Exemplo n.º 1
0
    def authenticate(self, environ, identity):
        if not ('login' in identity and 'password' in identity):
            return None

        login = identity['login']
        user = User.by_name(login)

        ## HDX HACK ##
        if user is None:
            users = User.by_email(login)
            try:
                user = users[0]
            except:
                user = None
        ## END HDX HACK ##

        if user is None:
            log.debug('Login failed - username %r not found', login)
        elif not user.is_active():
            log.debug('Login as %r failed - user isn\'t active', login)
        elif not user.validate_password(identity['password']):
            log.debug('Login as %r failed - password not valid', login)
        else:
            return user.name

        return None
Exemplo n.º 2
0
def send_email(req):
    requestee = User.get(req.user_id)
    pkg = Package.get(req.pkg_id)
    selrole = False
    for role in pkg.roles:
        if role.role == "admin":
            selrole = role
    if not selrole:
        return
    admin = User.get(selrole.user_id)
    msg = _("""%s (%s) is requesting editor access to a dataset you have created
    %s.

Please click this link if you want to give this user write access:
%s%s""")
    controller = 'ckanext.kata.controllers:AccessRequestController'
    body = msg % (requestee.name, requestee.email, pkg.title if pkg.title else pkg.name,
                config.get('ckan.site_url', ''),
                h.url_for(controller=controller,
                action="unlock_access",
                id=req.id))
    email_dict = {}
    email_dict["subject"] = _("Access request for dataset %s" % pkg.title if pkg.title else pkg.name)
    email_dict["body"] = body
    send_notification(admin.as_dict(), email_dict)
Exemplo n.º 3
0
    def authenticate(self, environ, identity):
        if not ('login' in identity and 'password' in identity):
            return None

        login = identity['login']
        user = User.by_name(login)

        is_email = plugins.toolkit.config.get('ckan.authenticator.email', '').strip().lower() == 'true'

        if user is None and is_email:
            users = User.by_email(login)
            try:
                user = users[0]
            except:
                user = None

        if user is None:
            log.debug('Login failed - {} not found'.format(login))
        elif not user.is_active():
            log.debug('Login as {} failed - user isn\'t active'.format(login))
        elif not user.validate_password(identity['password']):
            log.debug('Login as {} failed - password not valid'.format(login))
        else:
            return user.name

        return None
Exemplo n.º 4
0
    def authenticate(self, environ, identity):
        if not ('login' in identity and 'password' in identity):
            return None

        login = identity['login']
        user = User.by_name(login)

        ## HDX HACK ##
        if user is None:
            users = User.by_email(login)
            try:
                user = users[0]
            except:
                user = None
        ## END HDX HACK ##

        if user is None:
            log.debug('Login failed - username %r not found', login)
        elif not user.is_active():
            log.debug('Login as %r failed - user isn\'t active', login)
        elif not user.validate_password(identity['password']):
            log.debug('Login as %r failed - password not valid', login)
        else:
            return user.name

        return None
Exemplo n.º 5
0
def send_notifications_on_new_post(post, lang):
    from ckan.model import User
    template_dir = os.path.join(os.path.dirname(__file__), 'templates')
    locale_dir = os.path.join(os.path.dirname(__file__), 'i18n')
    env = jinja2.Environment(loader=jinja2.FileSystemLoader(template_dir),
                             extensions=['jinja2.ext.i18n'])
    translations = Translations.load(locale_dir, [lang],
                                     domain='ckanext-forum')
    env.install_gettext_translations(translations)
    env.globals['get_locale'] = lambda: lang
    post_author = User.get(post.author_id)

    thread = Thread.get_by_id(post.thread_id)
    author_ids = set([p.author_id
                      for p in thread.forum_posts] + [thread.author_id])
    author_ids -= set([
        u.user_id for u in Unsubscription.filter_by_thread_id(post.thread_id)
    ])

    for author_id in author_ids:
        if author_id == post_author.id:
            continue
        user = User.get(author_id)
        unsubscribe_url = tk.url_for('forum_unsubscribe',
                                     base64_name=base64.b64encode(user.name),
                                     thread_id=thread.id)
        context = {
            'user_name':
            user.name,
            'site_title':
            tk.config.get('ckan.site_title'),
            'site_url':
            tk.config.get('ckan.site_url'),
            'post_content':
            post.content,
            'title':
            env.globals['gettext']('New post'),
            'unsubscribe_url':
            urljoin(tk.config['ckan.site_url'], unsubscribe_url),
            'username':
            post_author.name,
            'thread_url':
            urljoin(tk.config['ckan.site_url'], thread.get_absolute_url()),
        }
        template = env.get_template('forum_new_post_mail.html')
        body = template.render(context)
        log.debug('Email body %s', body)
        tk.get_action('send_mail')(
            {}, {
                'to': user.email,
                'subject': env.globals['gettext']('New post'),
                'message_html': body
            })
Exemplo n.º 6
0
    def authenticate(self, environ, identity):
        """ Mimic most of UsernamePasswordAuthenticator.authenticate
        but add account lockout after 10 failed attempts.
        """
        if 'login' not in identity or 'password' not in identity:
            return None
        login_name = identity.get('login')
        user = User.by_name(login_name)
        if user is None:
            LOG.debug('Login failed - username %r not found', login_name)
            return None

