def identify(self):
'''Identify which user (if any) is logged-in via WAAD.
CKAN calls this on each page load.
If a logged-in user is found, set toolkit.c.user to be their user name.
'''
user = pylons.session.get('ckanext-oauth2waad-user')
if user:
toolkit.c.user = user
endpoint = _waad_auth_token_endpoint()
try:
_refresh_access_token_if_expiring(pylons.session,
_waad_client_id(),
_waad_resource(), endpoint)
except CannotRefreshAccessTokenError:
domain_name = _get_domain_name_from_url(endpoint)
logout_url = toolkit.url_for(controller='user',
action='logout')
message = toolkit._(
"Refreshing your Windows Azure Active Directory OAuth 2.0 "
"access token with {domain} failed. Some functionality "
"may not be available. You can try "
'<a href="{logout}">logging out</a> and logging in again '
"to fix the issue.").format(domain=domain_name,
logout=logout_url)
helpers.flash(message,
category='alert-error',
allow_html=True,
ignore_duplicate=True)
def get(self, id):
context = {
u'model': model,
u'session': model.Session,
u'user': id,
u'keep_email': True
}
g.reset_key = request.params.get(u'key')
try:
check_access(u'user_update', context, {
'id': id,
'reset_key': g.reset_key,
})
except NotAuthorized:
msg = _(
u'The link you accessed is either invalid or has expired. Please request another reset link. '
u'If the problem persists please '
u'<a href="/faq#auto-faq-Contact-How_do_I_contact_the_HDX_team_-a">contact us</a>.'
)
h.flash(msg, category='alert-error', allow_html=True)
return _forgot_password()
try:
user_dict = get_action(u'user_show')(context, {u'id': id})
except NotFound:
abort(404, _(u'User not found'))
return render(u'user/perform_reset.html', {u'user_dict': user_dict})
def identify(self):
'''Identify which user (if any) is logged-in via WAAD.
CKAN calls this on each page load.
If a logged-in user is found, set toolkit.c.user to be their user name.
'''
user = pylons.session.get('ckanext-oauth2waad-user')
if user:
toolkit.c.user = user
endpoint = _waad_auth_token_endpoint()
try:
_refresh_access_token_if_expiring(pylons.session,
_waad_client_id(),
_waad_resource(),
endpoint)
except CannotRefreshAccessTokenError:
domain_name = _get_domain_name_from_url(endpoint)
logout_url = toolkit.url_for(controller='user',
action='logout')
message = toolkit._(
"Refreshing your Windows Azure Active Directory OAuth 2.0 "
"access token with {domain} failed. Some functionality "
"may not be available. You can try "
'<a href="{logout}">logging out</a> and logging in again '
"to fix the issue.").format(domain=domain_name,
logout=logout_url)
helpers.flash(message, category='alert-error', allow_html=True,
ignore_duplicate=True)
def update_dqs(self, dqs_uuid):
"""
"""
package, context = self._get_pkg_by_dqs_uuid(dqs_uuid)
if request.method == 'POST':
bit_dqs = 0
for name, value in request.POST.items():
if not name.startswith('q-'):
continue
idx = int(name[2:])
bit_dqs |= 1 << idx
user = logic.get_action('get_site_user')({
'ignore_auth': True
}, None)
context = {'model': model, 'user': user['name']}
package = logic.get_action('package_patch')(context, {
'id': package['id'],
'bit_dqs': bit_dqs
})
allow_send_emails = asbool(
config.get('ckan.ksa_dqs_allow_emails_send', 'False'))
notif_emails = config.get('ckan.ksa_dqs_admin_emails', '').split()
if len(notif_emails) > 0 and allow_send_emails:
site_url = config.get('ckan.site_url', '')
url = site_url + '/dataset/' + package['name']
notif_names = 'admin'
subject = 'DQS Updated for {0}'.format(package.get('title'))
msg = '''The DQS for {title} dataset has been updated: {url}'''\
.format(title=package.get('title'), url=url)
try:
for email in notif_emails:
mailer.mail_recipient(notif_names, email, subject, msg)
except mailer.MailerException as e:
h.flash("Email error: {0}".format(e.message),
allow_html=False)
data = {
'id':
dqs_uuid,
'name':
'Data Quality Statement',
'format':
'PDF',
'package_id':
package['id'],
'url':
h.url_for('ksa_export_dqs', dqs_uuid=dqs_uuid, qualified=True)
