def get_members_batch(community, request, size=10):
mods = list(community.moderator_names)
members = list(community.member_names - community.moderator_names)
any = list(community.member_names | community.moderator_names)
principals = effective_principals(request)
searcher = ICatalogSearch(community)
total, docids, resolver = searcher(interfaces=[IProfile],
limit=size,
name={'query': any,
'operator': 'or'},
allowed={'query': principals,
'operator': 'or'},
)
mod_entries = []
other_entries = []
for docid in docids:
model = resolver(docid)
if model is not None:
if model.__name__ in mods:
mod_entries.append(model)
else:
other_entries.append(model)
return (mod_entries + other_entries)[:size]
def outstanding_principals(permission, context, request):
"""Returns a list of sets of principals, where the attainment of all of the
principals in any one of the sets would be sufficient to grant the current
user (``request.user``) the `permission` in the given `context`."""
# TODO be able to determine a context based on a route name
if has_permission(permission, context, request):
return []
principals = principals_allowed_by_permission(context, permission)
if not principals:
# the permission must not exist at all within this context
return ['__unattainable__']
effective = set(effective_principals(request))
outstanding = []
for p in principals:
if p in TRUST_MAP:
for alternative_principals in TRUST_MAP[p]:
diff = set(alternative_principals) - effective
if len(diff) > 0 and 'auth:insecure' not in diff:
outstanding.append(diff)
else:
outstanding.append(set([p]))
return outstanding
def __init__(self, context, request):
self._request = request
self._context = context
self._types = request.registry[TYPES]
self._search_base = normalize_query(request)
self._result = {
'@context': request.route_path('jsonld_context'),
'filters': [],
}
self._doc_types = request.params.getall('type')
self._principals = effective_principals(request)
self._elastic_search = request.registry[ELASTIC_SEARCH]
self._es_index = RESOURCES_INDEX
self._search_audit = request.has_permission('search_audit')
self._search_term = prepare_search_term(request)
self._request_cache = None
self._facets = [
('type', {
'title': 'Data Type'
}),
]
self.from_, self.size = get_pagination(request)
from_, page_size = get_pagination(request)
self._from_ = from_
self._size = page_size
def user(request):
from pyramid.security import authenticated_userid, effective_principals
return {
"authenticated_userid": authenticated_userid(request),
"effective_principals": effective_principals(request),
}
def allows(self, principals, permission=None):
""" ``principals`` may either be 1) a sequence of principal
indentifiers, 2) a single principal identifier, or 3) a Pyramid
request, which indicates that all the effective principals implied by
the request are used.
``permission`` may be ``None`` if this index is configured with
only a single permission. Otherwise a permission name must be passed
or an error will be raised.
"""
permissions = self.discriminator.permissions
if permission is None:
if len(permissions) > 1:
raise ValueError('Must pass a permission')
else:
permission = list(permissions)[0]
else:
if permissions is not None and not permission in permissions:
raise ValueError(
'This index does not support the %s '
'permission' % (permission,)
)
if IRequest.providedBy(principals):
principals = effective_principals(principals)
elif not is_nonstr_iter(principals):
principals = (principals,)
principals = [ get_principal_repr(p) for p in principals ]
values = [(principal, permission) for principal in principals]
return hypatia.query.Any(self, values)
def get_images_batch(
context,
request,
creator=None, # 'My Recent' in imagedrawer
community=None, # 'This Community' in imagedrawer
batch_start=0,
batch_size=12,
sort_index='creation_date',
reverse=True,
batcher=get_catalog_batch): # For unit testing
search_params = dict(
interfaces=[
IImage,
],
allowed={
'query': effective_principals(request),
'operator': 'or'
},
sort_index=sort_index,
reverse=reverse,
batch_start=batch_start,
batch_size=batch_size,
)
if creator is not None:
search_params['creator'] = creator
if community is not None:
search_params['path'] = community
return batcher(context, request, **search_params)
def recent_activity(context, request):
community = find_community(context)
if not community:
return ''
registry = request.registry
community_path = resource_path(community)
search = registry.getAdapter(context, ICatalogSearch)
principals = effective_principals(request)
recent_items = []
num, docids, resolver = search(
limit=10,
path={'query': community_path},
allowed={
'query': principals,
'operator': 'or'
},
sort_index='modified_date',
reverse=True,
interfaces=[ICommunityContent],
)
models = filter(None, map(resolver, docids))
for model in models:
adapted = registry.getMultiAdapter((model, request), IGridEntryInfo)
recent_items.append(adapted)
return {'recent_items': recent_items}
def get_user_id(request):
principals = effective_principals(request)
for principal in principals:
if type(principal) is unicode:
user = user_service.get_user_by_login(principal)
return user.id
return None
def archive_portlet(context, request):
with context._p_jar._storage.ex_cursor() as cursor:
community = find_community(context)
community_cond = qbe.sql(context._p_jar, dict(community=community))
cursor.execute(
"""
select month, count(*) from (
select substring(state->>'created' from 1 for 7) as month
from newt natural join karlex
where class_name = 'karl.content.models.blog.BlogEntry'
and """ + community_cond + """
and newt_can_view(state, %s)
) _
group by month order by month desc
""", (effective_principals(request), ))
blog = find_interface(context, IBlog)
return {
'archive': [
MonthlyActivity(
year, month, count,
request.resource_url(blog,
query={
'year': year,
'month': month
}))
for (year, month, count) in ((month[:4], month[-2:], count)
for month, count in cursor)
]
}
def outstanding_principals(permission, context, request):
"""Returns a list of sets of principals, where the attainment of all of the
principals in any one of the sets would be sufficient to grant the current
user (``request.user``) the `permission` in the given `context`."""
