def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if isinstance(bundle.obj, Experiment): return has_experiment_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, ExperimentParameterSet): return has_experiment_access( bundle.request, bundle.obj.experiment.id) elif isinstance(bundle.obj, ExperimentParameter): return has_experiment_access( bundle.request, bundle.obj.parameterset.experiment.id) elif isinstance(bundle.obj, Dataset): return has_dataset_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatasetParameterSet): return has_dataset_access(bundle.request, bundle.obj.dataset.id) elif isinstance(bundle.obj, DatasetParameter): return has_dataset_access( bundle.request, bundle.obj.parameterset.dataset.id) elif isinstance(bundle.obj, DataFile): return has_datafile_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatafileParameterSet): return has_datafile_access( bundle.request, bundle.obj.datafile.id) elif isinstance(bundle.obj, DatafileParameter): return has_datafile_access( bundle.request, bundle.obj.parameterset.datafile.id) elif isinstance(bundle.obj, User): # allow all authenticated users to read public user info # the dehydrate function also adds/removes some information authenticated = bundle.request.user.is_authenticated() public_user = bundle.obj.experiment_set.filter( public_access__gt=1).count() > 0 return public_user or authenticated elif isinstance(bundle.obj, Schema): return True elif isinstance(bundle.obj, ParameterName): return True elif isinstance(bundle.obj, StorageBox): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, StorageBoxOption): return bundle.request.user.is_authenticated() and \ bundle.obj.key in StorageBoxOptionResource.accessible_keys elif isinstance(bundle.obj, StorageBoxAttribute): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, Group): return bundle.obj in bundle.request.user.groups.all() elif isinstance(bundle.obj, Facility): return bundle.obj in facilities_managed_by(bundle.request.user) elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return bundle.obj.facility in facilities raise NotImplementedError(type(bundle.obj))
def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if isinstance(bundle.obj, Experiment): return has_experiment_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, ExperimentParameterSet): return has_experiment_access( bundle.request, bundle.obj.experiment.id) elif isinstance(bundle.obj, ExperimentParameter): return has_experiment_access( bundle.request, bundle.obj.parameterset.experiment.id) elif isinstance(bundle.obj, Dataset): return has_dataset_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatasetParameterSet): return has_dataset_access(bundle.request, bundle.obj.dataset.id) elif isinstance(bundle.obj, DatasetParameter): return has_dataset_access( bundle.request, bundle.obj.parameterset.dataset.id) elif isinstance(bundle.obj, DataFile): return has_datafile_access(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, DatafileParameterSet): return has_datafile_access( bundle.request, bundle.obj.datafile.id) elif isinstance(bundle.obj, DatafileParameter): return has_datafile_access( bundle.request, bundle.obj.parameterset.datafile.id) elif isinstance(bundle.obj, User): # allow all authenticated users to read public user info # the dehydrate function also adds/removes some information authenticated = bundle.request.user.is_authenticated() public_user = bundle.obj.experiment_set.filter( public_access__gt=1).count() > 0 return public_user or authenticated elif isinstance(bundle.obj, Schema): return True elif isinstance(bundle.obj, ParameterName): return True elif isinstance(bundle.obj, StorageBox): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, StorageBoxOption): return bundle.request.user.is_authenticated() and \ bundle.obj.key in StorageBoxOptionResource.accessible_keys elif isinstance(bundle.obj, StorageBoxAttribute): return bundle.request.user.is_authenticated() elif isinstance(bundle.obj, Group): return bundle.obj in bundle.request.user.groups.all() elif isinstance(bundle.obj, Facility): return bundle.obj in facilities_managed_by(bundle.request.user) elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return bundle.obj.facility in facilities raise NotImplementedError(type(bundle.obj))
