def get_object(self):
link_id = self.kwargs['link_id']
view_only_link = PrivateLink.load(link_id)
return {
'data': view_only_link.nodes.all(),
'self': view_only_link,
}
def wrapped(*args, **kwargs):
response = None
_inject_nodes(kwargs)
node = kwargs['node']
kwargs['auth'] = Auth.from_kwargs(request.args.to_dict(), kwargs)
user = kwargs['auth'].user
key = request.args.get('view_only', '').strip('/')
#if not login user check if the key is valid or the other privilege
kwargs['auth'].private_key = key
link_anon = None
if not include_view_only_anon:
from osf.models import PrivateLink
try:
link_anon = PrivateLink.find_one(Q('key', 'eq', key)).anonymous
except ModularOdmException:
pass
if not node.is_public or not include_public:
if not include_view_only_anon and link_anon:
if not check_can_access(node=node, user=user):
raise HTTPError(http.UNAUTHORIZED)
elif key not in node.private_link_keys_active:
if not check_can_access(node=node, user=user, key=key):
redirect_url = check_key_expired(key=key, node=node, url=request.url)
if request.headers.get('Content-Type') == 'application/json':
raise HTTPError(http.UNAUTHORIZED)
else:
response = redirect(cas.get_login_url(redirect_url))
return response or func(*args, **kwargs)
def get_object(self):
link_id = self.kwargs['link_id']
view_only_link = PrivateLink.load(link_id)
return {
'data': view_only_link.nodes.all(),
'self': view_only_link
}
def get_serializer_class(self):
if 'link_id' in self.kwargs:
view_only_link = PrivateLink.load(self.kwargs['link_id'])
node = view_only_link.nodes.first()
if node.is_registration:
return RegistrationSerializer
return NodeSerializer
else:
return JSONAPISerializer
def get_serializer_class(self):
if 'link_id' in self.kwargs:
view_only_link = PrivateLink.load(self.kwargs['link_id'])
node = view_only_link.nodes.first()
if node.is_registration:
return RegistrationSerializer
return NodeSerializer
else:
return JSONAPISerializer
def is_private_link_anonymous_view():
try:
# Avoid circular import
from osf.models import PrivateLink
return PrivateLink.find_one(
Q('key', 'eq', request.args.get('view_only'))
).anonymous
except QueryException:
return False
def check_private_key_for_anonymized_link(private_key):
from osf.models import PrivateLink
is_anonymous = False
if private_key is not None:
try:
link = PrivateLink.find_one(Q('key', 'eq', private_key))
except NoResultsFound:
link = None
if link is not None:
is_anonymous = link.anonymous
return is_anonymous
def check_private_key_for_anonymized_link(private_key):
from osf.models import PrivateLink
is_anonymous = False
if private_key is not None:
try:
link = PrivateLink.find_one(Q('key', 'eq', private_key))
except NoResultsFound:
link = None
if link is not None:
is_anonymous = link.anonymous
return is_anonymous
def get_queryset(self):
link_id = self.kwargs['link_id']
view_only_link = PrivateLink.load(link_id)
user = get_user_auth(self.request).user
nodes = []
for node in view_only_link.nodes.all():
if not node.has_permission(user, ADMIN):
raise PermissionDenied
nodes.append(node)
return nodes
def get_queryset(self):
link_id = self.kwargs['link_id']
view_only_link = PrivateLink.load(link_id)
user = get_user_auth(self.request).user
nodes = []
for node in view_only_link.nodes.all():
if not node.has_permission(user, 'admin'):
raise PermissionDenied
nodes.append(node)
return nodes
def get_object(self):
link_id = self.kwargs['link_id']
view_only_link = PrivateLink.load(link_id)
user = get_user_auth(self.request).user
for node in view_only_link.nodes.all():
if not node.has_permission(user, 'admin'):
raise PermissionDenied
if not view_only_link:
raise NotFound
return view_only_link
def get_object(self):
link_id = self.kwargs['link_id']
view_only_link = PrivateLink.load(link_id)
user = get_user_auth(self.request).user
for node in view_only_link.nodes.all():
if not node.has_permission(user, ADMIN):
raise PermissionDenied
if not view_only_link:
raise NotFound
return view_only_link
def private_link(self):
if not self.private_key:
return None
try:
# Avoid circular import
from osf.models import PrivateLink
private_link = PrivateLink.find_one(
Q('key', 'eq', self.private_key))
if private_link.is_deleted:
return None
except QueryException:
return None
return private_link
def private_link(self):
if not self.private_key:
return None
try:
# Avoid circular import
from osf.models import PrivateLink
private_link = PrivateLink.find_one(
Q('key', 'eq', self.private_key)
)
if private_link.is_deleted:
return None
except QueryException:
return None
return private_link
def project_private_link_edit(auth, **kwargs):
name = request.json.get('value', '')
try:
validate_title(name)
except ValidationError as e:
message = 'Invalid link name.' if e.message == 'Invalid title.' else e.message
raise HTTPError(http.BAD_REQUEST, data=dict(message_long=message))
private_link_id = request.json.get('pk', '')
private_link = PrivateLink.load(private_link_id)
if private_link:
new_name = strip_html(name)
private_link.name = new_name
private_link.save()
return new_name
else:
raise HTTPError(http.BAD_REQUEST,
data=dict(message_long='View-only link not found.'))
