def list_(request, username): """View for listing claim, both those with you being the requester and the reviewer. The ``username`` parameter is actually superfluous because it must be the currently logged-in user anyway. But this way, it is more consistent and more RESTful. :param request: the current HTTP Request object :param username: the name of the user whose claims will be listed; it must be the currently logged-in user :type request: HttpRequest :type username: unicode :return: the HTTP response object :rtype: HttpResponse """ user = get_object_or_404(django.contrib.auth.models.User, username=username) if user != request.user and not user.is_staff: raise permissions.PermissionError( request.user, _("You are not allowed to see claims of another user.")) return render( request, "samples/list_claims.html", { "title": _("Claims for {user}").format(user=get_really_full_name(user)), "claims": user.claims.filter(closed=False), "claims_as_reviewer": user.claims_as_reviewer.filter(closed=False) })
def edit(request, username): """View for doing various things with the samples listed under “My Samples”. For example, copying them to the “My Samples” list of another user, or simply removing them from the list. Note that there are two different user variables in this view and its associated functions. ``current_user`` is the same as ``request.user``. Thus, it is the currently logged-in user. However, ``user`` is the user whose “My Samples” are to be processed. Almost always both are the same, especially because you are not allowed to see or change the “My Samples” of another user. However, staff users *are* allowed to change them, so then both are different. :param request: the current HTTP Request object :param username: the login name of the user whose “My Samples” should be changed :type request: HttpRequest :type username: unicode :return: the HTTP response object :rtype: HttpResponse """ user = get_object_or_404(django.contrib.auth.models.User, username=username) if not request.user.is_superuser and request.user != user: raise permissions.PermissionError( request.user, _("You can't access the “My Samples” section of another user.")) if request.method == "POST": my_samples_form = MySamplesForm(user, request.POST) action_form = ActionForm(user, request.POST) referentially_valid = is_referentially_valid(request.user, my_samples_form, action_form) if my_samples_form.is_valid() and action_form.is_valid( ) and referentially_valid: save_to_database(user, my_samples_form, action_form) return utils.successful_response( request, _("Successfully processed “My Samples”.")) else: if is_json_requested(request): return respond_in_json( request.user.my_samples.values_list("id", flat=True)) my_samples_form = MySamplesForm(user) action_form = ActionForm(user) return render( request, "samples/edit_my_samples.html", { "title": _("Manage “My Samples” of {user_name}").format( user_name=get_really_full_name(user)), "my_samples": my_samples_form, "action": action_form })
def topics_and_permissions(request, login_name): user = get_object_or_404(django.contrib.auth.models.User, username=login_name) if not request.user.is_staff and request.user != user: raise permissions.PermissionError( request.user, _("You can't access the list of topics and permissions of another user.")) return render(request, "samples/topics_and_permissions.html", {"title": _("Topics and permissions for {user_name}").format(user_name=get_really_full_name(request.user)), "topics": user.topics.all(), "managed_topics": user.managed_topics.all(), "permissions": permissions.get_user_permissions(user), "full_user_name": get_really_full_name(request.user), "permissions_url": django.core.urlresolvers.reverse("samples.views.permissions.list_")})
def topics_and_permissions(request, login_name): user = get_object_or_404(django.contrib.auth.models.User, username=login_name) if not request.user.is_superuser and request.user != user: raise permissions.PermissionError( request.user, _("You can't access the list of topics and permissions of another user.")) if jb_common_utils.is_json_requested(request): return jb_common_utils.respond_in_json((user.topics.values_list("pk", flat=True), user.managed_topics.values_list("pk", flat=True), user.get_all_permissions())) return render(request, "samples/topics_and_permissions.html", {"title": _("Topics and permissions for {user_name}").format(user_name=get_really_full_name(request.user)), "topics": user.topics.all(), "managed_topics": user.managed_topics.all(), "permissions": permissions.get_user_permissions(user), "full_user_name": get_really_full_name(request.user), "permissions_url": django.core.urlresolvers.reverse("samples:list_permissions")})
