def _process(self):
for data in request.json['users']:
user = principal_from_fossil(data, allow_pending=True, allow_groups=False)
if user not in self.role.members:
self.role.members.add(user)
logger.info('User %r added to role %r by %r', user, self.role, session.user)
return jsonify_data(html=_render_role(self.role, collapsed=False))
def _checkParams(self):
CategoryControlUserListBase._checkParams(self)
pm = ParameterManager(self._params)
self._principals = [
principal_from_fossil(f, allow_pending=True) for f in pm.extract("userList", pType=list, allowEmpty=False)
]
self._sendEmailManagers = pm.extract("sendEmailManagers", pType=bool, allowEmpty=True, defaultValue=True)
def _checkParams(self):
ConferenceModifBase._checkParams(self)
pm = ParameterManager(self._params)
self._principals = [
principal_from_fossil(f, allow_pending=True, legacy=False)
for f in pm.extract("userList", pType=list, allowEmpty=False)
]
def _convert_principal(self, principal):
return principal_from_fossil(principal,
allow_pending=self.allow_external,
legacy=False,
allow_emails=self.allow_emails,
allow_networks=self.allow_networks,
existing_data=self.object_data)
def check_permissions(event,
field,
allow_networks=False,
allow_registration_forms=False):
for principal_fossil, permissions in field.data:
principal = principal_from_fossil(
principal_fossil,
allow_emails=True,
allow_networks=allow_networks,
allow_pending=True,
allow_registration_forms=allow_registration_forms,
event=event,
category=event.category)
if allow_networks and isinstance(
principal, IPNetworkGroup
) and set(permissions) - {READ_ACCESS_PERMISSION}:
msg = _(
'IP networks cannot have management permissions: {}').format(
principal.name)
return msg
if (allow_registration_forms
and isinstance(principal, RegistrationForm)
and set(permissions) - {READ_ACCESS_PERMISSION}):
msg = _(
'Registrants cannot have management permissions: {}').format(
principal.name)
return msg
if FULL_ACCESS_PERMISSION in permissions and len(permissions) != 1:
# when full access permission is set, discard rest of permissions
permissions[:] = [FULL_ACCESS_PERMISSION]
def _checkParams(self):
SessionChairListBase._checkParams(self)
pm = ParameterManager(self._params)
self._principals = [
principal_from_fossil(f, allow_pending=True)
for f in pm.extract("userList", pType=list, allowEmpty=False)
]
def _checkParams(self):
SessionModifBase._checkParams(self)
self._principals = [
principal_from_fossil(f, allow_pending=True)
for f in self._params['value']
]
self._user = self.getAW().getUser()
def _getAnswer(self):
for user in self._userList:
if user["_type"] == "Avatar": # new speaker
part = self._newParticipant(
principal_from_fossil(user, allow_pending=True))
elif user[
"_type"] == "ContributionParticipation": # adding existing author to speaker
author_index_author_id = "{familyName} {firstName} {email}".format(
**user).lower()
author = self._conf.getAuthorIndex().getById(
author_index_author_id)[0]
part = self._newParticipant(author)
if self._submissionRights and part:
self._contribution.grantSubmission(part)
if self._kindOfList == "prAuthor":
return self._getParticipantsList(
self._contribution.getPrimaryAuthorList())
elif self._kindOfList == "coAuthor":
return self._getParticipantsList(
self._contribution.getCoAuthorList())
elif self._kindOfList == "speaker":
return self._getParticipantsList(
self._contribution.getSpeakerList())
else:
raise ServiceError("ERR-UK0", _("Invalid kind of list of users."))
def get_event_person(event, data, create_untrusted_persons=False, allow_external=False, allow_emails=False,
allow_networks=False):
"""Get an EventPerson from dictionary data.
If there is already an event person in the same event and for the same user,
it will be returned. Matching is done with the e-mail.
