def build_query_from_field(self, field_name, operation): if field_name == 'permissions': if operation['op'] != 'eq': raise InvalidFilterOperator(value=operation['op'], valid_operators=['eq']) auth = get_user_auth(self.request) auth_user = getattr(auth, 'user', None) if not auth_user: raise NotAuthenticated() value = operation['value'].lstrip('[').rstrip(']') permissions = [v.strip() for v in value.split(',')] if any(p not in reviews_permissions.PERMISSIONS for p in permissions): valid_permissions = ', '.join( reviews_permissions.PERMISSIONS.keys()) raise InvalidFilterValue( 'Invalid permission! Valid values are: {}'.format( valid_permissions)) return Q(id__in=get_objects_for_user( auth_user, permissions, PreprintProvider, any_perm=True)) return super(PreprintProviderList, self).build_query_from_field(field_name, operation)
def _radius_token_authenticate(self, request): # cached_orgid exists only for users authenticated # successfully in past 24 hours username = request.data.get('username') or request.query_params.get('username') cached_orgid = cache.get(f'rt-{username}') if cached_orgid: return self._check_client_ip_and_return(request, cached_orgid) else: try: radtoken = RadiusToken.objects.get(user__username=username) except RadiusToken.DoesNotExist: if username: message = _( 'Radius token does not exist. Obtain a new radius token ' 'or provide the organization UUID and API token.' ) else: message = _('username field is required.') logger.warning(message) raise NotAuthenticated(message) org_uuid = str(radtoken.organization_id) cache.set(f'rt-{username}', org_uuid, 86400) return self._check_client_ip_and_return(request, org_uuid)
def wrapper(parent, info, *args, **kwargs): if isinstance(info.context, HttpRequest): authenticator = JWTAuthentication() auth_result = authenticator.authenticate(info.context) if auth_result is None: raise PermissionDenied() user, _ = auth_result if not user.is_authenticated: raise NotAuthenticated() if with_policies is not None and len(with_policies) > 0: is_allowed_request = PermissionService.check_policies(info.context, user, with_policies) if not is_allowed_request: raise PermissionDenied() kwargs["current_user"] = user resolved = resolver(parent, info, *args, **kwargs) return resolved
def get(self, request): bid = request.GET.get('bucket_id', None) try: b = Buckets.objects.get(bucket_id=int(bid)) self.queryset = self.model.objects.select_related( 'user').select_related('bucket').filter(bucket=b).values( 'user__first_name', 'user__username', 'bucket__name', 'permission', 'acl_bid') except Buckets.DoesNotExist: raise ParseError('not found this bucket') except self.model.DoesNotExist: raise ParseError('not found resource') except TypeError: raise ParseError('arg acl_bid is not a number') if b.user != request.user: raise NotAuthenticated('user and bucket__user not match') return Response({ 'code': 0, 'msg': 'success', 'data': list(self.queryset) })
def limits(self, request): if request.user and request.user.is_authenticated(): # Use email model manager emails = Email.objects.emails_by_user_today(request.user) print emails # Setup emails sendgrid = 0 outlook = 0 gmail = 0 smtp = 0 # Loop through emails for email in emails: if email.method == 'sendgrid': sendgrid += 1 elif email.method == 'outlook': outlook += 1 elif email.method == 'gmail': gmail += 1 elif email.method == 'smtp': smtp += 1 data = { 'sendgrid': sendgrid, 'sendgridLimits': 2500, 'outlook': outlook, 'outlookLimits': 500, 'gmail': gmail, 'gmailLimits': 500, 'smtp': smtp, 'smtpLimits': 2000 } return Response(data, {}) raise NotAuthenticated()
def has_object_permission(self, request, view, organization): if request.user and request.user.is_authenticated() and request.auth: request.access = access.from_request( request, organization, scopes=request.auth.get_scopes(), ) elif request.auth: return request.auth.organization_id == organization.id else: request.access = access.from_request(request, organization) if auth.is_user_signed_request(request): # if the user comes from a signed request # we let them pass if sso is enabled logger.info( 'access.signed-sso-passthrough', extra={ 'organization_id': organization.id, 'user_id': request.user.id, } ) elif request.user.is_authenticated() and self.needs_sso(request, organization): # session auth needs to confirm various permissions logger.info( 'access.must-sso', extra={ 'organization_id': organization.id, 'user_id': request.user.id, } ) raise NotAuthenticated(detail='Must login via SSO') allowed_scopes = set(self.scope_map.get(request.method, [])) return any(request.access.has_scope(s) for s in allowed_scopes)