# TODO be able to determine a context based on a route name
if has_permission(permission, context, request):
return []
principals = principals_allowed_by_permission(context, permission)
if not principals:
# the permission must not exist at all within this context
return ['__unattainable__']
effective = set(effective_principals(request))
outstanding = []
for p in principals:
if p in TRUST_MAP:
for alternative_principals in TRUST_MAP[p]:
diff = set(alternative_principals) - effective
if len(diff) > 0 and 'auth:insecure' not in diff:
outstanding.append(diff)
else:
outstanding.append(set([p]))
return outstanding
def login(request):
'''
forbidden_view_config decorator indicates that this is the route to redirect to when an user
has no access to a page
'''
# Get session id from cookie
session_id = unauthenticated_userid(request)
# Get roles
principals = effective_principals(request)
# Requests will be forwarded here when users aren't authorized to those pages
# If they are unauthorized to those pages, they should have session id and principals
# and, if there is a session id and principals, return 403
# Here, we return 403 for users that has a role of None
# This can be an user that has no role from IDP or has a role that we don't know of
if Roles.get_invalid_role() in principals or (principals and session_id):
write_security_event("Forbidden view being accessed",
SECURITY_EVENT_TYPE.WARN, session_id)
return HTTPForbidden()
# clear out the session if we found one in the cookie
if session_id is not None:
expire_session(session_id)
handlers = [_handle_OAUTH2_Implicit_login_flow, _handle_SAML2_login_flow]
for handler in handlers:
response = handler(request)
if response is not None:
return response
return HTTPForbidden()
def report_year_week(request):
""" The leaderboard for a specific week of a specific year. """
frame = 'week'
## TODO: how to make sure this doesn't break?
year = int(request.matchdict.get('year'))
week = int(request.matchdict.get('weeknumber'))
# Get the week using the number of week
start = date(year, 1, 1) + timedelta(weeks=week - 1)
# Get the start of the week (as January 1st might not have been a Monday)
start = get_start_week(start.year, start.month, start.day)
stop = start + timedelta(days=6)
user_to_rank = request.db._make_leaderboard(
start=start,
stop=stop,
)
return dict(
auth_principals=effective_principals(request),
user_to_rank=user_to_rank,
start_date=start,
stop_date=stop,
frame=frame,
)
def user_latest_meeting_entries(context, request, va, **kw):
view = kw['view']
query = {}
# context is the user profile, but if within a meeting it's importat to preform a check
# wether you're allowed to view entries
# If the view that calls this is invoked outside a meeting, only admins and owners
# will be able to view it.
if request.meeting:
query['path'] = resource_path(request.meeting)
query['allowed_to_view'] = {
'operator': 'or',
'query': effective_principals(request)
}
else:
query['path'] = resource_path(request.root)
query['creator'] = context.userid
query['type_name'] = {
'query': ('Proposal', 'DiscussionPost'),
'operator': 'ANY'
}
query['sort_index'] = 'created'
query['reverse'] = True
query['limit'] = 5
response = dict(
last_entries=view.catalog_search(resolve=True, **query),
context=context,
)
return render(
'voteit.core:templates/snippets/user_latest_meeting_entries.pt',
response,
request=request)
def report_year_month_day(request):
""" The leaderboard for a specific month of a specific year. """
frame = 'day'
## TODO: how to make sure this doesn't break?
year = int(request.matchdict.get('year'))
month = int(request.matchdict.get('month'))
day = int(request.matchdict.get('day'))
start = date(year, month, day)
stop = date(year, month, day) + timedelta(days=1)
user_to_rank = request.db._make_leaderboard(
start=start,
stop=stop,
)
return dict(
auth_principals=effective_principals(request),
user_to_rank=user_to_rank,
start_date=start,
stop_date=stop,
frame=frame,
)
def all_forums_view(context, request):
page_title = "Message Boards"
api = TemplateAPI(context, request, page_title)
# Don't use the forums folder as the starting point, use its
# parent (the community) to allow recursion
context_path = model_path(context.__parent__)
searcher = ICatalogSearch(context)
total, docids, resolver = searcher(
interfaces=[ICommunity],
path={'query': context_path, 'include_path': True},
allowed={'query': effective_principals(request),
'operator': 'or'},
sort_index='title',
)
community_data = []
for docid in docids:
community = resolver(docid)
if community is not None:
forum_data = get_forum_data(community, request)
if forum_data:
community_data.append({'title': community.title,
'forum_data': forum_data})
return render_to_response(
'templates/all_forums.pt',
{'api': api,
'community_data': community_data},
request=request
)
def user_latest_meeting_entries(context, request, va, **kw):
api = kw['api']
query = {}
#context is the user profile, but if within a meeting it's importat to preform a check
#wether you're allowed to view entries
#If the view that calls this is invoked outside a meeting, only admins and owners
#will be able to view it.
