def test_has_management_permission_explicit_fail():
p = EventPrincipal(permissions=['foo'])
# no permission specified
with pytest.raises(ValueError):
p.has_management_permission(explicit=True)
with pytest.raises(ValueError):
EventPrincipal.has_management_permission(explicit=True)
def test_has_management_permission_explicit(explicit):
p = EventPrincipal(full_access=True, permissions=['foo'])
assert p.has_management_permission('foo', explicit=explicit)
assert p.has_management_permission('ANY', explicit=explicit)
assert p.has_management_permission('bar', explicit=explicit) == (not explicit)
assert (EventPrincipal(full_access=True, permissions=[]).has_management_permission('ANY', explicit=explicit) ==
(not explicit))
def _merge_users(target, source, **kwargs):
from indico.modules.events.models.persons import EventPerson
from indico.modules.events.models.principals import EventPrincipal
EventPerson.merge_users(target, source)
EventPrincipal.merge_users(target, source, 'event')
target.event_roles |= source.event_roles
source.event_roles.clear()
def test_has_management_role_explicit(explicit):
p = EventPrincipal(full_access=True, roles=['foo'])
assert p.has_management_role('foo', explicit=explicit)
assert p.has_management_role('ANY', explicit=explicit)
assert p.has_management_role('bar', explicit=explicit) == (not explicit)
assert EventPrincipal(full_access=True, roles=[]).has_management_role(
'ANY', explicit=explicit) == (not explicit)
def test_merge_privs():
p = EventPrincipal(read_access=True, permissions={'foo', 'bar'})
p.merge_privs(
EventPrincipal(permissions={'bar', 'foobar'}, full_access=True))
assert p.read_access
assert p.full_access
assert set(p.permissions) == {'foo', 'bar', 'foobar'}
def process_principal(self, event, principals, legacy_principal, name, color, full_access=None, roles=None):
if isinstance(legacy_principal, basestring):
user = self.all_users_by_email.get(legacy_principal)
principal = user or EmailPrincipal(legacy_principal)
else:
principal = self.convert_principal(legacy_principal)
if principal is None:
self.print_warning(
cformat("%%{%s}{}%%{reset}%%{yellow} does not exist:%%{reset} {}" % color).format(
name, legacy_principal
),
event_id=event.id,
)
return
try:
entry = principals[principal]
except KeyError:
entry = EventPrincipal(event_id=event.id, principal=principal, full_access=False, roles=[])
principals[principal] = entry
if full_access:
entry.full_access = True
if roles:
entry.roles = sorted(set(entry.roles) | set(roles))
if not self.quiet:
self.print_msg(cformat(" - %%{%s}[{}]%%{reset} {}" % color).format(name.lower(), principal))
return principal
def _merge_users(target, source, **kwargs):
from indico.modules.events.models.persons import EventPerson
from indico.modules.events.models.principals import EventPrincipal
EventPerson.merge_users(target, source)
EventPrincipal.merge_users(target, source, 'event')
target.event_roles |= source.event_roles
source.event_roles.clear()
def _associate_users_by_email(self, event):
# link objects to users by email where possible
# event principals
emails = [p.email for p in EventPrincipal.query.with_parent(event).filter_by(type=PrincipalType.email)]
for user in User.query.filter(~User.is_deleted, User.all_emails.in_(emails)):
EventPrincipal.replace_email_with_user(user, 'event')
# session principals
query = (SessionPrincipal.query
.filter(SessionPrincipal.session.has(Session.event == event),
SessionPrincipal.type == PrincipalType.email))
emails = [p.email for p in query]
for user in User.query.filter(~User.is_deleted, User.all_emails.in_(emails)):
SessionPrincipal.replace_email_with_user(user, 'session')
# contribution principals
query = (ContributionPrincipal.query
.filter(ContributionPrincipal.contribution.has(Contribution.event == event),
ContributionPrincipal.type == PrincipalType.email))
emails = [p.email for p in query]
for user in User.query.filter(~User.is_deleted, User.all_emails.in_(emails)):
ContributionPrincipal.replace_email_with_user(user, 'contribution')
