def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if isinstance(bundle.obj, Experiment):
return has_experiment_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, ExperimentParameterSet):
return has_experiment_access(
bundle.request, bundle.obj.experiment.id)
elif isinstance(bundle.obj, ExperimentParameter):
return has_experiment_access(
bundle.request, bundle.obj.parameterset.experiment.id)
elif isinstance(bundle.obj, Dataset):
return has_dataset_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatasetParameterSet):
return has_dataset_access(bundle.request, bundle.obj.dataset.id)
elif isinstance(bundle.obj, DatasetParameter):
return has_dataset_access(
bundle.request, bundle.obj.parameterset.dataset.id)
elif isinstance(bundle.obj, DataFile):
return has_datafile_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatafileParameterSet):
return has_datafile_access(
bundle.request, bundle.obj.datafile.id)
elif isinstance(bundle.obj, DatafileParameter):
return has_datafile_access(
bundle.request, bundle.obj.parameterset.datafile.id)
elif isinstance(bundle.obj, User):
# allow all authenticated users to read public user info
# the dehydrate function also adds/removes some information
authenticated = bundle.request.user.is_authenticated()
public_user = bundle.obj.experiment_set.filter(
public_access__gt=1).count() > 0
return public_user or authenticated
elif isinstance(bundle.obj, Schema):
return True
elif isinstance(bundle.obj, ParameterName):
return True
elif isinstance(bundle.obj, StorageBox):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, StorageBoxOption):
return bundle.request.user.is_authenticated() and \
bundle.obj.key in StorageBoxOptionResource.accessible_keys
elif isinstance(bundle.obj, StorageBoxAttribute):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, Group):
return bundle.obj in bundle.request.user.groups.all()
elif isinstance(bundle.obj, Facility):
return bundle.obj in facilities_managed_by(bundle.request.user)
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return bundle.obj.facility in facilities
raise NotImplementedError(type(bundle.obj))
def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if isinstance(bundle.obj, Experiment):
return has_experiment_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, ExperimentParameterSet):
return has_experiment_access(
bundle.request, bundle.obj.experiment.id)
elif isinstance(bundle.obj, ExperimentParameter):
return has_experiment_access(
bundle.request, bundle.obj.parameterset.experiment.id)
elif isinstance(bundle.obj, Dataset):
return has_dataset_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatasetParameterSet):
return has_dataset_access(bundle.request, bundle.obj.dataset.id)
elif isinstance(bundle.obj, DatasetParameter):
return has_dataset_access(
bundle.request, bundle.obj.parameterset.dataset.id)
elif isinstance(bundle.obj, DataFile):
return has_datafile_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatafileParameterSet):
return has_datafile_access(
bundle.request, bundle.obj.datafile.id)
elif isinstance(bundle.obj, DatafileParameter):
return has_datafile_access(
bundle.request, bundle.obj.parameterset.datafile.id)
elif isinstance(bundle.obj, User):
# allow all authenticated users to read public user info
# the dehydrate function also adds/removes some information
authenticated = bundle.request.user.is_authenticated()
public_user = bundle.obj.experiment_set.filter(
public_access__gt=1).count() > 0
return public_user or authenticated
elif isinstance(bundle.obj, Schema):
return True
elif isinstance(bundle.obj, ParameterName):
return True
elif isinstance(bundle.obj, StorageBox):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, StorageBoxOption):
return bundle.request.user.is_authenticated() and \
bundle.obj.key in StorageBoxOptionResource.accessible_keys
elif isinstance(bundle.obj, StorageBoxAttribute):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, Group):
return bundle.obj in bundle.request.user.groups.all()
elif isinstance(bundle.obj, Facility):
return bundle.obj in facilities_managed_by(bundle.request.user)
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return bundle.obj.facility in facilities
raise NotImplementedError(type(bundle.obj))
def load_datafile_image(request, parameter_id):
try:
parameter = DatafileParameter.objects.get(pk=parameter_id)
