def index(self, resource_id, cn): try: dns = config.get("ckanext.cfpb_ldap_query.base_dns").split('|') except ValueError: flash_error("At least one valid DN must be configured.") redirect_to("get_access_request", resource_id=resource_id, cn=cn) resource = get_action('resource_show')({}, data_dict={ 'id': resource_id }) package = get_action('package_show')({}, data_dict={ 'id': resource['package_id'] }) role_description = get_role(json.loads(resource['db_roles']), cn)['description'] return render( 'ckanext/cfpb-extrafields/access_index.html', { "resource": resource, "package": package, "description": role_description, "cn": cn, "context": context, "dn": dns[0] })
def update(self): params = t.request.params topic_id = params['topic_id'] topic = Topic.find(topic_id) old_index = topic['index'] new_index = params['topic_index'] old_topic_name = topic['name'] new_name = new_index + '_' + params['topic_display_name'] if (old_index != new_index): subtopics = Subtopic.by_topic(topic_id) for subtopic in subtopics: Subtopic.update_subtopic_topic_index(subtopic, new_index) session = model.Session matched_tag = session.query(Tag).filter(Tag.id == topic['id']).first() matched_tag.name = new_name model.Session.commit() reindex_packages_with_changed_topic(old_topic_name) t.redirect_to( controller='ckanext.topics.controllers.topic:TopicController', action='index')
def login(self): log.debug('login') if not toolkit.c.user: # A 401 HTTP Status will cause the login to be triggered return toolkit.abort(401, toolkit._('Login required!')) redirect_to = toolkit.request.params.get('came_from', '/') toolkit.redirect_to(bytes(redirect_to))
def dcpreview(id, resource_id): """Serve a preview image on disk `id` and `resource_id` are strings or uuids. """ # Code borrowed from ckan/controllers/package.py:resource_download context = { 'model': model, 'session': model.Session, 'user': c.user, 'auth_user_obj': c.userobj } id = str(id) resource_id = str(resource_id) try: rsc = toolkit.get_action('resource_show')(context, {'id': resource_id}) toolkit.get_action('package_show')(context, {'id': id}) except (logic.NotFound, logic.NotAuthorized): toolkit.abort(404, toolkit._('Resource not found')) if rsc.get('url_type') == 'upload': upload = uploader.get_resource_uploader(rsc) filepath = pathlib.Path(upload.get_path(rsc['id'])) jpg_file = filepath.with_name(filepath.name + "_preview.jpg") if not jpg_file.exists(): toolkit.abort(404, toolkit._('Preview not found')) return flask.send_from_directory(jpg_file.parent, jpg_file.name) elif 'url' not in rsc: toolkit.abort(404, toolkit._('No download is available')) toolkit.redirect_to(rsc['url'])
def destroy(self): context = {'user': t.c.user} params = t.request.params subtopic_id = t.request.params['id'] subtopic = Subtopic.find(subtopic_id) old_name = subtopic['name'] Subtopic.destroy(context, subtopic_id) # Update indexes of following subtopics destroyed_index = subtopic['index'] for subtopic in Subtopic.all(): if subtopic['index'] > destroyed_index: new_subtopic_index = AlphabeticIndex.previous_letter( subtopic['index']) Subtopic.update_subtopic_index(subtopic, new_subtopic_index) reindex_packages_with_changed_topic(old_name) t.redirect_to( controller='ckanext.topics.controllers.topic:TopicController', action='index')
def update(self): params = t.request.params topic_id = params['subtopic_topic_id'] topic = Topic.find(topic_id) subtopic_id = params['subtopic_id'] subtopic = Subtopic.find(subtopic_id) old_name = subtopic['name'] new_index = params['subtopic_index'] new_name = topic['index'] + '_' + new_index + '_' + params[ 'subtopic_display_name'] session = model.Session matched_tag = session.query(Tag).filter( Tag.name == subtopic['name']).first() matched_tag.name = new_name model.Session.commit() reindex_packages_with_changed_topic(old_name) t.redirect_to( controller='ckanext.topics.controllers.topic:TopicController', action='index')
def callback(self): """Resume login process from authorization service.""" log.debug("callback") try: token = self.get_token() except InsecureTransportError as e: log.warn(f"Error in getting token: {e}") helpers.flash_error( "Authentication error; please contact the administrator.") return toolkit.redirect_to("/") try: user_name = self.authenticate(token) except InsecureTransportError as e: log.warn(f"Error authenticating user: {e}") helpers.flash_error( "Authentication error; please contact the administrator.") return toolkit.redirect_to("/") # create headers from remember token to be added to redirected response remember_headers = self.remember(user_name) self.update_token(user_name, token) state = toolkit.request.params.get("state") redirect = toolkit.redirect_to(get_came_from(state)) for header, value in remember_headers: redirect.headers[header] = value return redirect
def ozwillo_login(): for cookie in request.cookies: value = request.cookies.get(cookie) Response().set_cookie(cookie, value, secure=True, httponly=True) if 'organization_id' in session: g_ = model.Group.get(session['organization_id']) client = Clients.get_client(g_) url, ht_args, state = client.create_authn_request(conf.ACR_VALUES) session['state'] = state session['from_login'] = True session.save() if ht_args: request.headers.update(ht_args) # Redirect URI should not include language info init. # Returns: `invalid_request: Invalid parameter value: redirect_uri` url = url.replace('en%2F', '').replace('en/', '') return redirect_to(url) else: return redirect_to('/') extra_vars = {} if g.user: return base.render(u'user/logout_first.html', extra_vars) came_from = request.params.get(u'came_from') if not came_from: came_from = h.url_for(u'user.logged_in') g.login_handler = h.url_for(_get_repoze_handler(u'login_handler_path'), came_from=came_from) return base.render(u'user/login.html', extra_vars)
