def obj_create(self, bundle, **kwargs): #validator not being called data = bundle.data user = bundle.request.user thegroup = Group.objects.create(name=data['name']) thegroup.save() #creator of the group can edit by default assign_perm(UserProfile.get_permission_name('edit'), user, thegroup) assign_perm(UserProfile.get_permission_name('view'), user, thegroup) bundle.obj = thegroup # User always has edit permissions for group he made user.groups.add(thegroup) user.save() # Users are in the group if 'users' in data: thegroup.user_set = [] users = [User.objects.get(pk=userid) for userid in data['users']] thegroup.user_set = users if 'request_id' in data and data['request_id']: req = Request.objects.get(id=data['request_id']) assign_perm(Request.get_permission_name('view'), thegroup, req) thegroup.save() return bundle
def obj_create(self, bundle, **kwargs): #validator not being called data = bundle.data user = bundle.request.user thegroup = Group.objects.create(name=data['name']) thegroup.save() #creator of the group can edit by default assign_perm(UserProfile.get_permission_name('edit'), user, thegroup) assign_perm(UserProfile.get_permission_name('view'), user, thegroup) bundle.obj = thegroup # User always has edit permissions for group he made user.groups.add(thegroup) user.save() # Users are in the group if 'users' in data: thegroup.user_set = [] users = [User.objects.get(pk=userid) for userid in data['users']] thegroup.user_set = users if 'request_id' in data and data['request_id']: req = Request.objects.get(id=data['request_id']) assign_perm(Request.get_permission_name('view'), thegroup, req) thegroup.save() return bundle
def handle(self, *args, **options): excluded = ['public', 'AnonymousUser'] for user in User.objects.all(): group = Group.objects.get(name=user.username) assign_perm(UserProfile.get_permission_name('edit'), user, group) print '1 set %s %s' % (group.name, user.username) #retroactive support for editing permissions on groups #make everyone an editor of the group because we can't track who created the group for group in Group.objects.all().exclude(name__in=excluded): for user in group.user_set.all(): assign_perm(UserProfile.get_permission_name('edit'), user, group) assign_perm(UserProfile.get_permission_name('view'), user, group) print '2 set %s %s' % (group.name, user.username)
def dehydrate(self, bundle): if 'request_id' not in bundle.data.keys(): bundle.data['request_id'] = bundle.request.GET.get("request_id", None) bundle.data['toggle_to_edit'] = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if bundle.data['request_id']: checker = ObjectPermissionChecker(bundle.obj) bundle.data['toggle_to_edit'] = checker.has_perm(Request.get_permission_name('edit'), Request.objects.get(id=bundle.data['request_id'])) if not bundle.request.user.is_authenticated(): bundle.data['can_edit'] = False bundle.data['can_edit'] = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) bundle.data['type'] = 'group' for usr in bundle.data['users']: usr.data['toggle_to_edit'] = usr.obj.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) return bundle
def test_add_user_to_group(self): self.add_user_to_group(self.usertwo) self.assertEqual(self.usertwo.groups.filter(name=self.post_data['name']).count(), 1) #user who created a group has ownership over it self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('view'), self.group), True) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('view'), self.group), True) #user two didn't create the group but is part of it, usertwo shouldn't be able to add userthree to the group in this case self.get_credentials_other(self.usertwo.username) users = self.get_user_json(self.userthree) groupjson = self.groupJSON.copy() groupjson['users'].append(users) update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual(self.userthree.groups.filter(name=self.post_data['name']).count(), 0) #remove a user from the group groupjson['users'] = [self.get_user_json(self.user)] update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) self.assertEqual(self.usertwo.groups.filter(name=self.post_data['name']).count(), 0) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('view'), self.group), True) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('view'), self.group), False)
