def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if isinstance(bundle.obj, Experiment):
return has_experiment_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, ExperimentParameterSet):
return has_experiment_access(
bundle.request, bundle.obj.experiment.id)
elif isinstance(bundle.obj, ExperimentParameter):
return has_experiment_access(
bundle.request, bundle.obj.parameterset.experiment.id)
elif isinstance(bundle.obj, Dataset):
return has_dataset_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatasetParameterSet):
return has_dataset_access(bundle.request, bundle.obj.dataset.id)
elif isinstance(bundle.obj, DatasetParameter):
return has_dataset_access(
bundle.request, bundle.obj.parameterset.dataset.id)
elif isinstance(bundle.obj, DataFile):
return has_datafile_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatafileParameterSet):
return has_datafile_access(
bundle.request, bundle.obj.datafile.id)
elif isinstance(bundle.obj, DatafileParameter):
return has_datafile_access(
bundle.request, bundle.obj.parameterset.datafile.id)
elif isinstance(bundle.obj, User):
# allow all authenticated users to read public user info
# the dehydrate function also adds/removes some information
authenticated = bundle.request.user.is_authenticated()
public_user = bundle.obj.experiment_set.filter(
public_access__gt=1).count() > 0
return public_user or authenticated
elif isinstance(bundle.obj, Schema):
return True
elif isinstance(bundle.obj, ParameterName):
return True
elif isinstance(bundle.obj, StorageBox):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, StorageBoxOption):
return bundle.request.user.is_authenticated() and \
bundle.obj.key in StorageBoxOptionResource.accessible_keys
elif isinstance(bundle.obj, StorageBoxAttribute):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, Group):
return bundle.obj in bundle.request.user.groups.all()
elif isinstance(bundle.obj, Facility):
return bundle.obj in facilities_managed_by(bundle.request.user)
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return bundle.obj.facility in facilities
raise NotImplementedError(type(bundle.obj))
def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if isinstance(bundle.obj, Experiment):
return has_experiment_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, ExperimentParameterSet):
return has_experiment_access(
bundle.request, bundle.obj.experiment.id)
elif isinstance(bundle.obj, ExperimentParameter):
return has_experiment_access(
bundle.request, bundle.obj.parameterset.experiment.id)
elif isinstance(bundle.obj, Dataset):
return has_dataset_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatasetParameterSet):
return has_dataset_access(bundle.request, bundle.obj.dataset.id)
elif isinstance(bundle.obj, DatasetParameter):
return has_dataset_access(
bundle.request, bundle.obj.parameterset.dataset.id)
elif isinstance(bundle.obj, DataFile):
return has_datafile_access(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, DatafileParameterSet):
return has_datafile_access(
bundle.request, bundle.obj.datafile.id)
elif isinstance(bundle.obj, DatafileParameter):
return has_datafile_access(
bundle.request, bundle.obj.parameterset.datafile.id)
elif isinstance(bundle.obj, User):
# allow all authenticated users to read public user info
# the dehydrate function also adds/removes some information
authenticated = bundle.request.user.is_authenticated()
public_user = bundle.obj.experiment_set.filter(
public_access__gt=1).count() > 0
return public_user or authenticated
elif isinstance(bundle.obj, Schema):
return True
elif isinstance(bundle.obj, ParameterName):
return True
elif isinstance(bundle.obj, StorageBox):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, StorageBoxOption):
return bundle.request.user.is_authenticated() and \
bundle.obj.key in StorageBoxOptionResource.accessible_keys
elif isinstance(bundle.obj, StorageBoxAttribute):
return bundle.request.user.is_authenticated()
elif isinstance(bundle.obj, Group):
return bundle.obj in bundle.request.user.groups.all()
elif isinstance(bundle.obj, Facility):
return bundle.obj in facilities_managed_by(bundle.request.user)
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return bundle.obj.facility in facilities
raise NotImplementedError(type(bundle.obj))
def facility_overview_facilities_list(request):
'''
json list of facilities managed by the current user
'''
facility_data = []
for facility in facilities_managed_by(request.user):
facility_data.append({"id": facility.id, "name": facility.name})
return HttpResponse(json.dumps(facility_data),
content_type='application/json')
def facility_overview_facilities_list(request):
'''
json list of facilities managed by the current user
'''
facility_data = []
for facility in facilities_managed_by(request.user):
facility_data.append({"id": facility.id, "name": facility.name})
return HttpResponse(json.dumps(facility_data),
content_type='application/json')
def create_detail(self, object_list, bundle):
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager
elif isinstance(bundle.obj, UploaderRegistrationRequest):
return is_facility_manager
elif isinstance(bundle.obj, UploaderSetting):
return is_facility_manager
return super(ACLAuthorization, self).create_detail(object_list, bundle)
def create_detail(self, object_list, bundle):
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager
elif isinstance(bundle.obj, UploaderRegistrationRequest):
return is_facility_manager
elif isinstance(bundle.obj, UploaderSetting):
return is_facility_manager
return super(ACLAuthorization, self).create_detail(object_list, bundle)
def update_detail(self, object_list, bundle):
'''
Uploaders should only be able to update the uploader record whose
UUID matches theirs (if it exists).