def edit_file(self, num): if not re.match(r'^\d+$', num): abort(404, _('Not found')) num = int(num) f = editable_files[num] errors = {} if request.POST: contents = request.POST['contents'] err = file_edit_update(num, contents) if not err: h.flash_success(_("File Updated")) redirect_to( controller='ckanext.fileedit.controller:FileEditController', action='edit_file', num='0') errors['contents'] = [err] else: contents = file_edit_show(num) return render('fileedit/edit.html', extra_vars={ 'data': { 'contents': contents }, 'errors': errors, 'editable_files': editable_files, 'label': f['label'], 'num': num, })
def delete(id): data_dict = {"id": id} context = _get_context() try: tk.check_access(constants.DELETE_DATAREQUEST, context, data_dict) datarequest = tk.get_action(constants.DELETE_DATAREQUEST)(context, data_dict) helpers.flash_notice( tk._("Data Request {title} has been deleted").format( title=datarequest.get("title", ""))) tk.redirect_to( helpers.url_for( controller="datarequests", action="index", )) except tk.ObjectNotFound as e: log.warn(e) tk.abort(404, tk._("Data Request {id} not found").format(id=id)) except tk.NotAuthorized as e: log.warn(e) tk.abort( 403, tk._("You are not authorized to delete the Data Request {id}"). format(id=id), )
def membership_remove(): context = {'model': model, 'user': toolkit.c.user} username = toolkit.request.params.get('username') contname = toolkit.request.params.get('contname') # Check access try: toolkit.check_access('sysadmin', context) except toolkit.NotAuthorized: message = 'Not authorized to remove membership' return toolkit.abort(403, message) # Remove membership try: data_dict = {'id': contname, 'user_id': username} container = toolkit.get_action('organization_member_delete')(context, data_dict) except (toolkit.ObjectNotFound, toolkit.ValidationError): message = 'User, container or role not found' toolkit.h.flash_error(message) return toolkit.redirect_to('unhcr_data_container.membership', username=username) # Show flash message and redirect message = 'User "%s" removed from the data container "%s"' toolkit.h.flash_error(message % (username, contname)) return toolkit.redirect_to('unhcr_data_container.membership', username=username)
def logged_out(): """ Callback from the auth server after the user has been logged out. """ log.debug("Post-logout callback from auth server") _forget_login() tk.redirect_to(config.ckan_url)
def manage_footer_logos(self): data = dict(toolkit.request.POST) if 'save' in data: try: del data['save'] upload = uploader.get_uploader('admin') # Upload footer logos for i in range(1, 6): upload.update_data_dict(data, 'footer_logo_{0}_image_url' .format(i), 'footer_logo_{0}_upload'.format(i), 'clear_footer_logo_{0}_upload' .format(i)) upload.upload(uploader.get_max_image_size()) data = toolkit.get_action('config_option_update')({}, data) except toolkit.ValidationError, e: errors = e.error_dict error_summary = e.error_summary vars = {'data': data, 'errors': errors, 'error_summary': error_summary} return toolkit.render('admin/tayside_manage_footer_logos.html', extra_vars=vars) ctrl =\ 'ckanext.tayside.controllers.admin:AdminController' toolkit.redirect_to(controller=ctrl, action='manage_footer_logos')
def clone(self, ds_id): context = { 'model': base.model, 'session': base.model.Session, 'user': base.c.user or base.c.author } context['__cloning'] = True lc = ckanapi.LocalCKAN(context=context) pkg = lc.action.package_show(id=ds_id) # Remove any fields that need to be reset between # clones, such as unique IDs. for field in self.PURGE_FIELDS: if field in pkg: del pkg[field] now = datetime.now() pkg.update({ 'name': '{0}-clone'.format(pkg['name']), 'metadata_created': now, 'metadata_modified': now, 'notes': { u'en': (pkg.get('notes') or {}).get('en') or '', u'fr': (pkg.get('notes') or {}).get('fr') or '' } }) new_pkg = lc.action.package_create(**pkg) toolkit.redirect_to( controller='package', action='edit', id=new_pkg['id'] )
def delete(self, querytool): ''' Delete query tool :return: querytools list template page ''' context = _get_context() name = querytool[1:] try: check_access('querytool_delete', context, {'name': name}) except NotAuthorized: abort(403, _('Not authorized to see this page')) try: junk = _get_action('querytool_delete', {'name': name}) except NotFound: abort(404, _('Application not found')) h.flash_success( _('Application and visualizations were ' 'removed successfully.')) toolkit.redirect_to(h.url_for('querytool_groups'))
def convertToCSV(self): losd = LocalCKAN() try: resource_id = request.params.get('resource_id', u'') print("\n\n\n\n\n\n\n") print(request.params) # dataset = losd.action.package_show(id=pkg_id) resource_jsonstat = losd.action.resource_show(id=resource_id) Source_URL = resource_jsonstat['url'] # read from json-stat dataset_jsonStat = pyjstat.Dataset.read(Source_URL) # write to dataframe df = dataset_jsonStat.write('dataframe') filename = '/var/lib/ckan/storage/uploads/' + unicode( uuid.uuid4()) + '.csv' df.to_csv(filename, sep=',', encoding='utf-8', index=False) losd.action.resource_create( package_id=request.params.get('pkg_id', u''), format='csv', name='csv ' + resource_jsonstat['name'], description='CSV file converted from json-stat resource:' + resource_jsonstat['name'], upload=open(filename)) os.remove(filename) id = request.params.get('pkg_id', u'') h.flash_notice(_('A new CSV resource has been created.')) tk.redirect_to(controller='package', action='read', id=id) except NotFound: print('not found')
def remove_event(self): ''' Remove an event. ''' context = {'model': model, 'session': model.Session, 'user': toolkit.c.user or toolkit.c.author} try: toolkit.check_access('sysadmin', context, {}) except toolkit.NotAuthorized: toolkit.abort(401, _('User not authorized to view page')) if 'cancel' in toolkit.request.params: return toolkit.redirect_to( controller='ckanext.lacounts.controller:GetInvolvedController', action='manage_get_involved') event_id = toolkit.request.params['id'] if toolkit.request.method == 'POST' and event_id: try: toolkit.get_action('event_delete')( data_dict={'id': event_id}) except toolkit.NotAuthorized: toolkit.abort(401, _('Unauthorized to perform that action')) except toolkit.ObjectNotFound: toolkit.h.flash_error(_('The event was not found.')) else: toolkit.h.flash_success(_('The event has been removed.')) elif not event_id: toolkit.h.flash_error(_('The event was not found.')) return toolkit.redirect_to( controller='ckanext.lacounts.controller:GetInvolvedController', action='manage_get_involved')
