def ac_subscribe(request, group_name):
"""
View to request an access control permission.
Currently, it can only be used to request ROLE_USER.
"""
title = "%s Data Access Request" % group_name
template = "cog/access_control/subscribe.html"
# prevent requests to 'wheel' group
if group_name == "wheel":
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
# check that group exists in local database
group_list = registrationService.listGroups()
group_names = [str(groupDict["name"]) for groupDict in group_list]
if not group_name in group_names:
return HttpResponseForbidden(GROUP_NOT_FOUND_MESSAGE)
# display submission form
if request.method == "GET":
try:
status = registrationService.status(request.user.profile.openid(), group_name, ROLE_USER)
except ObjectDoesNotExist:
# user does not exist in ESGF database
print "Inserting user into ESGF security database"
esgfDatabaseManager.insertEsgfUser(request.user.profile)
status = None
licenseTxt = None
licenseHtml = None
try:
licenseFile = "cog/access_control/licenses/%s.txt" % group_name
licenseTxt = render_to_string(licenseFile)
except TemplateDoesNotExist:
try:
licenseFile = "cog/access_control/licenses/%s.html" % group_name
licenseHtml = render_to_string(licenseFile)
except TemplateDoesNotExist:
pass
return render(
request,
template,
{
"title": title,
"group_name": group_name,
"status": status,
"licenseTxt": licenseTxt,
"licenseHtml": licenseHtml,
},
)
# process submission form
else:
approved = registrationService.subscribe(request.user.profile.openid(), group_name, ROLE_USER)
# notify node administrators
if not approved:
notifyAdmins(group_name, request.user.id, request)
# (GET-POST-REDIRECT)
return HttpResponseRedirect(
reverse("ac_subscribe", kwargs={"group_name": group_name}) + "?approved=%s" % approved
)
def ac_subscribe(request, group_name):
"""
View to request an access control permission.
Currently, it can only be used to request ROLE_USER.
"""
title = '%s Data Access Request' % group_name
template = 'cog/access_control/subscribe.html'
# prevent requests to 'wheel' group
if group_name == 'wheel':
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
# check that group exists in local database
group_list = registrationService.listGroups()
group_names = [str(groupDict['name']) for groupDict in group_list]
if not group_name in group_names:
return HttpResponseForbidden(GROUP_NOT_FOUND_MESSAGE)
# display submission form
if request.method == 'GET':
try:
status = registrationService.status(request.user.profile.openid(),
group_name, ROLE_USER)
except ObjectDoesNotExist:
# user does not exist in ESGF database
print 'Inserting user into ESGF security database'
esgfDatabaseManager.insertEsgfUser(request.user.profile)
status = None
licenseTxt = None
licenseHtml = None
try:
licenseFile = 'cog/access_control/licenses/%s.txt' % group_name
licenseTxt = render_to_string(licenseFile)
except TemplateDoesNotExist:
try:
licenseFile = 'cog/access_control/licenses/%s.html' % group_name
licenseHtml = render_to_string(licenseFile)
except TemplateDoesNotExist:
pass
return render(
request, template, {
'title': title,
'group_name': group_name,
'status': status,
'licenseTxt': licenseTxt,
'licenseHtml': licenseHtml
})
# process submission form
else:
approved = registrationService.subscribe(request.user.profile.openid(),
group_name, ROLE_USER)
# notify node administrators
if not approved:
notifyAdmins(group_name, request.user.id, request)
# (GET-POST-REDIRECT)
return HttpResponseRedirect(
reverse('ac_subscribe', kwargs={'group_name': group_name}) +
"?approved=%s" % approved)
def ac_process(request, group_name, user_id):
"""
View to process an access control permission request.
This view can be used to assign any permissions to the user.
"""
# check node administrator privileges
admin = request.user
if not admin.is_staff:
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
# load user
user = get_object_or_404(User, pk=user_id)
openid = user.profile.openid()
title = "%s Data Access Management" % group_name
template = "cog/access_control/process.html"
# display admin form
if request.method == "GET":
# set initial status of check boxes from database
initial = {}
permissions = registrationService.list(openid, group_name)
for role, approved in permissions.items():
initial["%sPermissionCheckbox" % role] = approved
form = PermissionForm(initial=initial)
return render(request, template, {"group_name": group_name, "title": title, "user": user, "form": form})
# process admin form
else:
form = PermissionForm(request.POST)
if form.is_valid():
# loop over roles
for role in [ROLE_USER, ROLE_PUBLISHER, ROLE_SUPERUSER, ROLE_ADMIN]:
# retrieve approve status from POST data and store it in ESGF database
approve = form.cleaned_data.get("%sPermissionCheckbox" % role, False)
# only True values are transmitted in POST data
try:
registrationService.process(openid, group_name, role, approve)
except NoResultFound: # permission not found in database
if approve: # create new permission, but only if approve=True
registrationService.subscribe(openid, group_name, role)
registrationService.process(openid, group_name, role, approve)
# notify user
permissions = registrationService.list(user.profile.openid(), group_name)
notifyUser(group_name, request.user, permissions)
# (GET-POST-REDIRECT)
return HttpResponseRedirect(
reverse("ac_process", kwargs={"user_id": user.id, "group_name": group_name}) + "?message=%s" % SAVED
)
else:
print "Form is invalid: %s" % form.errors
return render(request, template, {"group_name": group_name, "title": title, "user": user, "form": form})
def ac_process(request, group_name, user_id):
"""
View to process an access control permission request.
This view can be used to assign any permissions to the user.
"""
# check node administrator privileges
admin = request.user
if not admin.is_staff:
return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE)
# load user
user = get_object_or_404(User, pk=user_id)
openid = user.profile.openid()
title = '%s Data Access Management' % group_name
template = 'cog/access_control/process.html'
# display admin form
if request.method == 'GET':
# set initial status of check boxes from database
initial = {}
permissions = registrationService.list(openid, group_name)
for role, approved in permissions.items():
initial['%sPermissionCheckbox' % role] = approved
form = PermissionForm(initial=initial)
return render(request, template, {
'group_name': group_name,
'title': title,
'user': user,
'form': form
})
# process admin form
else:
form = PermissionForm(request.POST)
if form.is_valid():
# loop over roles
for role in [
ROLE_USER, ROLE_PUBLISHER, ROLE_SUPERUSER, ROLE_ADMIN
]:
# retrieve approve status from POST data and store it in ESGF database
approve = form.cleaned_data.get('%sPermissionCheckbox' % role,
False)
# only True values are transmitted in POST data
try:
registrationService.process(openid, group_name, role,
approve)
except NoResultFound: # permission not found in database
if approve: # create new permission, but only if approve=True
registrationService.subscribe(openid, group_name, role)
registrationService.process(openid, group_name, role,
approve)
# notify user
permissions = registrationService.list(user.profile.openid(),
group_name)
notifyUser(group_name, user, permissions)
# (GET-POST-REDIRECT)
return HttpResponseRedirect(
reverse('ac_process',
kwargs={
'user_id': user.id,
'group_name': group_name
}) + "?message=%s" % SAVED)
else:
print "Form is invalid: %s" % form.errors
return render(
request, template, {
'group_name': group_name,
'title': title,
'user': user,
'form': form
})