'''
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager and \
bundle.data['uuid'] == bundle.obj.uuid
elif isinstance(bundle.obj, UploaderSetting):
return is_facility_manager
return super(ACLAuthorization, self).update_detail(object_list, bundle)
def update_detail(self, object_list, bundle):
'''
Uploaders should only be able to update the uploader record whose
UUID matches theirs (if it exists).
'''
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager and \
bundle.data['uuid'] == bundle.obj.uuid
elif isinstance(bundle.obj, UploaderSetting):
return is_facility_manager
return super(ACLAuthorization, self).update_detail(object_list, bundle)
def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager
elif isinstance(bundle.obj, UploaderRegistrationRequest):
return is_facility_manager
elif isinstance(bundle.obj, DataFileObject):
return has_datafile_access(bundle.request, bundle.obj.datafile.id)
return super(ACLAuthorization, self).read_detail(object_list, bundle)
def read_list(self, object_list, bundle): # noqa # too complex
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
if is_facility_manager:
return object_list
return []
elif isinstance(bundle.obj, UploaderRegistrationRequest):
if is_facility_manager:
return object_list
return []
else:
return super(ACLAuthorization, self).read_list(object_list, bundle)
def read_detail(self, object_list, bundle): # noqa # too complex
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
return is_facility_manager
elif isinstance(bundle.obj, UploaderRegistrationRequest):
return is_facility_manager
elif isinstance(bundle.obj, DataFileObject):
return has_datafile_access(bundle.request, bundle.obj.datafile.id)
return super(ACLAuthorization, self).read_detail(object_list, bundle)
def dehydrate(self, bundle):
'''
use cases:
public user:
anonymous:
name, uri, email, id
authenticated:
other user:
name, uri, email, id [, username if facility manager]
same user:
name, uri, email, id, username
private user:
anonymous:
none
authenticated:
other user:
name, uri, id [, username, email if facility manager]
same user:
name, uri, email, id, username
'''
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
queried_user = bundle.obj
public_user = queried_user.experiment_set.filter(
public_access__gt=1).count() > 0
same_user = authuser == queried_user
# add the database id for convenience
bundle.data['id'] = queried_user.id
# allow the user to find out their username and email
# allow facility managers to query other users' username and email
if authenticated and \
(same_user or facilities_managed_by(authuser).count() > 0):
bundle.data['username'] = queried_user.username
bundle.data['email'] = queried_user.email
else:
del (bundle.data['username'])
del (bundle.data['email'])
# add public information
if public_user:
bundle.data['email'] = queried_user.email
return bundle
def dehydrate(self, bundle):
'''
use cases:
public user:
anonymous:
name, uri, email, id
authenticated:
other user:
name, uri, email, id [, username if facility manager]
same user:
name, uri, email, id, username
private user:
anonymous:
none
authenticated:
other user:
name, uri, id [, username, email if facility manager]
same user:
name, uri, email, id, username
'''
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
queried_user = bundle.obj
public_user = queried_user.experiment_set.filter(
public_access__gt=1).count() > 0
same_user = authuser == queried_user
# add the database id for convenience
bundle.data['id'] = queried_user.id
# allow the user to find out their username and email
# allow facility managers to query other users' username and email
if authenticated and \
(same_user or facilities_managed_by(authuser).count() > 0):
bundle.data['username'] = queried_user.username
bundle.data['email'] = queried_user.email
else:
del(bundle.data['username'])
del(bundle.data['email'])
# add public information
if public_user:
bundle.data['email'] = queried_user.email
return bundle
def read_list(self, object_list, bundle): # noqa # too complex
authuser = bundle.request.user
authenticated = authuser.is_authenticated()
is_facility_manager = authenticated and \