def create(self): context = {'user': t.c.user} params = t.request.params topic_id = params['subtopic_topic_id'] display_name = params['subtopic_display_name'] if (Subtopic.topic_subtopics_count(topic_id) >= AlphabeticIndex.max_items()): t.redirect_to( controller='ckanext.topics.controllers.topic:TopicController', action='index') topic = Topic.find(topic_id) subtopic_index = Subtopic.get_new_subtopic_index(topic_id) name = topic['index'] + '_' + subtopic_index + '_' + display_name result = t.get_action('tag_create')( context, { 'name': name, 'vocabulary_id': Subtopic.vocabulary_id() }) t.redirect_to( controller='ckanext.topics.controllers.topic:TopicController', action='index')
def publish_microdata(self, id): context = {'model': model, 'user': toolkit.c.user} nation = toolkit.request.params.get('nation') repoid = toolkit.request.params.get('repoid') # Get dataset try: dataset = toolkit.get_action('package_show')(context, {'id': id}) except (toolkit.ObjectNotFound, toolkit.NotAuthorized): message = 'Not authorized to publish of dataset "%s"' return toolkit.abort(403, message % id) # Publish to Microdata error = None try: survey = toolkit.get_action('package_publish_microdata')( context, { 'id': id, 'nation': nation, 'repoid': repoid }) except (toolkit.NotAuthorized, RuntimeError) as exception: error = str(exception) # Show flash message and redirect if not error: message = 'Dataset "%s" published to the Microdata library at the following address: "%s"' toolkit.h.flash_success(message % (dataset['title'], survey['url'])) else: message = 'Dataset "%s" publishing to the Microdata library is not completed for the following reason: "%s"' toolkit.h.flash_error(message % (dataset['title'], error)) toolkit.redirect_to('dataset_edit', id=dataset['name'])
def identify(self): if 'emailauth_user' in session: tk.c.user = session['emailauth_user'] return if 'login' not in tk.request.GET: # Not a login request return # Digest the login key src_email = urllib.unquote(tk.request.GET['email']) to_digest = (tk.request.GET['login'] + src_email).encode('utf-8') key = hashlib.sha256(to_digest).hexdigest() # Clear expired and pop db.AutoLoginKey.remove_expired(expiry_hrs=tk.config.get( 'ckan.emailauth.login_key_expiry_hrs', 48)) user_id = db.AutoLoginKey.pop_key(key=key, src_email=src_email) if user_id is None: # Invalid log.warn('Auto login key miss with email %s' % src_email) session['emailauth_fail'] = True session.save() tk.redirect_to(tk.url_for(controller='user', action='login')) else: # Valid user_name = model.Session.query( model.User).filter(model.User.id == user_id).first().name session['emailauth_user'] = user_name session.save() tk.c.user = user_name
def clone(self, ds_id): context = { 'model': base.model, 'session': base.model.Session, 'user': base.c.user or base.c.author } lc = ckanapi.LocalCKAN(context=context) pkg = lc.action.package_show(id=ds_id) # Remove any fields that need to be reset between # clones, such as unique IDs. for field in self.PURGE_FIELDS: if field in pkg: del pkg[field] now = datetime.now() pkg.update({ 'name': '{0}-clone'.format(pkg['name']), 'metadata_created': now, 'metadata_modified': now, 'notes': { u'en': (pkg.get('notes') or {}).get('en') or '', u'fr': (pkg.get('notes') or {}).get('fr') or '' } }) new_pkg = lc.action.package_create(**pkg) toolkit.redirect_to( controller='package', action='edit', id=new_pkg['id'] )
def upload(self, id, max_size=10): """ Overloading the upload method to check the hash of the file. After downloading the file, we check the hash sum, if it does not match the users input, delete the file. :param id: :param max_size: :return: """ super(ResourceUpload, self).upload(id) if self.resource.get('file_hash_sum'): try: file_hash = get_file_hash(self.get_path(id)) except OSError: logger.error('Сan not open file for hash sum checking!') h.flash_error( tk._('Trouble when file has sum checking. Try again.')) tk.redirect_to(controller='package', action='new_resource', id=self.resource.get('package_id')) if file_hash != self.resource.get('file_hash_sum'): try: os.remove(self.get_path(id)) except OSError: logger.error('Сan not delete file!') h.flash_error(tk._('File hash sum invalid.')) tk.redirect_to(controller='package', action='new_resource', id=self.resource.get('package_id')) return None
def delete(self, id): if 'cancel' in request.params: tk.redirect_to( controller='ckanext.showcase.controller:ShowcaseController', action='edit', id=id) context = {'model': model, 'session': model.Session, 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: check_access('ckanext_showcase_delete', context, {'id': id}) except NotAuthorized: abort(401, _('Unauthorized to delete showcase')) try: if request.method == 'POST': get_action('ckanext_showcase_delete')(context, {'id': id}) h.flash_notice(_('Showcase has been deleted.')) tk.redirect_to( controller='ckanext.showcase.controller:ShowcaseController', action='search') c.pkg_dict = get_action('package_show')(context, {'id': id}) except NotAuthorized: abort(401, _('Unauthorized to delete showcase')) except NotFound: abort(404, _('Showcase not found')) return render('showcase/confirm_delete.html', extra_vars={'dataset_type': DATASET_TYPE_NAME})
def _process_post(action, context): # If the user has submitted the form, the data request must be created if request.method == "POST": data_dict = {} data_dict["title"] = request.form.get("title", "") data_dict["description"] = request.form.get("description", "") data_dict["organization_id"] = request.form.get("organization_id", "") if action == constants.UPDATE_DATAREQUEST: data_dict["id"] = request.form.get("id", "") try: result = tk.get_action(action)(context, data_dict) tk.redirect_to( helpers.url_for( controller="datarequests", action="show", id=result["id"], )) except tk.ValidationError as e: log.warn(e) # Fill the fields that will display some information in the page g.datarequest = { "id": data_dict.get("id", ""), "title": data_dict.get("title", ""), "description": data_dict.get("description", ""), "organization_id": data_dict.get("organization_id", ""), } g.errors = e.error_dict g.errors_summary = _get_errors_summary(g.errors)
