def set_access_rules(self, request, pk):
res, _, _ = authorize(request, pk, full=True, superuser=True)
access_rules_form = utils.create_form(
SetAccessRules.SetAccessRulesForm, request)
if access_rules_form.is_valid():
r = access_rules_form.cleaned_data
# get the user or group by ID
# try username first, then email address, then primary key
if r['principalType'] == 'user':
tgt = user_from_id(r['principalID'])
ret = hydroshare.set_access_rules(user=tgt,
pk=res,
access=r['access'],
allow=r['allow'])
else:
tgt = group_from_id(r['principalID'])
ret = hydroshare.set_access_rules(group=tgt,
pk=res,
access=r['access'],
allow=r['allow'])
else:
distribute_form = utils.create_form(
SetAccessRules.SetDoNotDistributeForm, request)
if distribute_form.is_valid():
r = distribute_form.cleaned_data
ret = hydroshare.set_access_rules(pk=res,
access=r['access'],
allow=r['allow'])
else:
return HttpResponseBadRequest('Invalid request')
return HttpResponse(ret, content_type='text/plain')
def update_resource(self, pk):
authorize(self.request, pk, edit=True)
params = utils.create_form(ResourceCRUD.UpdateResourceForm,
self.request)
if params.is_valid():
r = params.cleaned_data
res = hydroshare.update_resource(
pk,
edit_users=r['edit_users'],
view_users=r['view_users'],
edit_groups=r['edit_groups'],
view_groups=r['view_groups'],
keywords=r['keywords'],
dublin_metadata=json.loads(r['dublin_metadata'])
if r['dublin_metadata'] else {},
**{
k: v
for k, v in self.request.REQUEST.items() if k not in r
})
return HttpResponse(res.short_id,
content_type='text/plain',
status='204')
else:
raise exceptions.ValidationError(params.errors)
def create_account(self):
if not get_user(self.request).is_superuser:
if settings.DEBUG or ("hydroshare.org" in self.request.META.get(
'HTTP_REFERER', '')): # fixme insecure vs spoofed header
active = False
else:
raise exceptions.PermissionDenied(
"user must be superuser to create an account")
else:
active = True
params = utils.create_form(CreateOrListAccounts.CreateAccountForm,
self.request)
if params.is_valid():
r = params.cleaned_data
ret = hydroshare.create_account(email=r['email'],
username=r['username'],
first_name=r['first_name'],
last_name=r['last_name'],
superuser=r['superuser'],
password=r['password'],
groups=r['groups'],
active=active)
return HttpResponse(ret, content_type='text/plain')
def get_resource_list(self):
params = utils.create_form(GetResourceList.GetResourceListForm,
self.request)
if params.is_valid():
r = params.cleaned_data
if r['dc']:
r['dc'] = json.loads(r['dc'])
else:
r['dc'] = {}
ret = []
resource_table = hydroshare.get_resource_list(**r)
originator = get_user(self.request)
for resources in resource_table:
for r in filter(
lambda x: x.public or x.view_users.filter(
pk=originator.pk).exists() or x.view_groups.
filter(pk__in=[g.pk for g in originator.groups.all()]),
resources):
ret.append(r.short_id)
return json_or_jsonp(self.request, ret)
else:
raise exceptions.ValidationError('invalid request')
def create_resource(self):
if not get_user(self.request).is_authenticated():
print self.request.user
raise exceptions.PermissionDenied('user must be logged in.')
