class TaxonomySerializer(JSONAPISerializer): filterable_fields = frozenset(['text', 'parents', 'id']) id = ser.CharField(source='_id', required=True) text = ser.CharField(max_length=200) parents = JSONAPIListField(child=TaxonomyField()) child_count = ser.IntegerField() links = LinksField({ 'parents': 'get_parent_urls', 'self': 'get_absolute_url', }) def get_parent_urls(self, obj): return [p.get_absolute_url() for p in obj.parents.all()] def get_absolute_url(self, obj): return obj.get_absolute_url() class Meta: type_ = 'taxonomies'
class NodeSerializer(JSONAPISerializer): # TODO: If we have to redo this implementation in any of the other serializers, subclass ChoiceField and make it # handle blank choices properly. Currently DRF ChoiceFields ignore blank options, which is incorrect in this # instance filterable_fields = frozenset([ 'title', 'description', 'public', 'tags', 'category', 'date_created', 'date_modified', 'registration' ]) id = IDField(source='_id', read_only=True) type = TypeField() category_choices = Node.CATEGORY_MAP.keys() category_choices_string = ', '.join(["'{}'".format(choice) for choice in category_choices]) title = ser.CharField(required=True) description = ser.CharField(required=False, allow_blank=True, allow_null=True) category = ser.ChoiceField(choices=category_choices, help_text="Choices: " + category_choices_string) date_created = ser.DateTimeField(read_only=True) date_modified = ser.DateTimeField(read_only=True) registration = ser.BooleanField(read_only=True, source='is_registration') fork = ser.BooleanField(read_only=True, source='is_fork') collection = DevOnly(ser.BooleanField(read_only=True, source='is_folder')) dashboard = ser.BooleanField(read_only=True, source='is_dashboard') tags = JSONAPIListField(child=NodeTagField(), required=False) # Public is only write-able by admins--see update method public = ser.BooleanField(source='is_public', required=False, help_text='Nodes that are made public will give read-only access ' 'to everyone. Private nodes require explicit read ' 'permission. Write and admin access are the same for ' 'public and private nodes. Administrators on a parent ' 'node have implicit read permissions for all child nodes') links = LinksField({'html': 'get_absolute_url'}) # TODO: When we have osf_permissions.ADMIN permissions, make this writable for admins children = RelationshipField( related_view='nodes:node-children', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_node_count'}, ) comments = RelationshipField( related_view='nodes:node-comments', related_view_kwargs={'node_id': '<pk>'}, related_meta={'unread': 'get_unread_comments_count'}) contributors = RelationshipField( related_view='nodes:node-contributors', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_contrib_count'}, ) files = RelationshipField( related_view='nodes:node-providers', related_view_kwargs={'node_id': '<pk>'} ) forked_from = RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<forked_from_id>'} ) node_links = DevOnly(RelationshipField( related_view='nodes:node-pointers', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_pointers_count'}, )) parent = RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<parent_id>'} ) registrations = DevOnly(HideIfRegistration(RelationshipField( related_view='nodes:node-registrations', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_registration_count'} ))) logs = RelationshipField( related_view='nodes:node-logs', related_view_kwargs={'node_id': '<pk>'}, ) class Meta: type_ = 'nodes' def get_absolute_url(self, obj): return obj.absolute_url # TODO: See if we can get the count filters into the filter rather than the serializer. def get_user_auth(self, request): user = request.user if user.is_anonymous(): auth = Auth(None) else: auth = Auth(user) return auth def get_node_count(self, obj): auth = self.get_user_auth(self.context['request']) nodes = [node for node in obj.nodes if node.can_view(auth) and node.primary and not node.is_deleted] return len(nodes) def get_contrib_count(self, obj): return len(obj.contributors) def get_registration_count(self, obj): auth = self.get_user_auth(self.context['request']) registrations = [node for node in obj.node__registrations if node.can_view(auth)] return len(registrations) def get_pointers_count(self, obj): return len(obj.nodes_pointer) def get_unread_comments_count(self, obj): auth = self.get_user_auth(self.context['request']) user = auth.user return Comment.find_unread(user=user, node=obj) def create(self, validated_data): node = Node(**validated_data) try: node.save() except ValidationValueError as e: raise InvalidModelValueError(detail=e.message) return node def update(self, node, validated_data): """Update instance with the validated data. Requires the request to be in the serializer context. """ assert isinstance(node, Node), 'node must be a Node' auth = self.get_user_auth(self.context['request']) old_tags = set([tag._id for tag in node.tags]) if 'tags' in validated_data: current_tags = set(validated_data.get('tags')) del validated_data['tags'] elif self.partial: current_tags = set(old_tags) else: current_tags = set() for new_tag in (current_tags - old_tags): node.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): node.remove_tag(deleted_tag, auth=auth) if validated_data: try: node.update(validated_data, auth=auth) except ValidationValueError as e: raise InvalidModelValueError(detail=e.message) except PermissionsError: raise exceptions.PermissionDenied return node
class UserSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'full_name', 'given_name', 'middle_names', 'family_name', 'id', ]) writeable_method_fields = frozenset([ 'accepted_terms_of_service', ]) non_anonymized_fields = ['type'] id = IDField(source='_id', read_only=True) type = TypeField() full_name = ser.CharField( source='fullname', required=True, label='Full name', help_text='Display name used in the general user interface', max_length=186) given_name = ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations') middle_names = ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations') family_name = ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations') suffix = HideIfDisabled( ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations')) date_registered = HideIfDisabled(VersionedDateTimeField(read_only=True)) active = HideIfDisabled( ser.BooleanField(read_only=True, source='is_active')) timezone = HideIfDisabled( ser.CharField(required=False, help_text="User's timezone, e.g. 'Etc/UTC")) locale = HideIfDisabled( ser.CharField(required=False, help_text="User's locale, e.g. 'en_US'")) social = SocialField(required=False, min_version='2.10') employment = JSONAPIListField(required=False, source='jobs') education = JSONAPIListField(required=False, source='schools') can_view_reviews = ShowIfCurrentUser( ser.SerializerMethodField( help_text= 'Whether the current user has the `view_submissions` permission to ANY reviews provider.' )) accepted_terms_of_service = ShowIfCurrentUser(ser.SerializerMethodField()) links = HideIfDisabled( LinksField( { 'html': 'absolute_url', 'profile_image': 'profile_image_url', }, )) nodes = HideIfDisabled( RelationshipField( related_view='users:user-nodes', related_view_kwargs={'user_id': '<_id>'}, related_meta={ 'projects_in_common': 'get_projects_in_common', 'count': 'get_node_count', }, )) quickfiles = HideIfDisabled( QuickFilesRelationshipField( related_view='users:user-quickfiles', related_view_kwargs={'user_id': '<_id>'}, related_meta={'count': 'get_quickfiles_count'}, )) registrations = HideIfDisabled( RelationshipField( related_view='users:user-registrations', related_view_kwargs={'user_id': '<_id>'}, related_meta={'count': 'get_registration_count'}, )) institutions = HideIfDisabled( RelationshipField( related_view='users:user-institutions', related_view_kwargs={'user_id': '<_id>'}, self_view='users:user-institutions-relationship', self_view_kwargs={'user_id': '<_id>'}, related_meta={'count': 'get_institutions_count'}, )) preprints = HideIfDisabled( RelationshipField( related_view='users:user-preprints', related_view_kwargs={'user_id': '<_id>'}, related_meta={'count': 'get_preprint_count'}, )) emails = ShowIfCurrentUser( RelationshipField( related_view='users:user-emails', related_view_kwargs={'user_id': '<_id>'}, )) default_region = ShowIfCurrentUser( RegionRelationshipField( related_view='regions:region-detail', related_view_kwargs={'region_id': 'get_default_region_id'}, read_only=False, )) settings = ShowIfCurrentUser( RelationshipField( related_view='users:user_settings', related_view_kwargs={'user_id': '<_id>'}, read_only=True, )) class Meta: type_ = 'users' def get_projects_in_common(self, obj): user = get_user_auth(self.context['request']).user if obj == user: return user.contributor_to.count() return obj.n_projects_in_common(user) def absolute_url(self, obj): if obj is not None: return obj.absolute_url return None def get_absolute_url(self, obj): return absolute_reverse( 'users:user-detail', kwargs={ 'user_id': obj._id, 'version': self.context['request'].parser_context['kwargs']['version'], }, ) def get_node_count(self, obj): auth = get_user_auth(self.context['request']) if obj != auth.user: return default_node_list_permission_queryset( user=auth.user, model_cls=Node).filter(contributor__user__id=obj.id).count() return default_node_list_queryset(model_cls=Node).filter( contributor__user__id=obj.id).count() def get_quickfiles_count(self, obj): return QuickFilesNode.objects.get( contributor__user__id=obj.id).files.filter( type='osf.osfstoragefile').count() def get_registration_count(self, obj): auth = get_user_auth(self.context['request']) user_registration = default_node_list_queryset( model_cls=Registration).filter(contributor__user__id=obj.id) return user_registration.can_view( user=auth.user, private_link=auth.private_link).count() def get_preprint_count(self, obj): auth_user = get_user_auth(self.context['request']).user user_preprints_query = Preprint.objects.filter( _contributors__guids___id=obj._id).exclude(machine_state='initial') return Preprint.objects.can_view(user_preprints_query, auth_user, allow_contribs=False).count() def get_institutions_count(self, obj): return obj.affiliated_institutions.count() def get_can_view_reviews(self, obj): group_qs = AbstractProviderGroupObjectPermission.objects.filter( group__user=obj, permission__codename='view_submissions') return group_qs.exists( ) or obj.abstractprovideruserobjectpermission_set.filter( permission__codename='view_submissions') def get_default_region_id(self, obj): try: # use the annotated value if possible region_id = obj.default_region except AttributeError: # use computed property if region annotation does not exist region_id = obj.osfstorage_region._id return region_id def get_accepted_terms_of_service(self, obj): return bool(obj.accepted_terms_of_service) def profile_image_url(self, user): size = self.context['request'].query_params.get('profile_image_size') return user.profile_image_url(size=size) def validate_employment(self, value): validate_user_json(value, 'employment-schema.json') return value def validate_education(self, value): validate_user_json(value, 'education-schema.json') return value def validate_social(self, value): schema = from_json('social-schema.json') try: jsonschema.validate(value, schema) except jsonschema.ValidationError as e: raise InvalidModelValueError(e) return value def update(self, instance, validated_data): assert isinstance(instance, OSFUser), 'instance must be a User' for attr, value in validated_data.items(): if 'social' == attr: for key, val in value.items(): instance.social[key] = val elif 'accepted_terms_of_service' == attr: if value and not instance.accepted_terms_of_service: instance.accepted_terms_of_service = timezone.now() elif 'region_id' == attr: region_id = validated_data.get('region_id') user_settings = instance._settings_model( 'osfstorage').objects.get(owner=instance) user_settings.default_region_id = region_id user_settings.save() instance.default_region = self.context['request'].data[ 'default_region'] else: setattr(instance, attr, value) try: instance.save() except ValidationValueError as e: raise InvalidModelValueError(detail=e.message) except ValidationError as e: raise InvalidModelValueError(e) return instance