        cache_key = '{}.ckanext.qgov.login_attempts.{}'.format(
            g.site_id, login_name)
        redis_conn = connect_to_redis()
        try:
            login_attempts = int(redis_conn.get(cache_key) or 0)
        except ValueError:
            # shouldn't happen but let's play it safe
            login_attempts = 0

        if login_attempts >= 10:
            LOG.debug('Login as %r failed - account is locked', login_name)
        elif user.validate_password(identity.get('password')):
            if login_attempts > 0:
                LOG.debug("Clearing failed login attempts for %s", login_name)
                # reset attempt count to 0
                redis_conn.delete(cache_key)
            return user.name
        else:
            LOG.debug('Login as %r failed - password not valid', login_name)

        redis_conn.set(cache_key, login_attempts + 1, ex=LOGIN_THROTTLE_EXPIRY)
        return None
Exemplo n.º 7
0
def resource_tracker_create(context, data_dict):
    '''Append a new resource tracker to the list of resource log
    :param resource_id: the id of the resource
    :param event: the action which the user take 
    :param obj_type: object type which the user action is applied to.
    :param user_id: the username of the user
    '''
    check_access('resource_tracker_create', context, data_dict)

    data, errors = validate(data_dict, resource_tracker_create_schema(),
                            context)

    if errors:
        raise ValidationError(errors)

    logger = User.get(context.get('user'))
    if logger:
        tracker = ResourceLog(
            resource_id=data.get('resource_id'),
            event=data.get('event'),
            obj_type=data.get('obj_type'),
            user_id=logger.name,
        )
    else:
        tracker = ResourceLog(
            resource_id=data.get('resource_id'),
            event=data.get('event'),
            obj_type=data.get('obj_type'),
            user_id=None,
        )

    tracker.save()

    return tracker.as_dict()
Exemplo n.º 8
0
def harvest_source_create(context, data_dict):
    model = context['model']
    user = context.get('user', '')

    # Non-logged users can not create sources
    if not user:
        return {
            'success':
            False,
            'msg':
            _('Non-logged in users are not authorized to create harvest sources'
              )
        }

    # Sysadmins and the rest of logged users can create sources,
    # as long as they belong to a publisher
    user_obj = User.get(user)
    if not user_obj or not ckan.new_authz.is_sysadmin(user) and len(
            user_obj.get_groups(u'organization')) == 0:
        return {
            'success':
            False,
            'msg':
            _('User %s must belong to a publisher to create harvest sources') %
            str(user)
        }
    else:
        return {'success': True}
Exemplo n.º 9
0
    def authenticate(self, environ, identity):
        if not 'login' in identity or not 'password' in identity:
            return None
        user = User.by_name(identity.get('login'))
        if user is None:
            log.debug('Login failed - username %r not found',
                      identity.get('login'))
            return None

        seedUser = Session.query(SEEDUser).filter_by(
            name=identity.get('login')).first()
        if seedUser.login_attempts >= 10:
            log.debug('Login as %r failed - account is locked',
                      identity.get('login'))
        elif user.validate_password(identity.get('password')):
            # reset attempt count to 0
            seedUser.login_attempts = 0
            Session.commit()
            return user.name
        else:
            log.debug('Login as %r failed - password not valid',
                      identity.get('login'))

        seedUser.login_attempts += 1
        Session.commit()
        return None
Exemplo n.º 10
0
def email_exists(key, data, errors, context):
    result = User.by_email(data[key])
    if result:
        errors[('email', )] = errors.get(key, [])
        errors[('email', )] = [
            _('An account is already registered to that email.')
        ]
Exemplo n.º 11
0
    def authenticate(self, environ, identity):
        if not ('login' in identity and 'password' in identity):
            return None

        login = identity['login']
        user = User.by_name(login)

        if user is None:
            log.debug('Login failed - username %r not found', login)
        elif not user.is_active():
            log.debug('Login as %r failed - user isn\'t active', login)
        elif not user.validate_password(identity['password']):
            log.debug('Login as %r failed - password not valid', login)
        else:
            msg = h.get_billing_api("api/RegisterAndSession/login",
                                    request_type='post',
                                    ckan_user_id=user.id,
                                    ckan_user_name=user.name,
                                    role=authz.is_sysadmin(login))
            decoded = json.loads(msg)
            if decoded['msg'] == 'error':
                log.debug(
                    'Login as %r failed - Create the login session failed',
                    login)
            elif decoded['msg'] == 'success':
                return user.name
            else:
                return user.name
                log.debug(
                    'Login as %r failed - api/RegisterAndSession/login return wrong data',
                    login)
        return None
Exemplo n.º 12
0
    def authenticate(self, environ, identity):

        request = Request(environ)
        if request.method == 'POST':
            came_from = request.params.get('came_from')
            if came_from == "/user/logged_in":
                if not custom_captcha.check_recaptcha(request):
                    log.debug('Bad Captcha error')
                    return None

        if not ('login' in identity and 'password' in identity):
            return None

        login = identity['login']
        user = User.by_name(login)

        if user is None:
            log.debug('Login failed - username %r not found', login)
        elif not user.is_active():
            log.debug('Login as %r failed - user isn\'t active', login)
        elif not user.validate_password(identity['password']):
            log.debug('Login as %r failed - password not valid', login)
        else:
            return user.name

