def load_add_group_form(request): """ Load the form to list the groups with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get('workspace_id', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except exceptions.ModelError: return HttpResponseBadRequest('Invalid input.') except Exception: return HttpResponseBadRequest('An unexpected error occurred.') try: # We retrieve all groups with no access groups_with_no_access = list( workspace_api.get_list_group_with_no_access_workspace( workspace, request.user)) if len(groups_with_no_access) > 0: group_utils.remove_list_object_from_list(groups_with_no_access, [ group_api.get_anonymous_group(), group_api.get_default_group() ]) if len(groups_with_no_access) == 0: return HttpResponseBadRequest( "There is no groups that can be added.") form = GroupRightForm(groups_with_no_access) except AccessControlError, ace: return HttpResponseBadRequest(ace.message)
def get_all_workspace_permissions_user_can_read(user): """Get a list of permission ids of workspaces that the user has read access. Args: user Return: """ # TODO: fix the super user case if user.is_superuser: return [ str(perm.id) for perm in Permission.objects.filter( content_type__app_label=CONTENT_TYPE_APP_LABEL, codename__startswith=CAN_READ_CODENAME, ) ] elif user.is_anonymous: return [ str(perm.id) for perm in Permission.objects.filter( group=group_api.get_anonymous_group(), content_type__app_label=CONTENT_TYPE_APP_LABEL, codename__startswith=CAN_READ_CODENAME, ) ] else: return [ str(perm.id) for perm in Permission.objects.filter( (Q(user=user) | Q(group__in=user.groups.all())), content_type__app_label=CONTENT_TYPE_APP_LABEL, codename__startswith=CAN_READ_CODENAME, ) ]
def create_global_workspace(title): workspace = workspace_api.create_and_save(title, is_public=True) permission_api.add_permission_to_group(group_api.get_anonymous_group(), workspace.read_perm_id) permission_api.add_permission_to_group(group_api.get_default_group(), workspace.read_perm_id) return workspace
def set_workspace_public(workspace): """ Set the workspace to public. Args: workspace Return: """ permission_api.add_permission_to_group(group_api.get_anonymous_group(), workspace.read_perm_id) permission_api.add_permission_to_group(group_api.get_default_group(), workspace.read_perm_id)
def load_add_group_form(request): """Load the form to list the groups with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get("workspace_id", None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except exceptions.ModelError: return HttpResponseBadRequest("Invalid input.") except Exception: return HttpResponseBadRequest("An unexpected error occurred.") try: # We retrieve all groups with no access groups_with_no_access = list( workspace_api.get_list_group_with_no_access_workspace( workspace, request.user)) if len(groups_with_no_access) > 0: group_utils.remove_list_object_from_list( groups_with_no_access, [ group_api.get_anonymous_group(), group_api.get_default_group() ], ) if len(groups_with_no_access) == 0: return HttpResponseBadRequest( "There is no groups that can be added.") form = GroupRightForm(groups_with_no_access) except AccessControlError as ace: return HttpResponseBadRequest(escape(str(ace))) except DoesNotExist as dne: return HttpResponseBadRequest(escape(str(dne))) except: return HttpResponseBadRequest("Something wrong happened.") context = {"add_group_form": form} return HttpResponse( json.dumps({ "form": loader.render_to_string( "core_main_app/user/workspaces/list/modals/add_group_form.html", context, ) }), "application/javascript", )
def get_all_public_workspace_permission(): """ Get all permissions related to public workspaces. Return: """ return [ str(perm.id) for perm in Permission.objects.filter( (Q(group=group_api.get_default_group()) & Q(group=group_api.get_anonymous_group())), content_type__app_label=CONTENT_TYPE_APP_LABEL, codename__startswith=CAN_READ_CODENAME) ]
