def get_cruved(info_role):
"""
Get the cruved for a user
.. :quickref: Permissions;
Params:
:param user: the user who ask the route, auto kwargs via @check_cruved_scope
:type user: User
:param module_code: the code of the requested module - as querystring
:type module_code: str
:returns: dict of the CRUVED
"""
params = request.args.to_dict()
# get modules
q = DB.session.query(TModules)
if "module_code" in params:
q = q.filter(TModules.module_code.in_(params["module_code"]))
modules = q.all()
# for each modules get its cruved
# then get its related object and their cruved
modules_with_cruved = {}
for mod in modules:
mod_as_dict = mod.as_dict()
# get mod objects
module_objects = (
DB.session.query(TObjects)
.join(CorObjectModule, CorObjectModule.id_object == TObjects.id_object)
.filter_by(id_module=mod_as_dict["id_module"])
.all()
)
module_cruved, herited = cruved_scope_for_user_in_module(
id_role=info_role.id_role, module_code=mod_as_dict["module_code"]
)
mod_as_dict["cruved"] = module_cruved
module_objects_as_dict = {}
# get cruved for each object
for _object in module_objects:
object_as_dict = _object.as_dict()
object_cruved, herited = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code=mod_as_dict["module_code"],
object_code=_object.code_object,
)
object_as_dict["cruved"] = object_cruved
module_objects_as_dict[object_as_dict["code_object"]] = object_as_dict
mod_as_dict["module_objects"] = module_objects_as_dict
modules_with_cruved[mod_as_dict["module_code"]] = mod_as_dict
return modules_with_cruved
def user_cruved(id_role):
"""
.. :quickref: View_Permission;
Get all scope CRUVED (with heritage) for a user in all modules
"""
user = DB.session.query(User).get(id_role).as_dict()
modules_data = DB.session.query(TModules).order_by(
TModules.module_order).all()
groupes_data = DB.session.query(CorRole).filter(
CorRole.id_role_utilisateur == id_role).all()
actions_label = {}
for action in DB.session.query(TActions).all():
actions_label[action.code_action] = action.description_action
modules = []
for module in modules_data:
module = module.as_dict()
# for each module get its related object
module_objects = (DB.session.query(TObjects).join(
CorObjectModule,
CorObjectModule.id_object == TObjects.id_object).filter_by(
id_module=module["id_module"]).all())
# get cruved for all object
module_objects_as_dict = []
for _object in module_objects:
object_as_dict = _object.as_dict()
object_cruved, (herited,
herited_obj) = cruved_scope_for_user_in_module(
id_role=id_role,
module_code=module["module_code"],
object_code=_object.code_object,
get_herited_obj=True,
)
object_as_dict["cruved"] = (
beautifulize_cruved(actions_label, object_cruved),
herited,
herited_obj,
)
module_objects_as_dict.append(object_as_dict)
module["module_objects"] = module_objects_as_dict
# do not display cruved for module which have objects
cruved, (herited, herited_obj) = cruved_scope_for_user_in_module(
id_role, module["module_code"], get_herited_obj=True)
cruved_beautiful = beautifulize_cruved(actions_label, cruved)
module["module_cruved"] = (cruved_beautiful, herited, herited_obj)
modules.append(module)
return render_template(
"cruved_user.html",
user=user,
groupes=[groupe.role.as_dict() for groupe in groupes_data],
modules=modules,
config=current_app.config,
)
def test_cruved_scope_for_user_in_module(self):
# get cruved for geonature
cruved, herited = cruved_scope_for_user_in_module(id_role=9, module_code="GEONATURE")
assert herited == False
assert cruved == {"C": "3", "R": "3", "U": "3", "V": "3", "E": "3", "D": "3"}
cruved, herited = cruved_scope_for_user_in_module(
id_role=9, module_code="GEONATURE", get_id=True
)
assert herited == False
assert cruved == {"C": 4, "R": 4, "U": 4, "V": 4, "E": 4, "D": 4}
def test_permission():
'''
tests sur les permissions
'''
user = get_user_from_token_and_raise(request)
id_role = user['id_role']
cruved_monitoring = cruved_scope_for_user_in_module(
id_role, MODULE_MONITORINGS_CODE, "ALL")
cruved_test = cruved_scope_for_user_in_module(id_role, 'TEST', "ALL")
return {
'cruved_test': cruved_test,
'cruved_monitoring': cruved_monitoring,
}
def get_cruved(info_role):
""" return the cruved for a user
Params:
user: (User): the user who ask the route, auto kwargs via @check_cruved_scope
module_code (str): the code of the requested module - as querystring
Returns
- dict of the CRUVED
"""
params = dict(request.args)
# get modules
q = DB.session.query(TModules)
if 'module_code' in params:
q = q.filter(TModules.module_code.in_(params['module_code']))
modules = q.all()
# for each modules get its cruved
# then get its related object and their cruved
modules_with_cruved = {}
for mod in modules:
mod_as_dict = mod.as_dict()
# get mod objects
module_objects = DB.session.query(TObjects).join(
CorObjectModule, CorObjectModule.id_object == TObjects.id_object
).filter_by(id_module=mod_as_dict['id_module']).all()
module_cruved, herited = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code=mod_as_dict['module_code'],
)
mod_as_dict['cruved'] = module_cruved
module_objects_as_dict = {}
# get cruved for each object
for _object in module_objects:
object_as_dict = _object.as_dict()
object_cruved, herited = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code=mod_as_dict['module_code'],
object_code=_object.code_object
)
object_as_dict['cruved'] = object_cruved
module_objects_as_dict[object_as_dict['code_object']] = object_as_dict
mod_as_dict['module_objects'] = module_objects_as_dict
modules_with_cruved[mod_as_dict['module_code']] = mod_as_dict
return modules_with_cruved
def get_modules(info_role):
"""
Return the allowed modules of user from its cruved
.. :quickref: Commons;
"""
params = request.args
q = DB.session.query(TModules).options(joinedload(TModules.objects))
if "exclude" in params:
q = q.filter(TModules.module_code.notin_(params.getlist("exclude")))
q = q.order_by(TModules.module_order.asc()).order_by(
TModules.module_label.asc())
modules = q.all()
allowed_modules = []
for mod in modules:
app_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code=mod.module_code,
)[0]
if app_cruved["R"] != "0":
module = mod.as_dict(fields=["objects"])
module["cruved"] = app_cruved
if mod.active_frontend:
# try to get module url from conf for new modules
if module['module_code'] in current_app.config:
module_url = current_app.config[module['module_code']].get(
'MODULE_URL', mod.module_path)
else:
# fallback for legacy modules
module_url = mod.module_path
module["module_url"] = "{}/#/{}".format(
current_app.config["URL_APPLICATION"], module_url)
else:
module["module_url"] = mod.module_external_url
module_objects_as_dict = {}
# # get cruved for each object
for _object in module.get("objects", []):
object_cruved, herited = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code=module["module_code"],
object_code=_object["code_object"],
)
_object["cruved"] = object_cruved
module_objects_as_dict[_object["code_object"]] = _object
module["module_objects"] = module_objects_as_dict
allowed_modules.append(module)
return allowed_modules
def get_modules(info_role):
"""
Return the allowed modules of user from its cruved
"""
params = request.args
q = DB.session.query(TModules)
if "exclude" in params:
q = q.filter(TModules.module_code.notin_(params.getlist("exclude")))
modules = q.all()
allowed_modules = []
for mod in modules:
app_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role, module_code=mod.module_code
)[0]
if app_cruved["R"] != "0":
module = mod.as_dict()
module["cruved"] = app_cruved
if mod.active_frontend:
module["module_url"] = "{}/#/{}".format(
current_app.config["URL_APPLICATION"], mod.module_path
)
else:
module["module_url"] = mod.module_external_url
allowed_modules.append(module)
return allowed_modules
def cruved_scope_for_user_in_monitoring_module(module_code=None, object_code=None):
user = get_user_from_token_and_raise(request)
cruved_module = {"C": "0", "R": "0", "U": "0", "V": "0", "E": "0", "D": "0"}
# If user not a dict: its a token issue
# return the appropriate Response
if not isinstance(user, dict):
return user
# get_monitoring from route parameter monitoring_url
module = None
herited = False
if module_code and module_code != "null":
module = get_module("module_code", module_code)
module_code = module.module_code
append = {15: ["MONITORINGS", object_code], 25: ["MONITORINGS", "ALL"]}
else:
module_code = "MONITORINGS"
append = {}
cruved_module, herited = cruved_scope_for_user_in_module(
id_role=user["id_role"],
module_code=module_code,
object_code=object_code,
append_to_select=append,
)
return to_int_cruved(cruved_module)
def get_acquisition_frameworks(info_role):
"""
Get a simple list of AF without any nested relationships
Use for AF select in form
Get the GeoNature CRUVED
"""
only = []
af_list = (
TAcquisitionFramework.query.filter_by_readable().filter_by_params(
request.args.to_dict()).options(
Load(TAcquisitionFramework).raiseload('*'),
# for permission checks:
joinedload('creator'),