def handle(self, *args, **options): excluded = ['public', 'AnonymousUser'] for user in User.objects.all(): group = Group.objects.get(name=user.username) assign_perm(UserProfile.get_permission_name('edit'), user, group) print '1 set %s %s' % (group.name, user.username) #retroactive support for editing permissions on groups #make everyone an editor of the group because we can't track who created the group for group in Group.objects.all().exclude(name__in=excluded): for user in group.user_set.all(): assign_perm(UserProfile.get_permission_name('edit'), user, group) assign_perm(UserProfile.get_permission_name('view'), user, group) print '2 set %s %s' % (group.name, user.username)
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id=groups_id) except: pass if groups_name: try: group = Group.objects.get(name=groups_name) except: pass if group and request.user.has_perm( UserProfile.get_permission_name('view'), group): return get_objects_for_group( group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def apply_filters(self, request, applicable_filters): filters = applicable_filters if 'groups__name' in filters: groups_name = filters.pop('groups__name') else: groups_name = None if 'groups__id' in filters: groups_id = filters.pop('groups__id') else: groups_id = None filtered = super(RequestResource, self).apply_filters(request, applicable_filters) group = None if groups_id: try: group = Group.objects.get(id = groups_id) except: pass if groups_name: try: group = Group.objects.get(name = groups_name) except: pass if group and request.user.has_perm(UserProfile.get_permission_name('view'), group): return get_objects_for_group(group, Request.get_permissions_path('view')).filter(~Q(status='X')) return filtered
def test_add_user_to_group(self): self.add_user_to_group(self.usertwo) self.assertEqual( self.usertwo.groups.filter(name=self.post_data['name']).count(), 1) #user who created a group has ownership over it self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('view'), self.group), True) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('view'), self.group), True) #user two didn't create the group but is part of it, usertwo shouldn't be able to add userthree to the group in this case self.get_credentials_other(self.usertwo.username) users = self.get_user_json(self.userthree) groupjson = self.groupJSON.copy() groupjson['users'].append(users) update_resp = self.api_client.put( groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual( self.userthree.groups.filter(name=self.post_data['name']).count(), 0) #remove a user from the group groupjson['users'] = [self.get_user_json(self.user)] update_resp = self.api_client.put( groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) self.assertEqual( self.usertwo.groups.filter(name=self.post_data['name']).count(), 0) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('view'), self.group), True) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('view'), self.group), False)
def dehydrate(self, bundle): if 'request_id' not in bundle.data.keys(): bundle.data['request_id'] = bundle.request.GET.get( "request_id", None) bundle.data['toggle_to_edit'] = bundle.request.user.has_perm( UserProfile.get_permission_name('edit'), bundle.obj) if bundle.data['request_id']: checker = ObjectPermissionChecker(bundle.obj) bundle.data['toggle_to_edit'] = checker.has_perm( Request.get_permission_name('edit'), Request.objects.get(id=bundle.data['request_id'])) if not bundle.request.user.is_authenticated(): bundle.data['can_edit'] = False bundle.data['can_edit'] = bundle.request.user.has_perm( UserProfile.get_permission_name('edit'), bundle.obj) bundle.data['type'] = 'group' for usr in bundle.data['users']: usr.data['toggle_to_edit'] = usr.obj.has_perm( UserProfile.get_permission_name('edit'), bundle.obj) return bundle
def obj_update(self, bundle, **kwargs): data = bundle.data user = bundle.request.user bundle.obj = Group.objects.get(id=data['id']) if 'data' in data.keys(): #if 'action' in data['data'].keys() and data['data']['action'] == 'chown': #we are associating, disassociating... assuming the USER is taking action here if 'request_id' in data.keys() and data['request_id']: req = Request.objects.get(id=data['request_id']) if 'action' in data['data'].keys() and req.author == bundle.request.user: if data['data']['action'] == 'associate': assign_perm(Request.get_permission_name('view'), bundle.obj, req) bundle.data['data']['result'] = 'associated' elif data['data']['action'] == 'disassociate': remove_perm(Request.get_permission_name('view'), bundle.obj, req) remove_perm(Request.get_permission_name('edit'), bundle.obj, req) bundle.data['data']['result'] = 'disassociated' elif data['data']['action'] == 'change-access': #right now we are toggling between view and edit checker = ObjectPermissionChecker(bundle.obj) if checker.has_perm(Request.get_permission_name('view'), req) and