def register(self):
"""
Registers the content items into the database. Registration only works for a
postgres user account.
"""
pg_account = "postgres"
if self._username == pg_account:
for c in self.contentItems():
if isinstance(c, Content):
cnt = Content()
qo = cnt.queryObject()
cn = qo.filter(Content.code == c.code).first()
#If content not found then add
if cn is None:
#Check if the 'postgres' role is defined, if not then create one
rl = Role()
rolequery = rl.queryObject()
role = rolequery.filter(
Role.name == pg_account).first()
if role is None:
rl.name = pg_account
rl.contents = [c]
rl.save()
else:
existingContents = role.contents
#Append new content to existing
existingContents.append(c)
role.contents = existingContents
role.update()
def CheckAccess(self, contentCode):
'''
Assert whether the given user has permissions to access a content
item with the gien code.
'''
hasPermission = False
#Get roles with permission
try:
cnt = Content()
qo = cnt.queryObject()
'''
cntRef = qo.filter(Content.code == contentCode).first()
'''
cntRef = qo.filter(Content.code == contentCode).first()
if cntRef != None:
cntRoles = cntRef.roles
for rl in cntRoles:
if getIndex(self.userRoles, rl.name) != -1:
hasPermission = True
break
except Exception:
'''
Current user does not have permission to access the content tables.
Catches all errors
'''
#pass
raise
return hasPermission
def contentItemFromQAction(qAction):
"""
Creates a Content object from a QAction object.
"""
cnt = Content()
cnt.name = qAction.text()
return cnt
def contentItemFromQAction(qAction):
"""
Creates a Content object from a QAction object.
"""
cnt = Content()
cnt.name = qAction.text()
return cnt
def addContent(self,name,code):
"""
Create a new Content item and add it to the collection.
"""
cnt = Content()
cnt.name = name
cnt.code = code
self._contentItems.append(cnt)
def addContent(self, name, code):
"""
Create a new Content item and add it to the collection.
"""
cnt = Content()
cnt.name = name
cnt.code = code
self._contentItems.append(cnt)
def content_items(self):
"""
:return: Returns a collection of content times specifying permissions
for the various search operations.
:rtype: list
"""
cnt_items = []
for a in self.actions():
c = Content()
c.name = a.text()
cnt_items.append(c)
return cnt_items
def register(self):
"""
Registers the content items into the database. Registration only works for a
postgres user account.
"""
PG_ACCOUNT = "postgres"
if self._username == PG_ACCOUNT:
for c in self.contentItems():
if isinstance(c,Content):
cnt = Content()
qo = cnt.queryObject()
if c.code is None:
code = self.hash_code(unicode(c.name))
cn = c
else:
code = c.code
cn = qo.filter(Content.code == code).first()
#If content not found then add
if cn is None:
#Check if the 'postgres' role is defined, if not then create one
rl = Role()
rolequery = rl.queryObject()
role = rolequery.filter(Role.name == PG_ACCOUNT).first()
if role is None:
rl.name = PG_ACCOUNT
rl.contents = [c]
rl.save()
else:
existingContents = role.contents
#Append new content to existing
if c.code is None:
c.code = code
if len([e_cont for e_cont in existingContents if e_cont.name == c.name])==0:
existingContents.append(c)
role.contents = existingContents
role.update()
else:
for c in self.contentItems():
if isinstance(c,Content):
cnt = Content()
qo = cnt.queryObject()
cn = qo.filter(Content.name == c.name).first()
c.code = cn.code
def loadRoles(self, contentname=""):
'''
Loads the roles in the database cluster
'''
self.roleProvider = RoleProvider()
sysRoles = self.roleProvider.GetAllRoles()
roles = []
#Load the corresponding roles for the specified content item
cnt = Content()
if contentname != "":
self.currentContent = self.content.queryObject().filter(
Content.name == contentname).first()
if self.currentContent:
roles = [rl.name for rl in self.currentContent.roles]
#Initialize model
self.roleMappingsModel = QStandardItemModel(self)
self.roleMappingsModel.setColumnCount(1)
#Add role items into the standard item model
for r in range(len(sysRoles)):
role = sysRoles[r]
if role.name != "postgres":
roleItem = self._createNewRoleItem(role.name)
#Check if the db role is in the approved for the current content item
roleIndex = getIndex(roles, role.name)
if roleIndex != -1:
roleItem.setCheckState(Qt.Checked)
self.roleMappingsModel.appendRow(roleItem)
self.lstRoles.setModel(self.roleMappingsModel)
def loadContent(self):
'''
Loads STDM content items
'''
self.content = Content()
#self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
cntItems = self.content.queryObject().all()
'''
self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
session= STDMDb.instance().session
cntItems=session.query(self.content)
'''
cnts = [cntItem.name for cntItem in cntItems]
self.contentModel = UsersRolesModel(cnts)
self.lstContent.setModel(self.contentModel)
def _createDbOpContent(self):
"""
Create content for database operations.
