Esempio n. 1
0
def qualify(authorizer, user, tool):
	if tool in user.qualifications.all():
		return
	user.qualifications.add(tool)
	entry = MembershipHistory()
	entry.authorizer = authorizer
	entry.parent_content_object = tool
	entry.child_content_object = user
	entry.action = entry.Action.ADDED
	entry.save()

	if tool.grant_physical_access_level_upon_qualification:
		if tool.grant_physical_access_level_upon_qualification not in user.accessible_access_levels().all():
			user.physical_access_levels.add(tool.grant_physical_access_level_upon_qualification)
			entry = MembershipHistory()
			entry.authorizer = authorizer
			entry.parent_content_object = tool.grant_physical_access_level_upon_qualification
			entry.child_content_object = user
			entry.action = entry.Action.ADDED
			entry.save()

	if get_identity_service().get('available', False):
		if tool.grant_badge_reader_access_upon_qualification:
			parameters = {
				'username': user.username,
				'domain': user.domain,
				'requested_area': tool.grant_badge_reader_access_upon_qualification,
			}
			timeout = settings.IDENTITY_SERVICE.get('timeout', 3)
			requests.put(urljoin(settings.IDENTITY_SERVICE['url'], '/add/'), data=parameters, timeout=timeout)
Esempio n. 2
0
	def save_model(self, request, obj, form, change):
		"""
		Audit project creation and modification. Also save any project membership changes explicitly.
		"""
		record_remote_many_to_many_changes_and_save(request, obj, form, change, 'members', super(ProjectAdmin, self).save_model)
		# Make a history entry if a project has been moved under an account.
		# This applies to newly created projects and project ownership reassignment.
		if 'account' in form.changed_data:
			# Create a membership removal entry for the project if it used to belong to another account:
			if change:
				previous_account = MembershipHistory()
				previous_account.authorizer = request.user
				previous_account.child_content_object = obj
				previous_account.parent_content_object = Account.objects.get(pk=form.initial['account'])
				previous_account.action = MembershipHistory.Action.REMOVED
				previous_account.save()

			# Create a membership addition entry for the project with its current account.
			current_account = MembershipHistory()
			current_account.authorizer = request.user
			current_account.child_content_object = obj
			current_account.parent_content_object = obj.account
			current_account.action = MembershipHistory.Action.ADDED
			current_account.save()

		# Record whether the project is active or not.
		record_active_state(request, obj, form, 'active', not change)
Esempio n. 3
0
def modify_qualifications(request):
    """ Change the tools that a set of users is qualified to use. """
    action = request.POST.get('action')
    if action != 'qualify' and action != 'disqualify':
        return HttpResponseBadRequest(
            "You must specify that you are qualifying or disqualifying users.")
    users = request.POST.getlist('chosen_user[]') or request.POST.get(
        'chosen_user') or []
    users = User.objects.in_bulk(users)
    if users == {}:
        return HttpResponseBadRequest("You must specify at least one user.")
    tools = request.POST.getlist('chosen_tool[]') or request.POST.get(
        'chosen_tool') or []
    tools = Tool.objects.in_bulk(tools)
    if tools == {}:
        return HttpResponseBadRequest("You must specify at least one tool.")

    for user in users.values():
        original_qualifications = set(user.qualifications.all())
        if action == 'qualify':
            user.qualifications.add(*tools)
        elif action == 'disqualify':
            user.qualifications.remove(*tools)
        current_qualifications = set(user.qualifications.all())
        # Record the qualification changes for each tool:
        added_qualifications = set(current_qualifications) - set(
            original_qualifications)
        for tool in added_qualifications:
            entry = MembershipHistory()
            entry.authorizer = request.user
            entry.parent_content_object = tool
            entry.child_content_object = user
            entry.action = entry.Action.ADDED
            entry.save()
        removed_qualifications = set(original_qualifications) - set(
            current_qualifications)
        for tool in removed_qualifications:
            entry = MembershipHistory()
            entry.authorizer = request.user
            entry.parent_content_object = tool
            entry.child_content_object = user
            entry.action = entry.Action.REMOVED
            entry.save()

