def _validate_intents(self):
if domain_has_privilege(self.domain, privileges.CUSTOM_INTENTS):
return []
if hasattr(self.app, 'get_forms'):
for form in self.app.get_forms():
intents = form.wrapped_xform().odk_intents
if intents:
if not domain_has_privilege(self.domain, privileges.TEMPLATED_INTENTS):
return [{
'type': 'error',
'message': _(
"Usage of integrations is not supported by your "
"current subscription. Please upgrade your "
"subscription before using this feature."
),
}]
else:
templates = next(app_callout_templates)
if len(set(intents) - set(t['id'] for t in templates)):
return [{
'type': 'error',
'message': _(
"Usage of external integration is not supported by your "
"current subscription. Please upgrade your "
"subscription before using this feature."
),
}]
return []
def releases_ajax(request, domain, app_id, template='app_manager/v1/partials/releases.html'):
app = get_app(domain, app_id)
context = get_apps_base_context(request, domain, app)
can_send_sms = domain_has_privilege(domain, privileges.OUTBOUND_SMS)
build_profile_access = domain_has_privilege(domain, privileges.BUILD_PROFILES)
context.update({
'intro_only': len(app.modules) == 0,
'release_manager': True,
'can_send_sms': can_send_sms,
'has_mobile_workers': get_doc_count_in_domain_by_class(domain, CommCareUser) > 0,
'sms_contacts': (
get_sms_autocomplete_context(request, domain)['sms_contacts']
if can_send_sms else []
),
'build_profile_access': build_profile_access and not toggles.APP_MANAGER_V2.enabled(domain),
'lastest_j2me_enabled_build': CommCareBuildConfig.latest_j2me_enabled_config().label,
'fetchLimit': request.GET.get('limit', DEFAULT_FETCH_LIMIT),
})
if not app.is_remote_app():
# Multimedia is not supported for remote applications at this time.
try:
multimedia_state = app.check_media_state()
context.update({
'multimedia_state': multimedia_state,
})
except ReportConfigurationNotFoundError:
pass
response = render(request, template, context)
response.set_cookie('lang', encode_if_unicode(context['lang']))
return response
def orgs_landing(request, org, template="orgs/orgs_landing.html", form=None, add_form=None, invite_member_form=None,
add_team_form=None, update_form=None, tab=None):
organization = request.organization
class LandingNotification(Notification):
doc_type = 'OrgLandingNotification'
def template(self):
return 'orgs/partials/landing_notification.html'
MainNotification.display_if_needed(messages, request, ctxt={"org": organization})
LandingNotification.display_if_needed(messages, request)
reg_form_empty = not form
add_form_empty = not add_form
invite_member_form_empty = not invite_member_form
add_team_form_empty = not add_team_form
reg_form = form or DomainRegistrationForm(initial={'org': organization.name})
add_form = add_form or AddProjectForm(org)
invite_member_form = invite_member_form or InviteMemberForm(org)
add_team_form = add_team_form or AddTeamForm(org)
ctxt = base_context(request, organization, update_form=update_form)
user_domains = []
req_domains = []
# display a notification for each org request that hasn't previously been seen
if request.couch_user.is_org_admin(org):
requests = OrgRequest.get_requests(org)
for req in requests:
if req.seen or req.domain in [d.name for d in ctxt["domains"]]:
continue
messages.info(request, render_to_string("orgs/partials/org_request_notification.html",
{"requesting_user": WebUser.get(req.requested_by).username, "org_req": req, "org": organization}),
extra_tags="html")
def format_domains(dom_list, extra=None):
extra = extra or []
dom_list = list(set(filter(lambda d: d not in ctxt["domains"] + extra, dom_list)))
return [Domain.get_by_name(d) for d in dom_list]
# get the existing domains that an org admin would add to the organization
user_domains = request.couch_user.domains or []
user_domains = filter(
lambda x: domain_has_privilege(x, privileges.CROSS_PROJECT_REPORTS),
user_domains
)
req_domains = [req.domain for req in requests]
user_domains = format_domains(user_domains)
req_domains = format_domains(req_domains, [d.name for d in user_domains if d])
filter(
lambda x: domain_has_privilege(x, privileges.CROSS_PROJECT_REPORTS),
req_domains
)
ctxt.update(dict(reg_form=reg_form, add_form=add_form, reg_form_empty=reg_form_empty, add_form_empty=add_form_empty,
invite_member_form=invite_member_form, invite_member_form_empty=invite_member_form_empty,
add_team_form=add_team_form, add_team_form_empty=add_team_form_empty, tab="projects",
user_domains=user_domains, req_domains=req_domains))
return render(request, template, ctxt)
def releases_ajax(request, domain, app_id, template='app_manager/partials/releases.html'):
app = get_app(domain, app_id)
context = get_apps_base_context(request, domain, app)
can_send_sms = domain_has_privilege(domain, privileges.OUTBOUND_SMS)
build_profile_access = domain_has_privilege(domain, privileges.BUILD_PROFILES)
context.update({
'release_manager': True,
'can_send_sms': can_send_sms,
'has_mobile_workers': get_doc_count_in_domain_by_class(domain, CommCareUser) > 0,
'sms_contacts': (
get_sms_autocomplete_context(request, domain)['sms_contacts']
if can_send_sms else []
),
'build_profile_access': build_profile_access
})
if not app.is_remote_app():
