def member_request_show(context, data_dict):
''' Create new member request. User is taken from context.
:param member: id of the member object
:type member: string
:param fetch_user: fetch related user data
:type fetch_user: boolean
'''
check_access('member_request_show', context, data_dict)
model = context['model']
member_id = data_dict.get("member")
fetch_user = data_dict.get("fetch_user", False)
member = model.Session.query(model.Member).get(member_id)
if not member.group.is_organization:
raise NotFound
data = model_dictize.member_dictize(member, context)
if fetch_user:
member_user = model.Session.query(model.User).get(member.table_id)
data['user'] = model_dictize.user_dictize(member_user, context)
return data
def user_invite(context, data_dict):
"""Invite a new user.
You must be authorized to create group members.
:param email: the email of the user to be invited to the group
:type email: string
:param group_id: the id or name of the group
:type group_id: string
:param role: role of the user in the group. One of ``member``, ``editor``,
or ``admin``
:type role: string
:returns: the newly created yser
:rtype: dictionary
"""
_check_access("user_invite", context, data_dict)
schema = context.get("schema", ckan.logic.schema.default_user_invite_schema())
data, errors = _validate(data_dict, schema, context)
if errors:
raise ValidationError(errors)
name = _get_random_username_from_email(data["email"])
password = str(random.SystemRandom().random())
data["name"] = name
data["password"] = password
data["state"] = ckan.model.State.PENDING
user_dict = _get_action("user_create")(context, data)
user = ckan.model.User.get(user_dict["id"])
member_dict = {"username": user.id, "id": data["group_id"], "role": data["role"]}
_get_action("group_member_create")(context, member_dict)
mailer.send_invite(user)
return model_dictize.user_dictize(user, context)
def user_create(context, data_dict):
"""Creates a new user"""
model = context["model"]
schema = context.get("schema") or ckan.logic.schema.default_user_schema()
session = context["session"]
check_access("user_create", context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, error_summary(errors))
user = model_save.user_dict_save(data, context)
# Flush the session to cause user.id to be initialised, because
# activity_create() (below) needs it.
session.flush()
activity_create_context = {"model": model, "user": context["user"], "defer_commit": True, "session": session}
activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "new user"}
activity_create(activity_create_context, activity_dict, ignore_auth=True)
if not context.get("defer_commit"):
model.repo.commit()
context["user"] = user
context["id"] = user.id
log.debug("Created user %s" % str(user.name))
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
'''Updates the user\'s details'''
model = context['model']
user = context['user']
schema = context.get('schema') or default_update_user_schema()
id = data_dict['id']
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
check_access('user_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
if not context.get('defer_commit'):
model.repo.commit()
return user_dictize(user, context)
def user_create(context, data_dict):
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
_check_access('user_create', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
if user.email == pylons.config.get('ckan.loopback.email'):
raise ValidationError({'Email Address': ['Invalid email address.']})
session.flush()
loopback_user_create({
'id': user.id,
'username': user.name,
'email': user.email,
'apikey': user.apikey,
'password': data['password']
})
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'ignore_auth': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
logic.get_action('activity_create')(activity_create_context, activity_dict)
if not context.get('defer_commit'):
model.repo.commit()
user_dictize_context = context.copy()
user_dictize_context['keep_apikey'] = True
user_dictize_context['keep_email'] = True
user_dict = model_dictize.user_dictize(user, user_dictize_context)
context['user_obj'] = user
context['id'] = user.id
model.Dashboard.get(user.id)
log.debug('CKAN user created: {}'.format(user.name))
return user_dict
def member_request_show(context, data_dict):
''' Create new member request. User is taken from context.
:param member: id of the member object
:type member: string
:param fetch_user: fetch related user data
:type fetch_user: boolean
'''
check_access('member_request_show', context, data_dict)
model = context['model']
member_id = data_dict.get("member")
fetch_user = data_dict.get("fetch_user", False)
member = model.Session.query(model.Member).get(member_id)
if not member.group.is_organization:
raise NotFound
data = model_dictize.member_dictize(member, context)
if fetch_user:
member_user = model.Session.query(model.User).get(member.table_id)
data['user'] = model_dictize.user_dictize(member_user, context)
return data
def _user_dict(user):
out = model_dictize.user_dictize(user, context={'model': model})
out['ckan_url'] = h.url_for('user.read', id=user.name)
out['gravatar'] = h.gravatar(user.email_hash, size=48)
out['gravatar_url'] = '''//gravatar.com/avatar/%s?s=%d''' % (
user.email_hash, 48)
return out
def user_update(context, data_dict):
"""Updates the user\'s details"""
model = context["model"]
user = context["user"]
session = context["session"]
schema = context.get("schema") or default_update_user_schema()
id = data_dict["id"]
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound("User was not found.")
