def _add_to_principle_investigator_role(self):
'''
Adds the principle_investigator to the principle investigator role that is defined
in setting.PRINCIPLE_INVESTIGATOR_ROLE
(if this setting is not set, or the role doesn't exist then an ImproperlyConfigured exception will
be raised). This will replace any other user that is already in this role.
'''
pi_code= getattr(settings, 'PRINCIPLE_INVESTIGATOR_ROLE', None)
if pi_code != None:
try:
pi_role = Role.objects.get(name=pi_code)
#check to see if the principle investigator is in the local for this role
local_pi_users = pi_role.get_local_users(self)
if(not self.principle_investigator in local_pi_users):
#if not, remove all the local users from this role, and add the current principle investigator(there should only be one user locally in theis role)
for user in local_pi_users:
remove_local_role(self,user , pi_role)
add_local_role(self, self.principle_investigator, pi_role)
except ObjectDoesNotExist:
raise ImproperlyConfigured('The workflow you specify in PRINCIPLE_INVESTIGATOR_ROLE must actually be configured in the db')
else:
raise ImproperlyConfigured('You must set PRINCIPLE_INVESTIGATOR_ROLE in the settings file')
def _add_to_principle_investigator_role(self):
'''
Adds the principle_investigator to the principle investigator role that is defined
in setting.PRINCIPLE_INVESTIGATOR_ROLE
(if this setting is not set, or the role doesn't exist then an ImproperlyConfigured exception will
be raised). This will replace any other user that is already in this role.
'''
pi_code = getattr(settings, 'PRINCIPLE_INVESTIGATOR_ROLE', None)
if pi_code != None:
try:
pi_role = Role.objects.get(name=pi_code)
#check to see if the principle investigator is in the local for this role
local_pi_users = pi_role.get_local_users(self)
if (not self.principle_investigator in local_pi_users):
#if not, remove all the local users from this role, and add the current principle investigator(there should only be one user locally in theis role)
for user in local_pi_users:
remove_local_role(self, user, pi_role)
add_local_role(self, self.principle_investigator, pi_role)
except ObjectDoesNotExist:
raise ImproperlyConfigured(
'The workflow you specify in PRINCIPLE_INVESTIGATOR_ROLE must actually be configured in the db'
)
else:
raise ImproperlyConfigured(
'You must set PRINCIPLE_INVESTIGATOR_ROLE in the settings file'
)
def save(self, force_insert=False, force_update=False, using=None, metadata={}):
super(Resource, self).save(force_insert=force_insert, force_update=force_update, using=using)
if self.__class__.__name__ == 'Resource':
add_local_role(self, self.owner, resource_owner)
else:
# TODO this action should be performed only for workflows!
# now it is ok since we have only Resource and Workflow
add_local_role(self.resource_ptr, self.owner, resource_owner)
def test_get_object_for_principle_as_role_string_role(self):
'''
If you specify a string instead of a role then this function should
look up the role using the sting as the role name
'''
an_object = Permission.objects.create(name='an_object', codename='an_object')
add_local_role(an_object, self.test_principle, self.tester_role)
another_object = Permission.objects.create(name='another_object', codename='another_object')
add_local_role(another_object, self.test_principle, self.tester_role)
objects = get_object_for_principle_as_role(principle=self.test_principle, principle_role='testRole')
self.assertTrue(an_object in objects)
self.assertTrue(another_object in objects)
def test_get_local_users(self):
'''
This function which requires you to provide an object
for the content, returns a list of users who are local
members of this role for this content.
'''
#if the object has no local roles returns empty list
self.assertEqual([], self.role_1.get_local_users(self.page_1))
#if the object has a local role with a user return a list containing that user
self.user_2 = User.objects.create(username="******")
self.user_2.save()
add_local_role(self.page_1, self.user, self.role_1)
add_role(self.user_2, self.role_2)
self.assertEqual([self.user], self.role_1.get_local_users(self.page_1))
def test_get_object_for_principle_as_role_local(self):
'''
If the principle is a member of a local role for a given object then
this object should be returned.
This test is difficult to do:
1. You need to have a model to test against
can we use one of the models that the permissions package defines?
