def get_user_by_id(user_id: int) -> User:
user = User.get_by_id(user_id)
if user is None:
raise NotFound()
return user
def check_draft_project_visibility(self, authenticated_user_id: int):
"""" Check if a User is allowed to see a Draft Project """
is_allowed_user = False
if authenticated_user_id:
is_team_manager = False
user = User.get_by_id(authenticated_user_id)
user_orgs = Organisation.get_organisations_managed_by_user(
authenticated_user_id
)
if self.teams:
for project_team in self.teams:
team_members = Team.get(project_team.team_id)._get_team_members()
for member in team_members:
if (
user.username == member["username"]
and member["function"] == TeamMemberFunctions.MANAGER.name
):
is_team_manager = True
break
if (
UserRole(user.role) == UserRole.ADMIN
or authenticated_user_id == self.author_id
or self.organisation in user_orgs
or is_team_manager
):
is_allowed_user = True
return is_allowed_user
def as_dto_team_member(self, member) -> TeamMembersDTO:
""" Returns a dto for the team member"""
member_dto = TeamMembersDTO()
user = User.get_by_id(member.user_id)
member_function = TeamMemberFunctions(member.function).name
member_dto.username = user.username
member_dto.function = member_function
member_dto.picture_url = user.picture_url
member_dto.active = member.active
return member_dto
def as_dto_for_mapping(
self, authenticated_user_id: int = None, locale: str = "en", abbrev: bool = True
) -> Optional[ProjectDTO]:
""" Creates a Project DTO suitable for transmitting to mapper users """
# Check for project visibility settings
is_allowed_user = True
if self.status == ProjectStatus.DRAFT.value:
if not self.check_draft_project_visibility(authenticated_user_id):
is_allowed_user = False
if self.private:
is_allowed_user = False
if authenticated_user_id:
user = User.get_by_id(authenticated_user_id)
if (
UserRole(user.role) == UserRole.ADMIN
or authenticated_user_id == self.author_id
):
is_allowed_user = True
for user in self.allowed_users:
if user.id == authenticated_user_id:
is_allowed_user = True
break
if is_allowed_user:
project, project_dto = self._get_project_and_base_dto()
if abbrev is False:
project_dto.tasks = Task.get_tasks_as_geojson_feature_collection(
self.id, None
)
else:
project_dto.tasks = Task.get_tasks_as_geojson_feature_collection_no_geom(
self.id
)
project_dto.project_info = ProjectInfo.get_dto_for_locale(
self.id, locale, project.default_locale
)
if project.organisation_id:
project_dto.organisation = project.organisation.id
project_dto.organisation_name = project.organisation.name
project_dto.organisation_logo = project.organisation.logo
project_dto.project_info_locales = ProjectInfo.get_dto_for_all_locales(
self.id
)
return project_dto
def _get_project_and_base_dto(self):
""" Populates a project DTO with properties common to all roles """
base_dto = ProjectDTO()
base_dto.project_id = self.id
base_dto.project_status = ProjectStatus(self.status).name
base_dto.default_locale = self.default_locale
base_dto.project_priority = ProjectPriority(self.priority).name
base_dto.area_of_interest = self.get_aoi_geometry_as_geojson()
base_dto.aoi_bbox = shape(base_dto.area_of_interest).bounds
base_dto.mapping_permission = MappingPermission(
self.mapping_permission).name
base_dto.validation_permission = ValidationPermission(
self.validation_permission).name
base_dto.enforce_random_task_selection = self.enforce_random_task_selection
base_dto.private = self.private
base_dto.mapper_level = MappingLevel(self.mapper_level).name
base_dto.changeset_comment = self.changeset_comment
base_dto.osmcha_filter_id = self.osmcha_filter_id
base_dto.due_date = self.due_date
base_dto.imagery = self.imagery
base_dto.josm_preset = self.josm_preset
base_dto.id_presets = self.id_presets
base_dto.country_tag = self.country
base_dto.organisation_id = self.organisation_id
base_dto.license_id = self.license_id
base_dto.created = self.created
base_dto.last_updated = self.last_updated
base_dto.author = User.get_by_id(self.author_id).username
base_dto.active_mappers = Project.get_active_mappers(self.id)
base_dto.task_creation_mode = TaskCreationMode(
self.task_creation_mode).name
base_dto.percent_mapped = Project.calculate_tasks_percent(
"mapped",
self.total_tasks,
self.tasks_mapped,
self.tasks_validated,
self.tasks_bad_imagery,
)
base_dto.percent_validated = Project.calculate_tasks_percent(
"validated",
self.total_tasks,
self.tasks_mapped,
self.tasks_validated,
self.tasks_bad_imagery,
)
base_dto.percent_bad_imagery = Project.calculate_tasks_percent(
"bad_imagery",
self.total_tasks,
self.tasks_mapped,
self.tasks_validated,
self.tasks_bad_imagery,
)
base_dto.project_teams = [
ProjectTeamDTO(
dict(
team_id=t.team.id,
team_name=t.team.name,
role=TeamRoles(t.role).name,
)) for t in self.teams
]
if self.custom_editor:
base_dto.custom_editor = self.custom_editor.as_dto()
if self.private:
# If project is private it should have a list of allowed users
allowed_usernames = []
for user in self.allowed_users:
allowed_usernames.append(user.username)
base_dto.allowed_usernames = allowed_usernames
if self.mapping_types:
mapping_types = []
for mapping_type in self.mapping_types:
mapping_types.append(MappingTypes(mapping_type).name)