check_access("user_update", context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "changed user"}
activity_create_context = {"model": model, "user": user, "defer_commit": True, "session": session}
from ckan.logic.action.create import activity_create
activity_create(activity_create_context, activity_dict, ignore_auth=True)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get("defer_commit"):
model.repo.commit()
return user_dictize(user, context)
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_create(context, data_dict):
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
_check_access('user_create', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
if user.email == pylons.config.get('ckan.loopback.email'):
raise ValidationError({'Email Address': ['Invalid email address.']})
session.flush()
loopback_user_create({
'id': user.id,
'username': user.name,
'email': user.email,
'password': data['password']
})
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'ignore_auth': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
logic.get_action('activity_create')(activity_create_context, activity_dict)
if not context.get('defer_commit'):
model.repo.commit()
user_dictize_context = context.copy()
user_dictize_context['keep_apikey'] = True
user_dictize_context['keep_email'] = True
user_dict = model_dictize.user_dictize(user, user_dictize_context)
context['user_obj'] = user
context['id'] = user.id
model.Dashboard.get(user.id)
log.debug('CKAN user created: {}'.format(user.name))
return user_dict
def user_list(context, data_dict):
'''Lists the current users'''
model = context['model']
user = context['user']
check_access('user_list',context, data_dict)
q = data_dict.get('q','')
order_by = data_dict.get('order_by','name')
query = model.Session.query(
model.User,
model.User.name.label('name'),
model.User.fullname.label('fullname'),
model.User.about.label('about'),
model.User.about.label('email'),
model.User.created.label('created'),
select([func.count(model.Revision.id)], or_(
model.Revision.author==model.User.name,
model.Revision.author==model.User.openid
)
).label('number_of_edits'),
select([func.count(model.UserObjectRole.id)], and_(
model.UserObjectRole.user_id==model.User.id,
model.UserObjectRole.context=='Package',
model.UserObjectRole.role=='admin'
)
).label('number_administered_packages')
)
if q:
query = model.User.search(q, query)
if order_by == 'edits':
query = query.order_by(desc(
select([func.count(model.Revision.id)], or_(
model.Revision.author==model.User.name,
model.Revision.author==model.User.openid
))
))
else:
query = query.order_by(
case([(or_(model.User.fullname == None, model.User.fullname == ''),
model.User.name)],
else_=model.User.fullname)
)
## hack for pagination
if context.get('return_query'):
return query
users_list = []
for user in query.all():
result_dict = user_dictize(user[0], context)
del result_dict['apikey']
users_list.append(result_dict)
return users_list
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
if user.name == pylons.config.get('ckan.loopback.username'):
raise ValidationError({'Username': ['Invalid username.']})
loopback_user_info = {
'username': user.name,
'email': user.email,
'apikey': user.apikey
}
if 'password' in data:
loopback_user_info['password'] = data['password']
loopback_user_update(user.id, loopback_user_info)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
if not context.get('defer_commit'):
model.repo.commit()
log.debug('CKAN user updated: {}'.format(user.name))
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
if user.name == pylons.config.get('ckan.loopback.username'):
raise ValidationError({'Username': ['Invalid username.']})
loopback_user_info = {
'username': user.name,
'email': user.email
}
if 'password' in data:
loopback_user_info['password'] = data['password']
loopback_user_update(user.id, loopback_user_info)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
if not context.get('defer_commit'):
model.repo.commit()
log.debug('CKAN user updated: {}'.format(user.name))
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
"""Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
"""
model = context["model"]
user = context["user"]
session = context["session"]
schema = context.get("schema") or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, "id")
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound("User was not found.")
_check_access("user_update", context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if "password_hash" in data:
data["_password"] = data.pop("password_hash")
user = model_save.user_dict_save(data, context)
activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "changed user"}
activity_create_context = {
"model": model,
"user": user,
"defer_commit": True,
"ignore_auth": True,
"session": session,
}
_get_action("activity_create")(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get("defer_commit"):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_by_email(context, data_dict):
email = data_dict.get("email", None)
if email:
user_obj_list = model.User.by_email(email)
user_obj = None
if (len(user_obj_list) > 0):
user_obj = user_obj_list[0]
else:
raise NotFound
user_dict = model_dictize.user_dictize(user_obj, context)
return user_dict
else:
raise NotFound
def user_list(context, data_dict):
'''Lists the current users'''
model = context['model']
user = context['user']
check_access('user_list', context, data_dict)
q = data_dict.get('q', '')
order_by = data_dict.get('order_by', 'name')
query = model.Session.query(
model.User, model.User.name.label('name'),
model.User.fullname.label('fullname'), model.User.about.label('about'),
model.User.about.label('email'), model.User.created.label('created'),
select([func.count(model.Revision.id)],
or_(model.Revision.author == model.User.name,
model.Revision.author == model.User.openid)).label(
'number_of_edits'),
select([func.count(model.UserObjectRole.id)],
and_(model.UserObjectRole.user_id == model.User.id,
model.UserObjectRole.context == 'Package',
model.UserObjectRole.role == 'admin')).label(
'number_administered_packages'))
if q:
query = model.User.search(q, query)
if order_by == 'edits':
query = query.order_by(
desc(
select([func.count(model.Revision.id)],
or_(model.Revision.author == model.User.name,
model.Revision.author == model.User.openid))))
else:
query = query.order_by(
case([(or_(model.User.fullname == None, model.User.fullname
== ''), model.User.name)],
else_=model.User.fullname))
## hack for pagination
if context.get('return_query'):
return query
users_list = []
for user in query.all():
result_dict = user_dictize(user[0], context)
del result_dict['apikey']
users_list.append(result_dict)
return users_list
def _user_list_dictize(obj_list,
context,
sort_key=lambda x: x['name'],
reverse=False):
import ckan.lib.dictization.model_dictize as model_dictize
result_list = []
for obj in obj_list:
user_dict = model_dictize.user_dictize(obj, context)
user_dict.pop('reset_key', None)
user_dict.pop('apikey', None)
# user_dict.pop('email', None)
result_list.append(user_dict)
return sorted(result_list, key=sort_key, reverse=reverse)
def user_show(context, data_dict):
'''Shows user details'''
model = context['model']
user = context['user']
id = data_dict.get('id',None)
