def post_files(self, granted, args, files):
applicant = granted.applicant
statement = files['statement']
cid = int(args['comp'])
cts = applicant.getComponentTypeById(cid)
if len(cts) == 0:
return logWith404(logger, 'no component type by id = %s' % cid, level='error')
ct = cts[0]
try:
save_file(statement, get_statement_filename(applicant, ct))
except FileUploadException as e:
msg = str(e)
logger.info('submit-statement FileUploadException: %s' % msg)
return bcap.bcapResponse({'error' : msg})
except Exception as e:
return logWith404(logger, 'save_file exception: %s' % e)
components = applicant.getComponentByType(ct)
if len(components) > 0:
component = components[0]
else:
component = Component(applicant=applicant, type=ct, value='',\
department=applicant.department)
component.lastSubmitted = int(time.time())
component.value = statement.size
component.save()
app_info = applicant.cached_json()
resp = {'component' : ct.name, 'app' : app_info}
return bcap.bcapResponse(resp)
def post_files(self, granted, args, files):
reference = granted.reference
letter = files['letter']
filename = 'letter-%d-%d' % (reference.applicant.id, reference.id)
try:
save_file(letter, 'letter-%d-%d' % (reference.applicant.id, reference.id))
except FileUploadException as e:
msg = str(e)
logger.info('submit-reference FileUploadException: %s' % msg)
return bcap.bcapResponse({'error' : msg})
except Exception as e:
return logWith404(logger, 'save_file exception: %s' % e)
reference.submitted = int(time.time())
reference.filename = filename
reference.filesize = len(letter)
reference.save()
sendReferenceConfirmation(reference)
resp = reference.to_json()
resp['appname'] = reference.applicant.to_json()
return bcap.bcapResponse(resp)
def post(self, grantable, args):
name = args['name']
shortform = args['shortform']
maxval = args['maxval']
minval = args['minval']
sc = ScoreCategory(department=grantable.department, name=name, \
shortform=shortform)
try:
sc.save()
except IntegrityError:
resp = {'success' : False, 'message' : 'category already exists'}
return bcap.bcapResponse(resp)
value_range = range(int(minval), int(maxval) + 1)
for x in value_range:
sv = ScoreValue(category=sc, department=grantable.department, explanation='',\
number=x)
try:
sv.save()
except IntegrityError:
resp = {'success' : False, 'message' : "couldn't create score value: " + str(x)}
return bcap.bcapResponse(resp)
resp = {\
"success" : True,\
"name" : name,\
"shortform" : shortform,\
"maxval" : maxval,\
"minval" : minval,\
"values" : [{'number' : v, 'explanation' : ''} for v in value_range]\
}
return bcap.bcapResponse(resp)
def get(self, granted):
pair = granted.apprevpair
drafts = pair.get_reviews(draft=True)
if len(drafts) == 0:
return bcap.bcapResponse(False)
draft = drafts[0]
return bcap.bcapResponse(draft.to_json())
def check_login(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
response = {}
if not ('session' in request.COOKIES):
response['loggedIn'] = False
return bcap.bcapResponse(response)
if not (args.has_key('sessionID')):
return logWith404(logger, "check_login: request didn't pass sessionID arg")
session_id = request.COOKIES['session']
req_session_id = args['sessionID']
if req_session_id != session_id:
return logWith404(logger, "check_login: request session_id %s didn't match cookie\
session_id %s" % (req_session_id, session_id))
sessions = BelaySession.objects.filter(session_id=session_id)
if len(sessions) > 1:
return logWith404(logger, "check_login: fatal error, duplicate BelaySessions", level='error')
response['loggedIn'] = (len(sessions) > 0)
return bcap.bcapResponse(response)
def plt_login(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
if not args.has_key('username'):
return logWith404(logger, 'plt_login: post data missing username')
if not args.has_key('password'):
return logWith404(logger, 'plt_login: post data missing password')
username = args['username']
rawpassword = args['password']
credentials = PltCredentials.objects.filter(username=username)
if len(credentials) > 1:
return logWith404(logger, 'plt_login: fatal error: duplicate credentials', level='error')
if len(credentials) == 0:
return bcap.bcapResponse({'loggedIn' : False})
c = credentials[0]
hashed_password = get_hashed(rawpassword, c.salt)
if hashed_password != c.hashed_password:
return bcap.bcapResponse({'loggedIn' : False})
