def test_perms_single(self):
perm = 'contenttypes.change_contenttype'
assign_perm(perm, self.group1, self.obj1)
self.assertEqual(
set(get_objects_for_group(self.group1, perm)),
set(get_objects_for_group(self.group1, [perm]))
)
def home(request):
if request.user.is_superuser:
users = User.objects.all()
else:
users = []
if not request.user.is_authenticated():
group = ExtendedGroup.objects.public_group()
projects = get_objects_for_group( group, "core.read_project" ).filter( is_catch_all=False )
workflow_engines = get_objects_for_group( group, "core.read_workflowengine" )
data_sets = get_objects_for_group( group, "core.read_dataset" )
workflows = get_objects_for_group( group, "core.read_workflow" ).filter( is_active=True )
unassigned_analyses = []
else:
projects = get_objects_for_user( request.user, "core.read_project" ).filter( is_catch_all=False )
try:
unassigned_analyses = request.user.get_profile().catch_all_project.analyses.all().order_by( "-time_start" )
except:
unassigned_analyses = []
logger.warning( "User " + request.user + " does not have a \"catch all\" project." )
workflow_engines = get_objects_for_user( request.user, "core.read_workflowengine" )
workflows = get_objects_for_user( request.user, "core.read_workflow" ).filter( is_active=True )
data_sets = get_objects_for_user( request.user, "core.read_dataset" )
return render_to_response('core/home.html', {'users': users, 'projects': projects, 'unassigned_analyses': unassigned_analyses, 'workflow_engines': workflow_engines, 'workflows': workflows, 'data_sets': data_sets }, context_instance=RequestContext( request ) )
def test_results_for_different_groups_are_correct(self):
assign_perm("change_contenttype", self.group1, self.obj1)
assign_perm("delete_contenttype", self.group2, self.obj2)
self.assertEqual(set(get_objects_for_group(self.group1, "contenttypes.change_contenttype")), set([self.obj1]))
self.assertEqual(set(get_objects_for_group(self.group2, "contenttypes.change_contenttype")), set())
self.assertEqual(set(get_objects_for_group(self.group2, "contenttypes.delete_contenttype")), set([self.obj2]))
def for_group(self, user, group, level=None):
user_groups = [group.name for group in user.groups.all()]
if group in user_groups:
group, created = Group.objects.get_or_create(name=group)
if level is not None:
return get_objects_for_group(group, Request.get_permissions_path(level)).filter(~Q(status='X'))
return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X'))
return []
def test_has_global_permission_and_object_based_permission_any_perm(self):
assign_perm('contenttypes.change_contenttype', self.group1)
assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1)
objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype'], any_perm=True)
self.assertEquals(set(objects),
set(ContentType.objects.all()))
def test_has_global_permission(self):
assign_perm('contenttypes.change_contenttype', self.group1)
objects = get_objects_for_group(
self.group1, ['contenttypes.change_contenttype'])
self.assertEquals(set(objects),
set(ContentType.objects.all()))
def apply_filters(self, request, applicable_filters):
filters = applicable_filters
if 'groups__name' in filters:
groups_name = filters.pop('groups__name')
else:
groups_name = None
if 'groups__id' in filters:
groups_id = filters.pop('groups__id')
else:
groups_id = None
filtered = super(RequestResource, self).apply_filters(request, applicable_filters)
group = None
if groups_id:
try:
group = Group.objects.get(id = groups_id)
except:
pass
if groups_name:
try:
group = Group.objects.get(name = groups_name)
except:
pass
if group and request.user.has_perm(UserProfile.get_permission_name('view'), group):
return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X'))
return filtered
def test_simple_after_removal(self):
self.test_simple()
remove_perm('change_contenttype', self.group1, self.obj1)
objects = get_objects_for_group(
self.group1, 'contenttypes.change_contenttype')
self.assertEqual(len(objects), 1)
self.assertEqual(objects[0], self.obj2)
def assign_groups_perms(gid, group_perms):
"""
更新权限组的权限方法
:param gid: 权限组id
:param group_perms:所有的权限字典信息
:return:
"""
if gid == 0 or not group_perms:
update_status = False