class NodeSerializer(JSONAPISerializer): # TODO: If we have to redo this implementation in any of the other serializers, subclass ChoiceField and make it # handle blank choices properly. Currently DRF ChoiceFields ignore blank options, which is incorrect in this # instance filterable_fields = frozenset([ 'id', 'title', 'description', 'public', 'tags', 'category', 'date_created', 'date_modified', 'root', 'parent', 'contributors', 'preprint' ]) non_anonymized_fields = [ 'id', 'title', 'description', 'category', 'date_created', 'date_modified', 'registration', 'tags', 'public', 'license', 'links', 'children', 'comments', 'contributors', 'files', 'node_links', 'parent', 'root', 'logs', 'wikis' ] id = IDField(source='_id', read_only=True) type = TypeField() category_choices = settings.NODE_CATEGORY_MAP.items() category_choices_string = ', '.join( ["'{}'".format(choice[0]) for choice in category_choices]) title = ser.CharField(required=True) description = ser.CharField(required=False, allow_blank=True, allow_null=True) category = ser.ChoiceField(choices=category_choices, help_text='Choices: ' + category_choices_string) date_created = ser.DateTimeField(read_only=True) date_modified = ser.DateTimeField(read_only=True) registration = ser.BooleanField(read_only=True, source='is_registration') preprint = ser.BooleanField(read_only=True, source='is_preprint') fork = ser.BooleanField(read_only=True, source='is_fork') collection = ser.BooleanField(read_only=True, source='is_collection') tags = JSONAPIListField(child=NodeTagField(), required=False) node_license = NodeLicenseSerializer(read_only=True, required=False) template_from = ser.CharField( required=False, allow_blank=False, allow_null=False, help_text= 'Specify a node id for a node you would like to use as a template for the ' 'new node. Templating is like forking, except that you do not copy the ' 'files, only the project structure. Some information is changed on the top ' 'level project by submitting the appropriate fields in the request body, ' 'and some information will not change. By default, the description will ' 'be cleared and the project will be made private.') current_user_can_comment = ser.SerializerMethodField( help_text='Whether the current user is allowed to post comments') current_user_permissions = ser.SerializerMethodField( help_text='List of strings representing the permissions ' 'for the current user on this node.') # Public is only write-able by admins--see update method public = ser.BooleanField( source='is_public', required=False, help_text='Nodes that are made public will give read-only access ' 'to everyone. Private nodes require explicit read ' 'permission. Write and admin access are the same for ' 'public and private nodes. Administrators on a parent ' 'node have implicit read permissions for all child nodes') links = LinksField({'html': 'get_absolute_html_url'}) # TODO: When we have osf_permissions.ADMIN permissions, make this writable for admins license = RelationshipField( related_view='licenses:license-detail', related_view_kwargs={'license_id': '<node_license.node_license._id>'}, ) children = RelationshipField( related_view='nodes:node-children', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_node_count'}, ) comments = RelationshipField( related_view='nodes:node-comments', related_view_kwargs={'node_id': '<pk>'}, related_meta={'unread': 'get_unread_comments_count'}, filter={'target': '<pk>'}) contributors = RelationshipField( related_view='nodes:node-contributors', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_contrib_count'}, ) files = RelationshipField(related_view='nodes:node-providers', related_view_kwargs={'node_id': '<pk>'}) wikis = RelationshipField(related_view='nodes:node-wikis', related_view_kwargs={'node_id': '<pk>'}) forked_from = RelationshipField( related_view=lambda n: 'registrations:registration-detail' if getattr(n, 'is_registration', False) else 'nodes:node-detail', related_view_kwargs={'node_id': '<forked_from_id>'}) template_node = RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<template_node._id>'}) forks = RelationshipField(related_view='nodes:node-forks', related_view_kwargs={'node_id': '<pk>'}) node_links = RelationshipField( related_view='nodes:node-pointers', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_pointers_count'}, ) parent = RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<parent_node._id>'}, filter_key='parent_node') draft_registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-draft-registrations', related_view_kwargs={'node_id': '<pk>'})) registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-registrations', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_registration_count'})) affiliated_institutions = RelationshipField( related_view='nodes:node-institutions', related_view_kwargs={'node_id': '<pk>'}, self_view='nodes:node-relationships-institutions', self_view_kwargs={'node_id': '<pk>'}) root = RelationshipField(related_view='nodes:node-detail', related_view_kwargs={'node_id': '<root._id>'}) logs = RelationshipField(related_view='nodes:node-logs', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_logs_count'}) linked_nodes = RelationshipField( related_view='nodes:linked-nodes', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_node_links_count'}, self_view='nodes:node-pointer-relationship', self_view_kwargs={'node_id': '<pk>'}, self_meta={'count': 'get_node_links_count'}) view_only_links = RelationshipField( related_view='nodes:node-view-only-links', related_view_kwargs={'node_id': '<pk>'}, ) def get_current_user_permissions(self, obj): user = self.context['request'].user if user.is_anonymous(): return ['read'] permissions = obj.get_permissions(user=user) if not permissions: permissions = ['read'] return permissions def get_current_user_can_comment(self, obj): user = self.context['request'].user auth = Auth(user if not user.is_anonymous() else None) return obj.can_comment(auth) class Meta: type_ = 'nodes' def get_absolute_url(self, obj): return obj.get_absolute_url() # TODO: See if we can get the count filters into the filter rather than the serializer. def get_logs_count(self, obj): return len(obj.logs) def get_node_count(self, obj): auth = get_user_auth(self.context['request']) nodes = [ node for node in obj.nodes if node.can_view(auth) and node.primary and not node.is_deleted ] return len(nodes) def get_contrib_count(self, obj): return len(obj.contributors) def get_registration_count(self, obj): auth = get_user_auth(self.context['request']) registrations = [ node for node in obj.registrations_all if node.can_view(auth) ] return len(registrations) def get_pointers_count(self, obj): return len(obj.nodes_pointer) def get_node_links_count(self, obj): count = 0 auth = get_user_auth(self.context['request']) for pointer in obj.nodes_pointer: if not pointer.node.is_deleted and not pointer.node.is_collection and pointer.node.can_view( auth): count += 1 return count def get_unread_comments_count(self, obj): user = get_user_auth(self.context['request']).user node_comments = Comment.find_n_unread(user=user, node=obj, page='node') return {'node': node_comments} def create(self, validated_data): request = self.context['request'] user = request.user if 'template_from' in validated_data: template_from = validated_data.pop('template_from') template_node = Node.load(key=template_from) if template_node is None: raise exceptions.NotFound if not template_node.has_permission( user, 'read', check_parent=False): raise exceptions.PermissionDenied validated_data.pop('creator') changed_data = {template_from: validated_data} node = template_node.use_as_template(auth=get_user_auth(request), changes=changed_data) else: node = Node(**validated_data) try: node.save() except ValidationValueError as e: raise InvalidModelValueError(detail=e.message) if is_truthy(request.GET.get('inherit_contributors') ) and validated_data['parent'].has_permission( user, 'write'): auth = get_user_auth(request) parent = validated_data['parent'] contributors = [] for contributor in parent.contributors: if contributor is not user: contributors.append({ 'user': contributor, 'permissions': parent.get_permissions(contributor), 'visible': parent.get_visible(contributor) }) node.add_contributors(contributors, auth=auth, log=True, save=True) return node def update(self, node, validated_data): """Update instance with the validated data. Requires the request to be in the serializer context. """ assert isinstance(node, Node), 'node must be a Node' auth = get_user_auth(self.context['request']) old_tags = set([tag._id for tag in node.tags]) if 'tags' in validated_data: current_tags = set(validated_data.pop('tags', [])) elif self.partial: current_tags = set(old_tags) else: current_tags = set() for new_tag in (current_tags - old_tags): node.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): node.remove_tag(deleted_tag, auth=auth) if validated_data: try: node.update(validated_data, auth=auth) except ValidationValueError as e: raise InvalidModelValueError(detail=e.message) except PermissionsError: raise exceptions.PermissionDenied except NodeUpdateError as e: raise exceptions.ValidationError(detail=e.reason) except NodeStateError as e: raise InvalidModelValueError(detail=e.message) return node
class BaseFileSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'id', 'name', 'kind', 'path', 'materialized_path', 'size', 'provider', 'last_touched', 'tags', ]) id = IDField(source='_id', read_only=True) type = TypeField() guid = ser.SerializerMethodField( read_only=True, method_name='get_file_guid', help_text='OSF GUID for this file (if one has been assigned)', ) checkout = CheckoutField() name = ser.CharField( read_only=True, help_text='Display name used in the general user interface') kind = ser.CharField(read_only=True, help_text='Either folder or file') path = ser.CharField( read_only=True, help_text='The unique path used to reference this object') size = ser.SerializerMethodField( read_only=True, help_text='The size of this file at this version') provider = ser.CharField( read_only=True, help_text='The Add-on service this file originates from') materialized_path = ser.CharField( read_only=True, help_text= 'The Unix-style path of this object relative to the provider root', ) last_touched = VersionedDateTimeField( read_only=True, help_text= 'The last time this file had information fetched about it via the OSF') date_modified = ser.SerializerMethodField( read_only=True, help_text='Timestamp when the file was last modified') date_created = ser.SerializerMethodField( read_only=True, help_text='Timestamp when the file was created') extra = ser.SerializerMethodField( read_only=True, help_text='Additional metadata about this file') tags = JSONAPIListField(child=FileTagField(), required=False) current_user_can_comment = ser.SerializerMethodField( help_text='Whether the current user is allowed to post comments') current_version = ser.IntegerField(help_text='Latest file version', read_only=True, source='current_version_number') delete_allowed = ser.BooleanField(read_only=True, required=False) parent_folder = RelationshipField( related_view='files:file-detail', related_view_kwargs={'file_id': '<parent._id>'}, help_text='The folder in which this file exists', ) files = NodeFileHyperLinkField( related_view=lambda node: disambiguate_files_related_view(node), view_lambda_argument='target', related_view_kwargs=lambda filenode: disambiguate_files_related_view_kwargs(filenode), kind='folder', ) versions = NodeFileHyperLinkField( related_view='files:file-versions', related_view_kwargs={'file_id': '<_id>'}, kind='file', ) comments = HideIfPreprint( FileRelationshipField( related_view='nodes:node-comments', related_view_kwargs={'node_id': '<target._id>'}, related_meta={'unread': 'get_unread_comments_count'}, filter={'target': 'get_file_guid'}, )) metadata_records = FileRelationshipField( related_view='files:metadata-records', related_view_kwargs={'file_id': '<_id>'}, ) links = LinksField({ 'info': Link('files:file-detail', kwargs={'file_id': '<_id>'}), 'move': WaterbutlerLink(), 'upload': WaterbutlerLink(), 'delete': WaterbutlerLink(), 'download': 'get_download_link', 'render': 'get_render_link', 'html': 'absolute_url', 'new_folder': WaterbutlerLink(must_be_folder=True, kind='folder'), }) def absolute_url(self, obj): if obj.is_file: return furl.furl(settings.DOMAIN).set( path=(obj.target._id, 'files', obj.provider, obj.path.lstrip('/')), ).url def get_download_link(self, obj): if obj.is_file: return get_file_download_link( obj, view_only=self.context['request'].query_params.get( 'view_only')) def get_render_link(self, obj): if obj.is_file: mfr_url = get_mfr_url(obj.target, obj.provider) download_url = self.get_download_link(obj) return get_file_render_link(mfr_url, download_url) class Meta: type_ = 'files' def get_size(self, obj): if obj.versions.exists(): self.size = obj.versions.first().size return self.size return None def get_date_modified(self, obj): mod_dt = None if obj.provider == 'osfstorage' and obj.versions.exists(): # Each time an osfstorage file is added or uploaded, a new version object is created with its # date_created equal to the time of the update. The external_modified is the modified date # from the backend the file is stored on. This field refers to the modified date on osfstorage, # so prefer to use the created of the latest version. mod_dt = obj.versions.first().created elif obj.provider != 'osfstorage' and obj.history: mod_dt = obj.history[-1].get('modified', None) if self.context['request'].version >= '2.2' and obj.is_file and mod_dt: return datetime.strftime(mod_dt, '%Y-%m-%dT%H:%M:%S.%fZ') return mod_dt and mod_dt.replace(tzinfo=pytz.utc) def get_date_created(self, obj): creat_dt = None if obj.provider == 'osfstorage' and obj.versions.exists(): creat_dt = obj.versions.last().created elif obj.provider != 'osfstorage' and obj.history: # Non-osfstorage files don't store a created date, so instead get the modified date of the # earliest entry in the file history. creat_dt = obj.history[0].get('modified', None) if self.context[ 'request'].version >= '2.2' and obj.is_file and creat_dt: return datetime.strftime(creat_dt, '%Y-%m-%dT%H:%M:%S.%fZ') return creat_dt and creat_dt.replace(tzinfo=pytz.utc) def get_extra(self, obj): metadata = {} if obj.provider == 'osfstorage' and obj.versions.exists(): metadata = obj.versions.first().metadata elif obj.provider != 'osfstorage' and obj.history: metadata = obj.history[-1].get('extra', {}) extras = {} extras['hashes'] = { # mimic waterbutler response 'md5': metadata.get('md5', None), 'sha256': metadata.get('sha256', None), } if obj.provider == 'osfstorage' and obj.is_file: extras['downloads'] = obj.get_download_count() return extras def get_current_user_can_comment(self, obj): user = self.context['request'].user auth = Auth(user if not user.is_anonymous else None) if isinstance(obj.target, AbstractNode): return obj.target.can_comment(auth) return False def get_unread_comments_count(self, obj): user = self.context['request'].user if user.is_anonymous: return 0 return Comment.find_n_unread(user=user, node=obj.target, page='files', root_id=obj.get_guid()._id) def user_id(self, obj): # NOTE: obj is the user here, the meta field for # Hyperlinks is weird if obj: return obj._id return None def update(self, instance, validated_data): assert isinstance(instance, BaseFileNode), 'Instance must be a BaseFileNode' if instance.provider != 'osfstorage' and 'tags' in validated_data: raise Conflict( 'File service provider {} does not support tags on the OSF.'. format(instance.provider)) auth = get_user_auth(self.context['request']) old_tags = set(instance.tags.values_list('name', flat=True)) if 'tags' in validated_data: current_tags = set(validated_data.pop('tags', [])) else: current_tags = set(old_tags) for new_tag in (current_tags - old_tags): instance.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): instance.remove_tag(deleted_tag, auth=auth) for attr, value in validated_data.items(): if attr == 'checkout': user = self.context['request'].user instance.check_in_or_out(user, value) else: setattr(instance, attr, value) instance.save() return instance def is_valid(self, **kwargs): return super(BaseFileSerializer, self).is_valid(clean_html=False, **kwargs) def get_file_guid(self, obj): if obj: guid = obj.get_guid() if guid: return guid._id return None def get_absolute_url(self, obj): return api_v2_url('files/{}/'.format(obj._id))
class PreprintSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'id', 'date_created', 'date_modified', 'date_published', 'provider', 'is_published', ]) id = IDField(source='_id', read_only=True) subjects = JSONAPIListField(child=JSONAPIListField(child=TaxonomyField()), allow_null=True, required=False) date_created = DateByVersion(read_only=True) date_modified = DateByVersion(read_only=True) date_published = DateByVersion(read_only=True) doi = ser.CharField(source='article_doi', required=False, allow_null=True) is_published = ser.BooleanField(required=False) is_preprint_orphan = ser.BooleanField(read_only=True) license_record = NodeLicenseSerializer(required=False, source='license') node = NodeRelationshipField(related_view='nodes:node-detail', related_view_kwargs={'node_id': '<node._id>'}, read_only=False) license = PreprintLicenseRelationshipField( related_view='licenses:license-detail', related_view_kwargs={'license_id': '<license.node_license._id>'}, read_only=False) provider = PreprintProviderRelationshipField( related_view='preprint_providers:preprint_provider-detail', related_view_kwargs={'provider_id': '<provider._id>'}, read_only=False) primary_file = PrimaryFileRelationshipField( related_view='files:file-detail', related_view_kwargs={'file_id': '<primary_file._id>'}, lookup_url_kwarg='file_id', read_only=False) links = LinksField({ 'self': 'get_preprint_url', 'html': 'get_absolute_html_url', 'doi': 'get_doi_url' }) class Meta: type_ = 'preprints' def get_preprint_url(self, obj): return absolute_reverse( 'preprints:preprint-detail', kwargs={ 'preprint_id': obj._id, 'version': self.context['request'].parser_context['kwargs']['version'] }) def get_absolute_url(self, obj): return self.get_preprint_url(obj) def get_doi_url(self, obj): return 'https://dx.doi.org/{}'.format( obj.article_doi) if obj.article_doi else None def update(self, preprint, validated_data): assert isinstance( preprint, PreprintService), 'You must specify a valid preprint to be updated' assert isinstance( preprint.node, Node ), 'You must specify a preprint with a valid node to be updated.' auth = get_user_auth(self.context['request']) if not preprint.node.has_permission(auth.user, 'admin'): raise exceptions.PermissionDenied( detail='User must be an admin to update a preprint.') save_node = False save_preprint = False recently_published = False primary_file = validated_data.pop('primary_file', None) if primary_file: self.set_field(preprint.set_primary_file, primary_file, auth) save_node = True if 'subjects' in validated_data: subjects = validated_data.pop('subjects', None) self.set_field(preprint.set_subjects, subjects, auth) save_preprint = True if 'article_doi' in validated_data: preprint.node.preprint_article_doi = validated_data['article_doi'] save_node = True published = validated_data.pop('is_published', None) if published is not None: self.set_field(preprint.set_published, published, auth) save_preprint = True recently_published = published if 'license_type' in validated_data or 'license' in validated_data: license_details = get_license_details(preprint, validated_data) self.set_field(preprint.set_preprint_license, license_details, auth) save_preprint = True if save_node: try: preprint.node.save() except ValidationValueError as e: # Raised from invalid DOI raise exceptions.ValidationError(detail=e.message) if save_preprint: preprint.save() # Send preprint confirmation email signal to new authors on preprint! -- only when published # TODO: Some more thought might be required on this; preprints made from existing # nodes will send emails making it seem like a new node. if recently_published: for author in preprint.node.contributors: if author != auth.user: project_signals.contributor_added.send( preprint.node, contributor=author, auth=auth, email_template='preprint') return preprint def set_field(self, func, val, auth, save=False): try: func(val, auth, save=save) except PermissionsError as e: raise exceptions.PermissionDenied(detail=e.message) except ValueError as e: raise exceptions.ValidationError(detail=e.message) except NodeStateError as e: raise exceptions.ValidationError(detail=e.message)
