def qualify(authorizer, user, tool):
if tool in user.qualifications.all():
return
user.qualifications.add(tool)
entry = MembershipHistory()
entry.authorizer = authorizer
entry.parent_content_object = tool
entry.child_content_object = user
entry.action = entry.Action.ADDED
entry.save()
if tool.grant_physical_access_level_upon_qualification:
if tool.grant_physical_access_level_upon_qualification not in user.accessible_access_levels().all():
user.physical_access_levels.add(tool.grant_physical_access_level_upon_qualification)
entry = MembershipHistory()
entry.authorizer = authorizer
entry.parent_content_object = tool.grant_physical_access_level_upon_qualification
entry.child_content_object = user
entry.action = entry.Action.ADDED
entry.save()
if get_identity_service().get('available', False):
if tool.grant_badge_reader_access_upon_qualification:
parameters = {
'username': user.username,
'domain': user.domain,
'requested_area': tool.grant_badge_reader_access_upon_qualification,
}
timeout = settings.IDENTITY_SERVICE.get('timeout', 3)
requests.put(urljoin(settings.IDENTITY_SERVICE['url'], '/add/'), data=parameters, timeout=timeout)
def save_model(self, request, obj, form, change): """ Audit project creation and modification. Also save any project membership changes explicitly. """ record_remote_many_to_many_changes_and_save(request, obj, form, change, 'members', super(ProjectAdmin, self).save_model) # Make a history entry if a project has been moved under an account. # This applies to newly created projects and project ownership reassignment. if 'account' in form.changed_data: # Create a membership removal entry for the project if it used to belong to another account: if change: previous_account = MembershipHistory() previous_account.authorizer = request.user previous_account.child_content_object = obj previous_account.parent_content_object = Account.objects.get(pk=form.initial['account']) previous_account.action = MembershipHistory.Action.REMOVED previous_account.save() # Create a membership addition entry for the project with its current account. current_account = MembershipHistory() current_account.authorizer = request.user current_account.child_content_object = obj current_account.parent_content_object = obj.account current_account.action = MembershipHistory.Action.ADDED current_account.save() # Record whether the project is active or not. record_active_state(request, obj, form, 'active', not change)
def modify_qualifications(request):
""" Change the tools that a set of users is qualified to use. """
action = request.POST.get('action')
if action != 'qualify' and action != 'disqualify':
return HttpResponseBadRequest(
"You must specify that you are qualifying or disqualifying users.")
users = request.POST.getlist('chosen_user[]') or request.POST.get(
'chosen_user') or []
users = User.objects.in_bulk(users)
if users == {}:
return HttpResponseBadRequest("You must specify at least one user.")
tools = request.POST.getlist('chosen_tool[]') or request.POST.get(
'chosen_tool') or []
tools = Tool.objects.in_bulk(tools)
if tools == {}:
return HttpResponseBadRequest("You must specify at least one tool.")
for user in users.values():
original_qualifications = set(user.qualifications.all())
if action == 'qualify':
user.qualifications.add(*tools)
elif action == 'disqualify':
user.qualifications.remove(*tools)
current_qualifications = set(user.qualifications.all())
# Record the qualification changes for each tool:
added_qualifications = set(current_qualifications) - set(
original_qualifications)
for tool in added_qualifications:
entry = MembershipHistory()
entry.authorizer = request.user
entry.parent_content_object = tool
entry.child_content_object = user
entry.action = entry.Action.ADDED
entry.save()
removed_qualifications = set(original_qualifications) - set(
current_qualifications)
for tool in removed_qualifications:
entry = MembershipHistory()
entry.authorizer = request.user
entry.parent_content_object = tool
entry.child_content_object = user
entry.action = entry.Action.REMOVED
entry.save()
if request.POST.get('redirect') == 'true':
dictionary = {
'title': 'Success!',
'heading': 'Success!',
'content': 'Tool qualifications were successfully modified.',
}
return render(request, 'acknowledgement.html', dictionary)
else:
return HttpResponse()
def record_remote_many_to_many_changes_and_save(request, obj, form, change,
many_to_many_field,
save_function_pointer):
"""
Record the changes in a many-to-many field that the model does not own. Then, save the many-to-many field.
"""
# If the model object is being changed then we can get the list of previous members.
if change:
original_members = set(obj.user_set.all())
else: # The model object is being created (instead of changed) so we can assume there are no members (initially).
original_members = set()
current_members = set(form.cleaned_data[many_to_many_field])
added_members = []
removed_members = []
# Log membership changes if they occurred.
symmetric_difference = original_members ^ current_members
if symmetric_difference:
if change: # the members have changed, so find out what was added and removed...
