def read(self, request, path, name): # Protect the resources from not authorized downloads if path.startswith('assets'): err_code, err_msg = self._validate_asset_permissions( request.user, path, name) elif path.startswith('bills'): err_code, err_msg = self._validate_invoice_permissions( request.user, name) else: err_code, err_msg = 404, 'Resource not found' local_path = os.path.join(path, name) if err_code is None and not os.path.isfile( os.path.join(settings.MEDIA_ROOT, local_path)): err_code, err_msg = 404, 'Resource not found' if err_code is not None: response = build_response(request, err_code, err_msg) elif not getattr(settings, 'USE_XSENDFILE', False): response = serve(request, local_path, document_root=settings.MEDIA_ROOT) else: response = HttpResponse() response['X-Sendfile'] = smart_str(local_path) return response
def create(self, request): # Get user info try: data = json.loads(request.raw_post_data) if not 'username' in data or not 'message' in data: raise Exception('') except: return build_response(request, 400, 'Invalid Json content') try: user = User.objects.get(username=data['username']) except: return build_response(request, 400, 'Invalid user') try: # Send email fromaddr = settings.WSTOREMAIL toaddrs = settings.WSTOREPROVIDERREQUEST msg = 'Subject: Provider request: ' + user.username + '\n' msg += user.userprofile.complete_name + '\n' msg += data['message'] # Credentials (if needed) username = settings.WSTOREMAILUSER password = settings.WSTOREMAILPASS # The mail is sent server = smtplib.SMTP('smtp.gmail.com:587') server.starttls() server.login(username, password) server.sendmail(fromaddr, toaddrs, msg) server.quit() except: return build_response(request, 400, 'Problem sending the email') user.userprofile.provider_requested = True user.userprofile.save() return build_response(request, 200, 'OK')
def home_details(request, org, name, version): context = _load_home_context(request) context['loader'] = 'details' try: owner_org = Organization.objects.get(name=org) offering = Offering.objects.get(owner_organization=owner_org, name=name, version=version) offering_info = get_offering_info(offering, request.user) except: return build_response(request, 404, 'Not found') context['info'] = mark_safe(json.dumps(offering_info)) return render(request, 'index.html', context)
def admin(request): if request.user.is_staff: context = {'oil': settings.OILAUTH, 'portal': settings.PORTALINSTANCE} # Include Portals URLs if needed if settings.PORTALINSTANCE: context['main'] = MAIN_PORTAL_URL context['cloud'] = CLOUD_PORTAL_URL context['mashup'] = MASHUP_PORTAL_URL context['account'] = ACCOUNT_PORTAL_URL context['data'] = DATA_PORTAL_URL return render(request, 'admin/admin.html', context) else: return build_response(request, 403, 'Forbidden')
def admin(request): if request.user.is_staff: context = { 'oil': settings.OILAUTH, 'portal': settings.PORTALINSTANCE } # Include Portals URLs if needed if settings.PORTALINSTANCE: context['main'] = MAIN_PORTAL_URL context['cloud'] = CLOUD_PORTAL_URL context['mashup'] = MASHUP_PORTAL_URL context['account'] = ACCOUNT_PORTAL_URL return render(request, 'admin/admin.html', context) else: return build_response(request, 403, 'Forbidden')
def organization(request): if not settings.OILAUTH: profile = UserProfile.objects.get(user=request.user) context = { 'roles': profile.get_current_roles(), 'organization': profile.current_organization.name, 'oil': settings.OILAUTH, 'portal': settings.PORTALINSTANCE } # Include Portals URLs if needed if settings.PORTALINSTANCE: context['main'] = MAIN_PORTAL_URL context['cloud'] = CLOUD_PORTAL_URL context['mashup'] = MASHUP_PORTAL_URL context['account'] = ACCOUNT_PORTAL_URL context['data'] = DATA_PORTAL_URL return render(request, 'organizations/organization_template.html', context) else: return build_response(request, 403, 'This view is not enabled with iDM auth')
def read(self, request, path, name): # Protect the resources from not authorized downloads if path.startswith('assets'): err_code, err_msg = self._validate_asset_permissions(request.user, path, name) elif path.startswith('bills'): err_code, err_msg = self._validate_invoice_permissions(request.user, name) else: err_code, err_msg = 404, 'Resource not found' local_path = os.path.join(path, name) if err_code is None and not os.path.isfile(os.path.join(settings.MEDIA_ROOT, local_path)): err_code, err_msg = 404, 'Resource not found' if err_code is not None: response = build_response(request, err_code, err_msg) elif not getattr(settings, 'USE_XSENDFILE', False): response = serve(request, local_path, document_root=settings.MEDIA_ROOT) else: response = HttpResponse() response['X-Sendfile'] = smart_str(local_path) return response