'''
an_object = Permission.objects.create(name='an_object', codename='an_object')
add_local_role(an_object, self.test_principle, self.tester_role)
another_object = Permission.objects.create(name='another_object', codename='another_object')
add_local_role(another_object, self.test_principle, self.tester_role)
objects = get_object_for_principle_as_role(principle=self.test_principle, principle_role=self.tester_role)
self.assertTrue(an_object in objects)
self.assertTrue(another_object in objects)
def assign_reviewer(self, user):
'''
This function assigns user to the reviewer role for this application
'''
if user is None or not isinstance(user, User):
raise AttributeError('User specified was invalid')
reviewer_code= getattr(settings, 'REVIEWER_ROLE', None)
if reviewer_code != None:
try:
reviewer_role = Role.objects.get(name=reviewer_code)
#check to see if the principle investigator is in the local for this role
add_local_role(self, user, reviewer_role)
except ObjectDoesNotExist:
raise ImproperlyConfigured('The workflow you specify in REVIEWER_ROLE must actually be configured in the db')
else:
raise ImproperlyConfigured('You must set REVIEWER_ROLE in the settings file')
def assign_reviewer(self, user):
'''
This function assigns user to the reviewer role for this application
'''
if user is None or not isinstance(user, User):
raise AttributeError('User specified was invalid')
reviewer_code = getattr(settings, 'REVIEWER_ROLE', None)
if reviewer_code != None:
try:
reviewer_role = Role.objects.get(name=reviewer_code)
#check to see if the principle investigator is in the local for this role
add_local_role(self, user, reviewer_role)
except ObjectDoesNotExist:
raise ImproperlyConfigured(
'The workflow you specify in REVIEWER_ROLE must actually be configured in the db'
)
else:
raise ImproperlyConfigured(
'You must set REVIEWER_ROLE in the settings file')
def create(request):
'''
Create a new token, for which the logged in user will be the owner
'''
if request.method == "POST":
form = TokenForm(request.POST)
if form.is_valid():
token = form.save()
#get the user and supervisor
user = request.user
supervisor = user.supervisee.all()[0].supervisor
#get the researcher and supervisor roles
token_generator_role = Role.objects.get(name='Token_Generator')
supervisor_role = Role.objects.get(name='Supervisor')
#get the approval workflow
approval_workflow = Workflow.objects.get(name='Token_Approval')
#add the user and their supervisor as local roles for this token
add_local_role(token, user, token_generator_role)
add_local_role(token, supervisor, supervisor_role)
set_workflow(token, approval_workflow)
# redirect to home
return HttpResponseRedirect(reverse('home_view'))
else:
form = TokenForm()
return render_to_response("create_token.html", {"form": form,'edit':False,}, context_instance=RequestContext(request) )
def load_permission(self):
#method provide the load permission for specific types of resource : File and Dataset
#load the permissions from the lobcder permissions map
if 'File' in self.metadata['type']:
permissions_match = {'read': 'Reader', 'write': 'Editor'}
permissions_map = self.get_user_group_permissions_map()
for permission in self.metadata['lobcderPermission']:
if permission in permissions_match.keys():
role = Role.objects.get(name=permissions_match[permission])
for user_group in self.metadata['lobcderPermission'][permission]:
if user_group == 'vph':
#Mark as public the resrouce.
grant_permission(None, self, role)
continue
# check if the user/group in the lobcder permission list exisit in MI db.
if User.objects.filter(username=user_group).exists():
name = User.objects.get(username=user_group)
elif Group.objects.filter(name=user_group).exists():
name = Group.objects.get(name=user_group)
else:
name = None
# if user/group exsists and is not already seted the Manager permission I can grant the corresponding permission
if name and name in permissions_map and 'Manager' not in permissions_map[permissions_map.index(name)].roles:
grant_permission(user_group, self, role)
# if is a Dataset method:
if 'Dataset' in self.metadata['type']:
for role in get_resource_local_roles():
group_name = get_resource_global_group_name(self, role.name)
try:
group, created = VPHShareSmartGroup.objects.get_or_create(name=group_name)
if created:
group.managers.add(self.owner)
group.user_set.add(self.owner)
add_local_role(self, group, role)
except ObjectDoesNotExist, e:
pass
def temp_fix_institution_managers():
"""
temporary method to grant GroupManager role to institution manager users
"""
institutions = Institution.objects.all()
smartgroups = VPHShareSmartGroup.objects.all()
for institution in institutions:
for manager in institution.managers.all():
add_local_role(institution, manager, group_manager)
institution.user_set.add(manager)
for study in institution.study_set.all():
add_local_role(study, manager, group_manager)
study.managers.add(manager)
for smartgroup in smartgroups:
for manager in smartgroup.managers.all():
smartgroup.user_set.add(manager)
add_local_role(smartgroup, manager, group_manager)
def updateUser_set(obj, managers):
for manager in managers:
obj.user_set.add(manager)
add_local_role(obj, manager, group_manager)
def accept(self, initiator):
if do_transition(self, request_accept_transition, initiator):
# grant Reader role to the requestor
add_local_role(self.resource, self.requestor, resource_reader)
def read(self, request, ticket="", name="", parent=""):
"""
Create a smart group
Arguments:
request (HTTP request istance): HTTP request send from client.
ticket (string) : base 64 ticket.
group (string) : the group name
parent (string): the parent group name (optional)
Return:
Successes - Json/xml/yaml format response
Failure - 403 error
"""
try:
if request.GET.get("ticket"):
client_address = request.META["REMOTE_ADDR"]
user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address)
if user is not None:
name = request.GET.get("group")
# check if a user with the group name exists
try:
User.objects.get(username__iexact=name) # select case-insensitive
response = HttpResponse(status=500)
response._is_string = True
return response
except ObjectDoesNotExist, e:
pass
try:
Group.objects.get(name__iexact=name) # select case-insensitive
response = HttpResponse(status=500)
response._is_string = True
return response
except ObjectDoesNotExist, e:
pass
parent = request.GET.get("parent", "")
group = VPHShareSmartGroup.objects.create(name=name)
group.managers.add(user)
group.user_set.add(user)
add_local_role(group, user, group_manager)
if parent:
try:
group.parent = Group.objects.get(name=parent)
except ObjectDoesNotExist, e:
pass
group.save()
response = HttpResponse(status=200)
response._is_string = True
response.write("OK")
return response
