Esempio n. 1
0
 def _get(self, _id, min_role=None, filename=None, perm_only=False, dbc=None, dbc_name=None):
     dbc = dbc or self.dbc
     dbc_name = dbc_name or self.__class__.__name__
     container = dbc.find_one({'_id': _id}, ['permissions'] if perm_only else None)
     if not container:
         self.abort(404, 'no such ' + dbc_name)
     user_perm = util.user_perm(container['permissions'], self.uid, self.source_site)
     if self.public_request:
         ticket_id = self.request.GET.get('ticket')
         if ticket_id:
             ticket = self.app.db.downloads.find_one({'_id': ticket_id})
             if not ticket: # FIXME need better security
                 self.abort(404, 'no such ticket')
             if ticket['target'] != _id or ticket['filename'] != filename:
                 self.abort(400, 'ticket not for this resource')
         elif not container.get('public', False):
             self.abort(403, 'this ' + dbc_name + ' is not public')
         del container['permissions']
     elif not self.superuser_request:
         if not user_perm:
             self.abort(403, self.uid + ' does not have permissions on this ' + dbc_name)
         if min_role and users.INTEGER_ROLES[user_perm['access']] < users.INTEGER_ROLES[min_role]:
             self.abort(403, self.uid + ' does not have at least ' + min_role + ' permissions on this ' + dbc_name)
         if user_perm['access'] != 'admin': # if not admin, mask permissions of other users
             container['permissions'] = [user_perm]
     if self.request.GET.get('paths', '').lower() in ('1', 'true'):
         for fileinfo in container['files']:
             fileinfo['path'] = str(_id)[-3:] + '/' + str(_id) + '/' + fileinfo['filename']
     container['_id'] = str(container['_id'])
     container.setdefault('timestamp', datetime.datetime.utcnow())
     container['timestamp'], container['timezone'] = util.format_timestamp(container['timestamp'], container.get('timezone')) # TODO json serializer should do this
     for note in container.get('notes', []):
         note['timestamp'], _ = util.format_timestamp(note['timestamp']) # TODO json serializer should do this
     return container, user_perm
Esempio n. 2
0
 def _get(self,
          _id,
          min_role=None,
          filename=None,
          perm_only=False,
          dbc=None,
          dbc_name=None):
     dbc = dbc or self.dbc
     dbc_name = dbc_name or self.__class__.__name__
     container = dbc.find_one({'_id': _id},
                              ['permissions'] if perm_only else None)
     if not container:
         self.abort(404, 'no such ' + dbc_name)
     user_perm = util.user_perm(container['permissions'], self.uid,
                                self.source_site)
     if self.public_request:
         ticket_id = self.request.GET.get('ticket')
         if ticket_id:
             ticket = self.app.db.downloads.find_one({'_id': ticket_id})
             if not ticket:  # FIXME need better security
                 self.abort(404, 'no such ticket')
             if ticket['target'] != _id or ticket['filename'] != filename:
                 self.abort(400, 'ticket not for this resource')
         elif not container.get('public', False):
             self.abort(403, 'this ' + dbc_name + ' is not public')
         del container['permissions']
     elif not self.superuser_request:
         if not user_perm:
             self.abort(
                 403, self.uid + ' does not have permissions on this ' +
                 dbc_name)
         if min_role and users.INTEGER_ROLES[
                 user_perm['access']] < users.INTEGER_ROLES[min_role]:
             self.abort(
                 403, self.uid + ' does not have at least ' + min_role +
                 ' permissions on this ' + dbc_name)
         if user_perm[
                 'access'] != 'admin':  # if not admin, mask permissions of other users
             container['permissions'] = [user_perm]
     if self.request.GET.get('paths', '').lower() in ('1', 'true'):
         for fileinfo in container['files']:
             fileinfo['path'] = str(_id)[-3:] + '/' + str(
                 _id) + '/' + fileinfo['filename']
     container['_id'] = str(container['_id'])
     container.setdefault('timestamp', datetime.datetime.utcnow())
     container['timestamp'], container['timezone'] = util.format_timestamp(
         container['timestamp'],
         container.get('timezone'))  # TODO json serializer should do this
     for note in container.get('notes', []):
         note['timestamp'], _ = util.format_timestamp(
             note['timestamp'])  # TODO json serializer should do this
     return container, user_perm
Esempio n. 3
0
 def get(self, cid):
     """Return the list of Collection Sessions."""
