def user_has_roles(userobj, role_list):
"""
User has all given roles in the list
:param userobj:
:param role_list:
:return:
"""
role_set = set([strip_lower(role) for role in role_list])
user_roles = fetch_cramstoken_roles(userobj)
if user_roles:
return role_set.issubset(fetch_cramstoken_roles(userobj))
return False
def user_has_roles(userobj, role_list):
"""
User has all given roles in the list
:param userobj:
:param role_list:
:return:
"""
role_set = set([strip_lower(role) for role in role_list])
user_roles = fetch_cramstoken_roles(userobj)
if user_roles:
return role_set.issubset(fetch_cramstoken_roles(userobj))
return False
def _add_debug_role(user, new_role):
if user.email in DEBUG_APPROVERS and APP_ENV == 'DEV':
if user.auth_token and user.auth_token.cramstoken:
cramstoken = user.auth_token.cramstoken
if cramstoken.ks_roles:
ks_roles = json_loads(cramstoken.ks_roles)
else:
ks_roles = []
ks_roles_set = set(ks_roles)
ks_roles_set.add(strip_lower(new_role))
cramstoken.ks_roles = json_dumps(list(ks_roles_set))
cramstoken.save()
return HttpResponse('<H3>Role Added <H3><BR>' + new_role)
return HttpResponse('<H3>Access Denied - cannot add role<H3><BR>')
def _add_debug_role(user, new_role):
if user.email in DEBUG_APPROVERS and APP_ENV == 'DEV':
if user.auth_token and user.auth_token.cramstoken:
cramstoken = user.auth_token.cramstoken
if cramstoken.ks_roles:
ks_roles = json_loads(cramstoken.ks_roles)
else:
ks_roles = []
ks_roles_set = set(ks_roles)
ks_roles_set.add(strip_lower(new_role))
cramstoken.ks_roles = json_dumps(list(ks_roles_set))
cramstoken.save()
return HttpResponse('<H3>Role Added <H3><BR>' + new_role)
return HttpResponse('<H3>Access Denied - cannot add role<H3><BR>')
def send_notification(self, alloc_req):
"""send notification.
:param alloc_req:
"""
try:
template_obj = NotificationTemplate.objects.get(
request_status=alloc_req.request_status,
funding_body=alloc_req.funding_scheme.funding_body
)
except NotificationTemplate.DoesNotExist:
return
template = template_obj.template_file_path
mail_content = self.populate_email_dict_for_request(alloc_req)
try:
desc = alloc_req.project.description
subject = 'Allocation request - ' + desc
sender = settings.EMAIL_SENDER
recipient_list = get_request_contact_email_ids(alloc_req)
funding_body = alloc_req.funding_scheme.funding_body
cc_list = None
if template_obj.alert_funding_body:
if funding_body.email:
cc_list = [funding_body.email]
else:
p_msg = 'Email not found, Unable to send notification to '
LOG.error(p_msg + funding_body.name)
reply_to = FB_REPLY_TO_MAP.get(strip_lower(funding_body.name))
mail_sender.send_notification(
sender=sender,
subject=subject,
mail_content=mail_content,
template_name=template,
recipient_list=recipient_list,
cc_list=cc_list,
bcc_list=None,
reply_to=reply_to)
except Exception as e:
error_message = '{} : Project - {}'.format(repr(e), desc)
LOG.error(error_message)
if settings.DEBUG:
raise Exception(error_message)
def setup_case_insensitive_roles(user, user_roles_list):
crams_token, created = CramsToken.objects.get_or_create(user=user)
user_roles_icase = [strip_lower(role) for role in user_roles_list]
crams_token.ks_roles = json_dumps(user_roles_icase)
crams_token.save()
return crams_token
def get_configurable_roles():
configurable_roles = list(ROLE_FB_MAP.keys())
configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE))
return configurable_roles
from json import loads as json_loads
from rest_framework.exceptions import ParseError
from crams.DBConstants import FUNDING_BODY_NECTAR, FUNDING_BODY_VICNODE
from crams.lang_utils import reverse_dict, strip_lower
from crams.settings import NECTAR_APPROVER_ROLE, VICNODE_APPROVER_ROLE
from crams.settings import CRAMS_PROVISIONER_ROLE
from crams.models import CramsToken
from json import dumps as json_dumps
# Funding Body Role Map
ROLE_FB_MAP = {
strip_lower(NECTAR_APPROVER_ROLE): FUNDING_BODY_NECTAR,
strip_lower(VICNODE_APPROVER_ROLE): FUNDING_BODY_VICNODE
}
FB_ROLE_MAP_REVERSE = reverse_dict(ROLE_FB_MAP)
def get_configurable_roles():
configurable_roles = list(ROLE_FB_MAP.keys())
configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE))
return configurable_roles
def get_authorised_funding_bodies(user):
"""
:param user:
:return:
"""
def _get_crams_token_for_keystone_user(request, ks_user):
# look up user
username = ks_user["name"]
keystone_id = ks_user['id']
try:
user = User.objects.get(keystone_uuid=keystone_id)
if user.email != username:
prev_email = user.email
user.email = username
user.save()
msg_format = 'User email updated from {} to {} for User {}'
events = UserEvents(created_by=user,
event_message=msg_format.format(