base_dto.mapping_types = mapping_types
if self.campaign:
base_dto.campaigns = [i.as_dto() for i in self.campaign]
if self.mapping_editors:
mapping_editors = []
for mapping_editor in self.mapping_editors:
mapping_editors.append(Editors(mapping_editor).name)
base_dto.mapping_editors = mapping_editors
if self.validation_editors:
validation_editors = []
for validation_editor in self.validation_editors:
validation_editors.append(Editors(validation_editor).name)
base_dto.validation_editors = validation_editors
if self.priority_areas:
geojson_areas = []
for priority_area in self.priority_areas:
geojson_areas.append(priority_area.get_as_geojson())
base_dto.priority_areas = geojson_areas
base_dto.interests = [
InterestDTO(dict(id=i.id, name=i.name)) for i in self.interests
]
return self, base_dto
def get_project_summary(self, preferred_locale) -> ProjectSummary:
""" Create Project Summary model for postgis project object"""
summary = ProjectSummary()
summary.project_id = self.id
priority = self.priority
if priority == 0:
summary.priority = "URGENT"
elif priority == 1:
summary.priority = "HIGH"
elif priority == 2:
summary.priority = "MEDIUM"
else:
summary.priority = "LOW"
summary.author = User.get_by_id(self.author_id).username
summary.default_locale = self.default_locale
summary.country_tag = self.country
summary.changeset_comment = self.changeset_comment
summary.due_date = self.due_date
summary.created = self.created
summary.last_updated = self.last_updated
summary.osmcha_filter_id = self.osmcha_filter_id
summary.mapper_level = MappingLevel(self.mapper_level).name
summary.mapping_permission = MappingPermission(
self.mapping_permission).name
summary.validation_permission = ValidationPermission(
self.validation_permission).name
summary.random_task_selection_enforced = self.enforce_random_task_selection
summary.private = self.private
summary.license_id = self.license_id
summary.status = ProjectStatus(self.status).name
summary.id_presets = self.id_presets
summary.imagery = self.imagery
if self.organisation_id:
summary.organisation = self.organisation_id
summary.organisation_name = self.organisation.name
summary.organisation_logo = self.organisation.logo
if self.campaign:
summary.campaigns = [i.as_dto() for i in self.campaign]
# Cast MappingType values to related string array
mapping_types_array = []
if self.mapping_types:
for mapping_type in self.mapping_types:
mapping_types_array.append(MappingTypes(mapping_type).name)
summary.mapping_types = mapping_types_array
if self.mapping_editors:
mapping_editors = []
for mapping_editor in self.mapping_editors:
mapping_editors.append(Editors(mapping_editor).name)
summary.mapping_editors = mapping_editors
if self.validation_editors:
validation_editors = []
for validation_editor in self.validation_editors:
validation_editors.append(Editors(validation_editor).name)
summary.validation_editors = validation_editors
if self.custom_editor:
summary.custom_editor = self.custom_editor.as_dto()
# If project is private, fetch list of allowed users
if self.private:
allowed_users = []
for user in self.allowed_users:
allowed_users.append(user.username)
summary.allowed_users = allowed_users
centroid_geojson = db.session.scalar(self.centroid.ST_AsGeoJSON())
summary.aoi_centroid = geojson.loads(centroid_geojson)
summary.percent_mapped = Project.calculate_tasks_percent(
"mapped",
self.total_tasks,
self.tasks_mapped,
self.tasks_validated,
self.tasks_bad_imagery,
)
summary.percent_validated = Project.calculate_tasks_percent(
"validated",
self.total_tasks,
self.tasks_mapped,
self.tasks_validated,
self.tasks_bad_imagery,
)
summary.percent_bad_imagery = Project.calculate_tasks_percent(
"bad_imagery",
self.total_tasks,
self.tasks_mapped,
self.tasks_validated,
self.tasks_bad_imagery,
)
summary.project_teams = [
ProjectTeamDTO(
dict(
team_id=t.team.id,
team_name=t.team.name,
role=TeamRoles(t.role).name,
)) for t in self.teams
]
project_info = ProjectInfo.get_dto_for_locale(self.id,
preferred_locale,
self.default_locale)
summary.project_info = project_info
return summary
def post(self, team_id):
"""
Removes a user from a team
---
tags:
- teams
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Base64 encoded session token
required: true
type: string
default: Token sessionTokenHere==
- name: team_id
in: path
description: Unique team ID
required: true
type: integer
default: 1
- in: body
name: body
required: true
description: JSON object to remove user from team
schema:
properties:
username:
type: string
default: 1
required: true
responses:
200:
description: Member deleted
403:
description: Forbidden, if user attempting to ready other messages
404:
description: Not found
500:
description: Internal Server Error
"""
try:
authenticated_user_id = token_auth.current_user()
username = request.get_json(force=True)["username"]
request_user = User.get_by_id(authenticated_user_id)
if (TeamService.is_user_team_manager(team_id,
authenticated_user_id)
or request_user.username == username):
TeamService.leave_team(team_id, username)
return {"Success": "User removed from the team"}, 200
else:
return (
{
"Error":
"You don't have permissions to remove {} from this team."