def delete(self, id): if 'cancel' in request.params: tk.redirect_to( controller='ckanext.showcase.controller:ShowcaseController', action='edit', id=id) context = { 'model': model, 'session': model.Session, 'user': c.user or c.author, 'auth_user_obj': c.userobj } try: check_access('ckanext_showcase_delete', context, {'id': id}) except NotAuthorized: abort(401, _('Unauthorized to delete showcase')) try: if request.method == 'POST': get_action('ckanext_showcase_delete')(context, {'id': id}) h.flash_notice(_('Showcase has been deleted.')) tk.redirect_to( controller='ckanext.showcase.controller:ShowcaseController', action='search') c.pkg_dict = get_action('package_show')(context, {'id': id}) except NotAuthorized: abort(401, _('Unauthorized to delete showcase')) except NotFound: abort(404, _('Showcase not found')) return render('showcase/confirm_delete.html', extra_vars={'dataset_type': DATASET_TYPE_NAME})
def edit_app(self, id): if c.userobj is None or not c.userobj.sysadmin: abort(404) try: app_id = int(id) except ValueError: abort(404) app = App.get_by_id(id=app_id) if not app: abort(404) form = EditAppForm(tk.request.POST) if tk.request.POST: if form.validate(): app.name = strip_tags(form.name.data) app.content = strip_tags(form.content.data) app.external_link = strip_tags(form.external_link.data) app.save() log.debug("App data is valid. Content: %s", strip_tags(app.name)) flash_success(tk._('Application successfully updated')) tk.redirect_to(app.get_absolute_url()) else: flash_error(tk._('You have errors in form')) log.info("Validate errors: %s", form.errors) form.name.data = app.name form.content.data = app.content form.external_link.data = app.external_link context = {'form': form, 'app_id': app.id} return tk.render('edit_app.html', context)
def remove_project_admin(self): ''' Remove a user from the project Admin list. ''' context = {'model': model, 'session': model.Session, 'user': c.user or c.author} try: check_access('sysadmin', context, {}) except NotAuthorized: abort(401, _('User not authorized to view page')) if 'cancel' in request.params: tk.redirect_to(controller='ckanext.project.controller:projectController', action='manage_project_admins') user_id = request.params['user'] if request.method == 'POST' and user_id: user_id = request.params['user'] try: get_action('ckanext_project_admin_remove')(data_dict={'username': user_id}) except NotAuthorized: abort(401, _('Unauthorized to perform that action')) except NotFound: h.flash_error(_('The user is not a project Admin')) else: h.flash_success(_('The user is no longer a project Admin')) return redirect(h.url_for(controller='ckanext.project.controller:projectController', action='manage_project_admins')) c.user_dict = get_action('user_show')(data_dict={'id': user_id}) c.user_id = user_id return render('admin/confirm_remove_project_admin.html')
def delete(self, querytool): ''' Delete query tool :return: querytools list template page ''' context = _get_context() name = querytool[1:] try: check_access('querytool_delete', context, {'name': name}) except NotAuthorized: abort(403, _('Not authorized to see this page')) data_dict = { 'name': name } _querytool = _get_action('querytool_get', data_dict) try: junk = _get_action('querytool_delete', {'name': name}) except NotFound: abort(404, _('Report not found')) h.flash_success(_('Report and visualizations were ' 'removed successfully.')) toolkit.redirect_to('/group/' + _querytool['group'] + '/reports')
def contentpackages(self): c = base.c context = {'model': model, 'user': c.user, 'auth_user_obj': c.userobj} try: logic.check_access('sysadmin', context, {}) except logic.NotAuthorized: base.abort(403, _('Need to be system administrator to administer')) c.revision_change_state_allowed = True return base.render('admin/contentpackages.html') context = { 'model': model, 'session': model.Session, 'user': toolkit.c.user, } self._authorize_or_abort(context) try: params = toolkit.request.params dataset = toolkit.get_action('package_create_from_datapackage')( context, params, ) toolkit.redirect_to(controller='package', action='read', id=dataset['name']) except toolkit.ValidationError as e: errors = e.error_dict error_summary = e.error_summary return self.new(data=params, errors=errors, error_summary=error_summary)
def create_report(ctx, report_name, report_type, csv_str): # Save report to table report = db.Report(report_name, csv_str) report.save() # Create dataset ctx['return_id_only'] = True dataset_id = tk.get_action('package_create')(ctx, { 'name': uuid.uuid4(), 'title': report_name, 'type': 'saabreport', 'schema': 'saabreport', 'author': ctx['user'] }) # Create resource new_path = '/get_report?report_id=%s' % report.id tk.get_action('resource_create')(ctx, { 'url': full_current_url().replace('/create_report', new_path).replace( '/create_chapter_report', new_path), 'package_id': dataset_id, 'description': 'Generated %s report' % report_type, 'type': 'text/csv', 'format': 'csv' }) tk.redirect_to(controller='package', action='read', id=dataset_id)
def board_unhide(self, slug): do_if_user_not_sysadmin() board = Board.get_by_slug(slug) if not board: abort(404) board.unhide() flash_success(tk._('You successfully unhided board')) tk.redirect_to(tk.url_for('forum_index'))
def do_if_user_not_sysadmin(): if not c.userobj: tk.redirect_to( tk.url_for(controller='user', action='login', came_from=tk.request.path)) if not c.userobj.sysadmin: abort(404) # not 403 for security reasons