def facility_overview_facilities_list(request): ''' json list of facilities managed by the current user ''' facility_data = [] for facility in facilities_managed_by(request.user): facility_data.append({"id": facility.id, "name": facility.name}) return HttpResponse(json.dumps(facility_data), content_type='application/json')
def facility_overview_facilities_list(request): ''' json list of facilities managed by the current user ''' facility_data = [] for facility in facilities_managed_by(request.user): facility_data.append({"id": facility.id, "name": facility.name}) return HttpResponse(json.dumps(facility_data), content_type='application/json')
def create_detail(self, object_list, bundle): authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager elif isinstance(bundle.obj, UploaderRegistrationRequest): return is_facility_manager elif isinstance(bundle.obj, UploaderSetting): return is_facility_manager return super(ACLAuthorization, self).create_detail(object_list, bundle)
def create_detail(self, object_list, bundle): authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager elif isinstance(bundle.obj, UploaderRegistrationRequest): return is_facility_manager elif isinstance(bundle.obj, UploaderSetting): return is_facility_manager return super(ACLAuthorization, self).create_detail(object_list, bundle)
def update_detail(self, object_list, bundle): ''' Uploaders should only be able to update the uploader record whose UUID matches theirs (if it exists). ''' authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager and \ bundle.data['uuid'] == bundle.obj.uuid elif isinstance(bundle.obj, UploaderSetting): return is_facility_manager return super(ACLAuthorization, self).update_detail(object_list, bundle)
def update_detail(self, object_list, bundle): ''' Uploaders should only be able to update the uploader record whose UUID matches theirs (if it exists). ''' authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager and \ bundle.data['uuid'] == bundle.obj.uuid elif isinstance(bundle.obj, UploaderSetting): return is_facility_manager return super(ACLAuthorization, self).update_detail(object_list, bundle)
def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager elif isinstance(bundle.obj, UploaderRegistrationRequest): return is_facility_manager elif isinstance(bundle.obj, DataFileObject): return has_datafile_access(bundle.request, bundle.obj.datafile.id) return super(ACLAuthorization, self).read_detail(object_list, bundle)
def read_list(self, object_list, bundle): # noqa # too complex authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): if is_facility_manager: return object_list return [] elif isinstance(bundle.obj, UploaderRegistrationRequest): if is_facility_manager: return object_list return [] else: return super(ACLAuthorization, self).read_list(object_list, bundle)
def read_detail(self, object_list, bundle): # noqa # too complex if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): return is_facility_manager elif isinstance(bundle.obj, UploaderRegistrationRequest): return is_facility_manager elif isinstance(bundle.obj, DataFileObject): return has_datafile_access(bundle.request, bundle.obj.datafile.id) return super(ACLAuthorization, self).read_detail(object_list, bundle)
def dehydrate(self, bundle): ''' use cases: public user: anonymous: name, uri, email, id authenticated: other user: name, uri, email, id [, username if facility manager] same user: name, uri, email, id, username private user: anonymous: none authenticated: other user: name, uri, id [, username, email if facility manager] same user: name, uri, email, id, username ''' authuser = bundle.request.user authenticated = authuser.is_authenticated() queried_user = bundle.obj public_user = queried_user.experiment_set.filter( public_access__gt=1).count() > 0 same_user = authuser == queried_user # add the database id for convenience bundle.data['id'] = queried_user.id # allow the user to find out their username and email # allow facility managers to query other users' username and email if authenticated and \ (same_user or facilities_managed_by(authuser).count() > 0): bundle.data['username'] = queried_user.username bundle.data['email'] = queried_user.email else: del (bundle.data['username']) del (bundle.data['email']) # add public information if public_user: bundle.data['email'] = queried_user.email return bundle
