def questionnaires(file):
"""Load and save CMS questionnaire data."""
answers = extract_questionnaires_from_excel(file)
click.secho(f"Total Answers: {len(answers)}", fg='green')
for answer in answers:
deposit = None
with db.session.begin_nested():
try:
title = f"Statistics Questionnaire for " \
f"{answer['analysis_context']['cadi_id']}" \
if answer['analysis_context']['cadi_id'] \
else "--"
extracted = remove_none_keys(
_questionnaire_data(answer, title=title))
if title:
extracted["general_title"] = title
deposit = CAPDeposit.create(data=extracted, owner=None)
# give read access to members of CMS experiment
deposit._add_experiment_permissions(
'CMS',
['deposit-read'],
)
# give permission to stat committee
admin_egroups = ["*****@*****.**"]
for role in admin_egroups:
_role = get_existing_or_register_role(role)
deposit._add_egroup_permissions(
_role,
[
'deposit-read',
'deposit-update',
'deposit-admin',
],
db.session,
)
deposit.commit()
click.secho(
f"Success: {answer['_general_info']['serial']} - "
f"{answer['_general_info']['user']}",
fg='green')
click.secho(f"{title}", fg='yellow')
except DepositValidationError as e:
click.secho("---------------")
click.secho(f"Validation Error", fg='red')
for err in e.errors:
click.secho(f"{err.to_dict()}", fg='red')
click.secho("---------------")
pass
except ValidationError:
click.secho("---------------")
click.secho(f"Validation Error", fg='red')
click.secho("---------------")
pass
db.session.commit()
def synchronize_cadi_entries(limit=None):
"""Synchronize CMS analysis with CADI database.
Updates cadi_info in existing analysis.
If analysis with given CADI id doesn't exist yet,
new deposit will be created.
All members of CMS will get a r access and cms-admin egroup rw access.
:params int limit: number of entries to update
"""
def _cadi_deposit(cadi_id, cadi_info):
return {
'$ana_type': 'cms-analysis',
'cadi_info': cadi_info,
'general_title': cadi_info.get('name') or cadi_id,
'_fetched_from': 'cadi',
'_user_edited': False,
'basic_info': {
'cadi_id': cadi_id
}
}
entries = get_all_from_cadi()
cms_admin_group = get_existing_or_register_role('*****@*****.**')
for entry in entries[:limit]:
cadi_info = cadi_serializer.dump(entry).data
cadi_id = cadi_info['cadi_id']
try: # update if cadi deposit already exists
deposit = get_deposit_by_cadi_id(cadi_id)
if deposit.get('cadi_info') == cadi_info:
print('No changes in cadi entry {}.'.format(cadi_id))
else:
deposit['cadi_info'] = cadi_info
deposit.commit()
db.session.commit()
print('Cadi entry {} updated.'.format(cadi_id))
except DepositDoesNotExist:
deposit = CAPDeposit.create(data=_cadi_deposit(cadi_id, cadi_info),
owner=None)
deposit._add_experiment_permissions('CMS', ['deposit-read'])
deposit._add_egroup_permissions(
cms_admin_group,
['deposit-read', 'deposit-update', 'deposit-admin'],
db.session) # noqa
deposit.commit()
db.session.commit()
print('Cadi entry {} added.'.format(cadi_id))
def _get_admin_egroups(wg):
roles = []
for egroup in (
current_app.config['CMS_COORDINATORS_EGROUP'],
current_app.config['CMS_ADMIN_EGROUP'],
current_app.config['CMS_CONVENERS_EGROUP'].format(wg=wg),
):
try:
roles.append(get_existing_or_register_role(egroup))
except DoesNotExistInLDAP:
current_app.logger.info(f'Couldnt find {egroup} in LDAP.')
return roles
def create_deposit_with_permissions(data, roles, users, owner, ana, errors):
"""Create a deposit and add privileges and owner information."""