# Multimedia is not supported for remote applications at this time.
try:
multimedia_state = app.check_media_state()
context.update({
'multimedia_state': multimedia_state,
})
except ReportConfigurationNotFoundError:
pass
response = render(request, template, context)
response.set_cookie('lang', encode_if_unicode(context['lang']))
return response
def process_incoming(msg):
v = PhoneNumber.by_phone(msg.phone_number, include_pending=True)
if v:
msg.couch_recipient_doc_type = v.owner_doc_type
msg.couch_recipient = v.owner_id
msg.domain = v.domain
msg.location_id = get_location_id_by_verified_number(v)
msg.save()
elif msg.domain_scope:
msg.domain = msg.domain_scope
msg.save()
can_receive_sms = PhoneBlacklist.can_receive_sms(msg.phone_number)
opt_in_keywords, opt_out_keywords = get_opt_keywords(msg)
domain = v.domain if v else None
if is_opt_message(msg.text, opt_out_keywords) and can_receive_sms:
if PhoneBlacklist.opt_out_sms(msg.phone_number, domain=domain):
metadata = MessageMetadata(ignore_opt_out=True)
text = get_message(MSG_OPTED_OUT, v, context=(opt_in_keywords[0],))
if v:
send_sms_to_verified_number(v, text, metadata=metadata)
else:
send_sms(msg.domain, None, msg.phone_number, text, metadata=metadata)
elif is_opt_message(msg.text, opt_in_keywords) and not can_receive_sms:
if PhoneBlacklist.opt_in_sms(msg.phone_number, domain=domain):
text = get_message(MSG_OPTED_IN, v, context=(opt_out_keywords[0],))
if v:
send_sms_to_verified_number(v, text)
else:
send_sms(msg.domain, None, msg.phone_number, text)
else:
handled = False
is_verified = v is not None and v.verified
if msg.domain and domain_has_privilege(msg.domain, privileges.INBOUND_SMS):
handled = load_and_call(settings.CUSTOM_SMS_HANDLERS, v, msg.text, msg)
if not handled and is_verified and is_contact_active(v.domain, v.owner_doc_type, v.owner_id):
handled = load_and_call(settings.SMS_HANDLERS, v, msg.text, msg)
if not handled and not is_verified:
handled = process_pre_registration(msg)
if not handled:
handled = process_sms_registration(msg)
if not handled:
import verify
verify.process_verification(v, msg)
# If the sms queue is enabled, then the billable gets created in remove_from_queue()
if (
not settings.SMS_QUEUE_ENABLED and
msg.domain and
domain_has_privilege(msg.domain, privileges.INBOUND_SMS)
):
create_billable_for_sms(msg)
def page_context(self):
owner_id = self.export_instance.owner_id
return {
'export_instance': self.export_instance,
'export_home_url': self.export_home_url,
'allow_deid': has_privilege(self.request, privileges.DEIDENTIFIED_DATA),
'has_excel_dashboard_access': domain_has_privilege(self.domain, EXCEL_DASHBOARD),
'has_daily_saved_export_access': domain_has_privilege(self.domain, DAILY_SAVED_EXPORT),
'can_edit': self.export_instance.can_edit(self.request.couch_user),
'has_other_owner': owner_id and owner_id != self.request.couch_user.user_id,
'owner_name': WebUser.get_by_user_id(owner_id).username if owner_id else None,
}
def download_daily_saved_export(req, domain, export_instance_id):
with CriticalSection(['export-last-accessed-{}'.format(export_instance_id)]):
try:
export_instance = get_properly_wrapped_export_instance(export_instance_id)
except ResourceNotFound:
raise Http404(_("Export not found"))
assert domain == export_instance.domain
if export_instance.export_format == "html":
if not domain_has_privilege(domain, EXCEL_DASHBOARD):
raise Http404
elif export_instance.is_daily_saved_export:
if not domain_has_privilege(domain, DAILY_SAVED_EXPORT):
raise Http404
if not export_instance.filters.is_location_safe_for_user(req):
return location_restricted_response(req)
if not can_download_daily_saved_export(export_instance, domain, req.couch_user):
raise Http404
if export_instance.export_format == "html":
message = "Download Excel Dashboard"
else:
message = "Download Saved Export"
track_workflow(req.couch_user.username, message, properties={
'domain': domain,
'is_dimagi': req.couch_user.is_dimagi
})
if should_update_export(export_instance.last_accessed):
try:
rebuild_saved_export(export_instance_id, manual=False)
except Exception:
notify_exception(
req,
'Failed to rebuild export during download',
{
'export_instance_id': export_instance_id,
'domain': domain,
},
)
export_instance.last_accessed = datetime.utcnow()
export_instance.save()
payload = export_instance.get_payload(stream=True)
format = Format.from_format(export_instance.export_format)
return get_download_response(payload, export_instance.file_size, format, export_instance.filename, req)
def page_context(self):
context = {
'are_groups': bool(len(self.all_groups)),
'groups_url': reverse('all_groups', args=[self.domain]),
'group_form': self.group_form,
'reset_password_form': self.reset_password_form,
'is_currently_logged_in_user': self.is_currently_logged_in_user,
'data_fields_form': self.custom_data.form,
'can_use_inbound_sms': domain_has_privilege(self.domain, privileges.INBOUND_SMS),
'needs_to_downgrade_locations': (
users_have_locations(self.domain) and
not has_privilege(self.request, privileges.LOCATIONS)
),
'demo_restore_date': naturaltime(demo_restore_date_created(self.editable_user)),
'hide_password_feedback': settings.ENABLE_DRACONIAN_SECURITY_FEATURES
}
if self.commtrack_form.errors:
messages.error(self.request, _(
"There were some errors while saving user's locations. Please check the 'Locations' tab"
))
if self.domain_object.commtrack_enabled or self.domain_object.uses_locations:
context.update({
'commtrack_enabled': self.domain_object.commtrack_enabled,
'uses_locations': self.domain_object.uses_locations,
'commtrack': {
'update_form': self.commtrack_form,
},
})
return context
def handle(self, *args, **options):
for domain in Domain.get_all():
if (
self.domain_has_active_reminders(domain) and
not domain_has_privilege(domain, privileges.REMINDERS_FRAMEWORK)
):
print "%s has active reminders without a subscription" % domain.name
def dispatch(self, request, *args, **kwargs):
domain = args[0]
if not domain_has_privilege(domain, privileges.ZAPIER_INTEGRATION) or not request.couch_user.is_member_of(
domain
):
return HttpResponseForbidden()
return super(SubscribeView, self).dispatch(request, *args, **kwargs)
def get_per_domain_context(project, request=None):
domain_type = get_domain_type(project, request)
if domain_type == COMMTRACK:
logo_url = static('hqstyle/img/commtrack-logo.png')
site_name = "CommCare Supply"
public_site = "http://www.commtrack.org"
can_be_your = _("mobile logistics solution")
else:
logo_url = static('hqstyle/img/commcare-logo.png')
site_name = "CommCare HQ"
public_site = "http://www.commcarehq.org"
can_be_your = _("mobile solution for your frontline workforce")
if (project and project.has_custom_logo
and domain_has_privilege(project.name, privileges.CUSTOM_BRANDING)
):
logo_url = reverse('logo', args=[project.name])
return {
'DOMAIN_TYPE': domain_type,
'LOGO_URL': logo_url,
'SITE_NAME': site_name,
'CAN_BE_YOUR': can_be_your,
'PUBLIC_SITE': public_site,
}
def release_build(request, domain, app_id, saved_app_id):
is_released = request.POST.get('is_released') == 'true'
if not is_released:
if LatestEnabledBuildProfiles.objects.filter(build_id=saved_app_id).exists():
return json_response({'error': _('Please disable any enabled profiles to un-release this build.')})
ajax = request.POST.get('ajax') == 'true'
saved_app = get_app(domain, saved_app_id)
if saved_app.copy_of != app_id:
raise Http404
saved_app.is_released = is_released
saved_app.is_auto_generated = False
saved_app.save(increment_version=False)
from corehq.apps.app_manager.signals import app_post_release
app_post_release.send(Application, application=saved_app)
if is_released:
if saved_app.build_profiles and domain_has_privilege(domain, privileges.BUILD_PROFILES):
create_build_files_for_all_app_profiles.delay(domain, saved_app_id)
_track_build_for_app_preview(domain, request.couch_user, app_id, 'User starred a build')
if ajax:
return json_response({
'is_released': is_released,
'latest_released_version': get_latest_released_app_version(domain, app_id)
})
else:
return HttpResponseRedirect(reverse('release_manager', args=[domain, app_id]))
def process_verification(phone_number, msg, backend_id=None):
v = VerifiedNumber.by_phone(phone_number, True)
if not v:
return
if not verification_response_ok(msg.text):
return
msg.domain = v.domain
msg.couch_recipient_doc_type = v.owner_doc_type
msg.couch_recipient = v.owner_id
msg.save()
if not domain_has_privilege(msg.domain, privileges.INBOUND_SMS):
return
if backend_id:
backend = MobileBackend.load(backend_id)
else:
backend = MobileBackend.auto_load(phone_number, v.domain)
