def build_query_from_field(self, field_name, operation):
if field_name == 'permissions':
if operation['op'] != 'eq':
raise InvalidFilterOperator(value=operation['op'],
valid_operators=['eq'])
auth = get_user_auth(self.request)
auth_user = getattr(auth, 'user', None)
if not auth_user:
raise NotAuthenticated()
value = operation['value'].lstrip('[').rstrip(']')
permissions = [v.strip() for v in value.split(',')]
if any(p not in reviews_permissions.PERMISSIONS
for p in permissions):
valid_permissions = ', '.join(
reviews_permissions.PERMISSIONS.keys())
raise InvalidFilterValue(
'Invalid permission! Valid values are: {}'.format(
valid_permissions))
return Q(id__in=get_objects_for_user(
auth_user, permissions, PreprintProvider, any_perm=True))
return super(PreprintProviderList,
self).build_query_from_field(field_name, operation)
def _radius_token_authenticate(self, request):
# cached_orgid exists only for users authenticated
# successfully in past 24 hours
username = request.data.get('username') or request.query_params.get('username')
cached_orgid = cache.get(f'rt-{username}')
if cached_orgid:
return self._check_client_ip_and_return(request, cached_orgid)
else:
try:
radtoken = RadiusToken.objects.get(user__username=username)
except RadiusToken.DoesNotExist:
if username:
message = _(
'Radius token does not exist. Obtain a new radius token '
'or provide the organization UUID and API token.'
)
else:
message = _('username field is required.')
logger.warning(message)
raise NotAuthenticated(message)
org_uuid = str(radtoken.organization_id)
cache.set(f'rt-{username}', org_uuid, 86400)
return self._check_client_ip_and_return(request, org_uuid)
def wrapper(parent, info, *args, **kwargs):
if isinstance(info.context, HttpRequest):
authenticator = JWTAuthentication()
auth_result = authenticator.authenticate(info.context)
if auth_result is None:
raise PermissionDenied()
user, _ = auth_result
if not user.is_authenticated:
raise NotAuthenticated()
if with_policies is not None and len(with_policies) > 0:
is_allowed_request = PermissionService.check_policies(info.context, user, with_policies)
if not is_allowed_request:
raise PermissionDenied()
kwargs["current_user"] = user
resolved = resolver(parent, info, *args, **kwargs)
return resolved
def get(self, request):
bid = request.GET.get('bucket_id', None)
try:
b = Buckets.objects.get(bucket_id=int(bid))
self.queryset = self.model.objects.select_related(
'user').select_related('bucket').filter(bucket=b).values(
'user__first_name', 'user__username', 'bucket__name',
'permission', 'acl_bid')
except Buckets.DoesNotExist:
raise ParseError('not found this bucket')
except self.model.DoesNotExist:
raise ParseError('not found resource')
except TypeError:
raise ParseError('arg acl_bid is not a number')
if b.user != request.user:
raise NotAuthenticated('user and bucket__user not match')
return Response({
'code': 0,
'msg': 'success',
'data': list(self.queryset)
})
def limits(self, request):
if request.user and request.user.is_authenticated():
# Use email model manager
emails = Email.objects.emails_by_user_today(request.user)
print emails
# Setup emails
sendgrid = 0
outlook = 0
gmail = 0
smtp = 0
# Loop through emails
for email in emails:
if email.method == 'sendgrid':
sendgrid += 1
elif email.method == 'outlook':
outlook += 1
elif email.method == 'gmail':
gmail += 1
elif email.method == 'smtp':
smtp += 1
data = {
'sendgrid': sendgrid,
'sendgridLimits': 2500,
'outlook': outlook,
'outlookLimits': 500,
'gmail': gmail,
'gmailLimits': 500,
'smtp': smtp,
'smtpLimits': 2000
}
return Response(data, {})
raise NotAuthenticated()
def has_object_permission(self, request, view, organization):
if request.user and request.user.is_authenticated() and request.auth:
request.access = access.from_request(
request,
organization,
scopes=request.auth.get_scopes(),
)
elif request.auth:
return request.auth.organization_id == organization.id
else:
request.access = access.from_request(request, organization)
if auth.is_user_signed_request(request):
# if the user comes from a signed request
# we let them pass if sso is enabled
logger.info(
'access.signed-sso-passthrough',
extra={
'organization_id': organization.id,
'user_id': request.user.id,
}
)
elif request.user.is_authenticated() and self.needs_sso(request, organization):
# session auth needs to confirm various permissions
logger.info(
'access.must-sso',
extra={
'organization_id': organization.id,
'user_id': request.user.id,
}
)
raise NotAuthenticated(detail='Must login via SSO')
allowed_scopes = set(self.scope_map.get(request.method, []))
return any(request.access.has_scope(s) for s in allowed_scopes)
def user_delete_endpoint(request):
"""
删除指定的用户,该超作只允许超级管理员执行
:param request:
:return:
"""
