def test_has_management_permission_explicit_fail(): p = EventPrincipal(permissions=['foo']) # no permission specified with pytest.raises(ValueError): p.has_management_permission(explicit=True) with pytest.raises(ValueError): EventPrincipal.has_management_permission(explicit=True)
def test_has_management_permission_explicit(explicit): p = EventPrincipal(full_access=True, permissions=['foo']) assert p.has_management_permission('foo', explicit=explicit) assert p.has_management_permission('ANY', explicit=explicit) assert p.has_management_permission('bar', explicit=explicit) == (not explicit) assert (EventPrincipal(full_access=True, permissions=[]).has_management_permission('ANY', explicit=explicit) == (not explicit))
def _merge_users(target, source, **kwargs): from indico.modules.events.models.persons import EventPerson from indico.modules.events.models.principals import EventPrincipal EventPerson.merge_users(target, source) EventPrincipal.merge_users(target, source, 'event') target.event_roles |= source.event_roles source.event_roles.clear()
def test_has_management_role_explicit(explicit): p = EventPrincipal(full_access=True, roles=['foo']) assert p.has_management_role('foo', explicit=explicit) assert p.has_management_role('ANY', explicit=explicit) assert p.has_management_role('bar', explicit=explicit) == (not explicit) assert EventPrincipal(full_access=True, roles=[]).has_management_role( 'ANY', explicit=explicit) == (not explicit)
def test_merge_privs(): p = EventPrincipal(read_access=True, permissions={'foo', 'bar'}) p.merge_privs( EventPrincipal(permissions={'bar', 'foobar'}, full_access=True)) assert p.read_access assert p.full_access assert set(p.permissions) == {'foo', 'bar', 'foobar'}
def process_principal(self, event, principals, legacy_principal, name, color, full_access=None, roles=None): if isinstance(legacy_principal, basestring): user = self.all_users_by_email.get(legacy_principal) principal = user or EmailPrincipal(legacy_principal) else: principal = self.convert_principal(legacy_principal) if principal is None: self.print_warning( cformat("%%{%s}{}%%{reset}%%{yellow} does not exist:%%{reset} {}" % color).format( name, legacy_principal ), event_id=event.id, ) return try: entry = principals[principal] except KeyError: entry = EventPrincipal(event_id=event.id, principal=principal, full_access=False, roles=[]) principals[principal] = entry if full_access: entry.full_access = True if roles: entry.roles = sorted(set(entry.roles) | set(roles)) if not self.quiet: self.print_msg(cformat(" - %%{%s}[{}]%%{reset} {}" % color).format(name.lower(), principal)) return principal
def _merge_users(target, source, **kwargs): from indico.modules.events.models.persons import EventPerson from indico.modules.events.models.principals import EventPrincipal EventPerson.merge_users(target, source) EventPrincipal.merge_users(target, source, 'event') target.event_roles |= source.event_roles source.event_roles.clear()
def _associate_users_by_email(self, event): # link objects to users by email where possible # event principals emails = [p.email for p in EventPrincipal.query.with_parent(event).filter_by(type=PrincipalType.email)] for user in User.query.filter(~User.is_deleted, User.all_emails.in_(emails)): EventPrincipal.replace_email_with_user(user, 'event') # session principals query = (SessionPrincipal.query .filter(SessionPrincipal.session.has(Session.event == event), SessionPrincipal.type == PrincipalType.email)) emails = [p.email for p in query] for user in User.query.filter(~User.is_deleted, User.all_emails.in_(emails)): SessionPrincipal.replace_email_with_user(user, 'session') # contribution principals query = (ContributionPrincipal.query .filter(ContributionPrincipal.contribution.has(Contribution.event == event), ContributionPrincipal.type == PrincipalType.email)) emails = [p.email for p in query] for user in User.query.filter(~User.is_deleted, User.all_emails.in_(emails)): ContributionPrincipal.replace_email_with_user(user, 'contribution') # event persons query = EventPerson.query.with_parent(event).filter(EventPerson.user_id.is_(None), EventPerson.email != '') for person in query: person.user = get_user_by_email(person.email) # registrations for registration in Registration.query.with_parent(event).filter(Registration.user_id.is_(None)): registration.user = get_user_by_email(registration.email)