joinedload('cor_af_actor').options(
joinedload('role'),
joinedload('organism'),
),
joinedload('t_datasets').options(
joinedload('digitizer'),
joinedload('cor_dataset_actor').options(
joinedload('role'),
joinedload('organism'),
),
),
))
if request.args.get('datasets', default=False, type=int):
only.extend([
't_datasets',
])
if request.args.get('creator', default=False, type=int):
only.append('creator')
af_list = af_list.options(joinedload('creator'))
if request.args.get('actors', default=False, type=int):
only.extend([
'cor_af_actor',
'cor_af_actor.nomenclature_actor_role',
'cor_af_actor.organism',
'cor_af_actor.role',
])
af_list = af_list.options(
joinedload('cor_af_actor').options(
joinedload('nomenclature_actor_role'), ), )
if request.args.get('datasets', default=False, type=int):
only.extend([
't_datasets.cor_dataset_actor',
't_datasets.cor_dataset_actor.nomenclature_actor_role',
't_datasets.cor_dataset_actor.organism',
't_datasets.cor_dataset_actor.role',
])
af_list = af_list.options(
joinedload('t_datasets').options(
joinedload('cor_dataset_actor').options(
joinedload('nomenclature_actor_role'), ), ), )
af_schema = AcquisitionFrameworkSchema(only=only)
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
af_schema.context = {'user_cruved': user_cruved}
return af_schema.jsonify(af_list.all(), many=True)
def get_modules(info_role):
"""
Return the allowed modules of user from its cruved
.. :quickref: Commons;
"""
params = request.args
q = DB.session.query(TModules)
if "exclude" in params:
q = q.filter(TModules.module_code.notin_(params.getlist("exclude")))
q = q.order_by(TModules.module_order.asc()).order_by(
TModules.module_label.asc())
modules = q.all()
allowed_modules = []
for mod in modules:
app_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role, module_code=mod.module_code)[0]
if app_cruved["R"] != "0":
module = mod.as_dict()
module["cruved"] = app_cruved
if mod.active_frontend:
module["module_url"] = "{}/#/{}".format(
current_app.config["URL_APPLICATION"], mod.module_path)
else:
module["module_url"] = mod.module_external_url
allowed_modules.append(module)
return allowed_modules
def acquisitionFrameworkHandler(request, *, acquisition_framework, info_role):
# Test des droits d'édition du acquisition framework si modification
if acquisition_framework.id_acquisition_framework is not None:
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
af_cruved = acquisition_framework.get_object_cruved(
info_role, user_cruved)
#verification des droits d'édition pour le acquisition framework
if not af_cruved['U']:
raise InsufficientRightsError(
"User {} has no right in acquisition_framework {}".format(
info_role.id_role,
acquisition_framework.id_acquisition_framework),
403,
)
else:
acquisition_framework.id_digitizer = info_role.id_role
acquisitionFrameworkSchema = AcquisitionFrameworkSchema()
acquisition_framework, errors = acquisitionFrameworkSchema.load(
request.get_json(), instance=acquisition_framework)
if bool(errors):
raise BadRequest(errors)
DB.session.add(acquisition_framework)
DB.session.commit()
return acquisition_framework
def get_acquisition_framework(info_role, id_acquisition_framework):
"""
Get one AF with nomenclatures
.. :quickref: Metadata;
:param id_acquisition_framework: the id_acquisition_framework
:param type: int
:returns: dict<TAcquisitionFramework>
"""
acquisitionFrameworkSchema = AcquisitionFrameworkSchema()
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
acquisitionFrameworkSchema.context = {
'info_role': info_role,
'user_cruved': user_cruved
}
acquisition_framework = DB.session.query(TAcquisitionFramework).get(
id_acquisition_framework)
if not acquisition_framework:
raise NotFound('Acquisition framework "{}" does not exist'.format(
id_acquisition_framework))
return acquisitionFrameworkSchema.jsonify(acquisition_framework)
def get_dataset(info_role, id_dataset):
"""
Get one dataset
.. :quickref: Metadata;
:param id_dataset: the id_dataset
:param type: int
:returns: dict<TDataset>
"""
datasetSchema = DatasetSchema()
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
datasetSchema.context = {
'info_role': info_role,
'user_cruved': user_cruved
}
dataset = DB.session.query(TDatasets).get(id_dataset)
if not dataset:
raise NotFound('Dataset "{}" does not exist'.format(id_dataset))
return datasetSchema.jsonify(dataset)
def get_acquisition_frameworks_metadata(info_role):
"""
Get all AF with cruved filter
Use for metadata module.