def dehydrate(self, bundle): ''' use cases: public user: anonymous: name, uri, email, id authenticated: other user: name, uri, email, id [, username if facility manager] same user: name, uri, email, id, username private user: anonymous: none authenticated: other user: name, uri, id [, username, email if facility manager] same user: name, uri, email, id, username ''' authuser = bundle.request.user authenticated = authuser.is_authenticated() queried_user = bundle.obj public_user = queried_user.experiment_set.filter( public_access__gt=1).count() > 0 same_user = authuser == queried_user # add the database id for convenience bundle.data['id'] = queried_user.id # allow the user to find out their username and email # allow facility managers to query other users' username and email if authenticated and \ (same_user or facilities_managed_by(authuser).count() > 0): bundle.data['username'] = queried_user.username bundle.data['email'] = queried_user.email else: del(bundle.data['username']) del(bundle.data['email']) # add public information if public_user: bundle.data['email'] = queried_user.email return bundle
def read_list(self, object_list, bundle): # noqa # too complex authuser = bundle.request.user authenticated = authuser.is_authenticated() is_facility_manager = authenticated and \ len(facilities_managed_by(authuser)) > 0 if isinstance(bundle.obj, Uploader): if is_facility_manager: return object_list return [] elif isinstance(bundle.obj, UploaderSetting): if is_facility_manager: return object_list return [] elif isinstance(bundle.obj, UploaderRegistrationRequest): if is_facility_manager: return object_list return [] else: return super(ACLAuthorization, self).read_list(object_list, bundle)
def update_detail(self, object_list, bundle): # noqa # too complex if not bundle.request.user.is_authenticated(): return False if isinstance(bundle.obj, Experiment): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') and \ has_write_permissions(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, ExperimentParameterSet): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') # and \ # has_write_permissions(bundle.request, bundle.obj.experiment.id) elif isinstance(bundle.obj, ExperimentParameter): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') elif isinstance(bundle.obj, Dataset): return False elif isinstance(bundle.obj, DatasetParameterSet): return False elif isinstance(bundle.obj, DatasetParameter): return False elif isinstance(bundle.obj, DataFile): return bundle.request.user.has_perm( 'tardis_portal.change_datafile') elif isinstance(bundle.obj, DatafileParameterSet): return False elif isinstance(bundle.obj, DatafileParameter): return False elif isinstance(bundle.obj, Schema): return False elif isinstance(bundle.obj, Group): return False elif isinstance(bundle.obj, Facility): return False elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return bundle.obj.facility in facilities and \ bundle.request.user.has_perm('tardis_portal.change_instrument') raise NotImplementedError(type(bundle.obj))
def update_detail(self, object_list, bundle): # noqa # too complex if not bundle.request.user.is_authenticated(): return False if isinstance(bundle.obj, Experiment): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') and \ has_write_permissions(bundle.request, bundle.obj.id) elif isinstance(bundle.obj, ExperimentParameterSet): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') # and \ # has_write_permissions(bundle.request, bundle.obj.experiment.id) elif isinstance(bundle.obj, ExperimentParameter): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') elif isinstance(bundle.obj, Dataset): return False elif isinstance(bundle.obj, DatasetParameterSet): return False elif isinstance(bundle.obj, DatasetParameter): return False elif isinstance(bundle.obj, DataFile): return bundle.request.user.has_perm('tardis_portal.change_datafile') elif isinstance(bundle.obj, DatafileParameterSet): return False elif isinstance(bundle.obj, DatafileParameter): return False elif isinstance(bundle.obj, Schema): return False elif isinstance(bundle.obj, Group): return False elif isinstance(bundle.obj, Facility): return False elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return bundle.obj.facility in facilities and \ bundle.request.user.has_perm('tardis_portal.change_instrument') raise NotImplementedError(type(bundle.obj))