not checker.has_perm(Request.get_permission_name('edit'), req): assign_perm(Request.get_permission_name('edit'), bundle.obj, req) elif user.has_perm(Request.get_permission_name('edit'), req): remove_perm(Request.get_permission_name('edit'), bundle.obj, req) else: raise ImmediateHttpResponse(HttpForbidden("We couldn't determine the appropriate permissions to assign. Sorry.")) else: logger.info("%s tried to remove users from request %s owned by %s" % (bundle.request.user, req, req.author)) raise ImmediateHttpResponse(HttpBadRequest("It appears you don't have permission to change that user or group's permission.")) else: can_edit = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if not can_edit: raise ImmediateHttpResponse(HttpForbidden("It doesn't appear you can edit this group.")) if 'action' in data['data'].keys() and data['data']['action'] == 'rename': bundle.obj.name = data['name'] bundle.obj.save() if 'action' in data['data'].keys() and data['data']['action'] == 'chown' and 'user_id' in data['data'].keys() and data['data']['user_id']: #change user permission on a group object other_user = User.objects.get(id=data['data']['user_id']) o_can_edit = other_user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if o_can_edit: #toggled to view remove_perm(UserProfile.get_permission_name('edit'), other_user, bundle.obj) else: #toggled to edit assign_perm(UserProfile.get_permission_name('edit'), other_user, bundle.obj) else: ''' NOTE about group permissions The creator of the requst is the only one who can share a request with other users and groups Otherwise the request could be shared with any number of people ''' can_edit = bundle.request.user.has_perm(UserProfile.get_permission_name('edit'), bundle.obj) if not can_edit: raise ImmediateHttpResponse(HttpForbidden("It doesn't appear you can edit this group.")) #we are adding or removing users to the group on the group page users = set([User.objects.get(pk=user['id']) for user in data['users']]) existing_users = set([usr for usr in bundle.obj.user_set.all()]) to_remove = existing_users - users #need to remove and set permissions here for usr in to_remove: remove_perm(UserProfile.get_permission_name('edit'), usr, bundle.obj) remove_perm(UserProfile.get_permission_name('view'), usr, bundle.obj) for usr in users: #users can view but not edit by default assign_perm(UserProfile.get_permission_name('view'), usr, bundle.obj) bundle.obj.user_set = users bundle.obj.save() data.pop('data', None) data.pop('request_id', None) return bundle
def test_change_user_group_perms(self): self.add_user_to_group(self.usertwo) self.assertEqual(self.usertwo.groups.filter(name=self.post_data['name']).count(), 1) groupjson = self.groupJSON.copy() groupjson['data'] = {'action': 'chown', 'user_id': self.usertwo.id} update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) groupjson = self.groupJSON.copy() groupjson['data'] = {'action': 'chown', 'user_id': self.userthree.id} #attempt to grant permissions without using an editor user update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.userthree.username)) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) #grant permissions using an editor user update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) #take away edit permissions update_resp = self.api_client.put(groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual(self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual(self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual(self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True)
def handle(self, *args, **options): users = [ User.objects.get(username='******'), #User.objects.get(username='******'), #User.objects.get(username='******'), #User.objects.get(username='******') ] up = UserProfile.objects.get(user=users[0]) up.tags.add(ncaa_tag_name) up.tags.add(coach_tag_name) for user in users: assign_perm(UserProfile.get_permission_name('edit'), user, ncaa_group) assign_perm(UserProfile.get_permission_name('view'), user, ncaa_group) assign_perm(UserProfile.get_permission_name('edit'), user, coach_group) assign_perm(UserProfile.get_permission_name('view'), user, coach_group) #Request.objects.all().delete() ncaa_text_to_use = """ Pursuant to the %s, I am requesting the following documents:<br/><br/>\ The equity/revenue-and-expenses report completed by the athletic department for the \ National Collegiate Athletic Association for the 2014 fiscal year. This report is a \ multi-page document that had to be submitted to the NCAA by Jan. 15, 2015. \ It contains 38 revenue and expense