def login(self): """ Performs the actual login, if Shibboleth data is found by :py:func:`get_shib_data`. If the a CKAN user with the ePPN does not exist, he is created. Otherwise full name and mail address are updated if neccessary. Finally, a pylons session is created for session management. """ # try getting user data from Shibboleth userdict = get_shib_data(self) if userdict: # check if the user exists user = get_user(userdict['eppn']) if not user: # create ckan user user = toolkit.get_action('user_create')(context={ 'ignore_auth': True }, data_dict={ 'email': userdict['mail'], 'openid': userdict['eppn'], 'name': userdict['name'], 'fullname': userdict['cn'], 'password': str(uuid.uuid4()) }) log.info('newly created and logged in user with eppn: ' + userdict['eppn']) else: # check whether we need to update something if not ((user['fullname'] == userdict['cn']) or (user['email_hash'] == userdict['mail'])): # update ckan user based on shibboleth data (plus password reset) user = toolkit.get_action('user_update')( context={ 'ignore_auth': True }, data_dict={ 'id': user['id'], 'email': userdict['mail'], 'fullname': userdict['cn'], 'password': str(uuid.uuid4()) }) log.info('updated user with eppn: ' + userdict['eppn']) for key, value in user.iteritems(): log.error(key) log.info('logged in existing user with eppn: ' + userdict['eppn']) # save user to pylons session pylons.session['ckanext-dariahshibboleth-user'] = user['name'] pylons.session.save() # redirect to dashboard toolkit.redirect_to(controller='user', action='dashboard')
def login(self): """ Handle eggsmell request from the ADFS redirect_uri. """ eggsmell = pylons.request.POST['wresult'] if not validate_saml(eggsmell, X509): raise ValueError('Invalid signature') root = ET.fromstring(eggsmell) # Honestly..! attributes = [z for z in [y for y in [x for x in root if x.tag.endswith('RequestedSecurityToken')][0] ][0] if z.tag.endswith('AttributeStatement')][0] email = None firstname = None surname = None for a in attributes: if a.attrib['Name'].endswith('givenname'): firstname = a[0].text elif a.attrib['Name'].endswith('surname'): surname = a[0].text elif a.attrib['Name'].endswith('claims/name'): email = a[0].text elif a.attrib['Name'].endswith('emailaddress'): email = a[0].text if not email: log.error('Unable to login with ADFS') log.error(eggsmell) raise ValueError('No email returned with ADFS') username = email.split('@', 1)[0].replace('.', '_').lower() user = _get_user(username) if user: log.info('Logging in from ADFS with user: {}'.format(username)) else: log.info('Creating user from ADFS') log.info('email: {} firstname: {} surname: {}'.format(email, firstname.encode('utf8'), surname.encode('utf8'))) log.info('Generated username: {}'.format(username)) # TODO: Add the new user to the NHSEngland group? Check this! user = toolkit.get_action('user_create')( context={'ignore_auth': True}, data_dict={'name': username, 'fullname': firstname + ' ' + surname, 'password': str(uuid.uuid4()), 'email': email}) pylons.session['adfs-user'] = username pylons.session['adfs-email'] = email pylons.session.save() toolkit.redirect_to(controller='user', action='dashboard', id=email) return
def logout(self): """ Log out the user by destroying the pylons session and redirecting to Shibboleth logout. """ # destroy pylons session (ckan) if 'ckanext-dariahshibboleth-user' in pylons.session: del pylons.session['ckanext-dariahshibboleth-user'] pylons.session.save() # redirect to shibboleth logout toolkit.redirect_to(controller='util',action='redirect',url='/Shibboleth.sso/Logout')
def login(self): '''Trigger a repose.who challenge''' if not self.use_auth: pass if not toolkit.c.user: # A 401 HTTP Status will cause the login to be triggered return toolkit.abort(401, toolkit._('Login required!')) redirect_to = toolkit.request.params.get('came_from', '/') toolkit.redirect_to(bytes(redirect_to))
def _save_new_bulk(self, context): try: data_dict = logic.clean_dict(unflatten( logic.tuplize_dict(logic.parse_params(request.params)))) logic.get_action('inventory_entry_bulk_create')(context, data_dict) h.flash_success(_('Entries have been successfully added.')) redirect_to('inventory_entry_bulk_new', organization_name=c.organization_name) except ValidationError, e: errors = e.error_dict error_summary = e.error_summary return self.bulk_new(data_dict, errors, error_summary)
def _save_edit(self, id, context): try: data_dict = logic.clean_dict(unflatten( logic.tuplize_dict(logic.parse_params(request.params)))) data_dict['id'] = id logic.get_action('inventory_entry_update')(context, data_dict) redirect_to('inventory_entry', organization_name=c.organization_name) except ValidationError, e: errors = e.error_dict error_summary = e.error_summary return self.new(data_dict, errors, error_summary)
def redirect_to(destination, **kw): """Wrapper around ckan.plugins.toolkit.redirect_to which accepts a base url with query strings @param destination: Destination URL. May contain query string, etc. @param **kw: Addition arguments that get added to the query string """ parts = urlparse.urlparse(destination) dest_base = urlparse.urlunparse((parts.scheme, parts.netloc, parts.path, parts.params, '', '')) new_kw = dict(urlparse.parse_qs(parts.query)) for k, v in kw: if k in new_kw: new_kw.append(v) else: new_kw[k] = v t.redirect_to(dest_base.encode('utf8'), **new_kw)
def handle_submit(self, id): data = clean_dict(dict_fns.unflatten(tuplize_dict(parse_params( request.params)))) data['dataset_url'] = toolkit.url_for( controller='package', action='read', id=id, qualified=True ) package = get_action('package_show')(None, {'id': id}) self.fail_if_private(package, data['dataset_url']) # Comma separated config var to_addrs = config['ckanext.ands.support_emails'].split(',') subject = 'DataPortal Support: Request to publish dataset' body = base.render( 'package/doi_email.text', extra_vars=data) for email in to_addrs: mail_recipient('Dataportal support', email, subject, body) data['package_id'] = package['id'] data['user_id'] = c.userobj.id doi_request = DoiRequest(**data) Session.add(doi_request) Session.commit() h.flash_success("DOI Request sent") return toolkit.redirect_to(data['dataset_url'])
