def contribute_to_program_view(sender, obj=None, context=None): if obj.context_id != None and \ permissions.is_allowed_read('Role', 1) and \ permissions.is_allowed_read('UserRole', obj.context_id) and \ permissions.is_allowed_create('UserRole', obj.context_id) and \ permissions.is_allowed_update('UserRole', obj.context_id) and \ permissions.is_allowed_delete('UserRole', obj.context_id): return 'permissions/programs/_role_assignments.haml' return None
def contribute_to_program_view(sender, obj=None, context=None): if obj.context_id is not None and \ rbac_permissions.is_allowed_read('Role', None, 1) and \ rbac_permissions.is_allowed_read('UserRole', None, obj.context_id) and \ rbac_permissions.is_allowed_create('UserRole', None, obj.context_id) and \ rbac_permissions.is_allowed_update('UserRole', None, obj.context_id) and \ rbac_permissions.is_allowed_delete('UserRole', None, obj.context_id): return 'permissions/programs/_role_assignments.haml' return None
def get(self, id): with benchmark("Query for object"): obj = self.get_object(id) if obj is None: return self.not_found_response() if 'Accept' in self.request.headers and \ 'text/html' not in self.request.headers['Accept']: return current_app.make_response( ('text/html', 406, [('Content-Type', 'text/plain')])) if not permissions.is_allowed_read(self.model.__name__, obj.id, obj.context_id): raise Forbidden() if not permissions.is_allowed_view_object_page_for(obj): raise Forbidden() with benchmark("Render"): rendered_template = self.render_template_for_object(obj) # FIXME: Etag based on rendered output, or object itself? # if 'If-None-Match' in self.request.headers and \ # self.request.headers['If-None-Match'] == self.etag(object_for_json): # return current_app.make_response(( # '', 304, [('Etag', self.etag(object_for_json))])) return rendered_template
def get(self, id): with benchmark("Query for object"): obj = self.get_object(id) if obj is None: return self.not_found_response() if 'Accept' in self.request.headers and \ 'text/html' not in self.request.headers['Accept']: return current_app.make_response(( 'text/html', 406, [('Content-Type', 'text/plain')])) if not permissions.is_allowed_read(self.model.__name__, obj.id, obj.context_id): raise Forbidden() if not permissions.is_allowed_view_object_page_for(obj): raise Forbidden() with benchmark("Render"): rendered_template = self.render_template_for_object(obj) # FIXME: Etag based on rendered output, or object itself? # if 'If-None-Match' in self.request.headers and \ # self.request.headers['If-None-Match'] == self.etag(object_for_json): # return current_app.make_response(( # '', 304, [('Etag', self.etag(object_for_json))])) return rendered_template
def import_processes(): from werkzeug import secure_filename from ggrc.converters.common import ImportException from ggrc.converters.systems import SystemsConverter from ggrc.converters.import_helper import handle_csv_import if not permissions.is_allowed_read("/admin", 1): raise Forbidden() if request.method == 'POST': if 'cancel' in request.form: return import_redirect('/admin') dry_run = not ('confirm' in request.form) csv_file = request.files['file'] try: if csv_file and allowed_file(csv_file.filename): filename = secure_filename(csv_file.filename) converter = handle_csv_import(SystemsConverter, csv_file, dry_run = dry_run, is_biz_process='1') if dry_run: return render_template("systems/import_result.haml", converter = converter, results=converter.objects, heading_map=converter.object_map) else: count = len(converter.objects) flash(u'Successfully imported {} process{}'.format(count, 'es' if count > 1 else ''), 'notice') return import_redirect("/admin") else: file_msg = "Could not import: invalid csv file." return render_template("directives/import_errors.haml", exception_message = file_msg) except ImportException as e: return render_template("directives/import_errors.haml", exception_message = str(e)) return render_template("systems/import.haml", import_kind = 'Processes')
def admin_reindex(): """Simple re-index of all indexable objects """ if not permissions.is_allowed_read("/admin", 1): raise Forbidden() from ggrc.fulltext import get_indexer from ggrc.fulltext.recordbuilder import fts_record_for indexer = get_indexer() indexer.delete_all_records(False) from ggrc.models import all_models from ggrc.app import db # Find all models then remove base classes models = set(all_models.all_models) -\ set([all_models.Directive, all_models.SystemOrProcess]) for model in models: mapper_class = model._sa_class_manager.mapper.base_mapper.class_ query = model.query.options( db.undefer_group(mapper_class.__name__+'_complete'), ) for instance in query.all(): indexer.create_record(fts_record_for(instance), False) db.session.commit() return app.make_response(( 'success', 200, [('Content-Type', 'text/html')]))