# event persons
query = EventPerson.query.with_parent(event).filter(EventPerson.user_id.is_(None), EventPerson.email != '')
for person in query:
person.user = get_user_by_email(person.email)
# registrations
for registration in Registration.query.with_parent(event).filter(Registration.user_id.is_(None)):
registration.user = get_user_by_email(registration.email)
def test_has_management_permission_explicit(explicit):
p = EventPrincipal(full_access=True, permissions=['foo'])
assert p.has_management_permission('foo', explicit=explicit)
assert p.has_management_permission('ANY', explicit=explicit)
assert p.has_management_permission('bar', explicit=explicit) == (not explicit)
assert (EventPrincipal(full_access=True, permissions=[]).has_management_permission('ANY', explicit=explicit) ==
(not explicit))
def _process(self):
event_principal_query = (EventPrincipal.query.with_parent(self.event)
.filter(EventPrincipal.type == PrincipalType.email,
EventPrincipal.has_management_role('submit')))
contrib_principal_query = (ContributionPrincipal.find(Contribution.event == self.event,
ContributionPrincipal.type == PrincipalType.email,
ContributionPrincipal.has_management_role('submit'))
.join(Contribution)
.options(contains_eager('contribution')))
session_principal_query = (SessionPrincipal.find(Session.event == self.event,
SessionPrincipal.type == PrincipalType.email,
SessionPrincipal.has_management_role())
.join(Session).options(joinedload('session').joinedload('acl_entries')))
persons = self.get_persons()
person_list = sorted(persons.viewvalues(), key=lambda x: x['person'].display_full_name.lower())
num_no_account = 0
for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query):
if principal.email not in persons:
continue
if not persons[principal.email].get('no_account'):
persons[principal.email]['roles']['no_account'] = True
num_no_account += 1
return WPManagePersons.render_template('management/person_list.html', self.event,
persons=person_list, num_no_account=num_no_account)
def _process(self):
event_principal_query = (EventPrincipal.query.with_parent(self.event)
.filter(EventPrincipal.type == PrincipalType.email,
EventPrincipal.has_management_permission('submit')))
contrib_principal_query = (ContributionPrincipal.find(Contribution.event == self.event,
ContributionPrincipal.type == PrincipalType.email,
ContributionPrincipal.has_management_permission('submit'))
.join(Contribution)
.options(contains_eager('contribution')))
session_principal_query = (SessionPrincipal.find(Session.event == self.event,
SessionPrincipal.type == PrincipalType.email,
SessionPrincipal.has_management_permission())
.join(Session).options(joinedload('session').joinedload('acl_entries')))
persons = self.get_persons()
person_list = sorted(persons.values(), key=lambda x: x['person'].display_full_name.lower())
num_no_account = 0
for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query):
if principal.email not in persons:
continue
if not persons[principal.email].get('no_account'):
persons[principal.email]['roles']['no_account'] = True
num_no_account += 1
custom_roles = {f'custom_{r.id}': {'name': r.name, 'code': r.code, 'color': r.color}
for r in self.event.roles}
return WPManagePersons.render_template('management/person_list.html', self.event, persons=person_list,
num_no_account=num_no_account, builtin_roles=BUILTIN_ROLES,
custom_roles=custom_roles)
def test_convert_email_principals_merge(db, create_event, create_user):
event = create_event()
user = create_user(123, email='*****@*****.**')
principal = EmailPrincipal('*****@*****.**')
entry1 = event.update_principal(user, full_access=True, roles={'foo', 'foobar'})
entry2 = event.update_principal(principal, read_access=True, roles={'foo', 'bar'})
# different emails for now -> nothing updated
assert not EventPrincipal.replace_email_with_user(user, 'event_new')
assert set(event.acl_entries) == {entry1, entry2}
user.secondary_emails.add(principal.email)
assert EventPrincipal.replace_email_with_user(user, 'event_new') == {event}
assert len(event.acl_entries) == 1
entry = list(event.acl_entries)[0]
