def get_object(self, queryset=None): ''' :returns: "Permission Denied" page if the course/activity is inactive OR deleted AND the user is not an instructor, OR if user is not a member of the course, OR if svtivity membership is on AND the user is not a member. ''' activity = super(ActivityViewPermissionMixin, self).get_object(queryset) course = activity.collection user = self.request.user # if course is inactive or deleted and user doesn't have edit_course # perm, then raise 403 if not course.is_active or course.is_deleted: if not user.has_perm("core.edit_course", course): raise PermissionDenied() # if activity is inactive or deleted and user doesn't have edit_course # perm, then raise 403 if not activity.is_active or activity.is_deleted: if not user.has_perm("core.edit_course", course): raise PermissionDenied() # if user is not an instructor check the following: # if activity membership is on, check if user can view_activity. Otherwise # just check if user can course_view. if not user.has_perm('edit_course', course): if activity.permission_control == True: print get_perms(user, course) print get_perms(user, activity) if not user.has_perm("view_activity", activity): raise PermissionDenied() else: if not get_perms(user, course): raise PermissionDenied() return activity
def form_valid(self, form): ''' # actualiza los miembros del equipo del proyecto que se hayan especifico #:param form: formulario de ediciĆ³n del proyecto ''' self.object = form.save() formset = self.TeamMemberInlineFormSet(self.request.POST, instance=self.object) if formset.is_valid(): # borramos todos los permisos asociados al usuario en el proyecto antes de volver a asignar los nuevos proyecto = self.object for form in formset: if form.has_changed(): #solo los formularios con cambios efectuados user = form.cleaned_data['usuario'] if('usuario' in form.changed_data and 'usuario' in form.initial): #si se cambia el usuario, borrar permisos del usuario anterior original_user = get_object_or_404(User, pk=form.initial['usuario']) for perm in get_perms(original_user, proyecto): remove_perm(perm, original_user, proyecto) else: for perm in get_perms(user, proyecto): remove_perm(perm, user, proyecto) formset.save() return HttpResponseRedirect(reverse('project_list')) return render(self.request, self.get_template_names(), {'form': form, 'formset': formset}, context_instance=RequestContext(self.request))
def test_activation_valid(self): """ Valid activation of an user. Activation of an user with a valid ``activation_key`` should activate the user and set a new invalid ``activation_key`` that is defined in the setting ``USERENA_ACTIVATED``. """ user = UserenaSignup.objects.create_user(**self.user_info) active_user = UserenaSignup.objects.activate_user(user.userena_signup.activation_key) profile = get_user_profile(user=active_user) # The returned user should be the same as the one just created. self.failUnlessEqual(user, active_user) # The user should now be active. self.failUnless(active_user.is_active) # The user should have permission to view and change its profile self.failUnless('view_profile' in get_perms(active_user, profile)) self.failUnless('change_profile' in get_perms(active_user, profile)) # The activation key should be the same as in the settings self.assertEqual(active_user.userena_signup.activation_key, userena_settings.USERENA_ACTIVATED)
def test_activation_valid(self): """ Valid activation of an user. Activation of an user with a valid ``activation_key`` should activate the user and set a new invalid ``activation_key`` that is defined in the setting ``ACCOUNTS_ACTIVATED``. """ user = Account.objects.create_user(**self.user_info) active_user = Account.objects.activate_user(user.username, user.account.activation_key) # The returned user should be the same as the one just created. self.failUnlessEqual(user, active_user) # The user should now be active. self.failUnless(active_user.is_active) # The user should have permission to view and change its profile self.failUnless('view_profile' in get_perms(active_user, active_user.get_profile())) self.failUnless('change_profile' in get_perms(active_user, active_user.get_profile())) # The activation key should be the same as in the settings self.assertEqual(active_user.account.activation_key, accounts_settings.ACCOUNTS_ACTIVATED)
def perms(self, regex, chan, nick, **kwargs): username = regex.group('username').lower() # if user is bot_admin or if user is inquiring about themself... if self.get_auth().is_authorised(nick, '#', 'bot_admin') or \ (username == nick.lower() and self.get_auth().is_authenticated(nick)): try: user = User.objects.get(username__iexact = username) except User.DoesNotExist: self.notice(nick, "Unknown user") return self.notice(nick, "=== Network Permissions ===") for net_obj in NetworkPermissions.objects.all(): perms = get_perms(user, net_obj) self.notice(nick, "{} {}".format(net_obj.network, ", ".join(perms))) last_perms = None for room_obj in RoomPermissions.objects.all(): perms = get_perms(user, room_obj) if perms: if last_perms == None: self.notice(nick, "\n=== Room Permissions ===") self.notice(nick, "{} {} {}".format(room_obj.network, room_obj.room, ", ".join(perms))) else: self.msg(chan, "You are not authorised or not logged in")
def test_direct_perms_only(self): admin = User.objects.create(username='******', is_superuser=True) self.user1.groups.add(self.group1) self.user2.groups.add(self.group1) assign_perm("change_contenttype", self.user1, self.obj1) assign_perm("delete_contenttype", admin, self.obj1) assign_perm("delete_contenttype", self.group1, self.obj1) expected = set([self.user1, self.user2, admin]) result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=True) self.assertEqual(set(result), expected) self.assertEqual(set(get_user_perms(self.user1, self.obj1)), set(['change_contenttype'])) self.assertEqual(set(get_user_perms(self.user2, self.obj1)), set([])) self.assertEqual(set(get_user_perms(admin, self.obj1)), set(['delete_contenttype'])) result = get_users_with_perms(self.obj1, with_superusers=False, with_group_users=False) expected = set([self.user1, admin]) self.assertEqual(set(result), expected) self.assertEqual(set(get_group_perms(self.user1, self.obj1)), set(['delete_contenttype'])) self.assertEqual(set(get_group_perms(self.user2, self.obj1)), set(['delete_contenttype'])) self.assertEqual(set(get_group_perms(self.group1, self.obj1)), set(['delete_contenttype'])) self.assertEqual(set(get_group_perms(self.group2, self.obj1)), set([])) self.assertEqual(set(get_group_perms(admin, self.obj1)), set([])) self.assertEqual(set(get_perms(admin, self.obj1)), set(['add_contenttype', 'change_contenttype', 'delete_contenttype'])) self.assertEqual(set(get_perms(self.user1, self.obj1)), set(['change_contenttype', 'delete_contenttype'])) self.assertEqual(set(get_perms(self.user2, self.obj1)), set(['delete_contenttype'])) self.assertEqual(set(get_perms(self.group1, self.obj1)), set(['delete_contenttype'])) self.assertEqual(set(get_perms(self.group2, self.obj1)), set([]))
def form_valid(self, form): """ Comprobar validez del formulario :param form: formulario recibido :return: URL de redireccion correcta """ super(EditRol, self).form_valid(form) # eliminamos permisos anteriores self.object.permissions.clear() escogidas = get_selected_perms(self.request.POST) for permname in escogidas: perm = Permission.objects.get(codename=permname) self.object.permissions.add(perm) # actualizamos los permisos de los miembros de equipos que tienen este rol team_members_set = self.object.miembroequipo_set.all() for team_member in team_members_set: user = team_member.usuario project = team_member.proyecto # borramos todos los permisos que tiene asociado el usuario en el proyecto for perm in get_perms(user, project): if perm!='view_project': #cuidamos de no eliminar permiso de ver proyecto remove_perm(perm, user, project) #borramos todos los permisos que tiene asociado el usuario a los User Stories del proyecto for us in UserStory.objects.filter(desarrollador=user, proyecto=project): for perm in get_perms(user, us): remove_perm(perm, user, us) all_roles = team_member.roles.all() for role in all_roles: team_member.roles.remove(role) #desacociamos al usuario de los demas roles con los que contaba (para que se eliminen los permisos anteriores) team_member.roles.add(role) #volvemos a agregar para que se copien los permisos actualizados return HttpResponseRedirect(self.get_success_url())
def cmd_copyperms(self, network_old, network_new): perm_obj = NetworkPermissions.objects.get(network=network_old) if not NetworkPermissions.objects.filter(network = network_new).exists(): obj.network = network_new obj.pk = None obj.save() else: obj = NetworkPermissions.objects.get(network = network_new) net_obj = NetworkPermissions.objects.get(network = network_old) for user in User.objects.all(): perms = get_perms(user, net_obj) for perm in perms: assign_perm(perm, user, obj) perm_objs = RoomPermissions.objects.filter(network=network_old) for obj in perm_objs: room = obj.room if not RoomPermissions.objects.filter(network = network_new, room=room).exists(): obj.network = network_new obj.pk = None obj.save() else: obj = RoomPermissions.objects.get(network = network_new, room=room) net_obj = RoomPermissions.objects.get(network = network_old, room=room) for user in User.objects.all(): perms = get_perms(user, net_obj) for perm in perms: assign_perm(perm, user, obj) self.stdout.write("Successfully copied permissions to new network")
def test_view_manage_group(self): self._login_superuser() url = reverse("admin:%s_%s_permissions_manage_group" % self.obj_info, args=[self.obj.pk, self.group.id]) response = self.client.get(url) self.assertEqual(response.status_code, 200) choices = set([c[0] for c in response.context["form"].fields["permissions"].choices]) self.assertEqual(set([p.codename for p in get_perms_for_model(self.obj)]), choices) # Add some perms and check if changes were persisted perms = ["change_%s" % self.obj_info[1], "delete_%s" % self.obj_info[1]] data = {"permissions": perms} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) self.assertEqual(set(get_perms(self.group, self.obj)), set(perms)) # Remove perm and check if change was persisted perms = ["delete_%s" % self.obj_info[1]] data = {"permissions": perms} response = self.client.post(url, data, follow=True) self.assertEqual(len(response.redirect_chain), 1) self.assertEqual(response.redirect_chain[0][1], 302) self.assertEqual(set(get_perms(self.group, self.obj)), set(perms))