}
self._resource_create(context, data)
return h.redirect_to('update_dataset_dqs', dqs_uuid=dqs_uuid)
questionnaire_data = questionnaire.data
if h.lang() == 'ar':
questionnaire_data = questionnaire_ar.data
extra_vars = {'pkg_dict': package, 'questionnaire': questionnaire_data}
return base.render('package/update_dqs.html', extra_vars=extra_vars)
def notice_show(context, data_dict):
""" return the stored notice
"""
try:
model = context['model']
notice = model.get_system_info('cdrc.site_notice.text')
notice_type = model.get_system_info('cdrc.site_notice.type')
if len(notice) > 0 and len(notice_type) > 0:
h.flash(notice, notice_type)
except:
pass
return ''
def issues_for_organization(self, org_id):
"""
Display a page containing a list of all issues for a given organization
"""
self._before_org(org_id)
try:
template_params = issues_for_org(org_id, request.GET)
except toolkit.ValidationError, e:
msg = toolkit._(u'Validation error: {0}').format(e.error_summary)
log.warning(msg + u' - Issues for org: %s', org_id)
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues_for_organization',
org_id=org_id)
def issues_for_organization(self, org_id):
"""
Display a page containing a list of all issues for a given organization
"""
self._before_org(org_id)
try:
template_params = issues_for_org(org_id, request.GET)
except toolkit.ValidationError, e:
msg = toolkit._("Validation error: {0}".format(e.error_summary))
log.warning(msg + ' - Issues for org: %s', org_id)
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues_for_organization',
org_id=org_id)
def issues_for_organization(org_id):
"""
Display a page containing a list of all issues for a given organization
"""
_before_org(org_id)
try:
template_params = issues_for_org(org_id, request.args)
except toolkit.ValidationError as e:
msg = toolkit._("Validation error: {0}".format(e.error_summary))
log.warning(msg + ' - Issues for org: %s', org_id)
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues.issues_for_organization',
org_id=org_id)
print(template_params)
return render("issues/organization_issues.html",
extra_vars=template_params)
# TO DELETE
g.org = model.Group.get(org_id)
q = """
SELECT table_id
FROM member
WHERE group_id='{gid}'
AND table_name='package'
AND state='active'
""".format(gid=g.org.id)
results = model.Session.execute(q)
dataset_ids = [x['table_id'] for x in results]
issues = model.Session.query(issuemodel.Issue)\
.filter(issuemodel.Issue.dataset_id.in_(dataset_ids))\
.order_by(issuemodel.Issue.created.desc())
g.results = collections.defaultdict(list)
for issue in issues:
g.results[issue.package].append(issue)
g.package_set = sorted(set(g.results.keys()), key=lambda x: x.title)
print(g.package_set)
return render("issues/organization_issues.html",
extra_vars=template_params)
def validate():
"""
For Manual Validation
"""
context = {}
resource_id = toolkit.request.form.get("resource_id")
try:
toolkit.check_access('manual_validation', context)
except toolkit.NotAuthorized:
toolkit.abort(
403,
toolkit._('User %r not authorized to edit %s') %
(context.user, resource_id))
if not resource_id:
toolkit.abort(404, toolkit._('Resource not found'))
data_dict = {"id": resource_id, "manual_validation": "validated"}
try:
toolkit.get_action("resource_update")(context, data_dict)
except logic.NotFound:
toolkit.abort(404, toolkit._('Resource not found'))
h.flash(toolkit._("Resource sucesfully validated"))
return toolkit.redirect_to("/")
def login(self):
'''Handle request to the WAAD redirect_uri.'''
params = pylons.request.params
waad_auth_code = params.get('code')
if not waad_auth_code:
toolkit.abort(401)
if not _csrf_check(pylons.request, pylons.response, _csrf_secret()):
toolkit.abort(401)
try:
details = _get_user_details_from_waad(waad_auth_code,
_waad_client_id(),
_waad_redirect_uri(),
_waad_resource(),
_waad_auth_token_endpoint())
except InvalidAccessTokenResponse as exc:
message = toolkit._(
"Error getting user details from Windows Azure AD: {error}".