        return None
Exemplo n.º 13
0
 def command(self):
     self._load_config()
     self._user = User.get(self.site_user['name'])
     with app_context() as context:
         context.g.user = self.site_user['name']
         context.g.userobj = self._user
         self.migrate_all_resources()
Exemplo n.º 14
0
    def authenticate(self, environ, identity):
        """ Mimic most of UsernamePasswordAuthenticator.authenticate
        but add account lockout after 10 failed attempts.
        """
        if 'login' not in identity or 'password' not in identity:
            return None
        user = User.by_name(identity.get('login'))
        if user is None:
            LOG.debug('Login failed - username %r not found',
                      identity.get('login'))
            return None

        qgov_user = Session.query(QGOVUser).filter_by(
            name=identity.get('login')).first()
        if qgov_user.login_attempts >= 10:
            LOG.debug('Login as %r failed - account is locked',
                      identity.get('login'))
        elif user.validate_password(identity.get('password')):
            # reset attempt count to 0
            qgov_user.login_attempts = 0
            Session.commit()
            return user.name
        else:
            LOG.debug('Login as %r failed - password not valid',
                      identity.get('login'))

        qgov_user.login_attempts += 1
        Session.commit()
        return None
Exemplo n.º 15
0
def harvest_job_create(context, data_dict):
    model = context['model']
    user = context.get('user')

    source_id = data_dict['source_id']

    if not user:
        return {
            'success':
            False,
            'msg':
            _('Non-logged in users are not authorized to create harvest jobs')
        }

    if ckan.new_authz.is_sysadmin(user):
        return {'success': True}

    user_obj = User.get(user)
    source = HarvestSource.get(source_id)
    if not source:
        raise NotFound

    if not user_obj or not source.publisher_id in [
            g.id for g in user_obj.get_groups(u'organization')
    ]:
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to create a job for source %s') %
            (str(user), source.id)
        }
    else:
        return {'success': True}
Exemplo n.º 16
0
def is_owner(context, data_dict):
    '''
    This is used in "request edit rights" feature.
    Checks if the user is admin or editor of the
    package in question

    :param context: context
    :param data_dict: package data
    :type data_dict: dictionary

    :rtype: dictionary
    '''

    pkg = context.get('package', None)
    roles = pkg.roles if pkg else Package.get(data_dict['id']).roles
    user = context.get('user', False)
    if user:
        for role in roles:
            ruser = User.get(role.user.id)
            if user == ruser.name and role.role in ('admin', 'editor'):
                return {'success': True}

    # Check if the user has editor rights to this dataset through an organization
    package = get_package_object(context, data_dict)
    if new_authz.has_user_permission_for_group_or_org(package.owner_org, user, 'delete_dataset'):
        return {'success': True}

    return {'success': False}
Exemplo n.º 17
0
def harvest_job_show(context, data_dict):
    model = context['model']
    user = context.get('user')

    job = get_job_object(context, data_dict)

    if not user:
        return {
            'success': False,
            'msg':
            _('Non-logged in users are not authorized to see harvest jobs')
        }

    if Authorizer().is_sysadmin(user):
        return {'success': True}

    user_obj = User.get(user)
    if not user_obj or not job.source.publisher_id in [
            g.id for g in user_obj.get_groups(u'publisher')
    ]:
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to read harvest job %s') %
            (str(user), job.id)
        }
    else:
        return {'success': True}
Exemplo n.º 18
0
def harvest_source_update(context, data_dict):
    model = context['model']
    user = context.get('user', '')

    source = get_source_object(context, data_dict)

    # Non-logged users can not update this source
    if not user:
        return {
            'success':
            False,
            'msg':
            _('Non-logged in users are not authorized to update harvest sources'
              )
        }

    # Sysadmins can update the source
    if Authorizer().is_sysadmin(user):
        return {'success': True}

    # Check if the source publisher id exists on the user's groups
    user_obj = User.get(user)
    if not user_obj or not source.publisher_id in [
            g.id for g in user_obj.get_groups(u'publisher')
    ]:
        return {
            'success':
            False,
            'msg':
            _('User %s not authorized to update harvest source %s') %
            (str(user), source.id)
        }
    else:
        return {'success': True}
Exemplo n.º 19
0
def harvesters_info_show(context, data_dict):
    model = context['model']
    user = context.get('user', '')

    # Non-logged users can not create sources
    if not user:
        return {
            'success': False,
            'msg': _('Non-logged in users can not see the harvesters info')
        }

    # Sysadmins and the rest of logged users can see the harvesters info,
    # as long as they belong to a publisher
    user_obj = User.get(user)
    if not user_obj or not Authorizer().is_sysadmin(user) and len(
            user_obj.get_groups(u'publisher')) == 0:
        return {
            'success':
            False,
            'msg':
            _('User %s must belong to a publisher to see the harvesters info')
            % str(user)
        }
    else:
        return {'success': True}
Exemplo n.º 20
0
def harvest_source_list(context, data_dict):

    model = context['model']
    user = context.get('user')

    # Here we will just check that the user is logged in.
    # The logic action will return an empty list if the user does not
    # have permissons on any source.
    if not user:
        return {
            'success': False,
            'msg': _('Only logged users are authorized to see their sources')
        }
    else:
        user_obj = User.get(user)
        assert user_obj