except DatafileParameter.DoesNotExist:
return HttpResponseNotFound()
datafile = parameter.parameterset.datafile
if authz.has_datafile_access(request, datafile.id):
return load_image(request, parameter)
return return_response_error(request)
def load_datafile_image(request, parameter_id):
try:
parameter = DatafileParameter.objects.get(pk=parameter_id)
except DatafileParameter.DoesNotExist:
return HttpResponseNotFound()
datafile = parameter.parameterset.datafile
if authz.has_datafile_access(request, datafile.id):
return load_image(request, parameter)
return return_response_error(request)
def unhide_objects(request):
expid = request.POST['expid']
datasets = []
if 'dataset' in request.POST:
datasets = request.POST.getlist('dataset')
for dataset in datasets:
Dataset_Hidden.objects.filter(dataset=dataset).update(hidden=False)
for datafile in Dataset_File.objects.filter(dataset=dataset):
if authz.has_datafile_access(request, datafile.id):
Datafile_Hidden.objects.filter(datafile=datafile.id).update(hidden=False)
if 'datafile' in request.POST:
datafiles = request.POST.getlist('datafile')
for datafile in datafiles:
datafile = Dataset_File.objects.get(pk=datafile)
if datafile.dataset.id in datasets:
continue
if authz.has_datafile_access(request, datafile.id):
Datafile_Hidden.objects.filter(datafile=datafile.id).update(hidden=False)
return HttpResponseRedirect(reverse('tardis.tardis_portal.views.view_experiment', args=(expid,)))
def display_datafile_image(
request, datafile_id, parameterset_id, parameter_name):
# TODO handle not exist
if not authz.has_datafile_access(request, datafile_id):
return return_response_error(request)
image = DatafileParameter.objects.get(name__name=parameter_name,
parameterset=parameterset_id)
return HttpResponse(b64decode(image.string_value), content_type='image/jpeg')
def display_datafile_image(request, datafile_id, parameterset_id,
parameter_name):
# TODO handle not exist
if not authz.has_datafile_access(request, datafile_id):
return return_response_error(request)
image = DatafileParameter.objects.get(name__name=parameter_name,
parameterset=parameterset_id)
return HttpResponse(b64decode(image.string_value),
content_type='image/jpeg')
def read_detail(self, object_list, bundle):
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if type(bundle.obj) == Experiment:
return has_experiment_access(bundle.request, bundle.obj.id)
elif type(bundle.obj) == ExperimentParameterSet:
return has_experiment_access(
bundle.request, bundle.obj.experiment.id)
elif type(bundle.obj) == ExperimentParameter:
return has_experiment_access(
bundle.request, bundle.obj.parameterset.experiment.id)
elif type(bundle.obj) == Dataset:
return has_dataset_access(bundle.request, bundle.obj.id)
elif type(bundle.obj) == DatasetParameterSet:
return has_dataset_access(bundle.request, bundle.obj.dataset.id)
elif type(bundle.obj) == DatasetParameter:
return has_dataset_access(
bundle.request, bundle.obj.parameterset.dataset.id)
elif type(bundle.obj) == Dataset_File:
return has_datafile_access(bundle.request, bundle.obj.id)
elif type(bundle.obj) == DatafileParameterSet:
return has_datafile_access(
bundle.request, bundle.obj.dataset_file.id)
elif type(bundle.obj) == DatafileParameter:
return has_datafile_access(
bundle.request, bundle.obj.parameterset.dataset_file.id)
elif type(bundle.obj) == User:
# allow all authenticated users to read user list
return bundle.request.user.is_authenticated()
elif type(bundle.obj) == Schema:
return bundle.request.user.is_authenticated()
elif type(bundle.obj) == ParameterName:
return bundle.request.user.is_authenticated()
elif type(bundle.obj) == Location:
return bundle.request.user.is_authenticated()
raise NotImplementedError(type(bundle.obj))
def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager
elif isinstance(bundle.obj, UploaderRegistrationRequest):
return is_facility_manager
elif isinstance(bundle.obj, DataFileObject):
return has_datafile_access(bundle.request, bundle.obj.datafile.id)
return super(ACLAuthorization, self).read_detail(object_list, bundle)
def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager
elif isinstance(bundle.obj, UploaderRegistrationRequest):
return is_facility_manager
elif isinstance(bundle.obj, DataFileObject):
return has_datafile_access(bundle.request, bundle.obj.datafile.id)
return super(ACLAuthorization, self).read_detail(object_list, bundle)