if api.meeting:
query['path'] = resource_path(api.meeting)
query['allowed_to_view'] = {
'operator': 'or',
'query': effective_principals(request)
}
else:
query['path'] = resource_path(api.root)
query['creators'] = context.userid
query['content_type'] = {
'query': ('Proposal', 'DiscussionPost'),
'operator': 'or'
}
query['sort_index'] = 'created'
query['reverse'] = True
query['limit'] = 5
response = dict(
last_entries=api.get_metadata_for_query(**query),
api=api,
context=context,
truncate=strip_and_truncate,
)
return render('../templates/snippets/user_latest_meeting_entries.pt',
response,
request=request)
def get_report_query(report, request, letter=None):
"""Produce query parameters for a catalog search
"""
if report is not None:
kw = report.getQuery()
else:
kw = {}
for k, v in request.GET.items():
if k.startswith('category_') or k == 'groups':
if ':' in v:
values, operator = v.split(':')
else:
values, operator = v, 'or'
kw[k] = {'query': values.split(','), 'operator': operator}
elif k == 'is_staff':
kw[k] = v.lower() in ('true', 't', 'yes', 'y', '1')
principals = effective_principals(request)
kw['allowed'] = {'query': principals, 'operator': 'or'}
if letter is None:
letter = request.params.get('lastnamestartswith')
if letter:
kw['lastnamestartswith'] = letter.upper()
body = request.params.get('body')
if body:
kw['texts'] = body.strip() + '*'
return kw
def reset(self):
if self.request.params.get('came_from') is not None:
came_from = self.request.params.get('came_from')
else:
came_from = self.request.route_url('map_view')
# Make sure the user is not logged in
principals = effective_principals(self.request)
if "system.Authenticated" in principals:
return HTTPFound(location=came_from)
username = self.request.params.get("username")
user = DBSession.query(User).filter(User.username == username).first()
if user is None:
msg = _(u"No registered user found with this email address.")
return render_to_response(getTemplatePath(self.request, 'users/reset_password_form.mak'), {
'came_from': came_from,
'warning': msg
}, self.request)
new_password = user.set_new_password()
body = render(getTemplatePath(self.request, 'emails/reset_password.mak'), {
'user': user.username,
'new_password': new_password
}, self.request)
self._send_email([user.email], _(u"Password reset"), body)
return render_to_response(getTemplatePath(self.request, 'users/reset_password_success.mak'), {}, self.request)
def __call__(self, context, request):
req_principals = effective_principals(request)
if is_nonstr_iter(req_principals):
rpset = set(req_principals)
if self.val.issubset(rpset):
return True
return False
def login(context, request):
email = urllib.unquote(request.matchdict['email'])
user = User.get(request.db_session, email)
# non-admin users cannot check if another user has permissions on a
# given instance
if authenticated_userid(request) != email and \
'admin' not in effective_principals(request):
return generate_empty_response(HTTPForbidden(), request, 403)
try:
# the domain could be an alias. We need the instance domain
domain = Alias.get(request.db_session,
request.params['domain'])\
.instance.domain
except NoResultFound:
domain = request.params['domain']
except KeyError:
log.error('No domain in request for users.login')
return generate_empty_response(HTTPForbidden(), request, 403)
instance = Instance.get_by_domain(request.db_session, domain)
if not user.can_access(instance):
log.error('%s cannot login on %s', email, domain)
return generate_empty_response(HTTPForbidden(), request, 403)
return user.to_dict()
def get_members_batch(community, request, size=10):
mods = list(community.moderator_names)
any = list(community.member_names | community.moderator_names)
principals = effective_principals(request)
searcher = ICatalogSearch(community)
total, docids, resolver = searcher(
interfaces=[IProfile],
limit=size,
name={
'query': any,
'operator': 'or'
},
allowed={
'query': principals,
'operator': 'or'
},
)
mod_entries = []
other_entries = []
for docid in docids:
model = resolver(docid)
if model is not None:
if model.__name__ in mods:
mod_entries.append(model)
else:
other_entries.append(model)
return (mod_entries + other_entries)[:size]
def get_report_query(report, request, letter=None):
"""Produce query parameters for a catalog search
"""
if report is not None:
kw = report.getQuery()
else:
kw = {}
for k, v in request.GET.items():
if k.startswith('category_') or k == 'groups':
if ':' in v:
values, operator = v.split(':')
else:
values, operator = v, 'or'
kw[k] = {'query': values.split(','), 'operator': operator}
elif k == 'is_staff':
kw[k] = v.lower() in ('true', 't', 'yes', 'y', '1')
principals = effective_principals(request)
show_all_users = get_setting(report, "show_all_users")
if not show_all_users:
principals.remove("system.Authenticated")
principals.remove("system.Everyone")
kw['allowed'] = {'query': principals, 'operator': 'or'}
if letter is None:
letter = request.params.get('lastnamestartswith')
if letter:
kw['lastnamestartswith'] = letter.upper()
body = request.params.get('body')
if body:
kw['texts'] = body.strip() + '*'
return kw
def access_key_add(context, request):
crypt_context = request.registry[CRYPT_CONTEXT]
if 'access_key_id' not in request.validated:
request.validated['access_key_id'] = generate_user()
if 'user' not in request.validated:
request.validated['user'], = [
principal.split('.', 1)[1]
for principal in effective_principals(request)
if principal.startswith('userid.')
]
password = None
if 'secret_access_key_hash' not in request.validated:
password = generate_password()
request.validated['secret_access_key_hash'] = crypt_context.encrypt(
password)
result = collection_add(context, request)
if password is None:
result['secret_access_key'] = None
else:
result['secret_access_key'] = password
result['access_key_id'] = request.validated['access_key_id']
result['description'] = request.validated['description']
return result
def discover_community_members_json(context, request):
""" Return users who share a community with the given user.