        # Only users belonging to a publisher can list sources,
        # unless they are sysadmins
        if Authorizer().is_sysadmin(user_obj):
            return {'success': True}
        if len(user_obj.get_groups(u'publisher')) > 0:
            return {'success': True}
        else:
            return {
                'success':
                False,
                'msg':
                _('User %s must belong to a publisher to list harvest sources')
                % str(user)
            }
Exemplo n.º 21
0
 def send(self, pkg_id):
     package = Package.get(pkg_id)
     url = h.url_for(controller='package',
             action="read",
             id=package.id)
     if c.user:
             userid = None
             for role in package.roles:
                 if role.role == "admin":
                     userid = role.user_id
                     break
             if userid:
                 owner = User.get(userid)
                 msg = request.params.get('msg', '')
                 if msg:
                     send_contact_email(owner, c.userobj, package,\
                                    msg)
                 else:
                     h.flash_error(_("No message"))
                     return redirect(url)
             else:
                 h.flash_error(_("No owner found"))
                 return redirect(url)
             h.flash_notice(_("Message sent"))
     else:
         h.flash_error(_("Please login"))
     return redirect(url)
Exemplo n.º 22
0
def inventory_resource_show(context, data_dict):
    model = context['model']
    user = User.by_name(context.get('user'))
    resource = get_resource_object(context, data_dict)

    # check authentication against package
    pkg = model.Package.get(resource.package_id)
    if not pkg:
        raise logic.NotFound(
            _('No package found for this resource,'
              ' cannot check auth.'))

    if user is None:
        if pkg.private:
            return {'success': False}
        else:
            return {'success': True}
    else:
        pkg_dict = {'id': pkg.id}
        authorized = authz.is_authorized('package_show', context, pkg_dict) \
            .get('success')

        if not authorized:
            return {
                'success':
                False,
                'msg':
                _('User %s not authorized to read resource %s') %
                (user, resource.id)
            }
        else:
            return {'success': True}
Exemplo n.º 23
0
def harvest_jobs_run(context,data_dict):
    model = context['model']
    user = context.get('user')

    # Check user is logged in
    if not user:
        return {'success': False, 'msg': _('Only logged users are authorized to run harvest jobs')}

    user_obj = User.get(user)

    # Checks for non sysadmin users
    if not Authorizer().is_sysadmin(user):
        if not user_obj or len(user_obj.get_groups(u'publisher')) == 0:
            return {'success': False, 'msg': _('User %s must belong to a publisher to run harvest jobs') % str(user)}

        source_id = data_dict.get('source_id',False)
        if not source_id:
            return {'success': False, 'msg': _('Only sysadmins can run all harvest jobs') % str(user)}

        source = HarvestSource.get(source_id)
        if not source:
            raise NotFound

        if not source.publisher_id in [g.id for g in user_obj.get_groups(u'publisher')]:
            return {'success': False, 'msg': _('User %s not authorized to run jobs from source %s') % (str(user),source.id)}

    return {'success': True}
Exemplo n.º 24
0
def get_user(openid):
    username = get_username(openid)
    user = User.by_name(username)
    if user:
        user_dict = toolkit.get_action('user_show')(data_dict={'id': user.id})
        return user_dict
    else:
        return None
Exemplo n.º 25
0
def _get_sources_for_user(context,
                          data_dict,
                          organization_id=None,
                          limit=None):

    session = context['session']
    user = context.get('user', '')

    only_active = data_dict.get('only_active', False)
    only_to_run = data_dict.get('only_to_run', False)

    query = session.query(HarvestSource) \
        .order_by(HarvestSource.created.desc())

    if organization_id:
        query = query.join(Package, HarvestSource.id == Package.id).filter(
            Package.owner_org == organization_id)

    if only_active:
        query = query.filter(
            HarvestSource.active == True  # noqa: E712
        ) \

    if only_to_run:
        query = query.filter(HarvestSource.frequency != 'MANUAL')
        query = query.filter(
            or_(
                HarvestSource.next_run <= datetime.datetime.utcnow(),
                HarvestSource.next_run == None  # noqa: E711
            ))

    user_obj = User.get(user)
    # Sysadmins will get all sources
    if user_obj and not user_obj.sysadmin:
        # This only applies to a non sysadmin user when using the
        # publisher auth profile. When using the default profile,
        # normal users will never arrive at this point, but even if they
        # do, they will get an empty list.

        publisher_filters = []
        publishers_for_the_user = user_obj.get_groups(u'publisher')
        for publisher_id in [g.id for g in publishers_for_the_user]:
            publisher_filters.append(
                HarvestSource.publisher_id == publisher_id)

        if len(publisher_filters):
            query = query.filter(or_(*publisher_filters))
        else:
            # This user does not belong to a publisher yet, no sources for him/her
            return []

        log.debug('User %s with publishers %r has Harvest Sources: %r', user,
                  publishers_for_the_user, [(hs.id, hs.url) for hs in query])

    sources = query.limit(limit).all() if limit else query.all()

    return sources
Exemplo n.º 26
0
 def authenticate(self, environ, identity):
     if 'repoze.who.plugins.openid.userid' in identity:
         openid = identity['repoze.who.plugins.openid.userid']
         user = User.by_openid(openid)
         if user is None or not user.is_active():
             return None
         else:
             return user.name
     return None
Exemplo n.º 27
0
 def authenticate(self, environ, identity):
     if 'repoze.who.plugins.openid.userid' in identity:
         openid = identity['repoze.who.plugins.openid.userid']
         user = User.by_openid(openid)
         if user is None or not user.is_active():
             return None
         else:
             return user.name
     return None
Exemplo n.º 28
0
 def authenticate(self, environ, identity):
     if 'repoze.who.plugins.openid.userid' in identity:
         openid = identity.get('repoze.who.plugins.openid.userid')
         user = User.by_openid(openid)
         if user is None:
             return None
         else:
             return user.name
     return None
Exemplo n.º 29
0
 def authenticate(self, environ, identity):
     if not 'login' in identity or not 'password' in identity:
         return None
     user = User.by_name(identity.get('login'))
     if user is None: 
         return None
     if user.validate_password(identity.get('password')):
         return user.name
     return None
Exemplo n.º 30
0
 def authenticate(self, environ, identity):
     if 'repoze.who.plugins.openid.userid' in identity:
         openid = identity.get('repoze.who.plugins.openid.userid')
         user = User.by_openid(openid)
         if user is None:
             return None
         else:
             return user.name
     return None
Exemplo n.º 31
0
def default_authenticate(identity: 'Mapping[str, Any]') -> Optional["User"]:
    if not ('login' in identity and 'password' in identity):
        return None

