def formfield_for_foreignkey(self, db_field, request, **kwargs):
if db_field.name in ("subject_field", "broader_concept"):
inner_qs = get_objects_for_user(request.user, ['is_lexicographer_in_this_glossary'], Glossary, False)
kwargs["queryset"] = Concept.objects.filter(glossary__in=inner_qs)
if db_field.name == "glossary":
kwargs["queryset"] = get_objects_for_user(request.user, ['is_lexicographer_in_this_glossary'], Glossary, False)
return super(ConceptAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def get_context(self):
super_context = super(self.__class__,self).get_context()
agents = Agent.objects.filter(enabled=True).order_by("name")
actions = {}
if not self.user.is_superuser:
if self.user.has_perm('agent.show_widget_agent'):
agents = get_objects_for_user(self.user, 'use_agent', Agent).filter(enabled=True).order_by("name")
#Fix added to filter agents actions on set acls
for agent in agents:
if not self.user.is_superuser:
current_actions = get_objects_for_user(self.user, 'use_action', Action).filter(agent=agent).order_by("name")
actions[agent.name] = current_actions
if not actions:
agents = {}
else:
agents = {}
operations = Operation.objects.filter(enabled=True).order_by("name")
if not self.user.is_superuser:
operations = get_objects_for_user(self.user, 'execute_operation', Operation).filter(enabled=True).order_by("name")
context_operations = kermit_modules.extract(ContextOperation)
automatic_operations = {}
if context_operations:
for c_op in context_operations:
if c_op.get_enabled(self.user):
menu_name = "Undefined"
if c_op.get_type():
menu_name = c_op.get_type()
if not menu_name in automatic_operations:
automatic_operations[menu_name] = []
automatic_operations[menu_name].extend(c_op.get_operations())
else:
logger.debug("Excluding operation %s. Not enabled for user %s" % (c_op.get_type(), self.user))
widget_context = {"agents":agents, "operations":operations, "actions": actions, 'automatic_operations':automatic_operations}
return dict(super_context.items() + widget_context.items())
def post(self, request, *args, **kwargs):
if request.POST.get("update_user_list"):
form = ActivityAndUsersForm(request.POST, initial={
"user": request.user,
"activities": get_objects_for_user(request.user, "administer_activity", mycoracle_models.ActivityProfile)
})
mycoracle_models.ActivityProfile = mycoracle_models.ActivityProfile.objects.get(pk=form["activities"].value)
request.session["organisation_users_current_activity"] = mycoracle_models.ActivityProfile
return redirect(reverse("organization_users_add_from_brand", args=(self.organization.id,)))
elif request.POST.get("save_group_users"):
form = ActivityAndUsersForm(request.POST, initial={
"user": request.user,
"activities": get_objects_for_user(request.user, "administer_activity", mycoracle_models.ActivityProfile)
})
c = 0
for u in form["users"].value():
try:
user = User.objects.get(pk=int(u))
self.organization.add_user(user)
c += 1
except IntegrityError as ie:
messages.warning(request, ie.message)
except User.DoesNotExist:
messages.error(request, _(u"This user ({0}) does not exist".format(u)))
messages.success(request, "{0} users added to group {1}".format(c, self.organization))
return redirect(reverse("organization_user_list", args=(self.organization.id,)))
def validate_ip_address(self, value):
ip_address = value
if ip_address:
user_pools = get_objects_for_user(
self.context['request'].user,
['network.add_records_to_pool', 'network.change_pool'],
any_perm=True
)
user_nets = get_objects_for_user(
self.context['request'].user,
['network.add_records_to_network', 'network.is_owner_network', 'network.change_network'],
any_perm=True
)
# Check address that are assigned and free to use
addresses = Address.objects.filter(
Q(pool__in=user_pools) | Q(pool__isnull=True) | Q(network__in=user_nets),
Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()),
Q(host__isnull=True) | Q(host=self.instance),
address=ip_address,
reserved=False
).values_list('address', flat=True)
if ip_address not in addresses:
raise serializers.ValidationError("The IP Address '%s' is reserved, in use, or not allowed." % ip_address)
return value
def __init__(self, *args, **kwargs):
self.instance = kwargs.pop('instance')
super(UserForm, self).__init__(*args, **kwargs)
self.can_use = get_objects_for_user(self.instance, 'can_use', DataSeries)
self.can_view = get_objects_for_user(self.instance, 'can_view', DataSeries)
self.initial['usable_countries']=[i.pk for i in self.can_use]
self.initial['read_countries']=[i.pk for i in self.can_view]
def get_document_selection(request):
minutes = get_objects_for_user(
request.user,
MinutesDocument.VIEW_PERMISSION_NAME,
klass=MinutesDocument.objects.all()
)
information_documents = get_objects_for_user(
request.user,
InformationDocument.VIEW_PERMISSION_NAME,
klass=InformationDocument.objects.all()
)
polls = get_objects_for_user(
request.user,
Poll.VIEW_PERMISSION_NAME,
klass=Poll.objects.all()
)
template = loader.get_template("search_api.json")
return template.render(
{
'minutes': minutes,
'information_documents': information_documents,
'polls': polls,
'id_only': True,
},
request,
)
def home(request):
if request.user.is_superuser:
users = User.objects.all()
else:
users = []
if not request.user.is_authenticated():
group = ExtendedGroup.objects.public_group()
projects = get_objects_for_group( group, "core.read_project" ).filter( is_catch_all=False )
workflow_engines = get_objects_for_group( group, "core.read_workflowengine" )
data_sets = get_objects_for_group( group, "core.read_dataset" )
workflows = get_objects_for_group( group, "core.read_workflow" ).filter( is_active=True )
unassigned_analyses = []
else:
projects = get_objects_for_user( request.user, "core.read_project" ).filter( is_catch_all=False )
try:
unassigned_analyses = request.user.get_profile().catch_all_project.analyses.all().order_by( "-time_start" )
except:
unassigned_analyses = []
logger.warning( "User " + request.user + " does not have a \"catch all\" project." )
workflow_engines = get_objects_for_user( request.user, "core.read_workflowengine" )
workflows = get_objects_for_user( request.user, "core.read_workflow" ).filter( is_active=True )
data_sets = get_objects_for_user( request.user, "core.read_dataset" )
return render_to_response('core/home.html', {'users': users, 'projects': projects, 'unassigned_analyses': unassigned_analyses, 'workflow_engines': workflow_engines, 'workflows': workflows, 'data_sets': data_sets }, context_instance=RequestContext( request ) )
def test_groups_perms(self):
group1 = Group.objects.create(name="group1")
group2 = Group.objects.create(name="group2")
group3 = Group.objects.create(name="group3")
groups = [group1, group2, group3]
for group in groups:
self.user.groups.add(group)
# Objects to operate on
ctypes = list(ContentType.objects.all().order_by("id"))
assign_perm("auth.change_group", self.user)
assign_perm("change_contenttype", self.user, ctypes[0])
assign_perm("change_contenttype", self.user, ctypes[1])
assign_perm("delete_contenttype", self.user, ctypes[1])
assign_perm("delete_contenttype", self.user, ctypes[2])
assign_perm("change_contenttype", groups[0], ctypes[3])
assign_perm("change_contenttype", groups[1], ctypes[3])
assign_perm("change_contenttype", groups[2], ctypes[4])
assign_perm("delete_contenttype", groups[0], ctypes[0])
objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"])
self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4]))
objects = get_objects_for_user(
self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"]
)
self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1]))
objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"])
self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4]))
def choices_for_request(self):
user_pools = get_objects_for_user(
self.request.user,
["network.add_records_to_pool", "network.change_pool"],
any_perm=True,
)
user_nets = get_objects_for_user(
self.request.user,
[
"network.add_records_to_network",
"network.is_owner_network",
"network.change_network",
],
any_perm=True,
)
self.choices = Address.objects.filter(
Q(pool__in=user_pools) | Q(pool__isnull=True),
Q(leases__isnull=True)
| Q(leases__abandoned=True)
| Q(leases__ends__lte=timezone.now()),
network__in=user_nets,
host__isnull=True,
reserved=False,
)
return super(AddressAvailableAutocomplete, self).choices_for_request()
def get_queryset(self,request):
print "Queryset called"
if request.user.is_superuser:
return super(ProjectAdmin,self).get_queryset(request)
projects = get_objects_for_user(request.user,'project_head',klass=Project)|get_objects_for_user(request.user,'collaborator',klass=Project)
print projects
return projects
def dehydrate(self, bundle):
anonymous_user = get_user_model().objects.get(username='******')
resources_with_view_permission = get_objects_for_user(bundle.request.user, 'catalog.view_resource')\
| get_objects_for_user(anonymous_user, 'catalog.view_resource')
category_res_with_view_perm = (bundle.obj.resource_set.all() & resources_with_view_permission)
bundle.data['resource_count'] = category_res_with_view_perm.count()
return bundle
def handle(self, *args, **options):
users = ['shaneshifflett', 'crondino']
requests = [1317]
for usr in users:
group = Group.objects.get(name=usr)
user = User.objects.get(username=usr)
print get_objects_for_user(user)
def by_dns_change_perms(self, user, pk=None):
if user.has_perm('network.change_network') or user.has_perm('network.is_owner_network'):
if pk:
qs = self.filter(pk=pk)
return qs[0] if qs else None
else:
return self.all()
else:
host_perms = get_objects_for_user(
user, ['hosts.is_owner_host', 'hosts.change_host'],
any_perm=True
).values_list('pk', flat=True)
network_perms = get_objects_for_user(
user, ['network.is_owner_network', 'network.add_records_to_network', 'network.change_network'],
any_perm=True
).values_list('pk', flat=True)
qs = self.filter(
Q(host__mac__in=list(host_perms)) |
Q(network__network__in=list(network_perms))
)
if pk:
qs = qs.filter(pk=pk).first()
return qs
def test_groups_perms(self):
group1 = Group.objects.create(name="group1")
group2 = Group.objects.create(name="group2")
group3 = Group.objects.create(name="group3")
groups = [group1, group2, group3]
for group in groups:
self.user.groups.add(group)
# Objects to operate on
ctypes = dict(((ct.id, ct) for ct in ContentType.objects.all()))
assign("change_contenttype", self.user, ctypes[1])
assign("change_contenttype", self.user, ctypes[2])
assign("delete_contenttype", self.user, ctypes[2])
assign("delete_contenttype", self.user, ctypes[3])
assign("change_contenttype", groups[0], ctypes[4])