def get(self, request, uuid, format=None): params = request.query_params data_set_uuid = params.get('data_set_uuid', None) # requires data_set_uuid to check perms if data_set_uuid: data_set = get_object_or_404(DataSet, uuid=data_set_uuid) public_group = ExtendedGroup.objects.public_group() if request.user.has_perm('core.read_dataset', data_set) or \ 'read_dataset' in get_perms(public_group, data_set): solr_params = generate_solr_params_for_assay(params, uuid) elif request.user.has_perm('core.read_meta_dataset', data_set) or \ 'read_meta_dataset' in get_perms(public_group, data_set): solr_params = generate_solr_params_for_assay( params, uuid, ['REFINERY_DOWNLOAD_URL', 'REFINERY_NAME'] ) else: message = 'User does not have read permissions.' return Response(message, status=status.HTTP_401_UNAUTHORIZED) solr_response = search_solr(solr_params, 'data_set_manager') solr_response_json = format_solr_response(solr_response) return Response(solr_response_json) else: return Response( 'Requires data set uuid.', status=status.HTTP_400_BAD_REQUEST )
def repo_viz( request, username, repo_name ): ''' View repo <repo_name> under user <username>. Does the checks necessary to determine whether the current user has the authority to view the current repository. ''' # Grab the user/organization based on the username account = user_or_organization( username ) if account is None: return HttpResponse( status=404 ) # Grab the repository repo = Repository.objects.get_by_username( repo_name, username ) if repo is None: return HttpResponse( status=404 ) # Grab all the permissions! permissions = [] if request.user.is_authenticated(): permissions = get_perms( request.user, repo ) for org in request.user.organization_users.all(): permissions.extend( get_perms( org, repo ) ) # Check to see if the user has access to view this survey if not repo.is_public and 'view_repository' not in permissions: return HttpResponse( 'Unauthorized', status=401 ) # Grab the data for this repository data = db.data.find( { 'repo': ObjectId( repo.mongo_id ) }, { 'survey_label': False, 'user': False } )\ .sort( [ ('timestamp', pymongo.DESCENDING ) ] ) data = dehydrate_survey( data ) # Is some unknown user looking at this data? # TODO: Make the privatizer take into account # geospatial location # if 'view_raw' not in permissions: # data = privatize_geo( repo, data ) usePerms = get_users_with_perms( repo, attach_perms=True ) usePerms.pop( account, None ) if isinstance( account, User ): account_name = account.username else: account_name = account.name return render_to_response( 'visualize.html', { 'repo': repo, 'sid': repo.mongo_id, 'data': json.dumps( data ), 'permissions': permissions, 'account': account, 'account_name': account_name, 'users_perms': usePerms }, context_instance=RequestContext(request) )
def has_all_permissions(user_or_group, obj, permissions): all_perms = get_perms(user_or_group, obj) for inherit in get_inherited_objects(obj): all_perms += get_perms(user_or_group, inherit) for perm in permissions: if perm not in all_perms: return False return True
def data_set(request, data_set_uuid, analysis_uuid=None): data_set = get_object_or_404(DataSet, uuid=data_set_uuid) public_group = ExtendedGroup.objects.public_group() if not request.user.has_perm('core.read_dataset', data_set): if not 'read_dataset' in get_perms(public_group, data_set): if request.user.is_authenticated(): return HttpResponseForbidden(custom_error_page(request, '403.html', {user: request.user, 'msg': "view this data set"})) else: return HttpResponse(custom_error_page(request, '401.html', {'msg': "view this data set"}), status='401') #get studies investigation = data_set.get_investigation() studies = investigation.study_set.all() # If repository mode, only return workflows tagged for the repository if (settings.REFINERY_REPOSITORY_MODE): workflows = Workflow.objects.filter(show_in_repository_mode=True) else: workflows = Workflow.objects.all() study_uuid = studies[0].uuid study_id = studies[0].id # used for solr field postfixes: FIELDNAME_STUDYID_ASSAY_ID_FIELDTYPE assay_uuid = studies[0].assay_set.all()[0].uuid assay_id = studies[0].assay_set.all()[0].id # used for solr field postfixes: FIELDNAME_STUDYID_ASSAY_ID_FIELDTYPE # TODO: catch errors isatab_archive = None pre_isatab_archive = None try: if investigation.isarchive_file is not None: isatab_archive = FileStoreItem.objects.get(uuid=investigation.isarchive_file) except: pass try: if investigation.pre_isarchive_file is not None: pre_isatab_archive = FileStoreItem.objects.get(uuid=investigation.pre_isarchive_file) except: pass return render_to_response('core/data_set.html', { "data_set": data_set, "analysis_uuid": analysis_uuid, "studies": studies, "study_uuid": study_uuid, "study_id": study_id, "assay_uuid": assay_uuid, "assay_id": assay_id, "has_change_dataset_permission": 'change_dataset' in get_perms(request.user, data_set), "workflows": workflows, "isatab_archive": isatab_archive, "pre_isatab_archive": pre_isatab_archive, }, context_instance=RequestContext(request))
def get_form_class(self): """ Retorna el tipo de formulario que se mostrarĆ” en el template. En caso de que el usuario cuente con el permiso de editar userstory se le permitirĆ” cambiar la actividad del User Story. """ actual_fields = ['estado_actividad'] if 'editar_userstory' in get_perms(self.request.user, self.get_object().proyecto) or \ 'editar_mi_userstory' in get_perms(self.request.user, self.get_object()): actual_fields.insert(1, 'actividad') return modelform_factory(UserStory, form=RegistrarActividadForm, fields=actual_fields)
def check_permissions(self): """ Checks that all permissions are set correctly for the users. :return: A set of users whose permissions was wrong. """ # Variable to supply some feedback changed_permissions = [] changed_users = [] warnings = [] # Check that all the permissions are available. for model, perms in ASSIGNED_PERMISSIONS.items(): if model == 'profile': model_obj = get_profile_model() else: model_obj = get_user_model() model_content_type = ContentType.objects.get_for_model(model_obj) for perm in perms: try: Permission.objects.get(codename=perm[0], content_type=model_content_type) except Permission.DoesNotExist: changed_permissions.append(perm[1]) Permission.objects.create(name=perm[1], codename=perm[0], content_type=model_content_type) # it is safe to rely on settings.ANONYMOUS_USER_ID since it is a # requirement of django-guardian for user in get_user_model().objects.exclude(id=settings.ANONYMOUS_USER_ID): try: user_profile = get_user_profile(user=user) except ObjectDoesNotExist: warnings.append(_("No profile found for %(username)s") \ % {'username': user.username}) else: all_permissions = get_perms(user, user_profile) + get_perms(user, user) for model, perms in ASSIGNED_PERMISSIONS.items(): if model == 'profile': perm_object = get_user_profile(user=user) else: perm_object = user for perm in perms: if perm[0] not in all_permissions: assign_perm(perm[0], user, perm_object) changed_users.append(user) return (changed_permissions, changed_users, warnings)
def test_team_members_meta_perms_restrictions(self): self._team_create() self._publish_xls_form_to_project() user_alice = self._create_user('alice', 'alice') members_team = Team.objects.get( name='%s#%s' % (self.organization.user.username, 'members')) # add alice to members team add_user_to_team(members_team, user_alice) # confirm that the team and members have no permissions on form self.assertFalse(get_perms(members_team, self.xform)) self.assertFalse(get_perms(user_alice, self.xform)) # share project to team view = TeamViewSet.as_view({ 'get': 'list', 'post': 'share'}) post_data = { 'role': EditorRole.name, 'project': self.project.pk, 'remove': False } request = self.factory.post('/', data=post_data, **self.extra) response = view(request, pk=members_team.pk) self.assertEqual(response.status_code, 204) # team members should have editor permissions now alice_perms = get_perms(user_alice, self.xform) alice_role = get_role(alice_perms, self.xform) self.assertEqual(EditorRole.name, alice_role) self.assertTrue(EditorRole.user_has_role(user_alice, self.xform)) # change meta permissions meta_view = MetaDataViewSet.as_view({ 'post': 'create', 'put': 'update' }) data = { 'data_type': XFORM_META_PERMS, 'data_value': 'editor-minor|dataentry', 'xform': self.xform.pk } request = self.factory.post('/', data, **self.extra) response = meta_view(request) self.assertEqual(response.status_code, 201) # members should now have EditorMinor role self.assertTrue(EditorMinorRole.user_has_role(user_alice, self.xform))
def _check_assigned_permissions(self, user, user_profile, changed_users, warnings): all_permissions = get_perms( user, user_profile) + get_perms(user, user) for model, perms in ASSIGNED_PERMISSIONS.items(): perm_object = self._get_perm_object(model, user) for perm in perms: if perm[0] not in all_permissions: assign_perm(perm[0], user, perm_object) changed_users.append(user) return changed_users, warnings
def test_clear_permissions(self): """ Test for roles_clear_repo_permissions """ self.assertListEqual( sorted(get_perms(self.user, self.repo)), sorted(RepoPermission.administrator_permissions()) ) api.roles_clear_repo_permissions(self.repo) self.assertListEqual( get_perms(self.user, self.repo), [] )
def dispatch(self, request, *args, **kwargs): """ ComprobaciĆ³n de permisos hecha antes de la llamada al dispatch que inicia el proceso de respuesta al request de la url :param request: request hecho por el cliente :param args: argumentos adicionales posicionales :param kwargs: argumentos adicionales en forma de diccionario :return: PermissionDenied si el usuario no cuenta con permisos """ if 'editar_userstory' in get_perms(request.user, self.get_object().proyecto): return super(UpdateUserStory, self).dispatch(request, *args, **kwargs) elif 'editar_mi_userstory' in get_perms(self.request.user, self.get_object()): return super(UpdateUserStory, self).dispatch(request, *args, **kwargs) else: raise PermissionDenied()