    login = identity['login']
    user_obj = User.by_name(login)
    if not user_obj:
        user_obj = User.by_email(login)

    if user_obj is None:
        log.debug('Login failed - username or email %r not found', login)
    elif not user_obj.is_active:
        log.debug('Login as %r failed - user isn\'t active', login)
    elif not user_obj.validate_password(identity['password']):
        log.debug('Login as %r failed - password not valid', login)
    else:
        return user_obj
    signals.failed_login.send(login)
    return None
Exemplo n.º 32
0
 def test_authenticate_step_two(self):
     plugin = self._makeOne()
     environ = {"REQUEST_METHOD": "GET", "QUERY_STRING": "oauth_token=foo", "ckan.who.oauth.challenge": "1"}
     identity = plugin.identify(environ)
     username = identity.get("repoze.who.userid")
     self.assertEqual(username, "boz")
     user = User.by_name("boz")
     self.assertEqual(user.email, "*****@*****.**")
     groups = Session.query(AuthorizationGroup).filter(AuthorizationGroup.users.contains(user))
     self.assertEqual(groups.count(), 1)
Exemplo n.º 33
0
    def get_ckanuser(self, user):
        user_ckan = User.by_name(user)

        if user_ckan:
            user_dict = toolkit.get_action('user_show')(data_dict={
                'id': user_ckan.id
            })
            return user_dict
        else:
            return None
Exemplo n.º 34
0
 def authenticate(self, environ, identity):
     '''Fetch the user given its username in identity'''
     if 'username' in identity:
         user = User.by_name(identity['username'])
         if user is None:
             return None
         else:
             identity.update({'repoze.who.userid': user.name})
             return user.name
     return None
Exemplo n.º 35
0
def user_organizations(user):
    u = User.get(user['name'])
    groups = u.get_groups(group_type="organization")
    groups_data = []
    for group in groups:
        context = {'model': model}
        data_dict = {'id': group.id, "include_extra": True, 'all_fields': True}
        group_dict = get_action('organization_show')(context, data_dict)
        groups_data.append(group_dict)
    return groups_data
Exemplo n.º 36
0
 def authenticate(self, environ, identity):
     if 'repoze.who.plugins.openid.userid' in identity:
         openid = identity.get('repoze.who.plugins.openid.userid')
         user = User.by_openid(openid)
         if user is None:
             # TODO: Implement a mask to ask for an alternative user 
             # name instead of just using the OpenID identifier. 
             name = identity.get('repoze.who.plugins.openid.nickname')
             if not User.check_name_valid(name):
                 name = openid
             if not User.check_name_available(name):
                 name = openid
             user = User(openid=openid, name=name,
                     fullname=identity.get('repoze.who.plugins.openid.fullname'),
                     email=identity.get('repoze.who.plugins.openid.email'))
             Session.add(user)
             Session.commit()
             Session.remove()
         return user.name
     return None
Exemplo n.º 37
0
    def unsubscribe(self, base64_name, thread_id):
        log.debug('Unsubscribing %s %s', base64.b64decode(base64_name),
                  thread_id)
        thread = Thread.get_by_id(thread_id)
        user = User.get(base64.b64decode(base64_name))
        if not thread or not user:
            abort(404)

        Unsubscription.add(user.id, thread.id)
        flash_success(tk._('You successfully unsibsribed'))
        tk.redirect_to(thread.get_absolute_url())
Exemplo n.º 38
0
 def authenticate(self, environ, identity):
     if not 'login' in identity or not 'password' in identity:
         return None
     user = User.by_name(identity.get('login'))
     if user is None:
         log.debug('Login failed - username %r not found', identity.get('login'))
         return None
     if user.validate_password(identity.get('password')):
         return user.name
     log.debug('Login as %r failed - password not valid', identity.get('login'))
     return None
Exemplo n.º 39
0
def get_user_list_by_email(value):
    """
    Get user id/name given email. Validate email beforehand.
    """
    users = []
    try:
        potential_users = User.by_email(value)
        return potential_users
    except Exception as e:
        log.error(e)
        return users
Exemplo n.º 40
0
def is_owner(context, data_dict):
    pkg = context.get('package', None)
    roles = pkg.roles if pkg else Package.get(data_dict['id']).roles
    user = context.get('user', False)
    if user:
        for role in roles:
            ruser = User.get(role.user_id)
            if user == ruser.name and role.role in ('admin', 'editor'):
                return {'success': True}
    else:
        return {'success': False}
    return {'success': False}
Exemplo n.º 41
0
    def authenticate(self, environ, identity):

        if 'shibboleth_auth' in identity:
            userid = identity['shibboleth_auth']
            user = User.get(userid)
            if user is None or not user.is_active():
                log.info("ShibbolethAuthenticator: user not found: %s", userid)
                return None
            else:
                log.info("ShibbolethAuthenticator: user found %s", userid)
                return user.name
        return None
Exemplo n.º 42
0
def send_edit_access_request_email(req):
    """
    Send edit access request email.