# if not request.user.is_superuser:
# raise NotAuthenticated(detail='permission denied!')
fields = (('*username', str, verify_username), ('*user_id', int, None))
data = validate_post_data(request.body, fields)
try:
u = User.objects.get(pk=data['user_id'])
except User.DoesNotExist:
raise NotFound(detail='not found this user')
if not request.user.is_superuser and u != request.user:
raise NotAuthenticated(detail='permission denied')
if u.username != data['username']:
raise ParseError(detail='username and user_id not match')
if u.profile.phone_verify:
region = BucketRegion.objects.all()
# 递归删除所有区域集群上的用户
for i in region:
rgw = rgw_client(i.reg_id)
try:
rgw.get_user(uid=u.keys.ceph_uid, stats=True)
except NoSuchUser:
continue
else:
rgw.remove_user(uid=u.keys.ceph_uid, purge_data=True)
u.delete()
return Response({'code': 0, 'msg': 'success'})
def _get_token_info(self, request):
""" Decode token """
# Options check token
options = {"verify_signature": True, "verify_aud": False, "exp": True}
# JWT not found
if 'HTTP_AUTHORIZATION' not in request.META:
raise NotAuthenticated("HTTP_AUTHORIZATION not found in the request")
jwt = request.META.get('HTTP_AUTHORIZATION')
try:
token_info = self._keycloak.decode_token(jwt, key=self._client_public_key, options=options)
except ExpiredSignatureError:
options["verify_exp"] = False
token_info = self._keycloak.decode_token(jwt, key=self._client_public_key, options=options)
if "offline_access" in token_info['realm_access']['roles']:
return token_info
else:
raise ExpiredSignatureError("Login expired")
return token_info
def post(self, request, *args, **kwargs):
# Create OrderItems
if not request.user.is_authenticated:
raise NotAuthenticated()
# get Item Using slug
slug = request.data.get('slug', None)
if slug is None:
return Response({"message": "Invalid request"}, status=HTTP_400_BAD_REQUEST)
item = get_object_or_404(Item, slug=slug)
# verify number of variations
variations = request.data.get('variations', [])
minimum_variation_count = Variation.objects.filter(item=item).count()
if len(variations) < minimum_variation_count:
return Response({"message": "Please specify the required variation types"}, status=HTTP_400_BAD_REQUEST)
try:
add_to_cart(item=item, variations=variations, user=request.user)
except Exception as e:
raise APIException(e)
else:
return Response(status=HTTP_200_OK)
def NylasCompleteView(request):
if request.user and request.user.is_authenticated():
user_profile = UserProfile.objects.get(user=request.user)
if 'code' in request.GET:
code = request.GET.get('code')
access_resp = get_oauth_token(code)
if access_resp.status_code == 200:
access_token_object = access_resp.json()
user_profile.outlook = False
user_profile.external_email = True
user_profile.gmail = False
'''
access_resp:
{u'access_token': u'NydGZ6oZFsnKLY8bSsrxOX16A6ffB3',
u'token_type': u'bearer', u'email_address': u'*****@*****.**',
u'account_id': u'5k3rl5bw4elb4n3gb2xayo2m8',
u'provider': u'namecheap'}
'''
user_profile.external_email_username = access_token_object[
'email_address']
user_profile.external_email_token_type = access_token_object[
'token_type']
user_profile.external_email_access_token = access_token_object[
'access_token']
user_profile.external_email_account_id = access_token_object[
'account_id']
user_profile.external_email_provider = access_token_object[
'provider']
user_profile.save()
return redirect(product_site_url(request))
return redirect(generate_site_url(request))
raise NotAuthenticated()
def authenticate(self, request):
token = self.get_jwt_value(request)
if token is None:
raise NotAuthenticated()
return self.authenticate_credentials(token)
def drop_session(cls, refresh_token):
try:
RefreshToken(refresh_token).blacklist()
except TokenError:
raise NotAuthenticated(**INVALID_REFRESH_TOKEN)
def get_by_id(self, pk, user):
todo = super().get_queryset().get(pk=pk)
if todo.owner == user:
return todo
else:
raise NotAuthenticated()
def get(self, request):
if request.user.is_authenticated():
logout(request)
return Response(status=status.HTTP_200_OK)
else:
raise NotAuthenticated('Please login.')