def user_delete_endpoint(request): """ 删除指定的用户,该超作只允许超级管理员执行 :param request: :return: """ # if not request.user.is_superuser: # raise NotAuthenticated(detail='permission denied!') fields = (('*username', str, verify_username), ('*user_id', int, None)) data = validate_post_data(request.body, fields) try: u = User.objects.get(pk=data['user_id']) except User.DoesNotExist: raise NotFound(detail='not found this user') if not request.user.is_superuser and u != request.user: raise NotAuthenticated(detail='permission denied') if u.username != data['username']: raise ParseError(detail='username and user_id not match') if u.profile.phone_verify: region = BucketRegion.objects.all() # 递归删除所有区域集群上的用户 for i in region: rgw = rgw_client(i.reg_id) try: rgw.get_user(uid=u.keys.ceph_uid, stats=True) except NoSuchUser: continue else: rgw.remove_user(uid=u.keys.ceph_uid, purge_data=True) u.delete() return Response({'code': 0, 'msg': 'success'})
def _get_token_info(self, request): """ Decode token """ # Options check token options = {"verify_signature": True, "verify_aud": False, "exp": True} # JWT not found if 'HTTP_AUTHORIZATION' not in request.META: raise NotAuthenticated("HTTP_AUTHORIZATION not found in the request") jwt = request.META.get('HTTP_AUTHORIZATION') try: token_info = self._keycloak.decode_token(jwt, key=self._client_public_key, options=options) except ExpiredSignatureError: options["verify_exp"] = False token_info = self._keycloak.decode_token(jwt, key=self._client_public_key, options=options) if "offline_access" in token_info['realm_access']['roles']: return token_info else: raise ExpiredSignatureError("Login expired") return token_info
def post(self, request, *args, **kwargs): # Create OrderItems if not request.user.is_authenticated: raise NotAuthenticated() # get Item Using slug slug = request.data.get('slug', None) if slug is None: return Response({"message": "Invalid request"}, status=HTTP_400_BAD_REQUEST) item = get_object_or_404(Item, slug=slug) # verify number of variations variations = request.data.get('variations', []) minimum_variation_count = Variation.objects.filter(item=item).count() if len(variations) < minimum_variation_count: return Response({"message": "Please specify the required variation types"}, status=HTTP_400_BAD_REQUEST) try: add_to_cart(item=item, variations=variations, user=request.user) except Exception as e: raise APIException(e) else: return Response(status=HTTP_200_OK)
def NylasCompleteView(request): if request.user and request.user.is_authenticated(): user_profile = UserProfile.objects.get(user=request.user) if 'code' in request.GET: code = request.GET.get('code') access_resp = get_oauth_token(code) if access_resp.status_code == 200: access_token_object = access_resp.json() user_profile.outlook = False user_profile.external_email = True user_profile.gmail = False ''' access_resp: {u'access_token': u'NydGZ6oZFsnKLY8bSsrxOX16A6ffB3', u'token_type': u'bearer', u'email_address': u'*****@*****.**', u'account_id': u'5k3rl5bw4elb4n3gb2xayo2m8', u'provider': u'namecheap'} ''' user_profile.external_email_username = access_token_object[ 'email_address'] user_profile.external_email_token_type = access_token_object[ 'token_type'] user_profile.external_email_access_token = access_token_object[ 'access_token'] user_profile.external_email_account_id = access_token_object[ 'account_id'] user_profile.external_email_provider = access_token_object[ 'provider'] user_profile.save() return redirect(product_site_url(request)) return redirect(generate_site_url(request)) raise NotAuthenticated()
def authenticate(self, request): token = self.get_jwt_value(request) if token is None: raise NotAuthenticated() return self.authenticate_credentials(token)
def drop_session(cls, refresh_token): try: RefreshToken(refresh_token).blacklist() except TokenError: raise NotAuthenticated(**INVALID_REFRESH_TOKEN)
def get_by_id(self, pk, user): todo = super().get_queryset().get(pk=pk) if todo.owner == user: return todo else: raise NotAuthenticated()
def get(self, request): if request.user.is_authenticated(): logout(request) return Response(status=status.HTTP_200_OK) else: raise NotAuthenticated('Please login.')