    if request.POST.get('redirect') == 'true':
        dictionary = {
            'title': 'Success!',
            'heading': 'Success!',
            'content': 'Tool qualifications were successfully modified.',
        }
        return render(request, 'acknowledgement.html', dictionary)
    else:
        return HttpResponse()
Esempio n. 4
0
def record_remote_many_to_many_changes_and_save(request, obj, form, change,
                                                many_to_many_field,
                                                save_function_pointer):
    """
	Record the changes in a many-to-many field that the model does not own. Then, save the many-to-many field.
	"""
    # If the model object is being changed then we can get the list of previous members.
    if change:
        original_members = set(obj.user_set.all())
    else:  # The model object is being created (instead of changed) so we can assume there are no members (initially).
        original_members = set()
    current_members = set(form.cleaned_data[many_to_many_field])
    added_members = []
    removed_members = []

    # Log membership changes if they occurred.
    symmetric_difference = original_members ^ current_members
    if symmetric_difference:
        if change:  # the members have changed, so find out what was added and removed...
            # We can can see the previous members of the object model by looking it up
            # in the database because the member list hasn't been committed yet.
            added_members = set(current_members) - set(original_members)
            removed_members = set(original_members) - set(current_members)

        else:  # a model object is being created (instead of changed) so we can assume all the members are new...
            added_members = form.cleaned_data[many_to_many_field]

    # A primary key for the object is required to make many-to-many field changes.
    # If the object is being changed then it has already been assigned a primary key.
    if not change:
        save_function_pointer(request, obj, form, change)
    obj.user_set = form.cleaned_data[many_to_many_field]
    save_function_pointer(request, obj, form, change)

    # Record which members were added to the object.
    for user in added_members:
        new_member = MembershipHistory()
        new_member.authorizer = request.user
        new_member.parent_content_object = obj
        new_member.child_content_object = user
        new_member.action = MembershipHistory.Action.ADDED
        new_member.save()

    # Record which members were removed from the object.
    for user in removed_members:
        ex_member = MembershipHistory()
        ex_member.authorizer = request.user
        ex_member.parent_content_object = obj
        ex_member.child_content_object = user
        ex_member.action = MembershipHistory.Action.REMOVED
        ex_member.save()
Esempio n. 5
0
def create_project(request):
    dictionary = {
        'account_list': Account.objects.all(),
    }
    if request.method == 'GET':
        return render(request, 'accounts_and_projects/create_project.html',
                      dictionary)
    form = ProjectForm(request.POST)
    if not form.is_valid():
        dictionary['form'] = form
        return render(request, 'accounts_and_projects/create_project.html',
                      dictionary)
    project = form.save()
    account_history = MembershipHistory()
    account_history.authorizer = request.user
    account_history.action = MembershipHistory.Action.ADDED
    account_history.child_content_object = project
    account_history.parent_content_object = project.account
    account_history.save()
    project_history = ActivityHistory()
    project_history.authorizer = request.user
    project_history.action = project.active
    project_history.content_object = project
    project_history.save()
    return redirect('account', project.account.id)
Esempio n. 6
0
def create_project(request):
    form = ProjectForm(request.POST or None)
    dictionary = {
        "account_list": Account.objects.all(),
        "user_list": User.objects.filter(is_active=True),
        "form": form
    }
    if request.method == "GET":
        return render(request, "accounts_and_projects/create_project.html",
                      dictionary)
    if not form.is_valid():
        return render(request, "accounts_and_projects/create_project.html",
                      dictionary)
    project = form.save()
    account_history = MembershipHistory()
    account_history.authorizer = request.user
    account_history.action = MembershipHistory.Action.ADDED
    account_history.child_content_object = project
    account_history.parent_content_object = project.account
    account_history.save()
    project_history = ActivityHistory()
    project_history.authorizer = request.user
    project_history.action = project.active
    project_history.content_object = project
    project_history.save()
    return redirect("project", project.id)
Esempio n. 7
0
def qualify(authorizer, user, tool):
    if tool in user.qualifications.all():
        return
    user.qualifications.add(tool)
    entry = MembershipHistory()
    entry.authorizer = authorizer
    entry.parent_content_object = tool
    entry.child_content_object = user
    entry.action = entry.Action.ADDED
    entry.save()
Esempio n. 8
0
def qualify(authorizer, user, tool):
	if tool in user.qualifications.all():
		return
	user.qualifications.add(tool)
	entry = MembershipHistory()
	entry.authorizer = authorizer
	entry.parent_content_object = tool
	entry.child_content_object = user
	entry.action = entry.Action.ADDED
	entry.save()