session_id = str(uuid.uuid4())
session = BelaySession(session_id=session_id, account=c.account)
session.save()
response = {
'station': bcap.Capability(c.account.station_url),
'makeStash': bcap.regrant('make-stash', c.account)
}
return bcap.bcapResponse(response)
def post(self, grantable, args):
sv = grantable.scorevalue
sv.explanation = args['explanation']
try:
sv.save()
except IntegrityError:
resp = {'success' : False, 'message' : 'invalid arguments'}
return bcap.bcapResponse(resp)
resp = {'success' : True}
return bcap.bcapResponse(resp)
def post(self, grantable, args):
email = args['email']
name = args['name']
role = args['role']
dept = grantable.department
uu = UnverifiedUser(email=email, name=name, role=role, department=dept)
try:
uu.save()
except:
resp = {'success' : False, 'message' : 'failed to create UnverifiedUser'}
return bcap.bcapResponse(resp)
create_belay = bcap.Capability(settings.BELAY_CREATE)
response = create_belay.post(bcap.dataPreProcess({'email': args['email']}))
logger.error('Successfully got response for account creation: %s' % response)
create_cap = response['create']
ub = UnverifiedBelayAccount(uu=uu, create=create_cap.serialize())
ub.save()
if role == 'admin': create_cap = bcap.grant('get-admin-email-and-create', uu)
elif role == 'reviewer': create_cap = bcap.grant('get-reviewer-email-and-create', uu)
else: return logWith404(logger, 'UnverifiedUserAddRevHandler: role type not allowed: %s' % role)
activate_url = '%s/new-account/#%s' % \
(bcap.this_server_url_prefix(), create_cap.serialize())
return_url = bcap.this_server_url_prefix()
emailstr = u"""Dear %s,
A new Resume account is being created for you. To activate it, visit:
%s
To regain access your account once it has been created, visit:
%s
"""
emailstr = emailstr % (name, activate_url, return_url)
fromaddr = fromAddr(dept)
emailResponse = sendLogEmail('[Resume] New Account', emailstr, email, fromaddr)
if emailResponse: return emailResponse
resp = {\
'success' : True,\
'email' : email,\
'name' : name,\
'role' : role,\
}
return bcap.bcapResponse(resp)
def post(self, grantable, args):
dept = grantable.department
dept.contactName = args['contactName']
dept.contactEmail = args['contactEmail']
dept.techEmail = args['techEmail']
try:
dept.save()
except IntegrityError:
resp = {'success' : False, 'message' : 'invalid arguments'}
return bcap.bcapResponse(resp)
resp = {'success' : True}
return bcap.bcapResponse(resp)
def post(self, grantable, args):
response = self.checkPostArgs(args)
if response != 'OK':
return response
refs = grantable.department.findRefs(args['email'])
return bcap.bcapResponse(refs)
def request_plt_account_silent(request):
"""Allows requests only from those listed in settings.REQUESTING_DOMAINS
Currently, used by Resume as a trusted channel to ask for new accounts
so that service isn't exposed to arbitrary clients, and can be controlled
through emails sent from Resume"""
logger.error('Reached request_account')
def request_allowed():
return request.META['REMOTE_ADDR'] in settings.REQUESTING_DOMAINS
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
logger.error('Belay: got account request: %s' % args)
logger.error('Request is from: %s' % request.META['REMOTE_ADDR'])
if not request_allowed():
return logWith404(logger, 'request_silent: bad request %s' %\
request.META['REMOTE_ADDR'])
pa = PendingAccount(email = args['email'])
pa.save()
create_cap = bcap.grant('create-account', pa)
logger.error('Belay: successful create: %s' % create_cap.serialize())
return bcap.bcapResponse({'create': create_cap})
def post(self, grantable, args):
sc = grantable.scorecategory
sc.name = args['name']
sc.shortform = args['shortform']
try:
sc.save()
except IntegrityError:
resp = {'success' : False, 'message' : 'invalid arguments'}
return bcap.bcapResponse(resp)
resp = {\
'success' : True,\
'name' : sc.name,\
'shortform' : sc.shortform,\
}
return bcap.bcapResponse(resp)
def post(self, granted, args):
response = self.checkPostArgs(args)
if response != 'OK':
return response
email = args['email']
name = args['name']
institution = args['institution']
applicant = granted.applicant
found = applicant.getReferencesOfEmail(email)
if len(found) > 0:
return self.exceptionResponse('You have already asked this person to write you a letter. If you wish to contact this person, please do so outside the Resume system.')