# i don't know how to dynamically instantiate this object, which may be any number of doc types...
#owner = CommCareMobileContactMixin.get(v.owner_id)
assert v.owner_doc_type == 'CommCareUser'
owner = CommCareUser.get(v.owner_id)
v = owner.save_verified_number(v.domain, phone_number, True, backend.name)
with localize(owner.language):
send_sms_to_verified_number(v, _(CONFIRM))
def user_can_view_deid_exports(domain, couch_user):
return (domain_has_privilege(domain, privileges.DEIDENTIFIED_DATA)
and couch_user.has_permission(
domain,
get_permission_name(Permissions.view_report),
data=DEID_EXPORT_PERMISSION
))
def dispatch(self, request, *args, **kwargs):
render_as = kwargs.get('render_as')
if not render_as == 'email':
return self.dispatch_with_priv(request, *args, **kwargs)
if not domain_has_privilege(request.domain, privileges.CUSTOM_REPORTS):
raise PermissionDenied()
return super(CustomProjectReportDispatcher, self).dispatch(request, *args, **kwargs)
def dispatch(self, request_type, request, **kwargs):
if request.user.is_superuser or domain_has_privilege(request.domain, privileges.API_ACCESS):
return super(HqBaseResource, self).dispatch(request_type, request, **kwargs)
else:
raise ImmediateHttpResponse(HttpResponse(json.dumps({"error": "not authorized"}),
content_type="application/json",
status=401))
def send_message_via_backend(msg, backend=None, orig_phone_number=None):
"""send sms using a specific backend
msg - outbound message object
backend - backend to use for sending; if None, msg.outbound_backend is used
orig_phone_number - the originating phone number to use when sending; this
is sent in if the backend supports load balancing
"""
sms_load_counter("outbound", msg.domain)()
try:
msg.text = clean_text(msg.text)
except Exception:
logging.exception("Could not clean text for sms dated '%s' in domain '%s'" % (msg.date, msg.domain))
try:
# We need to send SMS when msg.domain is None to support sending to
# people who opt in without being tied to a domain
if msg.domain and not domain_has_privilege(msg.domain, privileges.OUTBOUND_SMS):
raise Exception(
("Domain '%s' does not have permission to send SMS."
" Please investigate why this function was called.") % msg.domain
)
phone_obj = PhoneBlacklist.get_by_phone_number_or_none(msg.phone_number)
if phone_obj and not phone_obj.send_sms:
if msg.ignore_opt_out and phone_obj.can_opt_in:
# If ignore_opt_out is True on the message, then we'll still
# send it. However, if we're not letting the phone number
# opt back in and it's in an opted-out state, we will not
# send anything to it no matter the state of the ignore_opt_out
# flag.
pass
else:
msg.set_system_error(SMS.ERROR_PHONE_NUMBER_OPTED_OUT)
return False
if not backend:
backend = msg.outbound_backend
if backend.domain_is_authorized(msg.domain):
backend.send(msg, orig_phone_number=orig_phone_number)
else:
raise BackendAuthorizationException(
"Domain '%s' is not authorized to use backend '%s'" % (msg.domain, backend.pk)
)
msg.backend_api = backend.hq_api_id
msg.backend_id = backend.couch_id
msg.save()
return True
except Exception:
should_log_exception = True
if backend:
should_log_exception = should_log_exception_for_backend(backend)
if should_log_exception:
log_sms_exception(msg)
return False
def process_sms_registration(msg):
"""
This method handles registration via sms.
Returns True if a contact was registered, False if not.
To have a case register itself, do the following:
1) Select "Enable Case Registration Via SMS" in project settings, and fill in the
associated Case Registration settings.
2) Text in "join <domain>", where <domain> is the domain to join. If the sending
number does not exist in the system, a case will be registered tied to that number.
The "join" keyword can be any keyword in REGISTRATION_KEYWORDS. This is meant to
support multiple translations.
To have a mobile worker register itself, do the following:
NOTE: This is not yet implemented and may change slightly.
1) Select "Enable Mobile Worker Registration via SMS" in project settings.
2) Text in "join <domain> worker", where <domain> is the domain to join. If the
sending number does not exist in the system, a PendingCommCareUser object will be
created, tied to that number.
The "join" and "worker" keywords can be any keyword in REGISTRATION_KEYWORDS and
REGISTRATION_MOBILE_WORKER_KEYWORDS, respectively. This is meant to support multiple
translations.
3) A domain admin will have to approve the addition of the mobile worker before
a CommCareUser can actually be created.
"""
registration_processed = False
text_words = msg.text.upper().split()
keyword1 = text_words[0] if len(text_words) > 0 else ""
keyword2 = text_words[1].lower() if len(text_words) > 1 else ""
keyword3 = text_words[2] if len(text_words) > 2 else ""
if keyword1 in REGISTRATION_KEYWORDS and keyword2 != "":
domain = Domain.get_by_name(keyword2, strict=True)
if domain is not None:
if domain_has_privilege(domain, privileges.INBOUND_SMS):
if keyword3 in REGISTRATION_MOBILE_WORKER_KEYWORDS and domain.sms_mobile_worker_registration_enabled:
#TODO: Register a PendingMobileWorker object that must be approved by a domain admin
pass
elif domain.sms_case_registration_enabled:
register_sms_contact(
domain=domain.name,
case_type=domain.sms_case_registration_type,
case_name="unknown",
user_id=domain.sms_case_registration_user_id,
contact_phone_number=strip_plus(msg.phone_number),
contact_phone_number_is_verified="1",
owner_id=domain.sms_case_registration_owner_id,
)
registration_processed = True
msg.domain = domain.name
msg.save()
return registration_processed
def parse_users(group_memoizer, domain, user_data_model, location_cache):
def _get_group_names(user):
return sorted(map(
lambda id: group_memoizer.get(id).name,
Group.by_user(user, wrap=False)
), key=alphanumeric_sort_key)
def _make_user_dict(user, group_names, location_cache):
model_data, uncategorized_data = (
user_data_model.get_model_and_uncategorized(user.user_data)
)
return {
'data': model_data,
'uncategorized_data': uncategorized_data,
'group': group_names,
'name': user.full_name,
'password': "******", # dummy display string for passwords
'phone-number': user.phone_number,
'email': user.email,
'username': user.raw_username,
'language': user.language,
'user_id': user._id,
'is_active': str(user.is_active),
'location_code': location_cache.get(user.location_id),
}
unrecognized_user_data_keys = set()
user_groups_length = 0
user_dicts = []
for user in get_all_commcare_users_by_domain(domain):
group_names = _get_group_names(user)
user_dict = _make_user_dict(user, group_names, location_cache)
user_dicts.append(user_dict)
unrecognized_user_data_keys.update(user_dict['uncategorized_data'].keys())
user_groups_length = max(user_groups_length, len(group_names))
user_headers = [
'username', 'password', 'name', 'phone-number', 'email',
'language', 'user_id', 'is_active',
]
if domain_has_privilege(domain, privileges.LOCATIONS):
user_headers.append('location_code')
user_data_fields = [f.slug for f in user_data_model.get_fields(include_system=False)]
user_headers.extend(build_data_headers(user_data_fields))
user_headers.extend(build_data_headers(
unrecognized_user_data_keys,
header_prefix='uncategorized_data'
))
user_headers.extend(json_to_headers(
{'group': range(1, user_groups_length + 1)}
))
def _user_rows():
for user_dict in user_dicts:
row = dict(flatten_json(user_dict))
yield [row.get(header) or '' for header in user_headers]
return user_headers, _user_rows()
def send_message_via_backend(msg, backend=None, orig_phone_number=None):
"""send sms using a specific backend
msg - outbound message object
backend - MobileBackend object to use for sending; if None, use
msg.outbound_backend
orig_phone_number - the originating phone number to use when sending; this
is sent in if the backend supports load balancing
"""
try:
msg.text = clean_text(msg.text)
except Exception:
logging.exception("Could not clean text for sms dated '%s' in domain '%s'" % (msg.date, msg.domain))
try:
if not domain_has_privilege(msg.domain, privileges.OUTBOUND_SMS):
raise Exception(
("Domain '%s' does not have permission to send SMS."
