def user_acquired_datasets(self): db.init_db(model) c = plugins.toolkit.c context = { 'model': model, 'session': model.Session, 'user': plugins.toolkit.c.user, } # Get user information try: c.user_dict = plugins.toolkit.get_action('user_show')(context.copy(), {'user_obj': c.userobj}) c.user_dict['acquired_datasets'] = [] except plugins.toolkit.ObjectNotFound: plugins.toolkit.abort(404, _('User not found')) except plugins.toolkit.NotAuthorized: plugins.toolkit.abort(401, _('Not authorized to see this page')) # Get the datasets acquired by the user query = db.AllowedUser.get(user_name=context['user']) # Get the datasets for dataset in query: try: dataset_dict = plugins.toolkit.get_action('package_show')(context.copy(), {'id': dataset.package_id}) # Only packages with state == 'active' can be shown if dataset_dict.get('state', None) == 'active': c.user_dict['acquired_datasets'].append(dataset_dict) except Exception: continue return plugins.toolkit.render('user/dashboard_acquired.html')
def _after_create_pkg(self, context, pkg_dict): session = context['session'] update_cache = False db.init_db(context['model']) # Get the users and the package ID if constants.ALLOWED_USERS in pkg_dict: allowed_users = pkg_dict[constants.ALLOWED_USERS] package_id = pkg_dict['id'] # Get current users users = db.AllowedUser.get(package_id=package_id) # Delete users and save the list of current users current_users = [] for user in users: current_users.append(user.user_name) if user.user_name not in allowed_users: session.delete(user) update_cache = True # Add non existing users for user_name in allowed_users: if user_name not in current_users: out = db.AllowedUser() out.package_id = package_id out.user_name = user_name out.save() session.add(out) update_cache = True session.commit() # The cache should be updated. Otherwise, the system may return # outdated information in future requests if update_cache: new_pkg_dict = tk.get_action('package_show')( { 'model': context['model'], 'ignore_auth': True, 'validate': False, 'use_cache': False }, { 'id': package_id }) # Prevent acquired datasets jumping to the first position revision = tk.get_action('revision_show')( { 'ignore_auth': True }, { 'id': new_pkg_dict['revision_id'] }) new_pkg_dict['metadata_modified'] = revision.get( 'timestamp', '') self.indexer.update_dict(new_pkg_dict) return pkg_dict
def acquisitions_list(context, data_dict): ''' API to retrieve the list of datasets that have been acquired by a certain user :parameter user: The user whose acquired dataset you want to retrieve. This parameter is optional. If you don't include this identifier, the system will use the one of the user that is performing the request :type user: string :return: The list of datarequest that has been acquired by the specified user :rtype: list ''' if data_dict is None: data_dict = {} if 'user' not in data_dict and 'user' in context: data_dict['user'] = context['user'] plugins.toolkit.check_access(constants.ACQUISITIONS_LIST, context.copy(), data_dict) # Init db db.init_db(context['model']) # Init the result array result = [] # Check that the user exists try: plugins.toolkit.get_validator('user_name_exists')(data_dict['user'], context.copy()) except Exception: raise plugins.toolkit.ValidationError('User %s does not exist' % data_dict['user']) # Get the datasets acquired by the user query = db.AllowedUser.get(user_name=data_dict['user']) # Get the datasets for dataset in query: try: dataset_show_func = 'package_show' func_data_dict = {'id': dataset.package_id} internal_context = context.copy() # Check that the the dataset can be accessed and get its data # FIX: If the check_access function is not called, an exception is risen. plugins.toolkit.check_access(dataset_show_func, internal_context, func_data_dict) dataset_dict = plugins.toolkit.get_action(dataset_show_func)( internal_context, func_data_dict) # Only packages with state == 'active' can be shown if dataset_dict.get('state', None) == 'active': result.append(dataset_dict) except Exception: pass return result
def test_initdb_not_initialized(self): # Call the function model = MagicMock() db.init_db(model) # Assert that table method has been called db.sa.Table.assert_called_once() model.meta.mapper.assert_called_once()
def get_allowed_users(key, data, errors, context): pkg_id = data[('id',)] db.init_db(context['model']) users = db.AllowedUser.get(package_id=pkg_id) for i, user in enumerate(users): data[(key[0], i)] = user.user_name
