def get_workspaces_with_write_access(request): """ Get all workspaces with write access Args: request: HTTP request Returns: - code: 200 content: list of workspace - code: 500 content: Internal server error """ return _list_of_workspaces_to_response( workspace_api.get_all_workspaces_with_write_access_by_user( request.user))
def _check_can_write_in_workspace(workspace, user): """Check that user can write in the workspace. Args: workspace: user: Returns: """ accessible_workspaces = workspace_api.get_all_workspaces_with_write_access_by_user( user ) if workspace not in accessible_workspaces: raise AccessControlError( "The user does not have the permission to write into this workspace." )
def __init__(self, user, list_current_workspace=[], is_administration=False, show_global_workspace=False): self.WORKSPACES_OPTIONS = [] self.WORKSPACES_OPTIONS.append(('', '-----------')) # We retrieve all workspaces with write access, or all workspaces if administration if is_administration: all_workspaces = workspace_api.get_all() else: all_workspaces = list( workspace_api.get_all_workspaces_with_write_access_by_user( user)) if show_global_workspace: workspace_global = workspace_api.get_global_workspace() if workspace_global not in all_workspaces: all_workspaces.append(workspace_global) if len(all_workspaces) == 0: raise DoesNotExist( "You don't have access to any workspaces with sufficient rights to assign a " + get_data_label() + ".") # We sort by title, case insensitive sort_workspaces = sorted(all_workspaces, key=lambda s: s.title.lower()) # We add them for workspace in sort_workspaces: is_workspace_global = workspace_api.is_workspace_global(workspace) if (list_current_workspace == [] or\ (len(list_current_workspace) > 0 and workspace not in list_current_workspace)) \ and ((show_global_workspace and is_workspace_global) or not is_workspace_global): self.WORKSPACES_OPTIONS.append( (workspace.id, workspace.title + " (" + ("GLOBAL" if is_workspace_global else user_api.get_user_by_id(workspace.owner).username) + ")")) super(ChangeWorkspaceForm, self).__init__() self.fields['workspaces'].choices = [] self.fields['workspaces'].choices = self.WORKSPACES_OPTIONS
def check_can_write_data(data, user): """ Check that the user can write a data. Args: data: user: Returns: """ if data.user_id != str(user.id): if hasattr(data, 'workspace') and data.workspace is not None: # get list of accessible workspaces accessible_workspaces = workspace_api.get_all_workspaces_with_write_access_by_user(user) # check that accessed data belongs to an accessible workspace if data.workspace not in accessible_workspaces: raise AccessControlError("The user doesn't have enough rights to access this data.") # workspace is not set else: raise AccessControlError("The user doesn't have enough rights to access this data.")
def get_all_accessible_by_user(user): """ Return all data accessible by a user. Parameters: user: Returns: data collection """ read_workspaces = workspace_api.get_all_workspaces_with_read_access_by_user( user) write_workspaces = workspace_api.get_all_workspaces_with_write_access_by_user( user) user_accessible_workspaces = list(set().union(read_workspaces, write_workspaces)) accessible_data = Data.get_all_by_list_workspace( user_accessible_workspaces) owned_data = get_all_by_user(user) return list(set().union(owned_data, accessible_data))
def _check_can_read_or_write_in_workspace(workspace, user): """Check that user can read or write in the workspace. Args: workspace: user: Returns: """ accessible_write_workspaces = ( workspace_api.get_all_workspaces_with_write_access_by_user(user) ) accessible_read_workspaces = ( workspace_api.get_all_workspaces_with_read_access_by_user(user) ) if workspace not in list(accessible_write_workspaces) + list( accessible_read_workspaces ): raise AccessControlError( "The user does not have the permission to read or write into this workspace." )
def get(self, request, *args, **kwargs): """ Method GET Args: request: args: kwargs: Returns: """ if self.administration: user_workspaces = workspace_api.get_all() else: # Get the workspace the user can read user_workspace_read = list( workspace_api.get_all_workspaces_with_read_access_by_user( request.user)) # Get the workspace the user can write user_workspace_write = list( workspace_api.get_all_workspaces_with_write_access_by_user( request.user)) # Get the merged list without doublons user_workspaces = user_workspace_read + list( set(user_workspace_write) - set(user_workspace_read)) detailed_user_workspaces = [] for user_workspace in user_workspaces: detailed_user_workspaces.append({ 'user': user_api.get_user_by_id(user_workspace.owner).username if not workspace_api.is_workspace_global(user_workspace) else "GLOBAL", 'is_owner': self.administration or user_workspace.owner == str(request.user.id), 'name': user_workspace.title, 'workspace': user_workspace, 'can_read': self.administration or user_workspace in user_workspace_read, 'can_write': self.administration or user_workspace in user_workspace_write, 'is_public': workspace_api.is_workspace_public(user_workspace), 'is_global': workspace_api.is_workspace_global(user_workspace) }) context = { 'number_total': len(user_workspaces), 'workspace_form': WorkspaceForm(), 'user_data': detailed_user_workspaces, 'document': dashboard_constants.FUNCTIONAL_OBJECT_ENUM.WORKSPACE, 'template': dashboard_constants.DASHBOARD_WORKSPACES_TEMPLATE_TABLE, 'create_workspace': not self.administration, 'can_set_public': settings.CAN_SET_WORKSPACE_PUBLIC } modals = [dashboard_constants.MODALS_COMMON_DELETE] assets = { "css": copy.deepcopy(dashboard_constants.CSS_COMMON), "js": [ { "path": dashboard_constants.JS_USER_SELECTED_ELEMENT, "is_raw": True }, { "path": dashboard_constants.JS_COMMON_FUNCTION_DELETE, "is_raw": False }, { "path": 'core_dashboard_common_app/user/js/init.raw.js', "is_raw": True }, ] } if not self.administration: modals.append( "core_main_app/user/workspaces/list/create_workspace.html") assets['js'].append({ "path": 'core_main_app/user/js/workspaces/create_workspace.js', "is_raw": False }) if settings.CAN_SET_WORKSPACE_PUBLIC: modals.append( "core_main_app/user/workspaces/list/modals/set_public.html") assets['js'].append({ "path": 'core_main_app/user/js/workspaces/list/modals/set_public.js', "is_raw": False }) modals.append( "core_main_app/user/workspaces/list/modals/set_private.html") assets['js'].append({ "path": 'core_main_app/user/js/workspaces/list/modals/set_private.js', "is_raw": False }) return self.common_render(request, self.template, context=context, assets=assets, modals=modals)
def get(self, request, *args, **kwargs): """Method GET Args: request: args: kwargs: Returns: """ if self.administration: user_workspaces = workspace_api.get_all() user_workspaces_count = user_workspaces.count() else: # Get the workspace the user can read user_workspace_read = list( workspace_api.get_all_workspaces_with_read_access_by_user(request.user) ) # Get the workspace the user can write user_workspace_write = list( workspace_api.get_all_workspaces_with_write_access_by_user(request.user) ) # Get the merged list without doublons user_workspaces = user_workspace_read + list( set(user_workspace_write) - set(user_workspace_read) ) user_workspaces_count = len(user_workspaces) detailed_user_workspaces = [] for user_workspace in user_workspaces: try: username = ( user_api.get_user_by_id(user_workspace.owner).username if not workspace_api.is_workspace_global(user_workspace) else "GLOBAL" ) except ObjectDoesNotExist: username = "******" detailed_user_workspaces.append( { "user": username, "is_owner": self.administration or user_workspace.owner == str(request.user.id), "name": user_workspace.title, "workspace": user_workspace, "can_read": self.administration or user_workspace in user_workspace_read, "can_write": self.administration or user_workspace in user_workspace_write, "is_public": workspace_api.is_workspace_public(user_workspace), "is_global": workspace_api.is_workspace_global(user_workspace), } ) context = { "number_total": user_workspaces_count, "workspace_form": WorkspaceForm(), "user_data": detailed_user_workspaces, "document": dashboard_constants.FUNCTIONAL_OBJECT_ENUM.WORKSPACE.value, "template": dashboard_constants.DASHBOARD_WORKSPACES_TEMPLATE_TABLE, "create_workspace": not self.administration, "can_set_public": settings.CAN_SET_WORKSPACE_PUBLIC, } modals = [dashboard_constants.MODALS_COMMON_DELETE] assets = { "css": copy.deepcopy(dashboard_constants.CSS_COMMON), "js": [ {"path": dashboard_constants.JS_USER_SELECTED_ELEMENT, "is_raw": True}, { "path": dashboard_constants.JS_COMMON_FUNCTION_DELETE, "is_raw": False, }, { "path": "core_dashboard_common_app/user/js/init.raw.js", "is_raw": True, }, ], } if not self.administration: modals.append("core_main_app/user/workspaces/list/create_workspace.html") assets["js"].append( { "path": "core_main_app/user/js/workspaces/create_workspace.js", "is_raw": False, } ) if settings.CAN_SET_WORKSPACE_PUBLIC: modals.append("core_main_app/user/workspaces/list/modals/set_public.html") assets["js"].append( { "path": "core_main_app/user/js/workspaces/list/modals/set_public.js", "is_raw": False, } ) modals.append("core_main_app/user/workspaces/list/modals/set_private.html") assets["js"].append( { "path": "core_main_app/user/js/workspaces/list/modals/set_private.js", "is_raw": False, } ) return self.common_render( request, self.template, context=context, assets=assets, modals=modals )