if name == '':
return self.exceptionResponse('No name was provided, please provide a name for the letter writer')
if email == '':
return self.exceptionResponse('No email was provided, please provide an email for the reference request')
ref = Reference(applicant=applicant, submitted=0, filesize=0,\
name=name, institution=institution, email=email,\
department=applicant.department)
ref.save()
if applicant.position.autoemail:
sendResponse = sendReferenceRequest(applicant, ref)
if 'error' in sendResponse:
return sendResponse['error']
resp = ref.to_json()
resp['reminder'] = bcap.regrant('remind-reference', ref)
return bcap.bcapResponse(resp)
def get(self, granted):
dept = granted.department
positions = dept.getPositions()
caps = {}
for p in positions:
caps[p.name] = bcap.grant('add-applicant-with-position', p)
return bcap.bcapResponse(caps)
def get(self, granted):
department = granted.reviewer.auth.department
return bcap.bcapResponse({
'getBasic': bcap.regrant('get-basic', department),
'getReviewer': bcap.regrant('get-reviewer', granted),
'getApplicants': bcap.regrant('get-applicants', granted)
})
def check_uname(request):
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
args = bcap.dataPostProcess(request.read())
uname = args['username']
available = not unameExists(uname)
return bcap.bcapResponse({ "available" : available })
def post(self, grantable, args):
username = grantable.pendingaccount.email
rawpassword = args['password']
if len(username) > 200:
return logWith404(logger, 'create_plt_account: bad username')
if len(rawpassword) < 8:
return logWith404(logger, 'create_plt_account: bad password')
salt = str(uuid.uuid4())
hashed_password = get_hashed(rawpassword, salt)
station_cap = newStationCap()
account = BelayAccount(station_url=station_cap.serialize())
account.save()
credentials = PltCredentials(username=username, \
salt=salt, \
hashed_password=hashed_password, \
account=account)
credentials.save()
session_id = str(uuid.uuid4())
session = BelaySession(session_id=session_id, account=account)
session.save()
grantable.pendingaccount.delete()
response = {
'station': station_cap,
'makeStash': bcap.regrant('make-stash', account)
}
return bcap.bcapResponse(response)
def post(self, grantable, args):
reviewer = grantable.reviewer
applicant_json = []
for applicant in reviewer.getApplicants():
pairs = applicant.getPairsOfReviewer(reviewer)
if len(pairs) > 0:
pair = pairs[0]
else:
pair = AppRevPair(applicant=applicant, reviewer=reviewer)
pair.save()
a_json = applicant.cached_json()
launchCap = bcap.cachegrant('launch-app-review', pair)
a_json['launchURL'] = '%s/appreview/#%s' % \
(bcap.this_server_url_prefix(), launchCap.serialize())
components = applicant.get_component_objects()
component_caps = dict(\
[(c.type.id, bcap.cachegrant('get-statement', c))\
for c in components if c.type.type == 'statement'])
a_json['components'] = component_caps
references = applicant.getReferencesModel()
refjson = []
for r in references:
rjson = r.to_json()
rjson['getLetter'] = bcap.cachegrant('get-letter', r)
refjson.append(rjson)
a_json['refletters'] = refjson
applicant_json.append(a_json)
a_json['getCombined'] = bcap.cachegrant('get-combined', applicant)
if reviewer.auth.role == 'head-reviewer':