" Please investigate why this function was called.") % msg.domain
)
phone_obj = PhoneNumber.get_by_phone_number_or_none(msg.phone_number)
if phone_obj and not phone_obj.send_sms:
if msg.ignore_opt_out and phone_obj.can_opt_in:
# If ignore_opt_out is True on the message, then we'll still
# send it. However, if we're not letting the phone number
# opt back in and it's in an opted-out state, we will not
# send anything to it no matter the state of the ignore_opt_out
# flag.
pass
else:
msg.set_system_error(SMS.ERROR_PHONE_NUMBER_OPTED_OUT)
return False
if not backend:
backend = msg.outbound_backend
# note: this will handle "verified" contacts that are still pending
# verification, thus the backend is None. it's best to only call
# send_sms_to_verified_number on truly verified contacts, though
if not msg.backend_id:
msg.backend_id = backend._id
if backend.domain_is_authorized(msg.domain):
backend.send(msg, orig_phone_number=orig_phone_number)
else:
raise BackendAuthorizationException("Domain '%s' is not authorized to use backend '%s'" % (msg.domain, backend._id))
try:
msg.backend_api = backend.__class__.get_api_id()
except Exception:
pass
msg.save()
create_billable_for_sms(msg)
return True
except Exception:
log_sms_exception(msg)
return False
def get_extra_permissions():
from corehq.apps.export.views import FormExportListView, DeIdFormExportListView, CaseExportListView
yield ReportPermission(
FORM_EXPORT_PERMISSION, FormExportListView.page_title, lambda domain: True)
yield ReportPermission(
DEID_EXPORT_PERMISSION, DeIdFormExportListView.page_title,
lambda domain: domain_has_privilege(domain, privileges.DEIDENTIFIED_DATA))
yield ReportPermission(
CASE_EXPORT_PERMISSION, CaseExportListView.page_title, lambda domain: True)
def post_user_role(request, domain):
if not domain_has_privilege(domain, privileges.ROLE_BASED_ACCESS):
return json_response({})
role_data = json.loads(request.body)
role_data = dict(
(p, role_data[p])
for p in set(list(UserRole.properties()) + ['_id', '_rev']) if p in role_data
)
if (
not domain_has_privilege(domain, privileges.RESTRICT_ACCESS_BY_LOCATION)
and not role_data['permissions']['access_all_locations']
):
# This shouldn't be possible through the UI, but as a safeguard...
role_data['permissions']['access_all_locations'] = True
role = UserRole.wrap(role_data)
role.domain = domain
if role.get_id:
old_role = UserRole.get(role.get_id)
assert(old_role.doc_type == UserRole.__name__)
assert(old_role.domain == domain)
if role.permissions.edit_web_users:
role.permissions.view_web_users = True
if role.permissions.edit_commcare_users:
role.permissions.view_commcare_users = True
if role.permissions.edit_groups:
role.permissions.view_groups = True
if role.permissions.edit_locations:
role.permissions.view_locations = True
if not role.permissions.edit_groups:
role.permissions.edit_users_in_groups = False
if not role.permissions.edit_locations:
role.permissions.edit_users_in_locations = False
role.save()
role.__setattr__('hasUsersAssigned',
True if len(role.ids_of_assigned_users) > 0 else False)
return json_response(role)
def get_per_domain_context(project, request=None):
custom_logo_url = None
if (project and project.has_custom_logo
and domain_has_privilege(project.name, privileges.CUSTOM_BRANDING)
):
custom_logo_url = reverse('logo', args=[project.name])
return {
'CUSTOM_LOGO_URL': custom_logo_url,
}
def page_context(self):
context = {
'can_use_inbound_sms': domain_has_privilege(self.domain, privileges.INBOUND_SMS),
}
if (self.request.project.commtrack_enabled or
self.request.project.locations_enabled):
context.update({
'update_form': self.commtrack_form,
})
return context
def __init__(self, *args, **kwargs):
user = kwargs.pop('user', None)
domain = kwargs.get('domain', None)
super(DomainMetadataForm, self).__init__(*args, **kwargs)
project = Domain.get_by_name(domain)
if project.cloudcare_releases == 'default' or not domain_has_privilege(domain, privileges.CLOUDCARE):
# if the cloudcare_releases flag was just defaulted, don't bother showing
# this setting at all
self.fields['cloudcare_releases'].widget = forms.HiddenInput()
def process_repeat_record(repeat_record):
# A RepeatRecord should ideally never get into this state, as the
# domain_has_privilege check is also triggered in the create_repeat_records
# in signals.py. But if it gets here, forcefully cancel the RepeatRecord.
# todo reconcile ZAPIER_INTEGRATION and DATA_FORWARDING
# they each do two separate things and are priced differently,
# but use the same infrastructure
if not (domain_has_privilege(repeat_record.domain, ZAPIER_INTEGRATION)
or domain_has_privilege(repeat_record.domain, DATA_FORWARDING)):
repeat_record.cancel()
repeat_record.save()
if (repeat_record.state == RECORD_FAILURE_STATE and
repeat_record.overall_tries >= repeat_record.max_possible_tries):
repeat_record.cancel()
repeat_record.save()
return
if repeat_record.cancelled:
return
repeater = repeat_record.repeater
if not repeater:
repeat_record.cancel()
repeat_record.save()
return
try:
if repeater.paused:
# postpone repeat record by 1 day so that these don't get picked in each cycle and
# thus clogging the queue with repeat records with paused repeater
repeat_record.postpone_by(timedelta(days=1))
return
if repeater.doc_type.endswith(DELETED_SUFFIX):
if not repeat_record.doc_type.endswith(DELETED_SUFFIX):
repeat_record.doc_type += DELETED_SUFFIX
repeat_record.save()
elif repeat_record.state == RECORD_PENDING_STATE or repeat_record.state == RECORD_FAILURE_STATE:
repeat_record.fire()
except Exception:
logging.exception('Failed to process repeat record: {}'.format(
repeat_record._id))
def get_releases_context(request, domain, app_id):
app = get_app(domain, app_id)
can_send_sms = domain_has_privilege(domain, privileges.OUTBOUND_SMS)
build_profile_access = domain_has_privilege(domain, privileges.BUILD_PROFILES)
prompt_settings_form = PromptUpdateSettingsForm.from_app(app, request_user=request.couch_user)
context = {
'release_manager': True,
'can_send_sms': can_send_sms,
'can_view_cloudcare': has_privilege(request, privileges.CLOUDCARE),
'has_mobile_workers': get_doc_count_in_domain_by_class(domain, CommCareUser) > 0,
'latest_released_version': get_latest_released_app_version(domain, app_id),
'sms_contacts': (
get_sms_autocomplete_context(request, domain)['sms_contacts']
if can_send_sms else []
),
'build_profile_access': build_profile_access,
'application_profile_url': reverse(LanguageProfilesView.urlname, args=[domain, app_id]),
'lastest_j2me_enabled_build': CommCareBuildConfig.latest_j2me_enabled_config().label,
'fetchLimit': request.GET.get('limit', DEFAULT_FETCH_LIMIT),
'latest_build_id': get_latest_build_id(domain, app_id),
'prompt_settings_url': reverse(PromptSettingsUpdateView.urlname, args=[domain, app_id]),
'prompt_settings_form': prompt_settings_form,
'full_name': request.couch_user.full_name,
'can_manage_releases': can_manage_releases(request.couch_user, request.domain, app_id)
}
if not app.is_remote_app():
context.update({
'enable_update_prompts': app.enable_update_prompts,
})
if len(app.modules) == 0:
context.update({'intro_only': True})
