def get_user_by_id(user_id: int) -> User: user = User.get_by_id(user_id) if user is None: raise NotFound() return user
def check_draft_project_visibility(self, authenticated_user_id: int): """" Check if a User is allowed to see a Draft Project """ is_allowed_user = False if authenticated_user_id: is_team_manager = False user = User.get_by_id(authenticated_user_id) user_orgs = Organisation.get_organisations_managed_by_user( authenticated_user_id ) if self.teams: for project_team in self.teams: team_members = Team.get(project_team.team_id)._get_team_members() for member in team_members: if ( user.username == member["username"] and member["function"] == TeamMemberFunctions.MANAGER.name ): is_team_manager = True break if ( UserRole(user.role) == UserRole.ADMIN or authenticated_user_id == self.author_id or self.organisation in user_orgs or is_team_manager ): is_allowed_user = True return is_allowed_user
def as_dto_team_member(self, member) -> TeamMembersDTO: """ Returns a dto for the team member""" member_dto = TeamMembersDTO() user = User.get_by_id(member.user_id) member_function = TeamMemberFunctions(member.function).name member_dto.username = user.username member_dto.function = member_function member_dto.picture_url = user.picture_url member_dto.active = member.active return member_dto
def as_dto_for_mapping( self, authenticated_user_id: int = None, locale: str = "en", abbrev: bool = True ) -> Optional[ProjectDTO]: """ Creates a Project DTO suitable for transmitting to mapper users """ # Check for project visibility settings is_allowed_user = True if self.status == ProjectStatus.DRAFT.value: if not self.check_draft_project_visibility(authenticated_user_id): is_allowed_user = False if self.private: is_allowed_user = False if authenticated_user_id: user = User.get_by_id(authenticated_user_id) if ( UserRole(user.role) == UserRole.ADMIN or authenticated_user_id == self.author_id ): is_allowed_user = True for user in self.allowed_users: if user.id == authenticated_user_id: is_allowed_user = True break if is_allowed_user: project, project_dto = self._get_project_and_base_dto() if abbrev is False: project_dto.tasks = Task.get_tasks_as_geojson_feature_collection( self.id, None ) else: project_dto.tasks = Task.get_tasks_as_geojson_feature_collection_no_geom( self.id ) project_dto.project_info = ProjectInfo.get_dto_for_locale( self.id, locale, project.default_locale ) if project.organisation_id: project_dto.organisation = project.organisation.id project_dto.organisation_name = project.organisation.name project_dto.organisation_logo = project.organisation.logo project_dto.project_info_locales = ProjectInfo.get_dto_for_all_locales( self.id ) return project_dto
def _get_project_and_base_dto(self): """ Populates a project DTO with properties common to all roles """ base_dto = ProjectDTO() base_dto.project_id = self.id base_dto.project_status = ProjectStatus(self.status).name base_dto.default_locale = self.default_locale base_dto.project_priority = ProjectPriority(self.priority).name base_dto.area_of_interest = self.get_aoi_geometry_as_geojson() base_dto.aoi_bbox = shape(base_dto.area_of_interest).bounds base_dto.mapping_permission = MappingPermission( self.mapping_permission).name base_dto.validation_permission = ValidationPermission( self.validation_permission).name base_dto.enforce_random_task_selection = self.enforce_random_task_selection base_dto.private = self.private base_dto.mapper_level = MappingLevel(self.mapper_level).name base_dto.changeset_comment = self.changeset_comment base_dto.osmcha_filter_id = self.osmcha_filter_id base_dto.due_date = self.due_date base_dto.imagery = self.imagery base_dto.josm_preset = self.josm_preset base_dto.id_presets = self.id_presets base_dto.country_tag = self.country base_dto.organisation_id = self.organisation_id base_dto.license_id = self.license_id base_dto.created = self.created base_dto.last_updated = self.last_updated base_dto.author = User.get_by_id(self.author_id).username base_dto.active_mappers = Project.get_active_mappers(self.id) base_dto.task_creation_mode = TaskCreationMode( self.task_creation_mode).name base_dto.percent_mapped = Project.calculate_tasks_percent( "mapped", self.total_tasks, self.tasks_mapped, self.tasks_validated, self.tasks_bad_imagery, ) base_dto.percent_validated = Project.calculate_tasks_percent( "validated", self.total_tasks, self.tasks_mapped, self.tasks_validated, self.tasks_bad_imagery, ) base_dto.percent_bad_imagery = Project.calculate_tasks_percent( "bad_imagery", self.total_tasks, self.tasks_mapped, self.tasks_validated, self.tasks_bad_imagery, ) base_dto.project_teams = [ ProjectTeamDTO( dict( team_id=t.team.id, team_name=t.team.name, role=TeamRoles(t.role).name, )) for t in self.teams ] if self.custom_editor: base_dto.custom_editor = self.custom_editor.as_dto() if