def deposited_dataset_owner_org_dest(value, context):
user = context.get('user')
userobj = model.User.get(user)
include_ids = []
package = context.get('package')
dataset = None
if package:
# 'Package' object has no attribute 'owner_org_dest'
dataset = toolkit.get_action('package_show')(context, {
'id': package.id
})
include_ids = [dataset['owner_org_dest']]
# Pass validation if data container exists and NOT for depositing
deposit = helpers.get_data_deposit()
orgs = helpers.get_all_data_containers(
exclude_ids=[deposit['id']],
include_unknown=True,
userobj=userobj,
include_ids=include_ids,
dataset=dataset,
)
for org in orgs:
if value == org['id']:
return value
raise Invalid('Invalid data container')
def get_summary_email_recipients():
# summary emails are sent to sysadmins
# and members of the curation team
recipients = []
deposit_group = helpers.get_data_deposit()
curators = toolkit.get_action('member_list')({
'ignore_auth': True
}, {
'id': deposit_group['id']
})
curator_ids = [c[0] for c in curators]
all_users = toolkit.get_action('user_list')({
'ignore_auth': True,
'keep_email': True
}, {})
default_user = toolkit.get_action('get_site_user')({'ignore_auth': True})
for user in all_users:
if user['name'] == default_user['name']:
continue
if user['sysadmin'] or user['id'] in curator_ids:
recipients.append(user)
return recipients
def _get_deposited_dataset(context, dataset_id):
deposit = helpers.get_data_deposit()
dataset = toolkit.get_action('package_show')(context, {'id': dataset_id})
if dataset.get('owner_org') != deposit['id']:
message = 'Deposited dataset "%s" not found' % dataset_id
raise toolkit.ObjectNotFound(message)
return dataset
def deposited_dataset_owner_org(value, context):
# Pass validation if data container exists and for depositing
deposit = helpers.get_data_deposit()
if value == deposit['id']:
return value
raise Invalid('Invalid data deposit')
def package_create(context, data_dict):
# Data deposit
if data_dict:
deposit = helpers.get_data_deposit()
if deposit['id'] == data_dict.get('owner_org'):
return {'success': True}
# Data container
return auth_create_core.package_create(context, data_dict)
def deposited_dataset_owner_org_dest(value, context):
# Pass validation if data container exists and NOT for depositing
deposit = helpers.get_data_deposit()
orgs = helpers.get_all_data_containers(exclude_ids=[deposit['id']], include_unknown=True)
for org in orgs:
if value == org['id']:
return value
raise Invalid('Invalid data container')
def organization_show(next_auth, context, data_dict):
user = context.get('auth_user_obj')
if not user:
return next_auth(context, data_dict)
if user.external:
deposit = helpers.get_data_deposit()
if data_dict.get('id') in [deposit['name'], deposit['id']]:
return {'success': True}
else:
return {'success': False}
return next_auth(context, data_dict)
def request_access(container_id):
message = toolkit.request.form.get('message')
deposit = helpers.get_data_deposit()
if container_id == deposit['id']:
return toolkit.abort(403, 'Not Authorized')
action_context = {'model': model, 'user': toolkit.c.user}
try:
container = toolkit.get_action('organization_show')(action_context, {
'id': container_id
})
except toolkit.ObjectNotFound:
return toolkit.abort(404, 'Dataset not found')
except toolkit.NotAuthorized:
return toolkit.abort(403, 'Not Authorized')
if toolkit.c.userobj.id in [u['id'] for u in container['users']]:
toolkit.h.flash_notice('You are already a member of {}'.format(
container['display_name']))
return toolkit.redirect_to('data-container.read', id=container_id)
try:
toolkit.get_action('access_request_create')(
action_context, {
'object_id': container['id'],
'object_type': 'organization',
'message': message,
'role': 'member',
})
except toolkit.ObjectNotFound as e:
return toolkit.abort(404, str(e))
except toolkit.NotAuthorized:
return toolkit.abort(403, 'Not Authorized')
except toolkit.ValidationError as e:
if e.error_dict and 'message' in e.error_dict:
return toolkit.abort(
400,
e.error_dict['message'][0].replace('organization',