# Multimedia is not supported for remote applications at this time.
try:
multimedia_state = app.check_media_state()
context.update({
'multimedia_state': multimedia_state,
})
except ReportConfigurationNotFoundError:
pass
return context
def get_releases_context(request, domain, app_id):
app = get_app(domain, app_id)
can_send_sms = domain_has_privilege(domain, privileges.OUTBOUND_SMS)
build_profile_access = domain_has_privilege(domain, privileges.BUILD_PROFILES)
prompt_settings_form = PromptUpdateSettingsForm.from_app(app, request_user=request.couch_user)
context = {
'release_manager': True,
'can_send_sms': can_send_sms,
'can_view_cloudcare': has_privilege(request, privileges.CLOUDCARE),
'has_mobile_workers': get_doc_count_in_domain_by_class(domain, CommCareUser) > 0,
'latest_released_version': get_latest_released_app_version(domain, app_id),
'sms_contacts': (
get_sms_autocomplete_context(request, domain)['sms_contacts']
if can_send_sms else []
),
'build_profile_access': build_profile_access,
'application_profile_url': reverse(LanguageProfilesView.urlname, args=[domain, app_id]),
'lastest_j2me_enabled_build': CommCareBuildConfig.latest_j2me_enabled_config().label,
'latest_build_id': get_latest_build_id(domain, app_id),
'prompt_settings_url': reverse(PromptSettingsUpdateView.urlname, args=[domain, app_id]),
'prompt_settings_form': prompt_settings_form,
'full_name': request.couch_user.full_name,
'can_manage_releases': can_manage_releases(request.couch_user, request.domain, app_id),
'can_edit_apps': request.couch_user.can_edit_apps(),
}
if not app.is_remote_app():
context.update({
'enable_update_prompts': app.enable_update_prompts,
})
if len(app.modules) == 0:
context.update({'intro_only': True})
# Multimedia is not supported for remote applications at this time.
try:
multimedia_state = app.check_media_state()
context.update({
'multimedia_state': multimedia_state,
})
except ReportConfigurationNotFoundError:
pass
return context
def obj_get_list(self, bundle, **kwargs):
domain = kwargs['domain']
couch_user = CouchUser.from_django_user(bundle.request.user)
if not domain_has_privilege(domain, privileges.ZAPIER_INTEGRATION) or not couch_user.is_member_of(domain):
raise ImmediateHttpResponse(
HttpForbidden('You are not allowed to get list of case types for this domain')
)
case_types = get_case_types_for_domain_es(domain)
results = [CaseType(case_type=case_type) for case_type in case_types]
return results
def page_context(self):
owner_id = self.export_instance.owner_id
return {
'export_instance':
self.export_instance,
'export_home_url':
self.export_home_url,
'allow_deid':
has_privilege(self.request, privileges.DEIDENTIFIED_DATA),
'has_excel_dashboard_access':
domain_has_privilege(self.domain, EXCEL_DASHBOARD),
'has_daily_saved_export_access':
domain_has_privilege(self.domain, DAILY_SAVED_EXPORT),
'can_edit':
self.export_instance.can_edit(self.request.couch_user),
'has_other_owner':
owner_id and owner_id != self.request.couch_user.user_id,
'owner_name':
WebUser.get_by_user_id(owner_id).username if owner_id else None,
}
def obj_get_list(self, bundle, **kwargs):
domain = kwargs['domain']
couch_user = CouchUser.from_django_user(bundle.request.user)
if not domain_has_privilege(domain, privileges.ZAPIER_INTEGRATION) or not couch_user.is_member_of(domain):
raise ImmediateHttpResponse(
HttpForbidden('You are not allowed to get list of case types for this domain')
)
case_types = get_case_types_for_domain_es(domain)
results = [CaseType(case_type=case_type) for case_type in case_types]
return results
def process_incoming(msg, delay=True):
v = VerifiedNumber.by_phone(msg.phone_number, include_pending=True)
if v is not None and v.verified:
msg.couch_recipient_doc_type = v.owner_doc_type
msg.couch_recipient = v.owner_id
msg.domain = v.domain
contact = v.owner
if isinstance(contact, CommCareUser) and hasattr(contact, 'location_id'):
msg.location_id = contact.location_id
msg.save()
if msg.domain_scope:
# only process messages for phones known to be associated with this domain
if v is None or v.domain != msg.domain_scope:
raise DomainScopeValidationError(
'Attempted to simulate incoming sms from phone number not ' \
'verified with this domain'
)
can_receive_sms = PhoneNumber.can_receive_sms(msg.phone_number)
opt_in_keywords, opt_out_keywords = get_opt_keywords(msg)
if is_opt_message(msg.text, opt_out_keywords) and can_receive_sms:
if PhoneNumber.opt_out_sms(msg.phone_number):
metadata = MessageMetadata(ignore_opt_out=True)
text = get_message(MSG_OPTED_OUT, v, context=(opt_in_keywords[0],))
if v:
send_sms_to_verified_number(v, text, metadata=metadata)
else:
send_sms(msg.domain, None, msg.phone_number, text, metadata=metadata)
elif is_opt_message(msg.text, opt_in_keywords) and not can_receive_sms:
if PhoneNumber.opt_in_sms(msg.phone_number):
text = get_message(MSG_OPTED_IN, v, context=(opt_out_keywords[0],))
if v:
send_sms_to_verified_number(v, text)
else:
send_sms(msg.domain, None, msg.phone_number, text)
elif v is not None and v.verified:
if domain_has_privilege(msg.domain, privileges.INBOUND_SMS):
for h in settings.SMS_HANDLERS:
try:
handler = to_function(h)
except:
notify_exception(None, message=('error loading sms handler: %s' % h))
continue
try:
was_handled = handler(v, msg.text, msg=msg)
except Exception, e:
log_sms_exception(msg)
was_handled = False
if was_handled:
break
def _get_vellum_features(request, domain, app):
"""
Returns the context of features passed into vellum when it is initialized.