assign("change_contenttype", groups[1], ctypes[4])
assign("change_contenttype", groups[2], ctypes[5])
assign("delete_contenttype", groups[0], ctypes[1])
objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"])
self.assertEqual(set(objects.values_list("id", flat=True)), set([1, 2, 4, 5]))
objects = get_objects_for_user(
self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"]
)
self.assertEqual(set(objects.values_list("id", flat=True)), set([1, 2]))
objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"])
self.assertEqual(set(objects.values_list("id", flat=True)), set([1, 2, 4, 5]))
def dashboard(request):
# allowed filters for clusters
default_filter = 'active'
clusters_filters = ['active', 'terminated', 'failed', 'all']
# the cluster filter defaults to active ones
clusters_shown = request.GET.get('clusters', default_filter)
if clusters_shown not in clusters_filters:
clusters_shown = default_filter
# get the model manager method depending on the cluster filter
# and call it to get the base queryset
clusters = get_objects_for_user(
request.user,
'clusters.view_cluster',
getattr(Cluster.objects, clusters_shown)().order_by('-start_date'),
use_groups=False,
with_superuser=False,
)
spark_jobs = get_objects_for_user(
request.user,
'jobs.view_sparkjob',
SparkJob.objects.all().order_by('-start_date'),
use_groups=False,
with_superuser=False,
)
context = {
'clusters': clusters,
'clusters_shown': clusters_shown,
'clusters_filters': clusters_filters,
'spark_jobs': spark_jobs,
}
return render(request, 'atmo/dashboard.html', context=context)
def get_queryset(self):
gp_can_view = get_objects_for_user(
self.request.user,
'ojuser.view_groupprofile',
with_superuser=True
)
self.problem_can_view_qs = Problem.objects.filter(groups__in=gp_can_view).distinct()
gp_can_change = get_objects_for_user(
self.request.user,
'ojuser.change_groupprofile',
with_superuser=True
)
self.problem_can_change_qs = Problem.objects.filter(groups__in=gp_can_change).distinct()
groups_can_delete = get_objects_for_user(
self.request.user,
'problem.delete_problem',
with_superuser=True
)
self.problem_can_delete_qs = Problem.objects.filter(pk__in=groups_can_delete).distinct()
self.problem_can_change_qs |= self.problem_can_delete_qs
self.problem_can_view_qs |= self.problem_can_change_qs
self.filter = ProblemFilter(
self.request.GET,
queryset=self.problem_can_view_qs,
user=self.request.user
)
return self.filter.qs
def get_tree_nodes(self, user, level, path):
logger.info("Calling get_tree_nodes for level: " + str(level))
if settings.FILTERS_CLASS:
classes = get_objects_for_user(user, 'access_puppet_class', PuppetClass).filter(enabled=True, level=level+1)
else:
classes = PuppetClass.objects.filter(enabled=True, level=level+1)
data = []
if path:
path = path.replace('_', '/')
else:
path = ''
for puppetclass in classes:
test_path=path+'/'+puppetclass.name
servers = Server.objects.filter(puppet_path__startswith=test_path)
if user != 'fooUser':
if not user.is_superuser and settings.FILTERS_SERVER:
servers = get_objects_for_user(user, 'use_server', Server).filter(puppet_path__startswith=test_path)
if len(servers)>0:
content = {"isFolder": "true", "isLazy": "false", "title": puppetclass.name, "level":puppetclass.level, "key":puppetclass.name, "filtername":puppetclass.name}
data.append(content)
else:
logger.info("Excluding class " + str(puppetclass) + " because there are no server inside")
#We cannot use / inside rest url, so / was substituted by _
#Here we revert this change to obtain a correct path
logger.info("Looking for servers in path: " + path)
servers = Server.objects.filter(puppet_path=path, deleted=False)
if user != 'fooUser':
if not user.is_superuser and settings.FILTERS_SERVER:
servers = get_objects_for_user(user, 'use_server', Server).filter(puppet_path=path, deleted=False)
for server in servers:
serverdata = {"title":server.fqdn, "url": settings.BASE_URL + "/server/details/"+server.hostname+"/", "key":server.fqdn, "filtername":server.hostname}
data.append(serverdata)
return json.dumps(data)
def post(self, request, *args, **kwargs):
if request.POST.get("update_user_list"):
form = ActivityAndUsersForm(request.POST, initial={
"user": request.user,
"activities": get_objects_for_user(request.user, "administer_activity", ActivityProfile)
})
activityProfile = ActivityProfile.objects.get(pk=form["activities"].value)
request.session["organisation_users_current_activity"] = activityProfile
return redirect(reverse("organization_users_add_from_activity", args=(self.organization.id,)))
elif request.POST.get("save_group_users"):
form = ActivityAndUsersForm(request.POST, initial={
"user": request.user,
"activities": get_objects_for_user(request.user, "administer_activity", ActivityProfile)
})
for u in form["users"].value():
try:
user = User.objects.get(int(u))
self.organization.add_user(user)
url = reverse("organization_detail", kwargs={"organization_pk": self.organization.pk})
if self.organization.send_signup_message and not self.organization.is_hidden:
utils.learning_line_post_message(request.user, User.objects.get(pk=int(u)),
DefaultFormatter().format(self.organization.signup_message,
self.organization.name,
"http://%s%s" % (
request.META["HTTP_HOST"], url)))
except IntegrityError as ie:
messages.warning(request, ie.message)
except User.DoesNotExist:
messages.error(request, _(u"This user ({0}) does not exist".format(u)))
return redirect(reverse("organization_user_list", args=(self.organization.id,)))
def by_change_perms(self, user, pk=None, ids_only=False):
# If global permission set, then return all.
if user.has_perm("hosts.change_host") or user.has_perm("hosts.is_owner_host"):
if pk:
qs = self.filter(pk=pk)
return qs[0] if qs else None
else:
return self.all()
else:
host_perms = get_objects_for_user(
user, ["hosts.is_owner_host", "hosts.change_host"], any_perm=True
).values_list("mac", flat=True)
domain_perms = get_objects_for_user(
user, ["dns.is_owner_domain", "dns.change_domain"], any_perm=True
).values_list("name", flat=True)
network_perms = get_objects_for_user(
user,
["network.is_owner_network", "network.change_network"],
any_perm=True,
).values_list("network", flat=True)
perms_q_list = [Q(hostname__endswith=name) for name in domain_perms]
perms_q_list.append(Q(mac__in=host_perms))
perms_q_list.append(Q(addresses__network__in=network_perms))
qs = self.filter(reduce(operator.or_, perms_q_list))
if pk:
qs = qs.filter(pk=pk).first()
if ids_only:
return tuple([host.pk for host in qs])
else:
return qs
def extend_projects(user, projects):
""" Adds the properties is_editable and is_catalogueable to all
projects passed.
"""
# Create sets of projects that are administrable and annotatable
# by the current user and unify them to one set. This will only
# work for authenticated users (i.e. not AnonymousUser)
administrable_projects = set(get_objects_for_user(user, 'can_administer', Project))
annotatable_projects = set(get_objects_for_user(user, 'can_annotate', Project))
administrable_projects.union(annotatable_projects)
# Just for readability, have another reference to the union
editable_projects = administrable_projects
# Find all the projects that are editable:
catalogueable_projects = set(x.project.id for x in \
Class.objects.filter(class_name='driver_line').select_related('project'))
result = []
for p in projects:
ex_p = ExProject(p,
user.is_superuser or p in editable_projects,
p.id in catalogueable_projects)
result.append(ex_p)
return result
def get(self, request, *args, **kwargs):
ctx = {}
ctx['requests'] = ShowRequest.objects.filter(user=request.user,status="NEW")
ctx['reviews'] = ShowRequest.objects.filter(status="NEW")
ctx['shows'] = get_objects_for_user(request.user, 'radioportal.change_show', Show).extra(
select={'lower_name': 'lower(name)'}).order_by('lower_name')
ctx['channels'] = get_objects_for_user(request.user, 'radioportal.change_channel').order_by('cluster')
return self.render_to_response(ctx)
def is_authorised(self, nick, chan, capability):
user = None
for d in self.users:
if nick.lower() == d['nick']:
user = d['object']
break
if not user:
return False
if user.is_superuser:
return True
# do a quick assert to make sure we have a valid permissions,
#if not the code is broken.
if chan == '#':
assert self._perm_exists(NetworkPermissions, capability)
else:
# Permissions don't make sense with regard to
# a private message window so we shouldn't be
# asking...
assert chan[0] == '#'
assert self._perm_exists(RoomPermissions, capability)
# Test if user is a bot_admin and if so they always
# have the capability
try:
net_perm = NetworkPermissions.objects.get(network=self.network)
except NetworkPermissions.DoesNotExist:
net_perm = None
if net_perm:
qs = get_objects_for_user(user, "bot_admin", NetworkPermissions)
if qs.filter(network=self.network).exists():
return True
if chan == '#':
qs = get_objects_for_user(user, capability, NetworkPermissions)
permission = qs.filter(network=self.network).exists()
return permission
else:
# Test if user is a room_admin for the room in question
# and if so they always have the capability
try:
room_perm = RoomPermissions.objects.get(network=self.network, room=chan.lower())
except RoomPermissions.DoesNotExist:
return False
qs = get_objects_for_user(user, 'room_admin', RoomPermissions)
permission = qs.filter(network=self.network, room=chan.lower()).exists()
if permission:
return True
qs = get_objects_for_user(user, capability, RoomPermissions)
permission = qs.filter(network=self.network, room=chan.lower()).exists()
return permission
def get_all_user_objects(user, permissions, klass,use_groups=True,any_perm=False):
qs = get_objects_for_user(user,permissions,klass,use_groups,any_perm)
if not hasattr(klass,'get_all_objects'):
return qs
params = {klass.__name__: qs.values_list('id', flat=True)}
for inherited in klass.inherited_classes:
qs = get_objects_for_user(user,permissions,inherited,use_groups,any_perm)
params[inherited.__name__]=qs.values_list('id', flat=True)
return klass.get_all_objects(params)
def test_anonymous(self):
self.user = AnonymousUser()
ctypes = ContentType.objects.all()
objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes)
obj1 = ContentType.objects.create(name="ct1", model="foo", app_label="guardian-tests")
assign_perm("change_contenttype", self.user, obj1)
objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes)
self.assertEqual(set([obj1]), set(objects))
def layer_acls(request):
"""
returns json-encoded lists of layer identifiers that
represent the sets of read-write and read-only layers
for the currently authenticated user.