else:
try:
group_obj = Group.objects.get(id=gid)
for perms_name, perms_id in group_perms.items():
# 获取当前组在表中的已有权限并全部移除
old_perms = get_objects_for_group(group_obj, perms_name)
remove_perm(perms_name, group_obj, old_perms)
# 添加新的权限
model_obj = get_group_perms_model(perms_name)
# print(perms_name, model_obj)
new_perms = model_obj.objects.filter(id__in=perms_id)
assign_perm(perms_name, group_obj, new_perms)
update_status = True
except Exception as e:
logger.error(e)
update_status = False
return update_status
def by_groups(self, groups):
hosts = []
for group in groups:
hosts.append(
obj.pk for obj in get_objects_for_group(group, "hosts.is_owner_host")
)
return self.filter(pk__in=hosts)
def get_queryset(self, **kwargs):
try:
pk = self.kwargs['pk']
user = self.request.user
group = user.groups.get(pk=pk)
return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X'))
except Exception as e:
return Request.objects.none()
def test_simple(self):
assign_perm("change_contenttype", self.group1, self.obj1)
assign_perm("change_contenttype", self.group1, self.obj2)
objects = get_objects_for_group(self.group1, "contenttypes.change_contenttype")
self.assertEqual(len(objects), 2)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(set(objects), set([self.obj1, self.obj2]))
def test_has_global_permission_and_object_based_permission(self):
assign_perm("contenttypes.change_contenttype", self.group1)
assign_perm("contenttypes.delete_contenttype", self.group1, self.obj1)
objects = get_objects_for_group(
self.group1, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"], any_perm=False
)
self.assertEquals(set(objects), set([self.obj1]))
def test_simple(self):
assign("change_contenttype", self.group1, self.obj1)
assign("change_contenttype", self.group1, self.obj2)
objects = get_objects_for_group(self.group1, "contenttypes.change_contenttype")
self.assertEqual(len(objects), 2)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(set(objects.values_list("name", flat=True)), set([self.obj1.name, self.obj2.name]))
def test_get_objects_for_group(self):
foo = Project.objects.create(name='foo')
bar = Project.objects.create(name='bar')
assign('add_project', self.group, foo)
assign('add_project', self.group, bar)
assign('change_project', self.group, bar)
result = get_objects_for_group(self.group, 'testapp.add_project')
self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk, bar.pk]))
def test_get_objects_for_group(self):
foo = Project.objects.create(name="foo")
bar = Project.objects.create(name="bar")
assign_perm("add_project", self.group, foo)
assign_perm("add_project", self.group, bar)
assign_perm("change_project", self.group, bar)
result = get_objects_for_group(self.group, "testapp.add_project")
self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk, bar.pk]))
def test_has_global_permission_and_object_based_permission_3perms(self):
assign_perm('contenttypes.change_contenttype', self.group1)
assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1)
assign_perm('contenttypes.add_contenttype', self.group1, self.obj2)
objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype', 'contenttypes.delete_contenttype', 'contenttypes.add_contenttype'], any_perm=False)
self.assertEqual(set(objects),
set())
def test_has_global_permission_and_object_based_permission(self):
assign_perm('contenttypes.change_contenttype', self.group1)
assign_perm('contenttypes.delete_contenttype', self.group1, self.obj1)
objects = get_objects_for_group(self.group1, [
'contenttypes.change_contenttype',
'contenttypes.delete_contenttype'
],
any_perm=False)
self.assertEquals(set(objects), set([self.obj1]))
def test_results_for_different_groups_are_correct(self):
assign_perm('change_contenttype', self.group1, self.obj1)
assign_perm('delete_contenttype', self.group2, self.obj2)
self.assertEqual(
set(
get_objects_for_group(self.group1,
'contenttypes.change_contenttype')),
set([self.obj1]))
self.assertEqual(
set(
get_objects_for_group(self.group2,
'contenttypes.change_contenttype')),
set())
self.assertEqual(
set(
get_objects_for_group(self.group2,
'contenttypes.delete_contenttype')),
set([self.obj2]))
def test_get_objects_for_group(self):