def test_has_management_permission_explicit(explicit): p = EventPrincipal(full_access=True, permissions=['foo']) assert p.has_management_permission('foo', explicit=explicit) assert p.has_management_permission('ANY', explicit=explicit) assert p.has_management_permission('bar', explicit=explicit) == (not explicit) assert (EventPrincipal(full_access=True, permissions=[]).has_management_permission('ANY', explicit=explicit) == (not explicit))
def _process(self): event_principal_query = (EventPrincipal.query.with_parent(self.event) .filter(EventPrincipal.type == PrincipalType.email, EventPrincipal.has_management_role('submit'))) contrib_principal_query = (ContributionPrincipal.find(Contribution.event == self.event, ContributionPrincipal.type == PrincipalType.email, ContributionPrincipal.has_management_role('submit')) .join(Contribution) .options(contains_eager('contribution'))) session_principal_query = (SessionPrincipal.find(Session.event == self.event, SessionPrincipal.type == PrincipalType.email, SessionPrincipal.has_management_role()) .join(Session).options(joinedload('session').joinedload('acl_entries'))) persons = self.get_persons() person_list = sorted(persons.viewvalues(), key=lambda x: x['person'].display_full_name.lower()) num_no_account = 0 for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query): if principal.email not in persons: continue if not persons[principal.email].get('no_account'): persons[principal.email]['roles']['no_account'] = True num_no_account += 1 return WPManagePersons.render_template('management/person_list.html', self.event, persons=person_list, num_no_account=num_no_account)
def _process(self): event_principal_query = (EventPrincipal.query.with_parent(self.event) .filter(EventPrincipal.type == PrincipalType.email, EventPrincipal.has_management_permission('submit'))) contrib_principal_query = (ContributionPrincipal.find(Contribution.event == self.event, ContributionPrincipal.type == PrincipalType.email, ContributionPrincipal.has_management_permission('submit')) .join(Contribution) .options(contains_eager('contribution'))) session_principal_query = (SessionPrincipal.find(Session.event == self.event, SessionPrincipal.type == PrincipalType.email, SessionPrincipal.has_management_permission()) .join(Session).options(joinedload('session').joinedload('acl_entries'))) persons = self.get_persons() person_list = sorted(persons.values(), key=lambda x: x['person'].display_full_name.lower()) num_no_account = 0 for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query): if principal.email not in persons: continue if not persons[principal.email].get('no_account'): persons[principal.email]['roles']['no_account'] = True num_no_account += 1 custom_roles = {f'custom_{r.id}': {'name': r.name, 'code': r.code, 'color': r.color} for r in self.event.roles} return WPManagePersons.render_template('management/person_list.html', self.event, persons=person_list, num_no_account=num_no_account, builtin_roles=BUILTIN_ROLES, custom_roles=custom_roles)
def test_convert_email_principals_merge(db, create_event, create_user): event = create_event() user = create_user(123, email='*****@*****.**') principal = EmailPrincipal('*****@*****.**') entry1 = event.update_principal(user, full_access=True, roles={'foo', 'foobar'}) entry2 = event.update_principal(principal, read_access=True, roles={'foo', 'bar'}) # different emails for now -> nothing updated assert not EventPrincipal.replace_email_with_user(user, 'event_new') assert set(event.acl_entries) == {entry1, entry2} user.secondary_emails.add(principal.email) assert EventPrincipal.replace_email_with_user(user, 'event_new') == {event} assert len(event.acl_entries) == 1 entry = list(event.acl_entries)[0] assert entry.full_access assert entry.read_access assert set(entry.roles) == {'foo', 'bar', 'foobar'}
