def migrate_mirrors(apps, schema_editor): from corehq.apps.enterprise.models import EnterprisePermissions DomainPermissionsMirror = apps.get_model('users', 'DomainPermissionsMirror') sources = {o.source for o in DomainPermissionsMirror.objects.all()} for source in sources: account = BillingAccount.get_account_by_domain(source) account_domains = set(account.get_domains()) mirror_domains = { o.mirror for o in DomainPermissionsMirror.objects.filter(source=source) } if EnterprisePermissions.objects.filter(account=account).exists(): print(f""" Found a pre-existing enterprise permissions configuration for account {account.id}. Enterprise permissions no longer supports multiple configurations in the same account. Please delete one of the DomainPermissionsMirror source domains in this account. """) sys.exit(1) EnterprisePermissions( account=account, is_enabled=True, source_domain=source, domains=list(account_domains & mirror_domains - {source}), ).save()
def domain(domain, allow_enterprise=False): domain_list = [domain] if allow_enterprise: from corehq.apps.enterprise.models import EnterprisePermissions config = EnterprisePermissions.get_by_domain(domain) if config.is_enabled and domain in config.domains: domain_list.append(config.source_domain) return domains(domain_list)
def disable_enterprise_permissions(request, domain): config = EnterprisePermissions.get_by_domain(domain) config.is_enabled = False config.source_domain = None config.save() clear_enterprise_permissions_cache_for_all_users.delay(config.id) redirect = reverse("enterprise_permissions", args=[domain]) messages.success(request, _('Enterprise permissions have been disabled.')) return HttpResponseRedirect(redirect)
def get_enterprise_links_for_dropdown(couch_user, view_name="domain_homepage"): # Returns dicts with keys 'name', 'display_name', and 'url' from corehq.apps.enterprise.models import EnterprisePermissions domain_links_by_name = { d['name']: d for d in get_domain_links_for_dropdown(couch_user) } subdomain_objects_by_name = {} for domain_name in domain_links_by_name: for subdomain in EnterprisePermissions.get_domains(domain_name): if subdomain not in domain_links_by_name: subdomain_objects_by_name[subdomain] = Domain.get_by_name( subdomain) return _domains_to_links(subdomain_objects_by_name.values(), view_name)
def _get_relevant_domains(cls, couch_user, domain=None): domains = set() # Include current domain, which user may not be a member of if domain: domains.add(domain) if not couch_user: return domains domains = domains | set(couch_user.get_domains()) from corehq.apps.enterprise.models import EnterprisePermissions subdomains = set() for domain in domains: subdomains = subdomains | set( EnterprisePermissions.get_domains(domain)) return domains | subdomains
def remove_enterprise_permissions_domain(request, domain, target_domain): config = EnterprisePermissions.get_by_domain(domain) redirect = reverse("enterprise_permissions", args=[domain]) if target_domain not in config.account.get_domains( ) or target_domain not in config.domains: messages.error(request, _("Could not remove {}.").format(target_domain)) return HttpResponseRedirect(redirect) if target_domain in config.domains: config.domains.remove(target_domain) config.save() if config.source_domain: clear_enterprise_permissions_cache_for_all_users.delay( config.id, config.source_domain) messages.success( request, _('{} is now excluded from enterprise permissions.').format( target_domain)) return HttpResponseRedirect(redirect)
def enterprise_permissions(request, domain): config = EnterprisePermissions.get_by_domain(domain) if not config.id: config.save() all_domains = set(config.account.get_domains()) ignored_domains = all_domains - set( config.domains) - {config.source_domain} context = { 'domain': domain, 'all_domains': sorted(all_domains), 'is_enabled': config.is_enabled, 'source_domain': config.source_domain, 'ignored_domains': sorted(list(ignored_domains)), 'controlled_domains': sorted(config.domains), 'current_page': { 'page_name': _('Enterprise Permissions'), 'title': _('Enterprise Permissions'), } } return render(request, "enterprise/enterprise_permissions.html", context)
def do_import(spreadsheet, config, domain, task=None, record_form_callback=None): has_domain_column = 'domain' in [ c.lower() for c in spreadsheet.get_header_columns() ] if has_domain_column and DOMAIN_PERMISSIONS_MIRROR.enabled(domain): allowed_domains = EnterprisePermissions.get_domains(domain) sub_domains = set() import_results = _ImportResults() for row_num, row in enumerate(spreadsheet.iter_row_dicts(), start=1): if row_num == 1: continue # skip first row (header row) sheet_domain = row.get('domain') if sheet_domain != domain and sheet_domain not in allowed_domains: err = exceptions.CaseRowError(column_name='domain') err.title = _('Invalid domain') err.message = _( 'Following rows contain invalid value for domain column.') import_results.add_error(row_num, err) else: sub_domains.add(sheet_domain) for sub_domain in sub_domains: importer = _TimedAndThrottledImporter(sub_domain, config, task, record_form_callback, import_results, multi_domain=True) importer.do_import(spreadsheet) return import_results.to_json() else: importer = _TimedAndThrottledImporter(domain, config, task, record_form_callback, multi_domain=False) return importer.do_import(spreadsheet)