"""
person_type = data.get('_type')
if person_type is None:
if data.get('email'):
email = data['email'].lower()
user = User.find_first(~User.is_deleted, User.all_emails.contains(email))
if user:
return get_event_person_for_user(event, user, create_untrusted_persons=create_untrusted_persons)
elif event:
person = event.persons.filter_by(email=email).first()
if person:
return person
# We have no way to identify an existing event person with the provided information
return create_event_person(event, create_untrusted_persons=create_untrusted_persons, **data)
elif person_type == 'Avatar':
# XXX: existing_data
principal = principal_from_fossil(data, allow_pending=allow_external, allow_emails=allow_emails,
allow_networks=allow_networks)
return get_event_person_for_user(event, principal, create_untrusted_persons=create_untrusted_persons)
elif person_type == 'EventPerson':
return event.persons.filter_by(id=data['id']).one()
elif person_type == 'PersonLink':
return event.persons.filter_by(id=data['personId']).one()
else:
raise ValueError("Unknown person type '{}'".format(person_type))
def get_event_person(event, data, create_untrusted_persons=False, allow_external=False, allow_emails=False,
allow_networks=False):
"""Get an EventPerson from dictionary data.
If there is already an event person in the same event and for the same user,
it will be returned. Matching is done with the e-mail.
"""
person_type = data.get('_type')
if person_type is None:
if data.get('email'):
email = data['email'].lower()
user = User.query.filter(~User.is_deleted, User.all_emails == email).first()
if user:
return get_event_person_for_user(event, user, create_untrusted_persons=create_untrusted_persons)
elif event:
person = event.persons.filter_by(email=email).first()
if person:
return person
# We have no way to identify an existing event person with the provided information
return create_event_person(event, create_untrusted_persons=create_untrusted_persons, **data)
elif person_type == 'Avatar':
# XXX: existing_data
principal = principal_from_fossil(data, allow_pending=allow_external, allow_emails=allow_emails,
allow_networks=allow_networks)
return get_event_person_for_user(event, principal, create_untrusted_persons=create_untrusted_persons)
elif person_type == 'EventPerson':
return event.persons.filter_by(id=data['id']).one()
elif person_type == 'PersonLink':
return event.persons.filter_by(id=data['personId']).one()
else:
raise ValueError("Unknown person type '{}'".format(person_type))
def _convert_principal(self, principal):
return principal_from_fossil(
principal,
allow_pending=self.allow_external,
allow_emails=self.allow_emails,
allow_networks=self.allow_networks,
allow_registration_forms=self.allow_registration_forms,
existing_data=self.object_data,
event=self._event)
def validate_permissions(self, field):
for principal_fossil, permissions in field.data:
principal = principal_from_fossil(principal_fossil, allow_networks=True, allow_pending=True,
category=self.category)
if isinstance(principal, IPNetworkGroup) and set(permissions) - {READ_ACCESS_PERMISSION}:
msg = _('IP networks cannot have management permissions: {}').format(principal.name)
raise ValidationError(msg)
if FULL_ACCESS_PERMISSION in permissions and len(permissions) != 1:
# when full access permission is set, discard rest of permissions
permissions[:] = [FULL_ACCESS_PERMISSION]
def check_permissions(event, field, allow_networks=False):
for principal_fossil, permissions in field.data:
principal = principal_from_fossil(principal_fossil, allow_emails=True, allow_networks=allow_networks,
allow_pending=True, event=event)
if allow_networks and isinstance(principal, IPNetworkGroup) and set(permissions) - {READ_ACCESS_PERMISSION}:
msg = _('IP networks cannot have management permissions: {}').format(principal.name)
return msg