len(facilities_managed_by(authuser)) > 0
if isinstance(bundle.obj, Uploader):
if is_facility_manager:
return object_list
return []
elif isinstance(bundle.obj, UploaderSetting):
if is_facility_manager:
return object_list
return []
elif isinstance(bundle.obj, UploaderRegistrationRequest):
if is_facility_manager:
return object_list
return []
else:
return super(ACLAuthorization, self).read_list(object_list, bundle)
def update_detail(self, object_list, bundle): # noqa # too complex
if not bundle.request.user.is_authenticated():
return False
if isinstance(bundle.obj, Experiment):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment') and \
has_write_permissions(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, ExperimentParameterSet):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment') # and \
# has_write_permissions(bundle.request, bundle.obj.experiment.id)
elif isinstance(bundle.obj, ExperimentParameter):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment')
elif isinstance(bundle.obj, Dataset):
return False
elif isinstance(bundle.obj, DatasetParameterSet):
return False
elif isinstance(bundle.obj, DatasetParameter):
return False
elif isinstance(bundle.obj, DataFile):
return bundle.request.user.has_perm(
'tardis_portal.change_datafile')
elif isinstance(bundle.obj, DatafileParameterSet):
return False
elif isinstance(bundle.obj, DatafileParameter):
return False
elif isinstance(bundle.obj, Schema):
return False
elif isinstance(bundle.obj, Group):
return False
elif isinstance(bundle.obj, Facility):
return False
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return bundle.obj.facility in facilities and \
bundle.request.user.has_perm('tardis_portal.change_instrument')
raise NotImplementedError(type(bundle.obj))
def update_detail(self, object_list, bundle): # noqa # too complex
if not bundle.request.user.is_authenticated():
return False
if isinstance(bundle.obj, Experiment):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment') and \
has_write_permissions(bundle.request, bundle.obj.id)
elif isinstance(bundle.obj, ExperimentParameterSet):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment') # and \
# has_write_permissions(bundle.request, bundle.obj.experiment.id)
elif isinstance(bundle.obj, ExperimentParameter):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment')
elif isinstance(bundle.obj, Dataset):
return False
elif isinstance(bundle.obj, DatasetParameterSet):
return False
elif isinstance(bundle.obj, DatasetParameter):
return False
elif isinstance(bundle.obj, DataFile):
return bundle.request.user.has_perm('tardis_portal.change_datafile')
elif isinstance(bundle.obj, DatafileParameterSet):
return False
elif isinstance(bundle.obj, DatafileParameter):
return False
elif isinstance(bundle.obj, Schema):
return False
elif isinstance(bundle.obj, Group):
return False
elif isinstance(bundle.obj, Facility):
return False
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return bundle.obj.facility in facilities and \
bundle.request.user.has_perm('tardis_portal.change_instrument')
raise NotImplementedError(type(bundle.obj))
def create_detail(self, object_list, bundle): # noqa # too complex
if not bundle.request.user.is_authenticated():
return False
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if isinstance(bundle.obj, Experiment):
return bundle.request.user.has_perm('tardis_portal.add_experiment')
elif isinstance(bundle.obj, ExperimentParameterSet):
if not bundle.request.user.has_perm(
'tardis_portal.change_experiment'):
return False
experiment_uri = bundle.data.get('experiment', None)
if experiment_uri is not None:
experiment = ExperimentResource.get_via_uri(
ExperimentResource(), experiment_uri, bundle.request)
return has_write_permissions(bundle.request, experiment.id)
elif getattr(bundle.obj.experiment, 'id', False):
return has_write_permissions(bundle.request,
bundle.obj.experiment.id)
return False
elif isinstance(bundle.obj, ExperimentParameter):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment') and \
has_write_permissions(bundle.request,
bundle.obj.parameterset.experiment.id)