Add the cruved permission for each row
.. :quickref: Metadata;
"""
params = request.args
afs = get_af_cruved(info_role, params, as_model=True)
id_afs_user = TAcquisitionFramework.get_user_af(info_role, only_user=True)
id_afs_org = TAcquisitionFramework.get_user_af(info_role, only_user=False)
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
afs_dict = []
for af in afs:
af_dict = af.as_dict()
af_dict["cruved"] = af.get_object_cruved(
user_cruved=user_cruved,
id_object=af.id_acquisition_framework,
ids_object_user=id_afs_user,
ids_object_organism=id_afs_org,
)
afs_dict.append(af_dict)
return afs_dict
def get_all(self, info_role, with_cruved=False, mapping_type=None):
"""
Get all mappings
"""
users_mapping = self.get_user_mapping(info_role)
q = DB.session.query(TMappings).filter(TMappings.temporary == False)
if mapping_type:
q = q.filter(TMappings.mapping_type == mapping_type.upper())
if info_role.value_filter in ("1", "2"):
q = q.filter(
or_(TMappings.id_mapping.in_(users_mapping),
TMappings.is_public == True))
data = q.all()
if with_cruved:
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="IMPORT",
object_code="MAPPING",
)[0]
mapping_as_dict = []
for d in data:
temp = d.as_dict()
temp["cruved"] = self.get_mapping_cruved(
user_cruved, d.id_mapping, users_mapping)
mapping_as_dict.append(temp)
return mapping_as_dict
return [d.as_dict() for d in data]
def datasetHandler(request, *, dataset, info_role):
# Test des droits d'édition du dataset si modification
if dataset.id_dataset is not None:
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
dataset_cruved = dataset.get_object_cruved(info_role, user_cruved)
#verification des droits d'édition pour le dataset
if not dataset_cruved['U']:
raise InsufficientRightsError(
"User {} has no right in dataset {}".format(
info_role.id_role, dataset.id_dataset),
403,
)
else:
dataset.id_digitizer = info_role.id_role
datasetSchema = DatasetSchema()
dataset, errors = datasetSchema.load(request.get_json(), instance=dataset)
if bool(errors):
log.error(errors)
raise BadRequest(errors)
DB.session.add(dataset)
DB.session.commit()
return dataset
def test_cruved_scope_for_user_in_module(self):
# get cruved for geonature
cruved, herited = cruved_scope_for_user_in_module(
id_role=9,
module_code='GEONATURE'
)
assert herited == False
assert cruved == {'C': '3', 'R': '3', 'U': '3', 'V':'3', 'E':'3', 'D': '3'}
cruved, herited = cruved_scope_for_user_in_module(
id_role=9,
module_code='GEONATURE',
get_id=True
)
assert herited == False
assert cruved == {'C': 4, 'R': 4, 'U': 4, 'V':4, 'E':4, 'D': 4}
def _get_read_scope(self, user=None):
if user is None:
user = g.current_user
cruved, herited = cruved_scope_for_user_in_module(
id_role=user.id_role,
module_code="GEONATURE"
)
return int(cruved['R'])
def user_cruved(id_role):
"""
Get all scope CRUVED (with heritage) for a user in all modules
"""
user = DB.session.query(User).get(id_role).as_dict()
modules_data = DB.session.query(TModules).all()
groupes_data = DB.session.query(CorRole).filter(CorRole.id_role_utilisateur==id_role).all()
actions_label = {}
for action in DB.session.query(TActions).all():
actions_label[action.code_action] = action.description_action
modules = []
for module in modules_data:
module = module.as_dict()
# for each module get its related object
module_objects = DB.session.query(TObjects).join(
CorObjectModule, CorObjectModule.id_object == TObjects.id_object
).filter_by(id_module=module['id_module']).all()
# get cruved for all object
module_objects_as_dict = []
for _object in module_objects:
object_as_dict = _object.as_dict()
object_cruved, herited = cruved_scope_for_user_in_module(
id_role=id_role,
module_code=module['module_code'],
object_code=_object.code_object
)
object_as_dict['cruved'] = beautifulize_cruved(actions_label, object_cruved)
module_objects_as_dict.append(object_as_dict)
module['module_objects'] = module_objects_as_dict
# do not display cruved for module which have objects
cruved, herited = cruved_scope_for_user_in_module(id_role, module['module_code'])
cruved_beautiful = beautifulize_cruved(actions_label, cruved)
#print(cruved_beautiful)
module['module_cruved'] = (cruved_beautiful, herited)
modules.append(module)
return render_template(
'cruved_user.html',
user=user,
groupes=[groupe.role.as_dict() for groupe in groupes_data],
modules=modules,
config=current_app.config
)
def _get_create_scope(self, module_code, user=None):
if user is None:
user = g.current_user
cruved, herited = cruved_scope_for_user_in_module(
id_role=user.id_role,
module_code=module_code
)
return int(cruved["C"])
def get_acquisition_frameworks_list(info_role):
"""
Get all AF with their datasets
Use in metadata module for list of AF and DS
Add the CRUVED permission for each row (Dataset and AD)
.. :quickref: Metadata;
:param info_role: add with kwargs
