def _add_to_principle_investigator_role(self): ''' Adds the principle_investigator to the principle investigator role that is defined in setting.PRINCIPLE_INVESTIGATOR_ROLE (if this setting is not set, or the role doesn't exist then an ImproperlyConfigured exception will be raised). This will replace any other user that is already in this role. ''' pi_code= getattr(settings, 'PRINCIPLE_INVESTIGATOR_ROLE', None) if pi_code != None: try: pi_role = Role.objects.get(name=pi_code) #check to see if the principle investigator is in the local for this role local_pi_users = pi_role.get_local_users(self) if(not self.principle_investigator in local_pi_users): #if not, remove all the local users from this role, and add the current principle investigator(there should only be one user locally in theis role) for user in local_pi_users: remove_local_role(self,user , pi_role) add_local_role(self, self.principle_investigator, pi_role) except ObjectDoesNotExist: raise ImproperlyConfigured('The workflow you specify in PRINCIPLE_INVESTIGATOR_ROLE must actually be configured in the db') else: raise ImproperlyConfigured('You must set PRINCIPLE_INVESTIGATOR_ROLE in the settings file')
def _add_to_principle_investigator_role(self): ''' Adds the principle_investigator to the principle investigator role that is defined in setting.PRINCIPLE_INVESTIGATOR_ROLE (if this setting is not set, or the role doesn't exist then an ImproperlyConfigured exception will be raised). This will replace any other user that is already in this role. ''' pi_code = getattr(settings, 'PRINCIPLE_INVESTIGATOR_ROLE', None) if pi_code != None: try: pi_role = Role.objects.get(name=pi_code) #check to see if the principle investigator is in the local for this role local_pi_users = pi_role.get_local_users(self) if (not self.principle_investigator in local_pi_users): #if not, remove all the local users from this role, and add the current principle investigator(there should only be one user locally in theis role) for user in local_pi_users: remove_local_role(self, user, pi_role) add_local_role(self, self.principle_investigator, pi_role) except ObjectDoesNotExist: raise ImproperlyConfigured( 'The workflow you specify in PRINCIPLE_INVESTIGATOR_ROLE must actually be configured in the db' ) else: raise ImproperlyConfigured( 'You must set PRINCIPLE_INVESTIGATOR_ROLE in the settings file' )
def save(self, force_insert=False, force_update=False, using=None, metadata={}): super(Resource, self).save(force_insert=force_insert, force_update=force_update, using=using) if self.__class__.__name__ == 'Resource': add_local_role(self, self.owner, resource_owner) else: # TODO this action should be performed only for workflows! # now it is ok since we have only Resource and Workflow add_local_role(self.resource_ptr, self.owner, resource_owner)
def test_get_object_for_principle_as_role_string_role(self): ''' If you specify a string instead of a role then this function should look up the role using the sting as the role name ''' an_object = Permission.objects.create(name='an_object', codename='an_object') add_local_role(an_object, self.test_principle, self.tester_role) another_object = Permission.objects.create(name='another_object', codename='another_object') add_local_role(another_object, self.test_principle, self.tester_role) objects = get_object_for_principle_as_role(principle=self.test_principle, principle_role='testRole') self.assertTrue(an_object in objects) self.assertTrue(another_object in objects)
def test_get_local_users(self): ''' This function which requires you to provide an object for the content, returns a list of users who are local members of this role for this content. ''' #if the object has no local roles returns empty list self.assertEqual([], self.role_1.get_local_users(self.page_1)) #if the object has a local role with a user return a list containing that user self.user_2 = User.objects.create(username="******") self.user_2.save() add_local_role(self.page_1, self.user, self.role_1) add_role(self.user_2, self.role_2) self.assertEqual([self.user], self.role_1.get_local_users(self.page_1))
def test_get_object_for_principle_as_role_local(self): ''' If the principle is a member of a local role for a given object then this object should be returned. This test is difficult to do: 1. You need to have a model to test against can we use one of the models that the permissions package defines? ''' an_object = Permission.objects.create(name='an_object', codename='an_object') add_local_role(an_object, self.test_principle, self.tester_role) another_object = Permission.objects.create(name='another_object', codename='another_object') add_local_role(another_object, self.test_principle, self.tester_role) objects = get_object_for_principle_as_role(principle=self.test_principle, principle_role=self.tester_role) self.assertTrue(an_object in objects) self.assertTrue(another_object in objects)
def assign_reviewer(self, user): ''' This function assigns user to the reviewer role for this application ''' if user is None or not isinstance(user, User): raise AttributeError('User specified was invalid') reviewer_code= getattr(settings, 'REVIEWER_ROLE', None) if reviewer_code != None: try: reviewer_role = Role.objects.get(name=reviewer_code) #check to see if the principle investigator is in the local for this role add_local_role(self, user, reviewer_role) except ObjectDoesNotExist: raise ImproperlyConfigured('The workflow you specify in REVIEWER_ROLE must actually be configured in the db') else: raise ImproperlyConfigured('You must set REVIEWER_ROLE in the settings file')