.format(username)
},
403,
)
except NotFound:
return {"Error": "No team member found"}, 404
except Exception as e:
error_msg = f"TeamMembers DELETE - unhandled error: {str(e)}"
current_app.logger.critical(error_msg)
return {"Error": error_msg}, 500
def post(self):
"""
Creates a new organisation
---
tags:
- organisations
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Base64 encoded session token
required: true
type: string
default: Token sessionTokenHere==
- in: body
name: body
required: true
description: JSON object for creating organisation
schema:
properties:
name:
type: string
default: HOT
slug:
type: string
default: hot
logo:
type: string
default: https://cdn.hotosm.org/tasking-manager/uploads/1588741335578_hot-logo.png
url:
type: string
default: https://hotosm.org
managers:
type: array
items:
type: string
default: [
user_1,
user_2
]
responses:
201:
description: Organisation created successfully
400:
description: Client Error - Invalid Request
401:
description: Unauthorized - Invalid credentials
403:
description: Forbidden
402:
description: Duplicate Name - Organisation name already exists
500:
description: Internal Server Error
"""
request_user = User.get_by_id(token_auth.current_user())
if request_user.role != 1:
return {"Error": "Only admin users can create organisations."}, 403
try:
organisation_dto = NewOrganisationDTO(request.get_json())
if request_user.username not in organisation_dto.managers:
organisation_dto.managers.append(request_user.username)
organisation_dto.validate()
except DataError as e:
current_app.logger.error(f"error validating request: {str(e)}")
return str(e), 400
try:
org_id = OrganisationService.create_organisation(organisation_dto)
return {"organisationId": org_id}, 201
except OrganisationServiceError as e:
return str(e), 400
except Exception as e:
error_msg = f"Organisation PUT - unhandled error: {str(e)}"
current_app.logger.critical(error_msg)
return {"Error": error_msg}, 500
def patch(self, organisation_id):
"""
Updates an organisation
---
tags:
- organisations
produces:
- application/json
parameters:
- in: header
name: Authorization
description: Base64 encoded session token
required: true
type: string
default: Token sessionTokenHere==
- name: organisation_id
in: path
description: The unique organisation ID
required: true
type: integer
default: 1
- in: body
name: body
required: true
description: JSON object for updating an organisation
schema:
properties:
name:
type: string
default: HOT
slug:
type: string
default: HOT
logo:
type: string
default: https://tasks.hotosm.org/assets/img/hot-tm-logo.svg
url:
type: string
default: https://hotosm.org
managers:
type: array
items:
type: string
default: [
user_1,
user_2
]
responses:
201:
description: Organisation updated successfully
400:
description: Client Error - Invalid Request
401:
description: Unauthorized - Invalid credentials
403:
description: Forbidden
500:
description: Internal Server Error
"""
if not OrganisationService.can_user_manage_organisation(
organisation_id, token_auth.current_user()):
return {"Error": "User is not an admin for the org"}, 403
try:
organisation_dto = UpdateOrganisationDTO(request.get_json())
organisation_dto.organisation_id = organisation_id
# Don't update organisation type and subscription_tier if request user is not an admin
if User.get_by_id(token_auth.current_user()).role != 1:
org = OrganisationService.get_organisation_by_id(
organisation_id)
organisation_dto.type = OrganisationType(org.type).name
organisation_dto.subscription_tier = org.subscription_tier
organisation_dto.validate()
except DataError as e:
current_app.logger.error(f"error validating request: {str(e)}")
return str(e), 400
try:
OrganisationService.update_organisation(organisation_dto)
return {"Status": "Updated"}, 200
except NotFound as e:
return {"Error": str(e)}, 404
except OrganisationServiceError as e:
return str(e), 402
except Exception as e:
error_msg = f"Organisation PATCH - unhandled error: {str(e)}"
current_app.logger.critical(error_msg)
return {"Error": error_msg}, 500