elif isinstance(bundle.obj, Dataset):
if not bundle.request.user.has_perm(
'tardis_portal.change_dataset'):
return False
perm = False
for exp_uri in bundle.data.get('experiments', []):
try:
this_exp = ExperimentResource.get_via_uri(
ExperimentResource(), exp_uri, bundle.request)
except:
return False
if has_write_permissions(bundle.request, this_exp.id):
perm = True
else:
return False
return perm
elif isinstance(bundle.obj, DatasetParameterSet):
if not bundle.request.user.has_perm(
'tardis_portal.change_dataset'):
return False
dataset_uri = bundle.data.get('dataset', None)
if dataset_uri is not None:
dataset = DatasetResource.get_via_uri(
DatasetResource(), dataset_uri, bundle.request)
return has_dataset_write(bundle.request, dataset.id)
elif getattr(bundle.obj.dataset, 'id', False):
return has_dataset_write(bundle.request,
bundle.obj.dataset.id)
return False
elif isinstance(bundle.obj, DatasetParameter):
return bundle.request.user.has_perm(
'tardis_portal.change_dataset') and \
has_dataset_write(bundle.request,
bundle.obj.parameterset.dataset.id)
elif isinstance(bundle.obj, DataFile):
dataset = DatasetResource.get_via_uri(DatasetResource(),
bundle.data['dataset'],
bundle.request)
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request, dataset.id),
])
elif isinstance(bundle.obj, DatafileParameterSet):
dataset = Dataset.objects.get(
pk=bundle.obj.datafile.dataset.id)
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request, dataset.id),
])
elif isinstance(bundle.obj, DatafileParameter):
dataset = Dataset.objects.get(
pk=bundle.obj.parameterset.datafile.dataset.id)
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request, dataset.id),
])
elif isinstance(bundle.obj, DataFileObject):
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request,
bundle.obj.datafile.dataset.id),
])
elif isinstance(bundle.obj, ObjectACL):
return bundle.request.user.has_perm('tardis_portal.add_objectacl')
elif isinstance(bundle.obj, Group):
return bundle.request.user.has_perm('tardis_portal.add_group')
elif isinstance(bundle.obj, Facility):
return bundle.request.user.has_perm('tardis_portal.add_facility')
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return all([
bundle.request.user.has_perm('tardis_portal.add_instrument'),
bundle.obj.facility in facilities
])
raise NotImplementedError(type(bundle.obj))
def read_list(self, object_list, bundle): # noqa # too complex
obj_ids = [obj.id for obj in object_list]
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return object_list
if isinstance(bundle.obj, Experiment):
experiments = Experiment.safe.all(bundle.request.user)
return experiments.filter(id__in=obj_ids)
elif isinstance(bundle.obj, ExperimentParameterSet):
experiments = Experiment.safe.all(bundle.request.user)
return ExperimentParameterSet.objects.filter(
experiment__in=experiments, id__in=obj_ids)
elif isinstance(bundle.obj, ExperimentParameter):
experiments = Experiment.safe.all(bundle.request.user)
return ExperimentParameter.objects.filter(
parameterset__experiment__in=experiments,
id__in=obj_ids
)
elif isinstance(bundle.obj, Dataset):
dataset_ids = [ds.id for ds in object_list
if has_dataset_access(bundle.request, ds.id)]
return Dataset.objects.filter(id__in=dataset_ids)
elif isinstance(bundle.obj, DatasetParameterSet):
return [dps for dps in object_list
if has_dataset_access(bundle.request, dps.dataset.id)]
elif isinstance(bundle.obj, DatasetParameter):
return [dp for dp in object_list
if has_dataset_access(bundle.request,
dp.parameterset.dataset.id)]
elif isinstance(bundle.obj, DataFile):
all_files = get_accessible_datafiles_for_user(bundle.request)
return all_files.filter(id__in=obj_ids)
elif isinstance(bundle.obj, DatafileParameterSet):
datafiles = get_accessible_datafiles_for_user(bundle.request)
return DatafileParameterSet.objects.filter(
datafile__in=datafiles, id__in=obj_ids
)
elif isinstance(bundle.obj, DatafileParameter):
datafiles = get_accessible_datafiles_for_user(bundle.request)
return DatafileParameter.objects.filter(
parameterset__datafile__in=datafiles, id__in=obj_ids)
elif isinstance(bundle.obj, Schema):