    :param user_id: user who requests access
    :param pkg_id: dataset's id
    """
    requester = User.get(req.user_id)
    pkg = Package.get(req.pkg_id)
    selrole = False
    for role in pkg.roles:
        if role.role == "admin":
            selrole = role
    if not selrole:
        return

    admin = User.get(selrole.user_id)
    admin_dict = admin.as_dict()
    admin_dict['name'] = admin.fullname if admin.fullname else admin.name

    msg = u'{a} ({b}) is requesting editing rights to the metadata in dataset\n\n{c}\n\n\
for which you are currently an administrator. Please click this \
link if you want to allow this user to edit the metadata of the dataset:\n\
{d}\n\n{a} ({b}) pyytää muokkausoikeuksia tietoaineiston\n\n{c}\n\n\
metatietoihin, joiden ylläpitäjä olet. Klikkaa linkkiä, jos haluat tämän käyttäjän \
saavan muokkausoikeudet aineiston metatietoihin:\n\
{d}\n'

    controller = 'ckanext.kata.controllers:EditAccessRequestController'

    requester_name = requester.fullname if requester.fullname else requester.name
    accessurl = config.get('ckan.site_url', '') + h.url_for(controller=controller, action="unlock_access", id=req.id)
    body = msg.format(a=requester_name, b=requester.email, c=pkg.title if pkg.title else pkg.name, d=accessurl)
    email_dict = {}
    email_dict["subject"] = u"Access request for dataset / pyyntö koskien tietoaineistoa %s" % pkg.title if pkg.title else pkg.name
    email_dict["body"] = body
    send_notification(admin_dict, email_dict)
Exemplo n.º 43
0
def _get_sources_for_user(context, data_dict):

    model = context['model']
    session = context['session']
    user = context.get('user', '')

    only_active = data_dict.get('only_active', False)
    only_to_run = data_dict.get('only_to_run', False)

    query = session.query(HarvestSource) \
        .order_by(HarvestSource.created.desc())

    if only_active:
        query = query.filter(HarvestSource.active) \

    if only_to_run:
        query = query.filter(HarvestSource.frequency != 'MANUAL')
        query = query.filter(or_(HarvestSource.next_run <=
                                 datetime.datetime.utcnow(),
                                 HarvestSource.next_run is None))

    user_obj = User.get(user)
    # Sysadmins will get all sources
    if user_obj and not user_obj.sysadmin:
        # This only applies to a non sysadmin user when using the
        # publisher auth profile. When using the default profile,
        # normal users will never arrive at this point, but even if they
        # do, they will get an empty list.

        publisher_filters = []
        publishers_for_the_user = user_obj.get_groups(u'publisher')
        for publisher_id in [g.id for g in publishers_for_the_user]:
            publisher_filters.append(
                HarvestSource.publisher_id == publisher_id)

        if len(publisher_filters):
            query = query.filter(or_(*publisher_filters))
        else:
            # This user does not belong to a publisher yet, no sources for
            # him/her
            return []

        log.debug('User %s with publishers %r has Harvest Sources: %r',
                  user, publishers_for_the_user,
                  [(hs.id, hs.url) for hs in query])

    sources = query.all()

    return sources
Exemplo n.º 44
0
def harvest_source_create(context,data_dict):
    model = context['model']
    user = context.get('user','')

    # Non-logged users can not create sources
    if not user:
        return {'success': False, 'msg': _('Non-logged in users are not authorized to create harvest sources')}

    # Sysadmins and the rest of logged users can create sources,
    # as long as they belong to a publisher
    user_obj = User.get(user)
    if not user_obj or not Authorizer().is_sysadmin(user) and len(user_obj.get_groups(u'publisher')) == 0:
        return {'success': False, 'msg': _('User %s must belong to a publisher to create harvest sources') % str(user)}
    else:
        return {'success': True}
Exemplo n.º 45
0
    def preauthenticate(self, environ, identity):
        # turn the oauth identity into a CKAN one; set it in our identity
        import oauth2 as oauth
        try:
            access_token = dict(urlparse.parse_qsl(identity['userdata']))
            oauth_token = access_token['oauth_token']
            oauth_token_secret = access_token['oauth_token_secret']
        except KeyError:
            return None
        access_token = oauth.Token(oauth_token,
                                   oauth_token_secret)
        client = oauth.Client(self.consumer, access_token)
        resp, content = client.request(self.user_url, "GET")
        data = json.loads(content)
        user_id = data['id']
        logging.info("Preauth: Got oauth user data for user %s" % user_id)
        user = User.by_openid(user_id)
        if user is None:
            user = User(openid=user_id,
                        name=data['id'],
                        fullname=data['name'],
                        email=data['mail'])
            Session.add(user)
        else:
            user.fullname = data['name'] # if the name is updated
        Session.commit()
        Session.remove()
        logging.info("Preauth: Created new/updated user %s" % user_id)