def assign_reviewer(self, user): ''' This function assigns user to the reviewer role for this application ''' if user is None or not isinstance(user, User): raise AttributeError('User specified was invalid') reviewer_code = getattr(settings, 'REVIEWER_ROLE', None) if reviewer_code != None: try: reviewer_role = Role.objects.get(name=reviewer_code) #check to see if the principle investigator is in the local for this role add_local_role(self, user, reviewer_role) except ObjectDoesNotExist: raise ImproperlyConfigured( 'The workflow you specify in REVIEWER_ROLE must actually be configured in the db' ) else: raise ImproperlyConfigured( 'You must set REVIEWER_ROLE in the settings file')
def create(request): ''' Create a new token, for which the logged in user will be the owner ''' if request.method == "POST": form = TokenForm(request.POST) if form.is_valid(): token = form.save() #get the user and supervisor user = request.user supervisor = user.supervisee.all()[0].supervisor #get the researcher and supervisor roles token_generator_role = Role.objects.get(name='Token_Generator') supervisor_role = Role.objects.get(name='Supervisor') #get the approval workflow approval_workflow = Workflow.objects.get(name='Token_Approval') #add the user and their supervisor as local roles for this token add_local_role(token, user, token_generator_role) add_local_role(token, supervisor, supervisor_role) set_workflow(token, approval_workflow) # redirect to home return HttpResponseRedirect(reverse('home_view')) else: form = TokenForm() return render_to_response("create_token.html", {"form": form,'edit':False,}, context_instance=RequestContext(request) )
def load_permission(self): #method provide the load permission for specific types of resource : File and Dataset #load the permissions from the lobcder permissions map if 'File' in self.metadata['type']: permissions_match = {'read': 'Reader', 'write': 'Editor'} permissions_map = self.get_user_group_permissions_map() for permission in self.metadata['lobcderPermission']: if permission in permissions_match.keys(): role = Role.objects.get(name=permissions_match[permission]) for user_group in self.metadata['lobcderPermission'][permission]: if user_group == 'vph': #Mark as public the resrouce. grant_permission(None, self, role) continue # check if the user/group in the lobcder permission list exisit in MI db. if User.objects.filter(username=user_group).exists(): name = User.objects.get(username=user_group) elif Group.objects.filter(name=user_group).exists(): name = Group.objects.get(name=user_group) else: name = None # if user/group exsists and is not already seted the Manager permission I can grant the corresponding permission if name and name in permissions_map and 'Manager' not in permissions_map[permissions_map.index(name)].roles: grant_permission(user_group, self, role) # if is a Dataset method: if 'Dataset' in self.metadata['type']: for role in get_resource_local_roles(): group_name = get_resource_global_group_name(self, role.name) try: group, created = VPHShareSmartGroup.objects.get_or_create(name=group_name) if created: group.managers.add(self.owner) group.user_set.add(self.owner) add_local_role(self, group, role) except ObjectDoesNotExist, e: pass
def temp_fix_institution_managers(): """ temporary method to grant GroupManager role to institution manager users """ institutions = Institution.objects.all() smartgroups = VPHShareSmartGroup.objects.all() for institution in institutions: for manager in institution.managers.all(): add_local_role(institution, manager, group_manager) institution.user_set.add(manager) for study in institution.study_set.all(): add_local_role(study, manager, group_manager) study.managers.add(manager) for smartgroup in smartgroups: for manager in smartgroup.managers.all(): smartgroup.user_set.add(manager) add_local_role(smartgroup, manager, group_manager)
def updateUser_set(obj, managers): for manager in managers: obj.user_set.add(manager) add_local_role(obj, manager, group_manager)
def accept(self, initiator): if do_transition(self, request_accept_transition, initiator): # grant Reader role to the requestor add_local_role(self.resource, self.requestor, resource_reader)
def read(self, request, ticket="", name="", parent=""): """ Create a smart group Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name parent (string): the parent group name (optional) Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: name = request.GET.get("group") # check if a user with the group name exists try: User.objects.get(username__iexact=name) # select case-insensitive response = HttpResponse(status=500) response._is_string = True return response except ObjectDoesNotExist, e: pass try: Group.objects.get(name__iexact=name) # select case-insensitive response = HttpResponse(status=500) response._is_string = True return response except ObjectDoesNotExist, e: pass parent = request.GET.get("parent", "") group = VPHShareSmartGroup.objects.create(name=name) group.managers.add(user) group.user_set.add(user) add_local_role(group, user, group_manager) if parent: try: group.parent = Group.objects.get(name=parent) except ObjectDoesNotExist, e: pass group.save() response = HttpResponse(status=200) response._is_string = True response.write("OK") return response