     _id = bson.ObjectId(cid)
     if not self.app.db.collections.find_one({'_id': _id}):
         self.abort(404, 'no such Collection')
     agg_res = self.app.db.acquisitions.aggregate([
         {
             '$match': {
                 'collections': _id
             }
         },
         {
             '$group': {
                 '_id': '$session'
             }
         },
     ])
     query = {'_id': {'$in': [ar['_id'] for ar in agg_res]}}
     projection = {
         'label': 1,
         'subject.code': 1,
         'notes': 1,
         'timestamp': 1,
         'timezone': 1
     }
     projection['permissions'] = {
         '$elemMatch': {
             '_id': self.uid,
             'site': self.source_site
         }
     }
     sessions = list(
         self.dbc.find(query, projection)
     )  # avoid permissions checking by not using ContainerList._get()
     for sess in sessions:
         sess['_id'] = str(
             sess['_id']
         )  # do this manually, since not going through ContainerList._get()
         sess['subject_code'] = sess.pop('subject', {}).get(
             'code', '')  # FIXME when subject is pulled out of session
         sess.setdefault('timestamp', datetime.datetime.utcnow())
         sess['timestamp'], sess['timezone'] = util.format_timestamp(
             sess['timestamp'], sess.get('timezone'))
     if self.debug:
         for sess in sessions:
             sid = str(sess['_id'])
             sess['details'] = self.uri_for(
                 'session', sid,
                 _full=True) + '?user='******'user', '')
             sess['acquisitions'] = self.uri_for(
                 'coll_acquisitions', cid,
                 _full=True) + '?session=%s&user=%s' % (
                     sid, self.request.GET.get('user', ''))
     return sessions
Esempio n. 4
0
 def _get(self, query, projection, admin_only=False):
     projection = {p: 1 for p in projection + ['files']}
     if self.public_request:
         query['public'] = True
     else:
         projection['permissions'] = {'$elemMatch': {'_id': self.uid, 'site': self.source_site}}
         if not self.superuser_request:
             if admin_only:
                 query['permissions'] = {'$elemMatch': {'_id': self.uid, 'site': self.source_site, 'access': 'admin'}}
             else:
                 query['permissions'] = {'$elemMatch': {'_id': self.uid, 'site': self.source_site}}
     containers = list(self.dbc.find(query, projection))
     for container in containers:
         container['_id'] = str(container['_id'])
         container.setdefault('timestamp', datetime.datetime.utcnow())
         container['timestamp'], container['timezone'] = util.format_timestamp(container['timestamp'], container.get('timezone')) # TODO json serializer should do this
         container['attachment_count'] = len([f for f in container.get('files', []) if f.get('flavor') == 'attachment'])
     return containers
Esempio n. 5
0
 def get(self, cid):
     """Return the list of Session Acquisitions."""
     _id = bson.ObjectId(cid)
     if not self.app.db.collections.find_one({'_id': _id}):
         self.abort(404, 'no such Collection')
     query = {'collections': _id}
     sid = self.request.GET.get('session')
     if bson.ObjectId.is_valid(sid):
         query['session'] = bson.ObjectId(sid)
     elif sid != '':
         self.abort(400, sid + ' is not a valid ObjectId')
     projection = {
         'label': 1,
         'description': 1,
         'modality': 1,
         'datatype': 1,
         'notes': 1,
         'timestamp': 1,
         'timezone': 1
     }
     projection['permissions'] = {
         '$elemMatch': {
             '_id': self.uid,
             'site': self.source_site
         }
     }
     acquisitions = list(self.dbc.find(query, projection))
     for acq in acquisitions:
         acq['_id'] = str(
             acq['_id']
         )  # do this manually, since not going through ContainerList._get()
         acq.setdefault('timestamp', datetime.datetime.utcnow())
         acq['timestamp'], acq['timezone'] = util.format_timestamp(
             acq['timestamp'], acq.get('timezone'))
     if self.debug:
         for acq in acquisitions:
             aid = str(acq['_id'])
             acq['details'] = self.uri_for(
                 'acquisition', aid,
                 _full=True) + '?user='******'user', '')
     return acquisitions
Esempio n. 6
0