"""
vellum_features = toggles.toggles_dict(username=request.user.username,
domain=domain)
vellum_features.update({
'group_in_field_list': app.enable_group_in_field_list,
'image_resize': app.enable_image_resize,
'markdown_in_groups': app.enable_markdown_in_groups,
'lookup_tables': domain_has_privilege(domain, privileges.LOOKUP_TABLES),
'templated_intents': domain_has_privilege(domain,
privileges.TEMPLATED_INTENTS),
'custom_intents': domain_has_privilege(domain,
privileges.CUSTOM_INTENTS),
'rich_text': True,
'sorted_itemsets': app.enable_sorted_itemsets,
'advanced_itemsets': add_ons.show("advanced_itemsets", request, app),
})
return vellum_features
def get_extra_permissions():
from corehq.apps.export.views.list import (
FormExportListView,
CaseExportListView,
ODataFeedListView,
)
from corehq.apps.export.views.download import DownloadNewSmsExportView
yield ReportPermission(
FORM_EXPORT_PERMISSION, FormExportListView.page_title, lambda domain: True)
yield ReportPermission(
DEID_EXPORT_PERMISSION, ugettext_noop("Export De-Identified Data"),
lambda domain: domain_has_privilege(domain, privileges.DEIDENTIFIED_DATA))
yield ReportPermission(
CASE_EXPORT_PERMISSION, CaseExportListView.page_title, lambda domain: True)
yield ReportPermission(
SMS_EXPORT_PERMISSION, DownloadNewSmsExportView.page_title, lambda domain: True)
yield ReportPermission(
ODATA_FEED_PERMISSION, ODataFeedListView.page_title,
lambda domain: domain_has_privilege(domain, privileges.ODATA_FEED)
)
def commit_filters(request, domain):
permissions = ExportsPermissionsManager(request.POST.get('model_type'),
domain, request.couch_user)
if not permissions.has_edit_permissions:
raise Http404
export_id = request.POST.get('export_id')
form_data = json.loads(request.POST.get('form_data'))
export = get_properly_wrapped_export_instance(export_id)
if export.is_daily_saved_export and not domain_has_privilege(
domain, DAILY_SAVED_EXPORT):
raise Http404
if export.export_format == "html" and not domain_has_privilege(
domain, EXCEL_DASHBOARD):
raise Http404
if not export.filters.is_location_safe_for_user(request):
return location_restricted_response(request)
domain_object = Domain.get_by_name(domain)
filter_form = DashboardFeedFilterForm(domain_object, form_data)
if filter_form.is_valid():
old_can_access_all_locations = export.filters.can_access_all_locations
old_accessible_location_ids = export.filters.accessible_location_ids
filters = filter_form.to_export_instance_filters(
# using existing location restrictions prevents a less restricted user from modifying
# restrictions on an export that a more restricted user created (which would mean the more
# restricted user would lose access to the export)
old_can_access_all_locations,
old_accessible_location_ids)
if export.filters != filters:
export.filters = filters
export.save()
rebuild_saved_export(export_id, manual=True)
return json_response({
'success': True,
})
else:
return json_response({
'success':
False,
'error':
_("Problem saving dashboard feed filters: Invalid form"),
})
def permissions_check(self,
report,
request,
domain=None,
is_navigation_check=False):
from corehq.motech.repeaters.views import DomainForwardingRepeatRecords
if (report.endswith(DomainForwardingRepeatRecords.__name__) and
not domain_has_privilege(domain, privileges.DATA_FORWARDING)):
return False
return super(DomainReportDispatcher,
self).permissions_check(report, request, domain,
is_navigation_check)
def get_object_list(self, request):
couch_user = CouchUser.from_django_user(request.user)
results = []
for domain in couch_user.get_domains():
if not domain_has_privilege(domain, privileges.ZAPIER_INTEGRATION):
continue
domain_object = Domain.get_by_name(domain)
results.append(
UserDomain(domain_name=domain_object.name,
project_name=domain_object.hr_name
or domain_object.name))
return results
def delete_user_role(request, domain):
if not domain_has_privilege(domain, privileges.ROLE_BASED_ACCESS):
return json_response({})
role_data = json.loads(request.body)
try:
role = UserRole.get(role_data["_id"])
except ResourceNotFound:
return json_response({})
copy_id = role._id
role.delete()
# return removed id in order to remove it from UI
return json_response({"_id": copy_id})
def delete_user_role(request, domain):
if not domain_has_privilege(domain, privileges.ROLE_BASED_ACCESS):
return json_response({})
role_data = json.loads(request.body)
try:
role = UserRole.get(role_data["_id"])
except ResourceNotFound:
return json_response({})
copy_id = role._id
role.delete()
# return removed id in order to remove it from UI
return json_response({"_id": copy_id})
def page_context(self):
bulk_sms_verification_enabled = (
any(toggles.BULK_SMS_VERIFICATION.enabled(item)
for item in [self.request.couch_user.username, self.domain]) and
domain_has_privilege(self.domain, privileges.INBOUND_SMS)
)
return {
'group': self.group,
'bulk_sms_verification_enabled': bulk_sms_verification_enabled,
'num_users': len(self.member_ids),
'user_form': self.user_selection_form
}
def dispatch(self, request_type, request, **kwargs):
if not domain_has_privilege(request.domain, privileges.ODATA_FEED):
raise ImmediateHttpResponse(
response=HttpResponseNotFound('Feature flag not enabled.'))
self.config_id = kwargs['config_id']
self.table_id = int(kwargs.get('table_id', 0))
with TimingContext() as timer:
response = super(BaseODataResource,
self).dispatch(request_type, request, **kwargs)
record_feed_access_in_datadog(request, self.config_id, timer.duration,
response)
return response
def permissions_check(self, report, request, domain=None, is_navigation_check=False):
from corehq.motech.repeaters.views import DomainForwardingRepeatRecords
from corehq.apps.export.views.incremental import IncrementalExportLogView
from corehq.toggles import INCREMENTAL_EXPORTS
if (report.endswith(DomainForwardingRepeatRecords.__name__)
and not domain_has_privilege(domain, privileges.DATA_FORWARDING)):
return False
if (report.endswith(IncrementalExportLogView.__name__) and not INCREMENTAL_EXPORTS.enabled(domain)):
return False
return super(DomainReportDispatcher, self).permissions_check(report, request, domain, is_navigation_check)
def get_releases_context(request, domain, app_id):
app = get_app(domain, app_id)
context = get_apps_base_context(request, domain, app)
can_send_sms = domain_has_privilege(domain, privileges.OUTBOUND_SMS)
build_profile_access = domain_has_privilege(domain,
privileges.BUILD_PROFILES)
context.update({
'release_manager':
True,
'can_send_sms':
can_send_sms,
'has_mobile_workers':
get_doc_count_in_domain_by_class(domain, CommCareUser) > 0,
'sms_contacts': (get_sms_autocomplete_context(
request, domain)['sms_contacts'] if can_send_sms else []),
'build_profile_access':
build_profile_access,
'application_profile_url':
reverse(LanguageProfilesView.urlname, args=[domain, app_id]),
'lastest_j2me_enabled_build':
CommCareBuildConfig.latest_j2me_enabled_config().label,
'fetchLimit':
request.GET.get('limit', DEFAULT_FETCH_LIMIT),
'latest_build_id':
get_latest_build_id(domain, app_id)
})
if not app.is_remote_app():
if toggles.APP_MANAGER_V2.enabled(request.user.username) and len(
app.modules) == 0:
context.update({'intro_only': True})