def remove_private_link(*args, **kwargs):
link_id = request.json['private_link_id']
try:
link = PrivateLink.load(link_id)
link.is_deleted = True
link.save()
for node in link.nodes.all():
log_dict = {
'project': node.parent_id,
'node': node._id,
'user': kwargs.get('auth').user._id,
'anonymous_link': link.anonymous,
}
node.add_log(NodeLog.VIEW_ONLY_LINK_REMOVED,
log_dict,
auth=kwargs.get('auth', None))
except ModularOdmException:
raise HTTPError(http.NOT_FOUND)
def wrapped(*args, **kwargs):
response = None
_inject_nodes(kwargs)
node = kwargs['node']
kwargs['auth'] = Auth.from_kwargs(request.args.to_dict(), kwargs)
user = kwargs['auth'].user
key = request.args.get('view_only', '').strip('/')
#if not login user check if the key is valid or the other privilege
kwargs['auth'].private_key = key
link_anon = None
if not include_view_only_anon:
from osf.models import PrivateLink
try:
link_anon = PrivateLink.find_one(Q('key', 'eq',
key)).anonymous
except ModularOdmException:
pass
if not node.is_public or not include_public:
if not include_view_only_anon and link_anon:
if not check_can_access(node=node, user=user):
raise HTTPError(http.UNAUTHORIZED)
elif key not in node.private_link_keys_active:
if not check_can_access(node=node, user=user, key=key):
redirect_url = check_key_expired(key=key,
node=node,
url=request.url)
if request.headers.get(
'Content-Type') == 'application/json':
raise HTTPError(http.UNAUTHORIZED)
else:
response = redirect(
cas.get_login_url(redirect_url))
return response or func(*args, **kwargs)
def project_private_link_edit(auth, **kwargs):
name = request.json.get('value', '')
try:
validate_title(name)
except ValidationError as e:
message = 'Invalid link name.' if e.message == 'Invalid title.' else e.message
raise HTTPError(
http.BAD_REQUEST,
data=dict(message_long=message)
)
private_link_id = request.json.get('pk', '')
private_link = PrivateLink.load(private_link_id)
if private_link:
new_name = strip_html(name)
private_link.name = new_name
private_link.save()
return new_name
else:
raise HTTPError(
http.BAD_REQUEST,
data=dict(message_long='View-only link not found.')
)
def remove_private_link(*args, **kwargs):
link_id = request.json['private_link_id']
try:
link = PrivateLink.load(link_id)
link.is_deleted = True
link.save()
for node in link.nodes.all():
log_dict = {
'project': node.parent_id,
'node': node._id,
'user': kwargs.get('auth').user._id,
'anonymous_link': link.anonymous,
}
node.add_log(
NodeLog.VIEW_ONLY_LINK_REMOVED,
log_dict,
auth=kwargs.get('auth', None)
)
except ModularOdmException:
raise HTTPError(http.NOT_FOUND)