assert entry.full_access
assert entry.read_access
assert set(entry.roles) == {'foo', 'bar', 'foobar'}
def _process(self):
event_principal_query = (EventPrincipal.query.with_parent(self.event_new)
.filter(EventPrincipal.type == PrincipalType.email,
EventPrincipal.has_management_role('submit')))
contrib_principal_query = (ContributionPrincipal.find(Contribution.event_new == self.event_new,
ContributionPrincipal.type == PrincipalType.email,
ContributionPrincipal.has_management_role('submit'))
.join(Contribution)
.options(contains_eager('contribution')))
session_principal_query = (SessionPrincipal.find(Session.event_new == self.event_new,
SessionPrincipal.type == PrincipalType.email,
SessionPrincipal.has_management_role())
.join(Session).options(joinedload('session').joinedload('acl_entries')))
persons = self.get_persons()
person_list = sorted(persons.viewvalues(),
key=lambda x: x['person'].get_full_name(last_name_first=True).lower())
num_no_account = 0
for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query):
if principal.email not in persons:
continue
if not persons[principal.email].get('no_account'):
persons[principal.email]['roles']['no_account'] = True
num_no_account += 1
return WPManagePersons.render_template('management/person_list.html', self._conf, event=self.event_new,
persons=person_list, num_no_account=num_no_account)
def _convert_email_principals(user, **kwargs):
from indico.modules.events.models.principals import EventPrincipal
events = EventPrincipal.replace_email_with_user(user, 'event')
if events:
num = len(events)
flash(ngettext("You have been granted manager/submission privileges for an event.",
"You have been granted manager/submission privileges for {} events.", num).format(num), 'info')
def _convert_email_principals(user, **kwargs):
from indico.modules.events.models.principals import EventPrincipal
events = EventPrincipal.replace_email_with_user(user, 'event')
if events:
num = len(events)
flash(ngettext("You have been granted manager/submission privileges for an event.",
"You have been granted manager/submission privileges for {} events.", num).format(num), 'info')
def get_events_with_paper_roles(user, dt=None):
"""
Get the IDs and PR roles of events where the user has any kind
of paper reviewing privileges.
:param user: A `User`
:param dt: Only include events taking place on/after that date
:return: A dict mapping event IDs to a set of roles
"""
paper_permissions = {
'paper_manager', 'paper_judge', 'paper_content_reviewer',
'paper_layout_reviewer'
}
role_criteria = [
EventPrincipal.has_management_permission(permission, explicit=True)
for permission in paper_permissions
]
query = (user.in_event_acls.join(Event).options(
noload('user'), noload('local_group'),
load_only('event_id',
'permissions')).filter(~Event.is_deleted,
Event.ends_after(dt)).filter(
db.or_(*role_criteria)))
return {
principal.event_id: set(principal.permissions) & paper_permissions
for principal in query
}
def test_convert_email_principals(db, create_event, create_user, dummy_user):
event = create_event()
user = create_user(123, email='*****@*****.**')
principal = EmailPrincipal('*****@*****.**')
other_entry = event.update_principal(dummy_user, full_access=True, roles={'foo', 'foobar'})
entry = event.update_principal(principal, read_access=True, roles={'foo', 'bar'})
other_entry_data = other_entry.current_data
entry_data = entry.current_data
# different emails for now -> nothing updated
assert not EventPrincipal.replace_email_with_user(user, 'event_new')
assert set(event.acl_entries) == {entry, other_entry}
user.secondary_emails.add(principal.email)
assert EventPrincipal.replace_email_with_user(user, 'event_new') == {event}
assert set(event.acl_entries) == {entry, other_entry}
assert all(x.type == PrincipalType.user for x in event.acl_entries)
db.session.expire(other_entry)
db.session.expire(entry)
assert entry.current_data == entry_data
assert other_entry.current_data == other_entry_data
def get_events_managed_by(user, dt=None):
"""Gets the IDs of events where the user has management privs.