categories, followed by specific breakdowns of \ each of those categories, by sport and gender. I am requesting the full report, \ including the detail tables and the Statement of Revenues and Expenses that appear at the end of the report. <br/><br/>\ PLEASE NOTE: The NCAA report is different than the equity report that is sent to the\ U.S. Department of Education for Title IX compliance. <br/><br/>\ %s """ coach_text_to_use = """ Pursuant to %s, I am requesting the following documents:<br/><br/>\ The current contracts for %s. If a contract is under negotiation, \ please forward the current contract but let me know that a new contract may be forthcoming. \ If there is no contact for one or both, please forward the letter(s) of intent or other \ document(s) outlining each employee's conditions of employment \ -- including bonus structure -- and/or a current statement of salary. <br/><br/>\ %s """ fname = settings.SITE_ROOT + "/apps/requests/data/NCAA-pio.csv" #with codecs.open(fname, 'w', encoding="utf-8") as f: # resp = requests.get("https://docs.google.com/spreadsheets/d/1kccaiCCYIHOTEvpUWQiKs51v6K2TNRX7-NN6l1WtzyM/pub?output=csv") # f.write(resp.text) reader = list(UnicodeReader(open(fname, 'rb'))) #create contacts header = reader[0] for idx, row in enumerate(reader[1:]): user = users[0] up = UserProfile.objects.get(user=user) state = row[header.index('STATE')] agency_name = row[header.index("UNIVERSITY")] pio = row[header.index("PIO OFFICER")] email = row[header.index("PIO Email")] phone = row[header.index("PIO Phone")] sid_pio = row[header.index("SID ")] sid_email = row[header.index("SID Email")] sid_phone = row[header.index("SID Phone")] is_power = (row[header.index("Power Conference")] == 'TRUE') is_private = (row[header.index("Is Private")] == 'TRUE') if not is_private and state != '' and email != 'N/A' and pio != 'N/A' and agency_name != '': govt = get_or_create_us_govt(state, 'state') fname = pio.split(" ")[0] lname = pio.split(" ")[-1] middle = '' #alter table `contacts_contact` convert to character set utf8 collate utf8_general_ci; #alter table `agency_agency` convert to character set utf8 collate utf8_general_ci; #alter table `requests_request` convert to character set utf8 collate utf8_general_ci; try: agency, acreated = Agency.objects.get_or_create(name=agency_name, government=govt) except Exception as e: print e print "If more than one agency was returned, pick one!" import pdb;pdb.set_trace() try: contact, ccreated = agency.contacts.get_or_create(first_name=fname, middle_name=middle, last_name=lname) except Exception as e: print e print "If more than one contact was returned, pick one!" import pdb;pdb.set_trace() sid_contact = None if phone != 'N/A': contact.add_phone(phone) contact.add_email(email) #agency.contacts.add(contact) if sid_pio != 'N/A' and sid_email != 'N/A': fname = sid_pio.split(" ")[0] lname = sid_pio.split(" ")[-1] sid_contact, ccreated = Contact.objects.get_or_create(first_name=fname, middle_name='', last_name=lname) sid_contact.add_title("SID") sid_contact.add_email(sid_email) if sid_phone != 'N/A': sid_contact.add_phone(sid_phone) agency.contacts.add(sid_contact) contacts = [contact] if sid_contact is not None: contacts = [contact, sid_contact] agency.save() #logger.info('agency %s %s contact %s %s %s %s' % (agency_name, acreated, fname, middle, lname, ccreated)) law_texts = [] for l in govt.statutes.all(): law_texts.append('%s' % (l.short_title,)) misc_graf = """ Please advise me in advance of the estimated charges associated with fulfilling \ this request.</br></br>In the interest of expediency, and to minimize the research\ and/or duplication burden on your staff, please send records electronically if possible.\ If this is not possible, please notify me by phone at %s before sending to the address listed below. """ % (up.phone) misc_graf += '<br/></br>Sincerly,<br/><br/>%s<br/>%s<br/>%s<br/>%s' % (user.first_name + ' ' + user.last_name, up.mailing_address, up.mailing_city + ', ' + up.mailing_state + ' ' + up.mailing_zip, up.phone) if not is_power: fields_to_use = { 'author': user, 'title': 'NCAA Report - %s' % agency_name, 'free_edit_body': ncaa_text_to_use % (' and '.join(law_texts), misc_graf), 'private': True, 'text': ncaa_text_to_use } therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = contacts therequest.government = govt therequest.agency = agency therequest.tags.add(ncaa_tag_name) therequest.save() assign_perm(Request.get_permission_name('view'), ncaa_group, therequest) #assign_perm(Request.get_permission_name('edit'), thegroup, therequest) coaches = [ 'Football Coach', 'Offensive Coord.', 'Defensive Coord.', "Men's BB Coach", "Women's BB Coach" ] coaches_str = [] for coach in coaches: val = row[header.index(coach)].strip() if val != 'N/A' and val != '': coaches_str.append("%s (%s)" % (val, coach)) print val fields_to_use = { 'author': user, 'title': 'Coach Contracts - %s' % agency_name, 'free_edit_body': coach_text_to_use % (' and '.join(law_texts), ', '.join(coaches_str), misc_graf), 'private': True, 'text': coach_text_to_use } therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = contacts therequest.government = govt therequest.agency = agency therequest.tags.add(coach_tag_name) therequest.save() assign_perm(Request.get_permission_name('view'), coach_group, therequest)
def handle(self, *args, **options): users = [ User.objects.get(username='******'), #User.objects.get(username='******'), #User.objects.get(username='******'), #User.objects.get(username='******') ] up = UserProfile.objects.get(user=users[0]) up.tags.add(ncaa_tag_name) up.tags.add(coach_tag_name) for user in users: assign_perm(UserProfile.get_permission_name('edit'), user, ncaa_group) assign_perm(UserProfile.get_permission_name('view'), user, ncaa_group) assign_perm(UserProfile.get_permission_name('edit'), user, coach_group) assign_perm(UserProfile.get_permission_name('view'), user, coach_group) #Request.objects.all().delete() ncaa_text_to_use = """ Pursuant to the %s, I am requesting the following documents:<br/><br/>\ The equity/revenue-and-expenses report completed by the athletic department for the \ National Collegiate Athletic Association for the 2014 fiscal year. This report is a \ multi-page document that had to be submitted to the NCAA by Jan. 15, 2015. \ It contains 38 revenue and expense categories, followed by specific breakdowns of \ each of those categories, by sport and gender. I am requesting the full report, \ including the detail tables and the Statement of Revenues and Expenses that appear at the end of the report. <br/><br/>\ PLEASE NOTE: The NCAA report is different than the equity report that is sent to the\ U.S. Department of Education for Title IX compliance. <br/><br/>\ %s """ coach_text_to_use = """ Pursuant to %s, I am requesting the following documents:<br/><br/>\ The current contracts for %s. If a contract is under negotiation, \ please forward the current contract but let me know that a new contract may be forthcoming. \ If there is no contact for one or both, please forward the letter(s) of intent or other \ document(s) outlining each employee's conditions of employment \ -- including bonus structure -- and/or a current statement of salary. <br/><br/>\ %s """ fname = settings.SITE_ROOT + "/apps/requests/data/NCAA-pio.csv" #with codecs.open(fname, 'w', encoding="utf-8") as f: # resp = requests.get("https://docs.google.com/spreadsheets/d/1kccaiCCYIHOTEvpUWQiKs51v6K2TNRX7-NN6l1WtzyM/pub?output=csv") # f.write(resp.text) reader = list(UnicodeReader(open(fname, 'rb'))) #create contacts header = reader[0] for idx, row in enumerate(reader[1:]): user = users[0] up = UserProfile.objects.get(user=user) state = row[header.index('STATE')] agency_name = row[header.index("UNIVERSITY")] pio = row[header.index("PIO OFFICER")] email = row[header.index("PIO Email")] phone = row[header.index("PIO Phone")] sid_pio = row[header.index("SID ")] sid_email = row[header.index("SID Email")] sid_phone = row[header.index("SID Phone")] is_power = (row[header.index("Power Conference")] == 'TRUE') is_private = (row[header.index("Is Private")] == 'TRUE') if not is_private and state != '' and email != 'N/A' and pio != 'N/A' and agency_name != '': govt = get_or_create_us_govt(state, 'state') fname = pio.split(" ")[0] lname = pio.split(" ")[-1] middle = '' #alter table `contacts_contact` convert to character set utf8 collate utf8_general_ci; #alter table `agency_agency` convert to character set utf8 collate utf8_general_ci; #alter table `requests_request` convert to character set utf8 collate utf8_general_ci; try: agency, acreated = Agency.objects.get_or_create( name=agency_name, government=govt) except Exception as e: print e print "If more than one agency was returned, pick one!" import pdb pdb.set_trace() try: contact, ccreated = agency.contacts.get_or_create( first_name=fname, middle_name=middle, last_name=lname) except Exception as e: print e print "If more than one contact was returned, pick one!" import pdb pdb.set_trace() sid_contact = None if phone != 'N/A': contact.add_phone(phone) contact.add_email(email) #agency.contacts.add(contact) if sid_pio != 