def post_files(self, granted, args, files): applicant = granted.applicant statement = files['statement'] cid = int(args['comp']) cts = applicant.getComponentTypeById(cid) if len(cts) == 0: return logWith404(logger, 'no component type by id = %s' % cid, level='error') ct = cts[0] try: save_file(statement, get_statement_filename(applicant, ct)) except FileUploadException as e: msg = str(e) logger.info('submit-statement FileUploadException: %s' % msg) return bcap.bcapResponse({'error' : msg}) except Exception as e: return logWith404(logger, 'save_file exception: %s' % e) components = applicant.getComponentByType(ct) if len(components) > 0: component = components[0] else: component = Component(applicant=applicant, type=ct, value='',\ department=applicant.department) component.lastSubmitted = int(time.time()) component.value = statement.size component.save() app_info = applicant.cached_json() resp = {'component' : ct.name, 'app' : app_info} return bcap.bcapResponse(resp)
def post_files(self, granted, args, files): reference = granted.reference letter = files['letter'] filename = 'letter-%d-%d' % (reference.applicant.id, reference.id) try: save_file(letter, 'letter-%d-%d' % (reference.applicant.id, reference.id)) except FileUploadException as e: msg = str(e) logger.info('submit-reference FileUploadException: %s' % msg) return bcap.bcapResponse({'error' : msg}) except Exception as e: return logWith404(logger, 'save_file exception: %s' % e) reference.submitted = int(time.time()) reference.filename = filename reference.filesize = len(letter) reference.save() sendReferenceConfirmation(reference) resp = reference.to_json() resp['appname'] = reference.applicant.to_json() return bcap.bcapResponse(resp)
def post(self, grantable, args): name = args['name'] shortform = args['shortform'] maxval = args['maxval'] minval = args['minval'] sc = ScoreCategory(department=grantable.department, name=name, \ shortform=shortform) try: sc.save() except IntegrityError: resp = {'success' : False, 'message' : 'category already exists'} return bcap.bcapResponse(resp) value_range = range(int(minval), int(maxval) + 1) for x in value_range: sv = ScoreValue(category=sc, department=grantable.department, explanation='',\ number=x) try: sv.save() except IntegrityError: resp = {'success' : False, 'message' : "couldn't create score value: " + str(x)} return bcap.bcapResponse(resp) resp = {\ "success" : True,\ "name" : name,\ "shortform" : shortform,\ "maxval" : maxval,\ "minval" : minval,\ "values" : [{'number' : v, 'explanation' : ''} for v in value_range]\ } return bcap.bcapResponse(resp)
def get(self, granted): pair = granted.apprevpair drafts = pair.get_reviews(draft=True) if len(drafts) == 0: return bcap.bcapResponse(False) draft = drafts[0] return bcap.bcapResponse(draft.to_json())
def check_login(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) response = {} if not ('session' in request.COOKIES): response['loggedIn'] = False return bcap.bcapResponse(response) if not (args.has_key('sessionID')): return logWith404(logger, "check_login: request didn't pass sessionID arg") session_id = request.COOKIES['session'] req_session_id = args['sessionID'] if req_session_id != session_id: return logWith404(logger, "check_login: request session_id %s didn't match cookie\ session_id %s" % (req_session_id, session_id)) sessions = BelaySession.objects.filter(session_id=session_id) if len(sessions) > 1: return logWith404(logger, "check_login: fatal error, duplicate BelaySessions", level='error') response['loggedIn'] = (len(sessions) > 0) return bcap.bcapResponse(response)
def plt_login(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) if not args.has_key('username'): return logWith404(logger, 'plt_login: post data missing username') if not args.has_key('password'): return logWith404(logger, 'plt_login: post data missing password') username = args['username'] rawpassword = args['password'] credentials = PltCredentials.objects.filter(username=username) if len(credentials) > 1: return logWith404(logger, 'plt_login: fatal error: duplicate credentials', level='error') if len(credentials) == 0: return bcap.bcapResponse({'loggedIn' : False}) c = credentials[0] hashed_password = get_hashed(rawpassword, c.salt) if hashed_password != c.hashed_password: return bcap.bcapResponse({'loggedIn' : False}) session_id = str(uuid.uuid4()) session = BelaySession(session_id=session_id, account=c.account) session.save() response = { 'station': bcap.Capability(c.account.station_url), 'makeStash': bcap.regrant('make-stash', c.account) } return bcap.bcapResponse(response)