provided_user = data_dict.get('user_obj',None)
if id:
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound
elif provided_user:
context['user_obj'] = user_obj = provided_user
else:
raise NotFound
check_access('user_show',context, data_dict)
user_dict = model_dictize.user_dictize(user_obj,context)
if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name):
# If not sysadmin or the same user, strip sensible info
del user_dict['apikey']
del user_dict['reset_key']
revisions_q = model.Session.query(model.Revision
).filter_by(author=user_obj.name)
revisions_list = []
for revision in revisions_q.limit(20).all():
revision_dict = revision_show(context,{'id':revision.id})
revision_dict['state'] = revision.state
revisions_list.append(revision_dict)
user_dict['activity'] = revisions_list
user_dict['datasets'] = []
dataset_q = model.Session.query(model.Package).join(model.PackageRole
).filter_by(user=user_obj, role=model.Role.ADMIN
).limit(50)
for dataset in dataset_q:
try:
dataset_dict = package_show(context, {'id': dataset.id})
except logic.NotAuthorized:
continue
user_dict['datasets'].append(dataset_dict)
return user_dict
def user_show(context, data_dict):
'''Shows user details'''
model = context['model']
user = context['user']
id = data_dict.get('id', None)
provided_user = data_dict.get('user_obj', None)
if id:
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound
elif provided_user:
context['user_obj'] = user_obj = provided_user
else:
raise NotFound
check_access('user_show', context, data_dict)
user_dict = model_dictize.user_dictize(user_obj, context)
if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name):
# If not sysadmin or the same user, strip sensible info
del user_dict['apikey']
del user_dict['reset_key']
revisions_q = model.Session.query(
model.Revision).filter_by(author=user_obj.name)
revisions_list = []
for revision in revisions_q.limit(20).all():
revision_dict = revision_show(context, {'id': revision.id})
revision_dict['state'] = revision.state
revisions_list.append(revision_dict)
user_dict['activity'] = revisions_list
user_dict['datasets'] = []
dataset_q = model.Session.query(model.Package).join(
model.PackageRole).filter_by(user=user_obj,
role=model.Role.ADMIN).limit(50)
for dataset in dataset_q:
try:
dataset_dict = package_show(context, {'id': dataset.id})
except logic.NotAuthorized:
continue
user_dict['datasets'].append(dataset_dict)
return user_dict
def pending_user_list(context, data_dict):
check_access('sysadmin', context, {})
model = context['model']
query = model.Session.query(model.User) \
.filter_by(state=model.State.PENDING)
users_list = []
for user in query.all():
groups = user.get_groups()
if groups:
result_dict = model_dictize.user_dictize(user, context)
result_dict['group_name'] = user.get_groups()[0].title
users_list.append(result_dict)
return users_list
def pending_user_list(context, data_dict):
check_access('sysadmin', context, {})
model = context['model']
query = model.Session.query(model.User) \
.filter_by(state=model.State.PENDING)
users_list = []
for user in query.all():
groups = user.get_groups()
if groups:
result_dict = model_dictize.user_dictize(user, context)
result_dict['group_name'] = user.get_groups()[0].title
users_list.append(result_dict)
return users_list
def user_update(context, data_dict):
'''Updates the user\'s details'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get(
'schema') or ckan.logic.schema.default_update_user_schema()
id = data_dict['id']
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
check_access('user_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, error_summary(errors))
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'session': session
}
get_action('activity_create')(activity_create_context,
activity_dict,
ignore_auth=True)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_auth(context, data_dict):
'''Authenticates a user
You must be a system administrator to authenticate users.
:param email: the email address of the user
:type email: string
:param password: the password of the user
:type password: string
:returns: the newly created user
:rtype: dictionary
'''
model = context['model']
session = context['session']
_check_access('user_auth', context, data_dict)
email = data_dict.get('email')
password = data_dict.get('password')
if not (email and password):
raise ValidationError(['email and password are both required'])
users = User.by_email(email)
user = users[0] if users else None
if (user is None) or \
(not user.is_active()) or \
(not user.validate_password(password)):
raise ValidationError(['There was a problem authenticating this user'])
user_dict = model_dictize.user_dictize(user, context)
## Get the user's organisation list to return with the login details
fOrgList = get_action('organization_list_for_user')
user_dict['organisations'] = fOrgList(context, {'id': user.name})
# DGU Hack: added encoding so we don't barf on unicode user names
log.debug(
'Authenticated user {name}'.format(name=user.name.encode('utf8')))
return user_dict
def test_23_user_dictize_as_same_user(self):
"""User should be able to see their own sensitive data."""
context = {"model": model, "session": model.Session, "user": "******"}
user = model.User.by_name("tester")
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert "name" in user_dict
assert "about" in user_dict
# Check sensitive data is available
assert "apikey" in user_dict
assert "email" in user_dict
# Passwords and reset keys should never be available
assert "password" not in user_dict
assert "reset_key" not in user_dict
def test_23_user_dictize_as_same_user(self):
"""User should be able to see their own sensitive data."""
context = {"model": model, "session": model.Session, "user": "******"}
user = model.User.by_name("tester")
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert "name" in user_dict
assert "about" in user_dict
# Check sensitive data is available
assert "apikey" in user_dict
assert "email" in user_dict
# Passwords and reset keys should never be available
assert "password" not in user_dict
assert "reset_key" not in user_dict
def test_22_user_dictize_as_sysadmin(self):
"""Sysadmins should be allowed to see certain sensitive data."""
context = {"model": model, "session": model.Session, "user": "******"}
user = model.User.by_name("tester")
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert "name" in user_dict
assert "about" in user_dict
# Check sensitive data is available
assert "apikey" in user_dict
assert "reset_key" in user_dict
assert "email" in user_dict
# Passwords should never be available
assert "password" not in user_dict
def test_25_user_dictize_as_anonymous(self):
"""Anonymous should not be able to see other's sensitive data."""
context = {"model": model, "session": model.Session, "user": ""}
user = model.User.by_name("tester")
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert "name" in user_dict
assert "about" in user_dict
# Check sensitive data is not available
assert "apikey" not in user_dict
assert "reset_key" not in user_dict
assert "email" not in user_dict
# Passwords should never be available
assert "password" not in user_dict
def test_25_user_dictize_as_anonymous(self):
"""Anonymous should not be able to see other's sensitive data."""
