def put_permissions_for_role(request): discussion_id = request.matchdict['discussion_id'] role_name = request.matchdict['role_name'] session = Discussion.db() discussion = session.query(Discussion).get(discussion_id) if not discussion: raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,)) role = Role.get(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") permissions = set(session.query(Permission).filter(name in data).all()) data = set(data) if len(permissions) != len(data): raise HTTPBadRequest("Not valid permissions: %s" % (repr( data - set((p.name for p in permissions))),)) known_dp = session.query(DiscussionPermission).join(Permission).filter( role=role, discussion=discussion).all() dp_by_permission = {dp.permission.name: dp for dp in known_dp} known_permissions = set(dp.keys()) for permission in known_permissions - permissions: session.delete(dp_by_permission(permission)) for permission in permissions - known_permissions: session.add(DiscussionPermission( role=role, permission=permission, discussion=discussion)) return {"added": list(permissions - known_permissions), "removed": list(known_permissions - permissions)}
def put_permissions_for_role(request): discussion = request.context role_name = request.matchdict['role_name'] session = Discussion.default_db role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") permissions = set(session.query(Permission).filter(Permission.name.in_(data)).all()) data = set(data) if len(permissions) != len(data): raise HTTPBadRequest("Not valid permissions: %s" % (repr( data - set((p.name for p in permissions))),)) known_dp = session.query(DiscussionPermission).join(Permission).filter( role=role, discussion=discussion).all() dp_by_permission = {dp.permission.name: dp for dp in known_dp} known_permissions = set(dp_by_permission.keys()) for permission in known_permissions - permissions: session.delete(dp_by_permission[permission]) for permission in permissions - known_permissions: session.add(DiscussionPermission( role=role, permission=permission, discussion=discussion)) return {"added": list(permissions - known_permissions), "removed": list(known_permissions - permissions)}
def get_permissions_for_role(request): discussion = request.context role_name = request.matchdict['role_name'] role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) return discussion.get_permissions_by_role().get(role_name, [])
def participant1_user(request, test_session, discussion): """A User fixture with R_PARTICIPANT global role and with R_PARTICIPANT local role in discussion `discussion`""" from assembl.models import User, UserRole, Role, EmailAccount u = User(name=u"A. Barking Loon", type="user", password="******", verified=True, last_assembl_login=datetime.utcnow()) email = EmailAccount(email="*****@*****.**", profile=u, verified=True) test_session.add(u) r = Role.get_role(R_PARTICIPANT, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) u.subscribe(discussion) test_session.flush() def fin(): print "finalizer participant1_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def admin_user(request, test_session): """A User fixture with R_SYSADMIN role""" from assembl.models import User, Username, UserRole, Role u = User(name=u"Mr. Administrator", type="user", verified=True, last_assembl_login=datetime.utcnow()) u.username_p = "mr_admin_user" from assembl.models import EmailAccount account = EmailAccount(email="*****@*****.**", profile=u, verified=True) test_session.add(u) test_session.add(account) r = Role.get_role(R_SYSADMIN, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() uid = u.id def fin(): print "finalizer admin_user" # I often get expired objects here, and I need to figure out why user = test_session.query(User).get(uid) user_role = user.roles[0] test_session.delete(user_role) test_session.delete(account) test_session.delete(user.username) test_session.delete(user) test_session.flush() request.addfinalizer(fin) return u