repr(prev_email), repr(user.email),
repr(user)))
events.save()
except User.MultipleObjectsReturned:
raise rest_exceptions.AuthenticationFailed(
'Multiple UserIds exist for User, contact Support')
except User.DoesNotExist:
try:
user, created = User.objects.get_or_create(email=username,
username=username)
if not user.keystone_uuid:
user.keystone_uuid = keystone_id
user.save()
# else:
# error_msg = 'Invalid Keystone id in DB for User {}, \
# contact Support'.format(repr(username))
# raise AuthenticationFailed(error_msg)
events = UserEvents(
created_by=user,
event_message='User uuid set to {} for User {}'.format(
repr(user.keystone_uuid), repr(user)))
events.save()
except Exception as e:
return HttpResponse('Error creating user with email ' + username +
' ' + str(e))
# Expire existing Token and log Login
if user.auth_token:
user.auth_token.delete()
msg = 'User logged in with valid Keystone token'
events = UserEvents(created_by=user, event_message=msg)
events.save()
configurable_roles = roleUtils.get_configurable_roles()
user_roles = []
for (project, roles) in ks_user.get("roles", {}).items():
for role_obj in roles:
role = strip_lower(role_obj.name)
if role in configurable_roles:
user_roles.append(role)
else:
p_role = roleUtils.generate_project_role(project, role)
if p_role not in configurable_roles: # additional security
user_roles.append(p_role)
return roleUtils.setup_case_insensitive_roles(user, user_roles)
def setup_case_insensitive_roles(user, user_roles_list):
crams_token, created = CramsToken.objects.get_or_create(user=user)
user_roles_icase = [strip_lower(role) for role in user_roles_list]
crams_token.ks_roles = json_dumps(user_roles_icase)
crams_token.save()
return crams_token
def get_configurable_roles():
configurable_roles = list(ROLE_FB_MAP.keys())
configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE))
return configurable_roles
from json import loads as json_loads
from rest_framework.exceptions import ParseError
from crams.DBConstants import FUNDING_BODY_NECTAR
from crams.lang_utils import reverse_dict, strip_lower
from crams.settings import NECTAR_APPROVER_ROLE
from crams.settings import CRAMS_PROVISIONER_ROLE
from crams.settings import NECTAR_NOTIFICATION_REPLY_TO
from crams.models import CramsToken
from json import dumps as json_dumps
# Funding Body Reply-to Email Map
FB_REPLY_TO_MAP = {
strip_lower(FUNDING_BODY_NECTAR): NECTAR_NOTIFICATION_REPLY_TO
}
# Funding Body Role Map
ROLE_FB_MAP = {
strip_lower(NECTAR_APPROVER_ROLE): FUNDING_BODY_NECTAR,
}
FB_ROLE_MAP_REVERSE = reverse_dict(ROLE_FB_MAP)
def get_configurable_roles():
configurable_roles = list(ROLE_FB_MAP.keys())
configurable_roles.append(strip_lower(CRAMS_PROVISIONER_ROLE))
return configurable_roles
def get_authorised_funding_bodies(user):
def _get_crams_token_for_keystone_user(request, ks_user):
# look up user
username = ks_user["name"]
keystone_id = ks_user['id']
try:
user = User.objects.get(keystone_uuid=keystone_id)
if user.email != username:
prev_email = user.email
user.email = username
user.save()
msg_format = 'User email updated from {} to {} for User {}'
events = UserEvents(
created_by=user,
event_message=msg_format.format(repr(prev_email),
repr(user.email),
repr(user))
)
events.save()
except User.MultipleObjectsReturned:
raise rest_exceptions.AuthenticationFailed(
'Multiple UserIds exist for User, contact Support')
except User.DoesNotExist:
try:
user, created = User.objects.get_or_create(email=username,
username=username)
if not user.keystone_uuid:
user.keystone_uuid = keystone_id
user.save()
# else:
# error_msg = 'Invalid Keystone id in DB for User {}, \
# contact Support'.format(repr(username))
# raise AuthenticationFailed(error_msg)
events = UserEvents(
created_by=user,
event_message='User uuid set to {} for User {}'.format(
repr(
user.keystone_uuid),
repr(user)))
events.save()
except Exception as e:
return HttpResponse('Error creating user with email ' + username +
' ' + str(e))
# Expire existing Token and log Login
if hasattr(user, 'auth_token'):
user.auth_token.delete()
msg = 'User logged in with valid Keystone token'
events = UserEvents(
created_by=user,
event_message=msg
)
events.save()
configurable_roles = roleUtils.get_configurable_roles()
user_roles = []
for (project, roles) in ks_user.get("roles", {}).items():
for role_obj in roles:
role = strip_lower(role_obj.name)
if role in configurable_roles:
user_roles.append(role)
else:
p_role = roleUtils.generate_project_role(project, role)
if p_role not in configurable_roles: # additional security
user_roles.append(p_role)
return roleUtils.setup_case_insensitive_roles(user, user_roles)