context = {"model": model, "session": model.Session, "user": ""}
user = model.User.by_name("tester")
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert "name" in user_dict
assert "about" in user_dict
# Check sensitive data is not available
assert "apikey" not in user_dict
assert "reset_key" not in user_dict
assert "email" not in user_dict
# Passwords should never be available
assert "password" not in user_dict
def user_create(context, data_dict):
'''Creates a new user'''
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
check_access('user_create', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, error_summary(errors))
user = model_save.user_dict_save(data, context)
# Flush the session to cause user.id to be initialised, because
# activity_create() (below) needs it.
session.flush()
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
activity_create(activity_create_context, activity_dict, ignore_auth=True)
if not context.get('defer_commit'):
model.repo.commit()
context['user'] = user
context['id'] = user.id
log.debug('Created user %s' % str(user.name))
return model_dictize.user_dictize(user, context)
def user_create(context, data_dict):
'''Creates a new user'''
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
check_access('user_create', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, error_summary(errors))
user = model_save.user_dict_save(data, context)
# Flush the session to cause user.id to be initialised, because
# activity_create() (below) needs it.
session.flush()
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
activity_create(activity_create_context, activity_dict, ignore_auth=True)
if not context.get('defer_commit'):
model.repo.commit()
context['user'] = user
context['id'] = user.id
log.debug('Created user %s' % str(user.name))
return model_dictize.user_dictize(user, context)
def user_update(context, data_dict):
'''Updates the user\'s details'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or ckan.logic.schema.default_update_user_schema()
id = data_dict['id']
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
check_access('user_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, error_summary(errors))
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit':True,
'session': session
}
get_action('activity_create')(activity_create_context, activity_dict, ignore_auth=True)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def user_invite(context, data_dict):
'''Invite a new user.
You must be authorized to create group members.
:param email: the email of the user to be invited to the group
:type email: string
:param group_id: the id or name of the group
:type group_id: string
:param role: role of the user in the group. One of ``member``, ``editor``,
or ``admin``
:type role: string
:returns: the newly created yser
:rtype: dictionary
'''
_check_access('user_invite', context, data_dict)
schema = context.get('schema',
ckan.logic.schema.default_user_invite_schema())
data, errors = _validate(data_dict, schema, context)
if errors:
raise ValidationError(errors)
name = _get_random_username_from_email(data['email'])
password = str(random.SystemRandom().random())
data['name'] = name
data['password'] = password
data['state'] = ckan.model.State.PENDING
user_dict = _get_action('user_create')(context, data)
user = ckan.model.User.get(user_dict['id'])
member_dict = {
'username': user.id,
'id': data['group_id'],
'role': data['role']
}
_get_action('group_member_create')(context, member_dict)
mailer.send_invite(user)
return model_dictize.user_dictize(user, context)
def user_create(context, data_dict):
'''Creates a new user'''
model = context['model']
user = context['user']
schema = context.get('schema') or default_user_schema()
check_access('user_create', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
model.repo.commit()
context['user'] = user
context['id'] = user.id
log.debug('Created user %s' % str(user.name))
return user_dictize(user, context)
def user_invite(context, data_dict):
'''Invite a new user.
You must be authorized to create group members.
:param email: the email of the user to be invited to the group
:type email: string
:param group_id: the id or name of the group
:type group_id: string
:param role: role of the user in the group. One of ``member``, ``editor``,
or ``admin``
:type role: string
:returns: the newly created yser
:rtype: dictionary
'''
_check_access('user_invite', context, data_dict)
schema = context.get('schema',
ckan.logic.schema.default_user_invite_schema())
data, errors = _validate(data_dict, schema, context)
if errors:
raise ValidationError(errors)
name = _get_random_username_from_email(data['email'])
password = str(random.SystemRandom().random())
data['name'] = name
data['password'] = password
data['state'] = ckan.model.State.PENDING
user_dict = _get_action('user_create')(context, data)
user = ckan.model.User.get(user_dict['id'])
member_dict = {
'username': user.id,
'id': data['group_id'],
'role': data['role']
}
_get_action('group_member_create')(context, member_dict)
mailer.send_invite(user)
return model_dictize.user_dictize(user, context)
def user_show(context, data_dict):
'''Shows user details'''
model = context['model']
user = context['user']
id = data_dict.get('id',None)
provided_user = data_dict.get('user_obj',None)
if id:
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound
elif provided_user:
context['user_obj'] = user_obj = provided_user
else:
raise NotFound
check_access('user_show',context, data_dict)
user_dict = user_dictize(user_obj,context)
if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name):
# If not sysadmin or the same user, strip sensible info
del user_dict['apikey']
del user_dict['reset_key']
revisions_q = model.Session.query(model.Revision
).filter_by(author=user_obj.name)
revisions_list = []
for revision in revisions_q.limit(20).all():
revision_dict = revision_show(context,{'id':revision.id})
revision_dict['state'] = revision.state
revisions_list.append(revision_dict)
user_dict['activity'] = revisions_list
return user_dict
def user_show(context, data_dict):
'''Shows user details'''
model = context['model']
user = context['user']
id = data_dict.get('id', None)
provided_user = data_dict.get('user_obj', None)
if id:
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound
elif provided_user:
context['user_obj'] = user_obj = provided_user
else:
raise NotFound
check_access('user_show', context, data_dict)
user_dict = user_dictize(user_obj, context)
if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name):
# If not sysadmin or the same user, strip sensible info
del user_dict['apikey']
del user_dict['reset_key']
revisions_q = model.Session.query(
model.Revision).filter_by(author=user_obj.name)
revisions_list = []
for revision in revisions_q.limit(20).all():
revision_dict = revision_show(context, {'id': revision.id})
revision_dict['state'] = revision.state
revisions_list.append(revision_dict)
user_dict['activity'] = revisions_list
return user_dict
def test_22_user_dictize_as_sysadmin(self):
'''Sysadmins should be allowed to see certain sensitive data.'''
context = {
'model': model,
'session': model.Session,
'user': '******',
}
user = model.User.by_name('tester')
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert 'name' in user_dict
assert 'about' in user_dict
# Check sensitive data is available
assert 'apikey' in user_dict
assert 'reset_key' in user_dict
assert 'email' in user_dict
# Passwords should never be available
assert 'password' not in user_dict
def user_create(context, data_dict):
'''Creates a new user'''
model = context['model']
user = context['user']
schema = context.get('schema') or default_user_schema()
check_access('user_create', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
if not context.get('defer_commit'):
model.repo.commit()
context['user'] = user
context['id'] = user.id
log.debug('Created user %s' % str(user.name))
return user_dictize(user, context)
def test_25_user_dictize_as_anonymous(self):
'''Anonymous should not be able to see other's sensitive data.'''