def _process(self): event_principal_query = (EventPrincipal.query.with_parent(self.event_new) .filter(EventPrincipal.type == PrincipalType.email, EventPrincipal.has_management_role('submit'))) contrib_principal_query = (ContributionPrincipal.find(Contribution.event_new == self.event_new, ContributionPrincipal.type == PrincipalType.email, ContributionPrincipal.has_management_role('submit')) .join(Contribution) .options(contains_eager('contribution'))) session_principal_query = (SessionPrincipal.find(Session.event_new == self.event_new, SessionPrincipal.type == PrincipalType.email, SessionPrincipal.has_management_role()) .join(Session).options(joinedload('session').joinedload('acl_entries'))) persons = self.get_persons() person_list = sorted(persons.viewvalues(), key=lambda x: x['person'].get_full_name(last_name_first=True).lower()) num_no_account = 0 for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query): if principal.email not in persons: continue if not persons[principal.email].get('no_account'): persons[principal.email]['roles']['no_account'] = True num_no_account += 1 return WPManagePersons.render_template('management/person_list.html', self._conf, event=self.event_new, persons=person_list, num_no_account=num_no_account)
def _convert_email_principals(user, **kwargs): from indico.modules.events.models.principals import EventPrincipal events = EventPrincipal.replace_email_with_user(user, 'event') if events: num = len(events) flash(ngettext("You have been granted manager/submission privileges for an event.", "You have been granted manager/submission privileges for {} events.", num).format(num), 'info')
def _convert_email_principals(user, **kwargs): from indico.modules.events.models.principals import EventPrincipal events = EventPrincipal.replace_email_with_user(user, 'event') if events: num = len(events) flash(ngettext("You have been granted manager/submission privileges for an event.", "You have been granted manager/submission privileges for {} events.", num).format(num), 'info')
def get_events_with_paper_roles(user, dt=None): """ Get the IDs and PR roles of events where the user has any kind of paper reviewing privileges. :param user: A `User` :param dt: Only include events taking place on/after that date :return: A dict mapping event IDs to a set of roles """ paper_permissions = { 'paper_manager', 'paper_judge', 'paper_content_reviewer', 'paper_layout_reviewer' } role_criteria = [ EventPrincipal.has_management_permission(permission, explicit=True) for permission in paper_permissions ] query = (user.in_event_acls.join(Event).options( noload('user'), noload('local_group'), load_only('event_id', 'permissions')).filter(~Event.is_deleted, Event.ends_after(dt)).filter( db.or_(*role_criteria))) return { principal.event_id: set(principal.permissions) & paper_permissions for principal in query }
def test_convert_email_principals(db, create_event, create_user, dummy_user): event = create_event() user = create_user(123, email='*****@*****.**') principal = EmailPrincipal('*****@*****.**') other_entry = event.update_principal(dummy_user, full_access=True, roles={'foo', 'foobar'}) entry = event.update_principal(principal, read_access=True, roles={'foo', 'bar'}) other_entry_data = other_entry.current_data entry_data = entry.current_data # different emails for now -> nothing updated assert not EventPrincipal.replace_email_with_user(user, 'event_new') assert set(event.acl_entries) == {entry, other_entry} user.secondary_emails.add(principal.email) assert EventPrincipal.replace_email_with_user(user, 'event_new') == {event} assert set(event.acl_entries) == {entry, other_entry} assert all(x.type == PrincipalType.user for x in event.acl_entries) db.session.expire(other_entry) db.session.expire(entry) assert entry.current_data == entry_data assert other_entry.current_data == other_entry_data
def get_events_managed_by(user, dt=None): """Gets the IDs of events where the user has management privs. :param user: A `User` :param dt: Only include events taking place on/after that date :return: A set of event ids """ query = (user.in_event_acls.join(Event).options( noload('user'), noload('local_group'), load_only('event_id')).filter( ~Event.is_deleted, Event.ends_after(dt)).filter( EventPrincipal.has_management_role('ANY'))) return {principal.event_id for principal in query}
def test_has_management_role_explicit_fail(): p = EventPrincipal(roles=['foo']) # no role specified with pytest.raises(ValueError): p.has_management_role(explicit=True) with pytest.raises(ValueError): EventPrincipal.has_management_role(explicit=True)
