
return Response(status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def get(self, request, pk):
""" Get all user Data
Url Parameters:
template: template_id
title: document_title
Examples:
../data/
../data?template=[template_id]
../data?title=[document_title]
../data?template=[template_id]&title=[document_title]
Args:
request: HTTP request
pk: WorkspaceId
Returns:
- code: 200
content: List of data
- code: 500
content: Internal server error
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
#data_object_list = data_api.get_all_by_user(request.user)
data_object_list = data_api.get_all_by_workspace(
workspace_object, request.user)
#data_object_list = data_object_list.filter(workspace=pk)
# Serialize object
data_serializer = DataSerializer(data_object_list, many=True)
# Return response
return Response(data_serializer.data, status=status.HTTP_200_OK)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def _list_of_users_or_groups_to_response(pk, func, user, serializer):
"""List of users or groups to response
Args:
pk: ObjectId
func: function
user: user
Returns:
- code: 200
content: list of group or user
- code: 403
content: Authentication error
- code: 404
content: Object was not found
- code: 500
content: Internal server error
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Get list User
list_user = func(workspace_object, user)
# Serialize object
serializer = serializer(list_user, many=True)
# Return response
return Response(serializer.data, status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {"message": "Workspace not found."}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {"message": str(ace)}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {"message": str(api_exception)}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def assign_workspace(request):
""" Assign the record to a workspace.
Args:
request:
Returns:
"""
document_ids = request.POST.getlist('document_id[]', [])
workspace_id = request.POST.get('workspace_id', None)
if workspace_id is None or workspace_id == '':
workspace = None
else:
try:
workspace = workspace_api.get_by_id(str(workspace_id))
except DoesNotExist:
return HttpResponseBadRequest(
"The selected workspace does not exist anymore.")
except Exception, exc:
return HttpResponseBadRequest("Something wrong happened.")
def is_workspace_public(request, pk):
""" Is the workspace public.
Args:
request:
pk:
Returns:
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Return response
return Response(workspace_api.is_workspace_public(workspace_object), status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def delete(self, request, pk):
""" Delete a Workspace
Args:
request: HTTP request
pk: ObjectId
Returns:
- code: 204
content: Deletion succeed
- code: 403
content: Authentication error
- code: 404
content: Object was not found
- code: 500
content: Internal server error
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# delete object
workspace_api.delete(workspace_object, request.user)
# Return response
return Response(status=status.HTTP_204_NO_CONTENT)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def remove_user_or_group_rights(request):
""" Remove user's right for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get('workspace_id', None)
object_id = request.POST.get('object_id', None)
group_or_user = request.POST.get('group_or_user', None)
try:
workspace = workspace_api.get_by_id(str(workspace_id))
if group_or_user == USER:
_remove_user_rights(object_id, workspace, request.user)
if group_or_user == GROUP:
_remove_group_rights(object_id, workspace, request.user)
except AccessControlError, ace:
return HttpResponseBadRequest(ace.message)
def set_workspace_public(request, pk):
""" Set the workspace public
Args:
request: HTTP request
pk: ObjectId
Returns:
- code: 200
content: None
- code: 403
content: Authentication error
- code: 404
content: Object was not found
- code: 500
content: Internal server error
"""
try:
# Get object
workspace_object = workspace_api.get_by_id(pk)
# Set the workspace public
workspace_api.set_workspace_public(workspace_object, request.user)
# Return response
return Response(status=status.HTTP_200_OK)
except exceptions.DoesNotExist:
content = {'message': 'Workspace not found.'}
return Response(content, status=status.HTTP_404_NOT_FOUND)
except AccessControlError as ace:
content = {'message': ace.message}
return Response(content, status=status.HTTP_403_FORBIDDEN)
except Exception as api_exception:
content = {'message': api_exception.message}
return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def add_user_right_to_workspace(request):
"""Add rights to user for the workspace.
Args:
request
Returns
"""
workspace_id = request.POST.get("workspace_id", None)
users_ids = request.POST.getlist("users_id[]", [])
is_read_checked = request.POST.get("read", None) == "true"
is_write_checked = request.POST.get("write", None) == "true"
if len(users_ids) == 0:
return HttpResponseBadRequest("You need to select at least one user.")
if not is_read_checked and not is_write_checked:
return HttpResponseBadRequest(
"You need to select at least one permission (read and/or write).")
try:
workspace = workspace_api.get_by_id(str(workspace_id))
for user in user_api.get_all_users_by_list_id(users_ids):
if is_read_checked:
workspace_api.add_user_read_access_to_workspace(
workspace, user, request.user)
if is_write_checked:
workspace_api.add_user_write_access_to_workspace(
workspace, user, request.user)
except AccessControlError as ace:
return HttpResponseBadRequest(escape(str(ace)))
except DoesNotExist as dne:
return HttpResponseBadRequest(escape(str(dne)))
except Exception as exc:
return HttpResponseBadRequest("Something wrong happened.")
return HttpResponse(json.dumps({}), content_type="application/javascript")
def _get_workspaces(workspace_ids, request_user_is_superuser, request_user_id):
""" Get all the workspaces from the list of ids.
Args:
workspace_ids:
request_user_is_superuser:
request_user_id:
Returns:
list form
"""
list_workspaces = []
try:
for workspace_id in workspace_ids:
# Get the workspace
workspace = workspace_api.get_by_id(workspace_id)
list_workspaces.append(workspace)
except DoesNotExist:
raise Exception(
'It seems a workspace is missing. Please refresh the page.')
except Exception, e:
raise Exception(e.message)