if FULL_ACCESS_PERMISSION in permissions and len(permissions) != 1:
# when full access permission is set, discard rest of permissions
permissions[:] = [FULL_ACCESS_PERMISSION]
def update_permissions(obj, form):
event = obj if isinstance(obj, Event) else obj.event
current_principal_permissions = {p.principal: get_principal_permissions(p, obj.__class__)
for p in obj.acl_entries}
current_principal_permissions = {k: v for k, v in current_principal_permissions.iteritems() if v}
new_principal_permissions = {
principal_from_fossil(fossil, allow_emails=True, allow_networks=True, event=event): set(permissions)
for fossil, permissions in form.permissions.data
}
update_principals_permissions(obj, current_principal_permissions, new_principal_permissions)
def _getAnswer(self):
principal = principal_from_fossil(self._params['principal'], legacy=False, allow_missing_groups=True,
allow_emails=True)
event = self._conf.as_event
if not self._params.get('force') and principal_is_only_for_user(event.acl_entries, session.user, principal):
# this is pretty ugly, but the user list manager widget is used in multiple
# places so like this we keep the changes to the legacy widget to a minimum
return 'confirm_remove_self'
event.update_principal(principal, full_access=False)
return self._getManagersList()
def _checkParams(self):
CategoryControlUserListBase._checkParams(self)
pm = ParameterManager(self._params)
self._principals = [
principal_from_fossil(f, allow_pending=True)
for f in pm.extract("userList", pType=list, allowEmpty=False)
]
self._sendEmailManagers = pm.extract("sendEmailManagers",
pType=bool,
allowEmpty=True,
defaultValue=True)
def _process(self):
for data in request.json['users']:
user = principal_from_fossil(data, allow_pending=True, allow_groups=False)
if user not in self.role.members:
self.role.members.add(user)
logger.info('User %r added to role %r by %r', user, self.role, session.user)
self.event.log(EventLogRealm.management, EventLogKind.positive, 'Roles',
'Added user to role "{}"'.format(self.role.name), session.user,
data={'Name': user.full_name,
'Email': user.email})
return jsonify_data(html=_render_role(self.role, collapsed=False))
def _getAnswer(self):
principal = principal_from_fossil(self._params['principal'],
legacy=False,
allow_missing_groups=True,
allow_emails=True)
event = self._conf.as_event
if not self._params.get('force') and principal_is_only_for_user(
event.acl_entries, session.user, principal):
# this is pretty ugly, but the user list manager widget is used in multiple
# places so like this we keep the changes to the legacy widget to a minimum
return 'confirm_remove_self'
event.update_principal(principal, full_access=False)
return self._getManagersList()
def _getAnswer(self):
if self._kindOfUser == "pending":
# remove pending email, self._submitterId is an email address
self._contribution.revokeSubmissionEmail(self._submitterId)
else:
try:
principal = principal_from_fossil(self._params['principal'])
except ValueError:
# WTF is this.. this used to be called if the user wasn't in avatarholder
self._removeUserFromSubmitterList(self._submitterId)
else:
self._contribution.revokeSubmission(principal)
return self._getSubmittersList()
def _getAnswer(self):
if self._kindOfUser == "pending":
# remove pending email, self._submitterId is an email address
self._contribution.revokeSubmissionEmail(self._submitterId)
else:
try:
principal = principal_from_fossil(self._params['principal'], allow_missing_groups=True)
except ValueError:
# WTF is this.. this used to be called if the user wasn't in avatarholder
self._removeUserFromSubmitterList(self._submitterId)
else:
self._contribution.revokeSubmission(principal)
return self._getSubmittersList()
def update_permissions(obj, form):
"""Update the permissions of an object, based on the corresponding WTForm."""