:type info_role: TRole
:qparam list excluded_fields: fields excluded from serialization
:qparam boolean nested: Default False - serialized relationships. If false: remove add all relationships in excluded_fields
"""
if current_app.config["CAS_PUBLIC"]["CAS_AUTHENTIFICATION"]:
# synchronise the CA and JDD from the MTD WS
try:
mtd_utils.post_jdd_from_user(id_user=info_role.id_role,
id_organism=info_role.id_organisme)
except Exception as e:
log.error(e)
params = request.args.to_dict()
params["orderby"] = "acquisition_framework_name"
if "selector" not in params:
params["selector"] = None
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
nested_serialization = params.get("nested", False)
nested_serialization = True if nested_serialization == "true" else False
exclude_fields = []
if "excluded_fields" in params:
exclude_fields = params.get("excluded_fields")
try:
exclude_fields = exclude_fields.split(',')
except:
raise BadRequest("Malformated parameter 'excluded_fields'")
if not nested_serialization:
# exclude all relationships from serialization if nested = false
exclude_fields = [
db_rel.key
for db_rel in inspect(TAcquisitionFramework).relationships
]
acquisitionFrameworkSchema = AcquisitionFrameworkSchema(
exclude=exclude_fields)
acquisitionFrameworkSchema.context = {
'info_role': info_role,
'user_cruved': user_cruved
}
return acquisitionFrameworkSchema.jsonify(get_metadata_list(
info_role, params, exclude_fields).all(),
many=True)
def test_cruved_scope_for_user_in_module(self):
# get cruved for geonature
cruved, herited = cruved_scope_for_user_in_module(
id_role=9, module_code='GEONATURE')
assert herited == False
assert cruved == {
'C': '3',
'R': '3',
'U': '3',
'V': '3',
'E': '3',
'D': '3'
}
cruved, herited = cruved_scope_for_user_in_module(
id_role=9, module_code='GEONATURE', get_id=True)
assert herited == False
assert cruved == {'C': 4, 'R': 4, 'U': 4, 'V': 4, 'E': 4, 'D': 4}
def get_one(self, id_mapping, info_role, with_cruved):
users_mapping = self.get_user_mapping(info_role)
mapping = DB.session.query(TMappings).get(id_mapping)
if mapping:
mapping_as_dict = mapping.as_dict()
if with_cruved:
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="IMPORT",
object_code="MAPPING",
)[0]
mapping_as_dict["cruved"] = self.get_mapping_cruved(
user_cruved, id_mapping, users_mapping)
return mapping_as_dict
return None
def cruved_scope_for_user_in_monitoring_module(module_code=None):
user = get_user_from_token_and_raise(request)
cruved_module = {
'C': '0',
'R': '0',
'U': '0',
'V': '0',
'E': '0',
'D': '0'
}
# If user not a dict: its a token issue
# return the appropriate Response
if not isinstance(user, dict):
return user
# get_monitoring from route parameter monitoring_url
module = None
herited = False
if module_code and module_code != 'null':
module = get_module('module_code', module_code)
if module:
cruved_module, herited = cruved_scope_for_user_in_module(
user['id_role'], module.module_code, 'ALL')
if not herited:
return to_int_cruved(cruved_module)
cruved_monitorings, herited = cruved_scope_for_user_in_module(
user['id_role'], 'MONITORINGS', 'ALL')
if not herited:
return to_int_cruved(cruved_monitorings)
# return cruved_0, user
return to_int_cruved(cruved_monitorings)
def get_acquisition_framework(info_role, id_acquisition_framework):
"""
Get one AF with nomenclatures
.. :quickref: Metadata;
:param id_acquisition_framework: the id_acquisition_framework
:param type: int
:returns: dict<TAcquisitionFramework>
"""
af = TAcquisitionFramework.query.get_or_404(id_acquisition_framework)
if not af.has_instance_permission(scope=int(info_role.value_filter)):
raise Forbidden(f"User {g.current_user} cannot read acquisition "
"framework {af.id_acquisition_framework}")
exclude = request.args.getlist("exclude")
try:
af_schema = AcquisitionFrameworkSchema(only=[
'creator',
'nomenclature_territorial_level',
'nomenclature_financing_type',
'cor_af_actor',
'cor_af_actor.nomenclature_actor_role',
'cor_af_actor.organism',
'cor_af_actor.role',
'cor_volets_sinp',
'cor_objectifs',
'cor_territories',
't_datasets',
't_datasets.creator',
't_datasets.nomenclature_data_type',
't_datasets.cor_dataset_actor',
't_datasets.cor_dataset_actor.nomenclature_actor_role',
't_datasets.cor_dataset_actor.organism',
't_datasets.cor_dataset_actor.role',
],
exclude=exclude)
except ValueError as e:
raise BadRequest(str(e))
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
af_schema.context = {'user_cruved': user_cruved}
return af_schema.jsonify(af)
def get_dataset(info_role, id_dataset):
"""
Get one dataset
.. :quickref: Metadata;
:param id_dataset: the id_dataset
:param type: int
:returns: dict<TDataset>
"""
dataset = TDatasets.query.get_or_404(id_dataset)
if not dataset.has_instance_permission(scope=int(info_role.value_filter)):
raise Forbidden(
f"User {g.current_user} cannot read dataset {dataset.id_dataset}")