The code for each content needs to be set by the caller.
"""
self._createCnt = Content()
self._createCnt.name = self._buildName(self.create_op)
self.addContentItem(self._createCnt)
self._readCnt = Content()
self._readCnt.name = self._buildName(self.read_op)
self.addContentItem(self._readCnt)
self._updateCnt = Content()
self._updateCnt.name = self._buildName(self.update_op)
self.addContentItem(self._updateCnt)
self._deleteCnt = Content()
self._deleteCnt.name = self._buildName(self.delete_op)
self.addContentItem(self._deleteCnt)
def _edit_permissions(self):
"""
Returns True/False whether the current logged in user
has permissions to create new social tenure relationships.
If true, then the system assumes that
they can also edit STR records.
"""
canEdit = False
userName = globals.APP_DBCONN.User.UserName
authorizer = Authorizer(userName)
newSTRCode = "9576A88D-C434-40A6-A318-F830216CA15A"
# Get the name of the content from the code
cnt = Content()
createSTRCnt = cnt.queryObject().filter(
Content.code == newSTRCode).first()
if createSTRCnt:
name = createSTRCnt.name
canEdit = authorizer.CheckAccess(name)
return canEdit
def _edit_permissions(self):
"""
Returns True/False whether the current logged in user
has permissions to create new social tenure relationships.
If true, then the system assumes that
they can also edit STR records.
"""
canEdit = False
userName = stdm.data.app_dbconn.User.UserName
authorizer = Authorizer(userName)
newSTRCode = "9576A88D-C434-40A6-A318-F830216CA15A"
#Get the name of the content from the code
cnt = Content()
createSTRCnt = cnt.queryObject().filter(
Content.code == newSTRCode
).first()
if createSTRCnt:
name = createSTRCnt.name
canEdit = authorizer.CheckAccess(name)
return canEdit
def loadContent(self):
'''
Loads STDM content items
'''
self.content = Content()
#self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
cntItems = self.content.queryObject().all()
'''
self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
session= STDMDb.instance().session
cntItems=session.query(self.content)
'''
cnts = [cntItem.name for cntItem in cntItems]
self.contentModel = UsersRolesModel(cnts)
self.lstContent.setModel(self.contentModel)
def register(self):
"""
Registers the content items into the database. Registration only works for a
postgres user account.