def get(self, request): if request.user.is_authenticated: return Response(UserSerializer(request.user).data) raise NotAuthenticated('로그인을 먼저 해주세요')
This validation uses a User PAT OR Django's regular User auth. """ if auth_header := request.headers.get("Authorization"): username, _, token = auth_header.partition(":") user = User.objects.filter(username=username).first() if user is None: raise NotAuthenticated("Invalid user") if not user.has_valid_pat(token): raise PermissionDenied return if request.user.is_anonymous: raise NotAuthenticated("Invalid user or token") if not has_permission( request.user, "release_file_view", project=workspace.project): raise NotAuthenticated( f"Invalid user or token for workspace {workspace.name}") def validate_snapshot_access(request, snapshot): """ Validate this request can access this snapshot. This validation uses Django's regular User auth. """ if snapshot.published_at: return
def get(self, request): # request.user가 인증 된 상태일 경우, UserSerializer를 사용해 렌더링한 데이터를 보내줌 # 인증되지 않았을 경우 NotAuthenticated Exception을 raise if request.user.is_authenticated: return Response(UserSerializer(request.user).data) raise NotAuthenticated('로그인 되어있지 않습니다')
def post(self, request, *args, **kwargs): if not IsAuthenticated().has_permission(request, self): raise NotAuthenticated() return super(TreeView, self).post(request, *args, **kwargs)
def retrieve(self, request, pk=None): if request.user and request.user.is_authenticated(): email = self.get_email_by_pk(request, pk) serializer = EmailSerializer(email) return Response(serializer.data, {}) raise NotAuthenticated()
def modify(self, request: Request, *args, **kwargs): pk = request.data.get(self.lookup_url_kwarg or self.lookup_field) if not request.user or request.user.id != pk: # 只能改自己 raise NotAuthenticated('请先登录要修改信息的账号') return self.update(request, *args, **kwargs)
def query_user_usage(request): """ 查询用户流量及使情情况 """ req_user = request.user username = request.GET.get('username', None) start_time = request.GET.get('start', None) end_time = request.GET.get('end', None) fmt = '%F' u = User.objects.none() try: u = User.objects.get(username=username) except User.DoesNotExist: pass if not u: raise NotFound(detail='not fount this user') if u != req_user and not req_user.is_superuser: raise NotAuthenticated('permission denied!') if not start_time or not check_date_format(start_time): start_time = time.strftime(fmt, time.localtime(time.time() - 86400)) if not end_time or not check_date_format(end_time): end_time = time.strftime(fmt, time.localtime()) usage_data = [] reg = BucketRegion.objects.all() for i in reg: rgw = rgw_client(i.reg_id) try: rgw.get_user(uid=req_user.keys.ceph_uid) except (NoSuchUser, ConnectionError): continue # print(start_time, end_time, u.profile.ceph_uid) def build_usage_data(origin_data): buff = {} for bucket in origin_data['entries'][0]['buckets']: act_time = bucket['time'][:10] buff[act_time] = { 'get_obj': { 'successful_ops': 0, 'bytes_sent': 0, }, 'put_obj': { 'successful_ops': 0, 'bytes_received': 0, }, } for cate in bucket['categories']: if 'category' in cate and cate['category'] == 'put_obj': buff[act_time]['put_obj']['successful_ops'] += cate[ 'successful_ops'] buff[act_time]['put_obj']['bytes_received'] += cate[ 'bytes_received'] if 'category' in cate and cate['category'] == 'get_obj': buff[act_time]['get_obj']['successful_ops'] += cate[ 'successful_ops'] buff[act_time]['get_obj']['bytes_sent'] += cate[ 'bytes_sent'] s_key = sorted(buff) __data = [] for k in s_key: __tmp = {'data': k} __tmp.update(buff[k]) __data.append(__tmp) del __tmp return __data data = rgw.get_usage(uid=u.keys.ceph_uid, start=start_time, end=end_time, show_summary=True, show_entries=True) usage_data.append({ 'region': i.name, 'usage_data': build_usage_data(data), 'summary': data['summary'] }) return Response({'code': 0, 'msg': 'success', 'data': usage_data})