return object_list
elif isinstance(bundle.obj, ParameterName):
return object_list
elif isinstance(bundle.obj, ObjectACL):
experiment_ids = Experiment.safe.all(
bundle.request.user).values_list('id', flat=True)
return ObjectACL.objects.filter(
content_type__model='experiment',
object_id__in=experiment_ids,
id__in=obj_ids
)
elif bundle.request.user.is_authenticated() and \
isinstance(bundle.obj, User):
if len(facilities_managed_by(bundle.request.user)) > 0:
return object_list
else:
return [user for user in object_list if
(user == bundle.request.user or
user.experiment_set.filter(public_access__gt=1)
.count() > 0)]
elif isinstance(bundle.obj, Group):
if facilities_managed_by(bundle.request.user).count() > 0:
return object_list
else:
return bundle.request.user.groups.filter(id__in=obj_ids)
elif isinstance(bundle.obj, Facility):
facilities = facilities_managed_by(bundle.request.user)
return [facility for facility in object_list
if facility in facilities]
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
instruments = Instrument.objects.filter(facility__in=facilities)
return [instrument for instrument in object_list
if instrument in instruments]
elif isinstance(bundle.obj, StorageBox):
return object_list
elif isinstance(bundle.obj, StorageBoxOption):
return [option for option in object_list
if option.key in StorageBoxOptionResource.accessible_keys]
elif isinstance(bundle.obj, StorageBoxAttribute):
return object_list
else:
return []
def create_detail(self, object_list, bundle): # noqa # too complex
if not bundle.request.user.is_authenticated():
return False
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return True
if isinstance(bundle.obj, Experiment):
return bundle.request.user.has_perm('tardis_portal.add_experiment')
elif isinstance(bundle.obj, ExperimentParameterSet):
if not bundle.request.user.has_perm(
'tardis_portal.change_experiment'):
return False
experiment_uri = bundle.data.get('experiment', None)
if experiment_uri is not None:
experiment = ExperimentResource.get_via_uri(
ExperimentResource(), experiment_uri, bundle.request)
return has_write_permissions(bundle.request, experiment.id)
elif getattr(bundle.obj.experiment, 'id', False):
return has_write_permissions(bundle.request,
bundle.obj.experiment.id)
return False
elif isinstance(bundle.obj, ExperimentParameter):
return bundle.request.user.has_perm(
'tardis_portal.change_experiment') and \
has_write_permissions(bundle.request,
bundle.obj.parameterset.experiment.id)
elif isinstance(bundle.obj, Dataset):
if not bundle.request.user.has_perm(
'tardis_portal.change_dataset'):
return False
perm = False
for exp_uri in bundle.data.get('experiments', []):
try:
this_exp = ExperimentResource.get_via_uri(
ExperimentResource(), exp_uri, bundle.request)
except:
return False
if has_write_permissions(bundle.request, this_exp.id):
perm = True
else:
return False
return perm
elif isinstance(bundle.obj, DatasetParameterSet):
if not bundle.request.user.has_perm(
'tardis_portal.change_dataset'):
return False
dataset_uri = bundle.data.get('dataset', None)
if dataset_uri is not None:
dataset = DatasetResource.get_via_uri(DatasetResource(),
dataset_uri,
bundle.request)
return has_dataset_write(bundle.request, dataset.id)
elif getattr(bundle.obj.dataset, 'id', False):
return has_dataset_write(bundle.request, bundle.obj.dataset.id)
return False
elif isinstance(bundle.obj, DatasetParameter):
return bundle.request.user.has_perm(
'tardis_portal.change_dataset') and \
has_dataset_write(bundle.request,
bundle.obj.parameterset.dataset.id)
elif isinstance(bundle.obj, DataFile):
dataset = DatasetResource.get_via_uri(DatasetResource(),
bundle.data['dataset'],
bundle.request)
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request, dataset.id),
])
elif isinstance(bundle.obj, DatafileParameterSet):
dataset = Dataset.objects.get(pk=bundle.obj.datafile.dataset.id)
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request, dataset.id),
])
elif isinstance(bundle.obj, DatafileParameter):
dataset = Dataset.objects.get(
pk=bundle.obj.parameterset.datafile.dataset.id)
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request, dataset.id),
