def put_permissions_for_role(request):
discussion_id = request.matchdict['discussion_id']
role_name = request.matchdict['role_name']
session = Discussion.db()
discussion = session.query(Discussion).get(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,))
role = Role.get(name=role_name)
if not role:
raise HTTPNotFound("Role %s does not exist" % (role_name,))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
permissions = set(session.query(Permission).filter(name in data).all())
data = set(data)
if len(permissions) != len(data):
raise HTTPBadRequest("Not valid permissions: %s" % (repr(
data - set((p.name for p in permissions))),))
known_dp = session.query(DiscussionPermission).join(Permission).filter(
role=role, discussion=discussion).all()
dp_by_permission = {dp.permission.name: dp for dp in known_dp}
known_permissions = set(dp.keys())
for permission in known_permissions - permissions:
session.delete(dp_by_permission(permission))
for permission in permissions - known_permissions:
session.add(DiscussionPermission(
role=role, permission=permission, discussion=discussion))
return {"added": list(permissions - known_permissions),
"removed": list(known_permissions - permissions)}
def put_permissions_for_role(request):
discussion = request.context
role_name = request.matchdict['role_name']
session = Discussion.default_db
role = Role.get_by(name=role_name)
if not role:
raise HTTPNotFound("Role %s does not exist" % (role_name,))
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
permissions = set(session.query(Permission).filter(Permission.name.in_(data)).all())
data = set(data)
if len(permissions) != len(data):
raise HTTPBadRequest("Not valid permissions: %s" % (repr(
data - set((p.name for p in permissions))),))
known_dp = session.query(DiscussionPermission).join(Permission).filter(
role=role, discussion=discussion).all()
dp_by_permission = {dp.permission.name: dp for dp in known_dp}
known_permissions = set(dp_by_permission.keys())
for permission in known_permissions - permissions:
session.delete(dp_by_permission[permission])
for permission in permissions - known_permissions:
session.add(DiscussionPermission(
role=role, permission=permission, discussion=discussion))
return {"added": list(permissions - known_permissions),
"removed": list(known_permissions - permissions)}
def get_permissions_for_role(request):
discussion = request.context
role_name = request.matchdict['role_name']
role = Role.get_by(name=role_name)
if not role:
raise HTTPNotFound("Role %s does not exist" % (role_name,))
return discussion.get_permissions_by_role().get(role_name, [])
def participant1_user(request, test_session, discussion):
"""A User fixture with R_PARTICIPANT global role and with R_PARTICIPANT local role in discussion `discussion`"""
from assembl.models import User, UserRole, Role, EmailAccount
u = User(name=u"A. Barking Loon",
type="user",
password="******",
verified=True,
last_assembl_login=datetime.utcnow())
email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
test_session.add(u)
r = Role.get_role(R_PARTICIPANT, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
u.subscribe(discussion)
test_session.flush()
def fin():
print "finalizer participant1_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def admin_user(request, test_session):
"""A User fixture with R_SYSADMIN role"""
from assembl.models import User, Username, UserRole, Role
u = User(name=u"Mr. Administrator", type="user",
verified=True, last_assembl_login=datetime.utcnow())
u.username_p = "mr_admin_user"
from assembl.models import EmailAccount
account = EmailAccount(email="*****@*****.**", profile=u, verified=True)
test_session.add(u)
test_session.add(account)
r = Role.get_role(R_SYSADMIN, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
uid = u.id
def fin():
print "finalizer admin_user"
# I often get expired objects here, and I need to figure out why
user = test_session.query(User).get(uid)
user_role = user.roles[0]
test_session.delete(user_role)
test_session.delete(account)
test_session.delete(user.username)
test_session.delete(user)
test_session.flush()
request.addfinalizer(fin)
return u
def discussion_sysadmin_user(request, test_app, test_session, discussion):
"""A User fixture with R_SYSADMIN role in a discussion"""
from datetime import datetime
from assembl.auth import R_SYSADMIN
from assembl.models import User
from assembl.models.auth import Role, LocalUserRole, UserRole
u = User(name=u"Maximilien de Robespierre 3",
type="user",
last_assembl_login=datetime.utcnow())
test_session.add(u)
u.update_agent_status_last_visit(discussion)
role = Role.get_role(R_SYSADMIN, test_session)
test_session.add(UserRole(user=u, role=role))
test_session.flush()
def fin():
print "finalizer discussion_sysadmin_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def admin_user(request, test_session):
"""A User fixture with R_SYSADMIN role"""
from assembl.models import User, Username, UserRole, Role
u = User(name=u"Mr. Administrator", type="user",
verified=True, last_assembl_login=datetime.utcnow())
u.username_p = "mr_admin_user"
from assembl.models import EmailAccount