def validate(self, attrs): attrs['user'] = self.context.get('request').user if attrs['user'].is_anonymous: raise NotAuthenticated() return attrs
def create(self, request, *args, **kwargs): if not request.user.is_authenticated(): raise NotAuthenticated() resource_create_request_validator = serializers.ResourceCreateRequestValidator( data=request.data) if not resource_create_request_validator.is_valid(): raise ValidationError( detail=resource_create_request_validator.errors) validated_request_data = resource_create_request_validator.validated_data resource_type = validated_request_data['resource_type'] res_title = validated_request_data.get('title', 'Untitled resource') keywords = validated_request_data.get('keywords', None) abstract = validated_request_data.get('abstract', None) metadata = validated_request_data.get('metadata', None) extra_metadata = validated_request_data.get('extra_metadata', None) num_files = len(request.FILES) # TODO: (Couch) reconsider whether multiple file upload should be # supported when multipart bug fixed. if num_files > 0: if num_files > 1: raise ValidationError( detail={ 'file': 'Multiple file upload is not allowed on ' 'resource creation. Add additional files ' 'after the resource is created.' }) # Place files into format expected by hydroshare.utils.resource_pre_create_actions and # hydroshare.create_resource, i.e. a tuple of # django.core.files.uploadedfile.TemporaryUploadedFile objects. files = [ request.FILES['file'], ] else: files = [] if metadata is not None: metadata = json.loads(metadata) _validate_metadata(metadata) if extra_metadata is not None: extra_metadata = json.loads(extra_metadata) # TODO: validate extra metadata here try: _, res_title, metadata, _ = hydroshare.utils.resource_pre_create_actions( resource_type=resource_type, resource_title=res_title, page_redirect_url_key=None, files=files, metadata=metadata, **kwargs) except Exception as ex: error_msg = { 'resource': "Resource creation failed. %s" % ex.message } raise ValidationError(detail=error_msg) try: resource = hydroshare.create_resource( resource_type=resource_type, owner=request.user, title=res_title, edit_users=validated_request_data.get('edit_users', None), view_users=validated_request_data.get('view_users', None), edit_groups=validated_request_data.get('edit_groups', None), view_groups=validated_request_data.get('view_groups', None), keywords=keywords, metadata=metadata, extra_metadata=extra_metadata, files=files) if abstract: resource.metadata.create_element('description', abstract=abstract) except Exception as ex: error_msg = { 'resource': "Resource creation failed. %s" % ex.message } raise ValidationError(detail=error_msg) post_creation_error_msg = '' try: hydroshare.utils.resource_post_create_actions(request=request, resource=resource, user=request.user, metadata=metadata, **kwargs) except (hydroshare.utils.ResourceFileValidationException, Exception) as ex: post_creation_error_msg = ex.message response_data = { 'resource_type': resource_type, 'resource_id': resource.short_id, 'message': post_creation_error_msg } return Response(data=response_data, status=status.HTTP_201_CREATED)
def GmailLoginView(request): if request.user and request.user.is_authenticated(): flow.redirect_uri = generate_url_gmail(request) auth_uri = flow.step1_get_authorize_url() return redirect(auth_uri) raise NotAuthenticated()
def get_email_by_pk(self, request, pk): if self.request.user and self.request.user.is_authenticated(): queryset = Email.objects.filter(created_by=request.user) email = get_object_or_404(queryset, pk=pk) return email raise NotAuthenticated()
