def data_registries(request, domain):
owned, invited = [], []
permission_check = RegistryPermissionCheck(domain, request.couch_user)
for registry in DataRegistry.objects.visible_to_domain(domain):
if not permission_check.can_manage_registry(registry.slug):
continue
if registry.domain == domain:
owned.append(_registry_list_context(domain, registry))
else:
invited.append(_registry_list_context(domain, registry))
context = {
'domain': domain,
'allow_create': permission_check.can_manage_all,
'owned_registries': owned,
'invited_registries': invited,
'available_case_types': list(get_data_dict_case_types(domain)),
'current_page': {
'title': _('Data Registries'),
'page_name': _('Data Registries'),
},
'section': {
'page_name': _('Project Settings'),
'url': reverse("domain_settings_default", args=[domain]),
},
}
return render(request, "registry/registry_list.html", context)
def _check_user_has_access(self, couch_user, case_domain=None):
if case_domain and self.current_domain == case_domain:
# always allow access data in the current domain
return
checker = RegistryPermissionCheck(self.current_domain, couch_user)
if not checker.can_view_registry_data(self.registry_slug):
raise RegistryAccessException("User not permitted to access registry data")
def test_manage_registry_permission(self, allow, can_manage_all,
can_manage_some, can_manage_specific):
domain = "domain"
mock_user = _mock_user(domain, "manage_data_registry", allow)
checker = RegistryPermissionCheck(domain, mock_user)
eq(checker.can_manage_all, can_manage_all)
eq(checker.can_manage_some, can_manage_some)
eq(checker.can_manage_registry("test_reg"), can_manage_specific)
def registry_audit_logs(request, domain, registry_slug):
helper = DataRegistryAuditViewHelper(domain, registry_slug)
if not RegistryPermissionCheck(
domain, request.couch_user).can_manage_registry(registry_slug):
return JsonResponse({"error": "Permission denied"}, status=403)
limit = int(request.GET.get('limit', 10))
page = int(request.GET.get('page', 1))
skip = limit * (page - 1)
try:
start_date = _get_date_param(request, 'startDate')
end_date = _get_date_param(request, 'endDate')
except ValueError:
return JsonResponse({"error": "Invalid date parameter"})
domain_param = request.GET.get('domain') or None
action = request.GET.get('action') or None
helper.filter(domain_param, start_date, end_date, action)
timezone = get_timezone_for_user(request.couch_user, domain)
logs = helper.get_logs(skip, limit)
for log in logs:
log['date'] = ServerTime(
log['date']).user_time(timezone).done().isoformat()
return JsonResponse({"total": helper.get_total(), "logs": logs})
def _query_domains(self, domain, query_text, user):
domains = {domain}
if user is None or not RegistryPermissionCheck(
domain, user).can_view_registry_data(
self.report.registry_helper.registry_slug):
return list(domains)
try:
domains.update(self.report.registry_helper.visible_domains)
except RegistryNotFound:
return list(domains)
if query_text:
domains = {
domain
for domain in domains if re.search(query_text, domain)
}
return list(domains)
def manage_registry(request, domain, registry_slug):
registry = _get_registry_or_404(domain, registry_slug)
if not RegistryPermissionCheck(
domain, request.couch_user).can_manage_registry(registry.slug):
return HttpResponseForbidden()
is_owner = registry.domain == domain
all_invitations = list(registry.invitations.all())
domain_invitation = [
invitation for invitation in all_invitations
if invitation.domain == domain
][0]
if is_owner:
invitations = all_invitations
grants = registry.grants.all()
available_domains = BillingAccount.get_account_by_domain(
domain).get_domains()
else:
invitations, available_domains = [], []
grants = registry.grants.filter(
Q(from_domain=domain) | Q(to_domains__contains=[domain]))
context = {
"domain": domain,
"is_owner": is_owner,
"registry": {
"domain":
registry.domain,
"current_domain":
domain,
"is_owner":
is_owner,
"name":
registry.name,
"description":
registry.description or '',
"slug":
registry.slug,
"is_active":
registry.is_active,
"schema":
registry.wrapped_schema.case_types,
"invitations": [
invitation.to_json() for invitation in invitations
if invitation.domain != domain
],
"domain_invitation":
domain_invitation,
"grants": [grant.to_json() for grant in grants]
},
"available_case_types":
list(get_data_dict_case_types(registry.domain)),
"available_domains": available_domains,
"invited_domains":
[invitation.domain for invitation in all_invitations],
"log_action_types":
DataRegistryAuditViewHelper.action_options(is_owner),
"user_timezone": get_timezone_for_user(request.couch_user, domain),
"current_page": {
"title":
_("Manage Registry"),
"page_name":
_("Manage Registry"),
"parents": [
{
"title": _("Data Registries"),
"page_name": _("Data Registries"),
"url": reverse("data_registries", args=[domain]),
},
],
},
'section': {
'page_name': _('Project Settings'),
'url': reverse("domain_settings_default", args=[domain]),
},
}
return render(request, "registry/registry_edit.html", context)
def _get_permission_checker(restore_state):
couch_user = restore_state.restore_user._couch_user
return RegistryPermissionCheck(restore_state.domain, couch_user)
def test_view_registry_permission(self, allow, can_view_data):
domain = "domain"
mock_user = _mock_user(domain, "view_data_registry_contents", allow)
checker = RegistryPermissionCheck(domain, mock_user)
eq(checker.can_view_registry_data("test_reg"), can_view_data)