a_json['reject'] = bcap.cachegrant('reject-applicant', applicant)
return bcap.bcapResponse({
'changed': True,
'lastChange': reviewer.getLastChange(),
'value': applicant_json
})
def get(self, granted):
basic_info = granted.department.getBasic()
all_svals = granted.department.all_score_values()
response_areas = [\
{'name' : a.name,\
'id' : a.id,\
'abbr' : a.abbr,\
'del' : bcap.grant('area-delete', a)\
} for a in granted.department.my(Area)]
basic_info['areas'] = response_areas
basic_info['svcs'] = dict([(sv.id, sv.category.to_json()) for sv in all_svals])
response_scores = [\
{'name' : s.name,\
'shortform' : s.shortform,\
'values' : [\
{'id' : v.id,\
'number' : v.number,\
'explanation' : v.explanation,\
'change' : bcap.grant('scorevalue-change', v)} for v in s.getValues()],\
'del' : bcap.grant('scorecategory-delete', s),\
'id' : s.id,\
'change' : bcap.grant('scorecategory-change', s)\
} for s in granted.department.my(ScoreCategory)]
basic_info['scores'] = response_scores
basic_info['svnum'] = dict([(s.id, s.number) for s in all_svals])
basic_info['contact'] = granted.department.shortname
return bcap.bcapResponse(basic_info)
def post(self, station, args):
domain = args['domain']
url = args['url']
private_data = bcap.dataPreProcess(args['private_data'])
public_data = bcap.dataPreProcess(args['public_data'])
try:
launch_info = LaunchInfo(domain=domain, \
url=url, \
private_data=private_data, \
public_data=public_data)
launch_info.save()
except Exception as e:
logger.error("Exception: %s" % e)
logger.error("PD: %s, PUD: %s" % (private_data, public_data))
instance_uuid = uuid.uuid4()
instance_id = str(instance_uuid)
logger.error("iid: %s" % instance_id)
instance = Relationship(station=station, \
instance_id =instance_id, \
launch_info = launch_info)
instance.save()
return bcap.bcapResponse(bcap.grant('instance', instance))
def get(self, granted):
pair = granted.apprevpair
applicant = pair.applicant
components = applicant.get_component_objects()
component_caps = dict(\
[(c.type.id, bcap.grant('get-statement', c))\
for c in components if c.type.type == 'statement'])
resp = {\
'getBasic' : bcap.cachegrant('get-basic', applicant.department),\
'getApplicant' : bcap.cachegrant('apprev-get-applicant', pair),\
'getReviewers' : bcap.cachegrant('appreview-get-reviewers', applicant),\
'getReview' : bcap.cachegrant('get-review', pair),\
'setAreas' : bcap.cachegrant('set-areas', applicant),\
# setGender/Ethnicity mapped to changeApplicant
'changeApplicant' : bcap.cachegrant('change-applicant', applicant),\
'setPosition' : bcap.cachegrant('set-position', applicant),\
'componentCaps' : component_caps,\
'getCombined' : bcap.cachegrant('get-combined', applicant),\
'uploadMaterial' : bcap.cachegrant('upload-material', applicant),\
'revertReview' : bcap.cachegrant('revert-review', pair),\
'submitReview' : bcap.cachegrant('submit-review', pair),\
'getHighlightStatus' : bcap.cachegrant('get-highlight-status', pair),\
'unhighlightApplicant' : bcap.cachegrant('unhighlight-applicant', pair),\
'rejectApplicant' : bcap.cachegrant('reject-applicant', applicant),\
'hideApplicant' : bcap.cachegrant('hide-applicant', pair),\
}
return bcap.bcapResponse(resp)
def post(self, granted, args):
unverified_user = granted.unverifieduser
if granted is None:
