def q_test(request): context = add_parameters_to_context(request) project = QProject.objects.get(pk=1) # work out user roles... project_authenticated = project.authenticated current_user = request.user is_admin = is_admin_of(current_user, project) is_user = is_user_of(current_user, project) is_member = is_member_of(current_user, project) is_pending = is_pending_of(current_user, project) can_view = True can_edit = not project_authenticated or (is_user or is_admin) can_customize = not project_authenticated or is_admin can_join = current_user.is_authenticated() and not (is_member or is_user or is_admin) can_delete = is_admin can_manage = is_admin can_publish = is_user or is_admin # gather all the extra information required by the template template_context = { "project": project, "can_customize": can_customize, "can_edit": can_edit, "can_view": can_view, "can_join": can_join, "can_delete": can_delete, "can_manage": can_manage, "can_publish": can_publish, } return render_to_response('questionnaire/q_test.html', template_context, context_instance=context)
def has_object_permission(self, request, view, obj): # anybody can submit GET, HEAD, or OPTIONS requests if request.method in permissions.SAFE_METHODS: return True # only the superuser or the project admin can submit PUT, POST, or DELETE requests current_user = request.user if current_user.is_superuser or is_admin_of(current_user, obj): return True else: return False
def has_object_permission(self, request, view, obj): # anybody can submit GET, HEAD, or OPTIONS requests if request.method in permissions.SAFE_METHODS: return True project = obj.project if not project.authenticated: return True # every other request requires project admin permissions current_user = request.user return current_user.is_authenticated() and is_admin_of(current_user, project)
def q_project(request, project_name=None): context = add_parameters_to_context(request) try: project = QProject.objects.get(name=project_name) except QProject.DoesNotExist: if not project_name: msg = u"Please specify a project name." else: msg = u"Unable to locate project '%s'" % (project_name) return q_error(request, error_msg=msg) if not project.is_active: msg = u"This project has been disabled." return q_error(request, error_msg=msg) # work out user roles... project_authenticated = project.authenticated current_user = request.user can_view = True # is_member_of(current_user, project) or not project_authenticated can_edit = not project_authenticated or (is_user_of(current_user, project) or is_admin_of(current_user, project)) can_customize = not project_authenticated or is_admin_of(current_user, project) can_join = current_user.is_authenticated() and not (is_member_of(current_user, project) and is_user_of(current_user, project) and is_admin_of(current_user, project)) can_delete = is_admin_of(current_user, project) # TODO: # has_published = project.models.published_documents().count() > 0 has_published = project.models_bak.filter(is_document=True, is_root=True, is_published=True).count() > 0 # gather all the extra information required by the template _dict = { "project": project, "can_customize": can_customize, "can_edit": can_edit, "can_view": can_view, "can_join": can_join, "can_delete": can_delete, "has_published": has_published, } return render_to_response('questionnaire/q_project.html', _dict, context_instance=context)
def q_project_add_member(request, project_name=None): """ approve a project join request :param request: :param project_name: :return: """ valid_request, msg = validate_request(request) if not valid_request: return HttpResponseForbidden(msg) try: project = QProject.objects.get(name=project_name) except QProject.DoesNotExist: msg = u"Unable to locate project '%s'" % project_name return HttpResponseBadRequest(msg) if not project.is_active: msg = u"This project has been disabled." return HttpResponseBadRequest(msg) user_id = request.POST.get("user_id") try: user = User.objects.get(pk=user_id) except User.DoesNotExist: msg = u"Unable to locate user" return HttpResponseBadRequest(msg) if not is_admin_of(request.user, project): msg = u"This user has not requested to join this project" return HttpResponseBadRequest(msg) if not is_pending_of(user, project): msg = u"This user has not requested to join this project" return HttpResponseBadRequest(msg) if project_join(project, user, site=request.current_site): serialized_user = QProjectUserSerializer(user).data return JsonResponse(serialized_user) else: msg = "Error adding user to project." messages.add_message(request, messages.ERROR, msg) return JsonResponse({"msg": msg})
