def deposited_dataset_owner_org_dest(value, context): user = context.get('user') userobj = model.User.get(user) include_ids = [] package = context.get('package') dataset = None if package: # 'Package' object has no attribute 'owner_org_dest' dataset = toolkit.get_action('package_show')(context, { 'id': package.id }) include_ids = [dataset['owner_org_dest']] # Pass validation if data container exists and NOT for depositing deposit = helpers.get_data_deposit() orgs = helpers.get_all_data_containers( exclude_ids=[deposit['id']], include_unknown=True, userobj=userobj, include_ids=include_ids, dataset=dataset, ) for org in orgs: if value == org['id']: return value raise Invalid('Invalid data container')
def get_summary_email_recipients(): # summary emails are sent to sysadmins # and members of the curation team recipients = [] deposit_group = helpers.get_data_deposit() curators = toolkit.get_action('member_list')({ 'ignore_auth': True }, { 'id': deposit_group['id'] }) curator_ids = [c[0] for c in curators] all_users = toolkit.get_action('user_list')({ 'ignore_auth': True, 'keep_email': True }, {}) default_user = toolkit.get_action('get_site_user')({'ignore_auth': True}) for user in all_users: if user['name'] == default_user['name']: continue if user['sysadmin'] or user['id'] in curator_ids: recipients.append(user) return recipients
def _get_deposited_dataset(context, dataset_id): deposit = helpers.get_data_deposit() dataset = toolkit.get_action('package_show')(context, {'id': dataset_id}) if dataset.get('owner_org') != deposit['id']: message = 'Deposited dataset "%s" not found' % dataset_id raise toolkit.ObjectNotFound(message) return dataset
def deposited_dataset_owner_org(value, context): # Pass validation if data container exists and for depositing deposit = helpers.get_data_deposit() if value == deposit['id']: return value raise Invalid('Invalid data deposit')
def package_create(context, data_dict): # Data deposit if data_dict: deposit = helpers.get_data_deposit() if deposit['id'] == data_dict.get('owner_org'): return {'success': True} # Data container return auth_create_core.package_create(context, data_dict)
def deposited_dataset_owner_org_dest(value, context): # Pass validation if data container exists and NOT for depositing deposit = helpers.get_data_deposit() orgs = helpers.get_all_data_containers(exclude_ids=[deposit['id']], include_unknown=True) for org in orgs: if value == org['id']: return value raise Invalid('Invalid data container')
def organization_show(next_auth, context, data_dict): user = context.get('auth_user_obj') if not user: return next_auth(context, data_dict) if user.external: deposit = helpers.get_data_deposit() if data_dict.get('id') in [deposit['name'], deposit['id']]: return {'success': True} else: return {'success': False} return next_auth(context, data_dict)
def request_access(container_id): message = toolkit.request.form.get('message') deposit = helpers.get_data_deposit() if container_id == deposit['id']: return toolkit.abort(403, 'Not Authorized') action_context = {'model': model, 'user': toolkit.c.user} try: container = toolkit.get_action('organization_show')(action_context, { 'id': container_id }) except toolkit.ObjectNotFound: return toolkit.abort(404, 'Dataset not found') except toolkit.NotAuthorized: return toolkit.abort(403, 'Not Authorized') if toolkit.c.userobj.id in [u['id'] for u in container['users']]: toolkit.h.flash_notice('You are already a member of {}'.format( container['display_name'])) return toolkit.redirect_to('data-container.read', id=container_id) try: toolkit.get_action('access_request_create')( action_context, { 'object_id': container['id'], 'object_type': 'organization', 'message': message, 'role': 'member', }) except toolkit.ObjectNotFound as e: return toolkit.abort(404, str(e)) except toolkit.NotAuthorized: return toolkit.abort(403, 'Not Authorized') except toolkit.ValidationError as e: if e.error_dict and 'message' in e.error_dict: return toolkit.abort( 400, e.error_dict['message'][0].replace('organization', 'container')) return toolkit.abort(400, 'Bad Request') org_admins = mailer.get_container_request_access_email_recipients( container) for recipient in org_admins: subj = mailer.compose_container_request_access_email_subj(container) body = mailer.compose_request_access_email_body( 'container', recipient, container, toolkit.c.userobj, message) toolkit.enqueue_job(mailer.mail_user_by_id, [recipient['name'], subj, body]) toolkit.h.flash_success('Requested access to container {}'.format( container['display_name'])) return toolkit.redirect_to('data-container.read', id=container_id)