        # deal with groups
        user_groups = data['groups']
        _sync_auth_groups(user, user_groups)
        name = user.name.encode("utf8")
        logging.info("Preauth: Returning user identifier %s" % name)
        identity['repoze.who.userid'] = name 
        return identity
Exemplo n.º 46
0
def harvesters_info_show(context,data_dict):
    model = context['model']
    user = context.get('user','')

    # Non-logged users can not create sources
    if not user:
        return {'success': False, 'msg': _('Non-logged in users can not see the harvesters info')}

    # Sysadmins and the rest of logged users can see the harvesters info,
    # as long as they belong to a publisher
    user_obj = User.get(user)
    if not user_obj or not authz.is_sysadmin(user) and len(user_obj.get_groups(u'publisher')) == 0:
        return {'success': False, 'msg': _('User %s must belong to a publisher to see the harvesters info') % str(user)}
    else:
        return {'success': True}
Exemplo n.º 47
0
def harvest_source_create(context, data_dict):
    model = context["model"]
    user = context.get("user", "")

    # Non-logged users can not create sources
    if not user:
        return {"success": False, "msg": _("Non-logged in users are not authorized to create harvest sources")}

    # Sysadmins and the rest of logged users can create sources,
    # as long as they belong to a publisher
    user_obj = User.get(user)
    if not user_obj or not authz.is_sysadmin(user) and len(user_obj.get_groups(u"publisher")) == 0:
        return {"success": False, "msg": _("User %s must belong to a publisher to create harvest sources") % str(user)}
    else:
        return {"success": True}
Exemplo n.º 48
0
 def unlock_access(self, id):
     q = model.Session.query(KataAccessRequest)
     q = q.filter_by(id=id)
     req = q.first()
     if req:
         user = User.get(req.user_id)
         pkg = Package.get(req.pkg_id)
         add_user_to_role(user, 'editor', pkg)
         url = h.url_for(controller='package', action='read', id=req.pkg_id)
         h.flash_success(_("%s now has editor rights to package %s" % (user.name, pkg.name)))
         req.delete()
         meta.Session.commit()
         redirect(url)
     else:
         h.flash_error(_("No such request found!"))
         redirect('/')
Exemplo n.º 49
0
def user_autocomplete(context, data_dict):
    '''
    Override to explicitly allow logged in users to have
    user autocompletion even if user_list is disallowed.
    :param context:
    :param data_dict:
    :return:
    '''

    user_name = context.get('user')
    user_obj = User.get(user_name) if user_name else None

    if user_obj:
        return {'success': True}
    else:
        return {'success': False}
Exemplo n.º 50
0
    def after_search(self, search_params, search_results):

        context = {'model': ckan.model,
                   'session': ckan.model.Session,
                   'user': pylons.c.user}

        #set permission level: read (default is edit)
        data_dict = {'user': pylons.c.user, 'permission': 'read'}
        #get list of organisations that the user is a member of
        orgs = ckan.logic.get_action('organization_list_for_user')(context, data_dict)

        #user doesn't belong to an organisation
        if not orgs:
            print ('User is not a member of any organisations!')
            c.maintainers = []
            return search_params

        #get a distinct list of members who belong to the organisations
        members = []
        for org in orgs:
            params = {'id': org['id'], 'object_type': 'user'}
            member_list = ckan.logic.get_action('member_list')(context, params)
            for m in member_list:
                members.append(m)

        memberset = set(members)


        #need the user name to match with the maintainer field
        current_user_name = None
        member_names = []
        for member in memberset:
            user = User.get(member[0])    #user id
            member_names.append(user.name)


        #get all maintainers
        maintainers = [p[0] for p in meta.Session.query(distinct(Package.maintainer)) if p[0]]
        maintset = set(maintainers)


        #filter maintainers by user-related organisation members
        results = maintset.intersection(member_names)
        c.maintainers = results


        return search_params
Exemplo n.º 51
0
def harvest_job_show(context,data_dict):
    model = context['model']
    user = context.get('user')

    job = get_job_object(context,data_dict)

    if not user:
        return {'success': False, 'msg': _('Non-logged in users are not authorized to see harvest jobs')}

    if Authorizer().is_sysadmin(user):
        return {'success': True}

    user_obj = User.get(user)
    if not user_obj or not job.source.publisher_id in [g.id for g in user_obj.get_groups(u'publisher')]:
        return {'success': False, 'msg': _('User %s not authorized to read harvest job %s') % (str(user),job.id)}
    else:
        return {'success': True}
Exemplo n.º 52
0
Arquivo: get.py Projeto: tbalaz/test 
def _get_sources_for_user(context,data_dict):

    model = context['model']
    session = context['session']
    user = context.get('user','')

    only_mine = data_dict.get('only_mine', False)
    only_active = data_dict.get('only_active',False)
    only_organization = data_dict.get('organization') or data_dict.get('group')

    query = session.query(HarvestSource) \
                .order_by(HarvestSource.created.desc())

    if only_active:
        query = query.filter(HarvestSource.active==True) \

    if only_mine:
        # filter to only harvest sources from this user's organizations
        user_obj = User.get(user)

        publisher_filters = []
        publishers_for_the_user = user_obj.get_groups(u'organization')
        for publisher_id in [g.id for g in publishers_for_the_user]:
            publisher_filters.append(HarvestSource.publisher_id==publisher_id)

        if len(publisher_filters):
            query = query.filter(or_(*publisher_filters))
        else:
            # This user does not belong to a publisher yet, no sources for him/her
            return []

        log.debug('User %s with publishers %r has Harvest Sources: %r',
                  user, publishers_for_the_user, [(hs.id, hs.url) for hs in query])