def check_permissions(self): """ Checks that all permissions are set correctly for the users. :return: A set of users whose permissions was wrong. """ # Variable to supply some feedback changed_permissions = [] changed_users = [] warnings = [] # Check that all the permissions are available. for model, perms in ASSIGNED_PERMISSIONS.items(): if model == 'profile': model_obj = get_profile_model() else: model_obj = User model_content_type = ContentType.objects.get_for_model(model_obj) for perm in perms: try: Permission.objects.get(codename=perm[0], content_type=model_content_type) except Permission.DoesNotExist: changed_permissions.append(perm[1]) Permission.objects.create(name=perm[1], codename=perm[0], content_type=model_content_type) for user in User.objects.all(): if not user.username == 'AnonymousUser': try: user_profile = user.get_profile() except get_profile_model().DoesNotExist: warnings.append(_("No profile found for %(username)s") \ % {'username': user.username}) else: all_permissions = get_perms(user, user_profile) + get_perms(user, user) for model, perms in ASSIGNED_PERMISSIONS.items(): if model == 'profile': perm_object = user.get_profile() else: perm_object = user for perm in perms: if perm[0] not in all_permissions: assign(perm[0], user, perm_object) changed_users.append(user) return (changed_permissions, changed_users, warnings)
def obj_perms_manage_group_view(self, request, object_pk, group_id): """ Manages selected groups' permissions for current object. """ group = get_object_or_404(Group, id=group_id) obj = get_object_or_404(self.queryset(request), pk=object_pk) form_class = self.get_obj_perms_manage_group_form() form = form_class(group, obj, request.POST or None) if request.method == 'POST' and form.is_valid(): form.save_obj_perms() msg = ugettext("Permissions saved.") messages.success(request, msg) info = ( self.admin_site.name, self.model._meta.app_label, self.model._meta.module_name ) url = reverse( '%s:%s_%s_permissions_manage_group' % info, args=[obj.pk, group.id] ) return redirect(url) context = self.get_obj_perms_base_context(request, obj) context['group_obj'] = group context['group_perms'] = get_perms(group, obj) context['form'] = form return render_to_response(self.get_obj_perms_manage_group_template(), context, RequestContext(request, current_app=self.admin_site.name))
def destroy(self, request, pk): """ Delete a CheckListItem """ if not request.user.is_authenticated(): return Response( data={ 'detail': 'Authentication required', }, status=403, ) check_list_item = CheckListItem.objects.get(id=pk) perms = get_perms( user_or_group=request.user, obj=check_list_item.check_list, ) if 'change_checklist' not in perms: return Response( data={ 'detail': 'Permission denied', }, status=403, ) check_list_item.delete() return Response( status=204, )
def retrieve(self, request, pk=None): if not request.user.is_authenticated(): return Response( data={ 'detail': 'Authentication required', }, status=403, ) budget_category = BudgetCategory.objects.get(id=pk) perms = get_perms( user_or_group=request.user, obj=budget_category.budget, ) if 'view_budget' not in perms: return Response( data={ 'detail': 'Permission denied', }, status=403, ) serializer = self.serializer_class(budget_category) return Response( data=serializer.data, status=200, )
def retrieve(self, request, pk=None): if not request.user.is_authenticated(): return Response( data={ 'detail': 'Authentication required', }, status=403, ) check_list_item = CheckListItem.objects.get(id=pk) perms = get_perms( user_or_group=request.user, obj=check_list_item.check_list, ) if 'view_checklist' not in perms: return Response( data={ 'detail': 'Permission denied', }, status=403, ) serializer = self.serializer_class(check_list_item) return Response( data=serializer.data, status=200, )
def obj_perms_manage_user_view(self, request, object_pk, user_id): """ Manages selected users' permissions for current object. """ user = get_object_or_404(get_user_model(), pk=user_id) obj = get_object_or_404(self.queryset(request), pk=object_pk) form_class = self.get_obj_perms_manage_user_form() form = form_class(user, obj, request.POST or None) if request.method == 'POST' and form.is_valid(): form.save_obj_perms() msg = ugettext("Permissions saved.") messages.success(request, msg) info = ( self.admin_site.name, self.model._meta.app_label, get_model_name(self.model) ) url = reverse( '%s:%s_%s_permissions_manage_user' % info, args=[obj.pk, user.pk] ) return redirect(url) context = self.get_obj_perms_base_context(request, obj) context['user_obj'] = user context['user_perms'] = get_perms(user, obj) context['form'] = form return render_to_response(self.get_obj_perms_manage_user_template(), context, RequestContext(request, current_app=self.admin_site.name))
def reports_index_view(request, graph_slug): graph = get_object_or_404(Graph, slug=graph_slug) # We get the modal variable as_modal = bool(request.GET.get("asModal", False)) user = request.user if as_modal: render = render_to_string else: render = render_to_response perms = get_perms(user, graph) broader_context = { "graph": graph, "view_reports": 'view_graph_reports' in perms, "add_reports": 'add_graph_reports' in perms, "edit_reports": 'change_graph_reports' in perms, "delete_reports": 'delete_graph_reports' in perms, "as_modal": as_modal} response = render('reports_base.html', context_instance=RequestContext(request, broader_context)) if as_modal: response = {'type': 'html', 'action': 'reports_main', 'html': response} return HttpResponse(json.dumps(response), status=200, content_type='application/json') else: return response
def get_role_in_org(user, organization): perms = get_perms(user, organization) if "is_org_owner" in perms: return OwnerRole.name else: return get_role(perms, organization) or MemberRole.name
def map_detail(request, mapid, snapshot=None, template='maps/map_detail.html'): ''' The view that show details of each map ''' map_obj = _resolve_map(request, mapid, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != map_obj.owner and not request.user.is_superuser: Map.objects.filter(id=map_obj.id).update(popular_count=F('popular_count') + 1) if snapshot is None: config = map_obj.viewer_json(request.user) else: config = snapshot_config(snapshot, map_obj, request.user) config = json.dumps(config) layers = MapLayer.objects.filter(map=map_obj.id) context_dict = { 'config': config, 'resource': map_obj, 'layers': layers, 'perms_list': get_perms(request.user, map_obj.get_self_resource()), 'permissions_json': _perms_info_json(map_obj), "documents": get_related_documents(map_obj), } if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links(request, map_obj) return render_to_response(template, RequestContext(request, context_dict))
def edit(request, machine_id): hosts = get_all_host(request) images = get_all_image(request) form = None try: machine = Machine.objects.get(id=machine_id) except Machine.DoesNotExist: raise Http404 if 'control_machine' not in get_perms(request.user, machine): raise Http404 if request.method == 'POST': print request.POST form = MachineEditForm(request.POST) if form.is_valid(): data = form.cleaned_data machine.name=data['name'] machine.arch=data['arch'] machine.vmem=data['vmem'] machine.virtio=data['virtio'] machine.vcpu=data['vcpu'] machine.image=data['image'] machine.host=data['host'] machine.description=data['description'] machine.save() messages.success(request, "Machine successful updated!") return HttpResponseRedirect(reverse('machines_edit', args=[machine.id])) return render(request, 'machine/machine_id.html', { 'current_url': ['machines'], 'machine': machine, 'form': form, 'hosts': hosts, 'images': images, 'title': 'Edit Machine' })
def save(self, commit=True): """ Saves granted permissions and removes those switched off. """ member, project = self.membership.member, self.membership.project granted_perms = self.cleaned_data['permissions'] logging.info("Granted perms: %s" % granted_perms) member_perms = get_perms(member, project) # Grant permissions for perm in granted_perms: if perm not in member_perms: assign(perm, member, project) self._message('info', _("Permission added: %s" % perm)) # Remove permissions for perm in member_perms: if perm not in granted_perms: remove_perm(perm, member, project) # notify user if perm is still granted by member's groups groups_with_perm = member.groups.filter( groupobjectpermission__permission__codename=perm) if groups_with_perm: messages.warning(self.request, _("Permission %(perm)s is " "still granted for %(user)s as following group(s) " "has/have it: %(groups)s" % { 'perm': perm, 'user': member, 'groups': ', '.join( (str(group) for group in groups_with_perm) ) })) self._message('warning', _("Permission removed: %s" % perm))
def get_permissions(self, obj): return list( map(lambda p: p.replace("_project", ""), get_perms(self.context['request'].user, obj)))
def appinstance_detail(request, appinstanceid): """ The view that show details of each document """ appinstance = None try: appinstance = resolve_appinstance(request, appinstanceid, 'base.view_resourcebase', PERMISSION_MSG_VIEW) except Http404: return HttpResponse(loader.render_to_string( '404.html', RequestContext(request, {})), status=404) except PermissionDenied: return HttpResponse(loader.render_to_string( '401.html', RequestContext(request, { 'error_message': _("You are not allowed to view this document.") })), status=403) if appinstance is None: return HttpResponse('An unknown error has occured.', mimetype="text/plain", status=401) else: if request.user != appinstance.owner and not request.user.is_superuser: AppInstance.objects.filter(id=appinstance.id).update( popular_count=F('popular_count') + 1) set_thumbnail_link = appinstance.link_set.filter( link_type='appinstance_thumbnail') context_dict = { 'perms_list': get_perms(request.user, appinstance.get_self_resource()), 'permissions_json': _perms_info_json(appinstance), 'resource': appinstance, # 'appinstance_links': appinstance_links, 'set_thumbnail_link': set_thumbnail_link # 'imgtypes': IMGTYPES, # 'related': related } if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links( request, appinstance) if getattr(settings, 'EXIF_ENABLED', False): try: from geonode.contrib.exif.utils import exif_extract_dict exif = exif_extract_dict(appinstance) if exif: context_dict['exif_data'] = exif except BaseException as e: logger.error(e.message + "Exif extraction failed.") return render_to_response("app_manager/appinstance_detail.html", RequestContext(request, context_dict))
def get_permissions(self, obj): auth = get_user_auth(self.context['request']) if not auth.user: return [] return get_perms(auth.user, obj)
def test_municipality_moderator_gets_edit_perm(hobby, user): assert 'change_hobby' not in get_perms(user, hobby) hobby.municipality.moderators.add(user) assert 'change_hobby' in get_perms(user, hobby) hobby.municipality.moderators.remove(user) assert 'change_hobby' not in get_perms(user, hobby)