foo = Project.objects.create(name='foo')
bar = Project.objects.create(name='bar')
assign_perm('add_project', self.group, foo)
assign_perm('add_project', self.group, bar)
assign_perm('change_project', self.group, bar)
result = get_objects_for_group(self.group, 'testapp.add_project')
self.assertEqual(sorted(p.pk for p in result), sorted([foo.pk,
bar.pk]))
def get_queryset(self, **kwargs):
try:
pk = self.kwargs['pk']
user = self.request.user
group = user.groups.get(pk=pk)
return get_objects_for_group(
group,
Request.get_permissions_path('view')).filter(~Q(status='X'))
except:
return Request.objects.none()
def test_multiple_perms_to_check(self):
assign('change_contenttype', self.group1, self.obj1)
assign('delete_contenttype', self.group1, self.obj1)
assign('change_contenttype', self.group1, self.obj2)
objects = get_objects_for_group(self.group1, ['contenttypes.change_contenttype',
'contenttypes.delete_contenttype'])
self.assertEqual(len(objects), 1)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(objects[0], self.obj1)
def test_simple(self):
assign_perm('change_contenttype', self.group1, self.obj1)
assign_perm('change_contenttype', self.group1, self.obj2)
objects = get_objects_for_group(self.group1, 'contenttypes.change_contenttype')
self.assertEqual(len(objects), 2)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(
set(objects),
set([self.obj1, self.obj2]))
def index(request):
# categories = Category.objects.prefetch_related('forum_set').all().order_by('position')
if request.user.is_authenticated():
categories = get_objects_for_user(request.user, ['djero.view_category'], use_groups=True)
else:
categories = get_objects_for_group(everybody_group, ['djero.view_category'])
categories.prefetch_related('forum_set').order_by('position')
return render(request, "forum/index.html", {
"categories" : categories,
})
def home(request):
if request.user.is_superuser:
users = User.objects.all()
else:
users = []
if not request.user.is_authenticated():
group = ExtendedGroup.objects.public_group()
projects = get_objects_for_group(
group, "core.read_project").filter(is_catch_all=False)
workflow_engines = get_objects_for_group(group,
"core.read_workflowengine")
data_sets = get_objects_for_group(group, "core.read_dataset")
workflows = get_objects_for_group(
group, "core.read_workflow").filter(is_active=True)
unassigned_analyses = []
else:
projects = get_objects_for_user(
request.user, "core.read_project").filter(is_catch_all=False)
try:
unassigned_analyses = request.user.get_profile(
).catch_all_project.analyses.all().order_by("-time_start")
except:
unassigned_analyses = []
logger.warning("User " + request.user +
" does not have a \"catch all\" project.")
workflow_engines = get_objects_for_user(request.user,
"core.read_workflowengine")
workflows = get_objects_for_user(
request.user, "core.read_workflow").filter(is_active=True)
data_sets = get_objects_for_user(request.user, "core.read_dataset")
return render_to_response('core/home.html', {
'users': users,
'projects': projects,
'unassigned_analyses': unassigned_analyses,
'workflow_engines': workflow_engines,
'workflows': workflows,
'data_sets': data_sets
},
context_instance=RequestContext(request))
def test_has_any_group_permissions(self):
# We use groups as objects.
group_names = ["group1", "group2", "group3"]
groups = [Group.objects.create(name=name) for name in group_names]
for group in groups:
assign_perm("change_group", self.group, group)
objects = get_objects_for_group(self.group, [], Group)
self.assertEqual(len(objects), len(groups))
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(set(objects), set(groups))
def test_any_of_multiple_perms_to_check(self):
assign_perm("change_contenttype", self.group1, self.obj1)
assign_perm("delete_contenttype", self.group1, self.obj1)
assign_perm("add_contenttype", self.group1, self.obj2)
assign_perm("delete_contenttype", self.group1, self.obj3)
objects = get_objects_for_group(
self.group1, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"], any_perm=True
)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual([obj for obj in objects.order_by("name")], [self.obj1, self.obj3])
def test_has_any_group_permissions(self):