class NodeSerializer(JSONAPISerializer): # TODO: If we have to redo this implementation in any of the other serializers, subclass ChoiceField and make it # handle blank choices properly. Currently DRF ChoiceFields ignore blank options, which is incorrect in this # instance filterable_fields = frozenset([ 'id', 'title', 'description', 'public', 'tags', 'category', 'date_created', 'date_modified', 'root', 'parent', 'contributors', 'preprint' ]) non_anonymized_fields = [ 'id', 'title', 'description', 'category', 'date_created', 'date_modified', 'registration', 'tags', 'public', 'license', 'links', 'children', 'comments', 'contributors', 'files', 'node_links', 'parent', 'root', 'logs', 'wikis' ] id = IDField(source='_id', read_only=True) type = TypeField() category_choices = settings.NODE_CATEGORY_MAP.items() category_choices_string = ', '.join( ["'{}'".format(choice[0]) for choice in category_choices]) title = ser.CharField(required=True) description = ser.CharField(required=False, allow_blank=True, allow_null=True) category = ser.ChoiceField(choices=category_choices, help_text='Choices: ' + category_choices_string) date_created = DateByVersion(source='created', read_only=True) date_modified = DateByVersion(source='last_logged', read_only=True) registration = ser.BooleanField(read_only=True, source='is_registration') preprint = ser.BooleanField(read_only=True, source='is_preprint') fork = ser.BooleanField(read_only=True, source='is_fork') collection = ser.BooleanField(read_only=True, source='is_collection') tags = JSONAPIListField(child=NodeTagField(), required=False) node_license = NodeLicenseSerializer(required=False, source='license') template_from = ser.CharField( required=False, allow_blank=False, allow_null=False, help_text= 'Specify a node id for a node you would like to use as a template for the ' 'new node. Templating is like forking, except that you do not copy the ' 'files, only the project structure. Some information is changed on the top ' 'level project by submitting the appropriate fields in the request body, ' 'and some information will not change. By default, the description will ' 'be cleared and the project will be made private.') current_user_can_comment = ser.SerializerMethodField( help_text='Whether the current user is allowed to post comments') current_user_permissions = ser.SerializerMethodField( help_text='List of strings representing the permissions ' 'for the current user on this node.') # Public is only write-able by admins--see update method public = ser.BooleanField( source='is_public', required=False, help_text='Nodes that are made public will give read-only access ' 'to everyone. Private nodes require explicit read ' 'permission. Write and admin access are the same for ' 'public and private nodes. Administrators on a parent ' 'node have implicit read permissions for all child nodes') links = LinksField({'html': 'get_absolute_html_url'}) # TODO: When we have osf_permissions.ADMIN permissions, make this writable for admins license = NodeLicenseRelationshipField( related_view='licenses:license-detail', related_view_kwargs={'license_id': '<license.node_license._id>'}, read_only=False) children = RelationshipField( related_view='nodes:node-children', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_node_count'}, ) comments = RelationshipField( related_view='nodes:node-comments', related_view_kwargs={'node_id': '<_id>'}, related_meta={'unread': 'get_unread_comments_count'}, filter={'target': '<_id>'}) contributors = RelationshipField( related_view='nodes:node-contributors', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_contrib_count'}, ) files = RelationshipField(related_view='nodes:node-providers', related_view_kwargs={'node_id': '<_id>'}) wikis = RelationshipField(related_view='nodes:node-wikis', related_view_kwargs={'node_id': '<_id>'}) forked_from = RelationshipField( related_view=lambda n: 'registrations:registration-detail' if getattr(n, 'is_registration', False) else 'nodes:node-detail', related_view_kwargs={'node_id': '<forked_from_guid>'}) template_node = RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<template_node._id>'}) forks = RelationshipField(related_view='nodes:node-forks', related_view_kwargs={'node_id': '<_id>'}) node_links = ShowIfVersion(RelationshipField( related_view='nodes:node-pointers', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_pointers_count'}, help_text= 'This feature is deprecated as of version 2.1. Use linked_nodes instead.' ), min_version='2.0', max_version='2.0') parent = RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<parent_node._id>'}, filter_key='parent_node') identifiers = RelationshipField(related_view='nodes:identifier-list', related_view_kwargs={'node_id': '<_id>'}) draft_registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-draft-registrations', related_view_kwargs={'node_id': '<_id>'})) registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-registrations', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_registration_count'})) affiliated_institutions = RelationshipField( related_view='nodes:node-institutions', related_view_kwargs={'node_id': '<_id>'}, self_view='nodes:node-relationships-institutions', self_view_kwargs={'node_id': '<_id>'}) root = RelationshipField(related_view='nodes:node-detail', related_view_kwargs={'node_id': '<root._id>'}) logs = RelationshipField(related_view='nodes:node-logs', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_logs_count'}) linked_nodes = RelationshipField( related_view='nodes:linked-nodes', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_node_links_count'}, self_view='nodes:node-pointer-relationship', self_view_kwargs={'node_id': '<_id>'}, self_meta={'count': 'get_node_links_count'}) linked_registrations = RelationshipField( related_view='nodes:linked-registrations', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_registration_links_count'}, self_view='nodes:node-registration-pointer-relationship', self_view_kwargs={'node_id': '<_id>'}, self_meta={'count': 'get_node_links_count'}) view_only_links = RelationshipField( related_view='nodes:node-view-only-links', related_view_kwargs={'node_id': '<_id>'}, ) citation = RelationshipField(related_view='nodes:node-citation', related_view_kwargs={'node_id': '<_id>'}) preprints = HideIfRegistration( RelationshipField(related_view='nodes:node-preprints', related_view_kwargs={'node_id': '<_id>'})) def get_current_user_permissions(self, obj): user = self.context['request'].user if user.is_anonymous: return ['read'] permissions = obj.get_permissions(user=user) if not permissions: permissions = ['read'] return permissions def get_current_user_can_comment(self, obj): user = self.context['request'].user auth = Auth(user if not user.is_anonymous else None) return obj.can_comment(auth) class Meta: type_ = 'nodes' def get_absolute_url(self, obj): return obj.get_absolute_url() # TODO: See if we can get the count filters into the filter rather than the serializer. def get_logs_count(self, obj): return obj.logs.count() def get_node_count(self, obj): auth = get_user_auth(self.context['request']) user_id = getattr(auth.user, 'id', None) with connection.cursor() as cursor: cursor.execute( ''' WITH RECURSIVE parents AS ( SELECT parent_id, child_id FROM osf_noderelation WHERE child_id = %s AND is_node_link IS FALSE UNION ALL SELECT osf_noderelation.parent_id, parents.parent_id AS child_id FROM parents JOIN osf_noderelation ON parents.PARENT_ID = osf_noderelation.child_id WHERE osf_noderelation.is_node_link IS FALSE ), has_admin AS (SELECT * FROM osf_contributor WHERE (node_id IN (SELECT parent_id FROM parents) OR node_id = %s) AND user_id = %s AND admin IS TRUE LIMIT 1) SELECT DISTINCT COUNT(child_id) FROM osf_noderelation JOIN osf_abstractnode ON osf_noderelation.child_id = osf_abstractnode.id JOIN osf_contributor ON osf_abstractnode.id = osf_contributor.node_id LEFT JOIN osf_privatelink_nodes ON osf_abstractnode.id = osf_privatelink_nodes.abstractnode_id LEFT JOIN osf_privatelink ON osf_privatelink_nodes.privatelink_id = osf_privatelink.id WHERE parent_id = %s AND is_node_link IS FALSE AND osf_abstractnode.is_deleted IS FALSE AND ( osf_abstractnode.is_public OR (TRUE IN (SELECT TRUE FROM has_admin)) OR (osf_contributor.user_id = %s AND osf_contributor.read IS TRUE) OR (osf_privatelink.key = %s AND osf_privatelink.is_deleted = FALSE) ); ''', [obj.id, obj.id, user_id, obj.id, user_id, auth.private_key]) return int(cursor.fetchone()[0]) def get_contrib_count(self, obj): return len(obj.contributors) def get_registration_count(self, obj): auth = get_user_auth(self.context['request']) registrations = [ node for node in obj.registrations_all if node.can_view(auth) ] return len(registrations) def get_pointers_count(self, obj): return obj.linked_nodes.count() def get_node_links_count(self, obj): count = 0 auth = get_user_auth(self.context['request']) for pointer in obj.linked_nodes.filter(is_deleted=False).exclude( type='osf.collection').exclude(type='osf.registration'): if pointer.can_view(auth): count += 1 return count def get_registration_links_count(self, obj): count = 0 auth = get_user_auth(self.context['request']) for pointer in obj.linked_nodes.filter( is_deleted=False, type='osf.registration').exclude(type='osf.collection'): if pointer.can_view(auth): count += 1 return count def get_unread_comments_count(self, obj): user = get_user_auth(self.context['request']).user node_comments = Comment.find_n_unread(user=user, node=obj, page='node') return {'node': node_comments} def create(self, validated_data): request = self.context['request'] user = request.user Node = apps.get_model('osf.Node') tag_instances = [] if 'tags' in validated_data: tags = validated_data.pop('tags') for tag in tags: tag_instance, created = Tag.objects.get_or_create( name=tag, defaults=dict(system=False)) tag_instances.append(tag_instance) if 'template_from' in validated_data: template_from = validated_data.pop('template_from') template_node = Node.load(template_from) if template_node is None: raise exceptions.NotFound if not template_node.has_permission( user, 'read', check_parent=False): raise exceptions.PermissionDenied validated_data.pop('creator') changed_data = {template_from: validated_data} node = template_node.use_as_template(auth=get_user_auth(request), changes=changed_data) else: node = Node(**validated_data) try: node.save() except ValidationError as e: raise InvalidModelValueError(detail=e.messages[0]) if len(tag_instances): for tag in tag_instances: node.tags.add(tag) if is_truthy(request.GET.get('inherit_contributors') ) and validated_data['parent'].has_permission( user, 'write'): auth = get_user_auth(request) parent = validated_data['parent'] contributors = [] for contributor in parent.contributor_set.exclude(user=user): contributors.append({ 'user': contributor.user, 'permissions': parent.get_permissions(contributor.user), 'visible': contributor.visible }) if not contributor.user.is_registered: node.add_unregistered_contributor( fullname=contributor.user.fullname, email=contributor.user.email, auth=auth, permissions=parent.get_permissions(contributor.user), existing_user=contributor.user) node.add_contributors(contributors, auth=auth, log=True, save=True) return node def update(self, node, validated_data): """Update instance with the validated data. Requires the request to be in the serializer context. """ assert isinstance(node, AbstractNode), 'node must be a Node' auth = get_user_auth(self.context['request']) # Update tags if 'tags' in validated_data: new_tags = set(validated_data.pop('tags', [])) node.update_tags(new_tags, auth=auth) if validated_data: if 'license_type' in validated_data or 'license' in validated_data: license_details = get_license_details(node, validated_data) validated_data['node_license'] = license_details try: node.update(validated_data, auth=auth) except ValidationError as e: raise InvalidModelValueError(detail=e.message) except PermissionsError: raise exceptions.PermissionDenied except NodeUpdateError as e: raise exceptions.ValidationError(detail=e.reason) except NodeStateError as e: raise InvalidModelValueError(detail=e.message) return node