def post(self, request, file_id): """ Update file content""" try: the_file = get_object_or_404(File, pk=int(file_id)) except ValueError: return HttpResponseForbidden('Not a valid File ID') # Figure out perms can_edit = False can_read = False edit_perms = set(['can_edit_content', 'can_edit_child_content']) perm_set = set(get_perms(request.user, the_file)) p = the_file.parent while p is not None: perm_set.update(get_perms(request.user, p)) p = p.parent if perm_set: can_read = True if perm_set.intersection(edit_perms): can_edit = True if not (can_read or can_edit): return HttpResponseForbidden('Not permitted to access this file.') if can_edit: doc_body = request.POST.get('editor') # removing highlight doc_body = lowlight_properties( doc_body, the_file.package.properties.all()) # The editor will only return the page body so we have keep the # current head old_content = the_file.content.split('<body') new_content = ''.join([ old_content[0], '<body>', doc_body, '</body></html>' ]) the_file.content = new_content the_file.save() reversion.set_comment('Edited file content directly.') tree = user_permitted_tree(request.user) for key, value in tree.items(): if key.id == the_file.package.id: package_tree = value break context = genreal_context(self.request) context['file'] = the_file context['package'] = the_file.package context['package_tree'] = package_tree context['can_read'] = can_read context['can_edit'] = can_edit context['perm_set'] = perm_set context['raw_url'] = reverse('rawfile', kwargs={'file_id': file_id}) if the_file.file_type == 'Document': template = "file_document.html" elif the_file.file_type == 'Sheet': template = "file_sheet.html" else: template = "file_other.html" return render( request, template, context)
def layer_detail(request, layername, template='layers/layer_detail.html'): layer = _resolve_layer(request, layername, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) # assert False, str(layer_bbox) config = layer.attribute_config() # Add required parameters for GXP lazy-loading layer_bbox = layer.bbox bbox = [float(coord) for coord in list(layer_bbox[0:4])] config["srs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913') config["bbox"] = bbox if config["srs"] != 'EPSG:900913' \ else llbbox_to_mercator([float(coord) for coord in bbox]) config["title"] = layer.title config["queryable"] = True if layer.storeType == "remoteStore": service = layer.service source_params = { "ptype": service.ptype, "remote": True, "url": service.base_url, "name": service.name } maplayer = GXPLayer(name=layer.typename, ows_url=layer.ows_url, layer_params=json.dumps(config), source_params=json.dumps(source_params)) else: maplayer = GXPLayer(name=layer.typename, ows_url=layer.ows_url, layer_params=json.dumps(config)) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != layer.owner and not request.user.is_superuser: Layer.objects.filter(id=layer.id).update( popular_count=F('popular_count') + 1) # center/zoom don't matter; the viewer will center on the layer bounds map_obj = GXPMap( projection=getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')) NON_WMS_BASE_LAYERS = [ la for la in default_map_config()[1] if la.ows_url is None ] metadata = layer.link_set.metadata().filter( name__in=settings.DOWNLOAD_FORMATS_METADATA) granules = None all_granules = None filter = None if layer.is_mosaic: try: cat = gs_catalog cat._cache.clear() store = cat.get_store(layer.name) coverages = cat.mosaic_coverages(store) filter = None try: if request.GET["filter"]: filter = request.GET["filter"] except: pass offset = 10 * (request.page - 1) granules = cat.mosaic_granules( coverages['coverages']['coverage'][0]['name'], store, limit=10, offset=offset, filter=filter) all_granules = cat.mosaic_granules( coverages['coverages']['coverage'][0]['name'], store, filter=filter) except: granules = {"features": []} all_granules = {"features": []} context_dict = { "resource": layer, 'perms_list': get_perms(request.user, layer.get_self_resource()), "permissions_json": _perms_info_json(layer), "documents": get_related_documents(layer), "metadata": metadata, "is_layer": True, "wps_enabled": settings.OGC_SERVER['default']['WPS_ENABLED'], "granules": granules, "all_granules": all_granules, "filter": filter, } context_dict["viewer"] = json.dumps( map_obj.viewer_json(request.user, *(NON_WMS_BASE_LAYERS + [maplayer]))) context_dict["preview"] = getattr(settings, 'LAYER_PREVIEW_LIBRARY', 'leaflet') context_dict["crs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913') if request.user.has_perm('download_resourcebase', layer.get_self_resource()): if layer.storeType == 'dataStore': links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_VECTOR) else: links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_RASTER) context_dict["links"] = links if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links(request, layer) return render_to_response(template, RequestContext(request, context_dict))
def update_gloss(request, glossid): """View to update a gloss model from the jeditable jquery form We are sent one field and value at a time, return the new value once we've updated it.""" # Get the gloss object or raise a Http404 exception if the object does not exist. gloss = get_object_or_404(Gloss, id=glossid) # Make sure that the user has rights to edit this datasets glosses. if 'view_dataset' not in get_perms(request.user, gloss.dataset): return HttpResponseForbidden( _("You do not have permissions to edit Glosses of this dataset/lexicon." )) if request.method == "POST": # Update the user on Gloss.updated_by from request.user gloss.updated_by = request.user old_idgloss = str(gloss) field = request.POST.get('id', '') value = request.POST.get('value', '') if len(value) == 0: value = ' ' elif value[0] == '_': value = value[1:] # in case we need multiple values values = request.POST.getlist('value[]') if field.startswith('keywords_'): language_code_2char = field.split('_')[1] return update_keywords(gloss, field, value, language_code_2char=language_code_2char) elif field.startswith('relationforeign'): return update_relationtoforeignsign(gloss, field, value) # Had to add field != 'relation_between_articulators' because I changed its field name, and it conflicted here. elif field.startswith( 'relation') and field != 'relation_between_articulators': return update_relation(gloss, field, value) elif field.startswith('morphology-definition'): return update_morphology_definition(gloss, field, value) elif field == 'dialect': # expecting possibly multiple values try: gloss.dialect.clear() for value in values: lang = Dialect.objects.get(name=value) gloss.dialect.add(lang) gloss.save() newvalue = ", ".join( [str(g.name) for g in gloss.dialect.all()]) except: # Translators: HttpResponseBadRequest return HttpResponseBadRequest("%s %s" % _("Unknown Dialect"), values, content_type='text/plain') elif field.startswith('video_title'): # If editing video title, update the GlossVideo's title if request.user.has_perm('video.change_glossvideo'): # Get pk after string "video_title" video_pk = field.split('video_title')[1] newvalue = value try: video = GlossVideo.objects.get(pk=video_pk) video.title = value video.save() except GlossVideo.DoesNotExist: return HttpResponseBadRequest('{error} {values}'.format( error=_('GlossVideo does not exist'), values=values), content_type='text/plain') else: return HttpResponseForbidden( 'Missing permission: video.change_glossvideo') elif field.startswith('glossurl-'): if field == 'glossurl-create': GlossURL.objects.create(url=value, gloss_id=glossid) return HttpResponseRedirect( reverse('dictionary:admin_gloss_view', kwargs={'pk': gloss.id})) else: if request.user.has_perm('dictionary.change_gloss'): glossurl_pk = field.split('glossurl-')[1] newvalue = value try: glossurl = GlossURL.objects.get(pk=glossurl_pk) glossurl.url = value glossurl.save() except GlossURL.DoesNotExist: pass else: # Find if field is not in Gloss classes fields. if field not in [f.name for f in Gloss._meta.get_fields()]: # Translators: HttpResponseBadRequest return HttpResponseBadRequest(_("Unknown field"), content_type='text/plain') # Translate the value if a boolean if isinstance(Gloss._meta.get_field(field), NullBooleanField): newvalue = value value = (value == 'Yes') if value != ' ' or value != '': # See if the field is a ForeignKey if gloss._meta.get_field( field).get_internal_type() == "ForeignKey": gloss.__setattr__( field, FieldChoice.objects.get(machine_value=value)) else: gloss.__setattr__(field, value) gloss.save() # If the value is not a Boolean, return the new value if not isinstance(value, bool): f = Gloss._meta.get_field(field) # for choice fields we want to return the 'display' version of the value # Try to use get_choices to get correct choice names for FieldChoices # If it doesn't work, go to exception and get flatchoices try: # valdict = dict(f.get_choices(include_blank=False)) valdict = dict(build_choice_list(field)) except: valdict = dict(f.flatchoices) # Some fields take ints # if valdict.keys() != [] and type(valdict.keys()[0]) == int: try: newvalue = valdict.get(int(value), value) # else: except: # either it's not an int or there's no flatchoices # so here we use get with a default of the value itself newvalue = valdict.get(value, value) # If field is idgloss and if the value has changed # Then change the filename on system and in glossvideo.videofile if field == 'idgloss' and newvalue != old_idgloss: try: GlossVideo.rename_glosses_videos(gloss) except (OSError, IOError): # Catch error, but don't do anything for now. return HttpResponseServerError( _("Error: Unable to change videofiles names.")) return HttpResponse(newvalue, content_type='text/plain') else: return HttpResponseNotAllowed(['POST'])
def _remove_obj_permissions(cls, user, obj): for perm in get_perms(user, obj): remove_perm(perm, user, obj)
def test_image_permission_with_public_job(): g_reg_anon = Group.objects.get( name=settings.REGISTERED_AND_ANON_USERS_GROUP_NAME) g_reg = Group.objects.get(name=settings.REGISTERED_USERS_GROUP_NAME) job = AlgorithmJobFactory() output_image = ImageFactory() civ = ComponentInterfaceValueFactory(image=output_image) job.outputs.add(civ) assert "view_image" not in get_perms(g_reg, output_image) assert "view_image" not in get_perms(g_reg_anon, output_image) assert "view_image" not in get_perms(g_reg, job.inputs.first().image) assert "view_image" not in get_perms(g_reg_anon, job.inputs.first().image) job.public = True job.save() assert "view_image" not in get_perms(g_reg, output_image) assert "view_image" in get_perms(g_reg_anon, output_image) assert "view_image" not in get_perms(g_reg, job.inputs.first().image) assert "view_image" in get_perms(g_reg_anon, job.inputs.first().image) job.public = False job.save() assert "view_image" not in get_perms(g_reg, output_image) assert "view_image" not in get_perms(g_reg_anon, output_image) assert "view_image" not in get_perms(g_reg, job.inputs.first().image) assert "view_image" not in get_perms(g_reg_anon, job.inputs.first().image)