format(error=exc))
helpers.flash(message,
category='alert-error',
allow_html=True,
ignore_duplicate=True)
toolkit.redirect_to(controller='user', action='login')
try:
user = _log_the_user_in(session=pylons.session, **details)
except CouldNotCreateUserException as exc:
message = toolkit._(
"Creating your CKAN user account failed: {error}".format(
error=exc))
helpers.flash(message,
category='alert-error',
allow_html=True,
ignore_duplicate=True)
toolkit.redirect_to(controller='user', action='login')
except CouldNotFindUserException as exc:
message = toolkit._("The CKAN account for your Windows Azure AD "
"user does not exist")
helpers.flash(message,
category='alert-error',
allow_html=True,
ignore_duplicate=True)
toolkit.redirect_to(controller='user', action='login')
toolkit.redirect_to(controller='user',
action='dashboard',
id=user['name'])
def login(self):
'''Handle request to the WAAD redirect_uri.'''
params = pylons.request.params
waad_auth_code = params.get('code')
if not waad_auth_code:
toolkit.abort(401)
if not _csrf_check(pylons.request, pylons.response, _csrf_secret()):
toolkit.abort(401)
try:
details = _get_user_details_from_waad(
waad_auth_code, _waad_client_id(), _waad_redirect_uri(),
_waad_resource(), _waad_auth_token_endpoint())
except InvalidAccessTokenResponse as exc:
message = toolkit._(
"Error getting user details from Windows Azure AD: {error}"
.format(error=exc))
helpers.flash(message, category='alert-error', allow_html=True,
ignore_duplicate=True)
toolkit.redirect_to(controller='user', action='login')
try:
user = _log_the_user_in(session=pylons.session, **details)
except CouldNotCreateUserException as exc:
message = toolkit._(
"Creating your CKAN user account failed: {error}".format(
error=exc))
helpers.flash(message, category='alert-error', allow_html=True,
ignore_duplicate=True)
toolkit.redirect_to(controller='user', action='login')
except CouldNotFindUserException as exc:
message = toolkit._(
"The CKAN account for your Windows Azure AD "
"user does not exist"
)
helpers.flash(message, category='alert-error', allow_html=True,
ignore_duplicate=True)
toolkit.redirect_to(controller='user', action='login')
toolkit.redirect_to(controller='user', action='dashboard',
id=user['name'])
def test_upload_form(self):
if request.method == 'POST':
h.flash('Thanks for uploading data', 'alert-info')
redirect(toolkit.url_for('/dataset'))
return render('tests/upload-form.html')
def _home_handle_error(package_id, exc):
msg = toolkit._("Validation error: {0}".format(exc.error_summary))
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues_home', package_id=package_id)
def account_requests_management(self):
''' Approve or reject an account request
'''
action = request.params['action']
user_id = request.params['id']
user_name = request.params['name']
user = model.User.get(user_id)
context = {
'model': model,
'user': c.user,
'session': model.Session,
}
activity_create_context = {
'model': model,
'user': user_name,
'defer_commit': True,
'ignore_auth': True,
'session': model.Session
}
activity_dict = {'user_id': c.userobj.id, 'object_id': user_id}
list_admin_emails = tk.aslist(
config.get('ckanext.accessrequests.approver_email')
)
if action == 'forbid':
object_id_validators['reject new user'] = user_id_exists
activity_dict['activity_type'] = 'reject new user'
logic.get_action('activity_create')(
activity_create_context, activity_dict
)
org = logic.get_action('organization_list_for_user')({
'user': user_name
}, {
"permission": "read"
})
if org:
logic.get_action('organization_member_delete')(
context, {
"id": org[0]['id'],
"username": user_name
}
)
logic.get_action('user_delete')(context, {'id': user_id})
msg = (
"Your account request for {0} has been rejected by {1}"
"\n\nFor further clarification "
"as to why your request has been "
"rejected please contact the NSW Flood Data Portal ({2})"
)
mailer.mail_recipient(
user.fullname, user.email, 'Account request',
msg.format(
config.get('ckan.site_title'), c.userobj.fullname,
c.userobj.email
)
)
msg = ("User account request for {0} "
"has been rejected by {1}"
).format(user.fullname or user_name, c.userobj.fullname)
for admin_email in list_admin_emails:
try:
mailer.mail_recipient(
'Admin', admin_email, 'Account request feedback', msg
)
except mailer.MailerException as e:
h.flash(
"Email error: {0}".format(e.message), allow_html=False
