def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if isinstance(bundle.obj, Experiment): return has_experiment_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, ExperimentParameterSet): return has_experiment_access( bundle.request, bundle.obj.experiment.id) elif isinstance(bundle.obj, ExperimentParameter): return has_experiment_access( bundle.request, bundle.obj.parameterset.experiment.id) elif isinstance(bundle.obj, Dataset): return has_dataset_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatasetParameterSet): return has_dataset_access(bundle.request, bundle.obj.dataset.id) elif isinstance(bundle.obj, DatasetParameter): return has_dataset_access( bundle.request, bundle.obj.parameterset.dataset.id) elif isinstance(bundle.obj, DataFile): return has_datafile_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatafileParameterSet): return has_datafile_access( bundle.request, bundle.obj.datafile.id) elif isinstance(bundle.obj, DatafileParameter): return has_datafile_access( bundle.request, bundle.obj.parameterset.datafile.id) elif isinstance(bundle.obj, User): # allow all authenticated users to read public user info # the dehydrate function also adds/removes some information authenticated = bundle.request.user.is_authenticated() public_user = bundle.obj.experiment_set.filter( public_access__gt=1).count() > 0 return public_user or authenticated elif isinstance(bundle.obj, Schema): return True elif isinstance(bundle.obj, ParameterName): return True elif isinstance(bundle.obj, StorageBox): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, StorageBoxOption): return bundle.request.user.is_authenticated() and \ bundle.obj.key in StorageBoxOptionResource.accessible_keys elif isinstance(bundle.obj, StorageBoxAttribute): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, Group): return bundle.obj in bundle.request.user.groups.all() elif isinstance(bundle.obj, Facility): return bundle.obj in facilities_managed_by(bundle.request.user) elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return bundle.obj.facility in facilities raise NotImplementedError(type(bundle.obj))
def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if isinstance(bundle.obj, Experiment): return has_experiment_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, ExperimentParameterSet): return has_experiment_access( bundle.request, bundle.obj.experiment.id) elif isinstance(bundle.obj, ExperimentParameter): return has_experiment_access( bundle.request, bundle.obj.parameterset.experiment.id) elif isinstance(bundle.obj, Dataset): return has_dataset_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatasetParameterSet): return has_dataset_access(bundle.request, bundle.obj.dataset.id) elif isinstance(bundle.obj, DatasetParameter): return has_dataset_access( bundle.request, bundle.obj.parameterset.dataset.id) elif isinstance(bundle.obj, DataFile): return has_datafile_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatafileParameterSet): return has_datafile_access( bundle.request, bundle.obj.datafile.id) elif isinstance(bundle.obj, DatafileParameter): return has_datafile_access( bundle.request, bundle.obj.parameterset.datafile.id) elif isinstance(bundle.obj, User): # allow all authenticated users to read public user info # the dehydrate function also adds/removes some information authenticated = bundle.request.user.is_authenticated() public_user = bundle.obj.experiment_set.filter( public_access__gt=1).count() > 0 return public_user or authenticated elif isinstance(bundle.obj, Schema): return True elif isinstance(bundle.obj, ParameterName): return True elif isinstance(bundle.obj, StorageBox): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, StorageBoxOption): return bundle.request.user.is_authenticated() and \ bundle.obj.key in StorageBoxOptionResource.accessible_keys elif isinstance(bundle.obj, StorageBoxAttribute): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, Group): return bundle.obj in bundle.request.user.groups.all() elif isinstance(bundle.obj, Facility): return bundle.obj in facilities_managed_by(bundle.request.user) elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return bundle.obj.facility in facilities raise NotImplementedError(type(bundle.obj))
