def get_researcher_allowed_studies_as_query_set():
session_researcher = get_session_researcher()
if session_researcher.site_admin:
return Study.get_all_studies_by_name()
return Study.get_all_studies_by_name().filter(
id__in=session_researcher.study_relations.values_list("study", flat=True)
)
def test_get_all_studies_by_name(self):
study_names = ['My studies', 'MY STUDY', 'my_study', 'your study']
encryption_key = 'aabbccddeeffgghhiijjkkllmmnnoopp'
for name in study_names:
good_study = Study.create_with_object_id(name=name, encryption_key=encryption_key)
self.assertIn(good_study, Study.get_all_studies_by_name())
self.assertEqual(list(Study.get_all_studies_by_name().values_list('name', flat=True)), study_names)
bad_study = Study.create_with_object_id(name='name', encryption_key=encryption_key, deleted=True)
self.assertNotIn(bad_study, Study.get_all_studies_by_name())
def edit_researcher(researcher_pk):
researcher = Researcher.objects.get(pk=researcher_pk)
admin_is_current_user = (researcher.username == session['admin_username'])
current_studies = Study.get_all_studies_by_name().filter(researchers=researcher)
return render_template(
'edit_researcher.html',
admin=researcher,
current_studies=current_studies,
all_studies=Study.get_all_studies_by_name(),
allowed_studies=get_admins_allowed_studies(),
admin_is_current_user=admin_is_current_user,
system_admin=admin_is_system_admin(),
redirect_url='/edit_researcher/{:s}'.format(researcher_pk),
)
def create_study():
# ONLY THE SITE ADMIN CAN CREATE NEW STUDIES.
if not get_session_researcher().site_admin:
return abort(403)
if request.method == 'GET':
studies = [
study.as_native_python()
for study in Study.get_all_studies_by_name()
]
return render_template(
'create_study.html',
studies=json.dumps(studies),
allowed_studies=get_researcher_allowed_studies(),
is_admin=researcher_is_an_admin())
name = request.form.get('name', '')
encryption_key = request.form.get('encryption_key', '')
is_test = request.form.get(
'is_test') == 'true' # 'true' -> True, 'false' -> False
assert len(name) <= 2**16, "safety check on new study name failed"
try:
study = Study.create_with_object_id(name=name,
encryption_key=encryption_key,
is_test=is_test)
copy_existing_study_if_asked_to(study)
flash('Successfully created study {}.'.format(name), 'success')
return redirect('/device_settings/{:d}'.format(study.pk))
except ValidationError as ve:
for field, message in ve.message_dict.iteritems():
flash('{}: {}'.format(field, message[0]), 'danger')
return redirect('/create_study')
def create_study():
if request.method == 'GET':
studies = [
study.as_native_python()
for study in Study.get_all_studies_by_name()
]
return render_template('create_study.html',
studies=json.dumps(studies),
allowed_studies=get_admins_allowed_studies(),
system_admin=admin_is_system_admin())
name = request.form.get('name', '')
encryption_key = request.form.get('encryption_key', '')
is_test = request.form.get(
'is_test') == 'true' # 'true' -> True, 'false' -> False
try:
study = Study.create_with_object_id(name=name,
encryption_key=encryption_key,
is_test=is_test)
copy_existing_study_if_asked_to(study)
flash('Successfully created study {}.'.format(name), 'success')
return redirect('/device_settings/{:d}'.format(study.pk))
except ValidationError as ve:
for field, message in ve.message_dict.iteritems():
flash('{}: {}'.format(field, message[0]), 'danger')
return redirect('/create_study')
def get_administerable_studies_by_name():
""" Site admins see all studies, study admins see only studies they are admins on. """
researcher_admin = get_session_researcher()
if researcher_admin.site_admin:
studies = Study.get_all_studies_by_name()
else:
studies = researcher_admin.get_administered_studies_by_name()
return studies
def manage_studies():
studies = [study.as_native_python() for study in Study.get_all_studies_by_name()]
return render_template(
'manage_studies.html',
studies=json.dumps(studies),
allowed_studies=get_admins_allowed_studies(),
system_admin=admin_is_system_admin()
)
def manage_researchers():
researcher_list = []
for researcher in Researcher.get_all_researchers_by_username():
allowed_studies = Study.get_all_studies_by_name().filter(researchers=researcher).values_list('name', flat=True)
researcher_list.append((researcher.as_native_python(), list(allowed_studies)))
return render_template(
'manage_researchers.html',
admins=json.dumps(researcher_list),
allowed_studies=get_admins_allowed_studies(),
system_admin=admin_is_system_admin()
)
def get_researcher_allowed_studies() -> List[Dict]:
"""
Return a list of studies which the currently logged-in researcher is authorized to view and edit.