context = {
'model': model,
'session': model.Session,
'user': '',
}
user = model.User.by_name('tester')
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert 'name' in user_dict
assert 'about' in user_dict
# Check sensitive data is not available
assert 'apikey' not in user_dict
assert 'reset_key' not in user_dict
assert 'email' not in user_dict
# Passwords should never be available
assert 'password' not in user_dict
def test_23_user_dictize_as_same_user(self):
'''User should be able to see their own sensitive data.'''
context = {
'model': model,
'session': model.Session,
'user': '******',
}
user = model.User.by_name('tester')
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert 'name' in user_dict
assert 'about' in user_dict
# Check sensitive data is available
assert 'apikey' in user_dict
assert 'email' in user_dict
# Passwords and reset keys should never be available
assert 'password' not in user_dict
assert 'reset_key' not in user_dict
def user_show(context, data_dict):
"""Shows user details"""
model = context["model"]
user = context["user"]
id = data_dict.get("id", None)
provided_user = data_dict.get("user_obj", None)
if id:
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound
elif provided_user:
context["user_obj"] = user_obj = provided_user
else:
raise NotFound
check_access("user_show", context, data_dict)
user_dict = user_dictize(user_obj, context)
if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name):
# If not sysadmin or the same user, strip sensible info
del user_dict["apikey"]
del user_dict["reset_key"]
revisions_q = model.Session.query(model.Revision).filter_by(author=user_obj.name)
revisions_list = []
for revision in revisions_q.limit(20).all():
revision_dict = revision_show(context, {"id": revision.id})
revision_dict["state"] = revision.state
revisions_list.append(revision_dict)
user_dict["activity"] = revisions_list
return user_dict
def test_user_dictize_as_sysadmin(self):
"""Sysadmins should be allowed to see certain sensitive data."""
CreateTestData.create()
context = {
"model": model,
"session": model.Session,
"user": "******",
}
user = model.User.by_name("tester")
user_dict = user_dictize(user, context)
# Check some of the non-sensitive data
assert "name" in user_dict
assert "about" in user_dict
# Check sensitive data is available
assert "apikey" in user_dict
assert "email" in user_dict
# Passwords and reset keys should never be available
assert "password" not in user_dict
assert "reset_key" not in user_dict
def user_update(context, data_dict):
"""Updates the user's details"""
model = context["model"]
user = context["user"]
schema = context.get("schema") or default_update_user_schema()
id = data_dict["id"]
user_obj = model.User.get(id)
context["user_obj"] = user_obj
if user_obj is None:
raise NotFound("User was not found.")
check_access("user_update", context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
model.Session.rollback()
raise ValidationError(errors, group_error_summary(errors))
user = user_dict_save(data, context)
model.repo.commit()
return user_dictize(user, context)
def action_user_update(context, data_dict):
''' Modified from CKAN: user_update
Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account.
For further parameters see ``user_create()``.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or logic.schema.default_update_user_schema()
# Modify the schema by adding translation related keys
add_translation_modify_schema(schema)
upload = uploader.Upload('user')
upload.update_data_dict(data_dict, 'image_url', 'image_upload', 'clear_upload')
ignore_missing = toolkit.get_validator('ignore_missing')
convert_to_extras = toolkit.get_converter('convert_to_extras')
schema['job_title'] = [ignore_missing, unicode, convert_to_extras]
schema['telephone_number'] = [ignore_missing, unicode, convert_to_extras]
schema['main_organization'] = [ignore_missing, unicode, convert_to_extras]
schema['image_url'] = [ignore_missing, unicode, convert_to_extras]
schema['linkedin'] = [ignore_missing, unicode, convert_to_extras]
schema['facebook'] = [ignore_missing, unicode, convert_to_extras]
schema['twitter'] = [ignore_missing, unicode, convert_to_extras]
schema['blog'] = [ignore_missing, to_list_json, convert_to_extras]
schema['www_page'] = [ignore_missing, to_list_json, convert_to_extras]
# Add the localized keys for the localized fields to the schema
schema = add_languages_modify(schema, _localized_fields)
not_empty = toolkit.get_validator('not_empty')
schema['fullname'] = [not_empty, unicode]
id = logic.get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
# If the translations are not in the data_dict, the user has not added any translations or the user has deleted all translations.
# Therefore, the translations are not sent with the POST so we need to empty and update the translations here.
if 'translations' not in data_dict:
data_dict['translations'] = []
toolkit.check_access('user_update', context, data_dict)
data, errors = validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
for extra in data['extras'] if 'extras' in data else []:
user_obj.extras[extra['key']] = extra['value']
user = model_save.user_dict_save(data, context)
activity_dict = {'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user'}
activity_create_context = {'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session}
toolkit.get_action('activity_create')(activity_create_context, activity_dict)
# Attempt to update drupal user
_update_drupal_user(context, data_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
upload.upload(uploader.get_max_image_size())
if not context.get('defer_commit'):
model.repo.commit()
user_data = user_dictize(user, context)
for key, value in user.extras.iteritems():
if key in user_data:
log.warning("Trying to override user data with extra variable '%s'", key)
continue
user_data[key] = value
return user_data
def user_create(context, data_dict):
'''Create a new user.
You must be authorized to create users.