'container'))
return toolkit.abort(400, 'Bad Request')
org_admins = mailer.get_container_request_access_email_recipients(
container)
for recipient in org_admins:
subj = mailer.compose_container_request_access_email_subj(container)
body = mailer.compose_request_access_email_body(
'container', recipient, container, toolkit.c.userobj, message)
toolkit.enqueue_job(mailer.mail_user_by_id,
[recipient['name'], subj, body])
toolkit.h.flash_success('Requested access to container {}'.format(
container['display_name']))
return toolkit.redirect_to('data-container.read', id=container_id)
def _get_container_list(self):
context = {'model': model, 'ignore_auth': True}
orgs = toolkit.get_action('organization_list_all_fields')(context, {})
deposit = get_data_deposit()
containers = sorted([{
'value': o['id'],
'text': o['display_name']
} for o in orgs if o['id'] != deposit['id'] and 'visible_external' in o
and o['visible_external']],
key=lambda o: o['text'])
containers.insert(0, {'value': '', 'text': 'Select...'})
return containers
def organization_facets(self, facets_dict, organization_type,
package_type):
# TODO: optimize data deposit calls
deposit = helpers.get_data_deposit()
if deposit['id'] == getattr(toolkit.c.group, 'id', None):
facets_dict.clear()
facets_dict['curation_state'] = _('State')
facets_dict['curator_display_name'] = _('Curator')
facets_dict['depositor_display_name'] = _('Depositor')
facets_dict['owner_org_dest_display_name'] = _('Data Container')
return facets_dict
else:
return self._facets(facets_dict)
def package_create(context, data_dict):
# Data deposit
if not data_dict:
# All users can deposit datasets
if toolkit.request.path == '/deposited-dataset/new':
return {'success': True}
else:
deposit = helpers.get_data_deposit()
if deposit['id'] == data_dict.get('owner_org'):
return {'success': True}
# Data container
return auth_create_core.package_create(context, data_dict)
def get_user_dataset_labels(self, user_obj):
# https://github.com/ckan/ckan/blob/master/ckanext/example_ipermissionlabels/plugin.py
# For normal users
# The label "creator-%s" is here for a package creator
labels = super(UnhcrPlugin, self).get_user_dataset_labels(user_obj)
# For curating users
# Adding "deposited-dataset" label for data curators
if user_obj:
context = {u'user': user_obj.id}
deposit = helpers.get_data_deposit()
orgs = toolkit.get_action('organization_list_for_user')(context,
{})
for org in orgs:
if deposit['id'] == org['id']:
labels.extend(['deposited-dataset'])
return labels
def package_create(next_auth, context, data_dict):
# Data deposit
if not data_dict:
try:
# All users can deposit datasets
if (toolkit.request.path == '/deposited-dataset/new'
or toolkit.request.path.startswith(
'/deposited-dataset/edit/')):
return {'success': True}
except (TypeError, RuntimeError):
return {
'success':
False,
'msg':
'package_create requires either a web request or a data_dict'
}
else:
deposit = helpers.get_data_deposit()
if deposit['id'] == data_dict.get('owner_org'):
return {'success': True}
# Data container
context['model'] = context.get('model') or model
return next_auth(context, data_dict)
def test_get_data_deposit_not_created(self):
result = helpers.get_data_deposit()
assert_equals(result, {'id': 'data-deposit', 'name': 'data-deposit'})
def membership():
context = {'model': model, 'user': toolkit.c.user}
username = toolkit.request.params.get('username')
# Check access
try:
toolkit.check_access('sysadmin', context)
except toolkit.NotAuthorized:
message = 'Not authorized to manage membership'
return toolkit.abort(403, message)
# Get users
users = toolkit.get_action('user_list')(context, {
'order_by': 'display_name'
})
users = [u for u in users if not u['external']]
# Get user
user = None
if username:
try:
user = toolkit.get_action('user_show')(context, {'id': username})
deposit = helpers.get_data_deposit()
except toolkit.ObjectNotFound:
message = 'User "%s" not found'
toolkit.h.flash_success(message % username)
return toolkit.redirect_to('unhcr_data_container.membership')