def post(self, grantable, args): sv = grantable.scorevalue sv.explanation = args['explanation'] try: sv.save() except IntegrityError: resp = {'success' : False, 'message' : 'invalid arguments'} return bcap.bcapResponse(resp) resp = {'success' : True} return bcap.bcapResponse(resp)
def post(self, grantable, args): email = args['email'] name = args['name'] role = args['role'] dept = grantable.department uu = UnverifiedUser(email=email, name=name, role=role, department=dept) try: uu.save() except: resp = {'success' : False, 'message' : 'failed to create UnverifiedUser'} return bcap.bcapResponse(resp) create_belay = bcap.Capability(settings.BELAY_CREATE) response = create_belay.post(bcap.dataPreProcess({'email': args['email']})) logger.error('Successfully got response for account creation: %s' % response) create_cap = response['create'] ub = UnverifiedBelayAccount(uu=uu, create=create_cap.serialize()) ub.save() if role == 'admin': create_cap = bcap.grant('get-admin-email-and-create', uu) elif role == 'reviewer': create_cap = bcap.grant('get-reviewer-email-and-create', uu) else: return logWith404(logger, 'UnverifiedUserAddRevHandler: role type not allowed: %s' % role) activate_url = '%s/new-account/#%s' % \ (bcap.this_server_url_prefix(), create_cap.serialize()) return_url = bcap.this_server_url_prefix() emailstr = u"""Dear %s, A new Resume account is being created for you. To activate it, visit: %s To regain access your account once it has been created, visit: %s """ emailstr = emailstr % (name, activate_url, return_url) fromaddr = fromAddr(dept) emailResponse = sendLogEmail('[Resume] New Account', emailstr, email, fromaddr) if emailResponse: return emailResponse resp = {\ 'success' : True,\ 'email' : email,\ 'name' : name,\ 'role' : role,\ } return bcap.bcapResponse(resp)
def post(self, grantable, args): dept = grantable.department dept.contactName = args['contactName'] dept.contactEmail = args['contactEmail'] dept.techEmail = args['techEmail'] try: dept.save() except IntegrityError: resp = {'success' : False, 'message' : 'invalid arguments'} return bcap.bcapResponse(resp) resp = {'success' : True} return bcap.bcapResponse(resp)
def post(self, grantable, args): response = self.checkPostArgs(args) if response != 'OK': return response refs = grantable.department.findRefs(args['email']) return bcap.bcapResponse(refs)
def request_plt_account_silent(request): """Allows requests only from those listed in settings.REQUESTING_DOMAINS Currently, used by Resume as a trusted channel to ask for new accounts so that service isn't exposed to arbitrary clients, and can be controlled through emails sent from Resume""" logger.error('Reached request_account') def request_allowed(): return request.META['REMOTE_ADDR'] in settings.REQUESTING_DOMAINS if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) logger.error('Belay: got account request: %s' % args) logger.error('Request is from: %s' % request.META['REMOTE_ADDR']) if not request_allowed(): return logWith404(logger, 'request_silent: bad request %s' %\ request.META['REMOTE_ADDR']) pa = PendingAccount(email = args['email']) pa.save() create_cap = bcap.grant('create-account', pa) logger.error('Belay: successful create: %s' % create_cap.serialize()) return bcap.bcapResponse({'create': create_cap})
def post(self, grantable, args): sc = grantable.scorecategory sc.name = args['name'] sc.shortform = args['shortform'] try: sc.save() except IntegrityError: resp = {'success' : False, 'message' : 'invalid arguments'} return bcap.bcapResponse(resp) resp = {\ 'success' : True,\ 'name' : sc.name,\ 'shortform' : sc.shortform,\ } return bcap.bcapResponse(resp)
def post(self, granted, args): response = self.checkPostArgs(args) if response != 'OK': return response email = args['email'] name = args['name'] institution = args['institution'] applicant = granted.applicant found = applicant.getReferencesOfEmail(email) if len(found) > 0: return self.exceptionResponse('You have already asked this person to write you a letter. If you wish to contact this person, please do so outside the Resume system.') if name == '': return self.exceptionResponse('No name was provided, please provide a name for the letter writer') if email == '': return self.exceptionResponse('No email was provided, please provide an email for the reference request') ref = Reference(applicant=applicant, submitted=0, filesize=0,\ name=name, institution=institution, email=email,\ department=applicant.department) ref.save() if applicant.position.autoemail: sendResponse = sendReferenceRequest(applicant, ref) if 'error' in sendResponse: return sendResponse['error'] resp = ref.to_json() resp['reminder'] = bcap.regrant('remind-reference', ref) return bcap.bcapResponse(resp)