params = utils.create_form(ResourceCRUD.CreateResourceForm,
self.request)
if params.is_valid():
r = params.cleaned_data
res = hydroshare.create_resource(
resource_type=r['resource_type'],
owner=self.request.user,
title=r['title'],
edit_users=r['edit_users'],
view_users=r['view_users'],
edit_groups=r['edit_groups'],
view_groups=r['view_groups'],
keywords=r['keywords'],
dublin_metadata=json.loads(r['dublin_metadata'])
if r['dublin_metadata'] else {},
files=self.request.FILES.values(),
**{
k: v
for k, v in self.request.REQUEST.items() if k not in r
})
return HttpResponse(res.short_id, content_type='text/plain')
else:
raise exceptions.ValidationError(params.errors)
def set_resource_owner(self, request, pk):
res, _, _ = authorize(request, pk, full=True, superuser=True)
params = utils.create_form(SetResourceOwner.SetResourceOwnerForm,
self.request)
if params.is_valid():
r = params.cleaned_data
tgt = user_from_id(r['user'])
return HttpResponse(hydroshare.set_resource_owner(pk=res,
user=tgt),
content_type='text/plain',
status='201')
else:
raise exceptions.ValidationError("invalid input parameters")
def set_resource_owner(self, request, pk):
res, _, _ = authorize(request, pk, full=True, superuser=True)
params = utils.create_form(SetResourceOwner.SetResourceOwnerForm, self.request)
if params.is_valid():
r = params.cleaned_data
tgt = user_from_id(r['user'])
return HttpResponse(
hydroshare.set_resource_owner(pk=res, user=tgt),
content_type='text/plain',
status='201'
)
else:
raise exceptions.ValidationError("invalid input parameters")
def list_groups(self):
params = utils.create_form(CreateOrListGroups.ListGroupsForm, self.request)
if params.is_valid():
r = params.cleaned_data
res = GroupResource()
bundles = []
for g in hydroshare.list_groups(r['query'], r['start'], r['count']):
bundle = res.build_bundle(obj=g, request=self.request)
bundles.append(res.full_dehydrate(bundle, for_list=True))
list_json = res.serialize(None, bundles, "application/json")
return json_or_jsonp(self.request, list_json)
else:
raise exceptions.ValidationError('invalid request')
def set_access_rules(self, request, pk):
res, _, _ = authorize(request, pk, full=True, superuser=True)
access_rules_form = utils.create_form(SetAccessRules.SetAccessRulesForm, request)
if access_rules_form.is_valid():
r = access_rules_form.cleaned_data
# get the user or group by ID
# try username first, then email address, then primary key
if r['principalType'] == 'user':
tgt = user_from_id(r['principalID'])
ret = hydroshare.set_access_rules(user=tgt, pk=res, access=r['access'], allow=r['allow'])
else:
tgt = group_from_id(r['principalID'])
ret = hydroshare.set_access_rules(group=tgt, pk=res, access=r['access'], allow=r['allow'])
else:
distribute_form = utils.create_form(SetAccessRules.SetDoNotDistributeForm, request)
if distribute_form.is_valid():
r = distribute_form.cleaned_data
ret = hydroshare.set_access_rules(pk=res, access=r['access'], allow=r['allow'])
else:
return HttpResponseBadRequest('Invalid request')
return HttpResponse(ret, content_type='text/plain')
def create_group(self):
creator = get_user(self.request)
if not get_user(self.request).is_authenticated():
raise exceptions.PermissionDenied("user must be authenticated to create a group.")
params = utils.create_form(CreateOrListGroups.CreateGroupForm, self.request)
if params.is_valid():
r = params.cleaned_data
r['owners'] = set(r['owners']) if r['owners'] else set()
r['owners'].add(creator)
g = hydroshare.create_group(**r)
return HttpResponse(g.name, content_type='text/plain', status='201')
else:
raise exceptions.ValidationError('invalid request')
def list_groups(self):
params = utils.create_form(CreateOrListGroups.ListGroupsForm,
self.request)
if params.is_valid():
r = params.cleaned_data
res = GroupResource()
bundles = []
for g in hydroshare.list_groups(r['query'], r['start'],
r['count']):
bundle = res.build_bundle(obj=g, request=self.request)
bundles.append(res.full_dehydrate(bundle, for_list=True))
list_json = res.serialize(None, bundles, "application/json")
return json_or_jsonp(self.request, list_json)
else:
raise exceptions.ValidationError('invalid request')
def create_group(self):
creator = get_user(self.request)
if not get_user(self.request).is_authenticated():
raise exceptions.PermissionDenied(
"user must be authenticated to create a group.")