# Containers
containers = []
if user:
containers = toolkit.get_action('organization_list_all_fields')(
context, {})
containers = filter(lambda cont: cont['name'] != deposit['name'],
containers)
# Roles
roles = []
if user:
roles = [
{
'name': 'admin',
'title': 'Admin'
},
{
'name': 'editor',
'title': 'Editor'
},
{
'name': 'member',
'title': 'Member'
},
]
# Get user containers
user_containers = []
if user:
action = 'organization_list_for_user'
user_containers = toolkit.get_action(action)(context, {'id': username})
user_containers = list(
filter(lambda cont: cont['name'] != deposit['name'],
user_containers))
for role in roles:
role['total'] = len(
[uc for uc in user_containers if uc['capacity'] == role['name']])
return toolkit.render(
'organization/membership.html', {
'membership': {
'users': users,
'user': user,
'containers': containers,
'roles': roles,
'user_containers': user_containers,
}
})
def test_get_data_deposit(self):
deposit = factories.DataContainer(id='data-deposit')
result = helpers.get_data_deposit()
assert_equals(result['id'], 'data-deposit')
def post(self):
if toolkit.c.user:
return toolkit.abort(
403,
"You can't create a new user account while already logged in")
context = self._prepare()
try:
data_dict = logic.clean_dict(
dictization_functions.unflatten(
logic.tuplize_dict(logic.parse_params(
toolkit.request.form))))
except dictization_functions.DataError:
toolkit.abort(400, _(u'Integrity Error'))
context[u'message'] = data_dict.get(u'log_message', u'')
try:
captcha.check_recaptcha(toolkit.request)
except captcha.CaptchaError:
error_msg = _(u'Bad Captcha. Please try again.')
toolkit.h.flash_error(error_msg)
return self.get(data_dict)
try:
domain = toolkit.request.form['email'].split('@')[1]
except IndexError:
error_message = 'Please enter an email address'
return self.get(data_dict, {'email': [error_message]},
{'email': error_message})
if domain in get_internal_domains():
error_message = (
'Users with an @{domain} email may not register for a partner account. '
.format(domain=domain) +
'Log in to {site} using {email} and use your Active Directory password to access RIDL'
.format(site=toolkit.config.get('ckan.site_url'),
email=toolkit.request.form['email']))
return self.get(data_dict, {'email': [error_message]},
{'email': error_message})
if not data_dict.get('container'):
error_message = "A region must be specified"
return self.get(data_dict, {'container': [error_message]},
{'container': error_message})
context['defer_commit'] = True
data_dict['state'] = context['model'].State.PENDING
deposit = get_data_deposit()
containers = [data_dict.get('container'), deposit['id']]
data_dict['default_containers'] = containers
try:
model.Session.begin_nested()
user = toolkit.get_action(u'user_create')(context, data_dict)
access_request_data_dict = {
'object_id': user['id'],
'object_type': 'user',
'message': data_dict['message'],
'role': 'member',
'data': {
'default_containers': containers,
'user_request_type': USER_REQUEST_TYPE_NEW
}
}
toolkit.get_action(u'access_request_create')({
'user': user['id'],
'ignore_auth': True,
'defer_commit': True
}, access_request_data_dict)
model.Session.commit()
except toolkit.NotAuthorized:
model.Session.rollback()
toolkit.abort(403, _(u'Unauthorized to create user %s') % u'')
except toolkit.ObjectNotFound:
model.Session.rollback()
toolkit.abort(404, _(u'User not found'))
except toolkit.ValidationError as e:
model.Session.rollback()
errors = e.error_dict
error_summary = e.error_summary
return self.get(data_dict, errors, error_summary)
except:
model.Session.rollback()
raise
recipients = mailer.get_user_account_request_access_email_recipients(
containers)
for recipient in recipients:
subj = mailer.compose_user_request_access_email_subj()
body = mailer.compose_request_access_email_body(
'user', recipient, user, user, data_dict['message'])
toolkit.enqueue_job(mailer.mail_user_by_id,
[recipient['name'], subj, body])
return toolkit.render(u'user/account_created.html',
{'email': data_dict['email']})