"""
# the layer_acls view supports basic auth, and a special
# user which represents the geoserver administrator that
# is not present in django.
acl_user = request.user
if 'HTTP_AUTHORIZATION' in request.META:
try:
username, password = _get_basic_auth_info(request)
acl_user = authenticate(username=username, password=password)
# Nope, is it the special geoserver user?
if (acl_user is None and
username == ogc_server_settings.USER and
password == ogc_server_settings.PASSWORD):
# great, tell geoserver it's an admin.
result = {
'rw': [],
'ro': [],
'name': username,
'is_superuser': True,
'is_anonymous': False
}
return HttpResponse(json.dumps(result), mimetype="application/json")
except Exception:
pass
if acl_user is None:
return HttpResponse(_("Bad HTTP Authorization Credentials."),
status=401,
mimetype="text/plain")
# Include permissions on the anonymous user
all_readable = get_objects_for_user(acl_user, 'base.view_resourcebase')
all_writable = get_objects_for_user(acl_user, 'base.change_resourcebase')
read_only = [x.layer.typename for x in all_readable if x not in all_writable and hasattr(x, 'layer')]
read_write = [x.layer.typename for x in all_writable if x in all_readable and hasattr(x, 'layer')]
result = {
'rw': read_write,
'ro': read_only,
'name': acl_user.username,
'is_superuser': acl_user.is_superuser,
'is_anonymous': acl_user.is_anonymous(),
}
if acl_user.is_authenticated():
result['fullname'] = acl_user.first_name
result['email'] = acl_user.email
return HttpResponse(json.dumps(result), mimetype="application/json")
def get_enabled(self, user):
if not user.is_superuser:
agents = get_objects_for_user(user, 'use_agent', Agent).filter(enabled=True, name="oracledb")
if len(agents)==1:
action = get_objects_for_user(user, 'use_action', Action).filter(agent=agents[0], name="export_database")
return action and len(action)==1
else:
return False
else:
return True
def get_enabled(self, user):
if not user.is_superuser:
agents = get_objects_for_user(user, 'use_agent', Agent).filter(enabled=True, name="a7xoas")
if len(agents)==1:
action = get_objects_for_user(user, 'use_action', Action).filter(agent=agents[0], name="add_pool")
return action and len(action)==1
else:
return False
else:
return True
def get_queryset(self):
qs = super(MessageListView, self).get_queryset()
channel_type = ContentType.objects.get_for_model(Channel)
channel_ids = get_objects_for_user(self.request.user,
'change_channel', klass=Channel).values_list('id', flat=True)
channel_q = Q(content_type__pk=channel_type.id, object_id__in=channel_ids)
show_type = ContentType.objects.get_for_model(Show)
show_ids = get_objects_for_user(self.request.user,
'change_show', klass=Show).values_list('id', flat=True)
show_q = Q(content_type__pk=show_type.id, object_id__in=show_ids)
return qs.filter(channel_q | show_q)
def test_anonymous(self):
self.user = AnonymousUser()
ctypes = ContentType.objects.all()
objects = get_objects_for_user(self.user,
['contenttypes.change_contenttype'], ctypes)
obj1 = ContentType.objects.create(model='foo', app_label='guardian-tests')
assign_perm('change_contenttype', self.user, obj1)
objects = get_objects_for_user(self.user,
['contenttypes.change_contenttype'], ctypes)
self.assertEqual(set([obj1]), set(objects))
def user_edit_allowed(request):
result = {}
result['user_edit_allowed'] = {}
if (not request.user.is_superuser) and request.user.is_authenticated():
groups = get_objects_for_user(request.user, 'data.edit_group_timetable')
teachers = get_objects_for_user(request.user, 'data.edit_teacher_timetable')
result['user_edit_allowed']['groups'] = groups
result['user_edit_allowed']['teachers'] = teachers
return result
def csw_global_dispatch(request):
"""pycsw wrapper"""
# this view should only operate if pycsw_local is the backend
# else, redirect to the URL of the non-pycsw_local backend
if settings.CATALOGUE['default'][
'ENGINE'] != 'geonode.catalogue.backends.pycsw_local':
return HttpResponseRedirect(settings.CATALOGUE['default']['URL'])
mdict = dict(settings.PYCSW['CONFIGURATION'], **CONFIGURATION)
access_token = None
if request and request.user:
access_token = get_or_create_token(request.user)
if access_token and access_token.is_expired():
access_token = None
absolute_uri = ('%s' % request.build_absolute_uri())
query_string = ('%s' % request.META['QUERY_STRING'])
env = request.META.copy()
if access_token and not access_token.is_expired():
env.update({'access_token': access_token.token})
if 'access_token' not in query_string:
absolute_uri = ('%s&access_token=%s' %
(absolute_uri, access_token.token))
query_string = ('%s&access_token=%s' %
(query_string, access_token.token))
env.update({
'local.app_root': os.path.dirname(__file__),
'REQUEST_URI': absolute_uri,
'QUERY_STRING': query_string
})
# Save original filter before doing anything
mdict_filter = mdict['repository']['filter']
try:
# Filter out Layers not accessible to the User
authorized_ids = []
if request.user:
profiles = get_user_model().objects.filter(
username=str(request.user))
else:
profiles = get_user_model().objects.filter(
username="******")
if profiles:
authorized = list(
get_objects_for_user(profiles[0],
'base.view_resourcebase').values('id'))
layers = ResourceBase.objects.filter(
id__in=[d['id'] for d in authorized])
if layers:
authorized_ids = [d['id'] for d in authorized]
if len(authorized_ids) > 0:
authorized_layers = "(" + (", ".join(
str(e) for e in authorized_ids)) + ")"
authorized_layers_filter = "id IN " + authorized_layers
mdict['repository']['filter'] += " AND " + authorized_layers_filter
if request.user and request.user.is_authenticated:
mdict['repository']['filter'] = "({}) OR ({})".format(
mdict['repository']['filter'], authorized_layers_filter)
else:
authorized_layers_filter = "id = -9999"
mdict['repository']['filter'] += " AND " + authorized_layers_filter
# Filter out Documents and Maps
if 'ALTERNATES_ONLY' in settings.CATALOGUE[
'default'] and settings.CATALOGUE['default']['ALTERNATES_ONLY']:
mdict['repository']['filter'] += " AND alternate IS NOT NULL"
# Filter out Layers belonging to specific Groups
is_admin = False
if request.user:
is_admin = request.user.is_superuser if request.user else False
if not is_admin and settings.GROUP_PRIVATE_RESOURCES:
groups_ids = []
if request.user and request.user.is_authenticated:
for group in request.user.groups.all():
groups_ids.append(group.id)
group_list_all = []
try:
group_list_all = request.user.group_list_all().values(
'group')
except Exception:
pass
for group in group_list_all:
if isinstance(group, dict):
if 'group' in group:
groups_ids.append(group['group'])
else:
groups_ids.append(group.id)
public_groups = GroupProfile.objects.exclude(
access="private").values('group')
for group in public_groups:
if isinstance(group, dict):
if 'group' in group:
groups_ids.append(group['group'])
else:
groups_ids.append(group.id)
if len(groups_ids) > 0:
groups = "(" + (", ".join(str(e) for e in groups_ids)) + ")"
groups_filter = "(group_id IS NULL OR group_id IN " + groups + ")"
mdict['repository']['filter'] += " AND " + groups_filter
else:
groups_filter = "group_id IS NULL"
mdict['repository']['filter'] += " AND " + groups_filter
csw = server.Csw(mdict, env, version='2.0.2')
content = csw.dispatch_wsgi()
# pycsw 2.0 has an API break:
# pycsw < 2.0: content = xml_response
# pycsw >= 2.0: content = [http_status_code, content]
# deal with the API break
if isinstance(content, list): # pycsw 2.0+
content = content[1]
spaces = {
'csw': 'http://www.opengis.net/cat/csw/2.0.2',
'dc': 'http://purl.org/dc/elements/1.1/',
'dct': 'http://purl.org/dc/terms/',
'gmd': 'http://www.isotc211.org/2005/gmd',
'gml': 'http://www.opengis.net/gml',
'ows': 'http://www.opengis.net/ows',
'xs': 'http://www.w3.org/2001/XMLSchema',
'xsi': 'http://www.w3.org/2001/XMLSchema-instance',
'ogc': 'http://www.opengis.net/ogc',
'gco': 'http://www.isotc211.org/2005/gco',
'gmi': 'http://www.isotc211.org/2005/gmi'
}
for prefix, uri in spaces.items():
ET.register_namespace(prefix, uri)
if access_token and not access_token.is_expired():
tree = dlxml.fromstring(content)
for online_resource in tree.findall('*//gmd:CI_OnlineResource',
spaces):
try:
linkage = online_resource.find('gmd:linkage', spaces)
for url in linkage.findall('gmd:URL', spaces):
if url.text:
if '?' not in url.text:
url.text += "?"
else:
url.text += "&"
url.text += ("access_token=%s" %
(access_token.token))
url.set('updated', 'yes')
except Exception:
pass
content = ET.tostring(tree, encoding='utf8', method='xml')
finally:
# Restore original filter before doing anything
mdict['repository']['filter'] = mdict_filter
return HttpResponse(content, content_type=csw.contenttype)
def clean(self):
from openipam.dns.models import DnsRecord, DnsType
from openipam.network.models import Address
# Perform check to on hostname to not let users create a host
if self.hostname and self.hostname != self.original_hostname:
existing_hostname = Host.objects.filter(hostname=self.hostname).first()
if existing_hostname:
raise ValidationError(
"The hostname '%s' already exists." % (self.hostname)
)
existing_dns_hostname = (
DnsRecord.objects.filter(
dns_type__in=[DnsType.objects.A, DnsType.objects.AAAA],
name=self.hostname,
)
.exclude(host=self)
.first()
)
if existing_dns_hostname:
raise ValidationError(
"DNS Records already exist for this hostname: %s. "
" Please contact an IPAM Administrator." % (self.hostname)
)
# Perform permission checks if user is attached to this instance
# Domain permission checks if hostname has changed
if self.hostname and self.hostname != self.original_hostname:
domain_from_host = self.hostname.split(".")[1:]
domain_from_host = ".".join(domain_from_host)
valid_domain = get_objects_for_user(
self.user,
[
"dns.add_records_to_domain",
"dns.is_owner_domain",
"dns.change_domain",
],
any_perm=True,
).filter(name=domain_from_host)
if not valid_domain:
raise ValidationError(
"Insufficient permissions to add hosts "
"for domain: %s. Please contact an IPAM Administrator."
