def ac_subscribe(request, group_name): """ View to request an access control permission. Currently, it can only be used to request ROLE_USER. """ title = "%s Data Access Request" % group_name template = "cog/access_control/subscribe.html" # prevent requests to 'wheel' group if group_name == "wheel": return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE) # check that group exists in local database group_list = registrationService.listGroups() group_names = [str(groupDict["name"]) for groupDict in group_list] if not group_name in group_names: return HttpResponseForbidden(GROUP_NOT_FOUND_MESSAGE) # display submission form if request.method == "GET": try: status = registrationService.status(request.user.profile.openid(), group_name, ROLE_USER) except ObjectDoesNotExist: # user does not exist in ESGF database print "Inserting user into ESGF security database" esgfDatabaseManager.insertEsgfUser(request.user.profile) status = None licenseTxt = None licenseHtml = None try: licenseFile = "cog/access_control/licenses/%s.txt" % group_name licenseTxt = render_to_string(licenseFile) except TemplateDoesNotExist: try: licenseFile = "cog/access_control/licenses/%s.html" % group_name licenseHtml = render_to_string(licenseFile) except TemplateDoesNotExist: pass return render( request, template, { "title": title, "group_name": group_name, "status": status, "licenseTxt": licenseTxt, "licenseHtml": licenseHtml, }, ) # process submission form else: approved = registrationService.subscribe(request.user.profile.openid(), group_name, ROLE_USER) # notify node administrators if not approved: notifyAdmins(group_name, request.user.id, request) # (GET-POST-REDIRECT) return HttpResponseRedirect( reverse("ac_subscribe", kwargs={"group_name": group_name}) + "?approved=%s" % approved )
def ac_subscribe(request, group_name): """ View to request an access control permission. Currently, it can only be used to request ROLE_USER. """ title = '%s Data Access Request' % group_name template = 'cog/access_control/subscribe.html' # prevent requests to 'wheel' group if group_name == 'wheel': return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE) # check that group exists in local database group_list = registrationService.listGroups() group_names = [str(groupDict['name']) for groupDict in group_list] if not group_name in group_names: return HttpResponseForbidden(GROUP_NOT_FOUND_MESSAGE) # display submission form if request.method == 'GET': try: status = registrationService.status(request.user.profile.openid(), group_name, ROLE_USER) except ObjectDoesNotExist: # user does not exist in ESGF database print 'Inserting user into ESGF security database' esgfDatabaseManager.insertEsgfUser(request.user.profile) status = None licenseTxt = None licenseHtml = None try: licenseFile = 'cog/access_control/licenses/%s.txt' % group_name licenseTxt = render_to_string(licenseFile) except TemplateDoesNotExist: try: licenseFile = 'cog/access_control/licenses/%s.html' % group_name licenseHtml = render_to_string(licenseFile) except TemplateDoesNotExist: pass return render( request, template, { 'title': title, 'group_name': group_name, 'status': status, 'licenseTxt': licenseTxt, 'licenseHtml': licenseHtml }) # process submission form else: approved = registrationService.subscribe(request.user.profile.openid(), group_name, ROLE_USER) # notify node administrators if not approved: notifyAdmins(group_name, request.user.id, request) # (GET-POST-REDIRECT) return HttpResponseRedirect( reverse('ac_subscribe', kwargs={'group_name': group_name}) + "?approved=%s" % approved)
def ac_process(request, group_name, user_id): """ View to process an access control permission request. This view can be used to assign any permissions to the user. """ # check node administrator privileges admin = request.user if not admin.is_staff: return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE) # load user user = get_object_or_404(User, pk=user_id) openid = user.profile.openid() title = "%s Data Access Management" % group_name template = "cog/access_control/process.html" # display admin form if request.method == "GET": # set initial status of check boxes from database initial = {} permissions = registrationService.list(openid, group_name) for role, approved in permissions.items(): initial["%sPermissionCheckbox" % role] = approved form = PermissionForm(initial=initial) return render(request, template, {"group_name": group_name, "title": title, "user": user, "form": form}) # process admin form else: form = PermissionForm(request.POST) if form.is_valid(): # loop over roles for role in [ROLE_USER, ROLE_PUBLISHER, ROLE_SUPERUSER, ROLE_ADMIN]: # retrieve approve status from POST data and store it in ESGF database approve = form.cleaned_data.get("%sPermissionCheckbox" % role, False) # only True values are transmitted in POST data try: registrationService.process(openid, group_name, role, approve) except NoResultFound: # permission not found in database if approve: # create new permission, but only if approve=True registrationService.subscribe(openid, group_name, role) registrationService.process(openid, group_name, role, approve) # notify user permissions = registrationService.list(user.profile.openid(), group_name) notifyUser(group_name, request.user, permissions) # (GET-POST-REDIRECT) return HttpResponseRedirect( reverse("ac_process", kwargs={"user_id": user.id, "group_name": group_name}) + "?message=%s" % SAVED ) else: print "Form is invalid: %s" % form.errors return render(request, template, {"group_name": group_name, "title": title, "user": user, "form": form})
def ac_process(request, group_name, user_id): """ View to process an access control permission request. This view can be used to assign any permissions to the user. """ # check node administrator privileges admin = request.user if not admin.is_staff: return HttpResponseForbidden(PERMISSION_DENIED_MESSAGE) # load user user = get_object_or_404(User, pk=user_id) openid = user.profile.openid() title = '%s Data Access Management' % group_name template = 'cog/access_control/process.html' # display admin form if request.method == 'GET': # set initial status of check boxes from database initial = {} permissions = registrationService.list(openid, group_name) for role, approved in permissions.items(): initial['%sPermissionCheckbox' % role] = approved form = PermissionForm(initial=initial) return render(request, template, { 'group_name': group_name, 'title': title, 'user': user, 'form': form }) # process admin form else: form = PermissionForm(request.POST) if form.is_valid(): # loop over roles for role in [ ROLE_USER, ROLE_PUBLISHER, ROLE_SUPERUSER, ROLE_ADMIN ]: # retrieve approve status from POST data and store it in ESGF database approve = form.cleaned_data.get('%sPermissionCheckbox' % role, False) # only True values are transmitted in POST data try: registrationService.process(openid, group_name, role, approve) except NoResultFound: # permission not found in database if approve: # create new permission, but only if approve=True registrationService.subscribe(openid, group_name, role) registrationService.process(openid, group_name, role, approve) # notify user permissions = registrationService.list(user.profile.openid(), group_name) notifyUser(group_name, user, permissions) # (GET-POST-REDIRECT) return HttpResponseRedirect( reverse('ac_process', kwargs={ 'user_id': user.id, 'group_name': group_name }) + "?message=%s" % SAVED) else: print "Form is invalid: %s" % form.errors return render( request, template, { 'group_name': group_name, 'title': title, 'user': user, 'form': form })