# We use groups as objects.
group_names = ['group1', 'group2', 'group3']
groups = [Group.objects.create(name=name) for name in group_names]
for group in groups:
assign_perm('change_group', self.group, group)
objects = get_objects_for_group(self.group, [], Group)
self.assertEqual(len(objects), len(groups))
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(set(objects), set(groups))
def test_multiple_perms_to_check(self):
assign_perm('change_contenttype', self.group1, self.obj1)
assign_perm('delete_contenttype', self.group1, self.obj1)
assign_perm('change_contenttype', self.group1, self.obj2)
objects = get_objects_for_group(self.group1, [
'contenttypes.change_contenttype',
'contenttypes.delete_contenttype'])
self.assertEqual(len(objects), 1)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual(objects[0], self.obj1)
def filter_by_group(self, queryset, name, value):
try:
if self.request.user.is_superuser:
group = Group.objects.get(name=value)
else:
group = self.request.user.groups.get(name=value)
except Group.DoesNotExist:
return queryset
return get_objects_for_group(
group, ["view_secret", "change_secret"], queryset, any_perm=True
)
def test_any_of_multiple_perms_to_check(self):
assign_perm('change_contenttype', self.group1, self.obj1)
assign_perm('delete_contenttype', self.group1, self.obj1)
assign_perm('add_contenttype', self.group1, self.obj2)
assign_perm('delete_contenttype', self.group1, self.obj3)
objects = get_objects_for_group(self.group1,
['contenttypes.change_contenttype',
'contenttypes.delete_contenttype'], any_perm=True)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual([obj for obj in objects.order_by('app_label')],
[self.obj1, self.obj3])
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
# get the model manager method depending on the cluster filter
# and call it to get the base queryset
clusters = get_objects_for_user(
self.request.user,
"clusters.view_cluster",
getattr(Cluster.objects,
self.clusters_shown)().order_by("-created_at"),
use_groups=False,
with_superuser=False,
)
sparkjob_qs = SparkJob.objects.all().order_by("-start_date")
if self.jobs_shown == self.mine_job_filter:
spark_jobs = get_objects_for_user(
self.request.user,
"jobs.view_sparkjob",
sparkjob_qs,
use_groups=False,
with_superuser=False,
)
elif self.jobs_shown == self.all_job_filter:
spark_jobs = get_objects_for_group(
self.jobs_maintainer_group,
"jobs.view_sparkjob",
sparkjob_qs,
any_perm=False,
accept_global_perms=False,
)
else:
spark_jobs = sparkjob_qs.none()
context.update({"clusters": clusters, "spark_jobs": spark_jobs})
# a list of modification datetimes of the clusters and Spark jobs to use
# for getting the last changes on the dashboard
cluster_mod_datetimes = list(
clusters.values_list("modified_at", flat=True))
spark_job_mod_datetimes = [
spark_job.latest_run.modified_at for spark_job in
spark_jobs.with_runs().order_by("-runs__modified_at")
]
modified_datetimes = sorted(cluster_mod_datetimes +
spark_job_mod_datetimes,
reverse=True)
if modified_datetimes:
context["modified_date"] = modified_datetimes[0]
return context
def test_any_of_multiple_perms_to_check(self):
assign_perm('change_contenttype', self.group1, self.obj1)
assign_perm('delete_contenttype', self.group1, self.obj1)
assign_perm('add_contenttype', self.group1, self.obj2)
assign_perm('delete_contenttype', self.group1, self.obj3)
objects = get_objects_for_group(self.group1,
['contenttypes.change_contenttype',
'contenttypes.delete_contenttype'], any_perm=True)
self.assertTrue(isinstance(objects, QuerySet))
self.assertEqual([obj for obj in objects.order_by('app_label')],
[self.obj1, self.obj3])
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
# get the model manager method depending on the cluster filter
# and call it to get the base queryset
clusters = get_objects_for_user(
self.request.user,
'clusters.view_cluster',
getattr(Cluster.objects, self.clusters_shown)().order_by('-created_at'),
use_groups=False,
with_superuser=False,
)
sparkjob_qs = SparkJob.objects.all().order_by('-start_date')
if self.jobs_shown == self.mine_job_filter:
spark_jobs = get_objects_for_user(
self.request.user,
'jobs.view_sparkjob',
sparkjob_qs,
use_groups=False,
with_superuser=False,
)