'N/A' and sid_email != 'N/A': fname = sid_pio.split(" ")[0] lname = sid_pio.split(" ")[-1] sid_contact, ccreated = Contact.objects.get_or_create( first_name=fname, middle_name='', last_name=lname) sid_contact.add_title("SID") sid_contact.add_email(sid_email) if sid_phone != 'N/A': sid_contact.add_phone(sid_phone) agency.contacts.add(sid_contact) contacts = [contact] if sid_contact is not None: contacts = [contact, sid_contact] agency.save() #logger.info('agency %s %s contact %s %s %s %s' % (agency_name, acreated, fname, middle, lname, ccreated)) law_texts = [] for l in govt.statutes.all(): law_texts.append('%s' % (l.short_title, )) misc_graf = """ Please advise me in advance of the estimated charges associated with fulfilling \ this request.</br></br>In the interest of expediency, and to minimize the research\ and/or duplication burden on your staff, please send records electronically if possible.\ If this is not possible, please notify me by phone at %s before sending to the address listed below. """ % (up.phone) misc_graf += '<br/></br>Sincerly,<br/><br/>%s<br/>%s<br/>%s<br/>%s' % ( user.first_name + ' ' + user.last_name, up.mailing_address, up.mailing_city + ', ' + up.mailing_state + ' ' + up.mailing_zip, up.phone) if not is_power: fields_to_use = { 'author': user, 'title': 'NCAA Report - %s' % agency_name, 'free_edit_body': ncaa_text_to_use % (' and '.join(law_texts), misc_graf), 'private': True, 'text': ncaa_text_to_use } therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = contacts therequest.government = govt therequest.agency = agency therequest.tags.add(ncaa_tag_name) therequest.save() assign_perm(Request.get_permission_name('view'), ncaa_group, therequest) #assign_perm(Request.get_permission_name('edit'), thegroup, therequest) coaches = [ 'Football Coach', 'Offensive Coord.', 'Defensive Coord.', "Men's BB Coach", "Women's BB Coach" ] coaches_str = [] for coach in coaches: val = row[header.index(coach)].strip() if val != 'N/A' and val != '': coaches_str.append("%s (%s)" % (val, coach)) print val fields_to_use = { 'author': user, 'title': 'Coach Contracts - %s' % agency_name, 'free_edit_body': coach_text_to_use % (' and '.join(law_texts), ', '.join(coaches_str), misc_graf), 'private': True, 'text': coach_text_to_use } therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = contacts therequest.government = govt therequest.agency = agency therequest.tags.add(coach_tag_name) therequest.save() assign_perm(Request.get_permission_name('view'), coach_group, therequest)
def obj_update(self, bundle, **kwargs): data = bundle.data user = bundle.request.user bundle.obj = Group.objects.get(id=data['id']) if 'data' in data.keys(): #if 'action' in data['data'].keys() and data['data']['action'] == 'chown': #we are associating, disassociating... assuming the USER is taking action here if 'request_id' in data.keys() and data['request_id']: req = Request.objects.get(id=data['request_id']) if 'action' in data['data'].keys( ) and req.author == bundle.request.user: if data['data']['action'] == 'associate': assign_perm(Request.get_permission_name('view'), bundle.obj, req) bundle.data['data']['result'] = 'associated' elif data['data']['action'] == 'disassociate': remove_perm(Request.get_permission_name('view'), bundle.obj, req) remove_perm(Request.get_permission_name('edit'), bundle.obj, req) bundle.data['data']['result'] = 'disassociated' elif data['data']['action'] == 'change-access': #right now we are toggling between view and edit checker = ObjectPermissionChecker(bundle.obj) if checker.has_perm( Request.get_permission_name('view'), req) and not checker.has_perm( Request.get_permission_name('edit'), req): assign_perm(Request.get_permission_name('edit'), bundle.obj, req) elif user.has_perm(Request.get_permission_name('edit'), req): remove_perm(Request.get_permission_name('edit'), bundle.obj, req) else: raise ImmediateHttpResponse( HttpForbidden( "We couldn't determine the appropriate permissions to assign. Sorry." )) else: logger.info( "%s tried to remove users from request %s owned by %s" % (bundle.request.user, req, req.author)) raise ImmediateHttpResponse( HttpBadRequest( "It appears you don't have permission to change that user or group's permission." )) else: can_edit = bundle.request.user.has_perm( UserProfile.get_permission_name('edit'), bundle.obj) if not can_edit: raise ImmediateHttpResponse( HttpForbidden( "It doesn't appear you can edit this group.")) if 'action' in data['data'].keys( ) and data['data']['action'] == 'rename': bundle.obj.name = data['name'] bundle.obj.save() if 'action' in