def test_has_management_permission_explicit_fail(): p = EventPrincipal(permissions=['foo']) # no permission specified with pytest.raises(ValueError): p.has_management_permission(explicit=True) with pytest.raises(ValueError): EventPrincipal.has_management_permission(explicit=True)
def process_principal(self, event, principals, legacy_principal, name, color, full_access=None, roles=None): if isinstance(legacy_principal, basestring): user = self.all_users_by_email.get(legacy_principal) principal = user or EmailPrincipal(legacy_principal) else: principal = self.convert_principal(legacy_principal) if principal is None: self.print_warning(cformat('%%{%s}{}%%{reset}%%{yellow} does not exist:%%{reset} {}' % color) .format(name, legacy_principal), event_id=event.id) return try: entry = principals[principal] except KeyError: entry = EventPrincipal(event_id=event.id, principal=principal, full_access=False, roles=[]) principals[principal] = entry if full_access: entry.full_access = True if roles: entry.roles = sorted(set(entry.roles) | set(roles)) if not self.quiet: self.print_msg(cformat(' - %%{%s}[{}]%%{reset} {}' % color).format(name.lower(), principal)) return principal
def get_events_managed_by(user, from_dt=None, to_dt=None): """Gets the IDs of events where the user has management privs. :param user: A `User` :param from_dt: The earliest event start time to look for :param to_dt: The latest event start time to look for :return: A set of event ids """ query = (user.in_event_acls.join(Event).options( noload('user'), noload('local_group'), load_only('event_id')).filter( ~Event.is_deleted, Event.starts_between(from_dt, to_dt)).filter( EventPrincipal.has_management_role('ANY'))) return {principal.event_id for principal in query}
def get_events_managed_by(user, dt=None): """Gets the IDs of events where the user has management privs. :param user: A `User` :param dt: Only include events taking place on/after that date :return: A set of event ids """ query = (user.in_event_acls .join(Event) .options(noload('user'), noload('local_group'), load_only('event_id')) .filter(~Event.is_deleted, Event.ends_after(dt)) .filter(EventPrincipal.has_management_permission('ANY'))) return {principal.event_id for principal in query}
def get_events_managed_by(user, from_dt=None, to_dt=None): """Gets the IDs of events where the user has management privs. :param user: A `User` :param from_dt: The earliest event start time to look for :param to_dt: The latest event start time to look for :return: A set of event ids """ query = (user.in_event_acls .join(Event) .options(noload('user'), noload('local_group'), load_only('event_id')) .filter(~Event.is_deleted, Event.starts_between(from_dt, to_dt)) .filter(EventPrincipal.has_management_role('ANY'))) return {principal.event_id for principal in query}
def process_principal(self, principals, legacy_principal, name, color, full_access=None, roles=None, read_access=None): if isinstance(legacy_principal, basestring): user = self.global_ns.users_by_email.get(legacy_principal) principal = user or EmailPrincipal(legacy_principal) else: principal = self.convert_principal(legacy_principal) if principal is None: self.print_warning( ('%%[%s]{}%%[reset]%%[yellow] does not exist:%%[reset] {} ({})' % color).format(name, legacy_principal, getattr(legacy_principal, 'id', '-'))) return try: entry = principals[principal] except KeyError: entry = EventPrincipal(event_id=self.event.id, principal=principal, full_access=False, roles=[]) principals[principal] = entry if full_access: entry.full_access = True if read_access: entry.read_access = True if roles: entry.roles = sorted(set(entry.roles) | set(roles)) if not self.quiet: self.print_log(' %%[%s][{}]%%[reset] {}' % color.format(name.lower(), principal)) return principal
def get_events_with_paper_roles(user, dt=None): """ Get the IDs and PR roles of events where the user has any kind of paper reviewing privileges. :param user: A `User` :param dt: Only include events taking place on/after that date :return: A dict mapping event IDs to a set of roles """ paper_roles = {'paper_manager', 'paper_judge', 'paper_content_reviewer', 'paper_layout_reviewer'} role_criteria = [EventPrincipal.has_management_role(role, explicit=True) for role in paper_roles] query = (user.in_event_acls .join(Event) .options(noload('user'), noload('local_group'), load_only('event_id', 'roles')) .filter(~Event.is_deleted, Event.ends_after(dt)) .filter(db.or_(*role_criteria))) return {principal.event_id: set(principal.roles) & paper_roles for principal in query}