def _get_container_list(self): context = {'model': model, 'ignore_auth': True} orgs = toolkit.get_action('organization_list_all_fields')(context, {}) deposit = get_data_deposit() containers = sorted([{ 'value': o['id'], 'text': o['display_name'] } for o in orgs if o['id'] != deposit['id'] and 'visible_external' in o and o['visible_external']], key=lambda o: o['text']) containers.insert(0, {'value': '', 'text': 'Select...'}) return containers
def organization_facets(self, facets_dict, organization_type, package_type): # TODO: optimize data deposit calls deposit = helpers.get_data_deposit() if deposit['id'] == getattr(toolkit.c.group, 'id', None): facets_dict.clear() facets_dict['curation_state'] = _('State') facets_dict['curator_display_name'] = _('Curator') facets_dict['depositor_display_name'] = _('Depositor') facets_dict['owner_org_dest_display_name'] = _('Data Container') return facets_dict else: return self._facets(facets_dict)
def package_create(context, data_dict): # Data deposit if not data_dict: # All users can deposit datasets if toolkit.request.path == '/deposited-dataset/new': return {'success': True} else: deposit = helpers.get_data_deposit() if deposit['id'] == data_dict.get('owner_org'): return {'success': True} # Data container return auth_create_core.package_create(context, data_dict)
def get_user_dataset_labels(self, user_obj): # https://github.com/ckan/ckan/blob/master/ckanext/example_ipermissionlabels/plugin.py # For normal users # The label "creator-%s" is here for a package creator labels = super(UnhcrPlugin, self).get_user_dataset_labels(user_obj) # For curating users # Adding "deposited-dataset" label for data curators if user_obj: context = {u'user': user_obj.id} deposit = helpers.get_data_deposit() orgs = toolkit.get_action('organization_list_for_user')(context, {}) for org in orgs: if deposit['id'] == org['id']: labels.extend(['deposited-dataset']) return labels
def package_create(next_auth, context, data_dict): # Data deposit if not data_dict: try: # All users can deposit datasets if (toolkit.request.path == '/deposited-dataset/new' or toolkit.request.path.startswith( '/deposited-dataset/edit/')): return {'success': True} except (TypeError, RuntimeError): return { 'success': False, 'msg': 'package_create requires either a web request or a data_dict' } else: deposit = helpers.get_data_deposit() if deposit['id'] == data_dict.get('owner_org'): return {'success': True} # Data container context['model'] = context.get('model') or model return next_auth(context, data_dict)
def test_get_data_deposit_not_created(self): result = helpers.get_data_deposit() assert_equals(result, {'id': 'data-deposit', 'name': 'data-deposit'})
def membership(): context = {'model': model, 'user': toolkit.c.user} username = toolkit.request.params.get('username') # Check access try: toolkit.check_access('sysadmin', context) except toolkit.NotAuthorized: message = 'Not authorized to manage membership' return toolkit.abort(403, message) # Get users users = toolkit.get_action('user_list')(context, { 'order_by': 'display_name' }) users = [u for u in users if not u['external']] # Get user user = None if username: try: user = toolkit.get_action('user_show')(context, {'id': username}) deposit = helpers.get_data_deposit() except toolkit.ObjectNotFound: message = 'User "%s" not found' toolkit.h.flash_success(message % username) return