% domain_from_host
)
# Pool and Network permission checks
# Check for pool assignment and perms
if self.address_type and self.address_type.pool:
valid_pools = get_objects_for_user(
self.user,
["network.add_records_to_pool", "network.change_pool"],
any_perm=True,
)
if self.address_type.pool not in valid_pools:
raise ValidationError(
"Insufficient permissions to add hosts to "
"the assigned pool: %s. Please contact an IPAM Administrator."
% self.address_type.pool
)
# If network defined check for address assignment and perms
if self.network:
valid_network = get_objects_for_user(
self.user,
[
"network.add_records_to_network",
"network.is_owner_network",
"network.change_network",
],
any_perm=True,
)
if self.network.network not in [
network.network for network in valid_network
]:
raise ValidationError(
"Insufficient permissions to add hosts to "
"the assigned network: %s. Please contact an IPAM Administrator."
% self.network.network
)
# If IP Address defined, check validity and perms
if self.ip_address:
ip_address = self.ip_address
user_pools = get_objects_for_user(
self.user,
["network.add_records_to_pool", "network.change_pool"],
any_perm=True,
)
user_nets = get_objects_for_user(
self.user,
[
"network.add_records_to_network",
"network.is_owner_network",
"network.change_network",
],
any_perm=True,
)
# Make sure this is valid.
validate_ipv46_address(ip_address)
address = Address.objects.filter(
Q(pool__in=user_pools)
| Q(pool__isnull=True)
| Q(network__in=user_nets),
Q(leases__isnull=True)
| Q(leases__abandoned=True)
| Q(leases__ends__lte=timezone.now())
| Q(leases__host=self),
Q(host__isnull=True) | Q(host=self),
address=ip_address,
reserved=False,
)
if not address:
raise ValidationError(
"The IP Address is reserved, in use, or not allowed. "
"Please contact an IPAM Administrator."
)
def get_search(self, request, **kwargs):
self.method_check(request, allowed=['get'])
self.is_authenticated(request)
self.throttle_check(request)
# Get the list of objects that matches the filter
sqs = self.build_haystack_filters(request.GET)
if not settings.SKIP_PERMS_FILTER:
filter_set = get_objects_for_user(
request.user, 'base.view_resourcebase')
filter_set = get_visible_resources(
filter_set,
request.user if request else None,
admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
unpublished_not_visible=settings.RESOURCE_PUBLISHING,
private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
filter_set_ids = filter_set.values_list('id')
# Do the query using the filterset and the query term. Facet the
# results
if len(filter_set) > 0:
sqs = sqs.filter(id__in=filter_set_ids).facet('type').facet('subtype').facet(
'owner') .facet('keywords').facet('regions').facet('category')
else:
sqs = None
else:
sqs = sqs.facet('type').facet('subtype').facet(
'owner').facet('keywords').facet('regions').facet('category')
if sqs:
# Build the Facet dict
facets = {}
for facet in sqs.facet_counts()['fields']:
facets[facet] = {}
for item in sqs.facet_counts()['fields'][facet]:
facets[facet][item[0]] = item[1]
# Paginate the results
paginator = Paginator(sqs, request.GET.get('limit'))
try:
page = paginator.page(
int(request.GET.get('offset') or 0) /
int(request.GET.get('limit') or 0 + 1))
except InvalidPage:
raise Http404("Sorry, no results on that page.")
if page.has_previous():
previous_page = page.previous_page_number()
else:
previous_page = 1
if page.has_next():
next_page = page.next_page_number()
else:
next_page = 1
total_count = sqs.count()
objects = page.object_list
else:
next_page = 0
previous_page = 0
total_count = 0
facets = {}
objects = []
object_list = {
"meta": {
"limit": settings.CLIENT_RESULTS_LIMIT,
"next": next_page,
"offset": int(getattr(request.GET, 'offset', 0)),
"previous": previous_page,
"total_count": total_count,
"facets": facets,
},
"objects": [self.get_haystack_api_fields(x) for x in objects],
}
self.log_throttled_access(request)
return self.create_response(request, object_list)
def test_ensure_returns_queryset(self):
objects = get_objects_for_user(self.user, ['auth.change_group'])
self.assertTrue(isinstance(objects, QuerySet))
def test_perms_single(self):
perm = 'auth.change_group'
assign(perm, self.user, self.group)
self.assertEqual(set(get_objects_for_user(self.user, perm)),
set(get_objects_for_user(self.user, [perm])))
def test_processingnodes(self):
client = APIClient()
pnode = ProcessingNode.objects.create(hostname="localhost", port=999)
another_pnode = ProcessingNode.objects.create(hostname="localhost",
port=998)
# Cannot list processing nodes as guest
res = client.get('/api/processingnodes/')
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
res = client.get('/api/processingnodes/{}/'.format(pnode.id))
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
# Cannot get options as guest
res = client.get('/api/processingnodes/options/')
self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN)
client.login(username="******", password="******")
# Cannot list processing nodes, unless permissions have been granted
res = client.get('/api/processingnodes/')
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 0)
user = User.objects.get(username="******")
self.assertFalse(user.is_staff)
self.assertFalse(user.is_superuser)
self.assertFalse(user.has_perm('view_processingnode', pnode))
assign_perm('view_processingnode', user, pnode)
self.assertTrue(user.has_perm('view_processingnode', pnode))
# Now we can list processing nodes as normal user
res = client.get('/api/processingnodes/')
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 1)
self.assertTrue(res.data[0]["hostname"] == "localhost")
# Can use filters
res = client.get('/api/processingnodes/?id={}'.format(pnode.id))
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 1)
res = client.get('/api/processingnodes/?id={}'.format(
another_pnode.id))
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 0)
# Can filter nodes with valid options
res = client.get('/api/processingnodes/?has_available_options=true')
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 0)
res = client.get('/api/processingnodes/?has_available_options=false')
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 1)
self.assertTrue(res.data[0]['hostname'] == 'localhost')
# Can get single processing node as normal user
res = client.get('/api/processingnodes/{}/'.format(pnode.id))
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(res.data["hostname"] == "localhost")
# Verify online field exists
self.assertTrue("online" in res.data)
# Should be set to false
self.assertFalse(res.data['online'])
# Cannot delete a processing node as normal user
res = client.delete('/api/processingnodes/{}/'.format(pnode.id))
self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN)
# Cannot create a processing node as normal user
res = client.post('/api/processingnodes/', {
'hostname': 'localhost',
'port': '1000'
})
self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN)
client.login(username="******", password="******")
# Can delete a processing node as super user
res = client.delete('/api/processingnodes/{}/'.format(pnode.id))
self.assertTrue(res.status_code, status.HTTP_200_OK)
# Can create a processing node as super user
res = client.post('/api/processingnodes/', {
'hostname': 'localhost',
'port': '1000'
})
self.assertTrue(res.status_code, status.HTTP_200_OK)
# Verify node has been created
res = client.get('/api/processingnodes/')
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 2)
self.assertTrue(res.data[1]["port"] == 1000)
# Test available_options intersection
# (with normal user)
client.login(username="******", password="******")
user = User.objects.get(username="******")
self.assertFalse(user.is_superuser)
p1 = ProcessingNode.objects.create(hostname="invalid-host",
port=11223,
last_refreshed=timezone.now(),
available_options=[{
'name': 'a'
}, {
'name': 'b'
}])
p2 = ProcessingNode.objects.create(hostname="invalid-host-2",
port=11223,
last_refreshed=timezone.now(),
available_options=[{
'name': 'a'
}, {
'name': 'c'
}])
p3 = ProcessingNode.objects.create(hostname="invalid-host-3",
port=11223,
last_refreshed=timezone.now(),
available_options=[{
'name': 'd'
}])
p4 = ProcessingNode.objects.create(
hostname="invalid-host-4",
port=11223,
last_refreshed=timezone.now() -
datetime.timedelta(minutes=OFFLINE_MINUTES * 2),
available_options=[{
'name': 'd'
}]) # offline
assign_perm('view_processingnode', user, p1)
assign_perm('view_processingnode', user, p2)
assign_perm('view_processingnode', user, p4)
self.assertFalse(user.has_perm('view_processingnode', p3))
nodes_available = get_objects_for_user(
user,
'view_processingnode',
ProcessingNode,
accept_global_perms=False).exclude(available_options=dict())
self.assertTrue(len(nodes_available) == 3)
res = client.get('/api/processingnodes/options/')
self.assertEqual(res.status_code, status.HTTP_200_OK)
self.assertTrue(len(res.data) == 1)
self.assertTrue(res.data[0]['name'] == 'a')
def unified_elastic_search(request, resourcetype='base'):
import re
import requests
from elasticsearch import Elasticsearch
from six import iteritems
from guardian.shortcuts import get_objects_for_user
# elasticsearch_dsl overwrites any double underscores with a .
# this changes the default to not overwrite
import elasticsearch_dsl as edsl
def newDSLBaseInit(self, _expand__to_dot=False, **params):
self._params = {}
for pname, pvalue in iteritems(params):
if '__' in pname and _expand__to_dot:
pname = pname.replace('__', '.')