def is_workspace_public(permission_id): """ Check if the workspace is public. Args: permission_id Returns: """ permission = Permission.objects.get(pk=permission_id) group_anonymous = group_api.get_anonymous_group() group_default = group_api.get_default_group() return permission in group_anonymous.permissions.all( ) and permission in group_default.permissions.all()
def get_all_workspace_permissions_user_can_read(user_id): """ Get a list of permission ids of workspaces that the user has read access. Args: user_id Return: """ user = user_api.get_user_by_id(user_id) return [ str(perm.id) for perm in Permission.objects.filter( (Q(user=user) | Q(group__in=user.groups.all()) | (Q(group=group_api.get_default_group()) & Q(group=group_api.get_anonymous_group()))), content_type__app_label=CONTENT_TYPE_APP_LABEL, codename__startswith=CAN_READ_CODENAME) ]
def get(self, request, *args, **kwargs): try: workspace_id = kwargs["workspace_id"] workspace = workspace_api.get_by_id(workspace_id) except DoesNotExist as e: return HttpResponseBadRequest("The workspace does not exist.") except: return HttpResponseBadRequest("Something wrong happened.") if workspace.owner != str(request.user.id) and not self.administration: return HttpResponseForbidden( "Only the workspace owner can edit the rights.") try: # Users users_read_workspace = workspace_api.get_list_user_can_read_workspace( workspace, request.user) users_write_workspace = workspace_api.get_list_user_can_write_workspace( workspace, request.user) users_access_workspace = list( set(users_read_workspace + users_write_workspace)) detailed_users = [] for user in users_access_workspace: if str(user.id) != workspace.owner: detailed_users.append({ "object_id": user.id, "object_name": user.username, "can_read": user in users_read_workspace, "can_write": user in users_write_workspace, }) except: detailed_users = [] try: # Groups groups_read_workspace = workspace_api.get_list_group_can_read_workspace( workspace, request.user) groups_write_workspace = workspace_api.get_list_group_can_write_workspace( workspace, request.user) groups_access_workspace = list( set(groups_read_workspace + groups_write_workspace)) group_utils.remove_list_object_from_list( groups_access_workspace, [ group_api.get_anonymous_group(), group_api.get_default_group() ], ) detailed_groups = [] for group in groups_access_workspace: detailed_groups.append({ "object_id": group.id, "object_name": group.name, "can_read": group in groups_read_workspace, "can_write": group in groups_write_workspace, }) except: detailed_groups = [] context = { "workspace": workspace, "user_data": detailed_users, "group_data": detailed_groups, "template": "core_main_app/user/workspaces/list/edit_rights_table.html", "action_read": "action_read", "action_write": "action_write", } if workspace_api.is_workspace_public(workspace): context.update({"is_public": True}) if workspace_api.is_workspace_global(workspace): context.update({"is_global": True}) assets = { "css": [ "core_main_app/libs/datatables/1.10.13/css/jquery.dataTables.css", "core_main_app/libs/fSelect/css/fSelect.css", "core_main_app/common/css/switch.css", ], "js": [ { "path": "core_main_app/libs/datatables/1.10.13/js/jquery.dataTables.js", "is_raw": True, }, { "path": "core_main_app/libs/fSelect/js/fSelect.js", "is_raw": False }, { "path": "core_main_app/common/js/backtoprevious.js", "is_raw": True }, { "path": "core_main_app/user/js/workspaces/tables.js", "is_raw": True }, { "path": "core_main_app/user/js/workspaces/add_user.js", "is_raw": False, }, { "path": "core_main_app/user/js/workspaces/list/modals/switch_right.js", "is_raw": False, }, { "path": "core_main_app/user/js/workspaces/list/modals/remove_rights.js", "is_raw": False, }, { "path": "core_main_app/user/js/workspaces/add_group.js", "is_raw": False, }, { "path": "core_main_app/user/js/workspaces/init.js", "is_raw": False }, ], } modals = [ "core_main_app/user/workspaces/list/modals/add_user.html", "core_main_app/user/workspaces/list/modals/switch_right.html", "core_main_app/user/workspaces/list/modals/remove_rights.html", "core_main_app/user/workspaces/list/modals/add_group.html", ] return self.common_render(request, self.template, context=context, assets=assets, modals=modals)