self.private: # If project is private it should have a list of allowed users allowed_usernames = [] for user in self.allowed_users: allowed_usernames.append(user.username) base_dto.allowed_usernames = allowed_usernames if self.mapping_types: mapping_types = [] for mapping_type in self.mapping_types: mapping_types.append(MappingTypes(mapping_type).name) base_dto.mapping_types = mapping_types if self.campaign: base_dto.campaigns = [i.as_dto() for i in self.campaign] if self.mapping_editors: mapping_editors = [] for mapping_editor in self.mapping_editors: mapping_editors.append(Editors(mapping_editor).name) base_dto.mapping_editors = mapping_editors if self.validation_editors: validation_editors = [] for validation_editor in self.validation_editors: validation_editors.append(Editors(validation_editor).name) base_dto.validation_editors = validation_editors if self.priority_areas: geojson_areas = [] for priority_area in self.priority_areas: geojson_areas.append(priority_area.get_as_geojson()) base_dto.priority_areas = geojson_areas base_dto.interests = [ InterestDTO(dict(id=i.id, name=i.name)) for i in self.interests ] return self, base_dto
def get_project_summary(self, preferred_locale) -> ProjectSummary: """ Create Project Summary model for postgis project object""" summary = ProjectSummary() summary.project_id = self.id priority = self.priority if priority == 0: summary.priority = "URGENT" elif priority == 1: summary.priority = "HIGH" elif priority == 2: summary.priority = "MEDIUM" else: summary.priority = "LOW" summary.author = User.get_by_id(self.author_id).username summary.default_locale = self.default_locale summary.country_tag = self.country summary.changeset_comment = self.changeset_comment summary.due_date = self.due_date summary.created = self.created summary.last_updated = self.last_updated summary.osmcha_filter_id = self.osmcha_filter_id summary.mapper_level = MappingLevel(self.mapper_level).name summary.mapping_permission = MappingPermission( self.mapping_permission).name summary.validation_permission = ValidationPermission( self.validation_permission).name summary.random_task_selection_enforced = self.enforce_random_task_selection summary.private = self.private summary.license_id = self.license_id summary.status = ProjectStatus(self.status).name summary.id_presets = self.id_presets summary.imagery = self.imagery if self.organisation_id: summary.organisation = self.organisation_id summary.organisation_name = self.organisation.name summary.organisation_logo = self.organisation.logo if self.campaign: summary.campaigns = [i.as_dto() for i in self.campaign] # Cast MappingType values to related string array mapping_types_array = [] if self.mapping_types: for mapping_type in self.mapping_types: mapping_types_array.append(MappingTypes(mapping_type).name) summary.mapping_types = mapping_types_array if self.mapping_editors: mapping_editors = [] for mapping_editor in self.mapping_editors: mapping_editors.append(Editors(mapping_editor).name) summary.mapping_editors = mapping_editors if self.validation_editors: validation_editors = [] for validation_editor in self.validation_editors: validation_editors.append(Editors(validation_editor).name) summary.validation_editors = validation_editors if self.custom_editor: summary.custom_editor = self.custom_editor.as_dto() # If project is private, fetch list of allowed users if self.private: allowed_users = [] for user in self.allowed_users: allowed_users.append(user.username) summary.allowed_users = allowed_users centroid_geojson = db.session.scalar(self.centroid.ST_AsGeoJSON()) summary.aoi_centroid = geojson.loads(centroid_geojson) summary.percent_mapped = Project.calculate_tasks_percent( "mapped", self.total_tasks, self.tasks_mapped, self.tasks_validated, self.tasks_bad_imagery, ) summary.percent_validated = Project.calculate_tasks_percent( "validated", self.total_tasks, self.tasks_mapped, self.tasks_validated, self.tasks_bad_imagery, ) summary.percent_bad_imagery = Project.calculate_tasks_percent( "bad_imagery", self.total_tasks, self.tasks_mapped, self.tasks_validated, self.tasks_bad_imagery, ) summary.project_teams = [ ProjectTeamDTO( dict( team_id=t.team.id, team_name=t.team.name, role=TeamRoles(t.role).name, )) for t in self.teams ] project_info = ProjectInfo.get_dto_for_locale(self.id, preferred_locale, self.default_locale) summary.project_info = project_info return summary