def test_func(self): club = suite.models.Club.objects.get(pk=self.kwargs['club_id']) if 'can_create_event' not in get_perms(self.request.user, club): raise PermissionDenied return True
def document_detail(request, docid): """ The view that show details of each document """ try: document = _resolve_document( request, docid, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) except PermissionDenied: return HttpResponse(_("Not allowed"), status=403) except Exception: raise Http404(_("Not found")) if not document: raise Http404(_("Not found")) permission_manager = ManageResourceOwnerPermissions(document) permission_manager.set_owner_permissions_according_to_workflow() # Add metadata_author or poc if missing document.add_missing_metadata_author_or_poc() related = get_related_resources(document) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != document.owner and not request.user.is_superuser: Document.objects.filter( id=document.id).update( popular_count=F('popular_count') + 1) metadata = document.link_set.metadata().filter( name__in=settings.DOWNLOAD_FORMATS_METADATA) # Call this first in order to be sure "perms_list" is correct permissions_json = _perms_info_json(document) perms_list = get_perms( request.user, document.get_self_resource()) + get_perms(request.user, document) group = None if document.group: try: group = GroupProfile.objects.get(slug=document.group.name) except ObjectDoesNotExist: group = None access_token = None if request and request.user: access_token = get_or_create_token(request.user) if access_token and not access_token.is_expired(): access_token = access_token.token else: access_token = None AUDIOTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == 'audio'] IMGTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == 'image'] VIDEOTYPES = [_e for _e, _t in DOCUMENT_TYPE_MAP.items() if _t == 'video'] context_dict = { 'access_token': access_token, 'resource': document, 'perms_list': perms_list, 'permissions_json': permissions_json, 'group': group, 'metadata': metadata, 'audiotypes': AUDIOTYPES, 'imgtypes': IMGTYPES, 'videotypes': VIDEOTYPES, 'mimetypemap': DOCUMENT_MIMETYPE_MAP, 'related': related} if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links( request, document) if getattr(settings, 'EXIF_ENABLED', False): try: from geonode.documents.exif.utils import exif_extract_dict exif = exif_extract_dict(document) if exif: context_dict['exif_data'] = exif except Exception: logger.error("Exif extraction failed.") if request.user.is_authenticated: if getattr(settings, 'FAVORITE_ENABLED', False): from geonode.favorite.utils import get_favorite_info context_dict["favorite_info"] = get_favorite_info(request.user, document) register_event(request, EventType.EVENT_VIEW, document) return render( request, "documents/document_detail.html", context=context_dict)
def test_user_has_no_edit_perm(hobby, user): assert 'change_hobby' not in get_perms(user, hobby)
def import_gloss_csv(request): """ Check which objects exist and which not. Then show the user a list of glosses that will be added if user confirms. Store the glosses to be added into sessions. """ glosses_new = [] glosses_exists = [] # Make sure that the session variables are flushed before using this view. if 'dataset_id' in request.session: del request.session['dataset_id'] if 'glosses_new' in request.session: del request.session['glosses_new'] if request.method == 'POST': form = CSVUploadForm(request.POST, request.FILES) if form.is_valid(): dataset = form.cleaned_data['dataset'] if 'view_dataset' not in get_perms(request.user, dataset): # If user has no permissions to dataset, raise PermissionDenied to show 403 template. msg = _( "You do not have permissions to import glosses to this lexicon." ) messages.error(request, msg) raise PermissionDenied(msg) try: glossreader = csv.reader(codecs.iterdecode( form.cleaned_data['file'], 'utf-8'), delimiter=',', quotechar='"') except csv.Error as e: # Can't open file, remove session variables if 'dataset_id' in request.session: del request.session['dataset_id'] if 'glosses_new' in request.session: del request.session['glosses_new'] # Set a message to be shown so that the user knows what is going on. messages.add_message(request, messages.ERROR, _('Cannot open the file:' + str(e))) return render( request, 'dictionary/import_gloss_csv.html', {'import_csv_form': CSVUploadForm()}, ) except UnicodeDecodeError as e: # File is not UTF-8 encoded. messages.add_message(request, messages.ERROR, _('File must be UTF-8 encoded!')) return render( request, 'dictionary/import_gloss_csv.html', {'import_csv_form': CSVUploadForm()}, ) for row in glossreader: if glossreader.line_num == 1: # Skip first line of CSV file. continue try: # Find out if the gloss already exists, if it does add to list of glosses not to be added. gloss = Gloss.objects.get(dataset=dataset, idgloss=row[0]) glosses_exists.append(gloss) except Gloss.DoesNotExist: # If gloss is not already in list, add glossdata to list of glosses to be added as a tuple. if not any(row[0] in s for s in glosses_new): glosses_new.append(tuple(row)) except IndexError: # If row[0] does not exist, continue to next iteration of loop. continue # Store dataset's id and the list of glosses to be added in session. request.session['dataset_id'] = dataset.id request.session['glosses_new'] = glosses_new return render( request, 'dictionary/import_gloss_csv_confirmation.html', { 'glosses_new': glosses_new, 'glosses_exists': glosses_exists, 'dataset': dataset, }) else: # If form is not valid, set a error message and return to the original form. messages.add_message( request, messages.ERROR, _('The provided CSV-file does not meet the requirements ' 'or there is some other problem.')) return render( request, 'dictionary/import_gloss_csv.html', {'import_csv_form': form}, ) else: # If request type is not POST, return to the original form. csv_form = CSVUploadForm() allowed_datasets = get_objects_for_user(request.user, 'dictionary.view_dataset') # Make sure we only list datasets the user has permissions to. csv_form.fields["dataset"].queryset = csv_form.fields[ "dataset"].queryset.filter(id__in=[x.id for x in allowed_datasets]) return render( request, "dictionary/import_gloss_csv.html", {'import_csv_form': csv_form}, )
def set_permissions(request,share,json=None): from smtplib import SMTPException emailed=[] created=[] failed=[] # if not request.user.has_perm('admin',share): # return json_response({'status':'error','error':'You do not have permission to write to this share.'}) if json.has_key('groups'): for group, permissions in json['groups'].iteritems(): g = Group.objects.get(id__iexact=group) current_perms = get_perms(g,share) removed_perms = list(set(current_perms) - set(permissions)) added_perms = list(set(permissions) - set(current_perms)) for u in g.user_set.all(): if len(share.get_user_permissions(u,user_specific=True)) == 0 and len(added_perms) > 0 and json['email']: email_users([u],'share/share_subject.txt','share/share_email_body.txt',{'user':u,'share':share,'sharer':request.user,'site_url':SITE_URL}) emailed.append(u.username) for perm in removed_perms: remove_perm(perm,g,share) for perm in added_perms: assign_perm(perm,g,share) if json.has_key('users'): for username, permissions in json['users'].iteritems(): username = username.lower() try: u = User.objects.get(username__iexact=username) if len(share.get_user_permissions(u,user_specific=True)) == 0 and json['email']: try: email_users([u],'share/share_subject.txt','share/share_email_body.txt',{'user':u,'share':share,'sharer':request.user,'site_url':SITE_URL}) emailed.append(username) except: failed.append(username) except: if len(permissions) > 0: password = User.objects.make_random_password() u = User(username=username,email=username) u.set_password(password) u.save() try: email_users([u],'share/share_subject.txt','share/share_new_email_body.txt',{'user':u,'password':password,'share':share,'sharer':request.user,'site_url':SITE_URL}) created.append(username) except: failed.append(username) u.delete() current_perms = share.get_user_permissions(u,user_specific=True) print 'CURRENT' print current_perms print 'PERMISSIONS' print permissions removed_perms = list(set(current_perms) - set(permissions)) added_perms = list(set(permissions) - set(current_perms)) print 'ADDING: ' print added_perms print 'REMOVING: ' print removed_perms for perm in removed_perms: if u.username not in failed: remove_perm(perm,u,share) for perm in added_perms: if u.username not in failed: assign_perm(perm,u,share) data = share.get_permissions(user_specific=True) data['messages']=[] if len(emailed) > 0: data['messages'].append({'type':'info','content':'%s has/have been emailed'%', '.join(emailed)}) if len(created) > 0: data['messages'].append({'type':'info','content':'Accounts has/have been created and emails have been sent to the following email addresses: %s'%', '.join(created)}) if len(failed) > 0: data['messages'].append({'type':'info','content':'Delivery has failed to the following addresses: %s'%', '.join(failed)}) data['json']=json return json_response(data)
def document_detail(request, docid): """ The view that show details of each document """ document = None try: document = _resolve_document(request, docid, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) except Http404: return HttpResponse(loader.render_to_string( '404.html', RequestContext(request, {})), status=404) except PermissionDenied: return HttpResponse(loader.render_to_string( '401.html', RequestContext(request, { 'error_message': _("You are not allowed to view this document.") })), status=403) if document is None: return HttpResponse('An unknown error has occured.', content_type="text/plain", status=401) else: related = get_related_resources(document) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != document.owner and not request.user.is_superuser: Document.objects.filter(id=document.id).update( popular_count=F('popular_count') + 1) metadata = document.link_set.metadata().filter( name__in=settings.DOWNLOAD_FORMATS_METADATA) context_dict = { 'perms_list': get_perms(request.user, document.get_self_resource()), 'permissions_json': _perms_info_json(document), 'resource': document, 'metadata': metadata, 'imgtypes': IMGTYPES, 'related': related } if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links( request, document) if getattr(settings, 'EXIF_ENABLED', False): try: from geonode.contrib.exif.utils import exif_extract_dict exif = exif_extract_dict(document) if exif: context_dict['exif_data'] = exif except BaseException: print "Exif extraction failed." return render_to_response("documents/document_detail.html", RequestContext(request, context_dict))