def new(self, data=None, errors=None, error_summary=None): context = self._get_context() try: tk.check_access('oauth2provider_client_create', context) except tk.NotAuthorized: tk.abort(401, _('Unauthorized to create an oauth2 client')) if tk.request.method == 'POST': data = dict(tk.request.params) try: data['user_id'] = model.User.by_name(data['username']).id except AttributeError: data['user_id'] = None client = tk.get_action('oauth2provider_client_create')(context, data) return tk.redirect_to('oauth2provider_client_list') data = data or {} errors = errors or {} error_summary = error_summary or {} vars = {'data': data, 'errors': errors, 'error_summary': error_summary, 'action': 'new'} return tk.render('ckanext/oauth2provider/client/new.html', extra_vars=vars)
def report_delete(self, id): """ """ if tk.request.method == 'POST': report = Session.query(model.VDojStatsReport).filter(model.VDojStatsReport.id == id).first() if not report: tk.abort(404, tk._('Report not found')) report.delete() report.commit() tk.redirect_to(controller="ckanext.vdojstats.controller:VDojStatsController", action="overall") else: tk.abort(404, tk._('Report not found'))
def _new_dataset_only(self, package_type, data_dict=None, errors=None, error_summary=None, redirect_link='dataset_read'): """ This method is for creating the actual dataset and redirecting to the read dataset without adding any resources """ from ckan.lib.search import SearchIndexError context = { 'model': model, 'session': model.Session, 'user': toolkit.c.user or toolkit.c.author, 'auth_user_obj': toolkit.c.userobj, 'save': 'save' in toolkit.request.params } try: check_access('package_create', context) except NotAuthorized: abort(401, _('Unauthorized to create a package')) try: data_dict['type'] = package_type ckan_phase = toolkit.request.params.get('_ckan_phase') if ckan_phase: # prevent clearing of groups etc context['allow_partial_update'] = True # sort the tags if 'tag_string' in data_dict: data_dict['tags'] = self._tag_string_to_list( data_dict['tag_string']) data_dict['state'] = 'active' context['allow_state_change'] = True pkg_dict = toolkit.get_action('package_create')(context, data_dict) log.info('`finish` save param included, skipping add data view, going to dataset read view.') toolkit.redirect_to(redirect_link, id=pkg_dict['name']) except NotAuthorized: toolkit.abort(401, _('Unauthorized to read package %s') % '') except NotFound, e: toolkit.abort(404, _('Dataset not found'))
def view_feedback(self, id): """Renders a page containing the feedback form and a list of feedback. """ context = {'model': model, 'session': model.Session, 'user': c.user or c.author, 'for_view': True, 'auth_user_obj': c.userobj} data_dict = {'id': id} data = tk.request.POST session = context['session'] try: c.pkg_dict = tk.get_action('package_show')(context, data_dict) c.pkg_revisions = tk.get_action('package_revision_list')(context, data_dict) c.pkg = context['package'] if (tk.request.method == 'POST' and c.userobj and c.userobj.sysadmin and 'delete' in data): # sysadmin can delete comments UnpublishedFeedback.get(id=data['id']).delete() session.commit() return tk.redirect_to(controller='package', action='read', id=c.pkg.name) if c.userobj: c.user_feedback = UnpublishedFeedback.get(dataset=c.pkg.id, user=c.userobj.id) if not c.user_feedback: c.user_feedback = UnpublishedFeedback() c.user_feedback.dataset = c.pkg.id c.user_feedback.user = c.userobj.id if tk.request.method == 'POST': # INSERT/UPDATE/DELETE if 'comment' in data and data['comment'].strip() != '': setattr(c.user_feedback, 'comments', data['comment']) c.user_feedback.modified = datetime.datetime.utcnow() c.user_feedback.save() session.add(c.user_feedback) elif c.user_feedback.id: c.user_feedback.delete() session.commit() c.pkg_feedback = UnpublishedFeedback.get_for_package(c.pkg.id).all() except tk.NotAuthorized: tk.abort(401, tk._('Unauthorized to read package')) except tk.ObjectNotFound: tk.abort(404, tk._('Dataset not found')) #return tk.render('feedback/feedback.html') return tk.redirect_to(controller='package', action='read', id=c.pkg.name)
def report_edit(self, id): """ """ tk.c.sub_title = _('Edit Report') report = Session.query(model.VDojStatsReport).filter(model.VDojStatsReport.id == id).first() if not report: tk.abort(404, tk._('Report not found')) if tk.request.method == 'POST': report.name = tk.request.params.getone('name') report.org_id = tk.request.params.getone('organization') report.permission = tk.request.params.getone('permission') report.report_on = tk.request.params.getone('report_on') report.custodian = 'custodian' in tk.request.params #todo - validate is_valid, errors = report.validate() if is_valid: report.commit() tk.redirect_to(controller="ckanext.vdojstats.controller:VDojStatsController", action="report_view", id=report.id) else : data = report.as_dict() data["organizations"] = [ { 'id': org.id, 'title' : org.title } for org in Session.query(Group.title, Group.id).filter(Group.is_organization == True).order_by(Group.title)] vars = { 'errors': errors, 'data': data } return render('vdojstats-report-add.html', extra_vars = vars) else: data = report.as_dict() data["organizations"] = [ { 'id': org.id, 'title' : org.title } for org in Session.query(Group.title, Group.id).filter(Group.is_organization == True).order_by(Group.title)] vars = { 'errors': {}, 'data': data } return render('vdojstats-report-add.html', extra_vars = vars)
def challenge(self, came_from_url): # This function is called by the log in function when the user is not logged in state = generate_state(came_from_url) oauth = OAuth2Session(self.client_id, redirect_uri=self.redirect_uri, scope=self.scope, state=state) auth_url, _ = oauth.authorization_url(self.authorization_endpoint) log.debug('Challenge: Redirecting challenge to page {0}'.format(auth_url)) # CKAN 2.6 only supports bytes return toolkit.redirect_to(auth_url.encode('utf-8'))
def delete(self, id=None): context = self._get_context() try: tk.check_access('oauth2provider_client_delete', context) except tk.NotAuthorized: abort(401, _('Unauthorized to delete an oauth2 client')) tk.get_action('oauth2provider_client_delete')(context, { 'id': id }) return tk.redirect_to('oauth2provider_client_list')