data['data'].keys( ) and data['data']['action'] == 'chown' and 'user_id' in data[ 'data'].keys() and data['data']['user_id']: #change user permission on a group object other_user = User.objects.get(id=data['data']['user_id']) o_can_edit = other_user.has_perm( UserProfile.get_permission_name('edit'), bundle.obj) if o_can_edit: #toggled to view remove_perm(UserProfile.get_permission_name('edit'), other_user, bundle.obj) else: #toggled to edit assign_perm(UserProfile.get_permission_name('edit'), other_user, bundle.obj) else: ''' NOTE about group permissions The creator of the requst is the only one who can share a request with other users and groups Otherwise the request could be shared with any number of people ''' can_edit = bundle.request.user.has_perm( UserProfile.get_permission_name('edit'), bundle.obj) if not can_edit: raise ImmediateHttpResponse( HttpForbidden( "It doesn't appear you can edit this group.")) #we are adding or removing users to the group on the group page users = set( [User.objects.get(pk=user['id']) for user in data['users']]) existing_users = set([usr for usr in bundle.obj.user_set.all()]) to_remove = existing_users - users #need to remove and set permissions here for usr in to_remove: remove_perm(UserProfile.get_permission_name('edit'), usr, bundle.obj) remove_perm(UserProfile.get_permission_name('view'), usr, bundle.obj) for usr in users: #users can view but not edit by default assign_perm(UserProfile.get_permission_name('view'), usr, bundle.obj) bundle.obj.user_set = users bundle.obj.save() data.pop('data', None) data.pop('request_id', None) return bundle
def handle(self, *args, **options): letter_responses = {} if len(args) < 1: print "Please provide ID of Google Spreadsheet" return -1 idd = args[0] resp = requests.get("https://docs.google.com/spreadsheets/d/%s/pub?output=csv" % idd) reader = list(csv.reader(resp.content.split('\n'), delimiter=',')) header = reader[0] for row in reader[1:-1]: #get user, contact and agency user = User.objects.get(username=row[header.index('username')]) user_profile = UserProfile.objects.get(user=user) govt = get_or_create_us_govt(row[header.index("state")], 'state') agency, acreated = Agency.objects.get_or_create(name=row[header.index("agency")], government=govt) contact, ccreated = agency.contacts.get_or_create( first_name=row[header.index("contact.first.name")], middle_name=row[header.index("contact.middle.name")], last_name=row[header.index("contact.last.name")]) if row[header.index("contact.email")] != "": contact.add_email(row[header.index("contact.email")]) if row[header.index("contact.phone")] != "": contact.add_phone(row[header.index("contact.phone")]) #set up group and tags group, created = Group.objects.get_or_create(name=row[header.index("group")]) assign_perm(UserProfile.get_permission_name('edit'), user, group) assign_perm(UserProfile.get_permission_name('view'), user, group) user.groups.add(group) user_profile.tags.add(row[header.index("tag")]) #assemble law text law_texts = [] for l in govt.statutes.all(): law_texts.append('%s' % (l.short_title,)) law_text = ' and '.join(law_texts) #get the letter template letter_url = row[header.index("letter.url")] letter_template = '' if letter_url in letter_responses.keys(): letter_template = letter_responses[letter_url] else: letter_resp = requests.get(letter_url) letter_template = letter_resp.content letter_responses[letter_url] = letter_template #render the template context = Context({ 'contact': contact, 'user_profile': user_profile, 'user': user, 'law_text': law_text }) template = Template(letter_template) letter = template.render(context) #create the request fields_to_use = { 'author': user, 'title': row[header.index("request.title")], 'free_edit_body': letter, 'private': True if row[header.index("request.private")] == "TRUE" else False, 'text': letter#silly distinction leftover from old days but fill it in } #delete all requests that look like the one i'm about to make so we don't have duplicates floating around Request.objects.filter(author=user, title=row[header.index("request.title")]).delete() #create the request therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = [contact] therequest.government = govt therequest.agency = agency therequest.tags.add(row[header.index("tag")]) therequest.save() #assing permissions to the request assign_perm(Request.get_permission_name('view'), group, therequest) assign_perm(Request.get_permission_name('edit'), group, therequest) if row[header.index("request.send")] == "TRUE": therequest.send() print "SENT request %s" % row[header.index("request.title")] else: print "STAGED request %s" % row[header.index("request.title")]