self._setattr(pname, pvalue)
edsl.utils.DslBase.__init__ = newDSLBaseInit
Search = edsl.Search
Q = edsl.query.Q
parameters = request.GET
es = Elasticsearch(settings.ES_URL)
search = Search(using=es)
# Set base fields to search
fields = ['title', 'text', 'abstract', 'title_alternate']
facets = [
'_index', 'type', 'subtype', 'owner__username', 'keywords', 'regions',
'category'
]
# Text search
query = parameters.get('q', None)
offset = int(parameters.get('offset', '0'))
limit = int(parameters.get('limit', settings.API_LIMIT_PER_PAGE))
# Make sure Category search works with either category__in or category__identifier__in
categories = parameters.getlist(
'category__in', parameters.getlist('category__identifier__in', None))
keywords = parameters.getlist(
'keywords__in', parameters.getlist('keywords__slug__in', None))
# Publication date range (start,end)
date_end = parameters.get("date__lte", None)
date_start = parameters.get("date__gte", None)
# Sort order
sort = parameters.get("order_by", "relevance")
# Geospatial Elements
bbox = parameters.get("extent", None)
# filter by resource type if included by path
logger.debug(
'-------------------------------------------------------------')
logger.debug('>>>>>>>>> Filtering by Resource Type %s <<<<<<<<<<<<<' %
resourcetype)
logger.debug(
'-------------------------------------------------------------')
if resourcetype == 'documents':
search = search.query("match", type_exact="document")
elif resourcetype == 'layers':
search = search.query("match", type_exact="layer")
elif resourcetype == 'maps':
search = search.query("match", type_exact="map")
# Filter geonode layers by permissions
if not settings.SKIP_PERMS_FILTER:
# Get the list of objects the user has access to
filter_set = get_objects_for_user(request.user,
'base.view_resourcebase')
if settings.RESOURCE_PUBLISHING:
filter_set = filter_set.filter(is_published=True)
filter_set_ids = map(str, filter_set.values_list('id', flat=True))
# Do the query using the filterset and the query term. Facet the
# results
q = Q({"match": {"_type": "layer"}})
if len(filter_set_ids) > 0:
q = Q({"terms": {"id": filter_set_ids}}) | q
search = search.query(q)
# Filter by Query Params
if query:
if query.startswith('"') or query.startswith('\''):
# Match exact phrase
phrase = query.replace('"', '')
search = search.query("multi_match",
type='phrase',
query=phrase,
fields=fields)
else:
words = [w for w in re.split('\W', query, flags=re.UNICODE) if w]
for i, search_word in enumerate(words):
if i == 0:
word_query = Q("multi_match",
query=search_word,
fields=fields)
elif search_word.upper() in ["AND", "OR"]:
pass
elif words[i - 1].upper() == "OR":
word_query = word_query | Q(
"multi_match", query=search_word, fields=fields)
else: # previous word AND this word
word_query = word_query & Q(
"multi_match", query=search_word, fields=fields)
# logger.debug('******* WORD_QUERY %s', word_query.to_dict())
search = search.query(word_query)
if bbox:
left, bottom, right, top = bbox.split(',')
leftq = Q({'range': {
'bbox_left': {
'gte': left
}
}}) | Q({'range': {
'min_x': {
'gte': left
}
}})
bottomq = Q({'range': {
'bbox_bottom': {
'gte': bottom
}
}}) | Q({'range': {
'min_y': {
'gte': bottom
}
}})
rightq = Q({'range': {
'bbox_right': {
'lte': right
}
}}) | Q({'range': {
'max_x': {
'lte': right
}
}})
topq = Q({'range': {
'bbox_top': {
'lte': top
}
}}) | Q({'range': {
'max_y': {
'lte': top
}
}})
q = leftq & bottomq & rightq & topq
search = search.query(q)
# filter by date
if date_start:
q = Q({'range': {
'date': {
'gte': date_start
}
}}) | Q({'range': {
'layer_date': {
'gte': date_start
}
}})
search = search.query(q)
if date_end:
q = Q({'range': {
'date': {
'lte': date_end
}
}}) | Q({'range': {
'layer_date': {
'lte': date_end
}
}})
search = search.query(q)
if categories:
q = Q({'terms': {'category_exact': categories}})
search = search.query(q)
if keywords:
q = Q({'terms': {'keywords_exact': keywords}})
search = search.query(q)
def facet_search(search, parameters, paramfield, esfield=None):
if esfield is None:
esfield = paramfield.replace('__in', '')
if esfield != '_index':
esfield = esfield + '_exact'
getparams = parameters.getlist(paramfield)
if getparams:
q = Q({'terms': {esfield: getparams}})
if esfield == 'type_exact':
q = q | Q({'terms': {'subtype_exact': getparams}})
return search.query(q)
return search
# Setup aggregations and filters for faceting
for f in facets:
param = '%s__in' % f
if f not in ['category', 'keywords']:
search = facet_search(search, parameters, param)
search.aggs.bucket(f, 'terms', field=f + '_exact')
# Apply sort
if sort.lower() == "-date":
search = search.sort(
{
"date": {
"order": "desc",
"missing": "_last",
"unmapped_type": "date"
}
}, {
"layer_date": {
"order": "desc",
"missing": "_last",
"unmapped_type": "date"
}
})
elif sort.lower() == "date":
search = search.sort(
{
"date": {
"order": "asc",
"missing": "_last",
"unmapped_type": "date"
}
}, {
"layer_date": {
"order": "asc",
"missing": "_last",
"unmapped_type": "date"
}
})
elif sort.lower() == "title":
search = search.sort('title')
elif sort.lower() == "-title":
search = search.sort('-title')
elif sort.lower() == "-popular_count":
search = search.sort('-popular_count')
else:
search = search.sort(
{
"date": {
"order": "desc",
"missing": "_last",
"unmapped_type": "date"
}
}, {
"layer_date": {
"order": "desc",
"missing": "_last",
"unmapped_type": "date"
}
})
# print search.to_dict()
search = search[offset:offset + limit]
results = search.execute()
# Get facet counts
facet_results = {}
for f in facets:
facet_results[f] = {}
for bucket in results.aggregations[f].buckets:
facet_results[f][bucket.key] = bucket.doc_count
# Get results
objects = []
for hit in results.hits.hits:
try:
source = hit.get('_source')
except: # No source
pass
result = {}
result['index'] = hit.get('_index', None)
for key, value in source.iteritems():
if key == 'bbox':
result['bbox_left'] = value[0]
result['bbox_bottom'] = value[1]
result['bbox_right'] = value[2]
result['bbox_top'] = value[3]
bbox_str = ','.join(map(str, value))
elif key == 'links':
# Get source link from Registry
xml = value['xml']
js = '%s/%s' % (settings.REGISTRYURL, re.sub(
r"xml$", "js", xml))
png = '%s/%s' % (settings.REGISTRYURL, value['png'])
result['registry_url'] = js
result['thumbnail_url'] = png
else:
result[key] = source.get(key, None)
objects.append(result)
object_list = {
"meta": {
"limit": limit,
"next": None,
"offset": offset,
"previous": None,
"total_count": results.hits.total,
"facets": facet_results,
},
"objects": objects,
}
return JsonResponse(object_list)
def vehicle_out_api(request):
try:
retval, retdetail = auth_check(request, 'group_user')
if retval != 0:
response.data = retdetail
return response
except Exception as ex:
logger.error('Cannot get role for [%s]' % str(request.user))
detail = {'detail': '%s.' % ex}
detail['status'] = STATUS_CODE['non_right']
logger.warning(response.data)
response.data = detail
return response
parklot_ids = request.GET.get('parking_lot_id')
plate_number = request.GET.get('plate_number')
start_index = request.GET.get('start_index')
max_results = request.GET.get('max_results')
m = RESULTS
start = 0
try:
if max_results:
m = int(max_results)
if m > MAX_RESULTS:
m = MAX_RESULTS
if m < 0:
m = RESULTS
if start_index:
start = int(start_index)
if start < 0:
start = 0
except Exception as ex:
start = 0
m = RESULTS
now = datetime.now(pytz.utc)
before = now + timedelta(days=-7)
before_str = before.strftime('%Y-%m-%d %H:%M:%S')
parklots = get_objects_for_user(request.user,
"parking.act_analyse_parkinglot")
if parklot_ids:
interparklot_ids = [
item.id for item in parklots if str(item.id) in parklot_ids
]
else:
interparklot_ids = [item.id for item in parklots]
print("interparklot_ids: %s" % interparklot_ids)
vehicleout_infos = VehicleOut.objects.filter(out_time__gt=before_str)
detail = {}
detail['kind'] = 'user#vehicle_out'
try:
#if parking_lot_id:
if interparklot_ids:
vehicleout_infos = vehicleout_infos.filter(
parking_lot_id__in=interparklot_ids)
if plate_number:
vehicleout_infos = vehicleout_infos.filter(
plate_number__startswith=plate_number)
if start > 0:
vehicleout_infos = vehicleout_infos.filter(pk__lt=start)
vehicleout_infos = vehicleout_infos.order_by('-out_time')
vehicleout_infos = vehicleout_infos[0:m]
if not vehicleout_infos.exists():
detail['records'] = [] #{'detail': 'No vehicle-out record.'}
detail['detail'] = 'No vehicle-out record.'
detail['status'] = STATUS_CODE['non_vehicleout_record']
return Response(detail)
serializer = VehicleOutSerializer(vehicleout_infos, many=True)
parklot_ids = list(set([i['parking_lot'] for i in serializer.data]))
except VehicleOut.DoesNotExist:
logger.error('Can not find vehicle-out records. ex: %s' % ex)
#if not isinstance(ex, VehicleOut.DoesNotExist):
detail['records'] = [] #{'detail': 'No vehicle-out record.'}
detail['detail'] = 'No vehicle-out record.'
detail['status'] = STATUS_CODE['non_vehicleout_record']
return Response(detail)
except Exception as ex:
detail['records'] = [] #{'detail': 'No vehicle-out record.'}
detail['detail'] = '%s.' % ex
detail['status'] = STATUS_CODE['database_err']
return Response(detail)
try:
parkinglots = ParkingLot.objects.filter(pk__in=parklot_ids)
lots_id2name = {i.id: i.name for i in parkinglots}
vehicleout_data = serializer.data
for i in vehicleout_data:
i['id'] = i['parking_lot']
i['parking_lot'] = lots_id2name[i['parking_lot']]
except (ParkingLot.DoesNotExist, Exception) as ex:
logger.error('Can not find parking lot has id[%d], ex: %s' %
(i.parking_lot, ex))
vehicleout_data['detail'] = "%s." % ex
for i in vehicleout_data:
i['id'] = i['parking_lot']
i['parking_lot'] = ''
#vehicleout_data['kind'] = 'user#vehicle_out'
#vehicleout_data['status'] = STATUS_CODE['success']
logger.info(vehicleout_data)
return Response(vehicleout_data)
def get_search(self, request, **kwargs):
self.method_check(request, allowed=['get'])
self.is_authenticated(request)
self.throttle_check(request)
# Get the list of objects that matches the filter
sqs = self.build_haystack_filters(request.GET)
if not settings.SKIP_PERMS_FILTER:
# Get the list of objects the user has access to
filter_set = get_objects_for_user(request.user,
'base.view_resourcebase')
if settings.RESOURCE_PUBLISHING:
filter_set = filter_set.filter(is_published=True)
filter_set_ids = filter_set.values_list('id')
# Do the query using the filterset and the query term. Facet the
# results
if len(filter_set) > 0:
sqs = sqs.filter(id__in=filter_set_ids).facet('type').facet('subtype').facet('owner')\
.facet('keywords').facet('regions').facet('category')
else:
sqs = None
else:
sqs = sqs.facet('type').facet('subtype').facet('owner').facet(
'keywords').facet('regions').facet('category')
if sqs:
# Build the Facet dict
facets = {}
for facet in sqs.facet_counts()['fields']:
facets[facet] = {}
for item in sqs.facet_counts()['fields'][facet]:
facets[facet][item[0]] = item[1]
# Paginate the results
paginator = Paginator(sqs, request.GET.get('limit'))
try:
page = paginator.page(
int(request.GET.get('offset')) /
int(request.GET.get('limit'), 0) + 1)
except InvalidPage:
raise Http404("Sorry, no results on that page.")