def create(self, validated_data): if (validated_data['sifra_zdravnika'].vrsta_delavca.naziv == "vodja PS" or validated_data['sifra_zdravnika'].vrsta_delavca.naziv == "zdravnik"): if (validated_data['sifra_zdravnika'].vrsta_delavca.naziv == "vodja PS"): if (validated_data['vrsta_obiska'].opis == "kontrola zdravstvenega stanja" or validated_data['vrsta_obiska'].opis == "aplikacija injekcij" or validated_data['vrsta_obiska'].opis == "odvzem krvi"): return NotAuthenticated( detail='Niste prijavljeni kot zdravnik', code=401) if ('casovni_interval' in validated_data.keys()): delovniNalog = DelovniNalog( sifra_zdravnika=validated_data['sifra_zdravnika'], vrsta_obiska=validated_data['vrsta_obiska'], datum_prvega_obiska=validated_data['datum_prvega_obiska'], je_obvezen_datum=validated_data['je_obvezen_datum'], stevilo_obiskov=validated_data['stevilo_obiskov'], casovni_interval=validated_data['casovni_interval'], id_pacienta=validated_data['id_pacienta']) elif ('casovno_obdobje' in validated_data.keys()): delovniNalog = DelovniNalog( sifra_zdravnika=validated_data['sifra_zdravnika'], vrsta_obiska=validated_data['vrsta_obiska'], datum_prvega_obiska=validated_data['datum_prvega_obiska'], je_obvezen_datum=validated_data['je_obvezen_datum'], stevilo_obiskov=validated_data['stevilo_obiskov'], casovno_obdobje=validated_data['casovno_obdobje'], id_pacienta=validated_data['id_pacienta']) else: return ParseError() delovniNalog.save() #delovniNalog.id_pacienta = validated_data['id_pacienta'] if ('sifra_zdravila' in validated_data.keys()): delovniNalog.sifra_zdravila = validated_data['sifra_zdravila'] #priredi MS delovnemu nalogu okolis_pacient = validated_data.pop('id_pacienta').sifra_okolisa if (okolis_pacient and Delavec.objects.filter( sifra_okolisa=okolis_pacient)[:1].get()): sestra = Delavec.objects.filter( sifra_okolisa=okolis_pacient)[:1].get() delovniNalog.patronazna_sestra = sestra.uporabnik delovniNalog.save() # dodajanje vezanih pacientov if ('vezani_pacienti' in validated_data.keys()): delovniNalog.vezani_pacienti = validated_data[ 'vezani_pacienti'] delovniNalog.save() # (Popravljeno) doda material ce je bil poslan if ('delovninalogmaterial_set' in validated_data.keys()): # Napisanih je vec materialov, vsak je v OrderedDict for material in validated_data['delovninalogmaterial_set']: novi_material = DelovniNalogMaterial( id_delovni_nalog=delovniNalog, id_materiala=material['id_materiala'], kolicina=material['kolicina']) novi_material.save() #Kreira zapise o Obisku v bazo if ('casovno_obdobje' in validated_data.keys()): self.kreirajObiskObdobje(validated_data['stevilo_obiskov'], validated_data['datum_prvega_obiska'], validated_data['casovno_obdobje'], delovniNalog.patronazna_sestra, delovniNalog, validated_data['je_obvezen_datum']) elif ('casovni_interval' in validated_data.keys()): self.kreirajObiskInterval( validated_data['stevilo_obiskov'], validated_data['datum_prvega_obiska'], validated_data['casovni_interval'], delovniNalog.patronazna_sestra, delovniNalog, validated_data['je_obvezen_datum']) else: print('se ni') return delovniNalog else: return NotAuthenticated(detail='Niste prijavljeni kot zdravnik', code=401)
def has_permission(self, request, view): if request.auth is None: raise NotAuthenticated() return True
def get_object(self): if isinstance(self.request.user, AnonymousUser): raise NotAuthenticated() return self.request.user
def get_key(key, user): try: return key.objects.get(owner=user) except Exception, e: raise NotAuthenticated()
def get(self, request): if request.user.is_authenticated: return Response(UserLoginSerializer(request.user).data) raise NotAuthenticated('로그인 되어있지 않습니다.')