def _get_assessments(self, model, object_type, object_id): """Get a list of assessments. Get a list of assessments with all their data from the db, according to the request GET parameters. """ ids_query = model.get_similar_objects_query(object_id, "Assessment") order_by = self._get_order_by_parameter() limit = self._get_limit_parameters() if not permissions.has_system_wide_read(): if not permissions.is_allowed_read(object_type, object_id, None): raise Forbidden() acl = models.all_models.AccessControlList acr = models.all_models.AccessControlRole ids_query = db.session.query(acl.object_id).join(acr).filter( acr.read == 1, acl.object_type == "Assessment", acl.person_id == get_current_user_id(), acl.object_id.in_(ids_query), ) query = models.Assessment.query.options( orm.Load(models.Assessment).undefer_group( "Assessment_complete", ), orm.Load(models.Assessment).joinedload( "audit" ).undefer_group( "Audit_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_definitions" ).undefer_group( "CustomAttributeDefinitons_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_values" ).undefer_group( "CustomAttributeValues_complete", ), ).filter( models.Assessment.id.in_(ids_query) ) if order_by: query = pagination.apply_order_by( models.Assessment, query, order_by, models.Assessment, ) total = query.count() if limit: query = pagination.apply_limit(query, limit) # note that using pagination.get_total_count here would return wrong counts # due to query being an eager query. return query.all(), total
def admin_reindex(): """Calls a webhook that reindexes indexable objects """ if not permissions.is_allowed_read("/admin", None, 1): raise Forbidden() task_queue = create_task("reindex", url_for(reindex.__name__), reindex) return task_queue.make_response( app.make_response(("scheduled %s" % task_queue.name, 200, [('Content-Type', 'text/html')])))
def _get_assessments(self, model, object_type, object_id): """Get a list of assessments. Get a list of assessments with all their data from the db, according to the request GET parameters. """ user_role = get_current_user().system_wide_role ids_query = model.get_similar_objects_query(object_id, "Assessment") order_by = self._get_order_by_parameter() limit = self._get_limit_parameters() if not permissions.has_system_wide_read(): if not permissions.is_allowed_read(object_type, object_id, None) and \ user_role != SystemWideRoles.CREATOR: raise Forbidden() acl = models.all_models.AccessControlList acr = models.all_models.AccessControlRole acp = models.all_models.AccessControlPerson ids_query = db.session.query(acl.object_id).join(acr).join( acp, acl.base_id == acp.ac_list_id).filter( acr.read == 1, acl.object_type == "Assessment", acp.person_id == get_current_user_id(), acl.object_id.in_(ids_query), ) query = models.Assessment.query.options( orm.Load(models.Assessment).undefer_group("Assessment_complete", ), orm.Load(models.Assessment).joinedload("audit").undefer_group( "Audit_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_definitions").undefer_group( "CustomAttributeDefinitons_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_values").undefer_group( "CustomAttributeValues_complete", ), ).filter(models.Assessment.id.in_(ids_query)) if order_by: query = pagination.apply_order_by( models.Assessment, query, order_by, models.Assessment, ) if limit: objs = pagination.apply_limit(query, limit).all() total = query.count() else: objs = query.all() total = len(objs) # note that using pagination.get_total_count here would return wrong counts # due to query being an eager query. return objs, total
def get(self, id): obj = self.get_object(id) if obj is None: return self.not_found_response() if 'Accept' in self.request.headers and\ 'text/html' not in self.request.headers['Accept']: return current_app.make_response(( 'text/html', 406, [('Content-Type', 'text/plain')])) if not permissions.is_allowed_read(self.model.__name__, obj.context_id): raise Forbidden() return redirect(view_url_for(obj))
def get(self, id): obj = self.get_object(id) if obj is None: return self.not_found_response() if 'Accept' in self.request.headers and\ 'text/html' not in self.request.headers['Accept']: return current_app.make_response( ('text/html', 406, [('Content-Type', 'text/plain')])) if not permissions.is_allowed_read(self.model.__name__, obj.id, obj.context_id): raise Forbidden() return redirect(view_url_for(obj))
def export_systems(): from ggrc.converters.systems import SystemsConverter from ggrc.converters.import_helper import handle_converter_csv_export from ggrc.models.all_models import System if not permissions.is_allowed_read("/admin", 1): raise Forbidden() options = {} options['export'] = True systems = System.query.filter_by(is_biz_process=False).all() filename = "SYSTEMS.csv" return handle_converter_csv_export(filename, systems, SystemsConverter, **options)
def export_people(): from ggrc.converters.people import PeopleConverter from ggrc.converters.import_helper import handle_converter_csv_export from ggrc.models.all_models import Person if not permissions.is_allowed_read("/admin", 1): raise Forbidden() options = {} options['export'] = True people = Person.query.all() filename = "PEOPLE.csv" return handle_converter_csv_export(filename, people, PeopleConverter, **options)
def export_processes(): from ggrc.converters.systems import SystemsConverter from ggrc.converters.import_helper import handle_converter_csv_export from ggrc.models.all_models import Process if not permissions.is_allowed_read("/admin", 1): raise Forbidden() options = {} options['export'] = True options['is_biz_process'] = '1' procs = Process.query.all() filename = "PROCESSES.csv" return handle_converter_csv_export(filename, procs, SystemsConverter, **options)