if page.has_previous():
previous_page = page.previous_page_number()
else:
previous_page = 1
if page.has_next():
next_page = page.next_page_number()
else:
next_page = 1
total_count = sqs.count()
objects = page.object_list
else:
next_page = 0
previous_page = 0
total_count = 0
facets = {}
objects = []
object_list = {
"meta": {
"limit": 100, # noqa
"next": next_page,
"offset": int(getattr(request.GET, 'offset', 0)),
"previous": previous_page,
"total_count": total_count,
"facets": facets,
},
'objects': map(lambda x: self.get_haystack_api_fields(x), objects),
}
self.log_throttled_access(request)
return self.create_response(request, object_list)
def facets(context):
request = context['request']
title_filter = request.GET.get('title__icontains', '')
extent_filter = request.GET.get('extent', None)
keywords_filter = request.GET.getlist('keywords__slug__in', None)
category_filter = request.GET.getlist('category__identifier__in', None)
regions_filter = request.GET.getlist('regions__name__in', None)
owner_filter = request.GET.getlist('owner__username__in', None)
date_gte_filter = request.GET.get('date__gte', None)
date_lte_filter = request.GET.get('date__lte', None)
date_range_filter = request.GET.get('date__range', None)
facet_type = context['facet_type'] if 'facet_type' in context else 'all'
if not settings.SKIP_PERMS_FILTER:
authorized = []
try:
authorized = get_objects_for_user(
request.user, 'base.view_resourcebase').values('id')
except BaseException:
pass
if facet_type == 'documents':
documents = Document.objects.filter(title__icontains=title_filter)
if category_filter:
documents = documents.filter(category__identifier__in=category_filter)
if regions_filter:
documents = documents.filter(regions__name__in=regions_filter)
if owner_filter:
documents = documents.filter(owner__username__in=owner_filter)
if date_gte_filter:
documents = documents.filter(date__gte=date_gte_filter)
if date_lte_filter:
documents = documents.filter(date__lte=date_lte_filter)
if date_range_filter:
documents = documents.filter(date__range=date_range_filter.split(','))
documents = get_visible_resources(
documents,
request.user if request else None,
admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
unpublished_not_visible=settings.RESOURCE_PUBLISHING,
private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
if keywords_filter:
treeqs = HierarchicalKeyword.objects.none()
for keyword in keywords_filter:
try:
kws = HierarchicalKeyword.objects.filter(name__iexact=keyword)
for kw in kws:
treeqs = treeqs | HierarchicalKeyword.get_tree(kw)
except BaseException:
# Ignore keywords not actually used?
pass
documents = documents.filter(Q(keywords__in=treeqs))
if not settings.SKIP_PERMS_FILTER:
documents = documents.filter(id__in=authorized)
counts = documents.values('doc_type').annotate(count=Count('doc_type'))
facets = dict([(count['doc_type'], count['count']) for count in counts])
return facets
else:
layers = Layer.objects.filter(title__icontains=title_filter)
if category_filter:
layers = layers.filter(category__identifier__in=category_filter)
if regions_filter:
layers = layers.filter(regions__name__in=regions_filter)
if owner_filter:
layers = layers.filter(owner__username__in=owner_filter)
if date_gte_filter:
layers = layers.filter(date__gte=date_gte_filter)
if date_lte_filter:
layers = layers.filter(date__lte=date_lte_filter)
if date_range_filter:
layers = layers.filter(date__range=date_range_filter.split(','))
layers = get_visible_resources(
layers,
request.user if request else None,
admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
unpublished_not_visible=settings.RESOURCE_PUBLISHING,
private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
if extent_filter:
bbox = extent_filter.split(
',') # TODO: Why is this different when done through haystack?
bbox = map(str, bbox) # 2.6 compat - float to decimal conversion
intersects = ~(Q(bbox_x0__gt=bbox[2]) | Q(bbox_x1__lt=bbox[0]) |
Q(bbox_y0__gt=bbox[3]) | Q(bbox_y1__lt=bbox[1]))
layers = layers.filter(intersects)
if keywords_filter:
treeqs = HierarchicalKeyword.objects.none()
for keyword in keywords_filter:
try:
kws = HierarchicalKeyword.objects.filter(name__iexact=keyword)
for kw in kws:
treeqs = treeqs | HierarchicalKeyword.get_tree(kw)
except BaseException:
# Ignore keywords not actually used?
pass
layers = layers.filter(Q(keywords__in=treeqs))
if not settings.SKIP_PERMS_FILTER:
layers = layers.filter(id__in=authorized)
counts = layers.values('storeType').annotate(count=Count('storeType'))
counts_array = []
try:
for count in counts:
counts_array.append((count['storeType'], count['count']))
except BaseException:
pass
count_dict = dict(counts_array)
vector_time_series = layers.exclude(has_time=False).filter(storeType='dataStore'). \
values('storeType').annotate(count=Count('storeType'))
if vector_time_series:
count_dict['vectorTimeSeries'] = vector_time_series[0]['count']
facets = {
'raster': count_dict.get('coverageStore', 0),
'vector': count_dict.get('dataStore', 0),
'vector_time': count_dict.get('vectorTimeSeries', 0),
'remote': count_dict.get('remoteStore', 0),
'wms': count_dict.get('wmsStore', 0),
}
# Break early if only_layers is set.
if facet_type == 'layers':
return facets
maps = Map.objects.filter(title__icontains=title_filter)
documents = Document.objects.filter(title__icontains=title_filter)
if category_filter:
maps = maps.filter(category__identifier__in=category_filter)
documents = documents.filter(category__identifier__in=category_filter)
if regions_filter:
maps = maps.filter(regions__name__in=regions_filter)
documents = documents.filter(regions__name__in=regions_filter)
if owner_filter:
maps = maps.filter(owner__username__in=owner_filter)
documents = documents.filter(owner__username__in=owner_filter)
if date_gte_filter:
maps = maps.filter(date__gte=date_gte_filter)
documents = documents.filter(date__gte=date_gte_filter)
if date_lte_filter:
maps = maps.filter(date__lte=date_lte_filter)
documents = documents.filter(date__lte=date_lte_filter)
if date_range_filter:
maps = maps.filter(date__range=date_range_filter.split(','))
documents = documents.filter(date__range=date_range_filter.split(','))
maps = get_visible_resources(
maps,
request.user if request else None,
admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
unpublished_not_visible=settings.RESOURCE_PUBLISHING,
private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
documents = get_visible_resources(
documents,
request.user if request else None,
admin_approval_required=settings.ADMIN_MODERATE_UPLOADS,
unpublished_not_visible=settings.RESOURCE_PUBLISHING,
private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES)
if extent_filter:
bbox = extent_filter.split(
',') # TODO: Why is this different when done through haystack?
bbox = map(str, bbox) # 2.6 compat - float to decimal conversion
intersects = ~(Q(bbox_x0__gt=bbox[2]) | Q(bbox_x1__lt=bbox[0]) |
Q(bbox_y0__gt=bbox[3]) | Q(bbox_y1__lt=bbox[1]))
maps = maps.filter(intersects)
documents = documents.filter(intersects)
if keywords_filter:
treeqs = HierarchicalKeyword.objects.none()
for keyword in keywords_filter:
try:
kws = HierarchicalKeyword.objects.filter(name__iexact=keyword)
for kw in kws:
treeqs = treeqs | HierarchicalKeyword.get_tree(kw)
except BaseException:
# Ignore keywords not actually used?
pass
maps = maps.filter(Q(keywords__in=treeqs))
documents = documents.filter(Q(keywords__in=treeqs))
if not settings.SKIP_PERMS_FILTER:
maps = maps.filter(id__in=authorized)
documents = documents.filter(id__in=authorized)
facets['map'] = maps.count()
facets['document'] = documents.count()
if facet_type == 'home':
facets['user'] = get_user_model().objects.exclude(
username='******').count()
facets['group'] = GroupProfile.objects.exclude(
access="private").count()
facets['layer'] = facets['raster'] + \
facets['vector'] + facets['remote'] + facets['wms'] # + facets['vector_time']
return facets
def get_queryset(self):
return get_objects_for_user(self.request.user, 'view_report', Report)
def read_list(self, object_list, bundle):
permitted_ids = get_objects_for_user(
bundle.request.user, 'base.view_resourcebase').values('id')
return object_list.filter(id__in=permitted_ids)
def delete_detail(self, object_list, bundle):
permitted_ids = get_objects_for_user(
bundle.request.user, 'layer.change_layer_style').values('id')
resource_obj = bundle.obj.get_self_resource()
return resource_obj in permitted_ids
def layer_acls(request):
"""
returns json-encoded lists of layer identifiers that
represent the sets of read-write and read-only layers
for the currently authenticated user.