def create_detail(self, object_list, bundle): # noqa # too complex if not bundle.request.user.is_authenticated(): return False if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if isinstance(bundle.obj, Experiment): return bundle.request.user.has_perm('tardis_portal.add_experiment') elif isinstance(bundle.obj, ExperimentParameterSet): if not bundle.request.user.has_perm( 'tardis_portal.change_experiment'): return False experiment_uri = bundle.data.get('experiment', None) if experiment_uri is not None: experiment = ExperimentResource.get_via_uri( ExperimentResource(), experiment_uri, bundle.request) return has_write_permissions(bundle.request, experiment.id) elif getattr(bundle.obj.experiment, 'id', False): return has_write_permissions(bundle.request, bundle.obj.experiment.id) return False elif isinstance(bundle.obj, ExperimentParameter): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') and \ has_write_permissions(bundle.request, bundle.obj.parameterset.experiment.id) elif isinstance(bundle.obj, Dataset): if not bundle.request.user.has_perm( 'tardis_portal.change_dataset'): return False perm = False for exp_uri in bundle.data.get('experiments', []): try: this_exp = ExperimentResource.get_via_uri( ExperimentResource(), exp_uri, bundle.request) except: return False if has_write_permissions(bundle.request, this_exp.id): perm = True else: return False return perm elif isinstance(bundle.obj, DatasetParameterSet): if not bundle.request.user.has_perm( 'tardis_portal.change_dataset'): return False dataset_uri = bundle.data.get('dataset', None) if dataset_uri is not None: dataset = DatasetResource.get_via_uri( DatasetResource(), dataset_uri, bundle.request) return has_dataset_write(bundle.request, dataset.id) elif getattr(bundle.obj.dataset, 'id', False): return has_dataset_write(bundle.request, bundle.obj.dataset.id) return False elif isinstance(bundle.obj, DatasetParameter): return bundle.request.user.has_perm( 'tardis_portal.change_dataset') and \ has_dataset_write(bundle.request, bundle.obj.parameterset.dataset.id) elif isinstance(bundle.obj, DataFile): dataset = DatasetResource.get_via_uri(DatasetResource(), bundle.data['dataset'], bundle.request) return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, dataset.id), ]) elif isinstance(bundle.obj, DatafileParameterSet): dataset = Dataset.objects.get( pk=bundle.obj.datafile.dataset.id) return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, dataset.id), ]) elif isinstance(bundle.obj, DatafileParameter): dataset = Dataset.objects.get( pk=bundle.obj.parameterset.datafile.dataset.id) return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, dataset.id), ]) elif isinstance(bundle.obj, DataFileObject): return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, bundle.obj.datafile.dataset.id), ]) elif isinstance(bundle.obj, ObjectACL): return bundle.request.user.has_perm('tardis_portal.add_objectacl') elif isinstance(bundle.obj, Group): return bundle.request.user.has_perm('tardis_portal.add_group') elif isinstance(bundle.obj, Facility): return bundle.request.user.has_perm('tardis_portal.add_facility') elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return all([ bundle.request.user.has_perm('tardis_portal.add_instrument'), bundle.obj.facility in facilities ]) raise NotImplementedError(type(bundle.obj))
def read_list(self, object_list, bundle): # noqa # too complex obj_ids = [obj.id for obj in object_list] if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return object_list if isinstance(bundle.obj, Experiment): experiments = Experiment.safe.all(bundle.request.user) return experiments.filter(id__in=obj_ids) elif isinstance(bundle.obj, ExperimentParameterSet): experiments = Experiment.safe.all(bundle.request.user) return ExperimentParameterSet.objects.filter( experiment__in=experiments, id__in=obj_ids) elif isinstance(bundle.obj, ExperimentParameter): experiments = Experiment.safe.all(bundle.request.user) return ExperimentParameter.objects.filter( parameterset__experiment__in=experiments, id__in=obj_ids ) elif isinstance(bundle.obj, Dataset): dataset_ids = [ds.id for ds in object_list if has_dataset_access(bundle.request, ds.id)] return Dataset.objects.filter(id__in=dataset_ids) elif isinstance(bundle.obj, DatasetParameterSet): return [dps for dps in object_list if has_dataset_access(bundle.request, dps.dataset.id)] elif isinstance(bundle.obj, DatasetParameter): return [dp for dp in object_list if has_dataset_access(bundle.request, dp.parameterset.dataset.id)] elif