 def _get(self, query, projection, admin_only=False):
     projection = {p: 1 for p in projection + ['files']}
     if self.public_request:
         query['public'] = True
     else:
         projection['permissions'] = {
             '$elemMatch': {
                 '_id': self.uid,
                 'site': self.source_site
             }
         }
         if not self.superuser_request:
             if admin_only:
                 query['permissions'] = {
                     '$elemMatch': {
                         '_id': self.uid,
                         'site': self.source_site,
                         'access': 'admin'
                     }
                 }
             else:
                 query['permissions'] = {
                     '$elemMatch': {
                         '_id': self.uid,
                         'site': self.source_site
                     }
                 }
     containers = list(self.dbc.find(query, projection))
     for container in containers:
         container['_id'] = str(container['_id'])
         container.setdefault('timestamp', datetime.datetime.utcnow())
         container[
             'timestamp'], container['timezone'] = util.format_timestamp(
                 container['timestamp'], container.get(
                     'timezone'))  # TODO json serializer should do this
         container['attachment_count'] = len([
             f for f in container.get('files', [])
             if f.get('flavor') == 'attachment'
         ])
     return containers
Esempio n. 7
0
 def get(self, cid):
     """Return the list of Session Acquisitions."""
     _id = bson.ObjectId(cid)
     if not self.app.db.collections.find_one({'_id': _id}):
         self.abort(404, 'no such Collection')
     query = {'collections': _id}
     sid = self.request.GET.get('session')
     if bson.ObjectId.is_valid(sid):
         query['session'] = bson.ObjectId(sid)
     elif sid != '':
         self.abort(400, sid + ' is not a valid ObjectId')
     projection = {'label': 1, 'description': 1, 'modality': 1, 'datatype': 1, 'notes': 1, 'timestamp': 1, 'timezone': 1}
     projection['permissions'] = {'$elemMatch': {'_id': self.uid, 'site': self.source_site}}
     acquisitions = list(self.dbc.find(query, projection))
     for acq in acquisitions:
         acq['_id'] = str(acq['_id']) # do this manually, since not going through ContainerList._get()
         acq.setdefault('timestamp', datetime.datetime.utcnow())
         acq['timestamp'], acq['timezone'] = util.format_timestamp(acq['timestamp'], acq.get('timezone'))
     if self.debug:
         for acq in acquisitions:
             aid = str(acq['_id'])
             acq['details'] = self.uri_for('acquisition', aid, _full=True) + '?user='******'user', '')
     return acquisitions
Esempio n. 8
0
 def get(self, cid):
     """Return the list of Collection Sessions."""
     _id = bson.ObjectId(cid)
     if not self.app.db.collections.find_one({'_id': _id}):
         self.abort(404, 'no such Collection')
     agg_res = self.app.db.acquisitions.aggregate([
             {'$match': {'collections': _id}},
             {'$group': {'_id': '$session'}},
             ])
     query = {'_id': {'$in': [ar['_id'] for ar in agg_res]}}
     projection = {'label': 1, 'subject.code': 1, 'notes': 1, 'timestamp': 1, 'timezone': 1}
     projection['permissions'] = {'$elemMatch': {'_id': self.uid, 'site': self.source_site}}
     sessions = list(self.dbc.find(query, projection)) # avoid permissions checking by not using ContainerList._get()
     for sess in sessions:
         sess['_id'] = str(sess['_id']) # do this manually, since not going through ContainerList._get()
         sess['subject_code'] = sess.pop('subject', {}).get('code', '') # FIXME when subject is pulled out of session
         sess.setdefault('timestamp', datetime.datetime.utcnow())
         sess['timestamp'], sess['timezone'] = util.format_timestamp(sess['timestamp'], sess.get('timezone'))
     if self.debug:
         for sess in sessions:
             sid = str(sess['_id'])
             sess['details'] = self.uri_for('session', sid, _full=True) + '?user='******'user', '')
             sess['acquisitions'] = self.uri_for('coll_acquisitions', cid, _full=True) + '?session=%s&user=%s' % (sid, self.request.GET.get('user', ''))
     return sessions
Esempio n. 9
0
def test_format_timestamp():
    assert format_timestamp(1628222400.0) == "2021-08-06 12:00:00"