"""
# the layer_acls view supports basic auth, and a special
# user which represents the geoserver administrator that
# is not present in django.
acl_user = request.user
if 'HTTP_AUTHORIZATION' in request.META:
try:
username, password = _get_basic_auth_info(request)
acl_user = authenticate(username=username, password=password)
# Nope, is it the special geoserver user?
if (acl_user is None and username == ogc_server_settings.USER
and password == ogc_server_settings.PASSWORD):
# great, tell geoserver it's an admin.
result = {
'rw': [],
'ro': [],
'name': username,
'is_superuser': True,
'is_anonymous': False
}
return HttpResponse(json.dumps(result),
content_type="application/json")
except Exception:
pass
if acl_user is None:
return HttpResponse(_("Bad HTTP Authorization Credentials."),
status=401,
content_type="text/plain")
# Include permissions on the anonymous user
# use of polymorphic selectors/functions to optimize performances
site_resources = resources_for_site()
resources_readable = get_objects_for_user(
acl_user, 'view_resourcebase',
ResourceBase.objects.instance_of(Layer).filter(id__in=site_resources))
layer_writable = get_objects_for_user(
acl_user, 'change_layer_data',
Layer.objects.filter(id__in=site_resources))
_read = set(
Layer.objects.filter(id__in=resources_readable).values_list('typename',
flat=True))
_write = set(layer_writable.values_list('typename', flat=True))
read_only = _read ^ _write
read_write = _read & _write
result = {
'rw': list(read_write),
'ro': list(read_only),
'name': acl_user.username,
'is_superuser': acl_user.is_superuser,
'is_anonymous': acl_user.is_anonymous(),
}
if acl_user.is_authenticated():
result['fullname'] = acl_user.get_full_name()
result['email'] = acl_user.email
return HttpResponse(json.dumps(result), content_type="application/json")
def sidebar_menu(request):
user = request.user
resolver_match = request.resolver_match
url_name = resolver_match.url_name
pk = resolver_match.kwargs.get('pk')
components = get_objects_for_user(
user=user, perms=('view_component', ), klass=Component).annotate(
has_star=Count('usercomponentstar')).order_by('-has_star', 'name')
components_stars = list(
UserComponentStar.objects.filter(user=request.user,
component__in=components).values_list(
'component_id', flat=True))
components_items = [{
'title':
component.name,
'url':
reverse('component_base_settings', kwargs={'pk': component.pk}),
'icon':
'angle-right',
'active':
url_name in [
'component_base_settings',
'component_env_settings',
'delete_component',
'update_component',
'update_component_base_settings',
'update_component_env_settings',
] and str(component.pk) == pk,
'has_star':
component.pk in components_stars
} for component in components[:25]]
if components.count() > 25:
components_items.append({
'title': _('Show All'),
'url': reverse('components'),
'icon': 'angle-double-right',
'active': url_name in [
'components',
]
})
if user.is_staff:
items = [
{
'title': _('Main menu'),
'header': True
},
{
'title':
_('Components'),
'url':
reverse('components') if not components_items else None,
'icon':
'th-large',
'children':
components_items,
'active':
url_name in [
'component_base_settings',
'component_env_settings',
'components',
'create_component',
'delete_component',
'update_component',
'update_component_base_settings',
'update_component_env_settings',
]
},
{
'title':
_('Environments'),
'url':
reverse('environments'),
'icon':
'cloud',
'active':
url_name in [
'environments', 'create_environment', 'update_environment',
'delete_environment'
]
},
{
'title': _('Logs'),
'url': reverse('logs'),
'icon': 'bars',
'active': url_name in [
'logs',
'log_detail',
]
},
{
'title':
_('Users'),
'url':
reverse('users'),
'icon':
'users',
'active':
url_name in [
'users',
'change_user_password',
'create_user',
'update_user',
'update_user_api_settings',
'update_user_permissions',
'update_user_permissions_by_model',
'delete_user',
]
},
{
'title': _('Global Settings'),
'url': reverse('update_global_settings'),
'icon': 'cogs',
'active': url_name in [
'update_global_settings',
]
},
]
else:
items = components_items
return {'items': items}
def sftp_file(request): ##上传
if request.method == "GET":
obj = get_objects_for_user(request.user, 'asset.change_asset')
return render(request, 'tasks/sftp.html', {
'asset_list': obj,
"tasks_active": "active",
"sftp_active": "active"
})
if request.method == 'POST':
ids = request.POST.getlist('id')
user = User.objects.get(username=request.user)
checker = ObjectPermissionChecker(user)
local_path = request.POST.get("local_path")
server_path = request.POST.get("server_path")
ids1 = []
for i in ids:
assets = asset.objects.get(id=i)
if checker.has_perm(
'delete_asset',
assets,
) == True:
ids1.append(i)
user = request.user
idstring = ','.join(ids1)
if not ids:
error_1 = "请选择主机"
ret = {"error": error_1, "status": False}
return HttpResponse(json.dumps(ret))
elif not local_path or not server_path:
error_2 = "请输入上传文件目录及文件名"
ret = {"error": error_2, "status": False}
return HttpResponse(json.dumps(ret))
obj = asset.objects.extra(where=['id IN (' + idstring + ')'])
ret = {}
ret['data'] = []
for i in obj:
try:
s = sftp(ip=i.network_ip,
port=i.port,
username=i.system_user.username,
password=i.system_user.password,
local_path=local_path,
server_path=server_path)
historys = history.objects.create(
ip=i.network_ip,
root=i.system_user,
port=i.port,
cmd="上传{}".format(server_path),
user=user)
if s == None or s['data'] == '':
s = {}
s['ip'] = i.network_ip
s['data'] = "返回值为空,可能是权限不够。"
ret['data'].append(s)
except Exception as e:
ret['data'].append({
"ip": i.network_ip,
"data": "账号密码不对,{}".format(e)
})
return HttpResponse(json.dumps(ret))
def to_representation(self, instance):
ret = super(GroupSerializer, self).to_representation(instance)
# add header_logo
# before check macrogroups number anche if is equal to 1 use it
try:
macrogroup = instance.macrogroups.get(use_logo_client=True)
ret['header_logo_img'] = macrogroup.logo_img.name
except:
ret['header_logo_img'] = instance.header_logo_img.name
try:
macrogroup = instance.macrogroups.get(use_title_client=True)
ret['name'] = macrogroup.title
except:
# change groupData name with title for i18n app
ret['name'] = instance.title
# add crs:
ret['crs'] = int(str(self.instance.srid.srid))
ret['proj4'] = self.instance.srid.proj4text
# map controls
ret['mapcontrols'] = [mapcontrol.name for mapcontrol in instance.mapcontrols.all()]
# add projects to group
ret['projects'] = []
self.projects = {}
anonymous_user = get_user_model().get_anonymous()
for g3wProjectApp in settings.G3WADMIN_PROJECT_APPS:
Project = apps.get_app_config(g3wProjectApp).get_model('project')
projects = get_objects_for_user(self.request.user, '{}.view_project'.format(g3wProjectApp), Project) \
.filter(group=instance)
projects_anonymous = get_objects_for_user(anonymous_user, '{}.view_project'.format(g3wProjectApp),
Project).filter(group=instance)
projects = list(set(projects) | set(projects_anonymous))
for project in projects:
self.projects[g3wProjectApp+'-'+str(project.id)] = project
# project thumbnail
project_thumb = project.thumbnail.name if bool(project.thumbnail.name) \
else '{}client/images/FakeProjectThumb.png'.format(settings.STATIC_URL)
ret['projects'].append({
'id': project.id,
'title': project.title,
'description': project.description,
'thumbnail': project_thumb,
'type': g3wProjectApp,
'gid': "{}:{}".format(g3wProjectApp, project.id)
})
# baselayers
ret['baselayers'] = []
baselayers = instance.baselayers.all()
for baselayer in baselayers:
ret['baselayers'].append(BaseLayerSerializer(baselayer).data)
# add initproject and overviewproject
ret['initproject'] = "{}:{}".format(self.projectType, self.projectId)
# add overviewproject is present
overviewproject = instance.project_panoramic.all()
if overviewproject:
overviewproject = overviewproject[0]
ret['overviewproject'] = {
'id': int(overviewproject.project_id),
'type': overviewproject.project_type,
'gid': "{}:{}".format(overviewproject.project_type, overviewproject.project_id)
}
else:
ret['overviewproject'] = None
ret['plugins'] = {}
# plugins/module data
dataPlugins = initconfig_plugin_start.send(sender=self, project=self.projectId, projectType=self.projectType)
for dataPlugin in dataPlugins:
if dataPlugin[1]:
ret['plugins'] = copy(ret['plugins'])
ret['plugins'].update(dataPlugin[1])
# powerd_by
ret['powered_by'] = settings.G3WSUITE_POWERD_BY
# header customs links
header_custom_links = getattr(settings, 'G3W_CLIENT_HEADER_CUSTOM_LINKS', None)
ret['header_custom_links'] = []
if header_custom_links:
# check for possible callback
for head_link in header_custom_links:
if callable(head_link):
ret['header_custom_links'].append(head_link(self.request))
else:
ret['header_custom_links'].append(head_link)
# custom layout
ret['layout'] = {}
# add legend settings if set to layout
layout_legend = getattr(settings, 'G3W_CLIENT_LEGEND', None)
if layout_legend:
ret['layout']['legend'] = layout_legend
# add legend settings if set to layout
layout_right_panel = getattr(settings, 'G3W_CLIENT_RIGHT_PANEL', None)
if layout_right_panel:
ret['layout']['rightpanel'] = layout_right_panel
return ret
def filter_by_user_perms(self, user, permission):
return get_objects_for_user(user, permission, self)
def get_queryset(self):
return get_objects_for_user(self.request.user, 'view_investigation',
Investigation)
def get_queryset(self, **kwargs):
"""
Filter Apps by `owner` attribute or the `api.use_app` permission.