params = utils.create_form(CreateOrListGroups.CreateGroupForm,
self.request)
if params.is_valid():
r = params.cleaned_data
r['owners'] = set(r['owners']) if r['owners'] else set()
r['owners'].add(creator)
g = hydroshare.create_group(**r)
return HttpResponse(g.name,
content_type='text/plain',
status='201')
else:
raise exceptions.ValidationError('invalid request')
def update_resource(self, pk):
authorize(self.request, pk, edit=True)
params = utils.create_form(ResourceCRUD.UpdateResourceForm, self.request)
if params.is_valid():
r = params.cleaned_data
res = hydroshare.update_resource(
pk,
edit_users=r['edit_users'],
view_users=r['view_users'],
edit_groups=r['edit_groups'],
view_groups=r['view_groups'],
keywords=r['keywords'],
metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {},
**{k: v for k, v in self.request.REQUEST.items() if k not in r}
)
return HttpResponse(res.short_id, content_type='text/plain', status='204')
else:
raise exceptions.ValidationError(params.errors)
def get_resource_list(self):
params = utils.create_form(ResourceCRUD.GetResourceListForm, self.request)
if params.is_valid():
r = params.cleaned_data
if r['dc']:
r['dc'] = json.loads(r['dc'])
else:
r['dc'] = {}
ret = []
resource_table = hydroshare.get_resource_list(**r)
originator = get_user(self.request)
for resources in resource_table:
for r in filter(lambda x: authorize(self.request, x.short_id, view=True), resources):
ret.append(r.short_id)
return json_or_jsonp(self.request, ret)
else:
raise exceptions.ValidationError(params.errors)
def get_resource_list(self):
params = utils.create_form(GetResourceList.GetResourceListForm, self.request)
if params.is_valid():
r = params.cleaned_data
if r['dc']:
r['dc'] = json.loads(r['dc'])
else:
r['dc'] = {}
ret = []
resource_table = hydroshare.get_resource_list(**r)
originator = get_user(self.request)
for resources in resource_table:
for r in filter(lambda x:
x.public or
x.view_users.filter(pk=originator.pk).exists() or
x.view_groups.filter(pk__in=[g.pk for g in originator.groups.all()]), resources):
ret.append(r.short_id)
return json_or_jsonp(self.request, ret)
else:
raise exceptions.ValidationError('invalid request')
def get_resource_list(self):
params = utils.create_form(ResourceCRUD.GetResourceListForm,
self.request)
if params.is_valid():
r = params.cleaned_data
if r['dc']:
r['dc'] = json.loads(r['dc'])
else:
r['dc'] = {}
ret = []
resource_table = hydroshare.get_resource_list(**r)
originator = get_user(self.request)
for resources in resource_table:
for r in filter(
lambda x: authorize(
self.request, x.short_id, view=True), resources):
ret.append(r.short_id)
return json_or_jsonp(self.request, ret)
else:
raise exceptions.ValidationError(params.errors)
def create_account(self):
if not get_user(self.request).is_superuser:
if settings.DEBUG or ("hydroshare.org" in self.request.META.get('HTTP_REFERER', '')): # fixme insecure vs spoofed header
active=False
else:
raise exceptions.PermissionDenied("user must be superuser to create an account")
else:
active=True
params = utils.create_form(CreateOrListAccounts.CreateAccountForm, self.request)
if params.is_valid():
r = params.cleaned_data
ret = hydroshare.create_account(
email=r['email'],
username=r['username'],
first_name=r['first_name'],
last_name=r['last_name'],
superuser=r['superuser'],
password=r['password'],
groups=r['groups'],
active=active
)
return HttpResponse(ret, content_type='text/plain')
def create_resource(self):
if not get_user(self.request).is_authenticated():
print self.request.user
raise exceptions.PermissionDenied('user must be logged in.')
params = utils.create_form(ResourceCRUD.CreateResourceForm, self.request)
if params.is_valid():
r = params.cleaned_data
res = hydroshare.create_resource(
resource_type=r['resource_type'],
owner=self.request.user,
title=r['title'],
edit_users=r['edit_users'],
view_users=r['view_users'],
edit_groups=r['edit_groups'],
view_groups=r['view_groups'],
keywords=r['keywords'],
metadata=json.loads(r['dublin_metadata']) if r['dublin_metadata'] else {},
files=self.request.FILES.values(),
**{k: v for k, v in self.request.REQUEST.items() if k not in r}
)
return HttpResponse(res.short_id, content_type='text/plain')
else:
raise exceptions.ValidationError(params.errors)