def map_detail(request, mapid, snapshot=None, template='maps/map_detail.html'): ''' The view that show details of each map ''' map_obj = _resolve_map( request, mapid, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != map_obj.owner and not request.user.is_superuser: Map.objects.filter( id=map_obj.id).update( popular_count=F('popular_count') + 1) if 'access_token' in request.session: access_token = request.session['access_token'] else: access_token = None if snapshot is None: config = map_obj.viewer_json(request.user, access_token) else: config = snapshot_config(snapshot, map_obj, request.user, access_token) config = json.dumps(config) layers = MapLayer.objects.filter(map=map_obj.id) links = map_obj.link_set.download() group = None if map_obj.group: try: group = GroupProfile.objects.get(slug=map_obj.group.name) except GroupProfile.DoesNotExist: group = None context_dict = { 'config': config, 'resource': map_obj, 'group': group, 'layers': layers, 'perms_list': get_perms(request.user, map_obj.get_self_resource()), 'permissions_json': _perms_info_json(map_obj), "documents": get_related_documents(map_obj), 'links': links, } context_dict["preview"] = getattr( settings, 'LAYER_PREVIEW_LIBRARY', '') context_dict["crs"] = getattr( settings, 'DEFAULT_MAP_CRS', 'EPSG:900913') if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links(request, map_obj) return render_to_response(template, RequestContext(request, context_dict))
def test_creator_gets_edit_perm(hobby, user): assert hobby.created_by_id != user.pk assert 'change_hobby' not in get_perms(user, hobby) hobby.created_by = user hobby.save() assert 'change_hobby' in get_perms(user, hobby)
def layer_detail(request, layername, template='layers/layer_detail.html'): layer = _resolve_layer(request, layername, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) # assert False, str(layer_bbox) config = layer.attribute_config() # Add required parameters for GXP lazy-loading layer_bbox = layer.bbox bbox = [float(coord) for coord in list(layer_bbox[0:4])] if hasattr(layer, 'srid'): config['crs'] = {'type': 'name', 'properties': layer.srid} config["srs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913') config["bbox"] = bbox if config["srs"] != 'EPSG:900913' \ else llbbox_to_mercator([float(coord) for coord in bbox]) config["title"] = layer.title config["queryable"] = True if layer.storeType == "remoteStore": service = layer.service source_params = { "ptype": service.ptype, "remote": True, "url": service.base_url, "name": service.name } maplayer = GXPLayer(name=layer.alternate, ows_url=layer.ows_url, layer_params=json.dumps(config), source_params=json.dumps(source_params)) else: maplayer = GXPLayer(name=layer.alternate, ows_url=layer.ows_url, layer_params=json.dumps(config)) # Update count for popularity ranking, # but do not includes admins or resource owners layer.view_count_up(request.user) # center/zoom don't matter; the viewer will center on the layer bounds map_obj = GXPMap( projection=getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')) NON_WMS_BASE_LAYERS = [ la for la in default_map_config(request)[1] if la.ows_url is None ] metadata = layer.link_set.metadata().filter( name__in=settings.DOWNLOAD_FORMATS_METADATA) granules = None all_granules = None filter = None if layer.is_mosaic: try: cat = gs_catalog cat._cache.clear() store = cat.get_store(layer.name) coverages = cat.mosaic_coverages(store) filter = None try: if request.GET["filter"]: filter = request.GET["filter"] except BaseException: pass offset = 10 * (request.page - 1) granules = cat.mosaic_granules( coverages['coverages']['coverage'][0]['name'], store, limit=10, offset=offset, filter=filter) all_granules = cat.mosaic_granules( coverages['coverages']['coverage'][0]['name'], store, filter=filter) except BaseException: granules = {"features": []} all_granules = {"features": []} group = None if layer.group: try: group = GroupProfile.objects.get(slug=layer.group.name) except GroupProfile.DoesNotExist: group = None # a flag to be used for qgis server show_popup = False if 'show_popup' in request.GET and request.GET["show_popup"]: show_popup = True context_dict = { 'resource': layer, 'group': group, 'perms_list': get_perms(request.user, layer.get_self_resource()), "permissions_json": _perms_info_json(layer), "documents": get_related_documents(layer), "metadata": metadata, "is_layer": True, "wps_enabled": settings.OGC_SERVER['default']['WPS_ENABLED'], "granules": granules, "all_granules": all_granules, "show_popup": show_popup, "filter": filter, } if 'access_token' in request.session: access_token = request.session['access_token'] else: u = uuid.uuid1() access_token = u.hex context_dict["viewer"] = json.dumps( map_obj.viewer_json(request.user, access_token, *(NON_WMS_BASE_LAYERS + [maplayer]))) context_dict["preview"] = getattr(settings, 'LAYER_PREVIEW_LIBRARY', 'leaflet') context_dict["crs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913') # provide bbox in EPSG:4326 for leaflet if context_dict["preview"] == 'leaflet': srid, wkt = layer.geographic_bounding_box.split(';') srid = re.findall(r'\d+', srid) geom = GEOSGeometry(wkt, srid=int(srid[0])) geom.transform(4326) context_dict["layer_bbox"] = ','.join([str(c) for c in geom.extent]) if layer.storeType == 'dataStore': links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_VECTOR) else: links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_RASTER) links_view = [ item for idx, item in enumerate(links) if item.url and 'wms' in item.url or 'gwc' in item.url ] links_download = [ item for idx, item in enumerate(links) if item.url and 'wms' not in item.url and 'gwc' not in item.url ] for item in links_view: if item.url and access_token and 'access_token' not in item.url: params = {'access_token': access_token} item.url = Request('GET', item.url, params=params).prepare().url for item in links_download: if item.url and access_token and 'access_token' not in item.url: params = {'access_token': access_token} item.url = Request('GET', item.url, params=params).prepare().url if request.user.has_perm('view_resourcebase', layer.get_self_resource()): context_dict["links"] = links_view if request.user.has_perm('download_resourcebase', layer.get_self_resource()): if layer.storeType == 'dataStore': links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_VECTOR) else: links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_RASTER) context_dict["links_download"] = links_download if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links(request, layer) layers_names = layer.alternate try: if 'geonode' in layers_names: workspace, name = layers_names.split(':', 1) else: name = layers_names except: print "Can not identify workspace type and layername" context_dict["layer_name"] = json.dumps(layers_names) try: # get type of layer (raster or vector) if layer.storeType == 'coverageStore': context_dict["layer_type"] = "raster" elif layer.storeType == 'dataStore': context_dict["layer_type"] = "vector" location = "{location}{service}".format( **{ 'location': settings.OGC_SERVER['default']['LOCATION'], 'service': 'wms', }) # get schema for specific layer username = settings.OGC_SERVER['default']['USER'] password = settings.OGC_SERVER['default']['PASSWORD'] schema = get_schema(location, name, username=username, password=password) # get the name of the column which holds the geometry if 'the_geom' in schema['properties']: schema['properties'].pop('the_geom', None) elif 'geom' in schema['properties']: schema['properties'].pop("geom", None) # filter the schema dict based on the values of layers_attributes layer_attributes_schema = [] for key in schema['properties'].keys(): layer_attributes_schema.append(key) filtered_attributes = layer_attributes_schema context_dict["schema"] = schema context_dict["filtered_attributes"] = filtered_attributes except: print "Possible error with OWSLib. Turning all available properties to string" # maps owned by user needed to fill the "add to existing map section" in template if request.user.is_authenticated(): context_dict["maps"] = Map.objects.filter(owner=request.user) return TemplateResponse(request, template, RequestContext(request, context_dict))
def test_anonymous_user_has_no_edit_perm(hobby, guardian_anonymous_user): assert 'change_hobby' not in get_perms(guardian_anonymous_user, hobby)
def get_team_project_default_permissions(team, project): perms = get_perms(team, project) return get_role(perms, project) or ""
def create(self, validated_data): auth = get_user_auth(self.context['request']) user_id = validated_data.pop('_id', '') address = validated_data.pop('email', '') provider = self.context['provider'] context = { 'referrer': auth.user, } if user_id and address: raise ValidationError('Cannot specify both "id" and "email".') user = None if user_id: user = OSFUser.load(user_id) elif address: try: email = Email.objects.get(address=address.lower()) except Email.DoesNotExist: full_name = validated_data.pop('fullname', '') if not full_name: raise ValidationError('"full_name" is required when adding a moderator via email.') user = OSFUser.create_unregistered(full_name, email=address) user.add_unclaimed_record( provider, referrer=auth.user, given_name=full_name, email=address, ) user.save() claim_url = user.get_claim_url(provider._id, external=True) context['claim_url'] = claim_url else: user = email.user else: raise ValidationError('Must specify either "id" or "email".') if not user: raise ValidationError('Unable to find specified user.') context['user'] = user context['provider'] = provider if bool(get_perms(user, provider)): raise ValidationError('Specified user is already a moderator.') if 'claim_url' in context: template = mails.CONFIRM_EMAIL_MODERATION(provider) else: template = mails.MODERATOR_ADDED(provider) perm_group = validated_data.pop('permission_group', '') if perm_group not in REVIEW_GROUPS: raise ValidationError('Unrecognized permission_group') context['notification_settings_url'] = '{}reviews/preprints/{}/notifications'.format(DOMAIN, provider._id) context['provider_name'] = provider.name context['is_reviews_moderator_notification'] = True context['is_admin'] = perm_group == ADMIN provider.add_to_group(user, perm_group) setattr(user, 'permission_group', perm_group) # Allows reserialization mails.send_mail( user.username, template, **context ) return user