elif self.jobs_shown == self.all_job_filter:
spark_jobs = get_objects_for_group(
self.jobs_maintainer_group,
'jobs.view_sparkjob',
sparkjob_qs,
any_perm=False,
accept_global_perms=False,
)
else:
spark_jobs = sparkjob_qs.none()
context.update({
'clusters': clusters,
'spark_jobs': spark_jobs,
})
# a list of modification datetimes of the clusters and Spark jobs to use
# for getting the last changes on the dashboard
cluster_mod_datetimes = list(clusters.values_list('modified_at', flat=True))
spark_job_mod_datetimes = [
spark_job.latest_run.modified_at
for spark_job in spark_jobs.with_runs().order_by('-runs__modified_at')
]
modified_datetimes = sorted(cluster_mod_datetimes + spark_job_mod_datetimes, reverse=True)
if modified_datetimes:
context['modified_date'] = modified_datetimes[0]
return context
def assign_workstation_permissions(self):
perm = f"view_{Workstation._meta.model_name}"
group = self.readers_group
workstations = get_objects_for_group(group=group,
perms=perm,
klass=Workstation)
if (self.workstation not in workstations) or workstations.count() > 1:
remove_perm(perm=perm, user_or_group=group, obj=workstations)
# Allow readers to view the workstation used for this reader study
assign_perm(perm=perm, user_or_group=group, obj=self.workstation)
def transfer_project_info(source_project, destination_project):
"""Transfers the given project"""
# destination_project.name - keep project name as is
# destination_project.deprecated_project_id - keep as is
destination_project.description = choose_one(
destination_project, "description", source_project.description,
destination_project.description)
# update permissions - transfer source project users
for user in source_project.can_edit_group.user_set.all():
destination_project.can_edit_group.user_set.add(user)
for user in source_project.can_view_group.user_set.all():
destination_project.can_view_group.user_set.add(user)
# update permissions - transfer source project gene lists
for locus_list in get_objects_for_group(source_project.can_view_group,
CAN_VIEW, LocusList):
assign_perm(user_or_group=destination_project.can_view_group,
perm=CAN_VIEW,
obj=locus_list)
# update permissions - transfer SampleBatches
for sample_batch in SampleBatch.objects.filter(
sample__individual__family__project=source_project):
assign_perm(user_or_group=destination_project.can_edit_group,
perm=CAN_EDIT,
obj=sample_batch)
assign_perm(user_or_group=destination_project.can_view_group,
perm=CAN_VIEW,
obj=sample_batch)
# transfer custom reference populations
for p in source_project.custom_reference_populations.all():
destination_project.custom_reference_populations.add(p)
# phenotips and MME
destination_project.is_phenotips_enabled = True
# TODO check for each individual whether the source project has phenotips data
destination_project.phenotips_user_id = source_project.phenotips_user_id
destination_project.is_mme_enabled = source_project.is_mme_enabled or destination_project.is_mme_enabled
destination_project.mme_primary_data_owner = choose_one(
destination_project, "mme_primary_data_owner",
source_project.mme_primary_data_owner,
destination_project.mme_primary_data_owner)
destination_project.save()
def filter_queryset(self, request, queryset, view):
groupname = request.GET.get("group", "")
if groupname:
group = Group.objects.filter(name=groupname).first()
if group:
group_hosts = get_objects_for_group(group,
["hosts.is_owner_host"],
klass=Host)
return queryset.filter(
pk__in=[host.pk for host in group_hosts])
else:
return queryset.none()
else:
return queryset
def _get_json_for_locus_lists(project):
result = []
for locus_list in get_objects_for_group(project.can_view_group, CAN_VIEW, LocusList):
result.append({
'locusListGuid': locus_list.guid,
'createdDate': locus_list.created_date,
'name': locus_list.name,
'deprecatedGeneListId': _slugify(locus_list.name),
'description': locus_list.description,
'numEntries': LocusListEntry.objects.filter(parent=locus_list).count(),
})
return sorted(result, key=lambda locus_list: locus_list['createdDate'])
def resources(self, resource_type=None):
"""
Returns a generator of objects that this group has permissions on.
:param resource_type: Filter's the queryset to objects with the same type.