def read(self, request, path, name): if request.method != 'GET': return build_response(request, 415, 'Method not supported') dir_path = os.path.join(settings.MEDIA_ROOT, path) # Protect the resources from not authorized downloads if dir_path.endswith('resources'): if request.user.is_anonymous(): return build_response(request, 401, 'Unauthorized') # Check if the request user has access to the resource splited_name = name.split('__') prov = Organization.objects.get(name=splited_name[0]) resource = Resource.objects.get(provider=prov, name=splited_name[1], version=splited_name[2]) if not resource.open: user_profile = UserProfile.objects.get(user=request.user) found = False # Check if the user has purchased an offering with the resource # only if the offering is not open for off in user_profile.offerings_purchased: o = Offering.objects.get(pk=off) for res in o.resources: if str(res) == resource.pk: found = True break if found: break if not found: # Check if the user organization has an offering with the resource for off in user_profile.current_organization.offerings_purchased: o = Offering.objects.get(pk=off) for res in o.resources: if str(res) == resource.pk: found = True break if found: break if not found: return build_response(request, 404, 'Not found') if dir_path.endswith('bills'): if request.user.is_anonymous(): return build_response(request, 401, 'Unauthorized') user_profile = UserProfile.objects.get(user=request.user) purchase = Purchase.objects.get(ref=name[:24]) if purchase.organization_owned: user_org = user_profile.current_organization if not purchase.owner_organization.name == user_org.name: return build_response(request, 404, 'Not found') else: if not purchase.customer == request.user: return build_response(request, 404, 'Not found') local_path = os.path.join(dir_path, name) if not os.path.isfile(local_path): return build_response(request, 404, 'Not found') if not getattr(settings, 'USE_XSENDFILE', False): return serve(request, local_path, document_root='/') else: response = HttpResponse() response['X-Sendfile'] = smart_str(local_path) return response
def read(self, request, path, name): if request.method != 'GET': return build_response(request, 415, 'Method not supported') dir_path = os.path.join(settings.MEDIA_ROOT, path) # Protect the resources from not authorized downloads if dir_path.endswith('resources') : if request.user.is_anonymous(): return build_response(request, 401, 'Unauthorized') # Check if the request user has access to the resource splited_name = name.split('__') prov = Organization.objects.get(name=splited_name[0]) resource = Resource.objects.get(provider=prov, name=splited_name[1], version=splited_name[2]) if not resource.open: user_profile = UserProfile.objects.get(user=request.user) found = False # Check if the user has purchased an offering with the resource # only if the offering is not open for off in user_profile.offerings_purchased: o = Offering.objects.get(pk=off) for res in o.resources: if str(res) == resource.pk: found = True break if found: break if not found: # Check if the user organization has an offering with the resource for off in user_profile.current_organization.offerings_purchased: o = Offering.objects.get(pk=off) for res in o.resources: if str(res) == resource.pk: found = True break if found: break if not found: return build_response(request, 404, 'Not found') if dir_path.endswith('bills'): if request.user.is_anonymous(): return build_response(request, 401, 'Unauthorized') user_profile = UserProfile.objects.get(user=request.user) purchase = Purchase.objects.get(ref=name[:24]) if purchase.organization_owned: user_org = user_profile.current_organization if not purchase.owner_organization.name == user_org.name: return build_response(request, 404, 'Not found') else: if not purchase.customer == request.user: return build_response(request, 404, 'Not found') local_path = os.path.join(dir_path, name) if not os.path.isfile(local_path): return build_response(request, 404, 'Not found') if not getattr(settings, 'USE_XSENDFILE', False): return serve(request, local_path, document_root='/') else: response = HttpResponse() response['X-Sendfile'] = smart_str(local_path) return response