def get(self, granted): dept = granted.department positions = dept.getPositions() caps = {} for p in positions: caps[p.name] = bcap.grant('add-applicant-with-position', p) return bcap.bcapResponse(caps)
def get(self, granted): department = granted.reviewer.auth.department return bcap.bcapResponse({ 'getBasic': bcap.regrant('get-basic', department), 'getReviewer': bcap.regrant('get-reviewer', granted), 'getApplicants': bcap.regrant('get-applicants', granted) })
def check_uname(request): if request.method != 'POST': return HttpResponseNotAllowed(['POST']) args = bcap.dataPostProcess(request.read()) uname = args['username'] available = not unameExists(uname) return bcap.bcapResponse({ "available" : available })
def post(self, grantable, args): username = grantable.pendingaccount.email rawpassword = args['password'] if len(username) > 200: return logWith404(logger, 'create_plt_account: bad username') if len(rawpassword) < 8: return logWith404(logger, 'create_plt_account: bad password') salt = str(uuid.uuid4()) hashed_password = get_hashed(rawpassword, salt) station_cap = newStationCap() account = BelayAccount(station_url=station_cap.serialize()) account.save() credentials = PltCredentials(username=username, \ salt=salt, \ hashed_password=hashed_password, \ account=account) credentials.save() session_id = str(uuid.uuid4()) session = BelaySession(session_id=session_id, account=account) session.save() grantable.pendingaccount.delete() response = { 'station': station_cap, 'makeStash': bcap.regrant('make-stash', account) } return bcap.bcapResponse(response)
def post(self, grantable, args): reviewer = grantable.reviewer applicant_json = [] for applicant in reviewer.getApplicants(): pairs = applicant.getPairsOfReviewer(reviewer) if len(pairs) > 0: pair = pairs[0] else: pair = AppRevPair(applicant=applicant, reviewer=reviewer) pair.save() a_json = applicant.cached_json() launchCap = bcap.cachegrant('launch-app-review', pair) a_json['launchURL'] = '%s/appreview/#%s' % \ (bcap.this_server_url_prefix(), launchCap.serialize()) components = applicant.get_component_objects() component_caps = dict(\ [(c.type.id, bcap.cachegrant('get-statement', c))\ for c in components if c.type.type == 'statement']) a_json['components'] = component_caps references = applicant.getReferencesModel() refjson = [] for r in references: rjson = r.to_json() rjson['getLetter'] = bcap.cachegrant('get-letter', r) refjson.append(rjson) a_json['refletters'] = refjson applicant_json.append(a_json) a_json['getCombined'] = bcap.cachegrant('get-combined', applicant) if reviewer.auth.role == 'head-reviewer': a_json['reject'] = bcap.cachegrant('reject-applicant', applicant) return bcap.bcapResponse({ 'changed': True, 'lastChange': reviewer.getLastChange(), 'value': applicant_json })
def get(self, granted): basic_info = granted.department.getBasic() all_svals = granted.department.all_score_values() response_areas = [\ {'name' : a.name,\ 'id' : a.id,\ 'abbr' : a.abbr,\ 'del' : bcap.grant('area-delete', a)\ } for a in granted.department.my(Area)] basic_info['areas'] = response_areas basic_info['svcs'] = dict([(sv.id, sv.category.to_json()) for sv in all_svals]) response_scores = [\ {'name' : s.name,\ 'shortform' : s.shortform,\ 'values' : [\ {'id' : v.id,\ 'number' : v.number,\ 'explanation' : v.explanation,\ 'change' : bcap.grant('scorevalue-change', v)} for v in s.getValues()],\ 'del' : bcap.grant('scorecategory-delete', s),\ 'id' : s.id,\ 'change' : bcap.grant('scorecategory-change', s)\ } for s in granted.department.my(ScoreCategory)] basic_info['scores'] = response_scores basic_info['svnum'] = dict([(s.id, s.number) for s in all_svals]) basic_info['contact'] = granted.department.shortname return bcap.bcapResponse(basic_info)
def post(self, station, args): domain = args['domain'] url = args['url'] private_data = bcap.dataPreProcess(args['private_data']) public_data = bcap.dataPreProcess(args['public_data']) try: launch_info = LaunchInfo(domain=domain, \ url=url, \ private_data=private_data, \ public_data=public_data) launch_info.save() except Exception as e: logger.error("Exception: %s" % e) logger.error("PD: %s, PUD: %s" % (private_data, public_data)) instance_uuid = uuid.uuid4() instance_id = str(instance_uuid) logger.error("iid: %s" % instance_id) instance = Relationship(station=station, \ instance_id =instance_id, \ launch_info = launch_info) instance.save() return bcap.bcapResponse(bcap.grant('instance', instance))