def post(self, team_id): """ Removes a user from a team --- tags: - teams produces: - application/json parameters: - in: header name: Authorization description: Base64 encoded session token required: true type: string default: Token sessionTokenHere== - name: team_id in: path description: Unique team ID required: true type: integer default: 1 - in: body name: body required: true description: JSON object to remove user from team schema: properties: username: type: string default: 1 required: true responses: 200: description: Member deleted 403: description: Forbidden, if user attempting to ready other messages 404: description: Not found 500: description: Internal Server Error """ try: authenticated_user_id = token_auth.current_user() username = request.get_json(force=True)["username"] request_user = User.get_by_id(authenticated_user_id) if (TeamService.is_user_team_manager(team_id, authenticated_user_id) or request_user.username == username): TeamService.leave_team(team_id, username) return {"Success": "User removed from the team"}, 200 else: return ( { "Error": "You don't have permissions to remove {} from this team." .format(username) }, 403, ) except NotFound: return {"Error": "No team member found"}, 404 except Exception as e: error_msg = f"TeamMembers DELETE - unhandled error: {str(e)}" current_app.logger.critical(error_msg) return {"Error": error_msg}, 500
def post(self): """ Creates a new organisation --- tags: - organisations produces: - application/json parameters: - in: header name: Authorization description: Base64 encoded session token required: true type: string default: Token sessionTokenHere== - in: body name: body required: true description: JSON object for creating organisation schema: properties: name: type: string default: HOT slug: type: string default: hot logo: type: string default: https://cdn.hotosm.org/tasking-manager/uploads/1588741335578_hot-logo.png url: type: string default: https://hotosm.org managers: type: array items: type: string default: [ user_1, user_2 ] responses: 201: description: Organisation created successfully 400: description: Client Error - Invalid Request 401: description: Unauthorized - Invalid credentials 403: description: Forbidden 402: description: Duplicate Name - Organisation name already exists 500: description: Internal Server Error """ request_user = User.get_by_id(token_auth.current_user()) if request_user.role != 1: return {"Error": "Only admin users can create organisations."}, 403 try: organisation_dto = NewOrganisationDTO(request.get_json()) if request_user.username not in organisation_dto.managers: organisation_dto.managers.append(request_user.username) organisation_dto.validate() except DataError as e: current_app.logger.error(f"error validating request: {str(e)}") return str(e), 400 try: org_id = OrganisationService.create_organisation(organisation_dto) return {"organisationId": org_id}, 201 except OrganisationServiceError as e: return str(e), 400 except Exception as e: error_msg = f"Organisation PUT - unhandled error: {str(e)}" current_app.logger.critical(error_msg) return {"Error": error_msg}, 500
def patch(self, organisation_id): """ Updates an organisation --- tags: - organisations produces: - application/json parameters: - in: header name: Authorization description: Base64 encoded session token required: true type: string default: Token sessionTokenHere== - name: organisation_id in: path description: The unique organisation ID required: true type: integer default: 1 - in: body name: body required: true description: JSON object for updating an organisation schema: properties: name: type: string default: HOT slug: type: string default: HOT logo: type: string default: https://tasks.hotosm.org/assets/img/hot-tm-logo.svg url: type: string default: https://hotosm.org managers: type: array items: type: string default: [ user_1, user_2 ] responses: 201: description: Organisation updated successfully 400: description: Client Error - Invalid Request 401: description: Unauthorized - Invalid credentials 403: description: Forbidden 500: description: Internal Server Error """ if not OrganisationService.can_user_manage_organisation( organisation_id, token_auth.current_user()): return {"Error": "User is not an admin for the org"}, 403 try: organisation_dto = UpdateOrganisationDTO(request.get_json()) organisation_dto.organisation_id = organisation_id # Don't update organisation type and subscription_tier if request user is not an admin if User.get_by_id(token_auth.current_user()).role != 1: org = OrganisationService.get_organisation_by_id( organisation_id) organisation_dto.type = OrganisationType(org.type).name organisation_dto.subscription_tier = org.subscription_tier organisation_dto.validate() except DataError as e: current_app.logger.error(f"error validating request: {str(e)}") return str(e), 400 try: OrganisationService.update_organisation(organisation_dto) return {"Status": "Updated"}, 200 except NotFound as e: return {"Error": str(e)}, 404 except OrganisationServiceError as e: return str(e), 402 except Exception as e: error_msg = f"Organisation PATCH - unhandled error: {str(e)}" current_app.logger.critical(error_msg) return {"Error": error_msg}, 500