Query string may include:
- 'userid': the user whose communities we enumerate (defaults to the
current user).
"""
users = find_users(context)
userid = request.GET.get('userid', None)
if userid is None:
userid = authenticated_userid(request)
principals = effective_principals(request)
communities = [x[0] for x in get_community_groups(principals)]
else:
info = users.get(userid)
communities = [x[0] for x in get_community_groups(info['groups'])]
c_groups = [(x,
_quippers_from_users(
context, request,
users.users_in_group('group.community:%s:members' % x)))
for x in communities]
return {
'userid': userid,
'members': dict(c_groups),
}
def home_view(request):
roles = effective_principals(request)
# login occurs in roles after 'system.Everyone' and 'system.Authenticated'
login = roles[2]
# Obtain user object and all class objects from database
user = session.query(User).filter_by(username = login).first()
classes = session.query(Class).all()
# Determine values of remaining variables required by template
isAdministrator = isTeacher = False
interventions = classesTaught = []
if 'administrator' in roles:
isAdministrator = True
elif 'teacher' in roles:
isTeacher = True
classesTaught = session.query(Class).filter_by(teacher_id=user.id).all()
# Shows the 10 most recent interventions created
interventions = session.query(Intervention).order_by(Intervention.id.desc()).limit(10).all()
return {
# Returns values required in templates
'login' : login,
'user' : user,
'classes' : classes,
'isAdministrator' : isAdministrator,
'isTeacher' : isTeacher,
'classesTaught' : classesTaught,
'interventions': interventions,
}
def students_view(request):
roles = effective_principals(request)
# login occurs in roles after 'system.Everyone' and 'system.Authenticated'
login = roles[2]
# Locates user object with the same username as in 'effective_principals'
user = session.query(User).filter_by(username = login).first()
# List of all students in alphabetical order
students = session.query(Student).order_by(Student.surname.asc(), Student.forename.asc(), Student.id.asc()).all()
isAdministrator = isTeacher = False
classesTaught = studentsTaught = []
if 'administrator' in roles:
isAdministrator = True
if 'teacher' in roles:
isTeacher = True
# Finds all classes taught by the user
classesTaught = session.query(Class).filter_by(teacher_id = user.id).all()
# Use set comprehension to remove duplicate students
setOfStudentsTaught = {st for cl in classesTaught for st in cl.students}
# Use list comprehension to put in alphabetical order
studentsTaught = [st for st in students if st in setOfStudentsTaught]
return {
'students' : students,
'isAdministrator': isAdministrator,
'isTeacher': isTeacher,
'classesTaught': classesTaught,
'studentsTaught': studentsTaught,
}
def access_key_add(context, request):
crypt_context = request.registry[CRYPT_CONTEXT]
if 'access_key_id' not in request.validated:
request.validated['access_key_id'] = generate_user()
if 'user' not in request.validated:
request.validated['user'], = [
principal.split('.', 1)[1]
for principal in effective_principals(request)
if principal.startswith('userid.')
]
password = None
if 'secret_access_key_hash' not in request.validated:
password = generate_password()
request.validated['secret_access_key_hash'] = crypt_context.encrypt(password)
result = collection_add(context, request)
if password is None:
result['secret_access_key'] = None
else:
result['secret_access_key'] = password
result['access_key_id'] = request.validated['access_key_id']
result['description'] = request.validated['description']
return result
def _show_communities_view_helper(context,
request,
prefix='',
**kw
):
# Grab the data for the two listings, main communities and portlet
communities_path = resource_path(context)
query = dict(
sort_index='title',
interfaces=[ICommunity],
path={'query': communities_path, 'depth': 1},
allowed={'query': effective_principals(request), 'operator': 'or'},
**kw
)
qualifiers = []
titlestartswith = request.params.get('titlestartswith')
if titlestartswith:
query['titlestartswith'] = (titlestartswith, titlestartswith)
qualifiers.append(
_(u"Communities that begin with '${titlestartswith}'",
mapping={'titlestartswith': titlestartswith}))
body = request.params.get('body')
if body:
query['texts'] = body
qualifiers.append('Search for "%s"' % body)
error = None
try:
batch_info = get_catalog_batch_grid(context, request, **query)
except ParseError, e:
batch_info = {'entries': [], 'batching_required': False}
error = _(u'Error: ${message}', mapping={'message': e})
def userid(instance, subschema):
request = get_current_request()
principals = effective_principals(request)
for principal in principals:
if principal.startswith('userid.'):
return principal[7:]
return NO_DEFAULT
def _add_view_to_spec(self, spec):
principals = security.effective_principals(self.request)
# Don't even bother modifying the spec if the user is in the superuser group.
if 'group:superuser' in principals: return spec
if spec is None: spec = {}
spec['_view'] = {'$in': principals}
return spec
def _get_criteria(request):
principals = effective_principals(request)
principals = [x for x in principals if not x.startswith('system.')]