from cap.modules.deposit.api import CAPDeposit
# make sure the schema is valid first
if not check_and_update_data_with_schema(data, ana):
return
with db.session.begin_nested():
try:
# saving original to return to user if wrong
_data = copy.deepcopy(data)
owner = get_existing_or_register_user(owner) if owner else None
deposit = CAPDeposit.create(data=data, owner=owner)
# add roles and users
if roles:
for role in roles:
_role = get_existing_or_register_role(role.strip())
deposit._add_egroup_permissions(_role, ['deposit-read'],
db.session)
if users:
for user in users:
_user = get_existing_or_register_user(user.strip())
deposit._add_user_permissions(_user, ['deposit-read'],
db.session)
deposit.commit()
except ValidationError as err:
click.secho(f'Validation Error: {err.message}', fg='red')
errors.append(_data)
return
db.session.commit()
click.secho(f"Created deposit with id: {deposit['_deposit']['id']}",
fg='green') # noqa
def edit_permissions(self, data):
"""Edit deposit permissions.
We expect an array of objects:
[{
"email": "",
"type": "user|egroup",
"op": "add|remove",
"action": "deposit-read|deposit-update|deposit-admin"
}]
"""
with db.session.begin_nested():
for obj in data:
if obj['type'] == 'user':
try:
user = get_existing_or_register_user(obj['email'])
except DoesNotExistInLDAP:
raise UpdateDepositPermissionsError(
'User with this mail does not exist in LDAP.')
if obj['op'] == 'add':
try:
self._add_user_permissions(user, [obj['action']],
db.session)
except IntegrityError:
raise UpdateDepositPermissionsError(
'Permission already exist.')
elif obj['op'] == 'remove':
try:
self._remove_user_permissions(
user, [obj['action']], db.session)
except NoResultFound:
raise UpdateDepositPermissionsError(
'Permission does not exist.')
elif obj['type'] == 'egroup':
try:
role = get_existing_or_register_role(obj['email'])
except DoesNotExistInLDAP:
raise UpdateDepositPermissionsError(
'Egroup with this mail does not exist in LDAP.')
if obj['op'] == 'add':
try:
self._add_egroup_permissions(
role, [obj['action']], db.session)
except IntegrityError:
raise UpdateDepositPermissionsError(
'Permission already exist.')
elif obj['op'] == 'remove':
try:
self._remove_egroup_permissions(
role, [obj['action']], db.session)
except NoResultFound:
raise UpdateDepositPermissionsError(
'Permission does not exist.')
self.commit()
return self
def edit_permissions(self, data):
"""Edit deposit permissions.
We expect an array of objects:
[{
"email": "",
"type": "user|egroup",
"op": "add|remove",
"action": "deposit-read|deposit-update|deposit-admin"
}]
"""
with db.session.begin_nested():
for obj in data:
if obj['type'] == 'user':
try:
user = get_existing_or_register_user(obj['email'])
except DoesNotExistInLDAP:
raise UpdateDepositPermissionsError(
'User with this mail does not exist in LDAP.')
if obj['op'] == 'add':
try:
self._add_user_permissions(user,
[obj['action']],
db.session)
except IntegrityError:
raise UpdateDepositPermissionsError(
'Permission already exist.')
elif obj['op'] == 'remove':
try:
self._remove_user_permissions(user,
[obj['action']],
db.session)
except NoResultFound:
raise UpdateDepositPermissionsError(
'Permission does not exist.')
elif obj['type'] == 'egroup':
try:
role = get_existing_or_register_role(obj['email'])
except DoesNotExistInLDAP:
raise UpdateDepositPermissionsError(
'Egroup with this mail does not exist in LDAP.')
if obj['op'] == 'add':
try:
self._add_egroup_permissions(role,
[obj['action']],
db.session)
except IntegrityError:
raise UpdateDepositPermissionsError(
'Permission already exist.')
elif obj['op'] == 'remove':
try:
self._remove_egroup_permissions(role,
[obj['action']],
db.session)
except NoResultFound:
raise UpdateDepositPermissionsError(
'Permission does not exist.')
self.commit()
return self