"""
queryset = get_objects_for_group(self.group, ['base.view_resourcebase', 'base.change_resourcebase'], any_perm=True)
if resource_type:
queryset = [item for item in queryset if hasattr(item,resource_type)]
for resource in queryset:
yield resource
def data_sets(request):
if not request.user.is_authenticated():
group = ExtendedGroup.objects.public_group()
dataset_list = get_objects_for_group( group, "core.read_dataset" )
else:
dataset_list = get_objects_for_user(request.user, 'core.read_dataset')
investigation_titles = list()
studies = list()
assays = list()
for dataset in dataset_list:
try:
investigation = dataset.get_investigation()
investigation_titles.append(investigation.get_title())
study_count = investigation.get_study_count()
if study_count > 1:
studies.append("%d studies" % study_count)
else:
studies.append("1 study")
assay_count = investigation.get_assay_count()
if assay_count > 1:
assays.append("%d assays" % assay_count)
else:
assays.append("1 assay")
except:
investigation_titles.append("--")
studies.append("0 studies")
assays.append("0 assays")
datasets_info = zip(dataset_list, investigation_titles, studies, assays)
#pagination
paginator = Paginator(datasets_info, 15)
page = request.GET.get('page')
try:
datasets = paginator.page(page)
except PageNotAnInteger:
datasets = paginator.page(1)
except EmptyPage:
datasets = paginator.page(paginator.num_pages)
except TypeError:
datasets = paginator.page(1)
return render_to_response("core/data_sets.html",
{'datasets': datasets},
context_instance=RequestContext(request))
def get_user_or_group_view_environments(user_or_group: Union[User, Group]):
environments = Environment.objects.active()
perms = ('view_environment', )
if isinstance(user_or_group, Group):
return get_objects_for_group(group=user_or_group,
perms=perms,
any_perm=True,
klass=environments)
return get_objects_for_user(user=user_or_group,
perms=perms,
any_perm=True,
klass=environments)
def assign_workstation_permissions(self):
"""Allow the editors and users group to view the workstation."""
perm = f"view_{Workstation._meta.model_name}"
for group in [self.users_group, self.editors_group]:
workstations = get_objects_for_group(group=group,
perms=perm,
klass=Workstation)
if (self.workstation
not in workstations) or workstations.count() > 1:
remove_perm(perm=perm, user_or_group=group, obj=workstations)
assign_perm(perm=perm,
user_or_group=group,
obj=self.workstation)
def assign_workstation_permissions(self):
"""Allow the editors and users group to view the workstation."""
perm = "workstations.view_workstation"
for group in [self.users_group, self.editors_group]:
workstations = get_objects_for_group(group=group,
perms=perm,
accept_global_perms=False)
if (self.workstation
not in workstations) or workstations.count() > 1:
remove_perm(perm=perm, user_or_group=group, obj=workstations)
assign_perm(perm=perm,
user_or_group=group,
obj=self.workstation)
def filter_queryset(self, request, queryset, view):
groupname = request.GET.get('group', '')
if groupname:
group = Group.objects.filter(name=groupname).first()
if group:
group_hosts = get_objects_for_group(
group,
['hosts.is_owner_host'],
klass=Host,
)
return queryset.filter(pk__in=[host.pk for host in group_hosts])
else:
return queryset.none()
else:
return queryset
def data_sets(request):
if not request.user.is_authenticated():
group = ExtendedGroup.objects.public_group()
dataset_list = get_objects_for_group(group, "core.read_dataset")
else:
dataset_list = get_objects_for_user(request.user, 'core.read_dataset')
investigation_titles = list()
studies = list()
assays = list()
for dataset in dataset_list:
try:
investigation = dataset.get_investigation()
investigation_titles.append(investigation.get_title())
study_count = investigation.get_study_count()
if study_count > 1:
studies.append("%d studies" % study_count)
else:
studies.append("1 study")
assay_count = investigation.get_assay_count()
if assay_count > 1:
assays.append("%d assays" % assay_count)
else:
assays.append("1 assay")
except:
investigation_titles.append("--")
studies.append("0 studies")
assays.append("0 assays")
datasets_info = zip(dataset_list, investigation_titles, studies, assays)
#pagination
paginator = Paginator(datasets_info, 15)
page = request.GET.get('page')
try:
datasets = paginator.page(page)
except PageNotAnInteger:
datasets = paginator.page(1)
except EmptyPage:
datasets = paginator.page(paginator.num_pages)
except TypeError:
datasets = paginator.page(1)
return render_to_response("core/data_sets.html", {'datasets': datasets},
context_instance=RequestContext(request))
def user_dashboard(request, username):
'''
Dashboard seen when a user signs in or views another user's profile.
