def set_access_rules(self, request, pk): res, _, _ = authorize(request, pk, full=True, superuser=True) access_rules_form = utils.create_form( SetAccessRules.SetAccessRulesForm, request) if access_rules_form.is_valid(): r = access_rules_form.cleaned_data # get the user or group by ID # try username first, then email address, then primary key if r['principalType'] == 'user': tgt = user_from_id(r['principalID']) ret = hydroshare.set_access_rules(user=tgt, pk=res, access=r['access'], allow=r['allow']) else: tgt = group_from_id(r['principalID']) ret = hydroshare.set_access_rules(group=tgt, pk=res, access=r['access'], allow=r['allow']) else: distribute_form = utils.create_form( SetAccessRules.SetDoNotDistributeForm, request) if distribute_form.is_valid(): r = distribute_form.cleaned_data ret = hydroshare.set_access_rules(pk=res, access=r['access'], allow=r['allow']) else: return HttpResponseBadRequest('Invalid request') return HttpResponse(ret, content_type='text/plain')
def update_resource(self, pk): authorize(self.request, pk, edit=True) params = utils.create_form(ResourceCRUD.UpdateResourceForm, self.request) if params.is_valid(): r = params.cleaned_data res = hydroshare.update_resource( pk, edit_users=r['edit_users'], view_users=r['view_users'], edit_groups=r['edit_groups'], view_groups=r['view_groups'], keywords=r['keywords'], dublin_metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {}, **{ k: v for k, v in self.request.REQUEST.items() if k not in r }) return HttpResponse(res.short_id, content_type='text/plain', status='204') else: raise exceptions.ValidationError(params.errors)
def create_account(self): if not get_user(self.request).is_superuser: if settings.DEBUG or ("hydroshare.org" in self.request.META.get( 'HTTP_REFERER', '')): # fixme insecure vs spoofed header active = False else: raise exceptions.PermissionDenied( "user must be superuser to create an account") else: active = True params = utils.create_form(CreateOrListAccounts.CreateAccountForm, self.request) if params.is_valid(): r = params.cleaned_data ret = hydroshare.create_account(email=r['email'], username=r['username'], first_name=r['first_name'], last_name=r['last_name'], superuser=r['superuser'], password=r['password'], groups=r['groups'], active=active) return HttpResponse(ret, content_type='text/plain')
def get_resource_list(self): params = utils.create_form(GetResourceList.GetResourceListForm, self.request) if params.is_valid(): r = params.cleaned_data if r['dc']: r['dc'] = json.loads(r['dc']) else: r['dc'] = {} ret = [] resource_table = hydroshare.get_resource_list(**r) originator = get_user(self.request) for resources in resource_table: for r in filter( lambda x: x.public or x.view_users.filter( pk=originator.pk).exists() or x.view_groups. filter(pk__in=[g.pk for g in originator.groups.all()]), resources): ret.append(r.short_id) return json_or_jsonp(self.request, ret) else: raise exceptions.ValidationError('invalid request')
def create_resource(self): if not get_user(self.request).is_authenticated(): print self.request.user raise exceptions.PermissionDenied('user must be logged in.') params = utils.create_form(ResourceCRUD.CreateResourceForm, self.request) if params.is_valid(): r = params.cleaned_data res = hydroshare.create_resource( resource_type=r['resource_type'], owner=self.request.user, title=r['title'], edit_users=r['edit_users'], view_users=r['view_users'], edit_groups=r['edit_groups'], view_groups=r['view_groups'], keywords=r['keywords'], dublin_metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {}, files=self.request.FILES.values(), **{ k: v for k, v in self.request.REQUEST.items() if k not in r }) return HttpResponse(res.short_id, content_type='text/plain') else: raise exceptions.ValidationError(params.errors)
def set_resource_owner(self, request, pk): res, _, _ = authorize(request, pk, full=True, superuser=True) params = utils.create_form(SetResourceOwner.SetResourceOwnerForm, self.request) if params.is_valid(): r = params.cleaned_data tgt = user_from_id(r['user']) return HttpResponse(hydroshare.set_resource_owner(pk=res, user=tgt), content_type='text/plain', status='201') else: raise exceptions.ValidationError("invalid input parameters")
def set_resource_owner(self, request, pk): res, _, _ = authorize(request, pk, full=True, superuser=True) params = utils.create_form(SetResourceOwner.SetResourceOwnerForm, self.request) if params.is_valid(): r = params.cleaned_data tgt = user_from_id(r['user']) return HttpResponse( hydroshare.set_resource_owner(pk=res, user=tgt), content_type='text/plain', status='201' ) else: raise exceptions.ValidationError("invalid input parameters")
def list_groups(self): params = utils.create_form(CreateOrListGroups.ListGroupsForm, self.request) if params.is_valid(): r = params.cleaned_data res = GroupResource() bundles = [] for g in hydroshare.list_groups(r['query'], r['start'], r['count']): bundle = res.build_bundle(obj=g, request=self.request) bundles.append(res.full_dehydrate(bundle, for_list=True)) list_json = res.serialize(None, bundles, "application/json") return json_or_jsonp(self.request, list_json) else: raise exceptions.ValidationError('invalid request')