:param name: the name of the new user, a string between 2 and 100
characters in length, containing only lowercase alphanumeric
characters, ``-`` and ``_``
:type name: string
:param email: the email address for the new user
:type email: string
:param password: the password of the new user, a string of at least 4
characters
:type password: string
:param id: the id of the new user (optional)
:type id: string
:param fullname: the full name of the new user (optional)
:type fullname: string
:param about: a description of the new user (optional)
:type about: string
:param openid: (optional)
:type openid: string
:returns: the newly created yser
:rtype: dictionary
'''
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
_check_access('user_create', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
user = model_save.user_dict_save(data, context)
# Flush the session to cause user.id to be initialised, because
# activity_create() (below) needs it.
session.flush()
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'ignore_auth': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
logic.get_action('activity_create')(activity_create_context, activity_dict)
if not context.get('defer_commit'):
model.repo.commit()
# A new context is required for dictizing the newly constructed user in
# order that all the new user's data is returned, in particular, the
# api_key.
#
# The context is copied so as not to clobber the caller's context dict.
user_dictize_context = context.copy()
user_dictize_context['keep_sensitive_data'] = True
user_dict = model_dictize.user_dictize(user, user_dictize_context)
context['user_obj'] = user
context['id'] = user.id
model.Dashboard.get(user.id) # Create dashboard for user.
log.debug('Created user {name}'.format(name=user.name))
return user_dict
def user_create(context, data_dict):
'''Create a new user.
You must be authorized to create users.
:param name: the name of the new user, a string between 2 and 100
characters in length, containing only lowercase alphanumeric
characters, ``-`` and ``_``
:type name: string
:param email: the email address for the new user
:type email: string
:param password: the password of the new user, a string of at least 4
characters
:type password: string
:param id: the id of the new user (optional)
:type id: string
:param fullname: the full name of the new user (optional)
:type fullname: string
:param about: a description of the new user (optional)
:type about: string
:param openid: (optional)
:type openid: string
:returns: the newly created yser
:rtype: dictionary
'''
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
_check_access('user_create', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
user = model_save.user_dict_save(data, context)
# Flush the session to cause user.id to be initialised, because
# activity_create() (below) needs it.
session.flush()
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
logic.get_action('activity_create')(activity_create_context,
activity_dict, ignore_auth=True)
if not context.get('defer_commit'):
model.repo.commit()
# A new context is required for dictizing the newly constructed user in
# order that all the new user's data is returned, in particular, the
# api_key.
#
# The context is copied so as not to clobber the caller's context dict.
user_dictize_context = context.copy()
user_dictize_context['keep_sensitive_data'] = True
user_dict = model_dictize.user_dictize(user, user_dictize_context)
context['user_obj'] = user
context['id'] = user.id
log.debug('Created user %s' % str(user.name))
return user_dict
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account. Can not modify exisiting user's name.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
# TODO: remove hack to update API Key in CAS database
log.info('Updating Api Key in CAS Database')
sql = 'UPDATE users SET apikey = %s WHERE username = %s'
conn = None
updated_rows = 0
try:
log.info('apikey = ' + data['apikey'])
log.info('username = '******'name'])
log.info('connecting to cas')
conn = psycopg2.connect(
"dbname=casino_ar_prod_users user=cas_default password=casPWnasaace"
)
cur = conn.cursor()
log.info('connected')
cur.execute(sql, (data['apikey'], data['name']))
updated_rows = cur.rowcount
conn.commit()
log.info('user apikey updated')
cur.close()
except (Exception, psycopg2.DatabaseError) as error:
log.error(error)
finally:
if conn is not None:
conn.close()
#end hack
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': user,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
if not context.get('defer_commit'):
model.repo.commit()
return model_dictize.user_dictize(user, context)
def _get_sysadmins():
context = {"ignore_auth": True, "model": model}
sysadmins = helpers.get_valid_sysadmins()
return [model_dictize.user_dictize(user, context) for user in sysadmins]
def action_user_list(context, data_dict):
'''Return a list of the site's user accounts.
:param q: restrict the users returned to those whose names contain a string
(optional)
:type q: string
:param order_by: which field to sort the list by (optional, default:
``'name'``)
:type order_by: string
:rtype: list of dictionaries
'''
# Modiefed from ckan/controlers/user.py: user_list
model = context['model']
toolkit.check_access('user_list', context, data_dict)
q = data_dict.get('q', '')
order_by = data_dict.get('order_by', 'name')
query = model.Session.query(
model.User, model.User.name.label('name'),
model.User.fullname.label('fullname'), model.User.about.label('about'),
model.User.about.label('email'), model.User.created.label('created'),
sqlalchemy.sql.select([sqlalchemy.func.count(model.Revision.id)],
sqlalchemy.or_(
model.Revision.author == model.User.name,
model.Revision.author ==
model.User.openid)).label('number_of_edits'),
sqlalchemy.sql.select(
[sqlalchemy.func.count(model.UserObjectRole.id)],
sqlalchemy.and_(model.UserObjectRole.user_id == model.User.id,
model.UserObjectRole.context == 'Package',
model.UserObjectRole.role == 'admin')).label(
'number_administered_packages'))
if q:
query = model.User.search(q, query, user_name=context.get('user'))
if order_by == 'edits':
query = query.order_by(
sqlalchemy.desc(
sqlalchemy.sql.select(
[sqlalchemy.func.count(model.Revision.id)],
sqlalchemy.or_(
model.Revision.author == model.User.name,
model.Revision.author == model.User.openid))))
elif order_by == 'created':
query = query.order_by(model.User.created)
else:
query = query.order_by(
sqlalchemy.case(
[(sqlalchemy.or_(model.User.fullname == None,
model.User.fullname == ''), model.User.name)],
else_=model.User.fullname) # noqa
)
# Filter deleted users
query = query.filter(model.User.state != model.State.DELETED)
# # hack for pagination
if context.get('return_query'):
return query
users_list = []
for user in query.all():
result_dict = model_dictize.user_dictize(user[0], context)
result_dict = _add_user_extras(user[0], result_dict)
result_dict.pop('password', None)
result_dict.pop('reset_key', None)
result_dict.pop('apikey', None)
result_dict.pop('email', None)
result_dict.pop('sysadmin', None)
result_dict.pop('email_hash', None)
users_list.append(result_dict)
return users_list
def hdx_user_invite(context, data_dict):
'''Invite a new user.