def map_detail(request, mapid, snapshot=None, template='maps/map_detail.html'): ''' The view that show details of each map ''' map_obj = _resolve_map( request, mapid, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != map_obj.owner and not request.user.is_superuser: Map.objects.filter( id=map_obj.id).update( popular_count=F('popular_count') + 1) if snapshot is None: config = map_obj.viewer_json(request) else: config = snapshot_config(snapshot, map_obj, request) config = json.dumps(config) layers = MapLayer.objects.filter(map=map_obj.id) links = map_obj.link_set.download() group = None if map_obj.group: try: group = GroupProfile.objects.get(slug=map_obj.group.name) except GroupProfile.DoesNotExist: group = None context_dict = { 'config': config, 'resource': map_obj, 'group': group, 'layers': layers, 'perms_list': get_perms( request.user, map_obj.get_self_resource()) + get_perms(request.user, map_obj), 'permissions_json': _perms_info_json(map_obj), "documents": get_related_documents(map_obj), 'links': links, 'preview': getattr( settings, 'GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY', 'geoext'), 'crs': getattr( settings, 'DEFAULT_MAP_CRS', 'EPSG:3857') } if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links(request, map_obj) if request.user.is_authenticated(): if getattr(settings, 'FAVORITE_ENABLED', False): from geonode.favorite.utils import get_favorite_info context_dict["favorite_info"] = get_favorite_info(request.user, map_obj) return render(request, template, context=context_dict)
def form_valid(self, form): self.object = form.save() # Need to force lower case emails. self.object.username = self.object.username.lower() self.object.save() username = form.cleaned_data['username'] language = form.cleaned_data['language'] course = form.cleaned_data['course'] perms = form.cleaned_data['perms'] prog_id = form.cleaned_data['program_id'] is_active = form.cleaned_data['is_active'] self.ggvuser.program_id = prog_id self.ggvuser.language_pref = language self.ggvuser.save() #get_user_perms curr_permissions = get_perms(self.object, self.course) if not curr_permissions: curr_permissions = get_user_perms(self.object, self.course) # Username changed? if not self.object.email == username: self.object.email = username self.object.save() try: social_auth_obj = self.object.social_auth.all()[0] social_auth_obj.uid = self.object.email social_auth_obj.save() except: pass if not self.object.is_active == is_active: self.object.is_active = is_active self.object.save() # Change the user's course?. if not self.course.id == course.id: for i in curr_permissions: assign_perm(i, self.object, course) remove_perm(i, self.object, self.course) # Change course_context for user's bookmarks bks = self.object.bookmarker.all().filter( course_context=self.course) for i in bks: try: i.course_context = course i.save() except IntegrityError as e: i.delete() self.course = course # Change the user's permissions? if perms not in curr_permissions: for i in curr_permissions: remove_perm(i, self.object, self.course) assign_perm(perms, self.object, self.course) return super(UpdateGgvUserAccountView, self).form_valid(form)
def get_object_perms(obj, user=None): """Return permissions for given object in Resolwe specific format. Function returns permissions for given object ``obj`` in following format:: { "type": "group"/"user"/"public", "id": <group_or_user_id>, "name": <group_or_user_name>, "permissions": [<first_permission>, <second_permission>,...] } For ``public`` type ``id`` and ``name`` keys are omitted. If ``user`` parameter is given, permissions are limited only to given user, groups he belongs to and public permissions. :param obj: Resolwe's DB model's instance :type obj: a subclass of :class:`~resolwe.flow.models.base.BaseModel` :param user: Django user :type user: :class:`~django.contrib.auth.models.User` or :data:`None` :return: list of permissions object in described format :rtype: list """ def format_permissions(perms): """Remove model name from permission.""" ctype = ContentType.objects.get_for_model(obj) return [perm.replace('_{}'.format(ctype.name), '') for perm in perms] perms_list = [] if user: if user.is_authenticated: user_perms, group_perms = get_user_group_perms(user, obj) else: user_perms, group_perms = [], [] if user_perms != []: perms_list.append({ 'type': 'user', 'id': user.pk, 'name': user.get_full_name() or user.username, 'permissions': format_permissions(user_perms), }) if group_perms != []: for group_id, group_name, perms in group_perms: perms_list.append({ 'type': 'group', 'id': group_id, 'name': group_name, 'permissions': format_permissions(perms), }) else: user_options = {'attach_perms': True, 'with_group_users': False} for user, perms in six.iteritems( get_users_with_perms(obj, **user_options)): if user.username == settings.ANONYMOUS_USER_NAME: # public user is treated separately continue perms_list.append({ 'type': 'user', 'id': user.pk, 'name': user.get_full_name() or user.username, 'permissions': format_permissions(perms), }) group_options = { 'attach_perms': True, } for group, perms in six.iteritems( get_groups_with_perms(obj, **group_options)): perms_list.append({ 'type': 'group', 'id': group.pk, 'name': group.name, 'permissions': format_permissions(perms), }) public_perms = get_perms(AnonymousUser(), obj) if public_perms != []: perms_list.append({ 'type': 'public', 'permissions': format_permissions(public_perms), }) return perms_list
def layer_detail(request, layername, template='layers/layer_detail.html'): try: user_role = request.GET['user_role'] except: user_role=None layer = _resolve_layer( request, layername, 'base.view_resourcebase', _PERMISSION_MSG_VIEW) user = request.user edit_permit = False if layer.owner == user and layer.status in ['DRAFT', 'ACTIVE', 'DENIED']: edit_permit = True elif user in layer.group.get_managers() and layer.status in ['PENDING', 'ACTIVE', 'DENIED']: edit_permit = True if not edit_permit and layer.status=='ACTIVE': edit_permit = True # if the edit request is not valid then just return from here if not edit_permit: return HttpResponse( loader.render_to_string( '401.html', RequestContext( request, { 'error_message': _("You dont have permission to edit this layer.")})), status=401) # return HttpResponse('You dont have permission to edit this layer') # assert False, str(layer_bbox) config = layer.attribute_config() # Add required parameters for GXP lazy-loading layer_bbox = layer.bbox bbox = [float(coord) for coord in list(layer_bbox[0:4])] config["srs"] = getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913') config["bbox"] = bbox if config["srs"] != 'EPSG:900913' \ else llbbox_to_mercator([float(coord) for coord in bbox]) config["title"] = layer.title config["queryable"] = True if layer.storeType == "remoteStore": service = layer.service source_params = { "ptype": service.ptype, "remote": True, "url": service.base_url, "name": service.name} maplayer = GXPLayer( name=layer.typename, ows_url=layer.ows_url, layer_params=json.dumps(config), source_params=json.dumps(source_params)) else: maplayer = GXPLayer( name=layer.typename, ows_url=layer.ows_url, layer_params=json.dumps(config)) # Update count for popularity ranking, # but do not includes admins or resource owners if request.user != layer.owner and not request.user.is_superuser: Layer.objects.filter( id=layer.id).update(popular_count=F('popular_count') + 1) # center/zoom don't matter; the viewer will center on the layer bounds map_obj = GXPMap(projection=getattr(settings, 'DEFAULT_MAP_CRS', 'EPSG:900913')) NON_WMS_BASE_LAYERS = [ la for la in default_map_config()[1] if la.ows_url is None] metadata = layer.link_set.metadata().filter( name__in=settings.DOWNLOAD_FORMATS_METADATA) granules = None all_granules = None filter = None if layer.is_mosaic: try: cat = gs_catalog cat._cache.clear() store = cat.get_store(layer.name) coverages = cat.mosaic_coverages(store) filter = None try: if request.GET["filter"]: filter = request.GET["filter"] except: pass offset = 10 * (request.page - 1) granules = cat.mosaic_granules(coverages['coverages']['coverage'][0]['name'], store, limit=10, offset=offset, filter=filter) all_granules = cat.mosaic_granules(coverages['coverages']['coverage'][0]['name'], store, filter=filter) except: granules = {"features": []} all_granules = {"features": []} approve_form = ResourceApproveForm() deny_form = ResourceDenyForm() metadata_field_list = ['owner', 'title', 'date', 'date_type', 'edition', 'abstract', 'purpose', 'maintenance_frequency', 'regions', 'restriction_code_type', 'constraints_other', 'license', 'language', 'spatial_representation_type', 'resource_type', 'temporal_extent_start', 'temporal_extent_end', 'supplemental_information', 'data_quality_statement', 'thumbnail_url', 'elevation_regex', 'time_regex', 'keywords', 'category'] if request.user == layer.owner or request.user in layer.group.get_managers(): if not layer.attributes: messages.info(request, 'Please update layer metadata, missing some informations') elif not layer.metadata_author: messages.info(request, 'Please update layer metadata, missing some informations') else: for field in metadata_field_list: if not getattr(layer, layer._meta.get_field(field).name): messages.info(request, 'Please update layer metadata, missing some informations') break # layer_name = layer.service_typename # geoserver_user = OGC_SERVER['default']['USER'] # geoserver_password = OGC_SERVER['default']['PASSWORD'] # style_url = OGC_SERVER['default']['PUBLIC_LOCATION'] + "rest/layers/" + layer_name + ".json" # response1 = requests.get(style_url, auth=HTTPBasicAuth(geoserver_user, geoserver_password)) # sld_file_name_url = response1.json()['layer']['defaultStyle']['href'] # response2 = requests.get(sld_file_name_url, auth=HTTPBasicAuth(geoserver_user, geoserver_password)) # file_name = response2.json()['style']['filename'] # sld_file_url = OGC_SERVER['default']['PUBLIC_LOCATION'] + "rest/styles/" + file_name # sld_content = requests.get(sld_file_url, auth=HTTPBasicAuth(geoserver_user, geoserver_password)).content # # xlink = '' # try: # dict1 = xmltodict.parse(sld_content) # dict2 = dict1['sld:StyledLayerDescriptor']['sld:NamedLayer']['sld:UserStyle']['sld:FeatureTypeStyle']\ # ['sld:Rule']['sld:PointSymbolizer'] # xlink = dict2['sld:Graphic']['sld:ExternalGraphic']['sld:OnlineResource']['@xlink:href'] # except: # pass xlink = style_chart_legend_color(layer) context_dict = { "resource": layer, 'perms_list': get_perms(request.user, layer.get_self_resource()), "permissions_json": _perms_info_json(layer), "documents": get_related_documents(layer), "metadata": metadata, "is_layer": True, "wps_enabled": settings.OGC_SERVER['default']['WPS_ENABLED'], "granules": granules, "all_granules": all_granules, "filter": filter, "user_role": user_role, "approve_form": approve_form, "deny_form": deny_form, "denied_comments": LayerAuditActivity.objects.filter(layer_submission_activity__layer=layer), "status": layer.status, "chart_link" : xlink } context_dict["viewer"] = json.dumps( map_obj.viewer_json(request.user, * (NON_WMS_BASE_LAYERS + [maplayer]))) context_dict["preview"] = getattr( settings, 'LAYER_PREVIEW_LIBRARY', 'leaflet') if request.user.has_perm('download_resourcebase', layer.get_self_resource()): if layer.storeType == 'dataStore': links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_VECTOR) else: links = layer.link_set.download().filter( name__in=settings.DOWNLOAD_FORMATS_RASTER) context_dict["links"] = links if settings.SOCIAL_ORIGINS: context_dict["social_links"] = build_social_links(request, layer) return render_to_response(template, RequestContext(request, context_dict))