def load_datafile_image(request, parameter_id): try: parameter = DatafileParameter.objects.get(pk=parameter_id) except DatafileParameter.DoesNotExist: return HttpResponseNotFound() datafile = parameter.parameterset.datafile if authz.has_datafile_access(request, datafile.id): return load_image(request, parameter) return return_response_error(request)
def load_datafile_image(request, parameter_id): try: parameter = DatafileParameter.objects.get(pk=parameter_id) except DatafileParameter.DoesNotExist: return HttpResponseNotFound() datafile = parameter.parameterset.datafile if authz.has_datafile_access(request, datafile.id): return load_image(request, parameter) return return_response_error(request)
def unhide_objects(request): expid = request.POST['expid'] datasets = [] if 'dataset' in request.POST: datasets = request.POST.getlist('dataset') for dataset in datasets: Dataset_Hidden.objects.filter(dataset=dataset).update(hidden=False) for datafile in Dataset_File.objects.filter(dataset=dataset): if authz.has_datafile_access(request, datafile.id): Datafile_Hidden.objects.filter(datafile=datafile.id).update(hidden=False) if 'datafile' in request.POST: datafiles = request.POST.getlist('datafile') for datafile in datafiles: datafile = Dataset_File.objects.get(pk=datafile) if datafile.dataset.id in datasets: continue if authz.has_datafile_access(request, datafile.id): Datafile_Hidden.objects.filter(datafile=datafile.id).update(hidden=False) return HttpResponseRedirect(reverse('tardis.tardis_portal.views.view_experiment', args=(expid,)))
def display_datafile_image( request, datafile_id, parameterset_id, parameter_name): # TODO handle not exist if not authz.has_datafile_access(request, datafile_id): return return_response_error(request) image = DatafileParameter.objects.get(name__name=parameter_name, parameterset=parameterset_id) return HttpResponse(b64decode(image.string_value), content_type='image/jpeg')
def display_datafile_image(request, datafile_id, parameterset_id, parameter_name): # TODO handle not exist if not authz.has_datafile_access(request, datafile_id): return return_response_error(request) image = DatafileParameter.objects.get(name__name=parameter_name, parameterset=parameterset_id) return HttpResponse(b64decode(image.string_value), content_type='image/jpeg')
def read_detail(self, object_list, bundle): if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if type(bundle.obj) == Experiment: return has_experiment_access(bundle.request, bundle.obj.id) elif type(bundle.obj) == ExperimentParameterSet: return has_experiment_access( bundle.request, bundle.obj.experiment.id) elif type(bundle.obj) == ExperimentParameter: return has_experiment_access( bundle.request, bundle.obj.parameterset.experiment.id) elif type(bundle.obj) == Dataset: return has_dataset_access(bundle.request, bundle.obj.id) elif type(bundle.obj) == DatasetParameterSet: return has_dataset_access(bundle.request, bundle.obj.dataset.id) elif type(bundle.obj) == DatasetParameter: return has_dataset_access( bundle.request, bundle.obj.parameterset.dataset.id) elif type(bundle.obj) == Dataset_File: return has_datafile_access(bundle.request, bundle.obj.id) elif type(bundle.obj) == DatafileParameterSet: return has_datafile_access( bundle.request, bundle.obj.dataset_file.id) elif type(bundle.obj) == DatafileParameter: return has_datafile_access( bundle.request, bundle.obj.parameterset.dataset_file.id) elif type(bundle.obj) == User: # allow all authenticated users to read user list return bundle.request.user.is_authenticated() elif type(bundle.obj) == Schema: return bundle.request.user.is_authenticated() elif type(bundle.obj) == ParameterName: return bundle.request.user.is_authenticated() elif type(bundle.obj) == Location: return bundle.request.user.is_authenticated() raise NotImplementedError(type(bundle.obj))
def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager elif isinstance(bundle.obj, UploaderRegistrationRequest): return is_facility_manager elif isinstance(bundle.obj, DataFileObject): return has_datafile_access(bundle.request, bundle.obj.datafile.id) return super(ACLAuthorization, self).read_detail(object_list, bundle)
def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager elif isinstance(bundle.obj, UploaderRegistrationRequest): return is_facility_manager elif isinstance(bundle.obj, DataFileObject): return has_datafile_access(bundle.request, bundle.obj.datafile.id) return super(ACLAuthorization, self).read_detail(object_list, bundle)