# Check to see if we're asking for only "my" communities.
filterby = request.params.get('filter', '')
# cookie must be set even if param is empty or non-existent, to make
# the no-filter button sticky.
#header = ('Set-Cookie', '%s=%s; Path=/' % (_FILTER_COOKIE, str(filterby)))
request.cookies[_FILTER_COOKIE] = filterby
request.response.set_cookie(_FILTER_COOKIE, str(filterby), path='/')
if filterby == 'mycommunities':
principals = [x for x in principals if not x.startswith('group.Karl')]
if filterby == 'mycontent':
created_by = authenticated_userid(request)
elif filterby.startswith('profile:'):
created_by = filterby[len('profile:'):]
elif filterby.startswith('community:'):
created_by = None
community = filterby[len('community:'):]
prefix = 'group.community:%s' % community
principals = [x for x in principals if x.startswith(prefix)]
else:
created_by = None
return principals, created_by
def userid(property, subschema):
request = get_current_request()
principals = effective_principals(request)
for principal in principals:
if principal.startswith('userid.'):
return principal[7:]
return NO_DEFAULT
def related_communities_ajax_view(context, request):
assert ICommunity.providedBy(context), str(type(context))
related = []
principals = effective_principals(request)
searcher = ICatalogSearch(context)
search = ' OR '.join(context.title.lower().split())
total, docids, resolver = searcher(
interfaces=[ICommunity],
limit=5,
reverse=True,
sort_index="modified_date",
texts=search,
allowed={
'query': principals,
'operator': 'or'
},
)
for docid in docids:
model = resolver(docid)
if model is not None:
if model is not context:
adapted = getMultiAdapter((model, request), IGridEntryInfo)
related.append(adapted)
return {'items': related}
def get_my_communities(communities_folder, request, ignore_preferred=False):
# sorted by title
principals = effective_principals(request)
communities = {}
for name, role in get_community_groups(principals):
if name in communities:
continue
try:
community = communities_folder[name]
except KeyError:
continue
# Do not include any communities in any stage of being archived
if not getattr(community, 'archive_status', False):
communities[name] = (community.title, community)
communities = communities.values()
communities.sort()
communities = [ x[1] for x in communities ]
preferred = get_preferred_communities(communities_folder, request)
# if preferred list is empty show all instead of nothing
if preferred == []:
ignore_preferred = True
my_communities = []
for community in communities:
adapted = getMultiAdapter((community, request), ICommunityInfo)
if not ignore_preferred and preferred is not None \
and adapted.title in preferred:
my_communities.append(adapted)
if preferred is None or ignore_preferred:
my_communities.append(adapted)
return my_communities
def _get_criteria(request):
principals = effective_principals(request)
principals = [x for x in principals if not x.startswith('system.')]
# Check to see if we're asking for only "my" communities.
filterby = request.params.get('filter', '')
# cookie must be set even if param is empty or non-existent, to make
# the no-filter button sticky.
# header = ('Set-Cookie', '%s=%s; Path=/' % (_FILTER_COOKIE, str(filterby)))
request.cookies[_FILTER_COOKIE] = filterby
request.response.set_cookie(_FILTER_COOKIE, str(filterby), path='/')
if filterby == 'mycommunities':
principals = [x for x in principals if not x.startswith('group.Karl')]
if filterby == 'mycontent':
created_by = authenticated_userid(request)
elif filterby.startswith('profile:'):
created_by = filterby[len('profile:'):]
elif filterby.startswith('community:'):
created_by = None
community = filterby[len('community:'):]
prefix = 'group.community:%s' % community
principals = [x for x in principals if x.startswith(prefix)]
else:
created_by = None
return principals, created_by
def builder(request):
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# set came_from so we can get back home after openid auth.
request.session['came_from'] = request.route_url('builder')
# get default creator field
default_creator = None
user = request.db.get_person(person_email=authenticated_userid(request))
if user:
default_creator = user.nickname or user.email
badge_yaml = None
if request.POST:
badge_yaml = generate_badge_yaml(request.POST)
return dict(
auth_principals=effective_principals(request),
awarded_assertions=awarded_assertions,
default_creator=default_creator,
badge_yaml=badge_yaml,
)
def class_view(request):
id = request.matchdict['id']
cl = session.query(Class).filter_by(id = id).first()
if not cl:
raise HTTPNotFound()
roles = effective_principals(request)
login = roles[2]
teacher = session.query(User).filter(cl.teacher_id == User.id).first()
isAdministrator = isDirector = isAssistant = False
if 'administrator' in roles:
isAdministrator = True
if 'director' in roles:
isDirector = True
if 'assistant' in roles:
isAssistant = True
return {
'cl': cl,
'teacher': teacher,
'isAdministrator': isAdministrator,
'isDirector': isDirector,
'isAssistant': isAssistant,
}
def login_form(self):
"""
Renders the simple login form
"""
# Prevent endless loops
if self.request.referer is not None\
and self.request.referer != self.request.route_url('reset_form')\
and not self.request.referer.startswith(
self.request.route_url('login_form')):
came_from = self.request.referer
else:
came_from = self.request.route_url('map_view')
# Make sure the user is not logged in
principals = effective_principals(self.request)
if "system.Authenticated" in principals:
return HTTPFound(location=came_from)
return render_to_response(
get_customized_template_path(self.request, 'login_form.mak'),
{
'came_from': came_from,
'warning': None
},
self.request)
def __call__(self, context, request):
req_principals = effective_principals(request)
if is_nonstr_iter(req_principals):
rpset = set(req_principals)
if self.val.issubset(rpset):
return True
return False
def recent_items(self):
if self._recent_items is None:
community = find_interface(self.context, ICommunity)
if community is not None:
community_path = resource_path(community)
search = getAdapter(self.context, ICatalogSearch)
principals = effective_principals(self.request)
self._recent_items = []
num, docids, resolver = search(
limit=10,
path={'query': community_path},
allowed={
'query': principals,
'operator': 'or'
},
sort_index='modified_date',
reverse=True,
interfaces=[ICommunityContent],
)
models = filter(None, map(resolver, docids))
for model in models:
adapted = getMultiAdapter((model, self.request),
IGridEntryInfo)
self._recent_items.append(adapted)
return self._recent_items
def _show_communities_view_helper(context, request, prefix='', **kw):
# Grab the data for the two listings, main communities and portlet
communities_path = resource_path(context)
query = dict(sort_index='title',
interfaces=[ICommunity],
path={
'query': communities_path,
'depth': 1
},
allowed={
'query': effective_principals(request),
'operator': 'or'
},
**kw)
qualifiers = []
titlestartswith = request.params.get('titlestartswith')
if titlestartswith:
query['titlestartswith'] = (titlestartswith, titlestartswith)
qualifiers.append("Communities that begin with '%s'" % titlestartswith)
body = request.params.get('body')
if body:
query['texts'] = body
qualifiers.append('Search for "%s"' % body)
error = None
try:
batch_info = get_catalog_batch_grid(context, request, **query)
except ParseError, e:
batch_info = {'entries': [], 'batching_required': False}
error = 'Error: %s' % e
def builder(request):
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# set came_from so we can get back home after openid auth.