:param user: A `User`
:param dt: Only include events taking place on/after that date
:return: A set of event ids
"""
query = (user.in_event_acls.join(Event).options(
noload('user'), noload('local_group'), load_only('event_id')).filter(
~Event.is_deleted, Event.ends_after(dt)).filter(
EventPrincipal.has_management_role('ANY')))
return {principal.event_id for principal in query}
def test_has_management_role_explicit_fail():
p = EventPrincipal(roles=['foo'])
# no role specified
with pytest.raises(ValueError):
p.has_management_role(explicit=True)
with pytest.raises(ValueError):
EventPrincipal.has_management_role(explicit=True)
def test_has_management_permission_explicit_fail():
p = EventPrincipal(permissions=['foo'])
# no permission specified
with pytest.raises(ValueError):
p.has_management_permission(explicit=True)
with pytest.raises(ValueError):
EventPrincipal.has_management_permission(explicit=True)
def process_principal(self, event, principals, legacy_principal, name, color, full_access=None, roles=None):
if isinstance(legacy_principal, basestring):
user = self.all_users_by_email.get(legacy_principal)
principal = user or EmailPrincipal(legacy_principal)
else:
principal = self.convert_principal(legacy_principal)
if principal is None:
self.print_warning(cformat('%%{%s}{}%%{reset}%%{yellow} does not exist:%%{reset} {}' % color)
.format(name, legacy_principal), event_id=event.id)
return
try:
entry = principals[principal]
except KeyError:
entry = EventPrincipal(event_id=event.id, principal=principal, full_access=False, roles=[])
principals[principal] = entry
if full_access:
entry.full_access = True
if roles:
entry.roles = sorted(set(entry.roles) | set(roles))
if not self.quiet:
self.print_msg(cformat(' - %%{%s}[{}]%%{reset} {}' % color).format(name.lower(), principal))
return principal
def get_events_managed_by(user, from_dt=None, to_dt=None):
"""Gets the IDs of events where the user has management privs.
:param user: A `User`
:param from_dt: The earliest event start time to look for
:param to_dt: The latest event start time to look for
:return: A set of event ids
"""
query = (user.in_event_acls.join(Event).options(
noload('user'), noload('local_group'), load_only('event_id')).filter(
~Event.is_deleted, Event.starts_between(from_dt, to_dt)).filter(
EventPrincipal.has_management_role('ANY')))
return {principal.event_id for principal in query}
def get_events_managed_by(user, dt=None):
"""Gets the IDs of events where the user has management privs.
:param user: A `User`
:param dt: Only include events taking place on/after that date
:return: A set of event ids
"""
query = (user.in_event_acls
.join(Event)
.options(noload('user'), noload('local_group'), load_only('event_id'))
.filter(~Event.is_deleted, Event.ends_after(dt))
.filter(EventPrincipal.has_management_permission('ANY')))
return {principal.event_id for principal in query}
def get_events_managed_by(user, from_dt=None, to_dt=None):
"""Gets the IDs of events where the user has management privs.
:param user: A `User`
:param from_dt: The earliest event start time to look for
:param to_dt: The latest event start time to look for
:return: A set of event ids
"""
query = (user.in_event_acls
.join(Event)
.options(noload('user'), noload('local_group'), load_only('event_id'))
.filter(~Event.is_deleted, Event.starts_between(from_dt, to_dt))
.filter(EventPrincipal.has_management_role('ANY')))
return {principal.event_id for principal in query}
def process_principal(self,
principals,
legacy_principal,
name,
color,
full_access=None,
roles=None,
read_access=None):
if isinstance(legacy_principal, basestring):
user = self.global_ns.users_by_email.get(legacy_principal)
principal = user or EmailPrincipal(legacy_principal)
else:
principal = self.convert_principal(legacy_principal)
if principal is None:
self.print_warning(
('%%[%s]{}%%[reset]%%[yellow] does not exist:%%[reset] {} ({})'
% color).format(name, legacy_principal,
getattr(legacy_principal, 'id', '-')))
return
try:
entry = principals[principal]
except KeyError:
entry = EventPrincipal(event_id=self.event.id,
principal=principal,
full_access=False,
roles=[])
principals[principal] = entry
if full_access:
entry.full_access = True
if read_access:
entry.read_access = True
if roles:
entry.roles = sorted(set(entry.roles) | set(roles))
if not self.quiet:
self.print_log(' %%[%s][{}]%%[reset] {}' %
color.format(name.lower(), principal))
return principal
def get_events_with_paper_roles(user, dt=None):
"""
Get the IDs and PR roles of events where the user has any kind
of paper reviewing privileges.