)
elif action == 'approve':
user_org = request.params['org']
user_role = request.params['role']
object_id_validators['approve new user'] = user_id_exists
activity_dict['activity_type'] = 'approve new user'
logic.get_action('activity_create')(
activity_create_context, activity_dict
)
org_display_name, org_role = assign_user_to_org(
user_id, user_org, user_role, context
)
# Send invitation to complete registration
msg = (
"User account request for {0} "
"(Organization : {1}, Role: {2}) "
"has been approved by {3}"
).format(
user.fullname or user_name, org_display_name, org_role,
c.userobj.fullname
)
for admin_email in list_admin_emails:
try:
mailer.mail_recipient(
'Admin', admin_email, 'Account request feedback', msg
)
except mailer.MailerException as e:
h.flash(
"Email error: {0}".format(e.message), allow_html=False
)
try:
org_dict = tk.get_action('organization_show')(context, {'id': user_org})
user.name = user.name
mailer.send_invite(user, org_dict, user_role)
except Exception as e:
log.error('Error emailing invite to user: %s', e)
abort(500, _('Error: couldn' 't email invite to user'))
response.status = 200
return render('user/account_requests_management.html')
def _save_new_pending(self, context):
errors = {}
error_summary = {}
params = request.params
password = str(binascii.b2a_hex(os.urandom(15)))
data = dict(
fullname=params['fullname'],
name=params['name'],
password1=password,
password2=password,
state=model.State.PENDING,
email=params['email'],
organization_request=params['organization-for-request'],
reason_to_access=params['reason-to-access'],
role=params['role']
)
try:
# captcha.check_recaptcha(request)
user_dict = logic.get_action('user_create')(context, data)
if params['organization-for-request']:
organization = model.Group.get(data['organization_request'])
sys_admin = model.Session.query(model.User).filter(
sqlalchemy.and_(
model.User.sysadmin == True, # noqa
model.User.state == 'active'
)
).first().name
logic.get_action('organization_member_create')({
"user": sys_admin
}, {
"id": organization.id,
"username": user_dict['name'],
"role": data['role'] if data['role'] else 'member'
})
role = data['role'].title() if data['role'] else 'Member'
else:
organization = None
msg = (
"A request for a new user account has been submitted:"
"\nUsername: {}"
"\nName: {}\nEmail: {}\nOrganisation: {}\nRole: {}"
"\nReason for access: {}"
"\nThis request can be approved or rejected at {}"
).format(
data['name'], data['fullname'], data['email'],
organization.display_name if organization else None,
role if organization else None, data['reason_to_access'],
g.site_url + h.url_for(
controller=(
'ckanext.accessrequests.controller'
':AccessRequestsController'
),
action='account_requests'
)
)
list_admin_emails = tk.aslist(
config.get('ckanext.accessrequests.approver_email')
)
for admin_email in list_admin_emails:
try:
mailer.mail_recipient(
'Admin', admin_email, 'Account request', msg
)
except mailer.MailerException as e:
h.flash(
"Email error: {0}".format(e.message), allow_html=False
)
h.flash_success(
'Your request for access to the {0} has been submitted.'.
format(config.get('ckan.site_title'))
)
except ValidationError as e:
# return validation failures to the form
if e.error_dict:
errors = e.error_dict
error_summary = e.error_summary
return self.request_account(data, errors, error_summary)
except CaptchaError:
errors['Captcha'] = [_(u'Bad Captcha. Please try again.')]
error_summary['Captcha'] = 'Bad Captcha. Please try again.'
return self.request_account(data, errors, error_summary)
h.redirect_to('/')
def _dataset_handle_error(dataset_id, exc):
msg = toolkit._("Validation error: {0}".format(exc.error_summary))
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues_dataset', dataset_id=dataset_id)
def test_upload_form(self):
if request.method == 'POST':
h.flash('Thanks for uploading data', 'alert-info')
redirect(toolkit.url_for('/dataset'))
return render('tests/upload-form.html')
def _dataset_handle_error(dataset_id, exc):
msg = toolkit._(u'Validation error: {0}').format(exc.error_summary)
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues_dataset', dataset_id=dataset_id)
def _home_handle_error(package_id, exc):
msg = toolkit._("Validation error: {0}".format(exc.error_summary))
h.flash(msg, category='alert-error')
return p.toolkit.redirect_to('issues_home', package_id=package_id)