class BaseRegistrationSerializer(NodeSerializer): title = ser.CharField(read_only=True) description = ser.CharField(read_only=True) category_choices = NodeSerializer.category_choices category_choices_string = NodeSerializer.category_choices_string category = HideIfWithdrawal( ser.ChoiceField(read_only=True, choices=category_choices, help_text='Choices: ' + category_choices_string)) date_modified = VersionedDateTimeField(source='last_logged', read_only=True) fork = HideIfWithdrawal(ser.BooleanField(read_only=True, source='is_fork')) collection = HideIfWithdrawal( ser.BooleanField(read_only=True, source='is_collection')) access_requests_enabled = HideIfWithdrawal( ser.BooleanField(read_only=True)) node_license = HideIfWithdrawal(NodeLicenseSerializer(read_only=True)) tags = HideIfWithdrawal( JSONAPIListField(child=NodeTagField(), required=False)) public = HideIfWithdrawal( ser.BooleanField( source='is_public', required=False, help_text='Nodes that are made public will give read-only access ' 'to everyone. Private nodes require explicit read ' 'permission. Write and admin access are the same for ' 'public and private nodes. Administrators on a parent ' 'node have implicit read permissions for all child nodes')) current_user_permissions = HideIfWithdrawal( ser.SerializerMethodField( help_text='List of strings representing the permissions ' 'for the current user on this node.')) pending_embargo_approval = HideIfWithdrawal( ser.BooleanField( read_only=True, source='is_pending_embargo', help_text= 'The associated Embargo is awaiting approval by project admins.')) pending_registration_approval = HideIfWithdrawal( ser.BooleanField( source='is_pending_registration', read_only=True, help_text= 'The associated RegistrationApproval is awaiting approval by project admins.' )) pending_withdrawal = HideIfWithdrawal( ser.BooleanField( source='is_pending_retraction', read_only=True, help_text= 'The registration is awaiting withdrawal approval by project admins.' )) withdrawn = ser.BooleanField( source='is_retracted', read_only=True, help_text='The registration has been withdrawn.') date_registered = VersionedDateTimeField( source='registered_date', read_only=True, help_text='Date time of registration.') date_withdrawn = VersionedDateTimeField( source='retraction.date_retracted', read_only=True, help_text='Date time of when this registration was retracted.') embargo_end_date = HideIfWithdrawal( ser.SerializerMethodField( help_text='When the embargo on this registration will be lifted.')) withdrawal_justification = ser.CharField(source='retraction.justification', read_only=True) template_from = HideIfWithdrawal( ser.CharField( read_only=True, allow_blank=False, allow_null=False, help_text= 'Specify a node id for a node you would like to use as a template for the ' 'new node. Templating is like forking, except that you do not copy the ' 'files, only the project structure. Some information is changed on the top ' 'level project by submitting the appropriate fields in the request body, ' 'and some information will not change. By default, the description will ' 'be cleared and the project will be made private.')) registration_supplement = ser.SerializerMethodField() registered_meta = HideIfWithdrawal( ser.SerializerMethodField( help_text= 'A dictionary with supplemental registration questions and responses.' )) registered_by = HideIfWithdrawal( RelationshipField( related_view='users:user-detail', related_view_kwargs={'user_id': '<registered_user._id>'})) registered_from = HideIfWithdrawal( RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<registered_from._id>'})) children = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-children', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_node_count'}, )) comments = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-comments', related_view_kwargs={'node_id': '<_id>'}, related_meta={'unread': 'get_unread_comments_count'}, filter={'target': '<_id>'})) contributors = RelationshipField( related_view='registrations:registration-contributors', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_contrib_count'}) implicit_contributors = RelationshipField( related_view='registrations:registration-implicit-contributors', related_view_kwargs={'node_id': '<_id>'}, help_text= 'This feature is experimental and being tested. It may be deprecated.') files = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-providers', related_view_kwargs={'node_id': '<_id>'})) wikis = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-wikis', related_view_kwargs={'node_id': '<_id>'}, )) forked_from = HideIfWithdrawal( RelationshipField( related_view=lambda n: 'registrations:registration-detail' if getattr(n, 'is_registration', False) else 'nodes:node-detail', related_view_kwargs={'node_id': '<forked_from_id>'})) template_node = HideIfWithdrawal( RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<template_node._id>'})) license = HideIfWithdrawal( RelationshipField( related_view='licenses:license-detail', related_view_kwargs={ 'license_id': '<node_license.node_license._id>' }, )) logs = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-logs', related_view_kwargs={'node_id': '<_id>'}, )) forks = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-forks', related_view_kwargs={'node_id': '<_id>'})) node_links = ShowIfVersion(HideIfWithdrawal( RelationshipField( related_view='registrations:registration-pointers', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_pointers_count'}, help_text= 'This feature is deprecated as of version 2.1. Use linked_nodes instead.' )), min_version='2.0', max_version='2.0') parent = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-detail', related_view_kwargs={'node_id': '<parent_node._id>'}, filter_key='parent_node')) root = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-detail', related_view_kwargs={'node_id': '<root._id>'})) affiliated_institutions = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-institutions', related_view_kwargs={'node_id': '<_id>'})) registration_schema = RelationshipField( related_view='metaschemas:metaschema-detail', related_view_kwargs={'metaschema_id': '<registered_schema_id>'}) registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-registrations', related_view_kwargs={'node_id': '<_id>'})) draft_registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-draft-registrations', related_view_kwargs={'node_id': '<_id>'})) preprints = HideIfWithdrawal( HideIfRegistration( RelationshipField(related_view='nodes:node-preprints', related_view_kwargs={'node_id': '<_id>'}))) identifiers = HideIfWithdrawal( RelationshipField(related_view='registrations:identifier-list', related_view_kwargs={'node_id': '<_id>'})) linked_nodes = HideIfWithdrawal( RelationshipField(related_view='registrations:linked-nodes', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_node_links_count'}, self_view='registrations:node-pointer-relationship', self_view_kwargs={'node_id': '<_id>'})) linked_registrations = HideIfWithdrawal( RelationshipField( related_view='registrations:linked-registrations', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_registration_links_count'}, self_view='registrations:node-registration-pointer-relationship', self_view_kwargs={'node_id': '<_id>'})) view_only_links = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-view-only-links', related_view_kwargs={'node_id': '<_id>'}, related_meta={'count': 'get_view_only_links_count'}, )) citation = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-citation', related_view_kwargs={'node_id': '<_id>'})) links = LinksField({ 'self': 'get_registration_url', 'html': 'get_absolute_html_url' }) def get_registration_url(self, obj): return absolute_reverse( 'registrations:registration-detail', kwargs={ 'node_id': obj._id, 'version': self.context['request'].parser_context['kwargs']['version'] }) def get_absolute_url(self, obj): return self.get_registration_url(obj) def create(self, validated_data): auth = get_user_auth(self.context['request']) draft = validated_data.pop('draft') registration_choice = validated_data.pop('registration_choice', 'immediate') embargo_lifted = validated_data.pop('lift_embargo', None) reviewer = is_prereg_admin_not_project_admin(self.context['request'], draft) try: draft.validate_metadata(metadata=draft.registration_metadata, reviewer=reviewer, required_fields=True) except ValidationValueError as e: raise exceptions.ValidationError(e.message) registration = draft.register(auth, save=True) if registration_choice == 'embargo': if not embargo_lifted: raise exceptions.ValidationError( 'lift_embargo must be specified.') embargo_end_date = embargo_lifted.replace(tzinfo=pytz.utc) try: registration.embargo_registration(auth.user, embargo_end_date) except ValidationError as err: raise exceptions.ValidationError(err.message) else: try: registration.require_approval(auth.user) except NodeStateError as err: raise exceptions.ValidationError(err) registration.save() return registration def get_registered_meta(self, obj): if obj.registered_meta: meta_values = obj.registered_meta.values()[0] try: return json.loads(meta_values) except TypeError: return meta_values except ValueError: return meta_values return None def get_embargo_end_date(self, obj): if obj.embargo_end_date: return obj.embargo_end_date return None def get_registration_supplement(self, obj): if obj.registered_schema: schema = obj.registered_schema.first() if schema is None: return None return schema.name return None def get_current_user_permissions(self, obj): return NodeSerializer.get_current_user_permissions(self, obj) def update(self, registration, validated_data): auth = Auth(self.context['request'].user) # Update tags if 'tags' in validated_data: new_tags = validated_data.pop('tags', []) try: registration.update_tags(new_tags, auth=auth) except NodeStateError as err: raise Conflict(err.message) is_public = validated_data.get('is_public', None) if is_public is not None: if is_public: try: registration.update(validated_data, auth=auth) except NodeUpdateError as err: raise exceptions.ValidationError(err.reason) except NodeStateError as err: raise exceptions.ValidationError(err.message) else: raise exceptions.ValidationError( 'Registrations can only be turned from private to public.') return registration class Meta: type_ = 'registrations'
class PreprintSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'id', 'date_created', 'date_modified', 'date_published', 'original_publication_date', 'provider', 'is_published', 'subjects', 'reviews_state', 'node_is_public', ]) id = IDField(source='_id', read_only=True) subjects = ser.SerializerMethodField() date_created = DateByVersion(read_only=True) date_modified = DateByVersion(read_only=True) date_published = DateByVersion(read_only=True) original_publication_date = DateByVersion(required=False) doi = ser.CharField(source='article_doi', required=False, allow_null=True) is_published = ser.BooleanField(required=False) is_preprint_orphan = ser.BooleanField(read_only=True) license_record = NodeLicenseSerializer(required=False, source='license') title = ser.CharField(source='node.title', required=False) description = ser.CharField(required=False, allow_blank=True, allow_null=True, source='node.description') tags = JSONAPIListField(child=NodeTagField(), required=False, source='node.tags') node_is_public = ser.BooleanField(read_only=True, source='node__is_public') contributors = RelationshipField( related_view='nodes:node-contributors', related_view_kwargs={'node_id': '<node._id>'}, ) reviews_state = ser.CharField(read_only=True, max_length=15) date_last_transitioned = DateByVersion(read_only=True) citation = RelationshipField(related_view='preprints:preprint-citation', related_view_kwargs={'preprint_id': '<_id>'}) identifiers = RelationshipField( related_view='preprints:identifier-list', related_view_kwargs={'preprint_id': '<_id>'}) node = NodeRelationshipField(related_view='nodes:node-detail', related_view_kwargs={'node_id': '<node._id>'}, read_only=False) license = PreprintLicenseRelationshipField( related_view='licenses:license-detail', related_view_kwargs={'license_id': '<license.node_license._id>'}, read_only=False) provider = PreprintProviderRelationshipField( related_view='preprint_providers:preprint_provider-detail', related_view_kwargs={'provider_id': '<provider._id>'}, read_only=False) files = RelationshipField(related_view='nodes:node-providers', related_view_kwargs={'node_id': '<_id>'}) primary_file = PrimaryFileRelationshipField( related_view='files:file-detail', related_view_kwargs={'file_id': '<primary_file._id>'}, lookup_url_kwarg='file_id', read_only=False) actions = RelationshipField(related_view='preprints:preprint-action-list', related_view_kwargs={'preprint_id': '<_id>'}) links = LinksField({ 'self': 'get_preprint_url', 'html': 'get_absolute_html_url', 'doi': 'get_article_doi_url', 'preprint_doi': 'get_preprint_doi_url' }) class Meta: type_ = 'preprints' def get_subjects(self, obj): return [[TaxonomyField().to_representation(subj) for subj in hier] for hier in obj.subject_hierarchy] def get_preprint_url(self, obj): return absolute_reverse( 'preprints:preprint-detail', kwargs={ 'preprint_id': obj._id, 'version': self.context['request'].parser_context['kwargs']['version'] }) def get_absolute_url(self, obj): return self.get_preprint_url(obj) def get_article_doi_url(self, obj): return 'https://dx.doi.org/{}'.format( obj.article_doi) if obj.article_doi else None def get_preprint_doi_url(self, obj): doi_identifier = obj.get_identifier('doi') return 'https://dx.doi.org/{}'.format( doi_identifier.value) if doi_identifier else None def run_validation(self, *args, **kwargs): # Overrides construtor for validated_data to allow writes to a SerializerMethodField # Validation for `subjects` happens in the model _validated_data = super(PreprintSerializer, self).run_validation(*args, **kwargs) if 'subjects' in self.initial_data: _validated_data['subjects'] = self.initial_data['subjects'] return _validated_data def update(self, preprint, validated_data): assert isinstance( preprint, PreprintService), 'You must specify a valid preprint to be updated' assert isinstance( preprint.node, Node ), 'You must specify a preprint with a valid node to be updated.' auth = get_user_auth(self.context['request']) if not preprint.node.has_permission(auth.user, 'admin'): raise exceptions.PermissionDenied( detail='User must be an admin to update a preprint.') published = validated_data.pop('is_published', None) if published and preprint.provider.is_reviewed: raise Conflict( '{} uses a moderation workflow, so preprints must be submitted for review instead of published directly. Submit a preprint by creating a `submit` Action at {}' .format( preprint.provider.name, absolute_reverse( 'actions:create-action', kwargs={ 'version': self.context['request'].parser_context['kwargs'] ['version'] }))) save_node = False save_preprint = False recently_published = False primary_file = validated_data.pop('primary_file', None) if primary_file: self.set_field(preprint.set_primary_file, primary_file, auth) save_node = True old_tags = set(preprint.node.tags.values_list('name', flat=True)) if validated_data.get('node') and 'tags' in validated_data['node']: current_tags = set(validated_data['node'].pop('tags', [])) elif self.partial: current_tags = set(old_tags) else: current_tags = set() for new_tag in (current_tags - old_tags): preprint.node.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): preprint.node.remove_tag(deleted_tag, auth=auth) if 'node' in validated_data: preprint.node.update(fields=validated_data.pop('node')) save_node = True if 'subjects' in validated_data: subjects = validated_data.pop('subjects', None) self.set_field(preprint.set_subjects, subjects, auth) save_preprint = True if 'article_doi' in validated_data: preprint.node.preprint_article_doi = validated_data['article_doi'] save_node = True if 'license_type' in validated_data or 'license' in validated_data: license_details = get_license_details(preprint, validated_data) self.set_field(preprint.set_preprint_license, license_details, auth) save_preprint = True if 'original_publication_date' in validated_data: preprint.original_publication_date = validated_data[ 'original_publication_date'] save_preprint = True if published is not None: if not preprint.primary_file: raise exceptions.ValidationError( detail= 'A valid primary_file must be set before publishing a preprint.' ) self.set_field(preprint.set_published, published, auth) save_preprint = True recently_published = published preprint.node.set_privacy('public') save_node = True if save_node: try: preprint.node.save() except ValidationError as e: # Raised from invalid DOI raise exceptions.ValidationError(detail=e.messages[0]) if save_preprint: preprint.save() # Send preprint confirmation email signal to new authors on preprint! -- only when published # TODO: Some more thought might be required on this; preprints made from existing # nodes will send emails making it seem like a new node. if recently_published: for author in preprint.node.contributors: if author != auth.user: project_signals.contributor_added.send( preprint.node, contributor=author, auth=auth, email_template='preprint') return preprint def set_field(self, func, val, auth, save=False): try: func(val, auth) except PermissionsError as e: raise exceptions.PermissionDenied(detail=e.message) except (ValueError, ValidationError, NodeStateError) as e: raise exceptions.ValidationError(detail=e.message)
class FileSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'id', 'name', 'node', 'kind', 'path', 'materialized_path', 'size', 'provider', 'last_touched', 'tags', ]) id = IDField(source='_id', read_only=True) type = TypeField() checkout = CheckoutField() name = ser.CharField( read_only=True, help_text='Display name used in the general user interface') kind = ser.CharField(read_only=True, help_text='Either folder or file') path = ser.CharField( read_only=True, help_text='The unique path used to reference this object') size = ser.SerializerMethodField( read_only=True, help_text='The size of this file at this version') provider = ser.CharField( read_only=True, help_text='The Add-on service this file originates from') materialized_path = ser.CharField( read_only=True, help_text= 'The Unix-style path of this object relative to the provider root') last_touched = ser.DateTimeField( read_only=True, help_text= 'The last time this file had information fetched about it via the OSF') date_modified = ser.SerializerMethodField( read_only=True, help_text='Timestamp when the file was last modified') date_created = ser.SerializerMethodField( read_only=True, help_text='Timestamp when the file was created') extra = ser.SerializerMethodField( read_only=True, help_text='Additional metadata about this file') tags = JSONAPIListField(child=FileTagField(), required=False) files = NodeFileHyperLinkField(related_view='nodes:node-files', related_view_kwargs={ 'node_id': '<node_id>', 'path': '<path>', 'provider': '<provider>' }, kind='folder') versions = NodeFileHyperLinkField(related_view='files:file-versions', related_view_kwargs={'file_id': '<_id>'}, kind='file') comments = FileCommentRelationshipField( related_view='nodes:node-comments', related_view_kwargs={'node_id': '<node._id>'}, related_meta={'unread': 'get_unread_comments_count'}, filter={'target': 'get_file_guid'}) links = LinksField({ 'info': Link('files:file-detail', kwargs={'file_id': '<_id>'}), 'move': WaterbutlerLink(), 'upload': WaterbutlerLink(), 'delete': WaterbutlerLink(), 'download': WaterbutlerLink(must_be_file=True), 'new_folder': WaterbutlerLink(must_be_folder=True, kind='folder'), }) class Meta: type_ = 'files' def get_size(self, obj): if obj.versions: return obj.versions[-1].size return None def get_date_modified(self, obj): mod_dt = None if obj.provider == 'osfstorage' and obj.versions: # Each time an osfstorage file is added or uploaded, a new version object is created with its # date_created equal to the time of the update. The date_modified is the modified date # from the backend the file is stored on. This field refers to the modified date on osfstorage, # so prefer to use the date_created of the latest version. mod_dt = obj.versions[-1].date_created elif obj.provider != 'osfstorage' and obj.history: mod_dt = obj.history[-1].get('modified', None) return mod_dt and mod_dt.replace(tzinfo=pytz.utc) def get_date_created(self, obj): creat_dt = None if obj.provider == 'osfstorage' and obj.versions: creat_dt = obj.versions[0].date_created elif obj.provider != 'osfstorage' and obj.history: # Non-osfstorage files don't store a created date, so instead get the modified date of the # earliest entry in the file history. creat_dt = obj.history[0].get('modified', None) return creat_dt and creat_dt.replace(tzinfo=pytz.utc) def get_extra(self, obj): metadata = {} if obj.provider == 'osfstorage' and obj.versions: metadata = obj.versions[-1].metadata elif obj.provider != 'osfstorage' and obj.history: metadata = obj.history[-1].get('extra', {}) extras = {} extras['hashes'] = { # mimic waterbutler response 'md5': metadata.get('md5', None), 'sha256': metadata.get('sha256', None), } return extras def get_unread_comments_count(self, obj): user = self.context['request'].user if user.is_anonymous(): return 0 return Comment.find_n_unread(user=user, node=obj.node, page='files', root_id=obj.get_guid()._id) def user_id(self, obj): # NOTE: obj is the user here, the meta field for # Hyperlinks is weird if obj: return obj._id return None def update(self, instance, validated_data): assert isinstance(instance, FileNode), 'Instance must be a FileNode' if instance.provider != 'osfstorage' and 'tags' in validated_data: raise Conflict( 'File service provider {} does not support tags on the OSF.'. format(instance.provider)) auth = get_user_auth(self.context['request']) old_tags = set([tag._id for tag in instance.tags]) if 'tags' in validated_data: current_tags = set(validated_data.pop('tags', [])) else: current_tags = set(old_tags) for new_tag in (current_tags - old_tags): instance.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): instance.remove_tag(deleted_tag, auth=auth) for attr, value in validated_data.items(): if attr == 'checkout': user = self.context['request'].user instance.check_in_or_out(user, value) else: setattr(instance, attr, value) instance.save() return instance def is_valid(self, **kwargs): return super(FileSerializer, self).is_valid(clean_html=False, **kwargs) def get_file_guid(self, obj): if obj: guid = obj.get_guid() if guid: return guid._id return None def get_absolute_url(self, obj): return api_v2_url('files/{}/'.format(obj._id))