	if tool.grant_physical_access_level_upon_qualification:
		if tool.grant_physical_access_level_upon_qualification not in user.physical_access_levels.all():
			user.physical_access_levels.add(tool.grant_physical_access_level_upon_qualification)
			entry = MembershipHistory()
			entry.authorizer = authorizer
			entry.parent_content_object = tool.grant_physical_access_level_upon_qualification
			entry.child_content_object = user
			entry.action = entry.Action.ADDED
			entry.save()
Esempio n. 9
0
def record_local_many_to_many_changes(request, obj, form, many_to_many_field):
	"""
	Record the changes in a many-to-many field that the model owns.
	"""
	if many_to_many_field in form.changed_data:
		original_members = set(getattr(obj, many_to_many_field).all())
		current_members = set(form.cleaned_data[many_to_many_field])
		added_members = set(current_members) - set(original_members)
		for a in added_members:
			p = MembershipHistory()
			p.action = MembershipHistory.Action.ADDED
			p.authorizer = request.user
			p.child_content_object = obj
			p.parent_content_object = a
			p.save()
		removed_members = set(original_members) - set(current_members)
		for a in removed_members:
			p = MembershipHistory()
			p.action = MembershipHistory.Action.REMOVED
			p.authorizer = request.user
			p.child_content_object = obj
			p.parent_content_object = a
			p.save()
Esempio n. 10
0
def add_user_to_project(request):
    user = get_object_or_404(User, id=request.POST['user_id'])
    project = get_object_or_404(Project, id=request.POST['project_id'])
    if user not in project.user_set.all():
        history = MembershipHistory()
        history.action = MembershipHistory.Action.ADDED
        history.authorizer = request.user
        history.parent_content_object = project
        history.child_content_object = user
        history.save()
        project.user_set.add(user)
    dictionary = {'users': project.user_set.all(), 'project': project}
    return render(request, 'accounts_and_projects/users_for_project.html',
                  dictionary)
Esempio n. 11
0
def remove_user_from_project(request):
    user = get_object_or_404(User, id=request.POST['user_id'])
    project = get_object_or_404(Project, id=request.POST['project_id'])
    if project.user_set.filter(id=user.id).exists():
        history = MembershipHistory()
        history.action = MembershipHistory.Action.REMOVED
        history.authorizer = request.user
        history.parent_content_object = project
        history.child_content_object = user
        history.save()
        project.user_set.remove(user)
    dictionary = {'users': project.user_set.all(), 'project': project}
    return render(request, 'accounts_and_projects/users_for_project.html',
                  dictionary)
Esempio n. 12
0
def remove_user_from_project(request, user_id, project_id):
    user = get_object_or_404(User, id=user_id)
    project = get_object_or_404(Project, id=project_id)
    if project.user_set.filter(id=user.id).exists():
        history = MembershipHistory()
        history.action = MembershipHistory.Action.REMOVED
        history.authorizer = request.user
        history.parent_content_object = project
        history.child_content_object = user
        history.save()
        project.user_set.remove(user)
    dictionary = {'users': project.user_set.all(), 'project': project}
    msg = "User " + str(user) + " has been removed from project " + str(
        project)
    return HttpResponse(msg)
Esempio n. 13
0
def add_user_to_project(request, user_id, project_id):
    user = get_object_or_404(User, id=user_id)
    project = get_object_or_404(Project, id=project_id)
    if user not in project.user_set.all():
        history = MembershipHistory()
        history.action = MembershipHistory.Action.ADDED
        history.authorizer = request.user
        history.parent_content_object = project
        history.child_content_object = user
        history.save()
        project.user_set.add(user)
    data = {
        'user_username': str(user.username),
        'user_first': str(user.first_name),
        'user_last': str(user.last_name),
        'user_id': user.id,
        'project_id': project.id,
        #		'project': project
    }
    return JsonResponse(data)
Esempio n. 14
0
def modify_qualifications(request):
    """ Change the tools that a set of users is qualified to use. """
    action = request.POST.get('action')
    if action != 'qualify' and action != 'disqualify':
        return HttpResponseBadRequest(
            "You must specify that you are qualifying or disqualifying users.")
    users = request.POST.getlist('chosen_user[]') or request.POST.get(
        'chosen_user') or []
    users = User.objects.in_bulk(users)
    if users == {}:
        return HttpResponseBadRequest("You must specify at least one user.")
    tools = request.POST.getlist('chosen_tool[]') or request.POST.get(
        'chosen_tool') or []
    tools = Tool.objects.in_bulk(tools)
    if tools == {}:
        return HttpResponseBadRequest("You must specify at least one tool.")