"""
PG_ACCOUNT = "postgres"
if self._username == PG_ACCOUNT:
for c in self.contentItems():
if isinstance(c, Content):
cnt = Content()
qo = cnt.queryObject()
if c.code is None:
code = self.hash_code(unicode(c.name))
cn = c
else:
code = c.code
cn = qo.filter(Content.code == code).first()
#If content not found then add
if cn is None:
#Check if the 'postgres' role is defined, if not then create one
rl = Role()
rolequery = rl.queryObject()
role = rolequery.filter(
Role.name == PG_ACCOUNT).first()
if role is None:
rl.name = PG_ACCOUNT
rl.contents = [c]
rl.save()
else:
existingContents = role.contents
#Append new content to existing
if c.code is None:
c.code = code
if len([
e_cont for e_cont in existingContents
if e_cont.name == c.name
]) == 0:
existingContents.append(c)
role.contents = existingContents
role.update()
else:
for c in self.contentItems():
if isinstance(c, Content):
cnt = Content()
qo = cnt.queryObject()
cn = qo.filter(Content.name == c.name).first()
c.code = cn.code
class contentAuthDlg(QDialog, Ui_frmContentAuth):
'''
Content authorization dialog
'''
def __init__(self,plugin):
QDialog.__init__(self,plugin.iface.mainWindow())
self.setupUi(self)
#Initialize the dialog
self.initGui()
#Load users
self.loadContent()
#Load Roles
self.loadRoles()
#Reference to the currently selected STDM content item
self.currentContent = None
def initGui(self):
'''
Initialize GUI properties
'''
#Disable any action by the user in the roles view
self.lstRoles.setEnabled(False)
#Connect signals
QObject.connect(self.lstContent, SIGNAL("activated(const QModelIndex&)"),self.onContentClicked)
QObject.connect(self.lstContent, SIGNAL("clicked(const QModelIndex&)"),self.onContentClicked)
QObject.connect(self.lstRoles, SIGNAL("activated(const QModelIndex&)"),self.onRoleSelected)
QObject.connect(self.lstRoles, SIGNAL("clicked(const QModelIndex&)"),self.onRoleSelected)
def loadContent(self):
'''
Loads STDM content items
'''
self.content = Content()
#self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
cntItems = self.content.queryObject().all()
'''
self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
session= STDMDb.instance().session
cntItems=session.query(self.content)
'''
cnts = [cntItem.name for cntItem in cntItems]
self.contentModel = UsersRolesModel(cnts)
self.lstContent.setModel(self.contentModel)
def loadRoles(self,contentname = ""):
'''
Loads the roles in the database cluster
'''
self.roleProvider = RoleProvider()
sysRoles = self.roleProvider.GetAllRoles()
roles = []
#Load the corresponding roles for the specified content item
cnt=Content()
if contentname != "":
self.currentContent = self.content.queryObject().filter(Content.name == contentname).first()
if self.currentContent:
roles = [rl.name for rl in self.currentContent.roles]
#Initialize model
self.roleMappingsModel = QStandardItemModel(self)
self.roleMappingsModel.setColumnCount(1)
#Add role items into the standard item model
for r in range(len(sysRoles)):
role = sysRoles[r]
if role.name != "postgres":
roleItem = self._createNewRoleItem(role.name)
#Check if the db role is in the approved for the current content item
roleIndex = getIndex(roles,role.name)
if roleIndex != -1:
roleItem.setCheckState(Qt.Checked)
self.roleMappingsModel.appendRow(roleItem)
self.lstRoles.setModel(self.roleMappingsModel)
def _createNewRoleItem(self,rolename):
'''
Creates a custom role item for use in a QStandardItemModel
'''
#Set icon
icon = QIcon()
icon.addPixmap(QPixmap(":/plugins/stdm/images/icons/roles.png"), QIcon.Normal, QIcon.Off)
roleItem = QStandardItem(icon,rolename)
roleItem.setCheckable(True)
roleItem.setCheckState(Qt.Unchecked)
return roleItem
def onContentClicked(self,index):
'''
Slot activated when a content item is selected to load the roles for the specified content items
'''
self.lstRoles.setEnabled(True)
contentName = index.data()
self.loadRoles(contentName)
self.privilege_provider = SinglePrivilegeProvider(contentName, current_profile() )
def onRoleSelected(self,index):
'''
Slot which is called when a user checks/unchecks to add/remove a role for the
specified content item.