def get_events_managed_by(user, from_dt=None, to_dt=None): """Gets the IDs of events where the user has management privs. :param user: A `User` :param from_dt: The earliest event start time to look for :param to_dt: The latest event start time to look for :return: A set of event ids """ event_date_filter = None if from_dt and to_dt: event_date_filter = IndexedEvent.start_date.between(from_dt, to_dt) elif from_dt: event_date_filter = IndexedEvent.start_date >= from_dt elif to_dt: event_date_filter = IndexedEvent.start_date <= to_dt query = (user.in_event_acls .join(Event) .options(noload('user'), noload('local_group'), load_only('event_id')) .filter(~Event.is_deleted) .filter(EventPrincipal.has_management_role('ANY'))) if event_date_filter is not None: query = query.join(IndexedEvent, IndexedEvent.id == EventPrincipal.event_id) query = query.filter(event_date_filter) return {principal.event_id for principal in query}
def _find(*args): return EventPrincipal.find(EventPrincipal.event_new == event, EventPrincipal.has_management_role(*args))
def _merge_users(target, source, **kwargs): from indico.modules.events.models.principals import EventPrincipal EventPrincipal.merge_users(target, source, 'event_new')
def _query(permission): return (EventPrincipal.query.filter( EventPrincipal.event == event, EventPrincipal.has_management_permission(permission, explicit=explicit)))
def test_has_management_role(): p = EventPrincipal(roles=['foo']) assert p.has_management_role('ANY') assert p.has_management_role('foo') assert not p.has_management_role('bar')
def _find(permission): return EventPrincipal.find( EventPrincipal.event == event, EventPrincipal.has_management_permission(permission, explicit=explicit))
def _find(role): return EventPrincipal.find(EventPrincipal.event_new == event, EventPrincipal.has_management_role(role, explicit=explicit))
def test_has_management_role_full_access(): p = EventPrincipal(full_access=True, roles=[]) assert p.has_management_role() assert p.has_management_role('foo') assert p.has_management_role('ANY')
def test_has_management_permission(): p = EventPrincipal(permissions=['foo']) assert p.has_management_permission('ANY') assert p.has_management_permission('foo') assert not p.has_management_permission('bar')
def _query(*args): return (EventPrincipal.query.filter( EventPrincipal.event == event, EventPrincipal.has_management_permission(*args)))
def test_merge_privs(): p = EventPrincipal(read_access=True, roles={'foo', 'bar'}) p.merge_privs(EventPrincipal(roles={'bar', 'foobar'}, full_access=True)) assert p.read_access assert p.full_access assert set(p.roles) == {'foo', 'bar', 'foobar'}
def _process(self): contribution_strategy = joinedload('contribution_links') contribution_strategy.joinedload('contribution') contribution_strategy.joinedload('person').joinedload('user') subcontribution_strategy = joinedload('subcontribution_links') subcontribution_strategy.joinedload('subcontribution') subcontribution_strategy.joinedload('person').joinedload('user') session_block_strategy = joinedload('session_block_links') session_block_strategy.joinedload('session_block') session_block_strategy.joinedload('person').joinedload('user') event_strategy = joinedload('event_links') event_strategy.joinedload('person').joinedload('user') event_persons_query = (self.event_new.persons.options(event_strategy, contribution_strategy, subcontribution_strategy, session_block_strategy) .all()) persons = defaultdict(lambda: {'session_blocks': defaultdict(dict), 'contributions': defaultdict(dict), 'subcontributions': defaultdict(dict), 'roles': defaultdict(dict)}) event_principal_query = (EventPrincipal.query.with_parent(self.event_new) .filter(EventPrincipal.type == PrincipalType.email, EventPrincipal.has_management_role('submit'))) contrib_principal_query = (ContributionPrincipal.find(Contribution.event_new == self.event_new, ContributionPrincipal.type == PrincipalType.email, ContributionPrincipal.has_management_role('submit')) .join(Contribution) .options(contains_eager('contribution'))) session_principal_query = (SessionPrincipal.find(Session.event_new == self.event_new, SessionPrincipal.type == PrincipalType.email, SessionPrincipal.has_management_role()) .join(Session).options(joinedload('session').joinedload('acl_entries'))) chairpersons = {link.person for link in self.event_new.person_links} for event_person in event_persons_query: data = persons[event_person.email or event_person.id] data['person'] = event_person data['roles']['chairperson'] = event_person in chairpersons for person_link in event_person.session_block_links: if person_link.session_block.session.is_deleted: continue data['session_blocks'][person_link.session_block_id] = {'title': person_link.session_block.full_title} data['roles']['convener'] = True for person_link in event_person.contribution_links: if not person_link.is_speaker: continue contrib = person_link.contribution if contrib.is_deleted: continue url = url_for('contributions.manage_contributions', self.event_new, selected=contrib.friendly_id) data['contributions'][contrib.id] = {'title': contrib.title, 'url': url} data['roles']['speaker'] = True for person_link in event_person.subcontribution_links: subcontrib = person_link.subcontribution contrib = subcontrib.contribution if subcontrib.is_deleted or contrib.is_deleted: continue url = url_for('contributions.manage_contributions', self.event_new, selected=contrib.friendly_id) data['subcontributions'][subcontrib.id] = {'title': '{} ({})'.format(contrib.title, subcontrib.title), 'url': url} data['roles']['speaker'] = True # Some EventPersons will have no roles since they were connected to deleted things persons = {email: data for email, data in persons.viewitems() if any(data['roles'].viewvalues())} num_no_account = 0 for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query): if principal.email not in persons: continue if not persons[principal.email].get('no_account'): persons[principal.email]['roles']['no_account'] = True num_no_account += 1 person_list = sorted(persons.viewvalues(), key=lambda x: x['person'].get_full_name(last_name_first=True).lower()) return WPManagePersons.render_template('management/person_list.html', self._conf, event=self.event_new, persons=person_list, num_no_account=num_no_account)
def has_data(self): return EventPrincipal.has_rows()
def test_has_management_permission_no_access(): p = EventPrincipal(read_access=True, permissions=[]) assert not p.has_management_permission() assert not p.has_management_permission('foo') assert not p.has_management_permission('ANY')
def _merge_users(target, source, **kwargs): from indico.modules.events.models.principals import EventPrincipal EventPrincipal.merge_users(target, source, "event_new")
def test_has_management_role_no_access(): p = EventPrincipal(read_access=True, roles=[]) assert not p.has_management_role() assert not p.has_management_role('foo') assert not p.has_management_role('ANY')
def _find(*args): return EventPrincipal.find(EventPrincipal.event == event, EventPrincipal.has_management_permission(*args))
def test_has_management_role_explicit(explicit): p = EventPrincipal(full_access=True, roles=['foo']) assert p.has_management_role('foo', explicit=explicit) assert p.has_management_role('ANY', explicit=explicit) assert p.has_management_role('bar', explicit=explicit) == (not explicit) assert EventPrincipal(full_access=True, roles=[]).has_management_role('ANY', explicit=explicit) == (not explicit)
def _find(*args): return EventPrincipal.find( EventPrincipal.event == event, EventPrincipal.has_management_permission(*args))
def test_has_management_permission(): p = EventPrincipal(permissions=['foo']) assert p.has_management_permission('ANY') assert p.has_management_permission('foo') assert not p.has_management_permission('bar')
def test_has_management_permission_no_access(): p = EventPrincipal(read_access=True, permissions=[]) assert not p.has_management_permission() assert not p.has_management_permission('foo') assert not p.has_management_permission('ANY')
def _find(permission): return EventPrincipal.find(EventPrincipal.event == event, EventPrincipal.has_management_permission(permission, explicit=explicit))