The dashboard contains links to a users the private/public data repos.
Private repos are only shown if the user has permission to view them.
'''
# Are we looking at our own profile or someone elses?
is_other_user = request.user.username != username
user = get_object_or_404(User, username=username)
# Find all the organization this user belongs to
organizations = OrganizationUser.objects.filter(user=user)
# Grab a list of forms uploaded by the user
if is_other_user:
user_repos = Repository.objects.list_by_user(
user=user, organizations=organizations, public=True)
user_studies = []
else:
user_repos = Repository.objects.list_by_user(
user=user, organizations=organizations)
user_studies = Study.objects.filter(user=user)
# Get repos shared with orgs user is a member of
orgs = OrganizationUser.objects.filter(user=user)
orgs = map(lambda ou: ou.organization, orgs)
for org in orgs:
user_repos = user_repos | get_objects_for_group(
org, 'view_repository', Repository)
serializer = RepoSerializer()
repo_json = json.dumps(serializer.serialize(user_repos))
serializer = StudySerializer()
study_json = json.dumps(serializer.serialize(user_studies))
return render_to_response('dashboard.html', {
'user_studies': study_json,
'user_repos': repo_json,
'is_other_user': is_other_user,
'account': user,
'organizations': organizations
},
context_instance=RequestContext(request))
def assign_workstation_permissions(self):
perm = "workstations.view_workstation"
for group in (self.editors_group, self.readers_group):
workstations = get_objects_for_group(
group=group, perms=perm, accept_global_perms=False
)
if (
self.workstation not in workstations
) or workstations.count() > 1:
remove_perm(perm=perm, user_or_group=group, obj=workstations)
# Allow readers to view the workstation used for this study
assign_perm(
perm=perm, user_or_group=group, obj=self.workstation
)
def essays(request, group_id):
# Check which essays to show only here.
# Do we need the group?
# Do we need the user?
# Does anything have to be passed to essays()
latest_essay_list = []
if request.user.is_authenticated():
current_user = request.user
grp = Group.objects.get(id=group_id)
e_group_users = grp.user_set.all()
group_name = grp.name
latest_essay_list = get_objects_for_group(grp, 'tapp.view_essay')
context = {'latest_essay_list': latest_essay_list,
'group_id': group_id,
'group_name': group_name,
'e_group_users': e_group_users}
return render(request, 'tapp/essays.html', context)
def list(request, groupid):
groupid = int(groupid)
try:
group = Group.objects.get(id=groupid)
except ObjectDoesNotExist:
raise SuspiciousOperation
result = {}
# we show all documents for which the requested group has edit permissions
# e.g. if you request FSR minutes, all minutes for which the FSR group has edit rights will be shown
minutes = get_objects_for_group(group, "minutes.change_minutesdocument", MinutesDocument).order_by('-date')
for m in minutes:
if not request.user.has_perm(MinutesDocument.get_view_permission(), m):
continue
if m.date.year not in result:
result[m.date.year] = []
result[m.date.year].append(m)
return render(request, "minutes_list.html", {
'minutes': result,
})
def visible_to_group(self, group):
"""
Return annotations the specified group is allowed to view.
Objects are found based on view_annotation permission and
per-object permissions.
.. Note::
Due to the use of :meth:`guardian.shortcuts.get_objects_for_user`,
it is recommended to use this method first; it does combine
the existing queryset query, but it does not chain as querysets
normally do.
"""
qs = get_objects_for_group(group, 'view_annotation',
Annotation)
# combine current queryset query, if any, with the newly
# created queryset from django guardian
qs.query.combine(self.query, 'AND')
return qs
def resources(self, resource_type=None):
"""
Returns a generator of objects that this group has permissions on.
:param resource_type: Filter's the queryset to objects with the same type.