def q_customization_delete(request): # check the request was valid... valid_request, msg = validate_request(request) if not valid_request: return HttpResponseForbidden(msg) # check the requested customization exists... customization_id = request.POST.get("customization_id") try: customization = QModelCustomization.objects.get(id=customization_id) project = customization.project except QModelCustomization.DoesNotExist: msg = u"Unable to locate customization w/ id '%s'" % customization_id return HttpResponseBadRequest(msg) # check the user has permission to delete the customization... current_user = request.user if project.authenticated: if not current_user.is_authenticated() or not is_admin_of(current_user, project): msg = "{0} does not have permission to delete {1}".format(current_user, customization) return HttpResponseForbidden(msg) # check the customization can be deleted... if customization.is_default: msg = u"You cannot delete the default customization." return HttpResponseBadRequest(msg) # delete it! customization.delete() # make sure the customization no loner exists... try: customization.refresh_from_db() msg = "Error deleting customization" messages.add_message(request, messages.ERROR, msg) except QModelCustomization.DoesNotExist: msg = "You have successfully deleted this customization." messages.add_message(request, messages.INFO, msg) return JsonResponse({"msg": msg})
def q_customize_new(request, project_name=None, ontology_key=None, document_type=None): # save any request parameters... # (in case of redirection) context = add_parameters_to_context(request) # check the arguments... validity, project, ontology, proxy, msg = validate_view_arguments( project_name=project_name, ontology_key=ontology_key, document_type=document_type ) if not validity: return q_error(request, msg) # check authentication... # (not using "@login_required" b/c some projects ignore authentication) if project.authenticated: current_user = request.user if not current_user.is_authenticated(): next_page = "/login/?next=%s" % request.path return HttpResponseRedirect(next_page) if not is_admin_of(current_user, project): next_page = "/%s/" % project_name msg = "You have tried to view a restricted resource for this project. Please consider joining." messages.add_message(request, messages.WARNING, msg) return HttpResponseRedirect(next_page) # get the set of vocabularies that apply to this project/ontology/proxy... vocabularies = project.vocabularies.filter(document_type__iexact=document_type) # get (or set) customization objects from the cache... session_key = get_key_from_request(request) cached_customization_set_key = "{0}_customization_set".format(session_key) customization_set = get_or_create_cached_object(request.session, cached_customization_set_key, get_new_customization_set, **{ "project": project, "ontology": ontology, "proxy": proxy, "vocabularies": vocabularies, } ) model_customization = customization_set["model_customization"] # I am only generating the model_customization_form at this top-level # all other forms (and formsets) are genearted as needed via the "load_section" view # called by the "section" directive according to the load-on-demand paradigm model_customization_form = QModelCustomizationForm( instance=model_customization, form_name="model_customization_form", # prefix=?!?, scope_prefix="model_customization", ) # else: # request.method == "POST" # # # IN THEORY, I NEVER ENTER THIS BRANCH B/C ALL FORM SUBMISSION IS DONE VIA REST / ANGULAR # # BUT I'M KEEPING THIS CODE HERE IN-CASE I NEED TO REFER TO IT LATER # # data = request.POST.copy() # sometimes I need to alter the data for unloaded forms; # # this cannot be done on the original (immutable) QueryDict # # model_customization_form = QModelCustomizationForm( # data, # instance=customization_set["model_customization"], # # prefix=?!?, # scope_prefix="model_customization", # form_name="model_customization_form", # ) # # if model_customization_form.is_valid(): # customization = model_customization_form.save() # messages.add_message(request, messages.SUCCESS, "Successfully saved customization '%s'." % customization.name) # customize_existing_url = reverse("customize_existing", kwargs={ # "project_name": project_name, # "ontology_key": ontology_key, # "document_type": document_type, # "customizer_name": customization.name, # }) # return HttpResponseRedirect(customize_existing_url) # # else: # # messages.add_message(request, messages.ERROR, "Failed to save customization.") # work out the various paths, # so that angular can reload things as needed view_url = request.path view_url_sections = [section for section in view_url.split('/') if section] view_url_dirname = '/'.join(view_url_sections[:]) api_url = reverse("customization-list", kwargs={}) api_url_sections = [section for section in api_url.split('/') if section] api_url_dirname = '/'.join(api_url_sections[:]) # gather all the extra information required by the template _dict = { "session_key": session_key, "view_url_dirname": "/{0}/".format(view_url_dirname), "api_url_dirname": "/{0}/".format(api_url_dirname), "ontology": ontology, "proxy": proxy, "project": project, "vocabularies": vocabularies, "customization": model_customization, "model_customization_form": model_customization_form, } return render_to_response('questionnaire/q_customize.html', _dict, context_instance=context)