:param user: A `User`
:param dt: Only include events taking place on/after that date
:return: A dict mapping event IDs to a set of roles
"""
paper_roles = {'paper_manager', 'paper_judge', 'paper_content_reviewer', 'paper_layout_reviewer'}
role_criteria = [EventPrincipal.has_management_role(role, explicit=True) for role in paper_roles]
query = (user.in_event_acls
.join(Event)
.options(noload('user'), noload('local_group'), load_only('event_id', 'roles'))
.filter(~Event.is_deleted, Event.ends_after(dt))
.filter(db.or_(*role_criteria)))
return {principal.event_id: set(principal.roles) & paper_roles for principal in query}
def get_events_managed_by(user, from_dt=None, to_dt=None):
"""Gets the IDs of events where the user has management privs.
:param user: A `User`
:param from_dt: The earliest event start time to look for
:param to_dt: The latest event start time to look for
:return: A set of event ids
"""
event_date_filter = None
if from_dt and to_dt:
event_date_filter = IndexedEvent.start_date.between(from_dt, to_dt)
elif from_dt:
event_date_filter = IndexedEvent.start_date >= from_dt
elif to_dt:
event_date_filter = IndexedEvent.start_date <= to_dt
query = (user.in_event_acls
.join(Event)
.options(noload('user'), noload('local_group'), load_only('event_id'))
.filter(~Event.is_deleted)
.filter(EventPrincipal.has_management_role('ANY')))
if event_date_filter is not None:
query = query.join(IndexedEvent, IndexedEvent.id == EventPrincipal.event_id)
query = query.filter(event_date_filter)
return {principal.event_id for principal in query}
def _find(*args):
return EventPrincipal.find(EventPrincipal.event_new == event, EventPrincipal.has_management_role(*args))
def _merge_users(target, source, **kwargs):
from indico.modules.events.models.principals import EventPrincipal
EventPrincipal.merge_users(target, source, 'event_new')
def _query(permission):
return (EventPrincipal.query.filter(
EventPrincipal.event == event,
EventPrincipal.has_management_permission(permission,
explicit=explicit)))
def test_has_management_role():
p = EventPrincipal(roles=['foo'])
assert p.has_management_role('ANY')
assert p.has_management_role('foo')
assert not p.has_management_role('bar')
def _find(permission):
return EventPrincipal.find(
EventPrincipal.event == event,
EventPrincipal.has_management_permission(permission,
explicit=explicit))
def _find(role):
return EventPrincipal.find(EventPrincipal.event_new == event,
EventPrincipal.has_management_role(role, explicit=explicit))
def test_has_management_role_full_access():
p = EventPrincipal(full_access=True, roles=[])
assert p.has_management_role()
assert p.has_management_role('foo')
assert p.has_management_role('ANY')
def test_has_management_permission():
p = EventPrincipal(permissions=['foo'])
assert p.has_management_permission('ANY')
assert p.has_management_permission('foo')
assert not p.has_management_permission('bar')
def _query(*args):
return (EventPrincipal.query.filter(
EventPrincipal.event == event,
EventPrincipal.has_management_permission(*args)))
def test_merge_privs():
p = EventPrincipal(read_access=True, roles={'foo', 'bar'})
p.merge_privs(EventPrincipal(roles={'bar', 'foobar'}, full_access=True))
assert p.read_access
assert p.full_access
assert set(p.roles) == {'foo', 'bar', 'foobar'}
def _process(self):
contribution_strategy = joinedload('contribution_links')
contribution_strategy.joinedload('contribution')
contribution_strategy.joinedload('person').joinedload('user')
subcontribution_strategy = joinedload('subcontribution_links')
subcontribution_strategy.joinedload('subcontribution')
subcontribution_strategy.joinedload('person').joinedload('user')
session_block_strategy = joinedload('session_block_links')
session_block_strategy.joinedload('session_block')
session_block_strategy.joinedload('person').joinedload('user')
event_strategy = joinedload('event_links')
event_strategy.joinedload('person').joinedload('user')
event_persons_query = (self.event_new.persons.options(event_strategy, contribution_strategy,
subcontribution_strategy, session_block_strategy)
.all())
persons = defaultdict(lambda: {'session_blocks': defaultdict(dict), 'contributions': defaultdict(dict),
'subcontributions': defaultdict(dict), 'roles': defaultdict(dict)})
event_principal_query = (EventPrincipal.query.with_parent(self.event_new)
.filter(EventPrincipal.type == PrincipalType.email,
EventPrincipal.has_management_role('submit')))