def resource_show(context, data_dict): user = context.get('user') user_obj = context.get('auth_user_obj') resource = logic_auth.get_resource_object(context, data_dict) # check authentication against package package_dict = {'id': resource.package_id} package = logic_auth.get_package_object(context, package_dict) if not package: raise tk.ObjectNotFound( _('No package found for this resource, cannot check auth.')) if package and user_obj and package.creator_user_id == user_obj.id: return {'success': True} # active packages can only be seen by its owners if package.state == 'active': # anyone can see a public package if not package.private: return {'success': True} # if the user has rights to read in the organization or in the group if package.owner_org: authorized = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'read') else: authorized = False if not authorized: # Init the model db.init_db(context['model']) # Branch not executed if the database return an empty list if db.AllowedUser.get(package_id=package.id, user_name=user): authorized = True if not authorized: return { 'success': False, 'msg': _('User %s not authorized to read resource %s') % (user, resource.id) } else: return {'success': True} else: return { 'success': False, 'msg': _('User %s not authorized to read resource %s') % (user, resource.id) }
def get_allowed_users(key, data, errors, context): pkg_id = data[('id', )] db.init_db(context['model']) users = db.AllowedUser.get(package_id=pkg_id) for i, user in enumerate(users): data[(key[0], i)] = user.user_name
def test_initdb_initialized(self): db.AllowedUser = MagicMock() # Call the function model = MagicMock() db.init_db(model) # Assert that table method has been called self.assertEquals(0, db.sa.Table.call_count) self.assertEquals(0, model.meta.mapper.call_count)
def is_dataset_acquired(pkg_dict): db.init_db(model) if tk.c.user: return len( db.AllowedUser.get(package_id=pkg_dict['id'], user_name=tk.c.user)) > 0 else: return False
def acquisitions_list(context, data_dict): ''' API to retrieve the list of datasets that have been acquired by a certain user :parameter user: The user whose acquired dataset you want to retrieve. This parameter is optional. If you don't include this identifier, the system will use the one of the user that is performing the request :type user: string :return: The list of datarequest that has been acquired by the specified user :rtype: list ''' if data_dict is None: data_dict = {} if 'user' not in data_dict and 'user' in context: data_dict['user'] = context['user'] plugins.toolkit.check_access(constants.ACQUISITIONS_LIST, context.copy(), data_dict) # Init db db.init_db(context['model']) # Init the result array result = [] # Check that the user exists try: plugins.toolkit.get_validator('user_name_exists')(data_dict['user'], context.copy()) except Exception: raise plugins.toolkit.ValidationError('User %s does not exist' % data_dict['user']) # Get the datasets acquired by the user query = db.AllowedUser.get(user_name=data_dict['user']) # Get the datasets for dataset in query: try: dataset_show_func = 'package_show' func_data_dict = {'id': dataset.package_id} internal_context = context.copy() # Check that the the dataset can be accessed and get its data # FIX: If the check_access function is not called, an exception is risen. plugins.toolkit.check_access(dataset_show_func, internal_context, func_data_dict) dataset_dict = plugins.toolkit.get_action(dataset_show_func)(internal_context, func_data_dict) # Only packages with state == 'active' can be shown if dataset_dict.get('state', None) == 'active': result.append(dataset_dict) except Exception: pass return result
def package_show(context, data_dict): user = context.get('user') user_obj = context.get('auth_user_obj') package = logic_auth.get_package_object(context, data_dict) # datasets can be read by its creator if package and user_obj and package.creator_user_id == user_obj.id: return {'success': True} # Not active packages can only be seen by its owners if package.state == 'active': # anyone can see a public package if package.private: acquired = False if package.owner_org: acquired = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'read') if not acquired: # Init the model db.init_db(context['model']) # Branch not executed if the database return an empty list if db.AllowedUser.get(package_id=package.id, user_name=user): acquired = True if not acquired: # Show a flash message with the URL to acquire the dataset # This message only can be shown when the user tries to access the dataset via its URL (/dataset/...) # The message cannot be displayed in other pages that uses the package_show function such as # the user profile page if hasattr(package, 'extras') and 'acquire_url' in package.extras and request.path.startswith( '/dataset/') \ and package.extras['acquire_url'] != '': helpers.flash_notice(_( 'This private dataset can be acquired. To do so, please click ' + '<a target="_blank" href="%s">here</a>') % package.extras['acquire_url'], allow_html=True) return {'success': True} else: return { 'success': False, 'msg': _('User %s not authorized to read package %s') % (user, package.id) }
def clearBBDD(self): # Clean Solr search_index.clear_index() # Clean the database model.repo.rebuild_db() # Delete previous users db.init_db(model) users = db.AllowedUser.get() for user in users: model.Session.delete(user) model.Session.commit()