def add(request): """View for adding a new topic. This action is only allowed to the heads of institute groups. The name of topics may contain arbitrary characters. :param request: the current HTTP Request object :type request: HttpRequest :return: the HTTP response object :rtype: HttpResponse """ permissions.assert_can_edit_users_topics(request.user) if not request.user.jb_user_details.department: if request.user.is_superuser: return HttpResponseSeeOther("/admin/jb_common/topic/add/") else: raise permissions.PermissionError(request.user, _("You cannot add topics here because you are not in any department.")) if request.method == "POST": new_topic_form = NewTopicForm(request.user, request.POST) if new_topic_form.is_valid(): parent_topic = new_topic_form.cleaned_data.get("parent_topic", None) new_topic = Topic(name=new_topic_form.cleaned_data["new_topic_name"], confidential=new_topic_form.cleaned_data["confidential"], department=request.user.jb_user_details.department, manager=new_topic_form.cleaned_data["topic_manager"]) new_topic.save() if parent_topic: new_topic.parent_topic = parent_topic new_topic.confidential = parent_topic.confidential new_topic.save() next_view = None next_view_kwargs = {} else: next_view = "samples.views.topic.edit" next_view_kwargs = {"id": django.utils.http.urlquote(new_topic.id, safe="")} new_topic.manager.user_permissions.add(PermissionsModels.topic_manager_permission) request.user.topics.add(new_topic) request.user.samples_user_details.auto_addition_topics.add(new_topic) return utils.successful_response( request, _("Topic {name} was successfully created.").format(name=new_topic.name), next_view, kwargs=next_view_kwargs) else: new_topic_form = NewTopicForm(request.user) return render(request, "samples/add_topic.html", {"title": _("Add new topic"), "new_topic": new_topic_form})
def remove(request, task_id): """Deletes a task from the database. :Paramerters: :param request: the current HTTP Request object :param task_id: the id from the task, which has to be deleted :return: the HTTP response object :rtype: HttpResponse """ task = get_object_or_404(Task, id=utils.convert_id_to_int(task_id)) if task.customer != request.user: raise permissions.PermissionError( request.user, _("You are not the customer of this task.")) utils.Reporter(request.user).report_removed_task(task) task.delete() return utils.successful_response(request, _("The task was successfully removed."), "samples:show_task_lists")
def edit(request, login_name): """View for editing the “My Layers”. :param request: the current HTTP Request object :param login_name: the login name of the user whose “My Layers” should be changed :type request: HttpRequest :type login_name: unicode :return: the HTTP response object :rtype: HttpResponse """ user = get_object_or_404(django.contrib.auth.models.User, username=login_name) if not request.user.is_superuser and request.user != user: raise permissions.PermissionError( request.user, _("You can't access the “My Layers” section of another user.")) if request.method == "POST": my_layer_forms, structure_changed = forms_from_post_data(request.POST) all_valid = all( [my_layer_form.is_valid() for my_layer_form in my_layer_forms]) referentially_valid = is_referentially_valid(my_layer_forms) if all_valid and referentially_valid and not structure_changed: result = save_to_database(my_layer_forms, user) return utils.successful_response(request, result) elif all_valid and referentially_valid and structure_changed: messages.error(request, _("Changes are not saved yet.")) else: my_layer_forms = forms_from_database(user) my_layer_forms.append(MyLayerForm(prefix=str(len(my_layer_forms)))) return render(request, "samples/edit_my_layers.html", { "title": _("My Layers"), "my_layers": my_layer_forms })
def available_items(request, model_name): """Returns the unique ids of all items that are already in the database for this model. The point is that it will return primary keys only as a fallback. Instead, it returns the “official” id of the respective model, represented by the `JBMeta.identifying_field` attribute, if given. This may be the number of a deposition, or the number of a measurement run, etc. :param request: the current HTTP Request object :param model_name: the name of the database model :type request: HttpRequest :type model_name: unicode :return: The HTTP response object. It is a JSON list object with all the ids of the objects in the database for the model. :rtype: HttpResponse """ if not request.user.is_staff: raise permissions.PermissionError( request.user, _("Only the administrator can access this resource.")) # FixMe: This must be revisited; it is ugly. for app_name in settings.INSTALLED_APPS: try: model = sys.modules[app_name + ".models"].__dict__[model_name] except KeyError: continue break else: raise Http404("Model name not found.") try: pk = model.JBMeta.identifying_field except AttributeError: pk = "pk" return respond_in_json(list(model.objects.values_list(pk, flat=True)))
def add_oldstyle(request, username): """View for adding a new claim to old-style sample names. This is a nice example of a view of the app “samples” which is *extended* in the institute app. The template – in this case, :file:`institute/templates/samples/list_claims.html` – overrides and extends the default one, and adds a link to a URL listed in institute's URLconf and pointing to this view function. The important step is the template. This is the hook for your extensions. You override the template from “samples” by creating a file called the same in :file:`institute/templates/samples/`. Because ``TEMPLATE_DIRS`` and ``TEMPLATE_LOADERS`` are defined as recommended in :doc:`/programming/settings`, it shadows its counterpart. By giving the full path, you can still access the original. Thus, you may start your template with :: {% extends "samples/templates/samples/list_claims.html" %} in order to extend it. The `username` parameter of this view function is actually superfluous because it must be the currently logged-in user anyway. But