def test_read_without_lock_ok(user_api_client, scan_decision, user): resp = user_api_client().get(f'/api/v1/scan-decisions/{scan_decision.id}') if not has_read_perm(get_perms(user, scan_decision.scan.experiment.project)): assert resp.status_code == 404 else: assert resp.status_code == 200
def test_moderated_upload(self): """ Test if moderation flag works """ with self.settings(ADMIN_MODERATE_UPLOADS=False): self.client.login(username=self.user, password=self.passwd) input_path = self._get_input_path() with open(input_path, 'rb') as f: data = { 'title': 'document title', 'doc_file': f, 'resource': '', 'extension': 'txt', 'permissions': '{}', } resp = self.client.post(self.document_upload_url, data=data) self.assertEqual(resp.status_code, 200) dname = 'document title' _d = Document.objects.get(title=dname) self.assertTrue(_d.is_published) uuid = _d.uuid _d.delete() from geonode.documents.utils import delete_orphaned_document_files _, document_files_before = storage.listdir( os.path.join("documents", "document")) deleted = delete_orphaned_document_files() _, document_files_after = storage.listdir( os.path.join("documents", "document")) self.assertTrue(len(deleted) > 0) self.assertEqual( set(deleted), set(document_files_before) - set(document_files_after)) from geonode.base.utils import delete_orphaned_thumbs thumb_files_before = get_thumbs() deleted = delete_orphaned_thumbs() thumb_files_after = get_thumbs() if len(thumb_files_before): self.assertTrue( len(deleted) > 0, f"before: {thumb_files_before} - deleted: {deleted} - after: {thumb_files_after}" ) self.assertEqual( set(deleted), set(thumb_files_before) - set(thumb_files_after), f"deleted: {deleted} vs {set(thumb_files_before) - set(thumb_files_after)}" ) fn = os.path.join(os.path.join("documents", "document"), os.path.basename(input_path)) self.assertFalse(storage.exists(fn)) files = [thumb for thumb in get_thumbs() if uuid in thumb] self.assertEqual(len(files), 0) with self.settings(ADMIN_MODERATE_UPLOADS=True): self.client.login(username=self.user, password=self.passwd) norman = get_user_model().objects.get(username="******") group = GroupProfile.objects.get(slug="bar") input_path = self._get_input_path() with open(input_path, 'rb') as f: data = { 'title': 'document title', 'doc_file': f, 'resource': '', 'extension': 'txt', 'permissions': '{}', } resp = self.client.post(self.document_upload_url, data=data) self.assertEqual(resp.status_code, 200) dname = 'document title' _d = Document.objects.get(title=dname) self.assertFalse(_d.is_approved) self.assertTrue(_d.is_published) group.join(norman) self.assertFalse(group.user_is_role(norman, "manager")) GroupMember.objects.get(group=group, user=norman).promote() self.assertTrue(group.user_is_role(norman, "manager")) self.client.login(username="******", password="******") resp = self.client.get(reverse('document_detail', args=(_d.id, ))) # Forbidden self.assertEqual(resp.status_code, 403) _d.group = group.group _d.save() resp = self.client.get(reverse('document_detail', args=(_d.id, ))) # Allowed - edit permissions self.assertEqual(resp.status_code, 200) perms_list = get_perms(norman, _d.get_self_resource()) + get_perms( norman, _d) self.assertTrue('change_resourcebase_metadata' in perms_list) GroupMember.objects.get(group=group, user=norman).demote() self.assertFalse(group.user_is_role(norman, "manager")) resp = self.client.get(reverse('document_detail', args=(_d.id, ))) # Allowed - no edit self.assertEqual(resp.status_code, 200) perms_list = get_perms(norman, _d.get_self_resource()) + get_perms( norman, _d) self.assertFalse('change_resourcebase_metadata' in perms_list) group.leave(norman)
def post(self, request, *args, **kwargs): user = get_object_or_404(User, pk=kwargs['pk']) user_name = str(user) if request.user.pk == user.pk: messages.error( request, "You cannot delete yourself. Sorry. That would be weird.") return redirect('roster:admin_membership', pk=self.kwargs['pk']) # Billing Subscriptions BillingSubscription.objects.filter( user=user, league=self.league, ).delete() # Invoices Invoice.objects.filter( user=user, league=self.league, ).delete() # Payments Payment.objects.filter( user=user, league=self.league, ).delete() # Saved Cards UserStripeCard.objects.filter( user=user, league=self.league, ).delete() # Custom Billing Groups BillingGroupMembership.objects.filter( user=user, league=self.league, ).delete() # Roster Roster.objects.filter( user=user, event__league=self.league, ).delete() # Registration Data RegistrationData.objects.filter( user=user, event__league=self.league, ).delete() # Registration Invites RegistrationInvite.objects.filter( user=user, event__league=self.league, ).delete() # Legal Signatures # I suppose these could be emailed as a backup before they are deleted. # Seems like something we wouldn't want to lose? LegalSignature.objects.filter( user=user, league=self.league, ).delete() # User Logs UserLog.objects.filter( user=user, league=self.league, ).delete() # User Tags # currently no League field (uh... huh?) Can't delete now. # Remove permissions for perm in get_perms(user, self.league): remove_perm(perm, user, self.league) for perm in get_perms(user, self.league.organization): remove_perm(perm, user, self.league.organization) if BillingSubscription.objects.filter(user=user).exists() or \ Invoice.objects.filter(user=user).exists() or \ Payment.objects.filter(user=user).exists() or \ UserStripeCard.objects.filter(user=user).exists() or \ BillingGroupMembership.objects.filter(user=user).exists() or \ Roster.objects.filter(user=user).exists() or \ RegistrationData.objects.filter(user=user).exists() or \ RegistrationInvite.objects.filter(user=user).exists() or \ LegalSignature.objects.filter(user=user).exists() or \ UserLog.objects.filter(user=user).exists(): # User still exists in the system. Maybe we should care. pass else: messages.success( request, "<strong>{}</strong> is not a member of any other leagues on the system. They have been completely removed." .format(user_name)) user.delete() messages.success( request, "Deleted user <strong>{}</strong> from database. They are now gone." .format(user_name)) return redirect('roster:list')
def get_context_data(self, **kwargs): context = super(FlujoList, self).get_context_data(**kwargs) context['proyecto_perms'] = get_perms(self.request.user, self.project) return context
def get(self, request, *args, **kwargs): course = Course.objects.get(slug=self.kwargs['crs_slug']) is_instructor = 'instructor' in get_perms(self.request.user, course) is_student = 'access' in get_perms(self.request.user, course) """ User has previously completed or is staff. No viewing restrictions enforced. """ if self.request.user.is_staff or is_instructor or self.completion_status.count( ): if not self.next_question: """ No more questions. Show student user the worksheet completion page. """ if is_student and not is_instructor: user_ws_status = UserWorksheetStatus.objects.filter( user=self.request.user).get( completed_worksheet=self.worksheet) return HttpResponseRedirect( reverse('worksheet_completed', args=(self.kwargs['crs_slug'], user_ws_status.id))) return HttpResponseRedirect( reverse('worksheet_user_report', args=(self.kwargs['crs_slug'], self.worksheet.id, self.request.user.id))) return super(QuestionResponseView, self).get(request, *args, **kwargs) """ User is not staff but viewing restrictions are not enforced if response not required. """ if self.next_question: if not self.next_question['question'].response_required: return super(QuestionResponseView, self).get(request, *args, **kwargs) """ Viewing restrictions enforced. """ self.next_question = self.worksheet.get_next_question( self.request.user) """ If user's response queue is empty, user has completed worksheet, write completion status. Send user to worksheet report. """ if not self.next_question: if not self.completion_status: user_ws_status = UserWorksheetStatus( user=self.request.user, completed_worksheet=self.worksheet, score=self.worksheet.get_user_score(self.request.user)) user_ws_status.save() self.completion_status = True logpath = reverse('worksheet_report', args=( self.kwargs['crs_slug'], self.worksheet.id, )) msg = '<a href="%s">%s</a>' % (logpath, self.worksheet.title) msg_detail = self.worksheet.lesson.title logged = ActivityLog(user=self.request.user, action='completed-worksheet', message=msg, message_detail=msg_detail) logged.save() """ Create notification for instructor(s) that the user has completed the worksheet """ for i in course.instructor_list(): notification = Notification( user_to_notify=i, context='worksheet', event=self.worksheet.notify_text( crs_slug=course.slug, user=self.request.user)) notification.save() """ Send email to instructor(s) that the user has completed the worksheet. """ SendWorksheetNotificationEmailToInstructors( self.request, course, self.worksheet) return HttpResponseRedirect( reverse('worksheet_completed', args=(self.kwargs['crs_slug'], user_ws_status.id))) """ Request parameter <j> is potentially overidden by next unanswered question in user's response queue. """ if str(self.next_question['index']) != self.kwargs['j']: return HttpResponseRedirect( reverse('question_response', args=(self.kwargs['crs_slug'], self.worksheet.id, self.next_question['index']))) return super(QuestionResponseView, self).get(request, *args, **kwargs)