# Multimedia is not supported for remote applications at this time.
try:
multimedia_state = app.check_media_state()
context.update({
'multimedia_state': multimedia_state,
})
except ReportConfigurationNotFoundError:
pass
return context
def page_context(self):
owner_id = self.export_instance.owner_id
schema = self.get_export_schema(
self.domain,
self.request.GET.get('app_id')
or getattr(self.export_instance, 'app_id'),
self.export_instance.identifier,
)
if self.export_instance.owner_id or not self.export_instance._id:
sharing_options = SharingOption.CHOICES
else:
sharing_options = [SharingOption.EDIT_AND_EXPORT]
allow_deid = has_privilege(self.request, privileges.DEIDENTIFIED_DATA)
return {
'export_instance':
self.export_instance,
'export_home_url':
self.export_home_url,
'allow_deid':
allow_deid,
'has_excel_dashboard_access':
domain_has_privilege(self.domain, EXCEL_DASHBOARD),
'has_daily_saved_export_access':
domain_has_privilege(self.domain, DAILY_SAVED_EXPORT),
'can_edit':
self.export_instance.can_edit(self.request.couch_user),
'has_other_owner':
owner_id and owner_id != self.request.couch_user.user_id,
'owner_name':
WebUser.get_by_user_id(owner_id).username if owner_id else None,
'format_options': ["xls", "xlsx", "csv"],
'number_of_apps_to_process':
schema.get_number_of_apps_to_process(),
'sharing_options':
sharing_options,
'terminology':
self.terminology,
}
def make_mobile_user_dict(user, group_names, location_cache, domain, fields_definition):
model_data = {}
uncategorized_data = {}
model_data, uncategorized_data = (
fields_definition.get_model_and_uncategorized(user.metadata)
)
role = user.get_role(domain)
profile = None
if PROFILE_SLUG in user.metadata and domain_has_privilege(domain, privileges.APP_USER_PROFILES):
try:
profile = CustomDataFieldsProfile.objects.get(id=user.metadata[PROFILE_SLUG])
except CustomDataFieldsProfile.DoesNotExist:
profile = None
activity = user.reporting_metadata
location_codes = []
try:
location_codes.append(location_cache.get(user.location_id))
except SQLLocation.DoesNotExist:
pass
for location_id in user.assigned_location_ids:
# skip if primary location_id, as it is already added to the start of list above
if location_id != user.location_id:
try:
location_codes.append(location_cache.get(location_id))
except SQLLocation.DoesNotExist:
pass
def _format_date(date):
return date.strftime('%Y-%m-%d %H:%M:%S') if date else ''
return {
'data': model_data,
'uncategorized_data': uncategorized_data,
'group': group_names,
'name': user.full_name,
'password': "******", # dummy display string for passwords
'phone-number': user.phone_number,
'email': user.email,
'username': user.raw_username,
'language': user.language,
'user_id': user._id,
'is_active': str(user.is_active),
'User IMEIs (read only)': get_devices(user),
'location_code': location_codes,
'role': role.name if role else '',
'domain': domain,
'user_profile': profile.name if profile else '',
'registered_on (read only)': _format_date(user.created_on),
'last_submission (read only)': _format_date(activity.last_submission_for_user.submission_date),
'last_sync (read only)': activity.last_sync_for_user.sync_date,
}
def send_message_via_backend(msg, backend=None, orig_phone_number=None):
"""send sms using a specific backend
msg - outbound message object
backend - backend to use for sending; if None, msg.outbound_backend is used
orig_phone_number - the originating phone number to use when sending; this
is sent in if the backend supports load balancing
"""
try:
msg.text = clean_text(msg.text)
except Exception:
logging.exception(
"Could not clean text for sms dated '%s' in domain '%s'" %
(msg.date, msg.domain))
try:
if not domain_has_privilege(msg.domain, privileges.OUTBOUND_SMS):
raise Exception(
("Domain '%s' does not have permission to send SMS."
" Please investigate why this function was called.") %
msg.domain)
phone_obj = PhoneBlacklist.get_by_phone_number_or_none(
msg.phone_number)
if phone_obj and not phone_obj.send_sms:
if msg.ignore_opt_out and phone_obj.can_opt_in:
# If ignore_opt_out is True on the message, then we'll still
# send it. However, if we're not letting the phone number
# opt back in and it's in an opted-out state, we will not
# send anything to it no matter the state of the ignore_opt_out
# flag.
pass
else:
msg.set_system_error(SMS.ERROR_PHONE_NUMBER_OPTED_OUT)
return False
if not backend:
backend = msg.outbound_backend
if backend.domain_is_authorized(msg.domain):
backend.send(msg, orig_phone_number=orig_phone_number)
else:
raise BackendAuthorizationException(
"Domain '%s' is not authorized to use backend '%s'" %
(msg.domain, backend.pk))
msg.backend_api = backend.hq_api_id
msg.backend_id = backend.couch_id
msg.save()
return True
except Exception:
log_sms_exception(msg)
return False
def get_extra_permissions():
from corehq.apps.export.views import (
FormExportListView, DeIdFormExportListView, CaseExportListView, DownloadNewSmsExportView
)
yield ReportPermission(
FORM_EXPORT_PERMISSION, FormExportListView.page_title, lambda domain: True)
yield ReportPermission(
DEID_EXPORT_PERMISSION, DeIdFormExportListView.page_title,
lambda domain: domain_has_privilege(domain, privileges.DEIDENTIFIED_DATA))
yield ReportPermission(
CASE_EXPORT_PERMISSION, CaseExportListView.page_title, lambda domain: True)
yield ReportPermission(
SMS_EXPORT_PERMISSION, DownloadNewSmsExportView.page_title, lambda domain: True)
def page_context(self):
domain_has_reminders_or_keywords = (domain_has_reminders(
self.domain) or Keyword.domain_has_keywords(self.domain))
bulk_sms_verification_enabled = (
domain_has_reminders_or_keywords
and domain_has_privilege(self.domain, privileges.INBOUND_SMS))
return {
'group': self.group,
'bulk_sms_verification_enabled': bulk_sms_verification_enabled,
'num_users': len(self.members),
'group_membership_form': self.group_membership_form,
'domain_uses_case_sharing': self.domain_uses_case_sharing,
}
def page_context(self):
bulk_sms_verification_enabled = (
any(
toggles.BULK_SMS_VERIFICATION.enabled(item)
for item in [self.request.couch_user.username, self.domain])
and domain_has_privilege(self.domain, privileges.INBOUND_SMS))
return {
'group': self.group,
'bulk_sms_verification_enabled': bulk_sms_verification_enabled,
'num_users': len(self.member_ids),
'user_form': self.user_selection_form,
'domain_uses_case_sharing': self.domain_uses_case_sharing,
}
def obj_get_list(self, bundle, **kwargs):
domain = kwargs['domain']
couch_user = CouchUser.from_django_user(bundle.request.user)
if not domain_has_privilege(domain, privileges.ZAPIER_INTEGRATION) or not couch_user.is_member_of(domain):
raise ImmediateHttpResponse(
HttpForbidden('You are not allowed to get list of usernames for this domain')
)
user_ids_username_pairs = get_all_user_id_username_pairs_by_domain(domain)
results = [UserInfo(user_id=user_pair[0], user_name=raw_username(user_pair[1]))
for user_pair in user_ids_username_pairs]
return results
def dispatch(self, request_type, request, **kwargs):
if request.user.is_superuser or domain_has_privilege(
request.domain, privileges.API_ACCESS):
return super(HqBaseResource,
self).dispatch(request_type, request, **kwargs)
else:
raise ImmediateHttpResponse(
HttpResponse(json.dumps({
"error":
"Your current plan does not have access to this feature"
}),
content_type="application/json",
status=401))
def page_context(self):
if self.request.is_view_only:
make_form_readonly(self.commtrack_form)
make_form_readonly(self.form_user_update.user_form)
make_form_readonly(self.form_user_update.custom_data.form)
context = {
'are_groups':
bool(len(self.all_groups)),
'groups_url':
reverse('all_groups', args=[self.domain]),
'group_form':
self.group_form,
'reset_password_form':
self.reset_password_form,
'is_currently_logged_in_user':
self.is_currently_logged_in_user,