""" workspace_id = request.POST.get('workspace_id', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except Exception, exc: return HttpResponseBadRequest(exc.message) try: # We retrieve all groups with no access groups_with_no_access = list( workspace_api.get_list_group_with_no_access_workspace( workspace, request.user)) if len(groups_with_no_access) > 0: group_utils.remove_list_object_from_list(groups_with_no_access, [ group_api.get_anonymous_group(), group_api.get_default_group() ]) if len(groups_with_no_access) == 0: return HttpResponseBadRequest( "There is no groups that can be added.") form = GroupRightForm(groups_with_no_access) except AccessControlError, ace: return HttpResponseBadRequest(ace.message) except DoesNotExist, dne: return HttpResponseBadRequest(dne.message) except: return HttpResponseBadRequest("Something wrong happened.") context = {"add_group_form": form}
def edit_rights(request, workspace_id): """ Load page to edit the rights. Args: request workspace_id Returns: """ try: workspace = workspace_api.get_by_id(workspace_id) except DoesNotExist as e: return HttpResponseBadRequest("The workspace does not exist.") except: return HttpResponseBadRequest("Something wrong happened.") if workspace.owner != str(request.user.id): return HttpResponseForbidden( "Only the workspace owner can edit the rights.") try: # Users users_read_workspace = workspace_api.get_list_user_can_read_workspace( workspace, request.user) users_write_workspace = workspace_api.get_list_user_can_write_workspace( workspace, request.user) users_access_workspace = list( set(users_read_workspace + users_write_workspace)) detailed_users = [] for user in users_access_workspace: detailed_users.append({ 'object_id': user.id, 'object_name': user.username, 'can_read': user in users_read_workspace, 'can_write': user in users_write_workspace, }) except: detailed_users = [] try: # Groups groups_read_workspace = workspace_api.get_list_group_can_read_workspace( workspace, request.user) groups_write_workspace = workspace_api.get_list_group_can_write_workspace( workspace, request.user) groups_access_workspace = list( set(groups_read_workspace + groups_write_workspace)) group_utils.remove_list_object_from_list( groups_access_workspace, [group_api.get_anonymous_group(), group_api.get_default_group()]) detailed_groups = [] for group in groups_access_workspace: detailed_groups.append({ 'object_id': group.id, 'object_name': group.name, 'can_read': group in groups_read_workspace, 'can_write': group in groups_write_workspace, }) except: detailed_groups = [] context = { 'workspace': workspace, 'user_data': detailed_users, 'group_data': detailed_groups, 'template': workspace_constants.EDIT_RIGHTS_TEMPLATE_TABLE, 'action_read': workspace_constants.ACTION_READ, 'action_write': workspace_constants.ACTION_WRITE, 'user': workspace_constants.USER, 'group': workspace_constants.GROUP, } assets = { "css": [ 'core_main_app/libs/datatables/1.10.13/css/jquery.dataTables.css', "core_main_app/libs/fSelect/css/fSelect.css" ], "js": [{ "path": 'core_main_app/libs/datatables/1.10.13/js/jquery.dataTables.js', "is_raw": True }, { "path": "core_main_app/libs/fSelect/js/fSelect.js", "is_raw": False }, { "path": 'core_main_app/common/js/backtoprevious.js', "is_raw": True }] } assets['js'].extend(copy.deepcopy(workspace_constants.JS_TABLES)) assets['js'].extend(copy.deepcopy(workspace_constants.JS_ADD_USER)) assets['css'].extend(copy.deepcopy(workspace_constants.CSS_SWITCH)) assets['js'].extend(copy.deepcopy(workspace_constants.JS_SWITCH_RIGHT)) assets['js'].extend(copy.deepcopy(workspace_constants.JS_REMOVE_RIGHT)) assets['js'].extend(copy.deepcopy(workspace_constants.JS_ADD_GROUP)) assets['js'].extend(copy.deepcopy(workspace_constants.JS_INIT)) modals = [ workspace_constants.MODAL_ADD_USER, workspace_constants.MODAL_SWITCH_RIGHT, workspace_constants.MODAL_REMOVE_RIGHTS, workspace_constants.MODAL_ADD_GROUP ] return render(request, workspace_constants.EDIT_RIGHTS_TEMPLATE, context=context, assets=assets, modals=modals)