'''
if self.currentContent != None:
item = self.roleMappingsModel.itemFromIndex(index)
rolename = item.text()
self.privilege_provider.role = rolename
#Get role object from role name
role = Role()
rl = role.queryObject().filter(Role.name == rolename).first()
self.blockSignals(True)
#Add role to the content item if the item is selected or remove if it was previosuly checked
if item.checkState() == Qt.Checked:
self.currentContent.roles.append(rl)
self.privilege_provider.grant_privilege()
elif item.checkState() == Qt.Unchecked:
self.currentContent.roles.remove(rl)
self.privilege_provider.revoke_privilege()
self.currentContent.update()
self.blockSignals(False)
class contentAuthDlg(QDialog, Ui_frmContentAuth):
'''
Content authorization dialog
'''
def __init__(self, plugin):
QDialog.__init__(self, plugin.iface.mainWindow())
self.setupUi(self)
#Initialize the dialog
self.initGui()
#Load users
self.loadContent()
#Load Roles
self.loadRoles()
#Reference to the currently selected STDM content item
self.currentContent = None
def initGui(self):
'''
Initialize GUI properties
'''
#Disable any action by the user in the roles view
self.lstRoles.setEnabled(False)
#Connect signals
QObject.connect(self.lstContent,
SIGNAL("activated(const QModelIndex&)"),
self.onContentClicked)
QObject.connect(self.lstContent, SIGNAL("clicked(const QModelIndex&)"),
self.onContentClicked)
QObject.connect(self.lstRoles, SIGNAL("activated(const QModelIndex&)"),
self.onRoleSelected)
QObject.connect(self.lstRoles, SIGNAL("clicked(const QModelIndex&)"),
self.onRoleSelected)
def loadContent(self):
'''
Loads STDM content items
'''
self.content = Content()
#self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
cntItems = self.content.queryObject().all()
'''
self.content=Table('content_base',Base.metadata,autoload=True,autoload_with=STDMDb.instance().engine)
session= STDMDb.instance().session
cntItems=session.query(self.content)
'''
cnts = [cntItem.name for cntItem in cntItems]
self.contentModel = UsersRolesModel(cnts)
self.lstContent.setModel(self.contentModel)
def loadRoles(self, contentname=""):
'''
Loads the roles in the database cluster
'''
self.roleProvider = RoleProvider()
sysRoles = self.roleProvider.GetAllRoles()
roles = []
#Load the corresponding roles for the specified content item
cnt = Content()
if contentname != "":
self.currentContent = self.content.queryObject().filter(
Content.name == contentname).first()
if self.currentContent:
roles = [rl.name for rl in self.currentContent.roles]
#Initialize model
self.roleMappingsModel = QStandardItemModel(self)
self.roleMappingsModel.setColumnCount(1)
#Add role items into the standard item model
for r in range(len(sysRoles)):
role = sysRoles[r]
if role.name != "postgres":
roleItem = self._createNewRoleItem(role.name)
#Check if the db role is in the approved for the current content item
roleIndex = getIndex(roles, role.name)
if roleIndex != -1:
roleItem.setCheckState(Qt.Checked)
self.roleMappingsModel.appendRow(roleItem)
self.lstRoles.setModel(self.roleMappingsModel)
def _createNewRoleItem(self, rolename):
'''
Creates a custom role item for use in a QStandardItemModel
'''
#Set icon
icon = QIcon()
icon.addPixmap(QPixmap(":/plugins/stdm/images/icons/roles.png"),
QIcon.Normal, QIcon.Off)
roleItem = QStandardItem(icon, rolename)
roleItem.setCheckable(True)
roleItem.setCheckState(Qt.Unchecked)
return roleItem
def onContentClicked(self, index):
'''
Slot activated when a content item is selected to load the roles for the specified content items
'''
self.lstRoles.setEnabled(True)
contentName = index.data()
self.loadRoles(contentName)
self.privilege_provider = SinglePrivilegeProvider(
contentName, current_profile())
def onRoleSelected(self, index):
'''
Slot which is called when a user checks/unchecks to add/remove a role for the
specified content item.
'''
if self.currentContent != None:
item = self.roleMappingsModel.itemFromIndex(index)
rolename = item.text()
self.privilege_provider.role = rolename
#Get role object from role name
role = Role()
rl = role.queryObject().filter(Role.name == rolename).first()
self.blockSignals(True)
#Add role to the content item if the item is selected or remove if it was previosuly checked
if item.checkState() == Qt.Checked:
self.currentContent.roles.append(rl)
self.privilege_provider.grant_privilege()
elif item.checkState() == Qt.Unchecked:
self.currentContent.roles.remove(rl)
self.privilege_provider.revoke_privilege()
self.currentContent.update()
self.blockSignals(False)
def contentItemFromName(name):
cnt = Content()
cnt.name = name
return cnt