request.session['came_from'] = request.route_url('builder')
# get default creator field
default_creator = None
user = request.db.get_person(person_email=authenticated_userid(request))
if user:
default_creator = user.nickname or user.email
badge_yaml = None
if request.POST:
badge_yaml = generate_badge_yaml(request.POST)
return dict(
auth_principals=effective_principals(request),
awarded_assertions=awarded_assertions,
default_creator=default_creator,
badge_yaml=badge_yaml,
)
def get_my_communities(communities_folder, request, ignore_preferred=False):
# sorted by title
principals = effective_principals(request)
communities = {}
for name, role in get_community_groups(principals):
if name in communities:
continue
try:
community = communities_folder[name]
except KeyError:
continue
communities[name] = (community.title, community)
communities = communities.values()
communities.sort()
communities = [x[1] for x in communities]
preferred = get_preferred_communities(communities_folder, request)
# if preferred list is empty show all instead of nothing
if preferred == []:
ignore_preferred = True
my_communities = []
for community in communities:
adapted = getMultiAdapter((community, request), ICommunityInfo)
if not ignore_preferred and preferred is not None \
and adapted.title in preferred:
my_communities.append(adapted)
if preferred is None or ignore_preferred:
my_communities.append(adapted)
return my_communities
def allows(self, principals, permission=None):
""" ``principals`` may either be 1) a sequence of principal
indentifiers, 2) a single principal identifier, or 3) a Pyramid
request, which indicates that all the effective principals implied by
the request are used.
``permission`` may be ``None`` if this index is configured with
only a single permission. Otherwise a permission name must be passed
or an error will be raised.
"""
permissions = self.discriminator.permissions
if permission is None:
if len(permissions) > 1:
raise ValueError('Must pass a permission')
else:
permission = list(permissions)[0]
else:
if permissions is not None and not permission in permissions:
raise ValueError(
'This index does not support the %s '
'permission' % (permission,)
)
if IRequest.providedBy(principals):
principals = effective_principals(principals)
elif not is_nonstr_iter(principals):
principals = (principals,)
principals = [ get_principal_repr(p) for p in principals ]
values = [(principal, permission) for principal in principals]
return hypatia.query.Any(self, values)
def __init__(self, context, request, page_title=None):
self.settings = dict(get_settings(context))
self.settings.update(self.config_settings)
self.site = site = find_site(context)
self.context = context
self.request = request
self.userid = authenticated_userid(request)
self.app_url = app_url = request.application_url
self.profile_url = app_url + '/profiles/%s' % self.userid
self.here_url = self.context_url = resource_url(context, request)
self.view_url = resource_url(context, request, request.view_name)
self.read_only = not is_normal_mode(request.registry)
self.static_url = get_static_url(request)
self.resource_devel_mode = is_resource_devel_mode()
self.browser_upgrade_url = request.registry.settings.get(
'browser_upgrade_url', '')
# this data will be provided for the client javascript
self.karl_client_data = {}
# Provide a setting in the INI to fully control the entire URL
# to the static. This is when the proxy runs a different port
# number, or to "pipeline" resources on a different URL path.
full_static_path = self.settings.get('full_static_path', False)
if full_static_path:
if '%d' in full_static_path:
# XXX XXX note self._start_time is needed... and not _start_time
# XXX XXX since this was a trivial bug, there is chance that
# XXX XXX this actually never runs! TODO testing???
full_static_path = full_static_path % self._start_time
self.static_url = full_static_path
self.page_title = page_title
self.system_name = self.title = self.settings.get('title', 'KARL')
self.user_is_admin = 'group.KarlAdmin' in effective_principals(request)
self.can_administer = has_permission('administer', site, request)
self.can_email = has_permission('email', site, request)
self.admin_url = resource_url(site, request, 'admin.html')
date_format = get_user_date_format(context, request)
self.karl_client_data['date_format'] = date_format
# XXX XXX XXX This will never work from peoples formish templates
# XXX XXX XXX (edit_profile and derivates) because, in those form
# XXX XXX XXX controllers, the api is instantiated from __init__,
# XXX XXX XXX where request.form is still unset!!! (From all other
# XXX XXX XXX formcontrollers the api is instantiated from __call__,
# XXX XXX XXX which is why this works. A chicken-and-egg problem, really.
if hasattr(request, 'form') and getattr(request.form, 'errors', False):
# This is a failed form submission request, specify an error message
self.error_message = u'Please correct the indicated errors.'