"""
return super(AppViewSet, self).get_queryset(**kwargs) | \
get_objects_for_user(self.request.user, 'api.use_app')
def cmd(request): ##命令行
if request.method == "GET":
obj = get_objects_for_user(request.user, 'asset.change_asset')
return render(request, 'tasks/cmd.html', {
'asset_list': obj,
"tasks_active": "active",
"cmd_active": "active"
})
if request.method == 'POST':
ids = request.POST.getlist('id')
args = request.POST.getlist('args', None)
module = request.POST.getlist('module', None)
user = User.objects.get(username=request.user)
checker = ObjectPermissionChecker(user)
ids1 = []
for i in ids:
assets = asset.objects.get(id=i)
if checker.has_perm(
'task_asset',
assets,
) == True:
ids1.append(i)
else:
error_3 = "主机没有权限"
ret = {"error": error_3, "status": False}
return HttpResponse(json.dumps(ret))
idstring = ','.join(ids1)
if not ids:
error_1 = "请选择主机"
ret = {"error": error_1, "status": False}
return HttpResponse(json.dumps(ret))
elif args == ['']:
error_2 = "请输入命令"
ret = {"error": error_2, "status": False}
return HttpResponse(json.dumps(ret))
obj = asset.objects.extra(where=['id IN (' + idstring + ')'])
ret = {'data': []}
tasks = []
for x in range(len(module)):
tasks.append(
{
"action": {
"module": module[x],
"args": args[x]
},
"name": 'task{}'.format(x)
}, )
for i in obj:
try:
assets = [
{
"hostname": 'host',
"ip": i.network_ip,
"port": i.port,
"username": i.system_user.username,
"password": decrypt_p(i.system_user.password),
},
]
inventory = BaseInventory(assets)
runner = AdHocRunner(inventory)
retsult = runner.run(tasks, "all")
ret1 = []
for c in range(len(module)):
try:
ret1.append(retsult.results_raw['ok']['host'][
'task{}'.format(c)]['stdout'])
except Exception as e:
if retsult.results_summary['dark'] == ['']:
ret1.append("执行成功")
else:
ret1.append("命令有问题,{}".format(
retsult.results_summary['dark']))
history.objects.create(ip=i.network_ip,
root=i.system_user,
port=i.port,
cmd=args,
user=user)
ret2 = {'ip': i.network_ip, 'data': '\n'.join(ret1)}
ret['data'].append(ret2)
except Exception as e:
ret['data'].append({
"ip": i.network_ip,
"data": "账号密码不对,{}".format(e)
})
return HttpResponse(json.dumps(ret))
def dehydrate_layers_count(self, bundle):
request = bundle.request
obj_with_perms = get_objects_for_user(request.user,
'base.view_resourcebase').instance_of(Layer)
filter_set = bundle.obj.resourcebase_set.filter(id__in=obj_with_perms.values('id'))
if not settings.SKIP_PERMS_FILTER:
is_admin = False
is_staff = False
is_manager = False
if request.user:
is_admin = request.user.is_superuser if request.user else False
is_staff = request.user.is_staff if request.user else False
try:
is_manager = request.user.groupmember_set.all().filter(role='manager').exists()
except:
is_manager = False
# Get the list of objects the user has access to
if settings.ADMIN_MODERATE_UPLOADS:
if not is_admin and not is_staff:
if is_manager:
groups = request.user.groups.all()
group_list_all = []
try:
group_list_all = request.user.group_list_all().values('group')
except:
pass
public_groups = GroupProfile.objects.exclude(access="private").values('group')
try:
anonymous_group = Group.objects.get(name='anonymous')
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=groups) |
Q(group__in=group_list_all) | Q(group__in=public_groups) |
Q(group=anonymous_group) |
Q(owner__username__iexact=str(request.user)))
except:
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=groups) |
Q(group__in=group_list_all) | Q(group__in=public_groups) |
Q(owner__username__iexact=str(request.user)))
else:
filter_set = filter_set.filter(Q(is_published=True) |
Q(owner__username__iexact=str(request.user)))
if settings.RESOURCE_PUBLISHING:
if not is_admin and not is_staff:
if is_manager:
groups = request.user.groups.all()
group_list_all = []
try:
group_list_all = request.user.group_list_all().values('group')
except:
pass
public_groups = GroupProfile.objects.exclude(access="private").values('group')
try:
anonymous_group = Group.objects.get(name='anonymous')
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=groups) |
Q(group__in=public_groups) | Q(group__in=group_list_all) |
Q(group=anonymous_group) |
Q(owner__username__iexact=str(request.user)))
except:
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=groups) |
Q(group__in=group_list_all) | Q(group__in=public_groups) |
Q(owner__username__iexact=str(request.user)))
else:
filter_set = filter_set.filter(Q(is_published=True) |
Q(owner__username__iexact=str(request.user)))
try:
anonymous_group = Group.objects.get(name='anonymous')
except:
anonymous_group = None
if settings.GROUP_PRIVATE_RESOURCES:
public_groups = GroupProfile.objects.exclude(access="private").values('group')
if is_admin:
filter_set = filter_set
elif request.user:
groups = request.user.groups.all()
group_list_all = []
try:
group_list_all = request.user.group_list_all().values('group')
except:
pass
if anonymous_group:
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=groups) |
Q(group__in=group_list_all) | Q(group__in=public_groups) |
Q(group=anonymous_group) |
Q(owner__username__iexact=str(request.user)))
else:
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=public_groups) |
Q(group__in=group_list_all) | Q(group__in=groups) |
Q(owner__username__iexact=str(request.user)))
else:
if anonymous_group:
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=public_groups) | Q(group=anonymous_group))
else:
filter_set = filter_set.filter(
Q(group__isnull=True) | Q(group__in=public_groups))
return filter_set.distinct().count()
def get_queryset(self, *args, **kwargs):
qs = super().get_queryset(*args, **kwargs)
return get_objects_for_user(**self.get_get_objects_for_user_kwargs(qs))
def get_queryset(self, *args, **kwargs):
return get_objects_for_user(self.request.user,
'tom_targets.change_target')
def Inception(request): ##Inception 审核
if request.method == "GET":
obj = get_objects_for_user(request.user, 'db.change_db_mysql')
return render(request, 'tasks/Inception.html', {
'sql_list': obj,
"tasks_active": "active",
"sql_active": "active"
})
if request.method == 'POST':
ids = request.POST.getlist('id')
sql_db = request.POST.get('sql', None)
user = User.objects.get(username=request.user)
checker = ObjectPermissionChecker(user)
ids1 = []
for i in ids:
assets = db_mysql.objects.get(id=i)
if checker.has_perm(
'delete_db_mysql',
db_mysql,
) == True:
ids1.append(i)
user = request.user
idstring = ','.join(ids1)
if not ids:
error_1 = "请选择数据库"
ret = {"error": error_1, "status": False}
return HttpResponse(json.dumps(ret))
elif not sql_db:
error_2 = "请输入命令"
ret = {"error": error_2, "status": False}
return HttpResponse(json.dumps(ret))
obj = db_mysql.objects.extra(where=['id IN (' + idstring + ')'])
ret = {}
ret['data'] = []
for i in obj:
try:
historys = history.objects.create(ip=i.ip,
root=i.db_user.username,
port=i.port,
cmd="审核:{0}".format(sql_db),
user=user)
s = sql(user=i.db_user.username,
password=i.db_user.password,
host=i.ip,
port=i.port,
sqls=sql_db)
if s == None or s['data'] == '':
s = {}
s['ip'] = i.ip
s['data'] = "返回值为空,可能是权限不够。"
ret['data'].append(s)
except Exception as e:
ret['data'].append({"ip": i.ip, "data": "账号密码不对,{}".format(e)})
return HttpResponse(json.dumps(ret))
def test_empty_perms_sequence(self):
self.assertEqual(
set(get_objects_for_user(self.user, [], Group.objects.all())),
set())
def under_limit(self, user):
meta_name = self.serializer_class.Meta.model._meta.model_name
permission_name = 'script_builder.change_{}'.format(meta_name)
current_objects = get_objects_for_user(user, permission_name)
return len(current_objects) <= self.USER_OBJECT_LIMIT or user.is_superuser
def add_ip_address(self, user=None, ip_address=None, network=None, hostname=None):
from openipam.network.models import Network, Address
from openipam.dns.models import DnsRecord, DnsType
user = user or self._user
if not user:
raise Exception("A User must be given to add ip addresses.")
if not hostname:
raise ValidationError("A hostname is required.")
address = None
# Check to see if hostname already taken for any hosts other then the current one if being updated.
used_hostname = (
DnsRecord.objects.filter(
dns_type__in=[DnsType.objects.A, DnsType.objects.AAAA], name=hostname
)
.exclude(ip_content__address=self.master_ip_address)
.first()
)
if used_hostname:
raise ValidationError(
"Hostname %s is already assigned to DNS A Record: %s."
% (hostname, used_hostname.ip_content)
)
user_pools = get_objects_for_user(
user, ["network.add_records_to_pool", "network.change_pool"], any_perm=True
)
user_nets = get_objects_for_user(
user,
[
"network.add_records_to_network",
"network.is_owner_network",
"network.change_network",
],
any_perm=True,
)
if network:
if isinstance(network, string_types):
network = Network.objects.get(network=network)
if not user_nets.filter(network=network.network):
raise ValidationError(
"You do not have access to assign host '%s' to the "
"network specified: %s." % (hostname, network)
)
try:
network_address = (
Address.objects.filter(
Q(pool__in=user_pools) | Q(pool__isnull=True),
Q(leases__isnull=True)
| Q(leases__abandoned=True)
| Q(leases__ends__lte=timezone.now())
| Q(leases__host=self),
network=network,
host__isnull=True,
reserved=False,
)
.order_by("address")
.first()
)
if not network_address:
raise Address.DoesNotExist
else:
address = network_address
except ValidationError:
raise ValidationError("The network '%s' is invalid." % network)
except Address.DoesNotExist:
raise ValidationError(
"There are no avaiable addresses for the network entered: %s"
% network
)
elif ip_address:
# Validate IP Address
try:
validate_ipv46_address(ip_address)
except ValidationError:
raise ValidationError(
"IP Address %s is invalid. Enter a valid IPv4 or IPv6 address."
% ip_address
)
if ip_address in self.ip_addresses:
raise ValidationError(
"IP address %s is already assigned to this host." % ip_address
)
try:
address = Address.objects.get(
Q(pool__in=user_pools)
| Q(pool__isnull=True)
| Q(network__in=user_nets),
Q(leases__isnull=True)
| Q(leases__abandoned=True)
| Q(leases__ends__lte=timezone.now())
| Q(leases__host=self),
Q(host__isnull=True) | Q(host=self),
address=ip_address,
reserved=False,
)
except ValidationError:
raise ValidationError(
"There IP Address %s is not available." % ip_address
)
except Address.DoesNotExist:
raise ValidationError(
"There are no avaiable addresses for the IP entered: %s"
% ip_address
)
else:
raise ValidationError(
"A Network or IP Address must be given to assign this host an address."
)
# Make sure pool is clear on addresses we are assigning.
address.pool_id = None
address.host = self
address.changed_by = user
address.save()
# Update A and PTR dns records
self.add_dns_records(user=user, hostname=hostname, address=address)
return address
def test_klass_as_queryset(self):
assign('auth.change_group', self.user, self.group)
objects = get_objects_for_user(self.user, ['auth.change_group'],
Group.objects.all())
self.assertEqual([obj.name for obj in objects], [self.group.name])
def dehydrate_documents_count(self, bundle):
obj_with_perms = get_objects_for_user(bundle.request.user,
'base.view_resourcebase').instance_of(Document)
return bundle.obj.resourcebase_set.filter(id__in=obj_with_perms.values('id')).distinct().count()