account = EmailAccount(email="*****@*****.**", profile=u, verified=True)
test_session.add(u)
test_session.add(account)
r = Role.get_role(R_SYSADMIN, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
uid = u.id
def fin():
print("finalizer admin_user")
# I often get expired objects here, and I need to figure out why
user = test_session.query(User).get(uid)
user_role = user.roles[0]
test_session.delete(user_role)
account = user.accounts[0]
test_session.delete(account)
test_session.delete(user.username)
test_session.delete(user)
test_session.flush()
request.addfinalizer(fin)
return u
def get_permissions_for_role(request):
discussion_id = int(request.matchdict['discussion_id'])
role_name = request.matchdict['role_name']
session = Discussion.default_db
discussion = session.query(Discussion).get(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %d does not exist" % (discussion_id, ))
role = Role.get_by(name=role_name)
if not role:
raise HTTPNotFound("Role %s does not exist" % (role_name, ))
return discussion.get_permissions_by_role().get(role_name, [])
def get_permissions_for_role(request):
discussion_id = request.matchdict['discussion_id']
role_name = request.matchdict['role_name']
session = Discussion.db()
discussion = session.query(Discussion).get(discussion_id)
if not discussion:
raise HTTPNotFound("Discussion %s does not exist" % (discussion_id,))
role = Role.get(name=role_name)
if not role:
raise HTTPNotFound("Role %s does not exist" % (role_name,))
return discussion.get_permissions_by_role().get(role_name, [])
def participant2_user(request, test_session):
from assembl.models import User, UserRole, Role
u = User(name=u"James T. Expert", type="user")
test_session.add(u)
r = Role.get_role(R_PARTICIPANT, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
def fin():
print "finalizer participant2_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def admin_user(request, test_session, db_default_data):
from assembl.models import User, UserRole, Role
u = User(name=u"Mr. Administrator", type="user")
test_session.add(u)
r = Role.get_role(R_SYSADMIN, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
def fin():
print "finalizer admin_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def admin_user(request, test_session, db_default_data):
from assembl.models import User, UserRole, Role
u = User(name=u"Mr. Adminstrator", type="user")
test_session.add(u)
r = Role.get_role(test_session, R_SYSADMIN)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
def fin():
print "finalizer admin_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def participant2_user(request, test_session):
from assembl.models import User, UserRole, Role
u = User(name=u"James T. Expert", type="user")
test_session.add(u)
r = Role.get_role(test_session, R_PARTICIPANT)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
def fin():
print "finalizer participant2_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def participant1_user(request, test_session, discussion):
from assembl.models import User, UserRole, Role
u = User(name=u"A. Barking Loon", type="user")
test_session.add(u)
r = Role.get_role(test_session, R_PARTICIPANT)
ur = UserRole(user=u, role=r)
test_session.add(ur)
u.subscribe(discussion)
test_session.flush()
def fin():
print "finalizer participant1_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def participant1_user(request, test_session, discussion):
from assembl.models import User, UserRole, Role, EmailAccount
u = User(name=u"A. Barking Loon", type="user", password="******", verified=True)
email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
test_session.add(u)
r = Role.get_role(R_PARTICIPANT, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
u.subscribe(discussion)
test_session.flush()
def fin():
print "finalizer participant1_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def participant1_user(request, test_session, discussion):
from assembl.models import User, UserRole, Role, EmailAccount
u = User(name=u"A. Barking Loon", type="user", password="******", verified=True)
email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
test_session.add(u)
r = Role.get_role(R_PARTICIPANT, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
u.subscribe(discussion)
test_session.flush()
def fin():
print "finalizer participant1_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def participant2_user(request, test_session):
"""A User fixture with R_PARTICIPANT role"""
from assembl.models import User, UserRole, Role
u = User(name=u"James T. Expert", type="user",
last_idealoom_login=datetime.utcnow())
test_session.add(u)
r = Role.get_role(R_PARTICIPANT, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
def fin():
print("finalizer participant2_user")
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def put_roles(request):
session = Role.default_db
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
data = set(data)
known_roles = session.query(Role).all()
roles_by_name = {r.name: r for r in known_roles}
role_names = set(roles_by_name.keys())
# new roles
for name in data - role_names:
session.add(Role(name=name))