"""
queryset = get_objects_for_group(
self.group, ['base.view_resourcebase', 'base.change_resourcebase'],
any_perm=True)
_queryset = []
if resource_type:
for item in queryset:
try:
if hasattr(item, resource_type):
_queryset.append(item)
except Exception as e:
logger.debug(e)
queryset = _queryset if _queryset else queryset
yield from queryset
def load_group_menu_perms(group_obj):
"""
获取权限组的所有菜单权限
:param group_obj: 组对象
:return:
"""
check_perm = "account.view_menus"
menu_perm_info = list()
all_menus_obj = Menus.objects.filter(is_avaible=1).order_by("menu_code")
# 获取组所能访问的菜单
if not group_obj:
# 组不存在,则所有权限认为为空
group_menu_obj = list()
else:
group_menu_obj = get_objects_for_group(group_obj, check_perm)
for menu_obj in all_menus_obj:
has_perm = 1 if menu_obj in group_menu_obj else 0
menu_perm = dict(id=menu_obj.id, name=menu_obj.menu_name, view=has_perm)
menu_perm_info.append(menu_perm)
return menu_perm_info
def update_repo_perms(apps, schema_editor):
""" Assign push repo perms to the namespace and distribution groups. """
AccessPolicy = apps.get_model('core', 'AccessPolicy')
push_repo_viewset = 'repositories/container/container-push'
dist_viewset = 'distributions/container/container'
namespace_viewset = 'pulp_container/namespaces'
viewset_names = (dist_viewset, namespace_viewset, push_repo_viewset)
existing_perms = (
'container.modify_content_containerpushrepository',
'container.namespace_modify_content_containerpushrepository',
)
groups_ns = Group.objects.filter(
name__regex=r'container.(distribution|namespace).(collaborators|owners)'
)
for viewset_name in viewset_names:
try:
db_access_policy = AccessPolicy.objects.get(
viewset_name=viewset_name)
except AccessPolicy.DoesNotExist:
pass
else:
if not db_access_policy.customized:
for perm in existing_perms:
for group in groups_ns:
objs = get_objects_for_group(group,
perm,
accept_global_perms=False)
for obj in objs:
if obj.ACCESS_POLICY_VIEWSET_NAME == namespace_viewset:
assign_perm(
'container.namespace_change_containerpushrepository',
group, obj)
elif obj.ACCESS_POLICY_VIEWSET_NAME == push_repo_viewset:
assign_perm(
'container.change_containerpushrepository',
group, obj)
def load_groups_perms(group_obj, app_label, model, custid=None):
"""
获取组在某个模块的所有权限对象
:param group_obj: 权限组对象
:param app_label: app名
:param model:models名
:return: 组包含的所有对象权限
"""
project_perm_obj = dict()
content_type = ContentType.objects.get(app_label=app_label, model=model)
check_perm_list = content_type.permission_set.all()
# 获取权限组对象拥有的所有project列表
for check_perm in check_perm_list:
perm_type = check_perm.codename.split("_")[0]
if not group_obj:
perm_projects = []
else:
perm_projects = get_objects_for_group(group_obj, "{0}.{1}".format(check_perm.content_type.app_label,
check_perm.codename))
# 对于分客户的处理,将单个组的所有权限对象进行客户过滤
if custid:
perm_projects.filter(object_pk__startswith=custid)
project_perm_obj.update({perm_type: perm_projects})
return project_perm_obj
def test_ensure_returns_queryset(self):
objects = get_objects_for_group(self.group1,
['contenttypes.change_contenttype'])
self.assertTrue(isinstance(objects, QuerySet))
def test_klass_as_queryset(self):
assign_perm('contenttypes.change_contenttype', self.group1, self.obj1)
objects = get_objects_for_group(self.group1, ['change_contenttype'],
ContentType.objects.all())
self.assertEqual(list(objects), [self.obj1])
def test_perms_single(self):
perm = 'contenttypes.change_contenttype'
assign_perm(perm, self.group1, self.obj1)
self.assertEqual(set(get_objects_for_group(self.group1, perm)),
set(get_objects_for_group(self.group1, [perm])))
def test_empty_perms_sequence(self):
self.assertEqual(
set(get_objects_for_group(self.group1, [], ContentType)), set())
def test_has_global_permission(self):
assign_perm('contenttypes.change_contenttype', self.group1)
objects = get_objects_for_group(self.group1,
['contenttypes.change_contenttype'])
self.assertEquals(set(objects), set(ContentType.objects.all()))