    if only_organization:
        org = model.Group.get(only_organization)
        if not org:
            raise p.toolkit.ObjectNotFound('Could not find: %s' % only_organization)
        query = query.filter(HarvestSource.publisher_id==org.id)

    sources = query.all()

    return sources
Exemplo n.º 53
0
    def test_harvester_import(self):
        harv, job = self._create_harvester()
        res = "http://www.fsd.uta.fi/fi/aineistot/luettelo/FSD0115/FSD0115.xml"
        urllib2.urlopen = mock.Mock(return_value=StringIO(res))
        gathered = harv.gather_stage(job)
        urllib2.urlopen = mock.Mock(return_value=StringIO(testdata.nr1))
        harvest_obj = HarvestObject.get(gathered[0])
        self.assert_(harv.fetch_stage(harvest_obj))
        self.assert_(isinstance(json.loads(harvest_obj.content), dict))
        self.assert_(harv.import_stage(harvest_obj))
        self.assert_(len(Session.query(Package).all()) == 1)

        # Lets see if the package is ok, according to test data
        pkg = Session.query(Package).filter(Package.title == "Puolueiden ajankohtaistutkimus 1981").one()
        self.assert_(pkg.title == "Puolueiden ajankohtaistutkimus 1981")
        log.debug(pkg.extras)
        self.assert_(len(pkg.get_groups()) == 2)
        self.assert_(len(pkg.resources) == 4)
        self.assert_(len(pkg.get_tags()) == 9)
        self.assert_(pkg.url == "http://www.fsd.uta.fi/fi/aineistot/luettelo/FSD0115/FSD0115.xml")
        self.assert_(isinstance(pkg.extras, _AssociationDict))
        self.assert_(len(pkg.extras.items()) > 1)

        urllib2.urlopen = mock.Mock(return_value=StringIO(testdata.nr2))
        harvest_obj = HarvestObject.get(gathered[0])
        harvest_obj.content = json.dumps({'url': 'http://foo'})
        self.assert_(harv.fetch_stage(harvest_obj))
        self.assert_(isinstance(json.loads(harvest_obj.content), dict))
        self.assert_(harv.import_stage(harvest_obj))
        self.assert_(len(Session.query(Package).all()) == 2)

        # Test user access
        user = User.get('testlogin2')
        grp = pkg.get_groups()[0]
        context = {'user': user.name, 'model': model}
        data_dict = {'id': pkg.id}
        auth_dict = package_show(context, data_dict)
        self.assert_(auth_dict['success'])
        data_dict = {'id': grp.id}
        context = {'user': '', 'model': model}
        auth_dict = group_show(context, data_dict)
        self.assert_(auth_dict['success'])
Exemplo n.º 54
0
    def authenticate(self, environ, identity):
        if not ('login' in identity and 'password' in identity):
            return None

        login = identity['login']
        user_list = User.by_email(login)

        if not user_list:
            log.debug('Login failed - email %r not found', login)
            return  None

        user = user_list[0]
        if not user.is_active():
            log.debug('Login as %r failed - user isn\'t active', login)
        elif not user.validate_password(identity['password']):
            log.debug('Login as %r failed - password not valid', login)
        else:
            return user.name

        return None
Exemplo n.º 55
0
def harvest_source_show(context,data_dict):
    model = context['model']
    user = context.get('user','')

    source = get_source_object(context,data_dict)

    # Non-logged users can not read the source
    if not user:
        return {'success': False, 'msg': _('Non-logged in users are not authorized to see harvest sources')}

    # Sysadmins can read the source
    if Authorizer().is_sysadmin(user):
        return {'success': True}

    # Check if the source publisher id exists on the user's groups
    user_obj = User.get(user)
    if not user_obj or not source.publisher_id in [g.id for g in user_obj.get_groups(u'publisher')]:
        return {'success': False, 'msg': _('User %s not authorized to read harvest source %s') % (str(user),source.id)}
    else:
        return {'success': True}
Exemplo n.º 56
0
def harvest_object_show(context,data_dict):
    model = context['model']
    user = context.get('user')

    obj = get_obj_object(context,data_dict)

    if context.get('ignore_auth', False):
        return {'success': True}

    if not user:
        return {'success': False, 'msg': _('Non-logged in users are not authorized to see harvest objects')}

    if authz.is_sysadmin(user):
        return {'success': True}

    user_obj = User.get(user)
    if not user_obj or not obj.source.publisher_id in [g.id for g in user_obj.get_groups(u'publisher')]:
        return {'success': False, 'msg': _('User %s not authorized to read harvest object %s') % (str(user),obj.id)}
    else:
        return {'success': True}
Exemplo n.º 57
0
def harvest_source_delete(context,data_dict):
    model = context['model']
    user = context.get('user','')

    source = get_source_object(context,data_dict)

    # Non-logged users cannot delete this source
    if not user:
        return {'success': False, 'msg': _('Non-logged in users are not authorized to delete harvest sources')}

    # Sysadmins can delete the source
    if ckan.new_authz.is_sysadmin(user):
        return {'success': True}

    # Check if the source publisher id exists on the user's groups
    user_obj = User.get(user)
    if not user_obj or not source.publisher_id in [g.id for g in user_obj.get_groups(u'organization')]:
        return {'success': False, 'msg': _('User %s not authorized to delete harvest source %s') % (str(user),source.id)}
    else:
        return {'success': True}