contrib_principal_query = (ContributionPrincipal.find(Contribution.event_new == self.event_new,
ContributionPrincipal.type == PrincipalType.email,
ContributionPrincipal.has_management_role('submit'))
.join(Contribution)
.options(contains_eager('contribution')))
session_principal_query = (SessionPrincipal.find(Session.event_new == self.event_new,
SessionPrincipal.type == PrincipalType.email,
SessionPrincipal.has_management_role())
.join(Session).options(joinedload('session').joinedload('acl_entries')))
chairpersons = {link.person for link in self.event_new.person_links}
for event_person in event_persons_query:
data = persons[event_person.email or event_person.id]
data['person'] = event_person
data['roles']['chairperson'] = event_person in chairpersons
for person_link in event_person.session_block_links:
if person_link.session_block.session.is_deleted:
continue
data['session_blocks'][person_link.session_block_id] = {'title': person_link.session_block.full_title}
data['roles']['convener'] = True
for person_link in event_person.contribution_links:
if not person_link.is_speaker:
continue
contrib = person_link.contribution
if contrib.is_deleted:
continue
url = url_for('contributions.manage_contributions', self.event_new, selected=contrib.friendly_id)
data['contributions'][contrib.id] = {'title': contrib.title, 'url': url}
data['roles']['speaker'] = True
for person_link in event_person.subcontribution_links:
subcontrib = person_link.subcontribution
contrib = subcontrib.contribution
if subcontrib.is_deleted or contrib.is_deleted:
continue
url = url_for('contributions.manage_contributions', self.event_new, selected=contrib.friendly_id)
data['subcontributions'][subcontrib.id] = {'title': '{} ({})'.format(contrib.title, subcontrib.title),
'url': url}
data['roles']['speaker'] = True
# Some EventPersons will have no roles since they were connected to deleted things
persons = {email: data for email, data in persons.viewitems() if
any(data['roles'].viewvalues())}
num_no_account = 0
for principal in itertools.chain(event_principal_query, contrib_principal_query, session_principal_query):
if principal.email not in persons:
continue
if not persons[principal.email].get('no_account'):
persons[principal.email]['roles']['no_account'] = True
num_no_account += 1
person_list = sorted(persons.viewvalues(), key=lambda x: x['person'].get_full_name(last_name_first=True).lower())
return WPManagePersons.render_template('management/person_list.html', self._conf, event=self.event_new,
persons=person_list, num_no_account=num_no_account)
def has_data(self):
return EventPrincipal.has_rows()
def test_has_management_permission_no_access():
p = EventPrincipal(read_access=True, permissions=[])
assert not p.has_management_permission()
assert not p.has_management_permission('foo')
assert not p.has_management_permission('ANY')
def _merge_users(target, source, **kwargs):
from indico.modules.events.models.principals import EventPrincipal
EventPrincipal.merge_users(target, source, "event_new")
def test_has_management_role_no_access():
p = EventPrincipal(read_access=True, roles=[])
assert not p.has_management_role()
assert not p.has_management_role('foo')
assert not p.has_management_role('ANY')
def _find(*args):
return EventPrincipal.find(EventPrincipal.event == event, EventPrincipal.has_management_permission(*args))
def test_has_management_role_explicit(explicit):
p = EventPrincipal(full_access=True, roles=['foo'])
assert p.has_management_role('foo', explicit=explicit)
assert p.has_management_role('ANY', explicit=explicit)
assert p.has_management_role('bar', explicit=explicit) == (not explicit)
assert EventPrincipal(full_access=True, roles=[]).has_management_role('ANY', explicit=explicit) == (not explicit)
def _find(*args):
return EventPrincipal.find(
EventPrincipal.event == event,
EventPrincipal.has_management_permission(*args))
def test_has_management_permission():
p = EventPrincipal(permissions=['foo'])
assert p.has_management_permission('ANY')
assert p.has_management_permission('foo')
assert not p.has_management_permission('bar')
def test_has_management_permission_no_access():
p = EventPrincipal(read_access=True, permissions=[])
assert not p.has_management_permission()
assert not p.has_management_permission('foo')
assert not p.has_management_permission('ANY')
def _find(permission):
return EventPrincipal.find(EventPrincipal.event == event,
EventPrincipal.has_management_permission(permission, explicit=explicit))