class PreprintSerializer(TaxonomizableSerializerMixin, MetricsSerializerMixin, JSONAPISerializer): filterable_fields = frozenset([ 'id', 'date_created', 'date_modified', 'date_published', 'original_publication_date', 'provider', 'is_published', 'subjects', 'reviews_state', 'node_is_public', ]) available_metrics = frozenset([ 'downloads', 'views', ]) id = IDField(source='_id', read_only=True) type = TypeField() date_created = VersionedDateTimeField(source='created', read_only=True) date_modified = VersionedDateTimeField(source='modified', read_only=True) date_published = VersionedDateTimeField(read_only=True) original_publication_date = VersionedDateTimeField(required=False, allow_null=True) doi = ser.CharField(source='article_doi', required=False, allow_null=True) title = ser.CharField(required=True, max_length=512) description = ser.CharField(required=False, allow_blank=True, allow_null=True) is_published = NoneIfWithdrawal(ser.BooleanField(required=False)) is_preprint_orphan = NoneIfWithdrawal(ser.BooleanField(read_only=True)) license_record = NodeLicenseSerializer(required=False, source='license') tags = JSONAPIListField(child=NodeTagField(), required=False) node_is_public = ser.BooleanField( read_only=True, source='node__is_public', help_text='Is supplementary project public?') preprint_doi_created = NoneIfWithdrawal( VersionedDateTimeField(read_only=True)) date_withdrawn = VersionedDateTimeField(read_only=True, allow_null=True) withdrawal_justification = HideIfNotWithdrawal( ser.CharField(required=False, read_only=True, allow_blank=True)) current_user_permissions = ser.SerializerMethodField( help_text='List of strings representing the permissions ' 'for the current user on this preprint.', ) public = ser.BooleanField(source='is_public', required=False, read_only=True) contributors = RelationshipField( related_view='preprints:preprint-contributors', related_view_kwargs={'preprint_id': '<_id>'}, ) reviews_state = ser.CharField(source='machine_state', read_only=True, max_length=15) date_last_transitioned = NoneIfWithdrawal( VersionedDateTimeField(read_only=True)) citation = NoneIfWithdrawal( RelationshipField( related_view='preprints:preprint-citation', related_view_kwargs={'preprint_id': '<_id>'}, )) identifiers = NoneIfWithdrawal( RelationshipField( related_view='preprints:identifier-list', related_view_kwargs={'preprint_id': '<_id>'}, )) node = NoneIfWithdrawal( NodeRelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<node._id>'}, read_only=False, many=False, self_view='preprints:preprint-node-relationship', self_view_kwargs={'preprint_id': '<_id>'}, )) license = PreprintLicenseRelationshipField( related_view='licenses:license-detail', related_view_kwargs={'license_id': '<license.node_license._id>'}, read_only=False, ) provider = PreprintProviderRelationshipField( related_view='providers:preprint-providers:preprint-provider-detail', related_view_kwargs={'provider_id': '<provider._id>'}, read_only=False, ) files = NoneIfWithdrawal( RelationshipField( related_view='preprints:preprint-storage-providers', related_view_kwargs={'preprint_id': '<_id>'}, )) primary_file = NoneIfWithdrawal( PrimaryFileRelationshipField( related_view='files:file-detail', related_view_kwargs={'file_id': '<primary_file._id>'}, read_only=False, )) review_actions = RelationshipField( related_view='preprints:preprint-review-action-list', related_view_kwargs={'preprint_id': '<_id>'}, ) requests = NoneIfWithdrawal( RelationshipField( related_view='preprints:preprint-request-list', related_view_kwargs={'preprint_id': '<_id>'}, )) links = LinksField( { 'self': 'get_preprint_url', 'html': 'get_absolute_html_url', 'doi': 'get_article_doi_url', 'preprint_doi': 'get_preprint_doi_url', }, ) class Meta: type_ = 'preprints' def get_preprint_url(self, obj): return absolute_reverse( 'preprints:preprint-detail', kwargs={ 'preprint_id': obj._id, 'version': self.context['request'].parser_context['kwargs']['version'] }) def get_absolute_url(self, obj): return self.get_preprint_url(obj) def get_article_doi_url(self, obj): return 'https://doi.org/{}'.format( obj.article_doi) if obj.article_doi else None def get_current_user_permissions(self, obj): user = self.context['request'].user all_perms = ['read', 'write', 'admin'] user_perms = [] for p in all_perms: if obj.has_permission(user, p): user_perms.append(p) return user_perms def get_preprint_doi_url(self, obj): doi = None doi_identifier = obj.get_identifier('doi') if doi_identifier: doi = doi_identifier.value # if a preprint hasn't been published yet, don't show the DOI prematurely elif obj.is_published: client = obj.get_doi_client() doi = client.build_doi(preprint=obj) if client else None return 'https://doi.org/{}'.format(doi) if doi else None def update(self, preprint, validated_data): assert isinstance( preprint, Preprint), 'You must specify a valid preprint to be updated' auth = get_user_auth(self.context['request']) if not preprint.has_permission(auth.user, osf_permissions.WRITE): raise exceptions.PermissionDenied( detail= 'User must have admin or write permissions to update a preprint.' ) published = validated_data.pop('is_published', None) if published and preprint.provider.is_reviewed: raise Conflict( '{} uses a moderation workflow, so preprints must be submitted for review instead of published directly. Submit a preprint by creating a `submit` Action at {}' .format( preprint.provider.name, absolute_reverse( 'preprints:preprint-review-action-list', kwargs={ 'version': self.context['request'].parser_context['kwargs'] ['version'], 'preprint_id': preprint._id, }, ), )) save_preprint = False recently_published = False primary_file = validated_data.pop('primary_file', None) if primary_file: self.set_field(preprint.set_primary_file, primary_file, auth) save_preprint = True old_tags = set(preprint.tags.values_list('name', flat=True)) if 'tags' in validated_data: current_tags = set(validated_data.pop('tags', [])) elif self.partial: current_tags = set(old_tags) else: current_tags = set() for new_tag in (current_tags - old_tags): preprint.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): preprint.remove_tag(deleted_tag, auth=auth) if 'node' in validated_data: node = validated_data.pop('node', None) self.set_field(preprint.set_supplemental_node, node, auth) save_preprint = True if 'subjects' in validated_data: subjects = validated_data.pop('subjects', None) self.set_field(preprint.set_subjects, subjects, auth) save_preprint = True if 'title' in validated_data: title = validated_data['title'] self.set_field(preprint.set_title, title, auth) save_preprint = True if 'description' in validated_data: description = validated_data['description'] self.set_field(preprint.set_description, description, auth) save_preprint = True if 'article_doi' in validated_data: preprint.article_doi = validated_data['article_doi'] save_preprint = True if 'license_type' in validated_data or 'license' in validated_data: license_details = get_license_details(preprint, validated_data) self.set_field(preprint.set_preprint_license, license_details, auth) save_preprint = True if 'original_publication_date' in validated_data: preprint.original_publication_date = validated_data[ 'original_publication_date'] or None save_preprint = True if published is not None: if not preprint.primary_file: raise exceptions.ValidationError( detail= 'A valid primary_file must be set before publishing a preprint.' ) self.set_field(preprint.set_published, published, auth) save_preprint = True recently_published = published preprint.set_privacy('public', log=False, save=True) if save_preprint: preprint.save() if recently_published: for author in preprint.contributors: if author != auth.user: project_signals.contributor_added.send( preprint, contributor=author, auth=auth, email_template='preprint') return preprint def set_field(self, func, val, auth, save=False): try: func(val, auth) except PermissionsError as e: raise exceptions.PermissionDenied(detail=str(e)) except (ValueError, ValidationError, NodeStateError) as e: raise exceptions.ValidationError(detail=e.message)
class RegistrationSerializer(NodeSerializer): category_choices = NodeSerializer.category_choices category_choices_string = NodeSerializer.category_choices_string category = HideIfWithdrawal( ser.ChoiceField(choices=category_choices, help_text="Choices: " + category_choices_string)) date_modified = HideIfWithdrawal(ser.DateTimeField(read_only=True)) fork = HideIfWithdrawal(ser.BooleanField(read_only=True, source='is_fork')) collection = HideIfWithdrawal( ser.BooleanField(read_only=True, source='is_collection')) node_license = HideIfWithdrawal(NodeLicenseSerializer()) tags = HideIfWithdrawal( JSONAPIListField(child=NodeTagField(), required=False)) public = HideIfWithdrawal( ser.BooleanField( source='is_public', required=False, help_text='Nodes that are made public will give read-only access ' 'to everyone. Private nodes require explicit read ' 'permission. Write and admin access are the same for ' 'public and private nodes. Administrators on a parent ' 'node have implicit read permissions for all child nodes')) current_user_permissions = HideIfWithdrawal( ser.SerializerMethodField( help_text='List of strings representing the permissions ' 'for the current user on this node.')) pending_embargo_approval = HideIfWithdrawal( ser.BooleanField( read_only=True, source='is_pending_embargo', help_text= 'The associated Embargo is awaiting approval by project admins.')) pending_registration_approval = HideIfWithdrawal( ser.BooleanField( source='is_pending_registration', read_only=True, help_text= 'The associated RegistrationApproval is awaiting approval by project admins.' )) pending_withdrawal = HideIfWithdrawal( ser.BooleanField( source='is_pending_retraction', read_only=True, help_text= 'The registration is awaiting withdrawal approval by project admins.' )) withdrawn = ser.BooleanField( source='is_retracted', read_only=True, help_text='The registration has been withdrawn.') date_registered = ser.DateTimeField(source='registered_date', read_only=True, help_text='Date time of registration.') embargo_end_date = HideIfWithdrawal( ser.SerializerMethodField( help_text='When the embargo on this registration will be lifted.')) withdrawal_justification = ser.CharField(source='retraction.justification', read_only=True) template_from = HideIfWithdrawal( ser.CharField( required=False, allow_blank=False, allow_null=False, help_text= 'Specify a node id for a node you would like to use as a template for the ' 'new node. Templating is like forking, except that you do not copy the ' 'files, only the project structure. Some information is changed on the top ' 'level project by submitting the appropriate fields in the request body, ' 'and some information will not change. By default, the description will ' 'be cleared and the project will be made private.')) registration_supplement = ser.SerializerMethodField() registered_meta = HideIfWithdrawal( ser.SerializerMethodField( help_text= 'A dictionary with supplemental registration questions and responses.' )) registered_by = HideIfWithdrawal( RelationshipField( related_view='users:user-detail', related_view_kwargs={'user_id': '<registered_user_id>'})) registered_from = HideIfWithdrawal( RelationshipField( related_view='nodes:node-detail', related_view_kwargs={'node_id': '<registered_from_id>'})) children = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-children', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_node_count'}, )) comments = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-comments', related_view_kwargs={'node_id': '<pk>'}, related_meta={'unread': 'get_unread_comments_count'})) contributors = RelationshipField( related_view='registrations:registration-contributors', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_contrib_count'}) files = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-providers', related_view_kwargs={'node_id': '<pk>'})) wikis = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-wikis', related_view_kwargs={'node_id': '<pk>'}, )) forked_from = HideIfWithdrawal( RelationshipField( related_view=lambda n: 'registrations:registration-detail' if getattr(n, 'is_registration', False) else 