def set_access_rules(self, request, pk): res, _, _ = authorize(request, pk, full=True, superuser=True) access_rules_form = utils.create_form(SetAccessRules.SetAccessRulesForm, request) if access_rules_form.is_valid(): r = access_rules_form.cleaned_data # get the user or group by ID # try username first, then email address, then primary key if r['principalType'] == 'user': tgt = user_from_id(r['principalID']) ret = hydroshare.set_access_rules(user=tgt, pk=res, access=r['access'], allow=r['allow']) else: tgt = group_from_id(r['principalID']) ret = hydroshare.set_access_rules(group=tgt, pk=res, access=r['access'], allow=r['allow']) else: distribute_form = utils.create_form(SetAccessRules.SetDoNotDistributeForm, request) if distribute_form.is_valid(): r = distribute_form.cleaned_data ret = hydroshare.set_access_rules(pk=res, access=r['access'], allow=r['allow']) else: return HttpResponseBadRequest('Invalid request') return HttpResponse(ret, content_type='text/plain')
def create_group(self): creator = get_user(self.request) if not get_user(self.request).is_authenticated(): raise exceptions.PermissionDenied("user must be authenticated to create a group.") params = utils.create_form(CreateOrListGroups.CreateGroupForm, self.request) if params.is_valid(): r = params.cleaned_data r['owners'] = set(r['owners']) if r['owners'] else set() r['owners'].add(creator) g = hydroshare.create_group(**r) return HttpResponse(g.name, content_type='text/plain', status='201') else: raise exceptions.ValidationError('invalid request')
def create_group(self): creator = get_user(self.request) if not get_user(self.request).is_authenticated(): raise exceptions.PermissionDenied( "user must be authenticated to create a group.") params = utils.create_form(CreateOrListGroups.CreateGroupForm, self.request) if params.is_valid(): r = params.cleaned_data r['owners'] = set(r['owners']) if r['owners'] else set() r['owners'].add(creator) g = hydroshare.create_group(**r) return HttpResponse(g.name, content_type='text/plain', status='201') else: raise exceptions.ValidationError('invalid request')
def update_resource(self, pk): authorize(self.request, pk, edit=True) params = utils.create_form(ResourceCRUD.UpdateResourceForm, self.request) if params.is_valid(): r = params.cleaned_data res = hydroshare.update_resource( pk, edit_users=r['edit_users'], view_users=r['view_users'], edit_groups=r['edit_groups'], view_groups=r['view_groups'], keywords=r['keywords'], metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {}, **{k: v for k, v in self.request.REQUEST.items() if k not in r} ) return HttpResponse(res.short_id, content_type='text/plain', status='204') else: raise exceptions.ValidationError(params.errors)
def get_resource_list(self): params = utils.create_form(ResourceCRUD.GetResourceListForm, self.request) if params.is_valid(): r = params.cleaned_data if r['dc']: r['dc'] = json.loads(r['dc']) else: r['dc'] = {} ret = [] resource_table = hydroshare.get_resource_list(**r) originator = get_user(self.request) for resources in resource_table: for r in filter(lambda x: authorize(self.request, x.short_id, view=True), resources): ret.append(r.short_id) return json_or_jsonp(self.request, ret) else: raise exceptions.ValidationError(params.errors)
def get_resource_list(self): params = utils.create_form(GetResourceList.GetResourceListForm, self.request) if params.is_valid(): r = params.cleaned_data if r['dc']: r['dc'] = json.loads(r['dc']) else: r['dc'] = {} ret = [] resource_table = hydroshare.get_resource_list(**r) originator = get_user(self.request) for resources in resource_table: for r in filter(lambda x: x.public or x.view_users.filter(pk=originator.pk).exists() or x.view_groups.filter(pk__in=[g.pk for g in originator.groups.all()]), resources): ret.append(r.short_id) return json_or_jsonp(self.request, ret) else: raise exceptions.ValidationError('invalid request')
def get_resource_list(self): params = utils.create_form(ResourceCRUD.GetResourceListForm, self.request) if params.is_valid(): r = params.cleaned_data if r['dc']: r['dc'] = json.loads(r['dc']) else: r['dc'] = {} ret = [] resource_table = hydroshare.get_resource_list(**r) originator = get_user(self.request) for resources in resource_table: for r in filter( lambda x: authorize( self.request, x.short_id, view=True), resources): ret.append(r.short_id) return json_or_jsonp(self.request, ret) else: raise exceptions.ValidationError(params.errors)
def create_account(self): if not get_user(self.request).is_superuser: if settings.DEBUG or ("hydroshare.org" in self.request.META.get('HTTP_REFERER', '')): # fixme insecure vs spoofed header active=False else: raise exceptions.PermissionDenied("user must be superuser to create an account") else: active=True params = utils.create_form(CreateOrListAccounts.CreateAccountForm, self.request) if params.is_valid(): r = params.cleaned_data ret = hydroshare.create_account( email=r['email'], username=r['username'], first_name=r['first_name'], last_name=r['last_name'], superuser=r['superuser'], password=r['password'], groups=r['groups'], active=active ) return HttpResponse(ret, content_type='text/plain')
def create_resource(self): if not get_user(self.request).is_authenticated(): print self.request.user raise exceptions.PermissionDenied('user must be logged in.') params = utils.create_form(ResourceCRUD.CreateResourceForm, self.request) if params.is_valid(): r = params.cleaned_data res = hydroshare.create_resource( resource_type=r['resource_type'], owner=self.request.user, title=r['title'], edit_users=r['edit_users'], view_users=r['view_users'], edit_groups=r['edit_groups'], view_groups=r['view_groups'], keywords=r['keywords'], metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {}, files=self.request.FILES.values(), **{k: v for k, v in self.request.REQUEST.items() if k not in r} ) return HttpResponse(res.short_id, content_type='text/plain') else: raise exceptions.ValidationError(params.errors)