You must be authorized to create group members.
:param email: the email of the user to be invited to the group
:type email: string
:param group_id: the id or name of the group
:type group_id: string
:param role: role of the user in the group. One of ``member``, ``editor``,
or ``admin``
:type role: string
:returns: the newly created user
:rtype: dictionary
'''
import string
_check_access('user_invite', context, data_dict)
schema = context.get('schema', core_schema.default_user_invite_schema())
data, errors = _validate(data_dict, schema, context)
if errors:
raise ValidationError(errors)
model = context['model']
group = model.Group.get(data['group_id'])
if not group:
raise NotFound()
name = core_create._get_random_username_from_email(data['email'])
# Choose a password. However it will not be used - the invitee will not be
# told it - they will need to reset it
while True:
password = ''.join(random.SystemRandom().choice(
string.ascii_lowercase + string.ascii_uppercase + string.digits)
for _ in range(12))
# Occasionally it won't meet the constraints, so check
errors = {}
logic.validators.user_password_validator(
'password', {'password': password}, errors, None)
if not errors:
break
data['name'] = name
data['password'] = password
data['state'] = core_model.State.PENDING
user_dict = _get_action('user_create')(context, data)
user = core_model.User.get(user_dict['id'])
member_dict = {
'username': user.id,
'id': data['group_id'],
'role': data['role']
}
if group.is_organization:
_get_action('organization_member_create')(context, member_dict)
group_dict = _get_action('organization_show')(context,
{'id': data['group_id']})
else:
_get_action('group_member_create')(context, member_dict)
group_dict = _get_action('group_show')(context,
{'id': data['group_id']})
try:
expiration_in_hours = int(config.get('hdx.password.invitation_reset_key.expiration_in_hours', 48))
reset_password.create_reset_key(user, expiration_in_hours=expiration_in_hours)
subject = u'HDX account creation'
email_data = {
'org_name': group_dict.get('display_name'),
'capacity': data['role'],
'user_fullname': c.userobj.display_name,
'expiration_in_hours': expiration_in_hours,
'user_reset_link': h.url_for(controller='user',
action='perform_reset',
id=user.id,
key=user.reset_key,
qualified=True)
}
hdx_mailer.mail_recipient([{'display_name': user.email, 'email': user.email}],
subject, email_data,
snippet='email/content/new_account_confirmation_to_user.html')
subject = u'New HDX user confirmation'
email_data = {
'org_name': group_dict.get('display_name'),
'capacity': data['role'],
'user_username': user.name,
'user_email': user.email,
}
admin_list = get_organization_admins(group_dict.get('id'), user.email)
hdx_mailer.mail_recipient(admin_list,
subject, email_data, footer='*****@*****.**',
snippet='email/content/new_account_confirmation_to_admins.html')
except (socket_error, Exception) as error:
# Email could not be sent, delete the pending user
_get_action('user_delete')(context, {'id': user.id})
_err_str = 'Error sending the invite email, the user was not created: {0}'.format(error)
msg = _(_err_str)
raise ValidationError({'message': msg}, error_summary=msg)
return model_dictize.user_dictize(user, context)
def user_create(context, data_dict):
'''Create a new user.
You must be authorized to create users.
:param name: the name of the new user, a string between 2 and 100
characters in length, containing only lowercase alphanumeric
characters, ``-`` and ``_``
:type name: string
:param email: the email address for the new user
:type email: string
:param password: the password of the new user, a string of at least 4
characters
:type password: string
:param id: the id of the new user (optional)
:type id: string
:param fullname: the full name of the new user (optional)
:type fullname: string
:param about: a description of the new user (optional)
:type about: string
:param openid: (optional)
:type openid: string
:returns: the newly created yser
:rtype: dictionary
'''
model = context['model']
schema = context.get('schema') or ckan.logic.schema.default_user_schema()
session = context['session']
_check_access('user_create', context, data_dict)
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors, _error_summary(errors))
user = model_save.user_dict_save(data, context)
# Flush the session to cause user.id to be initialised, because
# activity_create() (below) needs it.
session.flush()
activity_create_context = {
'model': model,
'user': context['user'],
'defer_commit': True,
'session': session
}
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'new user',
}
activity_create(activity_create_context, activity_dict, ignore_auth=True)
if not context.get('defer_commit'):
model.repo.commit()
context['user'] = user
context['id'] = user.id
log.debug('Created user %s' % str(user.name))
return model_dictize.user_dictize(user, context)
def user_update(context: Context, data_dict: DataDict) -> ActionResult.UserUpdate:
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account. Can not modify exisiting user's name.
.. note:: Update methods may delete parameters not explicitly provided in the
data_dict. If you want to edit only a specific attribute use `user_patch`
instead.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
if user_obj is None:
raise NotFound('User was not found.')
context['user_obj'] = user_obj
_check_access('user_update', context, data_dict)
upload = uploader.get_uploader('user')
upload.update_data_dict(data_dict, 'image_url',
'image_upload', 'clear_upload')
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
upload.upload(uploader.get_max_image_size())
if not context.get('defer_commit'):
with logic.guard_against_duplicated_email(data_dict['email']):
model.repo.commit()
author_obj = model.User.get(context.get('user'))
include_plugin_extras = False
if author_obj:
include_plugin_extras = author_obj.sysadmin and 'plugin_extras' in data
user_dict = model_dictize.user_dictize(
user, context, include_plugin_extras=include_plugin_extras)
return user_dict
def action_user_list(context, data_dict):
'''Return a list of the site's user accounts.