'nodes:node-detail', related_view_kwargs={'node_id': '<forked_from_id>'})) license = HideIfWithdrawal( RelationshipField( related_view='licenses:license-detail', related_view_kwargs={ 'license_id': '<node_license.node_license._id>' }, )) forks = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-forks', related_view_kwargs={'node_id': '<pk>'})) node_links = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-pointers', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_pointers_count'})) parent = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-detail', related_view_kwargs={'node_id': '<parent_node._id>'}, filter_key='parent_node')) logs = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-logs', related_view_kwargs={'node_id': '<pk>'}, )) root = HideIfWithdrawal( RelationshipField(related_view='registrations:registration-detail', related_view_kwargs={'node_id': '<root._id>'})) affiliated_institutions = HideIfWithdrawal( RelationshipField( related_view='registrations:registration-institutions', related_view_kwargs={'node_id': '<pk>'})) registrations = HideIfRegistration( RelationshipField(related_view='nodes:node-registrations', related_view_kwargs={'node_id': '<pk>'})) identifiers = HideIfWithdrawal( RelationshipField(related_view='registrations:identifier-list', related_view_kwargs={'node_id': '<pk>'})) # TODO: Finish me # TODO: Override create? links = LinksField({ 'self': 'get_registration_url', 'html': 'get_absolute_html_url' }) def get_registration_url(self, obj): return absolute_reverse('registrations:registration-detail', kwargs={'node_id': obj._id}) def get_absolute_url(self, obj): return self.get_registration_url(obj) def get_registered_meta(self, obj): if obj.registered_meta: meta_values = obj.registered_meta.values()[0] try: return json.loads(meta_values) except TypeError: return meta_values except ValueError: return meta_values return None def get_embargo_end_date(self, obj): if obj.embargo_end_date: return obj.embargo_end_date return None def get_registration_supplement(self, obj): if obj.registered_schema: schema = obj.registered_schema[0] if schema is None: return None return schema.name return None def get_current_user_permissions(self, obj): return NodeSerializer.get_current_user_permissions(self, obj) def update(self, *args, **kwargs): raise exceptions.APIException('Registrations cannot be modified.') class Meta: type_ = 'registrations'
class PreprintSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'id', 'title', 'tags', 'date_created', 'date_modified', 'contributors', 'subjects', 'doi' ]) title = ser.CharField(required=False) subjects = JSONAPIListField(child=TaxonomyField(), required=False, source='preprint_subjects') provider = ser.CharField(source='preprint_provider', required=False) date_created = ser.DateTimeField(read_only=True, source='preprint_created') date_modified = ser.DateTimeField(read_only=True) id = IDField(source='_id', required=False) abstract = ser.CharField(source='description', required=False) tags = JSONAPIListField(child=NodeTagField(), required=False) doi = ser.CharField(source='preprint_doi', required=False) primary_file = PrimaryFileRelationshipField( related_view='files:file-detail', related_view_kwargs={'file_id': '<preprint_file._id>'}, lookup_url_kwarg='file_id', read_only=False) files = RelationshipField(related_view='nodes:node-providers', related_view_kwargs={'node_id': '<pk>'}) providers = RelationshipField( related_view='preprints:preprint-preprint_providers', related_view_kwargs={'node_id': '<pk>'}, self_view='preprints:preprint-relationships-preprint_providers', self_view_kwargs={'node_id': '<pk>'}) links = LinksField({ 'self': 'get_preprint_url', 'html': 'get_absolute_html_url', 'doi': 'get_doi_url' }) contributors = RelationshipField( related_view='nodes:node-contributors', related_view_kwargs={'node_id': '<pk>'}, related_meta={'count': 'get_contrib_count'}, ) class Meta: type_ = 'preprints' def get_preprint_url(self, obj): return absolute_reverse('preprints:preprint-detail', kwargs={'node_id': obj._id}) def get_absolute_url(self, obj): return self.get_preprint_url(obj) def get_doi_url(self, obj): return 'https://dx.doi.org/{}'.format( obj.preprint_doi) if obj.preprint_doi else None def create(self, validated_data): node = Node.load(validated_data.pop('_id', None)) if not node: raise exceptions.NotFound('Unable to find Node with specified id.') auth = get_user_auth(self.context['request']) if not node.has_permission(auth.user, permissions.ADMIN): raise exceptions.PermissionDenied if node.is_preprint: raise Conflict( 'This node already stored as a preprint, use the update method instead.' ) primary_file = validated_data.pop('primary_file', None) if not primary_file: raise exceptions.ValidationError( detail='You must specify a primary_file to create a preprint.') self.set_node_field(node.set_preprint_file, primary_file, auth) subjects = validated_data.pop('preprint_subjects', None) if not subjects: raise exceptions.ValidationError( detail= 'You must specify at least one subject to create a preprint.') self.set_node_field(node.set_preprint_subjects, subjects, auth) tags = validated_data.pop('tags', None) if tags: for tag in tags: node.add_tag(tag, auth, save=False, log=False) for key, value in validated_data.iteritems(): setattr(node, key, value) try: node.save() except ValidationValueError as e: raise exceptions.ValidationError(detail=e.message) # Send preprint confirmation email signal to new authors on preprint! for author in node.contributors: if author != auth.user: project_signals.contributor_added.send( node, contributor=author, auth=auth, email_template='preprint') return node def update(self, node, validated_data): from website.models import Node assert isinstance(node, Node), 'You must specify a valid node to be updated.' auth = get_user_auth(self.context['request']) primary_file = validated_data.pop('primary_file', None) if primary_file: self.set_node_field(node.set_preprint_file, primary_file, auth) subjects = validated_data.pop('preprint_subjects', None) if subjects: self.set_node_field(node.set_preprint_subjects, subjects, auth) old_tags = set([tag._id for tag in node.tags]) if 'tags' in validated_data: current_tags = set(validated_data.pop('tags', [])) elif self.partial: current_tags = set(old_tags) else: current_tags = set() for new_tag in (current_tags - old_tags): node.add_tag(new_tag, auth=auth) for deleted_tag in (old_tags - current_tags): node.remove_tag(deleted_tag, auth=auth) for key, value in validated_data.iteritems(): setattr(node, key, value) try: node.save() except ValidationValueError as e: raise exceptions.ValidationError(detail=e.message) return node def set_node_field(self, func, val, auth): try: func(val, auth, save=False) except PermissionsError: raise exceptions.PermissionDenied( 'Not authorized to update this node.') except ValueError as e: raise exceptions.ValidationError(detail=e.message)
class UserSerializer(JSONAPISerializer): filterable_fields = frozenset([ 'full_name', 'given_name', 'middle_names', 'family_name', 'id' ]) writeable_method_fields = frozenset([ 'accepted_terms_of_service', ]) non_anonymized_fields = ['type'] id = IDField(source='_id', read_only=True) type = TypeField() full_name = ser.CharField(source='fullname', required=True, label='Full name', help_text='Display name used in the general user interface', max_length=186) given_name = ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations') middle_names = ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations') family_name = ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations') suffix = HideIfDisabled(ser.CharField(required=False, allow_blank=True, help_text='For bibliographic citations')) date_registered = HideIfDisabled(VersionedDateTimeField(read_only=True)) active = HideIfDisabled(ser.BooleanField(read_only=True, source='is_active')) timezone = HideIfDisabled(ser.CharField(required=False, help_text="User's timezone, e.g. 'Etc/UTC")) locale = HideIfDisabled(ser.CharField(required=False, help_text="User's locale, e.g. 'en_US'")) social = ListDictField(required=False) employment = JSONAPIListField(required=False, source='jobs') education = JSONAPIListField(required=False, source='schools') can_view_reviews = ShowIfCurrentUser(ser.SerializerMethodField(help_text='Whether the current user has the `view_submissions` permission to ANY reviews provider.')) accepted_terms_of_service = ShowIfCurrentUser(ser.SerializerMethodField()) links = HideIfDisabled(LinksField( { 'html': 'absolute_url', 'profile_image': 'profile_image_url', } )) nodes = HideIfDisabled(RelationshipField( related_view='users:user-nodes', related_view_kwargs={'user_id': '<_id>'}, related_meta={'projects_in_common': 'get_projects_in_common'}, )) quickfiles = HideIfDisabled(QuickFilesRelationshipField( related_view='users:user-quickfiles', related_view_kwargs={'user_id': '<_id>'}, )) registrations = HideIfDisabled(RelationshipField( related_view='users:user-registrations', related_view_kwargs={'user_id': '<_id>'}, )) institutions = HideIfDisabled(RelationshipField( related_view='users:user-institutions', related_view_kwargs={'user_id': '<_id>'}, self_view='users:user-institutions-relationship', self_view_kwargs={'user_id': '<_id>'}, )) preprints = HideIfDisabled(RelationshipField( related_view='users:user-preprints', related_view_kwargs={'user_id': '<_id>'}, )) class Meta: type_ = 'users' def get_projects_in_common(self, obj): user = get_user_auth(self.context['request']).user if obj == user: return user.contributor_to.count() return obj.n_projects_in_common(user) def absolute_url(self, obj): if obj is not None: return obj.absolute_url return None def get_absolute_url(self, obj): return absolute_reverse('users:user-detail', kwargs={ 'user_id': obj._id, 'version': self.context['request'].parser_context['kwargs']['version'] }) def get_can_view_reviews(self, obj): group_qs = GroupObjectPermission.objects.filter(group__user=obj, permission__codename='view_submissions') return group_qs.exists() or obj.userobjectpermission_set.filter(permission__codename='view_submissions') def get_accepted_terms_of_service(self, obj): return bool(obj.accepted_terms_of_service) def profile_image_url(self, user): size = self.context['request'].query_params.get('profile_image_size') return user.profile_image_url(size=size) def validate_employment(self, value): validate_user_json(value, 'employment-schema.json') return value def validate_education(self, value): validate_user_json(value, 'education-schema.json') return value def update(self, instance, validated_data): assert isinstance(instance, OSFUser), 'instance must be a User' for attr, value in validated_data.items(): if 'social' == attr: for key, val in value.items(): # currently only profileWebsites are a list, the rest of the social key only has one value if key == 'profileWebsites': instance.social[key] = val else: if len(val) > 1: raise InvalidModelValueError( detail='{} only accept a list of one single value'. format(key) ) instance.social[key] = val[0] elif 'accepted_terms_of_service' == attr: if value and not instance.accepted_terms_of_service: instance.accepted_terms_of_service = timezone.now() else: setattr(instance, attr, value) try: instance.save() except ValidationValueError as e: raise InvalidModelValueError(detail=e.message) except ValidationError as e: raise InvalidModelValueError(e) return instance