# delete non-system roles.
for name in role_names - data - SYSTEM_ROLES:
session.delete(roles_by_name[name])
return {"added": list(data - role_names),
"removed": list(role_names - data - SYSTEM_ROLES)}
def admin_user(request, test_session, db_default_data):
"""A User fixture with R_SYSADMIN role"""
from assembl.models import User, UserRole, Role
u = User(name=u"Mr. Administrator", type="user")
test_session.add(u)
r = Role.get_role(R_SYSADMIN, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
uid = u.id
def fin():
print("finalizer admin_user")
# I often get expired objects here, and I need to figure out why
user = test_session.query(User).get(uid)
user_role = user.roles[0]
test_session.delete(user_role)
test_session.delete(user)
test_session.flush()
request.addfinalizer(fin)
return u
def admin_user(request, test_session, db_default_data):
"""A User fixture with R_SYSADMIN role"""
from assembl.models import User, UserRole, Role
u = User(name=u"Mr. Administrator", type="user")
test_session.add(u)
r = Role.get_role(R_SYSADMIN, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
test_session.flush()
uid = u.id
def fin():
print "finalizer admin_user"
# I often get expired objects here, and I need to figure out why
user = test_session.query(User).get(uid)
user_role = user.roles[0]
test_session.delete(user_role)
test_session.delete(user)
test_session.flush()
request.addfinalizer(fin)
return u
def put_roles(request):
session = Role.db()
try:
data = json.loads(request.body)
except Exception as e:
raise HTTPBadRequest("Malformed Json")
if not isinstance(data, list):
raise HTTPBadRequest("Not a list")
if data and frozenset((type(x) for x in data)) != frozenset((str,)):
raise HTTPBadRequest("not strings")
data = set(data)
known_roles = session.query(Role).all()
roles_by_name = {r.name: r for r in known_roles}
role_names = set(roles_by_name.keys())
# new roles
for name in data - role_names:
session.add(Role(name=name))
# delete non-system roles.
for name in role_names - data - SYSTEM_ROLES:
session.delete(roles_by_name[name])
return {"added": list(data - role_names),
"removed": list(role_names - data - SYSTEM_ROLES)}
def moderator_user(request, test_session, discussion):
"""A User fixture with R_MODERATOR role"""
from assembl.models import User, UserRole, Role, EmailAccount
u = User(name=u"Jane Doe",
type="user",
password="******",
verified=True,
last_assembl_login=datetime.utcnow())
email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
test_session.add(u)
r = Role.get_role(R_MODERATOR, test_session)
ur = UserRole(user=u, role=r)
test_session.add(ur)
u.subscribe(discussion)
test_session.flush()
def fin():
print "finalizer moderator_user"
test_session.delete(u)
test_session.flush()
request.addfinalizer(fin)
return u
def get_roles(request):
session = Role.db()
roles = session.query(Role)
return [r.name for r in roles]
def discussion_permissions(request):
user_id = authenticated_userid(request)
assert user_id
db = Discussion.default_db
discussion_id = int(request.matchdict['discussion_id'])
discussion = Discussion.get_instance(discussion_id)
error = ''
if not discussion:
raise HTTPNotFound("Discussion with id '%d' not found." %
(discussion_id, ))
roles = db.query(Role).all()
roles_by_name = {r.name: r for r in roles}
role_names = [r.name for r in roles]
role_names.sort()
permissions = db.query(Permission).all()
perms_by_name = {p.name: p for p in permissions}
permission_names = [p.name for p in permissions]
permission_names.sort()
disc_perms = db.query(DiscussionPermission).filter_by(
discussion_id=discussion_id).join(Role, Permission).all()
disc_perms_as_set = set(
(dp.role.name, dp.permission.name) for dp in disc_perms)
disc_perms_dict = {(dp.role.name, dp.permission.name): dp
for dp in disc_perms}
local_roles = db.query(LocalUserRole).filter_by(
discussion_id=discussion_id).join(Role, User).all()
local_roles_as_set = set(
(lur.user.id, lur.role.name) for lur in local_roles)
local_roles_dict = {(lur.user.id, lur.role.name): lur