toolkit.redirect_to('unhcr_data_container.membership') # Containers containers = [] if user: containers = toolkit.get_action('organization_list_all_fields')( context, {}) containers = filter(lambda cont: cont['name'] != deposit['name'], containers) # Roles roles = [] if user: roles = [ { 'name': 'admin', 'title': 'Admin' }, { 'name': 'editor', 'title': 'Editor' }, { 'name': 'member', 'title': 'Member' }, ] # Get user containers user_containers = [] if user: action = 'organization_list_for_user' user_containers = toolkit.get_action(action)(context, {'id': username}) user_containers = list( filter(lambda cont: cont['name'] != deposit['name'], user_containers)) for role in roles: role['total'] = len( [uc for uc in user_containers if uc['capacity'] == role['name']]) return toolkit.render( 'organization/membership.html', { 'membership': { 'users': users, 'user': user, 'containers': containers, 'roles': roles, 'user_containers': user_containers, } })
def test_get_data_deposit(self): deposit = factories.DataContainer(id='data-deposit') result = helpers.get_data_deposit() assert_equals(result['id'], 'data-deposit')
def post(self): if toolkit.c.user: return toolkit.abort( 403, "You can't create a new user account while already logged in") context = self._prepare() try: data_dict = logic.clean_dict( dictization_functions.unflatten( logic.tuplize_dict(logic.parse_params( toolkit.request.form)))) except dictization_functions.DataError: toolkit.abort(400, _(u'Integrity Error')) context[u'message'] = data_dict.get(u'log_message', u'') try: captcha.check_recaptcha(toolkit.request) except captcha.CaptchaError: error_msg = _(u'Bad Captcha. Please try again.') toolkit.h.flash_error(error_msg) return self.get(data_dict) try: domain = toolkit.request.form['email'].split('@')[1] except IndexError: error_message = 'Please enter an email address' return self.get(data_dict, {'email': [error_message]}, {'email': error_message}) if domain in get_internal_domains(): error_message = ( 'Users with an @{domain} email may not register for a partner account. ' .format(domain=domain) + 'Log in to {site} using {email} and use your Active Directory password to access RIDL' .format(site=toolkit.config.get('ckan.site_url'), email=toolkit.request.form['email'])) return self.get(data_dict, {'email': [error_message]}, {'email': error_message}) if not data_dict.get('container'): error_message = "A region must be specified" return self.get(data_dict, {'container': [error_message]}, {'container': error_message}) context['defer_commit'] = True data_dict['state'] = context['model'].State.PENDING deposit = get_data_deposit() containers = [data_dict.get('container'), deposit['id']] data_dict['default_containers'] = containers try: model.Session.begin_nested() user = toolkit.get_action(u'user_create')(context, data_dict) access_request_data_dict = { 'object_id': user['id'], 'object_type': 'user', 'message': data_dict['message'], 'role': 'member', 'data': { 'default_containers': containers, 'user_request_type': USER_REQUEST_TYPE_NEW } } toolkit.get_action(u'access_request_create')({ 'user': user['id'], 'ignore_auth': True, 'defer_commit': True }, access_request_data_dict) model.Session.commit() except toolkit.NotAuthorized: model.Session.rollback() toolkit.abort(403, _(u'Unauthorized to create user %s') % u'') except toolkit.ObjectNotFound: model.Session.rollback() toolkit.abort(404, _(u'User not found')) except toolkit.ValidationError as e: model.Session.rollback() errors = e.error_dict error_summary = e.error_summary return self.get(data_dict, errors, error_summary) except: model.Session.rollback() raise recipients = mailer.get_user_account_request_access_email_recipients( containers) for recipient in recipients: subj = mailer.compose_user_request_access_email_subj() body = mailer.compose_request_access_email_body( 'user', recipient, user, user, data_dict['message']) toolkit.enqueue_job(mailer.mail_user_by_id, [recipient['name'], subj, body]) return toolkit.render(u'user/account_created.html', {'email': data_dict['email']})