from indico.util.user import principal_from_fossil
event = obj.event
current_principal_permissions = {p.principal: get_principal_permissions(p, type(obj))
for p in obj.acl_entries}
current_principal_permissions = {k: v for k, v in current_principal_permissions.iteritems() if v}
new_principal_permissions = {
principal_from_fossil(fossil, allow_emails=True, allow_networks=True, allow_pending=True, event=event):
set(permissions)
for fossil, permissions in form.permissions.data
}
update_principals_permissions(obj, current_principal_permissions, new_principal_permissions)
def retrieveUsers(params, fieldName="userList"):
pm = ParameterManager(params)
userList = pm.extract(fieldName, pType=list, allowEmpty = True)
avatars = []
newUsers = []
editedAvatars = []
for userDict in userList:
id = userDict['id']
if str(id).startswith('newUser'):
newUsers.append(userDict)
elif str(id).startswith('edited'):
editedAvatars.append((user.AvatarHolder().getById(id[6:]), userDict))
else:
avatars.append(principal_from_fossil(userDict, allow_pending=True))
return avatars, newUsers, editedAvatars
def _getAnswer(self):
for user in self._userList:
if user["_type"] == "Avatar": # new speaker
part = self._newParticipant(principal_from_fossil(user, allow_pending=True))
elif user["_type"] == "ContributionParticipation": # adding existing author to speaker
author_index_author_id = "{familyName} {firstName} {email}".format(**user).lower()
author = self._conf.getAuthorIndex().getById(author_index_author_id)[0]
part = self._newParticipant(author)
if self._submissionRights and part:
self._contribution.grantSubmission(part)
if self._kindOfList == "prAuthor":
return self._getParticipantsList(self._contribution.getPrimaryAuthorList())
elif self._kindOfList == "coAuthor":
return self._getParticipantsList(self._contribution.getCoAuthorList())
elif self._kindOfList == "speaker":
return self._getParticipantsList(self._contribution.getSpeakerList())
else:
raise ServiceError("ERR-UK0", _("Invalid kind of list of users."))
def _getAnswer(self):
for user in self._userList:
if user["_type"] == "Avatar": # new speaker
part = self._newParticipant(principal_from_fossil(user, allow_pending=True))
elif user["_type"] == "ContributionParticipation": # adding existing author to speaker
part = self._contribution.getAuthorById(user["id"])
self._contribution.addSpeaker(part)
if self._submissionRights and part:
self._contribution.grantSubmission(part)
if self._kindOfList == "prAuthor":
return self._getParticipantsList(self._contribution.getPrimaryAuthorList())
elif self._kindOfList == "coAuthor":
return self._getParticipantsList(self._contribution.getCoAuthorList())
elif self._kindOfList == "speaker":
return self._getParticipantsList(self._contribution.getSpeakerList())
else:
raise ServiceError("ERR-UK0", _("Invalid kind of list of users."))
def _process(self):
for data in request.json['users']:
user = principal_from_fossil(data,
allow_pending=True,
allow_groups=False)
if user not in self.role.members:
self.role.members.add(user)
logger.info('User %r added to role %r by %r', user, self.role,
session.user)
self.event.log(EventLogRealm.management,
EventLogKind.positive,
'Roles',
f'Added user to role "{self.role.name}"',
session.user,
data={
'Name': user.full_name,
'Email': user.email
})
return jsonify_data(html=_render_role(self.role, collapsed=False))
def _getAnswer(self):
if self._kindOfUser == "pending":
if self._kindOfList == "manager":
# remove pending email, self._chairId is an email address
self._session.getAccessController().revokeModificationEmail(self._chairId)
elif self._kindOfList == "coordinator":
try:
chairSession = self._session.getConference().getPendingQueuesMgr().getPendingCoordinators()[self._chairId][0]
self._session.getConference().getPendingQueuesMgr().removePendingCoordinator(chairSession)
except KeyError:
# the user is not in the list of conveners (the table is not updated). Do nothing and update the list
pass
else:
principal = principal_from_fossil(self._params['principal'], allow_missing_groups=True)
if self._kindOfList == "manager":
self._session.revokeModification(principal)
elif self._kindOfList == "coordinator":
self._session.removeCoordinator(principal)
return self._getSessionChairList()
def update_permissions(obj, form):
event = obj if isinstance(obj, Event) else obj.event
current_principal_permissions = {
p.principal: get_principal_permissions(p, obj.__class__)
for p in obj.acl_entries
}
current_principal_permissions = {
k: v
for k, v in current_principal_permissions.iteritems() if v
}
new_principal_permissions = {
principal_from_fossil(fossil,
allow_emails=True,
allow_networks=True,
event=event): set(permissions)
for fossil, permissions in form.permissions.data
}
update_principals_permissions(obj, current_principal_permissions,
new_principal_permissions)
def _getAnswer(self):
if self._kindOfUser == "pending":
if self._kindOfList == "manager":
# remove pending email, self._chairId is an email address
self._session.getAccessController().revokeModificationEmail(
self._chairId)
elif self._kindOfList == "coordinator":
try:
chairSession = self._session.getConference(
).getPendingQueuesMgr().getPendingCoordinators()[
self._chairId][0]
self._session.getConference().getPendingQueuesMgr(
).removePendingCoordinator(chairSession)
except KeyError:
# the user is not in the list of conveners (the table is not updated). Do nothing and update the list
pass
else:
principal = principal_from_fossil(self._params['principal'])
if self._kindOfList == "manager":
self._session.revokeModification(principal)
elif self._kindOfList == "coordinator":
self._session.removeCoordinator(principal)
return self._getSessionChairList()
def _getAnswer(self):
for user in self._userList:
if user["_type"] == "Avatar": # new speaker
part = self._newParticipant(
principal_from_fossil(user, allow_pending=True))
elif user[
"_type"] == "ContributionParticipation": # adding existing author to speaker
part = self._contribution.getAuthorById(user["id"])
self._contribution.addSpeaker(part)
if self._submissionRights and part:
self._contribution.grantSubmission(part)
if self._kindOfList == "prAuthor":
return self._getParticipantsList(
self._contribution.getPrimaryAuthorList())
elif self._kindOfList == "coAuthor":
return self._getParticipantsList(
self._contribution.getCoAuthorList())
elif self._kindOfList == "speaker":
return self._getParticipantsList(
self._contribution.getSpeakerList())
else:
raise ServiceError("ERR-UK0", _("Invalid kind of list of users."))
def _process(self):
event = self.event
form = EventProtectionForm(obj=FormDefaults(**self._get_defaults()),
event=event)
if form.validate_on_submit():
current_principal_permissions = {
p.principal: self._get_principal_permissions(p)
for p in event.acl_entries
}
current_principal_permissions = {
k: v
for k, v in current_principal_permissions.iteritems() if v
}
new_principal_permissions = {
principal_from_fossil(fossil,
allow_emails=True,
allow_networks=True,
event=event): set(permissions)
for fossil, permissions in form.permissions.data
}
self._update_permissions(current_principal_permissions,
new_principal_permissions)
update_event_protection(
event, {
'protection_mode': form.protection_mode.data,
'own_no_access_contact': form.own_no_access_contact.data,
'access_key': form.access_key.data,
'visibility': form.visibility.data
})
self._update_session_coordinator_privs(form)
flash(_('Protection settings have been updated'), 'success')
return redirect(url_for('.protection', event))
return WPEventProtection.render_template('event_protection.html',
event,
'protection',
form=form)
def update_permissions(obj, form):
"""Update the permissions of an object, based on the corresponding WTForm."""