"""
session_researcher = get_session_researcher()
kwargs = {}
if not session_researcher.site_admin:
kwargs = dict(study_relations__researcher=session_researcher)
return [
study_info_dict for study_info_dict in
Study.get_all_studies_by_name().filter(**kwargs).values("name", "object_id", "id", "is_test")
]
def manage_researchers():
# get the study names that each user has access to, but only those that the current admin also
# has access to.
session_ids = get_session_researcher_study_ids()
researcher_list = []
for researcher in get_administerable_researchers():
allowed_studies = Study.get_all_studies_by_name().filter(
study_relations__researcher=researcher,
study_relations__study__in=session_ids,
).values_list('name', flat=True)
researcher_list.append(
(researcher.as_unpacked_native_python(), list(allowed_studies)))
return render_template('manage_researchers.html', admins=researcher_list)
def manage_researchers():
researcher_list = []
# get the study names that each user has access to
for researcher in get_administerable_researchers():
allowed_studies = list(Study.get_all_studies_by_name().filter(
study_relations__researcher=researcher).values_list('name',
flat=True))
researcher_list.append(
(researcher.as_native_python(), allowed_studies))
return render_template('manage_researchers.html',
admins=json.dumps(researcher_list),
allowed_studies=get_researcher_allowed_studies(),
is_admin=researcher_is_an_admin())
def get_admins_allowed_studies(as_json=True):
"""
Return a list of studies which the currently logged-in researcher is authorized to view and edit.
"""
researcher = Researcher.objects.get(username=session['admin_username'])
study_set = [
study for study in Study.get_all_studies_by_name().filter(
researchers=researcher).values("name", "object_id", "id",
"is_test")
]
if as_json:
return json.dumps(study_set)
else:
return study_set
def edit_researcher(researcher_pk):
edit_researcher = Researcher.objects.get(pk=researcher_pk)
is_session_researcher = edit_researcher.username == get_session_researcher(
).username,
return render_template(
'edit_researcher.html',
admin=edit_researcher,
current_studies=Study.get_all_studies_by_name().filter(
study_relations__researcher=edit_researcher),
all_studies=get_administerable_studies(),
allowed_studies=get_researcher_allowed_studies(),
is_session_researcher=is_session_researcher,
is_admin=researcher_is_an_admin(),
redirect_url='/edit_researcher/{:s}'.format(researcher_pk),
)
def get_researcher_allowed_studies(as_json=True):
"""
Return a list of studies which the currently logged-in researcher is authorized to view and edit.
"""
session_researcher = get_session_researcher()
kwargs = {}
if not session_researcher.site_admin:
kwargs = dict(study_relations__researcher=session_researcher)
study_set = [
study for study in
Study.get_all_studies_by_name().filter(**kwargs).values("name", "object_id", "id", "is_test")
]
if as_json:
return json.dumps(study_set)
else:
return study_set
def create_study():
# Only a SITE admin can create new studies.
if not get_session_researcher().site_admin:
return abort(403)
if request.method == 'GET':
studies = [
study.as_unpacked_native_python()
for study in Study.get_all_studies_by_name()
]
return render_template('create_study.html', studies=studies)
name = request.form.get('name', '')
encryption_key = request.form.get('encryption_key', '')
is_test = request.form.get(
'is_test', "").lower() == 'true' # 'true' -> True, 'false' -> False
duplicate_existing_study = request.form.get('copy_existing_study',
None) == 'true'
if not (len(name) <= 2**16) or escape(name) != name:
raise Exception("safety check on new study name failed")
try:
new_study = Study.create_with_object_id(name=name,
encryption_key=encryption_key,
is_test=is_test)
if duplicate_existing_study:
old_study = Study.objects.get(
pk=request.form.get('existing_study_id', None))
copy_existing_study(new_study, old_study)
flash(f'Successfully created study {name}.', 'success')
return redirect('/device_settings/{:d}'.format(new_study.pk))
except ValidationError as ve:
# display message describing failure based on the validation error (hacky, but works.)
for field, message in ve.message_dict.items():
flash(f'{field}: {message[0]}', 'danger')
return redirect('/create_study')
def get_admins_allowed_studies_as_query_set():
researcher = Researcher.objects.get(username=session['admin_username'])
return Study.get_all_studies_by_name().filter(researchers=researcher)