def q_customize_existing(request, project_name=None, ontology_key=None, document_type=None, customization_name=None): # save any request parameters... # (in case of redirection) context = add_parameters_to_context(request) # check the arguments... validity, project, ontology, proxy, msg = validate_view_arguments( project_name=project_name, ontology_key=ontology_key, document_type=document_type ) if not validity: return q_error(request, msg) # check authentication... # (not using "@login_required" b/c some projects ignore authentication) if project.authenticated: current_user = request.user if not current_user.is_authenticated(): next_page = "/login/?next=%s" % request.path return HttpResponseRedirect(next_page) if not is_admin_of(current_user, project): next_page = "/%s/" % project_name msg = "You have tried to view a restricted resource for this project. Please consider joining." messages.add_message(request, messages.WARNING, msg) return HttpResponseRedirect(next_page) # get (or set) customization objects from the cache... # note that unlike in "q_customize_new" above, this bit is enclosed in a try/catch block # this is to deal w/ the possibility of an invalid customization_name try: session_key = get_key_from_request(request) cached_customization_set_key = "{0}_customization_set".format(session_key) customization_set = get_or_create_cached_object(request.session, cached_customization_set_key, get_existing_customization_set, **{ "project": project, "ontology": ontology, "proxy": proxy, "customization_name": customization_name, } ) except ObjectDoesNotExist: msg = "Cannot find the customization '{0}' for that project/ontology/model combination.".format(customization_name) return q_error(request, msg) model_customization = customization_set["model_customization"] # I am only generating the model_customization_form at this top-level # all other forms (and formsets) are generated as needed via the "load_section" view # called by the "section" directive according to the load-on-demand paradigm model_customization_form = QModelCustomizationForm( instance=model_customization, form_name="model_customization_form", # prefix=?!?, scope_prefix="model_customization", ) # work out the various paths, # so that angular can reload things as needed view_url = request.path view_url_sections = [section for section in view_url.split('/') if section] view_url_dirname = '/'.join(view_url_sections[:-1]) api_url = reverse("customization-detail", kwargs={"pk": model_customization.pk}) api_url_sections = [section for section in api_url.split('/') if section] api_url_dirname = '/'.join(api_url_sections[:-1]) # gather all the extra information required by the template _dict = { "session_key": session_key, "view_url_dirname": "/{0}/".format(view_url_dirname), "api_url_dirname": "/{0}/".format(api_url_dirname), "ontology": ontology, "proxy": proxy, "project": project, "vocabularies": [v.vocabulary for v in customization_set["vocabulary_customizations"]], "customization": model_customization, "model_customization_form": model_customization_form, } return render_to_response('questionnaire/q_customize.html', _dict, context_instance=context)
def q_customize_new(request, project_name=None, ontology_key=None, document_type=None): # save any request parameters... # (in case of redirection) context = add_parameters_to_context(request) # check the arguments... validity, project, ontology, model_proxy, msg = validate_view_arguments( project_name=project_name, ontology_key=ontology_key, document_type=document_type ) if not validity: return q_error(request, msg) # check authentication... # (not using "@login_required" b/c some projects ignore authentication) current_user = request.user if project.authenticated: if not current_user.is_authenticated(): next_page = "/login/?next=%s" % request.path return HttpResponseRedirect(next_page) if not is_admin_of(current_user, project): next_page = "/%s/" % project_name msg = "You have tried to view a restricted resource for this project. Please