this way, we don't get into trouble if a user happens to be called ``"add"``. Additionally, the URLs become RESTful. :param request: the current HTTP Request object :param username: the name of the user whose claim this will be; it must be the currently logged-in user :type request: HttpRequest :type username: unicode :return: the HTTP response object :rtype: HttpResponse """ _ = ugettext user = get_object_or_404(django.contrib.auth.models.User, username=username) if user != request.user: raise permissions.PermissionError( request.user, _("You are not allowed to add a claim in another user's name.")) if request.method == "POST": samples_form = SamplesForm(request.POST) substrate_form = SubstrateForm(request.POST) reviewer_form = ReviewerForm(request.POST) if samples_form.is_valid() and substrate_form.is_valid( ) and reviewer_form.is_valid(): reviewer = reviewer_form.cleaned_data["reviewer"] claim = SampleClaim(requester=user, reviewer=reviewer) claim.save() _ = lambda x: x send_email( _("Sample request from {requester}"), _("""Hello {reviewer}, {requester} wants to become the new “currently responsible person” of one or more samples. Please visit {url} for reviewing this request. If you don't want or cannot approve the request, please contact {requester} directly and ask him or her to withdraw the request. JuliaBase. """), reviewer, { "reviewer": get_really_full_name(reviewer), "requester": get_really_full_name(user), "url": request.build_absolute_uri( django.core.urlresolvers.reverse( "samples.views.claim.show", kwargs={"claim_id": claim.pk})) }) _ = ugettext samples = [] nobody = django.contrib.auth.models.User.objects.get( username="******") legacy = Topic.objects.get(name="Legacy") now = datetime.datetime.now() material, substrate_comments = substrate_form.cleaned_data[ "material"], substrate_form.cleaned_data["comments"] for name in samples_form.cleaned_data["samples"]: substrate = models.Substrate(operator=nobody, timestamp=now, material=material, comments=substrate_comments) substrate.save() sample = Sample(name=name, current_location="unknown", currently_responsible_person=nobody, topic=legacy) sample.save() sample.processes.add(substrate) samples.append(sample) claim.samples = samples return utils.successful_response( request, _("Sample claim {id_} was successfully submitted.").format( id_=claim.pk), "samples.views.claim.show", kwargs={"claim_id": claim.pk}) else: samples_form = SamplesForm() substrate_form = SubstrateForm() reviewer_form = ReviewerForm() return render( request, "samples/add_claim_oldstyle.html", { "title": _("Assert claim"), "samples": samples_form, "substrate": substrate_form, "reviewer": reviewer_form })
def edit_preferences(request, login_name): """View for editing preferences of a user. Note that by giving the ``login_name`` explicitly, it is possible to edit the preferences of another user. However, this is only allowed to staff. The main reason for this explicitness is to be more “RESTful”. You can't switch the prefered language here because there are the flags anyway. Moreover, for good reason, you can't change your real name here. This is taken automatically from the domain database through LDAP. I want to give as few options as possible in order to avoid misbehaviour. :param request: the current HTTP Request object :param login_name: the login name of the user who's preferences should be edited. :type request: HttpRequest :type login_name: unicode :return: the HTTP response object :rtype: HttpResponse """ def __change_folded_processes(default_folded_process_classes, user): """Creates the new exceptional processes dictionary and saves it into the user details. """ old_default_classes = set(cls.id for cls in ContentType.objects.filter(dont_show_to_user=user.samples_user_details)) new_default_classes = set(int(class_id) for class_id in default_folded_process_classes if class_id) differences = old_default_classes ^ new_default_classes exceptional_processes_dict = json.loads(user.samples_user_details.folded_processes) for process_id_list in exceptional_processes_dict.values(): for process_id in copy.copy(process_id_list): try: if models.Process.objects.get(pk=process_id).content_type.id in differences: process_id_list.remove(process_id) except models.Process.DoesNotExist: # FixMe: the missing process should be removed from the exceptional_processes_dict pass user.samples_user_details.folded_processes = json.dumps(exceptional_processes_dict) user.samples_user_details.save() user = get_object_or_404(django.contrib.auth.models.User, username=login_name) if not request.user.is_superuser and request.user != user: raise permissions.PermissionError(request.user, _("You can't access the preferences of another user.")) initials_mandatory = request.GET.get("initials_mandatory") == "True" user_details = user.samples_user_details if request.method == "POST": user_details_form = UserDetailsForm(user, request.POST, instance=user_details) initials_form = utils.InitialsForm(user, initials_mandatory, request.POST) if user_details_form.is_valid() and initials_form.is_valid(): __change_folded_processes(user_details_form.cleaned_data["default_folded_process_classes"], user) user_details = user_details_form.save(commit=False) user_details.show_users_from_departments = Department.objects.filter(id__in= user_details_form.cleaned_data["show_users_from_departments"]) user_details.default_folded_process_classes = [ContentType.objects.get_for_id(int(id_)) for id_ in user_details_form.cleaned_data["default_folded_process_classes"]] user_details.save() initials_form.save() return utils.successful_response(request, _("The preferences were successfully updated.")) else: user_details_form = UserDetailsForm(user, instance=user_details) initials_form = utils.InitialsForm(user, initials_mandatory) return render(request, "samples/edit_preferences.html", {"title": _("Change preferences for {user_name}").format(user_name=get_really_full_name(request.user)), "user_details": user_details_form, "initials": initials_form, "has_topics": user.topics.exists()})