def get(self, request):
if request.user.is_authenticated:
return Response(UserSerializer(request.user).data)
raise NotAuthenticated('로그인을 먼저 해주세요')
This validation uses a User PAT OR Django's regular User auth.
"""
if auth_header := request.headers.get("Authorization"):
username, _, token = auth_header.partition(":")
user = User.objects.filter(username=username).first()
if user is None:
raise NotAuthenticated("Invalid user")
if not user.has_valid_pat(token):
raise PermissionDenied
return
if request.user.is_anonymous:
raise NotAuthenticated("Invalid user or token")
if not has_permission(
request.user, "release_file_view", project=workspace.project):
raise NotAuthenticated(
f"Invalid user or token for workspace {workspace.name}")
def validate_snapshot_access(request, snapshot):
"""
Validate this request can access this snapshot.
This validation uses Django's regular User auth.
"""
if snapshot.published_at:
return
def get(self, request):
# request.user가 인증 된 상태일 경우, UserSerializer를 사용해 렌더링한 데이터를 보내줌
# 인증되지 않았을 경우 NotAuthenticated Exception을 raise
if request.user.is_authenticated:
return Response(UserSerializer(request.user).data)
raise NotAuthenticated('로그인 되어있지 않습니다')
def post(self, request, *args, **kwargs):
if not IsAuthenticated().has_permission(request, self):
raise NotAuthenticated()
return super(TreeView, self).post(request, *args, **kwargs)
def retrieve(self, request, pk=None):
if request.user and request.user.is_authenticated():
email = self.get_email_by_pk(request, pk)
serializer = EmailSerializer(email)
return Response(serializer.data, {})
raise NotAuthenticated()
def modify(self, request: Request, *args, **kwargs):
pk = request.data.get(self.lookup_url_kwarg or self.lookup_field)
if not request.user or request.user.id != pk: # 只能改自己
raise NotAuthenticated('请先登录要修改信息的账号')
return self.update(request, *args, **kwargs)
def query_user_usage(request):
"""
查询用户流量及使情情况
"""
req_user = request.user
username = request.GET.get('username', None)
start_time = request.GET.get('start', None)
end_time = request.GET.get('end', None)
fmt = '%F'
u = User.objects.none()
try:
u = User.objects.get(username=username)
except User.DoesNotExist:
pass
if not u:
raise NotFound(detail='not fount this user')
if u != req_user and not req_user.is_superuser:
raise NotAuthenticated('permission denied!')