def discussion_sysadmin_user(request, test_app, test_session, discussion): """A User fixture with R_SYSADMIN role in a discussion""" from datetime import datetime from assembl.auth import R_SYSADMIN from assembl.models import User from assembl.models.auth import Role, LocalUserRole, UserRole u = User(name=u"Maximilien de Robespierre 3", type="user", last_assembl_login=datetime.utcnow()) test_session.add(u) u.update_agent_status_last_visit(discussion) role = Role.get_role(R_SYSADMIN, test_session) test_session.add(UserRole(user=u, role=role)) test_session.flush() def fin(): print "finalizer discussion_sysadmin_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def admin_user(request, test_session): """A User fixture with R_SYSADMIN role""" from assembl.models import User, Username, UserRole, Role u = User(name=u"Mr. Administrator", type="user", verified=True, last_assembl_login=datetime.utcnow()) u.username_p = "mr_admin_user" from assembl.models import EmailAccount account = EmailAccount(email="*****@*****.**", profile=u, verified=True) test_session.add(u) test_session.add(account) r = Role.get_role(R_SYSADMIN, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() uid = u.id def fin(): print("finalizer admin_user") # I often get expired objects here, and I need to figure out why user = test_session.query(User).get(uid) user_role = user.roles[0] test_session.delete(user_role) account = user.accounts[0] test_session.delete(account) test_session.delete(user.username) test_session.delete(user) test_session.flush() request.addfinalizer(fin) return u
def get_permissions_for_role(request): discussion_id = int(request.matchdict['discussion_id']) role_name = request.matchdict['role_name'] session = Discussion.default_db discussion = session.query(Discussion).get(discussion_id) if not discussion: raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, )) role = Role.get_by(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name, )) return discussion.get_permissions_by_role().get(role_name, [])
def get_permissions_for_role(request): discussion_id = request.matchdict['discussion_id'] role_name = request.matchdict['role_name'] session = Discussion.db() discussion = session.query(Discussion).get(discussion_id) if not discussion: raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,)) role = Role.get(name=role_name) if not role: raise HTTPNotFound("Role %s does not exist" % (role_name,)) return discussion.get_permissions_by_role().get(role_name, [])
def participant2_user(request, test_session): from assembl.models import User, UserRole, Role u = User(name=u"James T. Expert", type="user") test_session.add(u) r = Role.get_role(R_PARTICIPANT, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() def fin(): print "finalizer participant2_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def admin_user(request, test_session, db_default_data): from assembl.models import User, UserRole, Role u = User(name=u"Mr. Administrator", type="user") test_session.add(u) r = Role.get_role(R_SYSADMIN, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() def fin(): print "finalizer admin_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def admin_user(request, test_session, db_default_data): from assembl.models import User, UserRole, Role u = User(name=u"Mr. Adminstrator", type="user") test_session.add(u) r = Role.get_role(test_session, R_SYSADMIN) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() def fin(): print "finalizer admin_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def participant2_user(request, test_session): from assembl.models import User, UserRole, Role u = User(name=u"James T. Expert", type="user") test_session.add(u) r = Role.get_role(test_session, R_PARTICIPANT) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() def fin(): print "finalizer participant2_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def participant1_user(request, test_session, discussion): from assembl.models import User, UserRole, Role u = User(name=u"A. Barking Loon", type="user") test_session.add(u) r = Role.get_role(test_session, R_PARTICIPANT) ur = UserRole(user=u, role=r) test_session.add(ur) u.subscribe(discussion) test_session.flush() def fin(): print "finalizer participant1_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def participant1_user(request, test_session, discussion): from assembl.models import User, UserRole, Role, EmailAccount u = User(name=u"A. Barking Loon", type="user", password="******", verified=True) email = EmailAccount(email="*****@*****.