def create_response(self, request, data, response_class=HttpResponse, **response_kwargs): """ Extracts the common "which-format/serialize/return-response" cycle. Mostly a useful shortcut/hook. """ desired_format = self.determine_format(request) if response_class == http.HttpCreated: email = data.data["email"] if email.endswith("ox.ac.uk"): #send via webauth raise BadRequest("We do not yet support inviting users at Oxford to projects. This feature will come soon.") else: UserObj = get_user_model() new_user, created = UserObj.objects.get_or_create(email=email, username=email) logger.info(data.data) for perm in data.data["projects_selected"]: p = Project.objects.get(id=perm["id"]) p.make_viewer(new_user) p.save() data.data["message"] = "Invite sent successfully to %s, would you like to invite anyone else?" % email email_template_name = 'cbh_core_ws/email_new_user.html' subject_template_name = 'cbh_core_ws/subject_new_user.html' if not created: projects_with_reader_access = viewer_projects(new_user) all_projects_equal = True all_selected_ids = set([new_proj["id"] for new_proj in data.data["projects_selected"]]) new_ids = all_selected_ids - set(projects_with_reader_access) if(len(new_ids) > 0): email_template_name = 'cbh_core_ws/email_project_access_changed.html' subject_template_name = 'cbh_core_ws/subject_project_access_changed.html' all_projects_equal = False data.data["message"] = "Existing user %s invited to new projects, would you like to invite anyone else?" % email else: if not data.data.get("remind", False): raise ImmediateHttpResponse(http.HttpConflict('{"error": "User already exists, do you wish to invite again?"}')) if new_user.has_usable_password(): email_template_name = 'cbh_core_ws/email_reminder.html' subject_template_name = 'cbh_core_ws/subject_reminder.html' data.data["message"] = "Sign-up reminder sent to %s, would you like to invite anyone else?" % email else: email_template_name = 'cbh_core_ws/email_reminder_already_logged_on.html' subject_template_name = 'cbh_core_ws/subject_reminder.html' data.data["message"] = "User %s reminded to look at these projects, would you like to invite anyone else?" % email form = self.get_form( email, new_user, data, created, request, email_template_name, subject_template_name) serialized = self.serialize(request, data, desired_format) rc = response_class(content=serialized, content_type=build_content_type( desired_format), **response_kwargs) return rc
def read_detail(self, object_list, bundle): self.login_checks(bundle.request, bundle.obj.__class__) pids = viewer_projects(bundle.request.user) allowed = False if bundle.obj.data_point_classification.l0_permitted_projects.count() == 0: raise BadRequest("You must specify at least one project") for projbundle in bundle.obj.data_point_classification.l0_permitted_projects.all(): # If any one project is not allowed to be edited then unauthorized if projbundle.id in pids: allowed = True else: allowed = False break if allowed: return True raise Unauthorized("not authorized for project")
def project_ids(self, request, ): pids = viewer_projects(request.user) return pids