self.site_announcements = getattr(self.site, "site_announcements", [])
profiles = find_profiles(self.site)
profile = profiles is not None and profiles.get(self.userid,
None) or None
self.unseen_site_announcements = []
if profile is not None and hasattr(profile, "_seen_announcements") \
and hasattr(site, "site_announcements"):
for item in site.site_announcements:
if item['hash'] not in profile._seen_announcements:
self.unseen_site_announcements.append(item)
def sem_auth_control(self):
"""
Se o usuário está logado e veio parar aqui quer dizer que ele não tem autorização para acessar
alguma view. então devo retornar uma mensagem dizendo que ele não tem permissão, ou uma página de não permissão.
Se o usuário não estiver logado ele vai para a tela de login
:return:
"""
print("Sem auth control")
print(effective_principals(self.request))
if 'system.Authenticated' in effective_principals(self.request):
print("Usuário sem permissão: %r" % self.logged_in)
return HTTPUnauthorized() #mudar para HTTPFound e criar uma tela de não permissão.
else:
print("Usuário não logado. redirecionando para login")
return HTTPFound(location=self.request.application_url + '/login') #redirecionado pra tela de login
def number_of_comments(forum, request):
searcher = ICatalogSearch(forum)
total, docids, resolver = searcher(
interfaces=[IComment],
path={'query': resource_path(forum)},
allowed={'query': effective_principals(request), 'operator': 'or'},
)
return total
def get_recent_items_batch(community, request, size=10):
batch = get_catalog_batch_grid(
community, request, interfaces=[ICommunityContent],
sort_index="modified_date", reverse=True, batch_size=size,
path={'query': resource_path(community)},
allowed={'query': effective_principals(request), 'operator': 'or'},
)
return batch
def get_recent_items_batch(community, request, size=10):
batch = get_catalog_batch_grid(
community, request, interfaces=[ICommunityContent],
sort_index="modified_date", reverse=True, batch_size=size,
path={'query': resource_path(community)},
allowed={'query': effective_principals(request), 'operator': 'or'},
)
return batch
def get_catalog_events(context, request,
searchterm=None, year=None, month=None,
past_events=None):
# Build up a query
query = dict(
path={'query': resource_path(context)},
allowed={'query': effective_principals(request), 'operator': 'or'},
interfaces=[ICalendarEvent],
sort_index="start_date",
reverse=True,
use_cache=False,
)
if searchterm is not None:
query['texts'] = searchterm
if searchterm is not None and year is None and month is None:
# all years, all months, don't add anything to the query
pass
elif year is not None or month is not None:
if year is not None:
year = int(year)
else:
# No year given, assume this year
year = datetime.datetime.now().year
if month is not None:
month = int(month)
last_day = calendar.monthrange(year, month)[1]
first_moment = coarse_datetime_repr(
datetime.datetime(year, month, 1))
last_moment = coarse_datetime_repr(
datetime.datetime(year, month, last_day, 23, 59, 59))
else:
# No month given, search entire year
first_moment = coarse_datetime_repr(datetime.datetime(year, 1, 1))
last_moment = coarse_datetime_repr(datetime.datetime(year+1, 1, 1))
query['start_date'] = (None, last_moment)
query['end_date'] = (first_moment, None)
else:
# Show either all future or all past events
now = coarse_datetime_repr(datetime.datetime.now())
if past_events:
# Past; show the most recent first
query['end_date'] = (None, now)
query['reverse'] = True
else:
# Future; show the soonest first
query['end_date'] = (now, None)
query['reverse'] = False
batch = get_catalog_batch_grid(context, request, **query)
return batch
def index(request):
n = 5 # n is the number of items displayed in each column.
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# set came_from so we can get back home after openid auth.
request.session['came_from'] = request.route_url('home')
persons_assertions = request.db.get_all_assertions().join(
m.Person).filter(
m.Person.opt_out == False)
from collections import defaultdict
top_persons = defaultdict(int) # person: assertion count
for item in persons_assertions:
top_persons[item.person] += 1
top_persons_sorted = sorted(sorted(top_persons,
key=lambda person: person.id),
key=top_persons.get,
reverse=True)
# Limit the sorted top persons to the top 10% and then take
# a random sample of 5 persons from that pool.
num_users_at_top = max(int(len(top_persons_sorted) * 0.1),
min(len(top_persons_sorted), 5))
# This is not actually a sample yet, but it's about to be...
top_persons_sample = top_persons_sorted[:num_users_at_top]
try:
top_persons_sample = random.sample(top_persons_sample, 5)
except ValueError:
# The sample is probably larger than the num of top users,
# so let's just take all the users in the top 10%, in a
# random order.
random.shuffle(top_persons_sample)
# Get latest awards.
latest_awards = persons_assertions.order_by(
sa.desc(m.Assertion.issued_on)).limit(n).all()
# Register our websocket handler callback
if asbool(request.registry.settings['tahrir.use_websockets']):
socket = make_websocket_handler(request.registry.settings)
socket.display()
return dict(
auth_principals=effective_principals(request),
latest_awards=latest_awards,
newest_persons=request.db.get_all_persons().filter(
m.Person.opt_out == False).order_by(
sa.desc(m.Person.created_on)).limit(n).all(),
top_persons=top_persons,
top_persons_sample=top_persons_sample,
awarded_assertions=awarded_assertions,
moksha_socket=get_moksha_socket(request.registry.settings),
)
def leaderboard(request):
""" Render a top users view. """
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# Get top persons.