from indico.util.user import principal_from_fossil
from indico.modules.categories import Category
from indico.modules.events import Event
event = category = None
if isinstance(obj, Category):
category = obj
elif isinstance(obj, Event):
event = obj
else:
event = obj.event
category = event.category
current_principal_permissions = {
p.principal: get_principal_permissions(p, type(obj))
for p in obj.acl_entries
}
current_principal_permissions = {
k: v
for k, v in current_principal_permissions.iteritems() if v
}
new_principal_permissions = {
principal_from_fossil(
fossil,
allow_emails=True,
allow_networks=True,
allow_pending=True,
allow_registration_forms=True,
event=event,
category=category,
): set(permissions)
for fossil, permissions in form.permissions.data
}
update_principals_permissions(obj, current_principal_permissions,
new_principal_permissions)
def _checkParams(self):
ConferenceManagerListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'], legacy=False, allow_missing_groups=True,
allow_emails=True)
def _checkParams(self):
ConferenceModifBase._checkParams(self)
pm = ParameterManager(self._params)
self._principals = [principal_from_fossil(f, allow_pending=True, legacy=False)
for f in pm.extract("userList", pType=list, allowEmpty=False)]
def _checkParams(self):
CategoryControlUserListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'])
def _checkParams(self):
ContributionManagerListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'],
allow_missing_groups=True)
def _checkParams(self):
ContributionManagerListBase._checkParams(self)
self._principals = [principal_from_fossil(f, allow_pending=True)
for f in self._pm.extract("userList", pType=list, allowEmpty=False)]
def _checkParams(self):
CategoryModifBase._checkParams(self)
self._principal = principal_from_fossil(self._params['value'])
self._user = self.getAW().getUser()
def _checkParams(self):
ContributionModifBase._checkParams(self)
self._principals = [principal_from_fossil(f, allow_pending=True) for f in self._params['value']]
self._user = self.getAW().getUser()
def _checkParams(self):
ContributionManagerListBase._checkParams(self)
self._principals = [
principal_from_fossil(f, allow_pending=True)
for f in self._pm.extract("userList", pType=list, allowEmpty=False)
]
def _checkParams(self):
ContributionModifBase._checkParams(self)
self._principal = principal_from_fossil(self._params['value'])
self._user = self.getAW().getUser()
def _convert_principal(self, principal):
return principal_from_fossil(principal,
allow_pending=self.allow_external,
legacy=False,
allow_emails=self.allow_emails)
def _checkParams(self):
CategoryModifBase._checkParams(self)
self._principal = principal_from_fossil(self._params["value"], allow_missing_groups=True)
self._user = self.getAW().getUser()
def _checkParams(self):
CategoryControlUserListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'])
def _convert_principal(self, principal):
principal = principal_from_fossil(principal,
allow_pending=self.allow_external,
legacy=False)
return principal.as_principal if self.serializable else principal
def _checkParams(self):
ContributionModifBase._checkParams(self)
self._principal = principal_from_fossil(self._params['value'], allow_missing_groups=True)
self._user = self.getAW().getUser()
def _checkParams(self):
ContributionManagerListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'])
def _getAnswer(self):
principals = [principal_from_fossil(f, allow_pending=True) for f in self._reviewerList]
for reviewer in principals:
self._conf.getTrackById(self._trackId).addCoordinator(reviewer)
return fossilize(self._conf.getTrackById(self._trackId).getCoordinatorList())
def _checkParams(self):
SessionChairListBase._checkParams(self)
pm = ParameterManager(self._params)
self._principals = [principal_from_fossil(f, allow_pending=True)
for f in pm.extract("userList", pType=list, allowEmpty=False)]
def _checkParams(self):
ContributionManagerListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'], allow_missing_groups=True)
def _convert_principal(self, principal):
principal = principal_from_fossil(principal, allow_pending=self.allow_external, legacy=False)
return principal.as_principal if self.serializable else principal
def _checkParams(self):
CategoryControlUserListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'], allow_missing_groups=True)
def _getAnswer(self):
for person in self._userList:
self._newChair(principal_from_fossil(person, allow_pending=True))
return self._getChairPersonsList()
def _convert_principal(self, principal):
return principal_from_fossil(principal, allow_pending=self.allow_external,
allow_emails=self.allow_emails, allow_networks=self.allow_networks,
existing_data=self.object_data)
def _checkParams(self):
ContributionManagerListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'])
def _checkParams(self):
ConferenceManagerListBase._checkParams(self)
self._principal = principal_from_fossil(self._params['principal'],
legacy=False,
allow_missing_groups=True,
allow_emails=True)
def _checkParams(self):
ConferenceModifBase._checkParams(self)
self._principal = principal_from_fossil(self._params['value'],
allow_missing_groups=True)
self._user = self.getAW().getUser()
def _convert_principal(self, principal):
return principal_from_fossil(principal, allow_pending=self.allow_external, legacy=False,
allow_emails=self.allow_emails, allow_networks=self.allow_networks)
def _checkParams(self):
CategoryModifBase._checkParams(self)
self._principals = [principal_from_fossil(f, allow_pending=True) for f in self._params["value"]]
self._user = self.getAW().getUser()