])
elif isinstance(bundle.obj, DataFileObject):
return all([
bundle.request.user.has_perm('tardis_portal.change_dataset'),
bundle.request.user.has_perm('tardis_portal.add_datafile'),
has_dataset_write(bundle.request,
bundle.obj.datafile.dataset.id),
])
elif isinstance(bundle.obj, ObjectACL):
return bundle.request.user.has_perm('tardis_portal.add_objectacl')
elif isinstance(bundle.obj, Group):
return bundle.request.user.has_perm('tardis_portal.add_group')
elif isinstance(bundle.obj, Facility):
return bundle.request.user.has_perm('tardis_portal.add_facility')
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
return all([
bundle.request.user.has_perm('tardis_portal.add_instrument'),
bundle.obj.facility in facilities
])
raise NotImplementedError(type(bundle.obj))
def read_list(self, object_list, bundle): # noqa # too complex
obj_ids = [obj.id for obj in object_list]
if bundle.request.user.is_authenticated() and \
bundle.request.user.is_superuser:
return object_list
if isinstance(bundle.obj, Experiment):
experiments = Experiment.safe.all(bundle.request.user)
return experiments.filter(id__in=obj_ids)
elif isinstance(bundle.obj, ExperimentParameterSet):
experiments = Experiment.safe.all(bundle.request.user)
return ExperimentParameterSet.objects.filter(
experiment__in=experiments, id__in=obj_ids)
elif isinstance(bundle.obj, ExperimentParameter):
experiments = Experiment.safe.all(bundle.request.user)
return ExperimentParameter.objects.filter(
parameterset__experiment__in=experiments, id__in=obj_ids)
elif isinstance(bundle.obj, Dataset):
dataset_ids = [
ds.id for ds in object_list
if has_dataset_access(bundle.request, ds.id)
]
return Dataset.objects.filter(id__in=dataset_ids)
elif isinstance(bundle.obj, DatasetParameterSet):
return [
dps for dps in object_list
if has_dataset_access(bundle.request, dps.dataset.id)
]
elif isinstance(bundle.obj, DatasetParameter):
return [
dp for dp in object_list if has_dataset_access(
bundle.request, dp.parameterset.dataset.id)
]
elif isinstance(bundle.obj, DataFile):
all_files = get_accessible_datafiles_for_user(bundle.request)
return all_files.filter(id__in=obj_ids)
elif isinstance(bundle.obj, DatafileParameterSet):
datafiles = get_accessible_datafiles_for_user(bundle.request)
return DatafileParameterSet.objects.filter(datafile__in=datafiles,
id__in=obj_ids)
elif isinstance(bundle.obj, DatafileParameter):
datafiles = get_accessible_datafiles_for_user(bundle.request)
return DatafileParameter.objects.filter(
parameterset__datafile__in=datafiles, id__in=obj_ids)
elif isinstance(bundle.obj, Schema):
return object_list
elif isinstance(bundle.obj, ParameterName):
return object_list
elif isinstance(bundle.obj, ObjectACL):
experiment_ids = Experiment.safe.all(
bundle.request.user).values_list('id', flat=True)
return ObjectACL.objects.filter(content_type__model='experiment',
object_id__in=experiment_ids,
id__in=obj_ids)
elif bundle.request.user.is_authenticated() and \
isinstance(bundle.obj, User):
if len(facilities_managed_by(bundle.request.user)) > 0:
return object_list
else:
return [
user for user in object_list
if (user == bundle.request.user or user.experiment_set.
filter(public_access__gt=1).count() > 0)
]
elif isinstance(bundle.obj, Group):
if facilities_managed_by(bundle.request.user).count() > 0:
return object_list
else:
return bundle.request.user.groups.filter(id__in=obj_ids)
elif isinstance(bundle.obj, Facility):
facilities = facilities_managed_by(bundle.request.user)
return [
facility for facility in object_list if facility in facilities
]
elif isinstance(bundle.obj, Instrument):
facilities = facilities_managed_by(bundle.request.user)
instruments = Instrument.objects.filter(facility__in=facilities)
return [
instrument for instrument in object_list
if instrument in instruments
]
elif isinstance(bundle.obj, StorageBox):
return object_list
elif isinstance(bundle.obj, StorageBoxOption):
return [
option for option in object_list
if option.key in StorageBoxOptionResource.accessible_keys
]
elif isinstance(bundle.obj, StorageBoxAttribute):
return object_list
else:
return []