dataset_schema = DatasetSchema(only=[
'creator',
'cor_dataset_actor',
'cor_dataset_actor.nomenclature_actor_role',
'cor_dataset_actor.organism',
'cor_dataset_actor.role',
'modules',
'nomenclature_data_type',
'nomenclature_dataset_objectif',
'nomenclature_collecting_method',
'nomenclature_data_origin',
'nomenclature_source_status',
'nomenclature_resource_type',
'cor_territories',
'acquisition_framework',
'acquisition_framework.creator',
'acquisition_framework.cor_af_actor',
'acquisition_framework.cor_af_actor.nomenclature_actor_role',
'acquisition_framework.cor_af_actor.organism',
'acquisition_framework.cor_af_actor.role',
])
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
dataset_schema.context = {'user_cruved': user_cruved}
return dataset_schema.jsonify(dataset)
def test_get_releve_cruved(self):
from occtax.backend.models import ReleveModel, VReleveList
user_hight = UserRigth(**user_admin)
releveInstance = VReleveList(**valide_occ_tax_releve)
user_cruved, herited = cruved_scope_for_user_in_module(
id_role=user_hight.id_role,
module_code='OCCTAX'
)
cruved = {'R': '3', 'E': '3', 'C': '3', 'V': '3', 'D': '3', 'U': '3'}
assert cruved == user_cruved
assert herited == True
releve_cruved = releveInstance.get_releve_cruved(user_hight, cruved)
user_releve_cruved = {'E': True, 'V': True, 'R': True, 'D': True, 'C': True, 'U': True}
assert releve_cruved == user_releve_cruved
def get_dataset_details_dict(id_dataset, session_role):
"""
Return a dataset from TDatasetDetails model (with all relationships)
return also the number of taxon and observation of the dataset
Use for get_one datasert
"""
q = DB.session.query(TDatasetDetails)
q = cruved_filter(q, TDatasetDetails, session_role)
try:
data = q.filter(TDatasetDetails.id_dataset == id_dataset).one()
except NoResultFound:
return None
dataset = data.as_dict(True)
imports = requests.get(
current_app.config["API_ENDPOINT"] + "/import/by_dataset/" +
str(id_dataset),
headers={"Cookie":
request.headers.get("Cookie")}, # recuperation du token
)
if imports.status_code == 200:
dataset["imports"] = imports.json()
user_cruved = cruved_scope_for_user_in_module(
id_role=session_role.id_role,
module_code="METADATA",
)[0]
cruved = data.get_object_cruved(
user_cruved=user_cruved,
id_object=data.id_dataset,
ids_object_user=TDatasets.get_user_datasets(session_role,
only_user=True),
ids_object_organism=TDatasets.get_user_datasets(session_role,
only_user=False),
)
dataset["cruved"] = cruved
return dataset
def test_get_releve_cruved(self):
from occtax.backend.models import ReleveModel, VReleveOccurrence
user_hight = UserRigth(**user_admin)
releveInstance = VReleveOccurrence(**valide_occ_tax_releve)
user_cruved, herited = cruved_scope_for_user_in_module(
id_role=user_hight.id_role, module_code="OCCTAX")
cruved = {"R": "3", "E": "3", "C": "3", "V": "3", "D": "3", "U": "3"}
assert cruved == user_cruved
assert herited == True
releve_cruved = releveInstance.get_releve_cruved(user_hight, cruved)
user_releve_cruved = {
"E": True,
"V": True,
"R": True,
"D": True,
"C": True,
"U": True,
}
assert releve_cruved == user_releve_cruved
def test_get_releve_cruved(self):
from occtax.backend.models import ReleveModel, VReleveList
user_hight = UserRigth(**user_admin)
releveInstance = VReleveList(**valide_occ_tax_releve)
user_cruved, herited = cruved_scope_for_user_in_module(
id_role=user_hight.id_role, module_code='OCCTAX')
cruved = {'R': '3', 'E': '3', 'C': '3', 'V': '3', 'D': '3', 'U': '3'}
assert cruved == user_cruved
assert herited == True
releve_cruved = releveInstance.get_releve_cruved(user_hight, cruved)
user_releve_cruved = {
'E': True,
'V': True,
'R': True,
'D': True,
'C': True,
'U': True
}
assert releve_cruved == user_releve_cruved
def get_import_list(info_role):
"""
return import list
"""
ors = []
q = DB.session.query(TImports).order_by(TImports.id_import)
if info_role.value_filter == "1":
ors.append(TImports.author.any(id_role=info_role.id_role))
if info_role.value_filter == "2":
ors.append(TImports.author.any(id_organisme=info_role.id_organisme))
q = q.filter(or_(*ors))
results = q.all()
nrows = None
if not results:
return {"empty": True}, 200
else:
nrows = len(results)
user_cruved = cruved_scope_for_user_in_module(info_role.id_role,
module_code="IMPORT")[0]
return {
"empty": False,
"history": [r.to_dict(info_role, user_cruved) for r in results]
}, 200
def get_af_and_ds_metadata(info_role):
"""
Get all AF with their datasets
The Cruved in only apply on dataset in order to see all the AF
where the user have rights with its dataset
Use in maplist
Add the CRUVED permission for each row (Dataset and AD)
.. :quickref: Metadata;
:param info_role: add with kwargs
:type info_role: TRole
:returns: `dict{'data':list<AF with Datasets>, 'with_erros': <boolean>}`
"""
with_mtd_error = False