consider joining." messages.add_message(request, messages.WARNING, msg) return HttpResponseRedirect(next_page) # get (or set) customization objects from the cache... session_key = get_key_from_request(request) cached_customizations_key = "{0}_customizations".format(session_key) model_customization = get_or_create_cached_object(request.session, cached_customizations_key, get_new_customizations, **{ "project": project, "ontology": ontology, "model_proxy": model_proxy, "key": model_proxy.name, } ) model_customization_key = model_customization.get_key() if current_user.is_authenticated(): set_owner(model_customization, evaluate_lazy_object(current_user)) # I generate the model_customization_form at this top-level # all other forms are generated as needed via the "load_section" view # which is called by the "section" directive according to the load-on-demand paradigm model_customization_form_class = MODEL_CUSTOMIZATION_FORM_MAP["form_class"] model_customization_form = model_customization_form_class( instance=model_customization, form_name=MODEL_CUSTOMIZATION_FORM_MAP["form_name"].format(safe_key=model_customization_key.replace('-', '_')), # prefix=?!? scope_prefix=MODEL_CUSTOMIZATION_FORM_MAP["form_scope_prefix"], ) # work out the various paths, # so that ng can reload things as needed view_url = request.path view_url_sections = [section for section in view_url.split('/') if section] view_url_dirname = '/'.join(view_url_sections[:]) api_url = reverse("customization-list", kwargs={}) api_url_sections = [section for section in api_url.split('/') if section] api_url_dirname = '/'.join(api_url_sections[:]) # gather all the extra information required by the template _dict = { "session_key": session_key, "view_url_dirname": "/{0}/".format(view_url_dirname), "api_url_dirname": "/{0}/".format(api_url_dirname), "project": project, "ontology": ontology, "proxy": model_proxy, "customization": model_customization, "form": model_customization_form, } return render_to_response('questionnaire/q_customize.html', _dict, context_instance=context)
def q_customize_new(request, project_name=None, ontology_key=None, document_type=None): # save any request parameters... # (in case of redirection) context = add_parameters_to_context(request) # check the arguments... validity, project, ontology, model_proxy, msg = validate_view_arguments( project_name=project_name, ontology_key=ontology_key, document_type=document_type ) if not validity: return q_error(request, msg) # check authentication... # (not using "@login_required" b/c some projects ignore authentication) current_user = request.user if project.authenticated: if not current_user.is_authenticated(): next_page = add_parameters_to_url(reverse("account_login"), next=request.path) return HttpResponseRedirect(next_page) if not is_admin_of(current_user, project): next_page = reverse("project", kwargs={"project_name": project_name}) msg = "You have tried to view a restricted resource for this project. Please consider joining." messages.add_message(request, messages.WARNING, msg) return HttpResponseRedirect(next_page) # get (or set) customization objects from the cache... session_key = get_key_from_request(request) cached_customizations_key = "{0}_customizations".format(session_key) model_customization = get_or_create_cached_object(request.session, cached_customizations_key, get_new_customizations, **{ "project": project, "ontology": ontology, "model_proxy": model_proxy, # "key": model_proxy.name, "key": model_proxy.key, } ) if current_user.is_authenticated(): set_owner(model_customization, evaluate_lazy_object(current_user)) # setup top-level form... # (subforms are handled by the load-on-demand paradigm) model_customization_form_class = MODEL_CUSTOMIZATION_FORM_MAP["form_class"] model_customization_form = model_customization_form_class( instance=model_customization, form_name=MODEL_CUSTOMIZATION_FORM_MAP["form_name"].format(safe_key=model_customization.key.replace('-', '_')), scope_prefix=MODEL_CUSTOMIZATION_FORM_MAP["form_scope_prefix"], # prefix=?!? ) # work out various paths, so that ng can reload things as needed... view_url_dirname = request.path.rsplit('/', 1)[0] api_url_dirname = reverse("customization-list").rsplit('/', 1)[0] # gather all the extra information required by the template... template_context = { "project": project, "ontology": ontology, "proxy": model_proxy, "view_url_dirname": view_url_dirname, "api_url_dirname": api_url_dirname, "session_key": session_key, "customization": model_customization, "form": model_customization_form, } return render_to_response('questionnaire/q_customize.html', template_context, context_instance=context)