return HttpResponseNotFound()
auth_info = AuthInfo(
email=unverified_user.email, \
name=unverified_user.name, \
role='reviewer', \
department=unverified_user.department)
auth_info.save()
reviewer = Reviewer(auth=auth_info, department=unverified_user.department)
reviewer.save()
# Remove the unverified_user---this is a one-shot request
unverified_user.delete()
# This is the capability to put in launch_info
launch = bcap.grant('launch-reviewer', reviewer)
return bcap.bcapResponse({
'public_data': 'Reviewer account for %s' % auth_info.name,
'private_data': launch,
'domain': bcap.this_server_url_prefix(),
'url': '/review'
})
def post(self, granted, args):
if granted is None:
return HttpResponseNotFound()
ua = granted.unverifiedapplicant
auth_info = AuthInfo(
email=ua.email, \
# TODO(matt): fix or remove name from AuthInfo?
name='',\
role='applicant', \
department=ua.department)
auth_info.save()
applicant = Applicant(\
auth = auth_info,\
firstname='',\
lastname='',\
country='',\
department=ua.department,\
position=ua.position\
)
applicant.save()
ua.delete()
launch = bcap.grant('launch-applicant', applicant)
return bcap.bcapResponse({
'public_data': 'Edit application for %s' % ua.email,
'private_data': launch,
'domain': bcap.this_server_url_prefix(),
'url': '/applicant/'
})
def get(self, granted):
applicant = granted.applicant
return bcap.bcapResponse({
'public_data' : 'Applicant review page for %s' % applicant.fullname(),
'private_data' : bcap.regrant('launch-app-review', applicant),
'domain': bcap.this_server_url_prefix(),
'url' : '/appreview',
})
def post(self, granted, args):
applicant = granted.applicant
if args['reject'] == 'yes':
applicant.rejected = True
elif args['reject'] == 'no':
applicant.rejected = False
applicant.save()
return bcap.bcapResponse(applicant.cached_json())
def post(self, granted, args):
pair = granted.apprevpair
highlights = pair.get_highlights()
if len(highlights) == 0:
h = Highlight(department=pair.applicant.department,\
applicant=pair.applicant, highlightee=pair.reviewer)
h.save()
return bcap.bcapResponse(pair.applicant.cached_json())
def post(self, granted, args):
pair = granted.apprevpair
drafts = pair.get_reviews(True)
subs = pair.get_reviews(False)
if len(drafts) > 0 and len(subs) > 0:
draft = drafts[0]
sub = subs[0]
draft.destroy_scores()
draft.transfer_scores_from(sub)
draft.comments = sub.comments
draft.advocate = sub.advocate
draft.save()
return bcap.bcapResponse(draft.to_json())
if len(drafts) > 0:
draft = drafts[0]
draft.delete()
return bcap.bcapResponse('false')
def post(self, granted, args):
applicant = granted.applicant
if args.has_key('gender'):
applicant.gender = args['gender']
if args.has_key('ethnicity'):
applicant.ethnicity = args['ethnicity']
applicant.save()
return bcap.bcapResponse(applicant.cached_json())
def post(self, grantable, args):
reviewer = grantable.reviewer
applicant_json = [a.to_json() for a in reviewer.getApplicants()]
return bcap.bcapResponse({
'changed': True,
'lastChange': reviewer.getLastChange(),
'value': applicant_json
})
def get(self, granted):
ua = granted.unverifiedapplicant
email = ua.email
create_cap = bcap.regrant('add-verified-applicant', ua)
return bcap.bcapResponse({
'email': email,
'create': create_cap,
})