def get(self, id): obj = self.get_object(id) if obj is None: return self.not_found_response() if "Accept" in self.request.headers and "application/json" not in self.request.headers["Accept"]: return current_app.make_response(("application/json", 406, [("Content-Type", "text/plain")])) if not permissions.is_allowed_read(self.model.__name__, obj.context_id): raise Forbidden() object_for_json = self.object_for_json(obj) if "If-None-Match" in self.request.headers and self.request.headers["If-None-Match"] == self.etag( object_for_json ): return current_app.make_response(("", 304, [("Etag", self.etag(object_for_json))])) return self.json_success_response(object_for_json, self.modified_at(obj))
def get(self, id): obj = self.get_object(id) if obj is None: return self.not_found_response() if 'Accept' in self.request.headers and \ 'application/json' not in self.request.headers['Accept']: return current_app.make_response(( 'application/json', 406, [('Content-Type', 'text/plain')])) if not permissions.is_allowed_read(self.model.__name__, obj.context_id): raise Forbidden() object_for_json = self.object_for_json(obj) if 'If-None-Match' in self.request.headers and \ self.request.headers['If-None-Match'] == self.etag(object_for_json): return current_app.make_response(( '', 304, [('Etag', self.etag(object_for_json))])) return self.json_success_response( self.object_for_json(obj), self.modified_at(obj))
def get(self, id): obj = self.get_object(id) if obj is None: return self.not_found_response() if 'Accept' in self.request.headers and \ 'application/json' not in self.request.headers['Accept']: return current_app.make_response( ('application/json', 406, [('Content-Type', 'text/plain')])) if not permissions.is_allowed_read(self.model.__name__, obj.context_id): raise Forbidden() object_for_json = self.object_for_json(obj) if 'If-None-Match' in self.request.headers and \ self.request.headers['If-None-Match'] == self.etag(object_for_json): return current_app.make_response( ('', 304, [('Etag', self.etag(object_for_json))])) return self.json_success_response(self.object_for_json(obj), self.modified_at(obj))
def _get_assessments(self, model, object_type, object_id): """Get a list of assessments. Get a list of assessments with all their data from the db, according to the request GET parameters. """ ids_query = model.get_similar_objects_query(object_id, "Assessment") order_by = self._get_order_by_parameter() limit = self._get_limit_parameters() if not permissions.has_system_wide_read(): if not permissions.is_allowed_read(object_id, object_type, None): raise Forbidden() acl = models.all_models.AccessControlList acr = models.all_models.AccessControlRole ids_query = db.session.query(acl.object_id).join(acr).filter( acr.read.is_(True), acl.object_type == "Assessment", acl.object_id.in_(ids_query)) query = models.Assessment.query.options( orm.Load(models.Assessment).undefer_group("Assessment_complete", ), orm.Load(models.Assessment).joinedload("audit").undefer_group( "Audit_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_definitions").undefer_group( "CustomAttributeDefinitons_complete", ), orm.Load(models.Assessment).joinedload( "custom_attribute_values").undefer_group( "CustomAttributeValues_complete", ), ).filter(models.Assessment.id.in_(ids_query)) if order_by: query = pagination.apply_order_by( models.Assessment, query, order_by, models.Assessment, ) if limit: query, total = pagination.apply_limit(query, limit) else: total = query.count() return query, total
def import_people(): from werkzeug import secure_filename from ggrc.converters.common import ImportException from ggrc.converters.people import PeopleConverter from ggrc.converters.import_helper import handle_csv_import from ggrc.models import Person import ggrc.views if not permissions.is_allowed_read("/admin", 1): raise Forbidden() if request.method == 'POST': if 'cancel' in request.form: return import_redirect("/admin") dry_run = not ('confirm' in request.form) csv_file = request.files['file'] try: if csv_file and allowed_file(csv_file.filename): filename = secure_filename(csv_file.filename) options = {} options['dry_run'] = dry_run converter = handle_csv_import(PeopleConverter, csv_file, **options) if dry_run: options['converter'] = converter options['results'] = converter.objects options['heading_map'] = converter.object_map return render_template("people/import_result.haml", **options) else: count = len(converter.objects) flash(u'Successfully imported {} person{}'.format(count, 's' if count > 1 else ''), 'notice') return import_redirect("/admin") else: file_msg = "Could not import: invalid csv file." return render_template("directives/import_errors.haml", directive_id = "People", exception_message = file_msg) except ImportException as e: return render_template("directives/import_errors.haml", directive_id = "People", exception_message = str(e)) return render_template("people/import.haml", import_kind = 'People')
def admin(): """The admin dashboard page """ if not permissions.is_allowed_read("/admin", None, 1): raise Forbidden() return render_template("admin/index.haml")
def inclusion_filter(obj): return permissions.is_allowed_read(obj.__class__.__name__, obj.context_id)