persons_assertions = request.db.get_all_assertions().join(m.Person)
from collections import defaultdict
top_persons = defaultdict(int) # person: assertion count
for item in persons_assertions:
top_persons[item.person] += 1
# top_persons and top_persons_sorted contain all persons, ordered
top_persons_sorted = sorted(sorted(top_persons,
key=lambda person: person.id),
key=top_persons.get,
reverse=True)
# Get total user count.
user_count = len(top_persons)
if authenticated_userid(request):
# Get rank.
try:
rank = top_persons_sorted.index(request.db.get_person(
person_email=authenticated_userid(
request))) + 1
except ValueError:
rank = 0
# Get percentile.
try:
percentile = (float(rank) / float(user_count)) * 100
except ZeroDivisionError:
percentile = 0
# Get a list of nearby competetors (5 users above the current
# user and 5 users ranked below).
competitors = top_persons_sorted[max(rank - 3, 0):\
min(rank + 2, len(top_persons_sorted))]
else:
rank = None
percentile = None
competitors = None
return dict(
auth_principals=effective_principals(request),
awarded_assertions=awarded_assertions,
top_persons=top_persons,
top_persons_sorted=top_persons_sorted,
rank=rank,
user_count=user_count,
percentile=percentile,
competitors=competitors,
)
def index(request):
n = 5 # n is the number of items displayed in each column.
if authenticated_userid(request):
awarded_assertions = request.db.get_assertions_by_email(
authenticated_userid(request))
else:
awarded_assertions = None
# set came_from so we can get back home after openid auth.
request.session['came_from'] = request.route_url('home')
persons_assertions = request.db.get_all_assertions().join(
m.Person).filter(
m.Person.opt_out == False)
from collections import defaultdict
top_persons = defaultdict(int) # person: assertion count
for item in persons_assertions:
top_persons[item.person] += 1
top_persons_sorted = sorted(sorted(top_persons,
key=lambda person: person.id),
key=top_persons.get,
reverse=True)
# Limit the sorted top persons to the top 10% and then take
# a random sample of 5 persons from that pool.
num_users_at_top = max(int(len(top_persons_sorted) * 0.1),
min(len(top_persons_sorted), 5))
# This is not actually a sample yet, but it's about to be...
top_persons_sample = top_persons_sorted[:num_users_at_top]
try:
top_persons_sample = random.sample(top_persons_sample, 5)
except ValueError:
# The sample is probably larger than the num of top users,
# so let's just take all the users in the top 10%, in a
# random order.
random.shuffle(top_persons_sample)
# Get latest awards.
latest_awards = persons_assertions.order_by(
sa.desc(m.Assertion.issued_on)).limit(n).all()
# Register our websocket handler callback
if asbool(request.registry.settings['tahrir.use_websockets']):
socket = make_websocket_handler(request.registry.settings)
socket.display()
return dict(
auth_principals=effective_principals(request),
latest_awards=latest_awards,
newest_persons=request.db.get_all_persons().filter(
m.Person.opt_out == False).order_by(
sa.desc(m.Person.created_on)).limit(n).all(),
top_persons=top_persons,
top_persons_sample=top_persons_sample,
awarded_assertions=awarded_assertions,
moksha_socket=get_moksha_socket(request.registry.settings),
)
def get_recent_items_batch(community, request, size=10):
batch = get_catalog_batch_grid(
community, request, interfaces=[ICommunityContent],
sort_index="modified_date", reverse=True, batch_size=size,
community=community,
can_view={'query': effective_principals(request), 'operator': 'or'},
catalog_iface=ISQLCatalogSearch,
)
return batch
def show_communities_view(context, request):
default = 'active'
if 'groups.KarlAffiliate' in effective_principals(request):
default = 'all'
which = request.cookies.get(_VIEW_COOKIE, default)
urlname = _VIEW_URL_LOOKUP[which]
target = resource_url(context, request, urlname)
response = HTTPFound(location=target)
return response
def info(context, request):
email = urllib.unquote(request.matchdict['email'])
principals = effective_principals(request)
# a "normal" user get info about itself.
if not set(('admin', email)) & set(principals):
return generate_empty_response(HTTPForbidden(), request, 403)
return User.get(request.db_session, email).to_dict()
def user(request):
from pyramid.security import (
authenticated_userid,
effective_principals,
)
return {
'authenticated_userid': authenticated_userid(request),
'effective_principals': effective_principals(request),
}
def show_communities_view(context, request):
default = 'active'
if 'groups.KarlAffiliate' in effective_principals(request):
default = 'all'
which = request.cookies.get(_VIEW_COOKIE, default)
urlname = _VIEW_URL_LOOKUP[which]
target = resource_url(context, request, urlname)
response = HTTPFound(location=target)
return response