if not start_time or not check_date_format(start_time):
start_time = time.strftime(fmt, time.localtime(time.time() - 86400))
if not end_time or not check_date_format(end_time):
end_time = time.strftime(fmt, time.localtime())
usage_data = []
reg = BucketRegion.objects.all()
for i in reg:
rgw = rgw_client(i.reg_id)
try:
rgw.get_user(uid=req_user.keys.ceph_uid)
except (NoSuchUser, ConnectionError):
continue
# print(start_time, end_time, u.profile.ceph_uid)
def build_usage_data(origin_data):
buff = {}
for bucket in origin_data['entries'][0]['buckets']:
act_time = bucket['time'][:10]
buff[act_time] = {
'get_obj': {
'successful_ops': 0,
'bytes_sent': 0,
},
'put_obj': {
'successful_ops': 0,
'bytes_received': 0,
},
}
for cate in bucket['categories']:
if 'category' in cate and cate['category'] == 'put_obj':
buff[act_time]['put_obj']['successful_ops'] += cate[
'successful_ops']
buff[act_time]['put_obj']['bytes_received'] += cate[
'bytes_received']
if 'category' in cate and cate['category'] == 'get_obj':
buff[act_time]['get_obj']['successful_ops'] += cate[
'successful_ops']
buff[act_time]['get_obj']['bytes_sent'] += cate[
'bytes_sent']
s_key = sorted(buff)
__data = []
for k in s_key:
__tmp = {'data': k}
__tmp.update(buff[k])
__data.append(__tmp)
del __tmp
return __data
data = rgw.get_usage(uid=u.keys.ceph_uid,
start=start_time,
end=end_time,
show_summary=True,
show_entries=True)
usage_data.append({
'region': i.name,
'usage_data': build_usage_data(data),
'summary': data['summary']
})
return Response({'code': 0, 'msg': 'success', 'data': usage_data})
def validate(self, attrs):
attrs['user'] = self.context.get('request').user
if attrs['user'].is_anonymous:
raise NotAuthenticated()
return attrs
def create(self, request, *args, **kwargs):
if not request.user.is_authenticated():
raise NotAuthenticated()
resource_create_request_validator = serializers.ResourceCreateRequestValidator(
data=request.data)
if not resource_create_request_validator.is_valid():
raise ValidationError(
detail=resource_create_request_validator.errors)
validated_request_data = resource_create_request_validator.validated_data
resource_type = validated_request_data['resource_type']
res_title = validated_request_data.get('title', 'Untitled resource')
keywords = validated_request_data.get('keywords', None)
abstract = validated_request_data.get('abstract', None)
metadata = validated_request_data.get('metadata', None)
extra_metadata = validated_request_data.get('extra_metadata', None)
num_files = len(request.FILES)
# TODO: (Couch) reconsider whether multiple file upload should be
# supported when multipart bug fixed.
if num_files > 0:
if num_files > 1:
raise ValidationError(
detail={
'file':
'Multiple file upload is not allowed on '
'resource creation. Add additional files '
'after the resource is created.'
})
# Place files into format expected by hydroshare.utils.resource_pre_create_actions and
# hydroshare.create_resource, i.e. a tuple of
# django.core.files.uploadedfile.TemporaryUploadedFile objects.
files = [
request.FILES['file'],
]
else:
files = []
if metadata is not None:
metadata = json.loads(metadata)
_validate_metadata(metadata)
if extra_metadata is not None:
extra_metadata = json.loads(extra_metadata)
# TODO: validate extra metadata here
try:
_, res_title, metadata, _ = hydroshare.utils.resource_pre_create_actions(
resource_type=resource_type,
resource_title=res_title,
page_redirect_url_key=None,
files=files,
metadata=metadata,
**kwargs)
except Exception as ex:
error_msg = {
'resource': "Resource creation failed. %s" % ex.message
}
raise ValidationError(detail=error_msg)
try:
resource = hydroshare.create_resource(
resource_type=resource_type,
owner=request.user,
title=res_title,
edit_users=validated_request_data.get('edit_users', None),
view_users=validated_request_data.get('view_users', None),
edit_groups=validated_request_data.get('edit_groups', None),
view_groups=validated_request_data.get('view_groups', None),
keywords=keywords,
metadata=metadata,
extra_metadata=extra_metadata,
files=files)
if abstract:
resource.metadata.create_element('description',
abstract=abstract)
except Exception as ex:
error_msg = {
'resource': "Resource creation failed. %s" % ex.message
}
raise ValidationError(detail=error_msg)
post_creation_error_msg = ''
try:
hydroshare.utils.resource_post_create_actions(request=request,
resource=resource,
user=request.user,
metadata=metadata,