    for user in users.values():
        original_qualifications = set(user.qualifications.all())
        if action == 'qualify':
            user.qualifications.add(*tools)
            original_physical_access_levels = set(
                user.physical_access_levels.all())
            physical_access_level_automatic_enrollment = list(
                set([
                    t.grant_physical_access_level_upon_qualification
                    for t in tools.values()
                    if t.grant_physical_access_level_upon_qualification
                ]))
            user.physical_access_levels.add(
                *physical_access_level_automatic_enrollment)
            current_physical_access_levels = set(
                user.physical_access_levels.all())
            added_physical_access_levels = set(
                current_physical_access_levels) - set(
                    original_physical_access_levels)
            for access_level in added_physical_access_levels:
                entry = MembershipHistory()
                entry.authorizer = request.user
                entry.parent_content_object = access_level
                entry.child_content_object = user
                entry.action = entry.Action.ADDED
                entry.save()
            if settings.IDENTITY_SERVICE['available']:
                for t in tools:
                    tool = Tool.objects.get(id=t)
                    if tool.grant_badge_reader_access_upon_qualification:
                        parameters = {
                            'username':
                            user.username,
                            'domain':
                            user.domain,
                            'requested_area':
                            tool.grant_badge_reader_access_upon_qualification,
                        }
                        timeout = settings.IDENTITY_SERVICE.get('timeout', 3)
                        requests.put(urljoin(settings.IDENTITY_SERVICE['url'],
                                             '/add/'),
                                     data=parameters,
                                     timeout=timeout)
        elif action == 'disqualify':
            user.qualifications.remove(*tools)
        current_qualifications = set(user.qualifications.all())
        # Record the qualification changes for each tool:
        added_qualifications = set(current_qualifications) - set(
            original_qualifications)
        for tool in added_qualifications:
            entry = MembershipHistory()
            entry.authorizer = request.user
            entry.parent_content_object = tool
            entry.child_content_object = user
            entry.action = entry.Action.ADDED
            entry.save()
        removed_qualifications = set(original_qualifications) - set(
            current_qualifications)
        for tool in removed_qualifications:
            entry = MembershipHistory()
            entry.authorizer = request.user
            entry.parent_content_object = tool
            entry.child_content_object = user
            entry.action = entry.Action.REMOVED
            entry.save()

    if request.POST.get('redirect') == 'true':
        dictionary = {
            'title': 'Success!',
            'heading': 'Success!',
            'content': 'Tool qualifications were successfully modified.',
        }
        return render(request, 'acknowledgement.html', dictionary)
    else:
        return HttpResponse()