def _validate_user_roles(self):
id_manager = user_store.IdentityManager()
user = self._get_target_user()
project = id_manager.get_project(self.project_id)
# user roles
current_roles = id_manager.get_roles(user, project)
current_role_names = {role.name for role in current_roles}
# NOTE(adriant): Only allow someone to edit roles if all roles from
# the target user can be managed by editor.
can_manage_roles = user_store.get_managable_roles(
self.action.task.keystone_user['roles'])
if not set(can_manage_roles).issuperset(current_role_names):
self.add_note('Not all target user roles are manageable.')
return False
if self.remove:
remaining = set(current_role_names) & set(self.roles)
if not remaining:
self.action.state = "complete"
self.add_note("User doesn't have roles to remove.")
else:
self.roles = list(remaining)
self.add_note('User has roles to remove.')
else:
missing = set(self.roles) - set(current_role_names)
if not missing:
self.action.state = "complete"
self.add_note('User already has roles.')
else:
self.roles = list(missing)
self.add_note('User user missing roles.')
# All paths are valid here
# We've just set state and roles that need to be changed.
return True
def are_roles_managable(self, user_roles=[], requested_roles=[]):
requested_roles = set(requested_roles)
# blacklist checks
blacklist_roles = set(['admin'])
if len(blacklist_roles & requested_roles) > 0:
return False
# user managable role
managable_roles = user_store.get_managable_roles(user_roles)
intersection = set(managable_roles) & requested_roles
# if all requested roles match, we can proceed
return intersection == requested_roles
def get(self, request):
"""Returns a list of roles that may be managed for this project"""
# get roles for this user on the project
user_roles = request.keystone_user['roles']
managable_role_names = user_store.get_managable_roles(user_roles)
id_manager = user_store.IdentityManager()
# look up role names and form output dict of valid roles
managable_roles = []
for role_name in managable_role_names:
role = id_manager.find_role(role_name)
if role:
managable_roles.append(role.to_dict())
return Response({'roles': managable_roles})
def get(self, request):
"""Get a list of all users who have been added to a project"""
class_conf = settings.TASK_SETTINGS.get('edit_user',
settings.DEFAULT_TASK_SETTINGS)
role_blacklist = class_conf.get('role_blacklist', [])
user_list = []
id_manager = user_store.IdentityManager()
project_id = request.keystone_user['project_id']
project = id_manager.get_project(project_id)
can_manage_roles = user_store.get_managable_roles(
request.keystone_user['roles'])
active_emails = set()
for user in id_manager.list_users(project):
skip = False
roles = []
for role in user.roles:
if role.name in role_blacklist:
skip = True
continue
roles.append(role.name)
if skip:
continue
email = getattr(user, 'email', '')
enabled = getattr(user, 'enabled')
user_status = 'Active' if enabled else 'Account Disabled'
active_emails.add(email)
user_list.append({
'id':
user.id,
'name':
user.name,
'email':
email,
'roles':
roles,
'cohort':
'Member',
'status':
user_status,
'manageable':
set(can_manage_roles).issuperset(roles),
})
# Get my active tasks for this project:
project_tasks = models.Task.objects.filter(project_id=project_id,
task_type="invite_user",
completed=0,
cancelled=0)
registrations = []
for task in project_tasks:
status = "Invited"
for token in task.tokens:
if token.expired:
status = "Expired"
for notification in task.notifications:
if notification.error:
status = "Failed"
task_data = {}
for action in task.actions:
task_data.update(action.action_data)
registrations.append({
'uuid': task.uuid,
'task_data': task_data,
'status': status
})
for task in registrations:
# NOTE(adriant): commenting out for now as it causes more confusion
# than it helps. May uncomment once different duplication checking
# measures are in place.
# if task['task_data']['email'] not in active_emails:
user = {
'id': task['uuid'],
'name': task['task_data']['email'],
'email': task['task_data']['email'],
'roles': task['task_data']['roles'],
'cohort': 'Invited',
'status': task['status']
}
if not settings.USERNAME_IS_EMAIL:
user['name'] = task['task_data']['username']
user_list.append(user)
return Response({'users': user_list})