**kwargs)
except (hydroshare.utils.ResourceFileValidationException,
Exception) as ex:
post_creation_error_msg = ex.message
response_data = {
'resource_type': resource_type,
'resource_id': resource.short_id,
'message': post_creation_error_msg
}
return Response(data=response_data, status=status.HTTP_201_CREATED)
def GmailLoginView(request):
if request.user and request.user.is_authenticated():
flow.redirect_uri = generate_url_gmail(request)
auth_uri = flow.step1_get_authorize_url()
return redirect(auth_uri)
raise NotAuthenticated()
def get_email_by_pk(self, request, pk):
if self.request.user and self.request.user.is_authenticated():
queryset = Email.objects.filter(created_by=request.user)
email = get_object_or_404(queryset, pk=pk)
return email
raise NotAuthenticated()
def create(self, validated_data):
if (validated_data['sifra_zdravnika'].vrsta_delavca.naziv == "vodja PS"
or validated_data['sifra_zdravnika'].vrsta_delavca.naziv
== "zdravnik"):
if (validated_data['sifra_zdravnika'].vrsta_delavca.naziv ==
"vodja PS"):
if (validated_data['vrsta_obiska'].opis
== "kontrola zdravstvenega stanja"
or validated_data['vrsta_obiska'].opis
== "aplikacija injekcij" or
validated_data['vrsta_obiska'].opis == "odvzem krvi"):
return NotAuthenticated(
detail='Niste prijavljeni kot zdravnik', code=401)
if ('casovni_interval' in validated_data.keys()):
delovniNalog = DelovniNalog(
sifra_zdravnika=validated_data['sifra_zdravnika'],
vrsta_obiska=validated_data['vrsta_obiska'],
datum_prvega_obiska=validated_data['datum_prvega_obiska'],
je_obvezen_datum=validated_data['je_obvezen_datum'],
stevilo_obiskov=validated_data['stevilo_obiskov'],
casovni_interval=validated_data['casovni_interval'],
id_pacienta=validated_data['id_pacienta'])
elif ('casovno_obdobje' in validated_data.keys()):
delovniNalog = DelovniNalog(
sifra_zdravnika=validated_data['sifra_zdravnika'],
vrsta_obiska=validated_data['vrsta_obiska'],
datum_prvega_obiska=validated_data['datum_prvega_obiska'],
je_obvezen_datum=validated_data['je_obvezen_datum'],
stevilo_obiskov=validated_data['stevilo_obiskov'],
casovno_obdobje=validated_data['casovno_obdobje'],
id_pacienta=validated_data['id_pacienta'])
else:
return ParseError()
delovniNalog.save()
#delovniNalog.id_pacienta = validated_data['id_pacienta']
if ('sifra_zdravila' in validated_data.keys()):
delovniNalog.sifra_zdravila = validated_data['sifra_zdravila']
#priredi MS delovnemu nalogu
okolis_pacient = validated_data.pop('id_pacienta').sifra_okolisa
if (okolis_pacient and Delavec.objects.filter(
sifra_okolisa=okolis_pacient)[:1].get()):
sestra = Delavec.objects.filter(
sifra_okolisa=okolis_pacient)[:1].get()
delovniNalog.patronazna_sestra = sestra.uporabnik
delovniNalog.save()
# dodajanje vezanih pacientov
if ('vezani_pacienti' in validated_data.keys()):
delovniNalog.vezani_pacienti = validated_data[
'vezani_pacienti']
delovniNalog.save()
# (Popravljeno) doda material ce je bil poslan
if ('delovninalogmaterial_set' in validated_data.keys()):
# Napisanih je vec materialov, vsak je v OrderedDict
for material in validated_data['delovninalogmaterial_set']:
novi_material = DelovniNalogMaterial(
id_delovni_nalog=delovniNalog,
id_materiala=material['id_materiala'],
kolicina=material['kolicina'])
novi_material.save()
#Kreira zapise o Obisku v bazo
if ('casovno_obdobje' in validated_data.keys()):
self.kreirajObiskObdobje(validated_data['stevilo_obiskov'],
validated_data['datum_prvega_obiska'],
validated_data['casovno_obdobje'],
delovniNalog.patronazna_sestra,
delovniNalog,
validated_data['je_obvezen_datum'])
elif ('casovni_interval' in validated_data.keys()):
self.kreirajObiskInterval(
validated_data['stevilo_obiskov'],
validated_data['datum_prvega_obiska'],
validated_data['casovni_interval'],
delovniNalog.patronazna_sestra, delovniNalog,
validated_data['je_obvezen_datum'])
else:
print('se ni')
return delovniNalog
else:
return NotAuthenticated(detail='Niste prijavljeni kot zdravnik',
code=401)
def has_permission(self, request, view):
if request.auth is None:
raise NotAuthenticated()
return True
def get_object(self):
if isinstance(self.request.user, AnonymousUser):
raise NotAuthenticated()
return self.request.user
def get_key(key, user):
try:
return key.objects.get(owner=user)
except Exception, e:
raise NotAuthenticated()
def get(self, request):
if request.user.is_authenticated:
return Response(UserLoginSerializer(request.user).data)
raise NotAuthenticated('로그인 되어있지 않습니다.')