def login(self): """ Performs the actual login, if Shibboleth data is found by :py:func:`get_shib_data`. If the a CKAN user with the ePPN does not exist, he is created. Otherwise full name and mail address are updated if neccessary. Finally, a pylons session is created for session management. """ # try getting user data from Shibboleth userdict = get_shib_data(self) if userdict: # check if the user exists user = get_user(userdict['eppn']) if not user: # create ckan user user = toolkit.get_action('user_create')( context={'ignore_auth': True}, data_dict={'email': userdict['mail'], 'openid': userdict['eppn'], 'name': userdict['name'], 'fullname': userdict['cn'], 'password': str(uuid.uuid4())}) log.info('newly created and logged in user with eppn: ' + userdict['eppn']) else: # check whether we need to update something if not ((user['fullname']==userdict['cn']) or (user['email_hash']==userdict['mail'])): # update ckan user based on shibboleth data (plus password reset) user = toolkit.get_action('user_update')( context={'ignore_auth': True}, data_dict={'id': user['id'], 'email': userdict['mail'], 'fullname': userdict['cn'], 'password': str(uuid.uuid4())}) log.info('updated user with eppn: '+ userdict['eppn']) for key, value in user.iteritems(): log.error(key) log.info('logged in existing user with eppn: '+ userdict['eppn']) # save user to pylons session pylons.session['ckanext-dariahshibboleth-user'] = user['name'] pylons.session.save() # redirect to dashboard toolkit.redirect_to(controller='user', action='dashboard')
def login(self): """ Handle eggsmell request from the ADFS redirect_uri. """ eggsmell = pylons.request.POST['wresult'] # We grab the metadata for each login because due to opaque # bureaucracy and lack of communication the certificates can be # changed. We looked into this and took made the call based upon lack # of user problems and tech being under our control vs the (small # amount of) latency from a network call per login attempt. metadata = get_federation_metadata(pylons.config['adfs_metadata_url']) x509_certificates = get_certificates(metadata) if not validate_saml(eggsmell, x509_certificates): raise ValueError('Invalid signature') username, email, firstname, surname = get_user_info(eggsmell) if not email: log.error('Unable to login with ADFS') log.error(eggsmell) raise ValueError('No email returned with ADFS') user = _get_user(username) if user: # Existing user log.info('Logging in from ADFS with user: {}'.format(username)) else: # New user, so create a record for them. log.info('Creating user from ADFS') log.info('email: {} firstname: {} surname: {}'.format(email, firstname.encode('utf8'), surname.encode('utf8'))) log.info('Generated username: {}'.format(username)) # TODO: Add the new user to the NHSEngland group? Check this! user = toolkit.get_action('user_create')( context={'ignore_auth': True}, data_dict={'name': username, 'fullname': firstname + ' ' + surname, 'password': str(uuid.uuid4()), 'email': email}) pylons.session['adfs-user'] = username pylons.session['adfs-email'] = email pylons.session.save() toolkit.redirect_to(controller='user', action='dashboard', id=email) return
def report_add(self): """ """ tk.c.sub_title = _('Add Report') if tk.request.method == 'POST': print 'POST' report = model.VDojStatsReport() report.name = tk.request.params.getone('name') if tk.request.params.getone('name') else None report.org_id = tk.request.params.getone('organization') report.permission = tk.request.params.getone('permission') report.report_on = tk.request.params.getone('report_on') report.custodian = 'custodian' in tk.request.params #todo - validate is_valid, errors = report.validate() if is_valid: report.save() tk.redirect_to(controller="ckanext.vdojstats.controller:VDojStatsController", action="report_view", id=report.id) else : data = report.as_dict() data["organizations"] = [ { 'id': org.id, 'title' : org.title } for org in Session.query(Group.title, Group.id).filter(Group.is_organization == True).order_by(Group.title)] vars = { 'errors': errors, 'data': data } return render('vdojstats-report-add.html', extra_vars = vars) else: vars = { 'errors': {}, 'data': { 'organizations' : [ { 'id': org.id, 'title' : org.title } for org in Session.query(Group.title, Group.id).filter(Group.is_organization == True).order_by(Group.title)], 'report_on' : 'activities' } } return render('vdojstats-report-add.html', extra_vars = vars)
def dataset_doi_admin_process(self, dataset_url, dataset): # If running on local machine, just resolve DOI to the dev server if 'localhost' in dataset_url or '127.0.0.1' in dataset_url: xml_url = config.get('ckanext.ands.debug_url') else: xml_url = dataset_url post_data = request.POST['xml'] resp = post_doi_request(xml_url, post_data) try: json = loads(resp.content) except ValueError as exp: h.flash_error("Invalid response from DOI server: {} :: {}".format(exp, resp.content)) return toolkit.redirect_to(dataset_url) try: response_dict = json["response"] except KeyError: h.flash_error("Response had no response key: {}".format(json)) return toolkit.redirect_to(dataset_url) doi = response_dict["doi"] response_code = response_dict["responsecode"] success_code = "MT001" if response_code == success_code: dataset['doi_id'] = doi toolkit.get_action('package_update')(None, dataset) email_requestors(dataset['id']) h.flash_success("DOI Created successfully") else: type = response_dict["type"] err_msg = response_dict["message"] verbose_msg = response_dict["verbosemessage"] msg = response_code + ' - ' + type + '. ' + verbose_msg + '. ' + err_msg h.flash_error(_(msg)) return toolkit.redirect_to(dataset_url)
def dsp_disconnect(self): toolkit.get_action('config_option_update')({}, { 'ckanext.dsp_register.dsp_id': '', 'ckanext.dsp_register.apikey': '', 'ckanext.dsp_register.company': '', 'ckanext.dsp_register.site_url': '', 'ckanext.dsp_register.phone': '', 'ckanext.dsp_register.email': '', 'ckanext.dsp_register.note': '', 'ckanext.dsp_register.uuid': self.uuid }) return toolkit.redirect_to('dsp-connect')