for lur in local_roles}
users = set(lur.user for lur in local_roles)
num_users = ''
if request.POST:
if 'submit_role_permissions' in request.POST:
for role in role_names:
if role == R_SYSADMIN:
continue
for permission in permission_names:
allowed_text = 'allowed_%s_%s' % (role, permission)
if (role, permission) not in disc_perms_as_set and \
allowed_text in request.POST:
dp = DiscussionPermission(
role=roles_by_name[role],
permission=perms_by_name[permission],
discussion_id=discussion_id)
disc_perms_dict[(role, permission)] = dp
disc_perms_as_set.add((role, permission))
db.add(dp)
elif (role, permission) in disc_perms_as_set and \
allowed_text not in request.POST:
dp = disc_perms_dict[(role, permission)]
del disc_perms_dict[(role, permission)]
disc_perms_as_set.remove((role, permission))
db.delete(dp)
if not role in SYSTEM_ROLES and\
'delete_'+role in request.POST:
db.delete(roles_by_name[role])
del roles_by_name[role]
role_names.remove(role)
elif 'submit_add_role' in request.POST:
#TODO: Sanitize role
role = Role(name='r:' + request.POST['new_role'])
roles_by_name[role.name] = role
role_names.append(role.name)
db.add(role)
elif 'submit_user_roles' in request.POST:
user_ids = {u.id for u in users}
for role in role_names:
if role == R_SYSADMIN:
continue
prefix = 'has_' + role + '_'
for name in request.POST:
if name.startswith(prefix):
a_user_id = int(name[len(prefix):])
if a_user_id not in user_ids:
users.add(User.get_instance(a_user_id))
user_ids.add(a_user_id)
for user in users:
has_role_text = 'has_%s_%d' % (role, user.id)
if (user.id, role) not in local_roles_as_set and \
has_role_text in request.POST:
lur = LocalUserRole(role=roles_by_name[role],
user=user,
discussion_id=discussion_id)
local_roles.append(lur)
# TODO revisit this if Roles and Subscription are
# de-coupled
if role == 'r:participant':
user.update_agent_status_subscribe(discussion)
local_roles_dict[(user.id, role)] = lur
local_roles_as_set.add((user.id, role))
db.add(lur)
elif (user.id, role) in local_roles_as_set and \
has_role_text not in request.POST:
lur = local_roles_dict[(user.id, role)]
del local_roles_dict[(user.id, role)]
local_roles_as_set.remove((user.id, role))
local_roles.remove(lur)
# TODO revisit this if Roles and Subscription are
# de-coupled
if role == 'r:participant':
user.update_agent_status_unsubscribe(discussion)
db.delete(lur)
elif 'submit_look_for_user' in request.POST:
search_string = '%' + request.POST['user_search'] + '%'
other_users = db.query(User).outerjoin(Username).filter(
AgentProfile.name.ilike(search_string)
| Username.username.ilike(search_string)
| User.preferred_email.ilike(search_string)).all()
users.update(other_users)
elif 'submit_user_file' in request.POST:
role = request.POST['add_with_role'] or R_PARTICIPANT
if role == R_SYSADMIN and not user_has_permission(
discussion_id, user_id, P_SYSADMIN):
role = R_ADMINISTRATOR
if 'user_csvfile' in request.POST:
try:
num_users = add_multiple_users_csv(
request, request.POST['user_csvfile'].file,
discussion_id, role,
request.POST.get('send_invite',
False), request.POST['email_subject'],
request.POST['text_email_message'],
request.POST['html_email_message'],
request.POST['sender_name'],
request.POST.get('resend_notloggedin', False))
except Exception as e:
error = repr(e)
transaction.doom()
else:
error = request.localizer.translate(_('No file given.'))
def allowed(role, permission):
if role == R_SYSADMIN:
return True
return (role, permission) in disc_perms_as_set
def has_local_role(user_id, role):
return (user_id, role) in local_roles_as_set
users = list(users)
users.sort(key=order_by_domain_and_name)
context = dict(get_default_context(request),
discussion=discussion,
allowed=allowed,
roles=role_names,
permissions=permission_names,
users=users,
error=error,
num_users=num_users,
has_local_role=has_local_role,
is_system_role=lambda r: r in SYSTEM_ROLES)
return render_to_response('admin/discussion_permissions.jinja2',
context,
request=request)