isinstance(bundle.obj, DataFile): all_files = get_accessible_datafiles_for_user(bundle.request) return all_files.filter(id__in=obj_ids) elif isinstance(bundle.obj, DatafileParameterSet): datafiles = get_accessible_datafiles_for_user(bundle.request) return DatafileParameterSet.objects.filter( datafile__in=datafiles, id__in=obj_ids ) elif isinstance(bundle.obj, DatafileParameter): datafiles = get_accessible_datafiles_for_user(bundle.request) return DatafileParameter.objects.filter( parameterset__datafile__in=datafiles, id__in=obj_ids) elif isinstance(bundle.obj, Schema): return object_list elif isinstance(bundle.obj, ParameterName): return object_list elif isinstance(bundle.obj, ObjectACL): experiment_ids = Experiment.safe.all( bundle.request.user).values_list('id', flat=True) return ObjectACL.objects.filter( content_type__model='experiment', object_id__in=experiment_ids, id__in=obj_ids ) elif bundle.request.user.is_authenticated() and \ isinstance(bundle.obj, User): if len(facilities_managed_by(bundle.request.user)) > 0: return object_list else: return [user for user in object_list if (user == bundle.request.user or user.experiment_set.filter(public_access__gt=1) .count() > 0)] elif isinstance(bundle.obj, Group): if facilities_managed_by(bundle.request.user).count() > 0: return object_list else: return bundle.request.user.groups.filter(id__in=obj_ids) elif isinstance(bundle.obj, Facility): facilities = facilities_managed_by(bundle.request.user) return [facility for facility in object_list if facility in facilities] elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) instruments = Instrument.objects.filter(facility__in=facilities) return [instrument for instrument in object_list if instrument in instruments] elif isinstance(bundle.obj, StorageBox): return object_list elif isinstance(bundle.obj, StorageBoxOption): return [option for option in object_list if option.key in StorageBoxOptionResource.accessible_keys] elif isinstance(bundle.obj, StorageBoxAttribute): return object_list else: return []
def create_detail(self, object_list, bundle): # noqa # too complex if not bundle.request.user.is_authenticated(): return False if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return True if isinstance(bundle.obj, Experiment): return bundle.request.user.has_perm('tardis_portal.add_experiment') elif isinstance(bundle.obj, ExperimentParameterSet): if not bundle.request.user.has_perm( 'tardis_portal.change_experiment'): return False experiment_uri = bundle.data.get('experiment', None) if experiment_uri is not None: experiment = ExperimentResource.get_via_uri( ExperimentResource(), experiment_uri, bundle.request) return has_write_permissions(bundle.request, experiment.id) elif getattr(bundle.obj.experiment, 'id', False): return has_write_permissions(bundle.request, bundle.obj.experiment.id) return False elif isinstance(bundle.obj, ExperimentParameter): return bundle.request.user.has_perm( 'tardis_portal.change_experiment') and \ has_write_permissions(bundle.request, bundle.obj.parameterset.experiment.id) elif isinstance(bundle.obj, Dataset): if not bundle.request.user.has_perm( 'tardis_portal.change_dataset'): return False perm = False for exp_uri in bundle.data.get('experiments', []): try: this_exp = ExperimentResource.get_via_uri( ExperimentResource(), exp_uri, bundle.request) except: return False if has_write_permissions(bundle.request, this_exp.id): perm = True else: return False return perm elif isinstance(bundle.obj, DatasetParameterSet): if not bundle.request.user.has_perm( 'tardis_portal.change_dataset'): return False dataset_uri = bundle.data.get('dataset', None) if dataset_uri is not None: dataset = DatasetResource.get_via_uri(DatasetResource(), dataset_uri, bundle.request) return has_dataset_write(bundle.request, dataset.id) elif getattr(bundle.obj.dataset, 'id', False): return has_dataset_write(bundle.request, bundle.obj.dataset.id) return False elif isinstance(bundle.obj, DatasetParameter): return bundle.request.user.has_perm( 'tardis_portal.change_dataset') and \ has_dataset_write(bundle.request, bundle.obj.parameterset.dataset.id) elif isinstance(bundle.obj, DataFile): dataset = DatasetResource.get_via_uri(DatasetResource(), bundle.data['dataset'], bundle.request) return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, dataset.id), ]) elif isinstance(bundle.obj, DatafileParameterSet): dataset = Dataset.objects.get(pk=bundle.obj.datafile.dataset.id) return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, dataset.id), ]) elif isinstance(bundle.obj, DatafileParameter): dataset = Dataset.objects.get( pk=bundle.obj.parameterset.datafile.dataset.id) return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, dataset.id), ]) elif isinstance(bundle.obj, DataFileObject): return all([ bundle.request.user.has_perm('tardis_portal.change_dataset'), bundle.request.user.has_perm('tardis_portal.add_datafile'), has_dataset_write(bundle.request, bundle.obj.datafile.dataset.id), ]) elif isinstance(bundle.obj, ObjectACL): return bundle.request.user.has_perm('tardis_portal.add_objectacl') elif isinstance(bundle.obj, Group): return bundle.request.user.has_perm('tardis_portal.add_group') elif isinstance(bundle.obj, Facility): return bundle.request.user.has_perm('tardis_portal.add_facility') elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) return all([ bundle.request.user.has_perm('tardis_portal.add_instrument'), bundle.obj.facility in facilities ]) raise NotImplementedError(type(bundle.obj))
def read_list(self, object_list, bundle): # noqa # too complex obj_ids = [obj.id for obj in object_list] if bundle.request.user.is_authenticated() and \ bundle.request.user.is_superuser: return object_list if isinstance(bundle.obj, Experiment): experiments = Experiment.safe.all(bundle.request.user) return experiments.filter(id__in=obj_ids) elif isinstance(bundle.obj, ExperimentParameterSet): experiments = Experiment.safe.all(bundle.request.user) return ExperimentParameterSet.objects.filter( experiment__in=experiments, id__in=obj_ids) elif isinstance(bundle.obj, ExperimentParameter): experiments = Experiment.safe.all(bundle.request.user) return ExperimentParameter.objects.filter( parameterset__experiment__in=experiments, id__in=obj_ids) elif isinstance(bundle.obj, Dataset): dataset_ids = [ ds.id for ds in object_list if has_dataset_access(bundle.request, ds.id) ] return Dataset.objects.filter(id__in=dataset_ids) elif isinstance(bundle.obj, DatasetParameterSet): return [ dps for dps in object_list if has_dataset_access(bundle.request, dps.dataset.id) ] elif isinstance(bundle.obj, DatasetParameter): return [ dp for dp in object_list if has_dataset_access( bundle.request, dp.parameterset.dataset.id) ] elif isinstance(bundle.obj, DataFile): all_files = get_accessible_datafiles_for_user(bundle.request) return all_files.filter(id__in=obj_ids) elif isinstance(bundle.obj, DatafileParameterSet): datafiles = get_accessible_datafiles_for_user(bundle.request) return DatafileParameterSet.objects.filter(datafile__in=datafiles, id__in=obj_ids) elif isinstance(bundle.obj, DatafileParameter): datafiles = get_accessible_datafiles_for_user(bundle.request) return DatafileParameter.objects.filter( parameterset__datafile__in=datafiles, id__in=obj_ids) elif isinstance(bundle.obj, Schema): return object_list elif isinstance(bundle.obj, ParameterName): return object_list elif isinstance(bundle.obj, ObjectACL): experiment_ids = Experiment.safe.all( bundle.request.user).values_list('id', flat=True) return ObjectACL.objects.filter(content_type__model='experiment', object_id__in=experiment_ids, id__in=obj_ids) elif bundle.request.user.is_authenticated() and \ isinstance(bundle.obj, User): if len(facilities_managed_by(bundle.request.user)) > 0: return object_list else: return [ user for user in object_list if (user == bundle.request.user or user.experiment_set. filter(public_access__gt=1).count() > 0) ] elif isinstance(bundle.obj, Group): if facilities_managed_by(bundle.request.user).count() > 0: return object_list else: return bundle.request.user.groups.filter(id__in=obj_ids) elif isinstance(bundle.obj, Facility): facilities = facilities_managed_by(bundle.request.user) return [ facility for facility in object_list if facility in facilities ] elif isinstance(bundle.obj, Instrument): facilities = facilities_managed_by(bundle.request.user) instruments = Instrument.objects.filter(facility__in=facilities) return [ instrument for instrument in object_list if instrument in instruments ] elif isinstance(bundle.obj, StorageBox): return object_list elif isinstance(bundle.obj, StorageBoxOption): return [ option for option in object_list if option.key in StorageBoxOptionResource.accessible_keys ] elif isinstance(bundle.obj, StorageBoxAttribute): return object_list else: return []