'is_delete_allowed':
self.is_delete_allowed,
'data_fields_form':
self.form_user_update.custom_data.form,
'can_use_inbound_sms':
domain_has_privilege(self.domain, privileges.INBOUND_SMS),
'can_create_groups':
(self.request.couch_user.has_permission(self.domain, 'edit_groups')
and self.request.couch_user.has_permission(
self.domain, 'access_all_locations')),
'needs_to_downgrade_locations':
(users_have_locations(self.domain)
and not has_privilege(self.request, privileges.LOCATIONS)),
'demo_restore_date':
naturaltime(demo_restore_date_created(self.editable_user)),
'hide_password_feedback':
settings.ENABLE_DRACONIAN_SECURITY_FEATURES,
'group_names': [g.name for g in self.groups],
}
if self.commtrack_form.errors:
messages.error(
self.request,
_("There were some errors while saving user's locations. Please check the 'Locations' tab"
))
if self.domain_object.commtrack_enabled or self.domain_object.uses_locations:
context.update({
'commtrack_enabled': self.domain_object.commtrack_enabled,
'uses_locations': self.domain_object.uses_locations,
'commtrack': {
'update_form': self.commtrack_form,
},
})
return context
def get(self, request, domain, app_id, **kwargs):
app_access = get_application_access_for_domain(domain)
app = get_current_app(domain, app_id)
if not app_access.user_can_access_app(request.couch_user, app):
raise Http404()
role = request.couch_user.get_role(domain)
if role and not role.permissions.view_web_app(app.master_id):
raise Http404()
def _default_lang():
try:
return app['langs'][0]
except Exception:
return 'en'
# default language to user's preference, followed by
# first app's default, followed by english
language = request.couch_user.language or _default_lang()
domain_obj = Domain.get_by_name(domain)
context = {
"domain":
domain,
"default_geocoder_location":
domain_obj.default_geocoder_location,
"language":
language,
"apps": [_format_app(app)],
"mapbox_access_token":
settings.MAPBOX_ACCESS_TOKEN,
"username":
request.user.username,
"formplayer_url":
settings.FORMPLAYER_URL,
"single_app_mode":
True,
"home_url":
reverse(self.urlname, args=[domain, app_id]),
"environment":
WEB_APPS_ENVIRONMENT,
'use_live_query':
toggles.FORMPLAYER_USE_LIVEQUERY.enabled(domain),
"integrations":
integration_contexts(domain),
"has_geocoder_privs":
domain_has_privilege(domain, privileges.GEOCODER),
}
return render(request, "cloudcare/formplayer_home.html", context)
def get_by_organization(cls, organization):
result = cache_core.cached_view(cls.get_db(),
"domain/by_organization",
startkey=[organization],
endkey=[organization, {}],
reduce=False,
include_docs=True,
wrapper=cls.wrap)
from corehq.apps.accounting.utils import domain_has_privilege
from corehq import privileges
result = filter(
lambda x: domain_has_privilege(x.name, privileges.
CROSS_PROJECT_REPORTS), result)
return result
def commit(self, request):
export = self.export_instance_cls.wrap(json.loads(request.body))
if (self.domain != export.domain
or (export.export_format == "html"
and not domain_has_privilege(self.domain, EXCEL_DASHBOARD))
or
(export.is_daily_saved_export
and not domain_has_privilege(self.domain, DAILY_SAVED_EXPORT))):
raise BadExportConfiguration()
if not export._rev:
if toggles.EXPORT_OWNERSHIP.enabled(request.domain):
export.owner_id = request.couch_user.user_id
if getattr(settings, "ENTERPRISE_MODE"):
# default auto rebuild to False for enterprise clusters
# only do this on first save to prevent disabling on every edit
export.auto_rebuild_enabled = False
export.save()
messages.success(
request,
mark_safe(
_("Export <strong>{}</strong> saved.").format(export.name)))
return export._id
def get_per_domain_context(project, request=None):
custom_logo_url = None
if (project and project.has_custom_logo
and domain_has_privilege(project.name, privileges.CUSTOM_BRANDING)):
custom_logo_url = reverse('logo', args=[project.name])
report_an_issue = True
if (hasattr(request, 'couch_user') and request.couch_user and project
and not request.couch_user.has_permission(project.name, 'report_an_issue')):
report_an_issue = False
return {
'CUSTOM_LOGO_URL': custom_logo_url,
'allow_report_an_issue': report_an_issue,
}
def get_main(self, request, domain):
restore_as, set_cookie = self.get_restore_as_user(request, domain)
apps = self.get_web_apps_available_to_user(domain, restore_as)
def _default_lang():
try:
return apps[0]['langs'][0]
except Exception:
return 'en'
# default language to user's preference, followed by
# first app's default, followed by english
language = request.couch_user.language or _default_lang()
domain_obj = Domain.get_by_name(domain)
context = {
"domain":
domain,
"default_geocoder_location":
domain_obj.default_geocoder_location,
"language":
language,
"apps":
apps,
"domain_is_on_trial":
domain_is_on_trial(domain),
"mapbox_access_token":
settings.MAPBOX_ACCESS_TOKEN,
"username":
request.couch_user.username,
"formplayer_url":
settings.FORMPLAYER_URL,
"single_app_mode":
False,
"home_url":
reverse(self.urlname, args=[domain]),
"environment":
WEB_APPS_ENVIRONMENT,
'use_live_query':
toggles.FORMPLAYER_USE_LIVEQUERY.enabled(domain),
"integrations":
integration_contexts(domain),
"change_form_language":
toggles.CHANGE_FORM_LANGUAGE.enabled(domain),
"has_geocoder_privs":
domain_has_privilege(domain, privileges.GEOCODER),
}
return set_cookie(
render(request, "cloudcare/formplayer_home.html", context))
def get_default_export_settings_if_available(domain):
"""
Only creates settings if the domain has the DEFAULT_EXPORT_SETTINGS privilege
"""
settings = None
current_subscription = Subscription.get_active_subscription_by_domain(
domain)
if current_subscription and domain_has_privilege(domain,
DEFAULT_EXPORT_SETTINGS):
from corehq.apps.export.models import DefaultExportSettings
settings = DefaultExportSettings.objects.get_or_create(
account=current_subscription.account)[0]
return settings
def _check_subscription(self):
def app_uses_usercase(app):
return any(m.uses_usercase() for m in app.get_modules())
errors = []
if app_uses_usercase(self.app) and not domain_has_privilege(self.domain, privileges.USER_CASE):
errors.append({
'type': 'subscription',
'message': _('Your application is using User Properties and your current subscription does not '
'support that. You can remove User Properties functionality by opening the User '
'Properties tab in a form that uses it, and clicking "Remove User Properties".'),
})
return errors
def post_user_role(request, domain):
if not domain_has_privilege(domain, privileges.ROLE_BASED_ACCESS):
return json_response({})
role_data = json.loads(request.body)
role_data = dict(
(p, role_data[p])
for p in set(list(UserRole.properties()) + ['_id', '_rev']) if p in role_data
)
if (
not domain_has_privilege(domain, privileges.RESTRICT_ACCESS_BY_LOCATION)
and not role_data['permissions']['access_all_locations']
):
# This shouldn't be possible through the UI, but as a safeguard...
role_data['permissions']['access_all_locations'] = True
role = UserRole.wrap(role_data)
role.domain = domain
if role.get_id:
old_role = UserRole.get(role.get_id)
assert(old_role.doc_type == UserRole.__name__)
assert(old_role.domain == domain)
# temporarily assign new permissions until migration has finished, then we
# can update the UI accordingly.
role.permissions.view_web_users = role.permissions.edit_web_users
role.permissions.view_roles = role.permissions.edit_web_users
role.permissions.view_commcare_users = role.permissions.edit_commcare_users
role.permissions.edit_groups = role.permissions.edit_commcare_users
role.permissions.view_groups = role.permissions.edit_commcare_users
role.permissions.view_locations = role.permissions.edit_locations
role.save()
role.__setattr__('hasUsersAssigned',
True if len(role.ids_of_assigned_users) > 0 else False)
return json_response(role)