:param q: restrict the users returned to those whose names contain a string
(optional)
:type q: string
:param order_by: which field to sort the list by (optional, default:
``'name'``)
:type order_by: string
:rtype: list of dictionaries
'''
# Modiefed from ckan/controlers/user.py: user_list
model = context['model']
toolkit.check_access('user_list', context, data_dict)
q = data_dict.get('q', '')
order_by = data_dict.get('order_by', 'name')
query = model.Session.query(
model.User,
model.User.name.label('name'),
model.User.fullname.label('fullname'),
model.User.about.label('about'),
model.User.about.label('email'),
model.User.created.label('created'),
sqlalchemy.sql.select([sqlalchemy.func.count(model.Revision.id)], sqlalchemy.or_(model.Revision.author == model.User.name,
model.Revision.author == model.User.openid
)
).label('number_of_edits'),
sqlalchemy.sql.select([sqlalchemy.func.count(model.UserObjectRole.id)], sqlalchemy.and_(
model.UserObjectRole.user_id == model.User.id,
model.UserObjectRole.context == 'Package',
model.UserObjectRole.role == 'admin')
).label('number_administered_packages')
)
if q:
query = model.User.search(q, query, user_name=context.get('user'))
if order_by == 'edits':
query = query.order_by(sqlalchemy.desc(
sqlalchemy.sql.select([sqlalchemy.func.count(model.Revision.id)], sqlalchemy.or_(
model.Revision.author == model.User.name,
model.Revision.author == model.User.openid
))
))
elif order_by == 'created':
query = query.order_by(model.User.created)
else:
query = query.order_by(
sqlalchemy.case([(sqlalchemy.or_(model.User.fullname == None, model.User.fullname == ''), model.User.name)], else_=model.User.fullname) # noqa
)
# Filter deleted users
query = query.filter(model.User.state != model.State.DELETED)
# # hack for pagination
if context.get('return_query'):
return query
users_list = []
for user in query.all():
result_dict = model_dictize.user_dictize(user[0], context)
result_dict = _add_user_extras(user[0], result_dict)
result_dict.pop('password', None)
result_dict.pop('reset_key', None)
result_dict.pop('apikey', None)
result_dict.pop('email', None)
result_dict.pop('sysadmin', None)
result_dict.pop('email_hash', None)
users_list.append(result_dict)
return users_list
def action_user_show(context, data_dict):
'''Modified from CKAN: user_show.
Return a user account.
Either the ``id`` or the ``user_obj`` parameter must be given.
:param id: the id or name of the user (optional)
:type id: string
:param user_obj: the user dictionary of the user (optional)
:type user_obj: user dictionary
:rtype: dictionary
'''
model = context['model']
id = data_dict.get('id', None)
provided_user = data_dict.get('user_obj', None)
if id:
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound
elif provided_user:
context['user_obj'] = user_obj = provided_user
else:
raise NotFound
toolkit.check_access('user_show', context, data_dict)
user_dict = model_dictize.user_dictize(user_obj, context)
user_dict = _add_user_extras(user_obj, user_dict)
user_dict.pop('password', None)
user_dict.pop('reset_key', None)
keep_apikey = context.get('keep_apikey', False) or (context.get('for_view', False) and c.user == user_obj.name)
keep_email = context.get('keep_email', False) or (context.get('for_view', False) and c.user == user_obj.name)
if not keep_apikey:
user_dict.pop('apikey', None)
if not keep_email:
user_dict.pop('email', None)
user_dict.pop('email_hash', None)
if context.get('return_minimal'):
return user_dict
revisions_q = model.Session.query(model.Revision).filter_by(author=user_obj.name)
revisions_list = []
for revision in revisions_q.limit(20).all():
revision_dict = logic.get_action('revision_show')(context, {'id': revision.id})
revision_dict['state'] = revision.state
revisions_list.append(revision_dict)
user_dict['activity'] = revisions_list
user_dict['datasets'] = []
dataset_q = model.Session.query(model.Package).join(model.PackageRole).filter_by(user=user_obj, role=model.Role.ADMIN).limit(50)
for dataset in dataset_q:
try:
dataset_dict = logic.get_action('package_show')(context, {'id': dataset.id})
except logic.NotAuthorized:
continue
user_dict['datasets'].append(dataset_dict)
user_dict['num_followers'] = logic.get_action('user_follower_count')({'model': model, 'session': model.Session}, {'id': user_dict['id']})
return user_dict
def user_update(context, data_dict):
'''Update a user account.
Normal users can only update their own user accounts. Sysadmins can update
any user account. Can not modify exisiting user's name.
.. note:: Update methods may delete parameters not explicitly provided in the
data_dict. If you want to edit only a specific attribute use `user_patch`
instead.
For further parameters see
:py:func:`~ckan.logic.action.create.user_create`.
:param id: the name or id of the user to update
:type id: string
:returns: the updated user account
:rtype: dictionary
'''
model = context['model']
user = author = context['user']
session = context['session']
schema = context.get('schema') or schema_.default_update_user_schema()
id = _get_or_bust(data_dict, 'id')
user_obj = model.User.get(id)
context['user_obj'] = user_obj
if user_obj is None:
raise NotFound('User was not found.')
_check_access('user_update', context, data_dict)
upload = uploader.get_uploader('user')
upload.update_data_dict(data_dict, 'image_url',
'image_upload', 'clear_upload')
data, errors = _validate(data_dict, schema, context)
if errors:
session.rollback()
raise ValidationError(errors)
# user schema prevents non-sysadmins from providing password_hash
if 'password_hash' in data:
data['_password'] = data.pop('password_hash')
user = model_save.user_dict_save(data, context)
activity_dict = {
'user_id': user.id,
'object_id': user.id,
'activity_type': 'changed user',
}
activity_create_context = {
'model': model,
'user': author,
'defer_commit': True,
'ignore_auth': True,
'session': session
}
_get_action('activity_create')(activity_create_context, activity_dict)
# TODO: Also create an activity detail recording what exactly changed in
# the user.
upload.upload(uploader.get_max_image_size())
if not context.get('defer_commit'):
model.repo.commit()
author_obj = model.User.get(context.get('user'))
include_plugin_extras = False
if author_obj:
include_plugin_extras = author_obj.sysadmin and 'plugin_extras' in data
user_dict = model_dictize.user_dictize(
user, context, include_plugin_extras=include_plugin_extras)
return user_dict