def create_enterprise_permissions(email, source_domain, domains=None, other_domains=None): """ Creates an account using the given email address and sets up enterprise permissions with the given source domain. Both `domains` and `other_domains` are added to the new account, but only `domains` are controlled by enterprise permissions. All given domains must exist. """ account = generator.billing_account(email, email, is_customer_account=True) plan_version = generator.subscribable_plan_version( edition=SoftwarePlanEdition.ENTERPRISE) start_date = datetime.now().date() end_date = start_date + timedelta(days=365) subscriptions = [] all_domains = [source_domain] if domains: all_domains.extend(domains) if other_domains: all_domains.extend(other_domains) for domain in all_domains: subscriptions.append( generator.generate_domain_subscription( account, Domain.get_by_name(domain), date_start=start_date, date_end=end_date, plan_version=plan_version, is_active=True, )) EnterprisePermissions( account=account, is_enabled=True, source_domain=source_domain, domains=domains, ).save()
def update_enterprise_permissions_source_domain(request, domain): source_domain = request.POST.get('source_domain') redirect = reverse("enterprise_permissions", args=[domain]) config = EnterprisePermissions.get_by_domain(domain) if source_domain not in config.account.get_domains(): messages.error(request, _("Please select a project.")) return HttpResponseRedirect(redirect) config.is_enabled = True old_domain = config.source_domain config.source_domain = source_domain if source_domain in config.domains: config.domains.remove(source_domain) config.save() clear_enterprise_permissions_cache_for_all_users.delay( config.id, config.source_domain) clear_enterprise_permissions_cache_for_all_users.delay( config.id, old_domain) messages.success(request, _('Controlling domain set to {}.').format(source_domain)) return HttpResponseRedirect(redirect)
def _base_user_es_query(cls, domain, request_user): if not request_user.has_permission(domain, 'access_all_locations'): return super()._base_user_es_query(domain, request_user) domains = list(set(EnterprisePermissions.get_domains(domain)) | {domain}) return user_es.UserES().domains(domains)
def __init__(self, request, domain, search): super().__init__(request, domain, search, False) # this will include all domains in the enterprise only if the current domain # is the 'source' self.enterprise_domains = list( set(EnterprisePermissions.get_domains(domain)) | {domain})
def post(self, request, *args, **kwargs): try: data = json.loads(request.body.decode('utf-8')) except ValueError: return HttpResponseBadRequest() if not data or not isinstance(data, dict): return HttpResponseBadRequest() session_id = data.get('sessionId', None) if not session_id: return HttpResponseBadRequest() session = get_session(session_id) user = get_django_user_from_session(session) if user: couch_user = CouchUser.get_by_username(user.username) if not couch_user: raise Http404 else: raise Http404 domain = data.get('domain') if domain and toggles.DISABLE_WEB_APPS.enabled(domain): return HttpResponse('Service Temporarily Unavailable', content_type='text/plain', status=503) # reset the session's expiry if there's some formplayer activity secure_session = session.get('secure_session') TimeoutMiddleware.update_secure_session(session, secure_session, couch_user, domain=domain) session.save() domains = set() for member_domain in couch_user.domains: domains.add(member_domain) domains.update(EnterprisePermissions.get_domains(member_domain)) enabled_toggles = toggles_enabled_for_user( user.username) | toggles_enabled_for_domain(domain) return JsonResponse({ 'username': user.username, 'djangoUserId': user.pk, 'superUser': user.is_superuser, 'authToken': None, 'domains': list(domains), 'anonymous': False, 'enabled_toggles': list(enabled_toggles), 'enabled_previews': list(previews_enabled_for_domain(domain)) })
def validate_spec(self, spec): target_domain = spec.get('domain') if target_domain and target_domain != self.domain: if target_domain not in EnterprisePermissions.get_domains( self.domain): return self.error_message.format(target_domain, self.domain)