def remove(self): context = {'model': model, 'session': model.Session, 'user': toolkit.c.user or toolkit.c.author} controller = 'ckanext.groupadmin.controller:GroupAdminController' try: toolkit.check_access('sysadmin', context, {}) except toolkit.NotAuthorized: toolkit.abort(401, toolkit._('User not authorized to view page')) if 'cancel' in toolkit.request.params: toolkit.redirect_to(controller=controller, action='manage') user_id = toolkit.request.params['user'] if toolkit.request.method == 'POST' and user_id: try: toolkit.get_action('group_admin_delete')( data_dict={'username': user_id}) except toolkit.NotAuthorized: toolkit.abort(401, toolkit._('Unauthorized to perform that action')) except toolkit.ObjectNotFound: helpers.flash_error( toolkit._('The user is not a Group Admin')) else: helpers.flash_success( toolkit._('The user is no longer a Group Admin')) return toolkit.redirect_to( helpers.url_for(controller=controller, action='manage')) user_dict = toolkit.get_action('user_show')(data_dict={'id': user_id}) return toolkit.render( 'admin/confirm_remove_group_admin.html', extra_vars={ 'user_dict': user_dict, } )
def fitspreview(self, id, resource_id): context = {'model': model, 'session': model.Session, 'user': c.user or c.author, 'auth_user_obj': c.userobj} try: rsc = toolkit.get_action('resource_show')(context, {'id': resource_id}) toolkit.get_action('package_show')(context, {'id': id}) except toolkit.ObjectNotFound: toolkit.abort(404, toolkit._('Resource not found')) except toolkit.NotAuthorized: toolkit.abort(401, toolkit._('Unauthorized to read resource %s') % id) if rsc.get('url_type') == 'upload': upload = uploader.ResourceUpload(rsc) filepath = upload.get_path(rsc['id']) jpg_glob = os.path.join(os.path.dirname(filepath), '*.jpg') for jpg_file in glob.glob(jpg_glob): if jpg_file: break else: toolkit.abort(404, toolkit._('Preview not found')) fileapp = paste.fileapp.FileApp(jpg_file) try: status, headers, app_iter = toolkit.request.call_application(fileapp) except OSError: toolkit.abort(404, toolkit._('Resource data not found')) toolkit.response.headers.update(dict(headers)) content_type, content_enc = mimetypes.guess_type(rsc.get('url','')) toolkit.response.headers['Content-Type'] = content_type toolkit.response.status = status return app_iter elif not 'url' in rsc: toolkit.abort(404, toolkit._('No download is available')) toolkit.redirect_to(rsc['url'])
def import_dataset(self): context = { 'model': model, 'session': model.Session, 'user': toolkit.c.user, } self._authorize_or_abort(context) try: params = toolkit.request.params dataset = toolkit.get_action( 'create_dataset_from_mapaction_zip')( context, params, ) toolkit.redirect_to(controller='package', action='edit', id=dataset['name']) except toolkit.ValidationError as e: errors = e.error_dict error_summary = e.error_summary return self.new(data=params, errors=errors, error_summary=error_summary)
def activate_user(self, user_id): context = {'user': c.user} data_dict = {'id': user_id} try: get_action('inventory_activate_user')(context, data_dict) h.flash_success(_('Account has been activated.')) except ValidationError as e: error_message = (e.message or e.error_summary or e.error_dict) h.flash_error(error_message) except NotAuthorized as e: h.flash_error(e.message) return redirect_to('/inventory/admin')
def login(self): '''Handle request to the WAAD redirect_uri.''' params = pylons.request.params waad_auth_code = params.get('code') if not waad_auth_code: toolkit.abort(401) if not _csrf_check(pylons.request, pylons.response, _csrf_secret()): toolkit.abort(401) try: details = _get_user_details_from_waad( waad_auth_code, _waad_client_id(), _waad_redirect_uri(), _waad_resource(), _waad_auth_token_endpoint()) except InvalidAccessTokenResponse as exc: message = toolkit._( "Error getting user details from Windows Azure AD: {error}" .format(error=exc)) helpers.flash(message, category='alert-error', allow_html=True, ignore_duplicate=True) toolkit.redirect_to(controller='user', action='login') try: user = _log_the_user_in(session=pylons.session, **details) except CouldNotCreateUserException as exc: message = toolkit._( "Creating your CKAN user account failed: {error}".format( error=exc)) helpers.flash(message, category='alert-error', allow_html=True, ignore_duplicate=True) toolkit.redirect_to(controller='user', action='login') except CouldNotFindUserException as exc: message = toolkit._( "The CKAN account for your Windows Azure AD " "user does not exist" ) helpers.flash(message, category='alert-error', allow_html=True, ignore_duplicate=True) toolkit.redirect_to(controller='user', action='login') toolkit.redirect_to(controller='user', action='dashboard', id=user['name'])
def dataset_doi_admin(self, id): dataset_url = toolkit.url_for( controller='package', action='read', id=id, qualified=True ) if not c.userobj.sysadmin: return toolkit.redirect_to(dataset_url) dataset = toolkit.get_action('package_show')(None, {'id': id}) self.fail_if_private(dataset, dataset_url) if request.method == 'POST': return self.dataset_doi_admin_process(dataset_url, dataset) else: return self.dataset_doi_admin_form(dataset_url, dataset)
def manage(self): context = {'model': model, 'session': model.Session, 'user': toolkit.c.user or toolkit.c.author} try: toolkit.check_access('sysadmin', context, {}) except toolkit.NotAuthorized: toolkit.abort(401, toolkit._('User not authorized to view page')) controller = 'ckanext.groupadmin.controller:GroupAdminController' username = toolkit.request.params.get('username') if toolkit.request.method == 'POST' and username: try: toolkit.get_action('group_admin_create')( data_dict={'username': username} ) except toolkit.NotAuthorized: toolkit.abort(401, toolkit._('Unauthorized to perform that action')) except toolkit.ObjectNotFound: helpers.flash_error( toolkit._("User '{0}' not found.").format(username)) except toolkit.ValidationError as e: helpers.flash_notice(e.error_summary) else: helpers.flash_success( toolkit._('The user is now a Group Admin')) return toolkit.redirect_to(toolkit.url_for(controller=controller, action='manage')) group_admin_list = toolkit.get_action('group_admin_list')() return toolkit.render( 'admin/manage_group_admin.html', extra_vars={ 'group_admin_list': group_admin_list, } )