def test_change_user_group_perms(self): self.add_user_to_group(self.usertwo) self.assertEqual( self.usertwo.groups.filter(name=self.post_data['name']).count(), 1) groupjson = self.groupJSON.copy() groupjson['data'] = {'action': 'chown', 'user_id': self.usertwo.id} update_resp = self.api_client.put( groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials()) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) groupjson = self.groupJSON.copy() groupjson['data'] = {'action': 'chown', 'user_id': self.userthree.id} #attempt to grant permissions without using an editor user update_resp = self.api_client.put( groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.userthree.username)) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) #grant permissions using an editor user update_resp = self.api_client.put( groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True) #take away edit permissions update_resp = self.api_client.put( groupjson['resource_uri'], format='json', data=groupjson, authentication=self.get_credentials_other(self.usertwo.username)) self.assertEqual( self.usertwo.has_perm(UserProfile.get_permission_name('edit'), self.group), True) self.assertEqual( self.userthree.has_perm(UserProfile.get_permission_name('edit'), self.group), False) self.assertEqual( self.user.has_perm(UserProfile.get_permission_name('edit'), self.group), True)
def handle(self, *args, **options): letter_responses = {} if len(args) < 1: print "Please provide ID of Google Spreadsheet" return -1 idd = args[0] resp = requests.get( "https://docs.google.com/spreadsheets/d/%s/pub?output=csv" % idd) reader = list(csv.reader(resp.content.split('\n'), delimiter=',')) header = reader[0] for row in reader[1:-1]: #get user, contact and agency user = User.objects.get(username=row[header.index('username')]) user_profile = UserProfile.objects.get(user=user) govt = get_or_create_us_govt(row[header.index("state")], 'state') agency, acreated = Agency.objects.get_or_create( name=row[header.index("agency")], government=govt) contact, ccreated = agency.contacts.get_or_create( first_name=row[header.index("contact.first.name")], middle_name=row[header.index("contact.middle.name")], last_name=row[header.index("contact.last.name")]) if row[header.index("contact.email")] != "": contact.add_email(row[header.index("contact.email")]) if row[header.index("contact.phone")] != "": contact.add_phone(row[header.index("contact.phone")]) #set up group and tags group, created = Group.objects.get_or_create( name=row[header.index("group")]) assign_perm(UserProfile.get_permission_name('edit'), user, group) assign_perm(UserProfile.get_permission_name('view'), user, group) user.groups.add(group) user_profile.tags.add(row[header.index("tag")]) #assemble law text law_texts = [] for l in govt.statutes.all(): law_texts.append('%s' % (l.short_title, )) law_text = ' and '.join(law_texts) #get the letter template letter_url = row[header.index("letter.url")] letter_template = '' if letter_url in letter_responses.keys(): letter_template = letter_responses[letter_url] else: letter_resp = requests.get(letter_url) letter_template = letter_resp.content letter_responses[letter_url] = letter_template #render the template context = Context({ 'contact': contact, 'user_profile': user_profile, 'user': user, 'law_text': law_text }) template = Template(letter_template) letter = template.render(context) #create the request fields_to_use = { 'author': user, 'title': row[header.index("request.title")], 'free_edit_body': letter, 'private': True if row[header.index("request.private")] == "TRUE" else False, 'text': letter #silly distinction leftover from old days but fill it in } #delete all requests that look like the one i'm about to make so we don't have duplicates floating around Request.objects.filter( author=user, title=row[header.index("request.title")]).delete() #create the request therequest = Request(**fields_to_use) therequest.date_added = datetime.now() therequest.save() therequest.contacts = [contact] therequest.government = govt therequest.agency = agency therequest.tags.add(row[header.index("tag")]) therequest.save() #assing permissions to the request assign_perm(Request.get_permission_name('view'), group, therequest) assign_perm(Request.get_permission_name('edit'), group, therequest) if row[header.index("request.send")] == "TRUE": therequest.send() print "SENT request %s" % row[header.index("request.title")] else: print "STAGED request %s" % row[header.index("request.title")]