def after_create(self, context, pkg_dict): session = context['session'] update_cache = False db.init_db(context['model']) # Get the users and the package ID if constants.ALLOWED_USERS in pkg_dict: allowed_users = pkg_dict[constants.ALLOWED_USERS] package_id = pkg_dict['id'] # Get current users users = db.AllowedUser.get(package_id=package_id) # Delete users and save the list of current users current_users = [] for user in users: current_users.append(user.user_name) if user.user_name not in allowed_users: session.delete(user) update_cache = True # Add non existing users for user_name in allowed_users: if user_name not in current_users: out = db.AllowedUser() out.package_id = package_id out.user_name = user_name out.save() session.add(out) update_cache = True session.commit() # The cache should be updated. Otherwise, the system may return # outdated information in future requests if update_cache: new_pkg_dict = tk.get_action('package_show')( {'model': context['model'], 'ignore_auth': True, 'validate': False, 'use_cache': False}, {'id': package_id}) # Prevent acquired datasets jumping to the first position revision = tk.get_action('revision_show')({'ignore_auth': True}, {'id': new_pkg_dict['revision_id']}) new_pkg_dict['metadata_modified'] = revision.get('timestamp', '') self.indexer.update_dict(new_pkg_dict) return pkg_dict
def _after_delete_pkg(self, context, pkg_dict): session = context['session'] package_id = pkg_dict['id'] # Get current users db.init_db(context['model']) users = db.AllowedUser.get(package_id=package_id) # Delete all the users for user in users: session.delete(user) session.commit() return pkg_dict
def after_delete(self, context, pkg_dict): session = context['session'] package_id = pkg_dict['id'] # Get current users db.init_db(context['model']) users = db.AllowedUser.get(package_id=package_id) # Delete all the users for user in users: session.delete(user) session.commit() return pkg_dict
def package_show(context, data_dict): user = context.get('user') user_obj = context.get('auth_user_obj') package = logic_auth.get_package_object(context, data_dict) # datasets can be read by its creator if package and user_obj and package.creator_user_id == user_obj.id: return {'success': True} # Not active packages can only be seen by its owners if package.state == 'active': # anyone can see a public package if package.private: acquired = False if package.owner_org: acquired = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'read') if not acquired: # Init the model db.init_db(context['model']) # Branch not executed if the database return an empty list if db.AllowedUser.get(package_id=package.id, user_name=user): acquired = True if not acquired: # Show a flash message with the URL to acquire the dataset # This message only can be shown when the user tries to access the dataset via its URL (/dataset/...) # The message cannot be displayed in other pages that uses the package_show function such as # the user profile page if hasattr(package, 'extras') and 'acquire_url' in package.extras and request.path.startswith( '/dataset/') \ and package.extras['acquire_url'] != '': helpers.flash_notice(_('This private dataset can be acquired. To do so, please click ' + '<a target="_blank" href="%s">here</a>') % package.extras['acquire_url'], allow_html=True) return {'success': True} else: return {'success': False, 'msg': _('User %s not authorized to read package %s') % (user, package.id)}
def resource_show(context, data_dict): user = context.get('user') user_obj = context.get('auth_user_obj') resource = logic_auth.get_resource_object(context, data_dict) # check authentication against package package_dict = {'id': resource.package_id} package = logic_auth.get_package_object(context, package_dict) if not package: raise tk.ObjectNotFound(_('No package found for this resource, cannot check auth.')) if package and user_obj and package.creator_user_id == user_obj.id: return {'success': True} # active packages can only be seen by its owners if package.state == 'active': # anyone can see a public package if not package.private: return {'success': True} # if the user has rights to read in the organization or in the group if package.owner_org: authorized = authz.has_user_permission_for_group_or_org( package.owner_org, user, 'read') else: authorized = False if not authorized: # Init the model db.init_db(context['model']) # Branch not executed if the database return an empty list if db.AllowedUser.get(package_id=package.id, user_name=user): authorized = True if not authorized: return {'success': False, 'msg': _('User %s not authorized to read resource %s') % (user, resource.id)} else: return {'success': True} else: return {'success': False, 'msg': _('User %s not authorized to read resource %s') % (user, resource.id)}