**", profile=u, verified=True) test_session.add(u) r = Role.get_role(R_PARTICIPANT, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) u.subscribe(discussion) test_session.flush() def fin(): print "finalizer participant1_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def participant2_user(request, test_session): """A User fixture with R_PARTICIPANT role""" from assembl.models import User, UserRole, Role u = User(name=u"James T. Expert", type="user", last_idealoom_login=datetime.utcnow()) test_session.add(u) r = Role.get_role(R_PARTICIPANT, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() def fin(): print("finalizer participant2_user") test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def put_roles(request): session = Role.default_db try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") data = set(data) known_roles = session.query(Role).all() roles_by_name = {r.name: r for r in known_roles} role_names = set(roles_by_name.keys()) # new roles for name in data - role_names: session.add(Role(name=name)) # delete non-system roles. for name in role_names - data - SYSTEM_ROLES: session.delete(roles_by_name[name]) return {"added": list(data - role_names), "removed": list(role_names - data - SYSTEM_ROLES)}
def admin_user(request, test_session, db_default_data): """A User fixture with R_SYSADMIN role""" from assembl.models import User, UserRole, Role u = User(name=u"Mr. Administrator", type="user") test_session.add(u) r = Role.get_role(R_SYSADMIN, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() uid = u.id def fin(): print("finalizer admin_user") # I often get expired objects here, and I need to figure out why user = test_session.query(User).get(uid) user_role = user.roles[0] test_session.delete(user_role) test_session.delete(user) test_session.flush() request.addfinalizer(fin) return u
def admin_user(request, test_session, db_default_data): """A User fixture with R_SYSADMIN role""" from assembl.models import User, UserRole, Role u = User(name=u"Mr. Administrator", type="user") test_session.add(u) r = Role.get_role(R_SYSADMIN, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) test_session.flush() uid = u.id def fin(): print "finalizer admin_user" # I often get expired objects here, and I need to figure out why user = test_session.query(User).get(uid) user_role = user.roles[0] test_session.delete(user_role) test_session.delete(user) test_session.flush() request.addfinalizer(fin) return u
def put_roles(request): session = Role.db() try: data = json.loads(request.body) except Exception as e: raise HTTPBadRequest("Malformed Json") if not isinstance(data, list): raise HTTPBadRequest("Not a list") if data and frozenset((type(x) for x in data)) != frozenset((str,)): raise HTTPBadRequest("not strings") data = set(data) known_roles = session.query(Role).all() roles_by_name = {r.name: r for r in known_roles} role_names = set(roles_by_name.keys()) # new roles for name in data - role_names: session.add(Role(name=name)) # delete non-system roles. for name in role_names - data - SYSTEM_ROLES: session.delete(roles_by_name[name]) return {"added": list(data - role_names), "removed": list(role_names - data - SYSTEM_ROLES)}
def moderator_user(request, test_session, discussion): """A User fixture with R_MODERATOR role""" from assembl.models import User, UserRole, Role, EmailAccount u = User(name=u"Jane Doe", type="user", password="******", verified=True, last_assembl_login=datetime.utcnow()) email = EmailAccount(email="*****@*****.**", profile=u, verified=True) test_session.add(u) r = Role.get_role(R_MODERATOR, test_session) ur = UserRole(user=u, role=r) test_session.add(ur) u.subscribe(discussion) test_session.flush() def fin(): print "finalizer moderator_user" test_session.delete(u) test_session.flush() request.addfinalizer(fin) return u
def get_roles(request): session = Role.db() roles = session.query(Role) return [r.name for r in roles]
def discussion_permissions(request): user_id = authenticated_userid(request) assert user_id db = Discussion.default_db discussion_id = int(request.matchdict['discussion_id']) discussion = Discussion.get_instance(discussion_id) error = '' if not discussion: raise HTTPNotFound("Discussion with id '%d' not found." % (discussion_id, )) roles = db.query(Role).all() roles_by_name = {r.name: r for r in roles} role_names = [r.name for r in roles] role_names.sort() permissions = db.query(Permission).all() perms_by_name = {p.name: p for p in permissions} permission_names = [p.name for p in permissions] permission_names.sort() disc_perms = db.query(DiscussionPermission).filter_by( discussion_id=discussion_id).join(Role, Permission).all() disc_perms_as_set = set( (dp.role.name, dp.permission.name) for dp in disc_perms) disc_perms_dict = {(dp.role.name, dp.permission.name): dp for dp in disc_perms} local_roles = db.query(LocalUserRole).filter_by( discussion_id=discussion_id).join(Role, User).all() local_roles_as_set = set( (lur.user.id, lur.role.name) for lur in local_roles) local_roles_dict = {(lur.user.id, lur.role.name): lur for lur in local_roles} users = set(lur.user for lur in local_roles) num_users = '' if request.POST: if 'submit_role_permissions' in request.POST: for role in role_names: if role == R_SYSADMIN: continue for permission in permission_names: allowed_text = 'allowed_%s_%s' % (role, permission) if (role, permission) not in disc_perms_as_set and \ allowed_text in request.POST: dp = DiscussionPermission( role=roles_by_name[role], permission=perms_by_name[permission], discussion_id=discussion_id) disc_perms_dict[(role, permission)] = dp disc_perms_as_set.add((role, permission)) db.add(dp) elif (role, permission) in disc_perms_as_set and \ allowed_text not in request.POST: dp = disc_perms_dict[(role, permission)] del disc_perms_dict[(role, permission)] disc_perms_as_set.remove((role, permission)) db.delete(dp) if not role in SYSTEM_ROLES and\ 'delete_'+role in request.POST: db.delete(roles_by_name[role]) del roles_by_name[role] role_names.remove(role) elif 'submit_add_role' in request.POST: #TODO: Sanitize role role = Role(name='r:' + request.POST['new_role']) roles_by_name[role.name] = role role_names.append(role.name) db.add(role) elif 'submit_user_roles' in request.POST: user_ids = {u.id for u in users} for role in role_names: if role == R_SYSADMIN: continue prefix = 'has_' + role + '_' for name in request.POST: if name.startswith(prefix): a_user_id = int(name[len(prefix):]) if a_user_id not in user_ids: users.add(User.get_instance(a_user_id)) user_ids.add(a_user_id) for user in users: has_role_text = 'has_%s_%d' % (role, user.id) if (user.id, role) not in local_roles_as_set and \ has_role_text in request.POST: lur = LocalUserRole(role=roles_by_name[role], user=user, discussion_id=discussion_id) local_roles.append(lur) # TODO revisit this if Roles and Subscription are # de-coupled if role == 'r:participant': user.update_agent_status_subscribe(discussion) local_roles_dict[(user.id, role)] = lur local_roles_as_set.add((user.id, role)) db.add(lur) elif (user.id, role) in local_roles_as_set and \ has_role_text not in request.POST: lur = local_roles_dict[(user.id, role)] del local_roles_dict[(user.id, role)] local_roles_as_set.remove((user.id, role)) local_roles.remove(lur) # TODO revisit this if Roles and Subscription are # de-coupled if role == 'r:participant': user.update_agent_status_unsubscribe(discussion) db.delete(lur) elif 'submit_look_for_user' in request.POST: search_string = '%' + request.POST['user_search'] + '%' other_users = db.query(User).outerjoin(Username).filter( AgentProfile.name.ilike(search_string) | Username.username.ilike(search_string) | User.preferred_email.ilike(search_string)).all() users.update(other_users) elif 'submit_user_file' in request.POST: role = request.POST['add_with_role'] or R_PARTICIPANT if role == R_SYSADMIN and not user_has_permission( discussion_id, user_id, P_SYSADMIN): role = R_ADMINISTRATOR if 'user_csvfile' in request.POST: try: num_users = add_multiple_users_csv( request, request.POST['user_csvfile'].file, discussion_id, role, request.POST.get('send_invite', False), request.POST['email_subject'], request.POST['text_email_message'], request.POST['html_email_message'], request.POST['sender_name'], request.POST.get('resend_notloggedin', False)) except Exception as e: error = repr(e) transaction.doom() else: error = request.localizer.translate(_('No file given.')) def allowed(role, permission): if role == R_SYSADMIN: return True return (role, permission) in disc_perms_as_set def has_local_role(user_id, role): return (user_id, role) in local_roles_as_set users = list(users) users.sort(key=order_by_domain_and_name) context = dict(get_default_context(request), discussion=discussion, allowed=allowed, roles=role_names, permissions=permission_names, users=users, error=error, num_users=num_users, has_local_role=has_local_role, is_system_role=lambda r: r in SYSTEM_ROLES) return render_to_response('admin/discussion_permissions.jinja2', context, request=request)