# We can can see the previous members of the object model by looking it up
# in the database because the member list hasn't been committed yet.
added_members = set(current_members) - set(original_members)
removed_members = set(original_members) - set(current_members)
else: # a model object is being created (instead of changed) so we can assume all the members are new...
added_members = form.cleaned_data[many_to_many_field]
# A primary key for the object is required to make many-to-many field changes.
# If the object is being changed then it has already been assigned a primary key.
if not change:
save_function_pointer(request, obj, form, change)
obj.user_set = form.cleaned_data[many_to_many_field]
save_function_pointer(request, obj, form, change)
# Record which members were added to the object.
for user in added_members:
new_member = MembershipHistory()
new_member.authorizer = request.user
new_member.parent_content_object = obj
new_member.child_content_object = user
new_member.action = MembershipHistory.Action.ADDED
new_member.save()
# Record which members were removed from the object.
for user in removed_members:
ex_member = MembershipHistory()
ex_member.authorizer = request.user
ex_member.parent_content_object = obj
ex_member.child_content_object = user
ex_member.action = MembershipHistory.Action.REMOVED
ex_member.save()
def create_project(request):
dictionary = {
'account_list': Account.objects.all(),
}
if request.method == 'GET':
return render(request, 'accounts_and_projects/create_project.html',
dictionary)
form = ProjectForm(request.POST)
if not form.is_valid():
dictionary['form'] = form
return render(request, 'accounts_and_projects/create_project.html',
dictionary)
project = form.save()
account_history = MembershipHistory()
account_history.authorizer = request.user
account_history.action = MembershipHistory.Action.ADDED
account_history.child_content_object = project
account_history.parent_content_object = project.account
account_history.save()
project_history = ActivityHistory()
project_history.authorizer = request.user
project_history.action = project.active
project_history.content_object = project
project_history.save()
return redirect('account', project.account.id)
def create_project(request):
form = ProjectForm(request.POST or None)
dictionary = {
"account_list": Account.objects.all(),
"user_list": User.objects.filter(is_active=True),
"form": form
}
if request.method == "GET":
return render(request, "accounts_and_projects/create_project.html",
dictionary)
if not form.is_valid():
return render(request, "accounts_and_projects/create_project.html",
dictionary)
project = form.save()
account_history = MembershipHistory()
account_history.authorizer = request.user
account_history.action = MembershipHistory.Action.ADDED
account_history.child_content_object = project
account_history.parent_content_object = project.account
account_history.save()
project_history = ActivityHistory()
project_history.authorizer = request.user
project_history.action = project.active
project_history.content_object = project
project_history.save()
return redirect("project", project.id)
def qualify(authorizer, user, tool):
if tool in user.qualifications.all():
return
user.qualifications.add(tool)
entry = MembershipHistory()
entry.authorizer = authorizer
entry.parent_content_object = tool
entry.child_content_object = user
entry.action = entry.Action.ADDED
entry.save()
def qualify(authorizer, user, tool): if tool in user.qualifications.all(): return user.qualifications.add(tool) entry = MembershipHistory() entry.authorizer = authorizer entry.parent_content_object = tool entry.child_content_object = user entry.action = entry.Action.ADDED entry.save() if tool.grant_physical_access_level_upon_qualification: if tool.grant_physical_access_level_upon_qualification not in user.physical_access_levels.all(): user.physical_access_levels.add(tool.grant_physical_access_level_upon_qualification) entry = MembershipHistory() entry.authorizer = authorizer entry.parent_content_object = tool.grant_physical_access_level_upon_qualification entry.child_content_object = user entry.action = entry.Action.ADDED entry.save()
def record_local_many_to_many_changes(request, obj, form, many_to_many_field): """ Record the changes in a many-to-many field that the model owns. """ if many_to_many_field in form.changed_data: original_members = set(getattr(obj, many_to_many_field).all()) current_members = set(form.cleaned_data[many_to_many_field]) added_members = set(current_members) - set(original_members) for a in added_members: p = MembershipHistory() p.action = MembershipHistory.Action.ADDED p.authorizer = request.user p.child_content_object = obj p.parent_content_object = a p.save() removed_members = set(original_members) - set(current_members) for a in removed_members: p = MembershipHistory() p.action = MembershipHistory.Action.REMOVED p.authorizer = request.user p.child_content_object = obj p.parent_content_object = a p.save()
def add_user_to_project(request):
user = get_object_or_404(User, id=request.POST['user_id'])
project = get_object_or_404(Project, id=request.POST['project_id'])
if user not in project.user_set.all():
history = MembershipHistory()