def add(request, username): """View for adding a new claim. The ``username`` parameter is actually superfluous because it must be the currently logged-in user anyway. But this way, we don't get into trouble if a user happens to be called ``"add"``. Additionally, the URLs become RESTful. :param request: the current HTTP Request object :param username: the name of the user whose claim this will be; it must be the currently logged-in user :type request: HttpRequest :type username: unicode :return: the HTTP response object :rtype: HttpResponse """ _ = ugettext user = get_object_or_404(django.contrib.auth.models.User, username=username) if user != request.user: raise permissions.PermissionError( request.user, _("You are not allowed to add a claim in another user's name.")) if request.method == "POST": samples_form = SamplesForm(user, request.POST) reviewer_form = ReviewerForm(request.POST) if samples_form.is_valid() and reviewer_form.is_valid(): reviewer = reviewer_form.cleaned_data["reviewer"] claim = models.SampleClaim(requester=user, reviewer=reviewer) claim.save() _ = lambda x: x send_email( _("Sample request from {requester}"), _("""Hello {reviewer}, {requester} wants to become the new “currently responsible person” of one or more samples. Please visit {url} for reviewing this request. If you don't want or cannot approve the request, please contact {requester} directly and ask him or her to withdraw the request. JuliaBase. """), reviewer, { "reviewer": get_really_full_name(reviewer), "requester": get_really_full_name(user), "url": request.build_absolute_uri( django.core.urlresolvers.reverse( show, kwargs={"claim_id": claim.pk})) }) _ = ugettext claim.samples = samples_form.cleaned_data["samples"] return utils.successful_response( request, _("Sample claim {id_} was successfully submitted.").format( id_=claim.pk), show, kwargs={"claim_id": claim.pk}) else: samples_form = SamplesForm(user) reviewer_form = ReviewerForm() return render( request, "samples/add_claim.html", { "title": _("Assert claim"), "samples": samples_form, "reviewer": reviewer_form })
def show(request, claim_id): """View for reviewing a claim. :param request: the current HTTP Request object :param claim_id: the primary key of the claim to be viewed :type request: HttpRequest :type claim_id: unicode :return: the HTTP response object :rtype: HttpResponse """ _ = ugettext claim = get_object_or_404(models.SampleClaim, pk=utils.convert_id_to_int(claim_id)) is_reviewer = request.user == claim.reviewer or request.user.is_staff is_requester = request.user == claim.requester if not is_reviewer and not is_requester: raise permissions.PermissionError( request.user, _("You are neither the requester nor the reviewer of this claim.")) if request.method == "POST" and not claim.closed: withdraw_form = CloseForm(_("withdraw claim"), request.POST, prefix="withdraw") if is_requester else None approve_form = CloseForm(_("approve claim"), request.POST, prefix="approve") if is_reviewer else None all_valid = (withdraw_form is None or withdraw_form.is_valid()) and ( approve_form is None or approve_form.is_valid()) referencially_valid = is_referentially_valid(withdraw_form, approve_form) if all_valid and referencially_valid: approved = approve_form and approve_form.cleaned_data["close"] closed = approved or (withdraw_form and withdraw_form.cleaned_data["close"]) response = None if approved: sample_list = list(claim.samples.all()) for sample in sample_list: sample.currently_responsible_person = claim.requester sample.save() sample_enumeration = " " + ",\n ".join( six.text_type(sample) for sample in sample_list) _ = lambda x: x send_email( _("Sample request approved"), _("""Hello {requester}, your sample claim was approved. You are now the “currently responsible person” of the following samples: {samples} JuliaBase. """), claim.requester, { "requester": get_really_full_name(claim.requester), "samples": sample_enumeration }) _ = ugettext response = \ utils.successful_response(request, _("Sample claim {id_} was successfully approved.").format(id_=claim.pk)) if closed: claim.closed = True claim.save() response = response or \ utils.successful_response(request, _("Sample claim {id_} was successfully withdrawn.").format(id_=claim.pk)) return response else: withdraw_form = CloseForm(_("withdraw claim"), prefix="withdraw") if is_requester else None approve_form = CloseForm(_("approve claim"), prefix="approve") if is_reviewer else None return render( request, "samples/show_claim.html", { "title": _("Claim #{number}").format(number=claim_id), "claim": claim, "is_reviewer": is_reviewer, "is_requester": is_requester, "withdraw": withdraw_form, "approve": approve_form })