if current_app.config["CAS_PUBLIC"]["CAS_AUTHENTIFICATION"]:
# synchronise the CA and JDD from the MTD WS
try:
mtd_utils.post_jdd_from_user(id_user=info_role.id_role,
id_organism=info_role.id_organisme)
except Exception as e:
gunicorn_error_logger.info(e)
log.error(e)
with_mtd_error = True
params = request.args.to_dict()
params["orderby"] = "dataset_name"
datasets = get_datasets_cruved(info_role, params, as_model=True)
ids_dataset_user = TDatasets.get_user_datasets(info_role, only_user=True)
ids_dataset_organisms = TDatasets.get_user_datasets(info_role,
only_user=False)
ids_afs_user = TAcquisitionFramework.get_user_af(info_role, only_user=True)
ids_afs_org = TAcquisitionFramework.get_user_af(info_role, only_user=False)
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
# get all af from the JDD filtered with cruved or af where users has rights
ids_afs_cruved = [
d.id_acquisition_framework
for d in get_af_cruved(info_role, as_model=True)
]
list_id_af = [d.id_acquisition_framework
for d in datasets] + ids_afs_cruved
afs = (DB.session.query(TAcquisitionFramework).filter(
TAcquisitionFramework.id_acquisition_framework.in_(
list_id_af)).order_by(
TAcquisitionFramework.acquisition_framework_name).all())
afs_dict = []
# get cruved for each AF and prepare dataset
for af in afs:
af_dict = af.as_dict()
af_dict["cruved"] = af.get_object_cruved(
user_cruved=user_cruved,
id_object=af.id_acquisition_framework,
ids_object_user=ids_afs_user,
ids_object_organism=ids_afs_org,
)
af_dict["datasets"] = []
afs_dict.append(af_dict)
# get cruved for each ds and push them in the af
for d in datasets:
dataset_dict = d.as_dict()
dataset_dict["cruved"] = d.get_object_cruved(
user_cruved=user_cruved,
id_object=d.id_dataset,
ids_object_user=ids_dataset_user,
ids_object_organism=ids_dataset_organisms,
)
af_of_dataset = get_af_from_id(d.id_acquisition_framework, afs_dict)
af_of_dataset["datasets"].append(dataset_dict)
afs_resp = {"data": afs_dict}
if with_mtd_error:
afs_resp["with_mtd_errors"] = True
if not datasets:
return afs_resp, 404
return afs_resp
def permission_form(info_role, id_module, id_role, id_object=None):
#TODO: check post permissions
form = None
module = DB.session.query(TModules).get(id_module)
object_instance = None
module_objects = []
if id_object:
object_instance = DB.session.query(TObjects).get(id_object)
else:
object_instance = DB.session.query(TObjects).filter_by(code_object='ALL').first()
user = DB.session.query(User).get(id_role)
if request.method == 'GET':
cruved, herited = cruved_scope_for_user_in_module(
id_role=id_role,
module_code=module.module_code,
object_code=object_instance.code_object,
get_id=True
)
form = CruvedScopeForm(**cruved)
# get the real cruved of user to set a warning
real_cruved = DB.session.query(CorRoleActionFilterModuleObject).filter_by(
id_module=id_module, id_role=id_role, id_object=object_instance.id_object
).all()
if len(real_cruved) == 0 and not module.module_code == 'ADMIN':
flash(
"""
Attention ce role n'a pas encore de CRUVED dans ce module.
Celui-ci lui est hérité de son groupe et/ou du module parent GEONATURE
"""
)
return render_template(
'cruved_scope_form.html',
form=form,
user=user,
module=module,
object_instance=object_instance,
id_object=id_object,
config=current_app.config
)
else:
form = CruvedScopeForm(request.form)
if form.validate_on_submit():
actions_id = {
action.code_action: action.id_action
for action in DB.session.query(TActions).all()
}
for code_action, id_action in actions_id.items():
privilege = {
'id_role': id_role,
'id_action': id_action,
'id_module': id_module,
'id_object': object_instance.id_object
}
# check if a row already exist for a module, a role and an action
# force to not set several filter for the same role-action-module-object
permission_instance = DB.session.query(
CorRoleActionFilterModuleObject
).filter_by(
**privilege
).join(
TFilters, TFilters.id_filter == CorRoleActionFilterModuleObject.id_filter
).join(
BibFiltersType, BibFiltersType.id_filter_type == TFilters.id_filter_type
).filter(
BibFiltersType.code_filter_type == 'SCOPE'
).first()
# if already exist update the id_filter
if permission_instance:
permission_instance.id_filter = int(form.data[code_action])
DB.session.merge(permission_instance)
else:
permission_row = CorRoleActionFilterModuleObject(
id_role=id_role,
id_action=id_action,
id_filter = int(form.data[code_action]),
id_module=id_module,
id_object=object_instance.id_object
)
DB.session.add(permission_row)
DB.session.commit()
flash(
'CRUVED mis à jour pour le role {}'.format(user.id_role)
)
return redirect(url_for('gn_permissions_backoffice.user_cruved', id_role=id_role))
def export_observations_web(info_role):
"""
Optimized route for observations web export
This view is customisable by the administrator
Some columns arer mandatory: id_sythese, geojson and geojson_local to generate the exported files