def get(self, granted): pair = granted.apprevpair applicant = pair.applicant components = applicant.get_component_objects() component_caps = dict(\ [(c.type.id, bcap.grant('get-statement', c))\ for c in components if c.type.type == 'statement']) resp = {\ 'getBasic' : bcap.cachegrant('get-basic', applicant.department),\ 'getApplicant' : bcap.cachegrant('apprev-get-applicant', pair),\ 'getReviewers' : bcap.cachegrant('appreview-get-reviewers', applicant),\ 'getReview' : bcap.cachegrant('get-review', pair),\ 'setAreas' : bcap.cachegrant('set-areas', applicant),\ # setGender/Ethnicity mapped to changeApplicant 'changeApplicant' : bcap.cachegrant('change-applicant', applicant),\ 'setPosition' : bcap.cachegrant('set-position', applicant),\ 'componentCaps' : component_caps,\ 'getCombined' : bcap.cachegrant('get-combined', applicant),\ 'uploadMaterial' : bcap.cachegrant('upload-material', applicant),\ 'revertReview' : bcap.cachegrant('revert-review', pair),\ 'submitReview' : bcap.cachegrant('submit-review', pair),\ 'getHighlightStatus' : bcap.cachegrant('get-highlight-status', pair),\ 'unhighlightApplicant' : bcap.cachegrant('unhighlight-applicant', pair),\ 'rejectApplicant' : bcap.cachegrant('reject-applicant', applicant),\ 'hideApplicant' : bcap.cachegrant('hide-applicant', pair),\ } return bcap.bcapResponse(resp)
def post(self, granted, args): unverified_user = granted.unverifieduser if granted is None: return HttpResponseNotFound() auth_info = AuthInfo( email=unverified_user.email, \ name=unverified_user.name, \ role='reviewer', \ department=unverified_user.department) auth_info.save() reviewer = Reviewer(auth=auth_info, department=unverified_user.department) reviewer.save() # Remove the unverified_user---this is a one-shot request unverified_user.delete() # This is the capability to put in launch_info launch = bcap.grant('launch-reviewer', reviewer) return bcap.bcapResponse({ 'public_data': 'Reviewer account for %s' % auth_info.name, 'private_data': launch, 'domain': bcap.this_server_url_prefix(), 'url': '/review' })
def post(self, granted, args): if granted is None: return HttpResponseNotFound() ua = granted.unverifiedapplicant auth_info = AuthInfo( email=ua.email, \ # TODO(matt): fix or remove name from AuthInfo? name='',\ role='applicant', \ department=ua.department) auth_info.save() applicant = Applicant(\ auth = auth_info,\ firstname='',\ lastname='',\ country='',\ department=ua.department,\ position=ua.position\ ) applicant.save() ua.delete() launch = bcap.grant('launch-applicant', applicant) return bcap.bcapResponse({ 'public_data': 'Edit application for %s' % ua.email, 'private_data': launch, 'domain': bcap.this_server_url_prefix(), 'url': '/applicant/' })
def get(self, granted): applicant = granted.applicant return bcap.bcapResponse({ 'public_data' : 'Applicant review page for %s' % applicant.fullname(), 'private_data' : bcap.regrant('launch-app-review', applicant), 'domain': bcap.this_server_url_prefix(), 'url' : '/appreview', })
def post(self, granted, args): applicant = granted.applicant if args['reject'] == 'yes': applicant.rejected = True elif args['reject'] == 'no': applicant.rejected = False applicant.save() return bcap.bcapResponse(applicant.cached_json())
def post(self, granted, args): pair = granted.apprevpair highlights = pair.get_highlights() if len(highlights) == 0: h = Highlight(department=pair.applicant.department,\ applicant=pair.applicant, highlightee=pair.reviewer) h.save() return bcap.bcapResponse(pair.applicant.cached_json())
def post(self, granted, args): pair = granted.apprevpair drafts = pair.get_reviews(True) subs = pair.get_reviews(False) if len(drafts) > 0 and len(subs) > 0: draft = drafts[0] sub = subs[0] draft.destroy_scores() draft.transfer_scores_from(sub) draft.comments = sub.comments draft.advocate = sub.advocate draft.save() return bcap.bcapResponse(draft.to_json()) if len(drafts) > 0: draft = drafts[0] draft.delete() return bcap.bcapResponse('false')
def post(self, granted, args): applicant = granted.applicant if args.has_key('gender'): applicant.gender = args['gender'] if args.has_key('ethnicity'): applicant.ethnicity = args['ethnicity'] applicant.save() return bcap.bcapResponse(applicant.cached_json())
def post(self, grantable, args): reviewer = grantable.reviewer applicant_json = [a.to_json() for a in reviewer.getApplicants()] return bcap.bcapResponse({ 'changed': True, 'lastChange': reviewer.getLastChange(), 'value': applicant_json })
def get(self, granted): ua = granted.unverifiedapplicant email = ua.email create_cap = bcap.regrant('add-verified-applicant', ua) return bcap.bcapResponse({ 'email': email, 'create': create_cap, })