history.action = MembershipHistory.Action.ADDED
history.authorizer = request.user
history.parent_content_object = project
history.child_content_object = user
history.save()
project.user_set.add(user)
dictionary = {'users': project.user_set.all(), 'project': project}
return render(request, 'accounts_and_projects/users_for_project.html',
dictionary)
def remove_user_from_project(request):
user = get_object_or_404(User, id=request.POST['user_id'])
project = get_object_or_404(Project, id=request.POST['project_id'])
if project.user_set.filter(id=user.id).exists():
history = MembershipHistory()
history.action = MembershipHistory.Action.REMOVED
history.authorizer = request.user
history.parent_content_object = project
history.child_content_object = user
history.save()
project.user_set.remove(user)
dictionary = {'users': project.user_set.all(), 'project': project}
return render(request, 'accounts_and_projects/users_for_project.html',
dictionary)
def remove_user_from_project(request, user_id, project_id):
user = get_object_or_404(User, id=user_id)
project = get_object_or_404(Project, id=project_id)
if project.user_set.filter(id=user.id).exists():
history = MembershipHistory()
history.action = MembershipHistory.Action.REMOVED
history.authorizer = request.user
history.parent_content_object = project
history.child_content_object = user
history.save()
project.user_set.remove(user)
dictionary = {'users': project.user_set.all(), 'project': project}
msg = "User " + str(user) + " has been removed from project " + str(
project)
return HttpResponse(msg)
def add_user_to_project(request, user_id, project_id):
user = get_object_or_404(User, id=user_id)
project = get_object_or_404(Project, id=project_id)
if user not in project.user_set.all():
history = MembershipHistory()
history.action = MembershipHistory.Action.ADDED
history.authorizer = request.user
history.parent_content_object = project
history.child_content_object = user
history.save()
project.user_set.add(user)
data = {
'user_username': str(user.username),
'user_first': str(user.first_name),
'user_last': str(user.last_name),
'user_id': user.id,
'project_id': project.id,
# 'project': project
}
return JsonResponse(data)
def modify_qualifications(request):
""" Change the tools that a set of users is qualified to use. """
action = request.POST.get('action')
if action != 'qualify' and action != 'disqualify':
return HttpResponseBadRequest(
"You must specify that you are qualifying or disqualifying users.")
users = request.POST.getlist('chosen_user[]') or request.POST.get(
'chosen_user') or []
users = User.objects.in_bulk(users)
if users == {}:
return HttpResponseBadRequest("You must specify at least one user.")
tools = request.POST.getlist('chosen_tool[]') or request.POST.get(
'chosen_tool') or []
tools = Tool.objects.in_bulk(tools)
if tools == {}:
return HttpResponseBadRequest("You must specify at least one tool.")
for user in users.values():
original_qualifications = set(user.qualifications.all())
if action == 'qualify':
user.qualifications.add(*tools)
original_physical_access_levels = set(
user.physical_access_levels.all())
physical_access_level_automatic_enrollment = list(
set([
t.grant_physical_access_level_upon_qualification
for t in tools.values()
if t.grant_physical_access_level_upon_qualification
]))
user.physical_access_levels.add(
*physical_access_level_automatic_enrollment)
current_physical_access_levels = set(
user.physical_access_levels.all())
added_physical_access_levels = set(
current_physical_access_levels) - set(
original_physical_access_levels)
for access_level in added_physical_access_levels:
entry = MembershipHistory()
entry.authorizer = request.user
entry.parent_content_object = access_level
entry.child_content_object = user
entry.action = entry.Action.ADDED
entry.save()
if settings.IDENTITY_SERVICE['available']:
for t in tools:
tool = Tool.objects.get(id=t)
if tool.grant_badge_reader_access_upon_qualification:
parameters = {
'username':
user.username,
'domain':
user.domain,
'requested_area':
tool.grant_badge_reader_access_upon_qualification,
}
timeout = settings.IDENTITY_SERVICE.get('timeout', 3)
requests.put(urljoin(settings.IDENTITY_SERVICE['url'],
'/add/'),
data=parameters,
timeout=timeout)
elif action == 'disqualify':
user.qualifications.remove(*tools)
current_qualifications = set(user.qualifications.all())
# Record the qualification changes for each tool:
added_qualifications = set(current_qualifications) - set(
original_qualifications)
for tool in added_qualifications:
entry = MembershipHistory()
entry.authorizer = request.user
entry.parent_content_object = tool
entry.child_content_object = user
entry.action = entry.Action.ADDED
entry.save()
removed_qualifications = set(original_qualifications) - set(
current_qualifications)
for tool in removed_qualifications:
entry = MembershipHistory()
entry.authorizer = request.user
entry.parent_content_object = tool
entry.child_content_object = user
entry.action = entry.Action.REMOVED
entry.save()
if request.POST.get('redirect') == 'true':
dictionary = {
'title': 'Success!',
'heading': 'Success!',
'content': 'Tool qualifications were successfully modified.',
}
return render(request, 'acknowledgement.html', dictionary)
else:
return HttpResponse()