Parameters :
Via POST: Use a list of id_synthese (in POST parameters) to filter the v_synthese_for_export_view
Via GET: 'export_format' str<'csv', 'geojson', 'shapefiles'>
"""
params = request.args
# set default to csv
export_format = "csv"
export_view = GenericTable(
"v_synthese_for_export",
"gn_synthese",
"the_geom_local",
current_app.config["LOCAL_SRID"],
)
if "export_format" in params:
export_format = params["export_format"]
# get list of id synthese from POST
id_list = request.get_json()
db_cols_for_shape = []
columns_to_serialize = []
# loop over synthese config to get the columns for export
for db_col in export_view.db_cols:
if db_col.key in current_app.config["SYNTHESE"]["EXPORT_COLUMNS"]:
db_cols_for_shape.append(db_col)
columns_to_serialize.append(db_col.key)
q = DB.session.query(export_view.tableDef).filter(
export_view.tableDef.columns.idSynthese.in_(id_list)
)
# check R and E CRUVED to know if we filter with cruved
cruved = cruved_scope_for_user_in_module(info_role.id_role, module_code="SYNTHESE")[
0
]
if cruved["R"] > cruved["E"]:
# filter on cruved specifying the column
# id_dataset, id_synthese, id_digitiser and observer in the v_synthese_for_export_view
q = synthese_query.filter_query_with_cruved(
export_view.tableDef,
q,
info_role,
id_synthese_column=current_app.config["SYNTHESE"]["EXPORT_ID_SYNTHESE_COL"],
id_dataset_column=current_app.config["SYNTHESE"]["EXPORT_ID_DATASET_COL"],
observers_column=current_app.config["SYNTHESE"]["EXPORT_OBSERVERS_COL"],
id_digitiser_column=current_app.config["SYNTHESE"][
"EXPORT_ID_DIGITISER_COL"
],
with_generic_table=True,
)
results = q.limit(current_app.config["SYNTHESE"]["NB_MAX_OBS_EXPORT"])
file_name = datetime.datetime.now().strftime("%Y_%m_%d_%Hh%Mm%S")
file_name = filemanager.removeDisallowedFilenameChars(file_name)
# columns = [db_col.key for db_col in export_view.db_cols]
if export_format == "csv":
formated_data = [
export_view.as_dict(d, columns=columns_to_serialize) for d in results
]
return to_csv_resp(
file_name, formated_data, separator=";", columns=columns_to_serialize
)
elif export_format == "geojson":
features = []
for r in results:
geometry = ast.literal_eval(
getattr(r, current_app.config["SYNTHESE"]["EXPORT_GEOJSON_4326_COL"])
)
feature = Feature(
geometry=geometry,
properties=export_view.as_dict(r, columns=columns_to_serialize),
)
features.append(feature)
results = FeatureCollection(features)
return to_json_resp(results, as_file=True, filename=file_name, indent=4)
else:
try:
filemanager.delete_recursively(
str(ROOT_DIR / "backend/static/shapefiles"), excluded_files=[".gitkeep"]
)
dir_path = str(ROOT_DIR / "backend/static/shapefiles")
export_view.as_shape(
db_cols=db_cols_for_shape,
data=results,
geojson_col=current_app.config["SYNTHESE"]["EXPORT_GEOJSON_LOCAL_COL"],
dir_path=dir_path,
file_name=file_name,
)
return send_from_directory(dir_path, file_name + ".zip", as_attachment=True)
except GeonatureApiError as e:
message = str(e)
return render_template(
"error.html",
error=message,
redirect=current_app.config["URL_APPLICATION"] + "/#/synthese",
)
def get_export_pdf_dataset(id_dataset, info_role):
"""
Get a PDF export of one dataset
"""
datasetSchema = DatasetSchema()
user_cruved = cruved_scope_for_user_in_module(
id_role=info_role.id_role,
module_code="METADATA",
)[0]
datasetSchema.context = {
'info_role': info_role,
'user_cruved': user_cruved
}
dataset = DB.session.query(TDatasets).get(id_dataset)
if not dataset:
raise NotFound('Dataset "{}" does not exist'.format(id_dataset))
dataset = json.loads((datasetSchema.dumps(dataset)).data)
#test du droit d'export de l'utilisateur
if not dataset.get('cruved').get('E'):
return (
render_template(
"error.html",
error="Vous n'avez pas les droits d'exporter ces informations",
redirect=current_app.config["URL_APPLICATION"] + "/#/metadata",
),
404,
)
if len(dataset.get("dataset_desc")) > 240:
dataset["dataset_desc"] = dataset.get("dataset_desc")[:240] + "..."
dataset["css"] = {
"logo": "Logo_pdf.png",
"bandeau": "Bandeau_pdf.png",
"entite": "sinp",
}
dataset["title"] = current_app.config["METADATA"]["DS_PDF_TITLE"]
date = dt.datetime.now().strftime("%d/%m/%Y")
dataset["footer"] = {
"url":
current_app.config["URL_APPLICATION"] + "/#/metadata/dataset_detail/" +
id_dataset,
"date":
date,
}
filename = "jdd_{}_{}_{}.pdf".format(
id_dataset,
secure_filename(dataset["dataset_shortname"]),
dt.datetime.now().strftime("%d%m%Y_%H%M%S"),
)
try:
f = open(str(BACKEND_DIR) + "/static/images/taxa.png")
f.close()
dataset["chart"] = True
except IOError:
dataset["chart"] = False
# Appel de la methode pour generer un pdf
pdf_file = fm.generate_pdf("dataset_template_pdf.html", dataset, filename)
pdf_file_posix = Path(pdf_file)
return send_from_directory(str(pdf_file_posix.parent),
pdf_file_posix.name,
as_attachment=True)
