def member_request_show(context, data_dict): ''' Create new member request. User is taken from context. :param member: id of the member object :type member: string :param fetch_user: fetch related user data :type fetch_user: boolean ''' check_access('member_request_show', context, data_dict) model = context['model'] member_id = data_dict.get("member") fetch_user = data_dict.get("fetch_user", False) member = model.Session.query(model.Member).get(member_id) if not member.group.is_organization: raise NotFound data = model_dictize.member_dictize(member, context) if fetch_user: member_user = model.Session.query(model.User).get(member.table_id) data['user'] = model_dictize.user_dictize(member_user, context) return data
def user_invite(context, data_dict): """Invite a new user. You must be authorized to create group members. :param email: the email of the user to be invited to the group :type email: string :param group_id: the id or name of the group :type group_id: string :param role: role of the user in the group. One of ``member``, ``editor``, or ``admin`` :type role: string :returns: the newly created yser :rtype: dictionary """ _check_access("user_invite", context, data_dict) schema = context.get("schema", ckan.logic.schema.default_user_invite_schema()) data, errors = _validate(data_dict, schema, context) if errors: raise ValidationError(errors) name = _get_random_username_from_email(data["email"]) password = str(random.SystemRandom().random()) data["name"] = name data["password"] = password data["state"] = ckan.model.State.PENDING user_dict = _get_action("user_create")(context, data) user = ckan.model.User.get(user_dict["id"]) member_dict = {"username": user.id, "id": data["group_id"], "role": data["role"]} _get_action("group_member_create")(context, member_dict) mailer.send_invite(user) return model_dictize.user_dictize(user, context)
def user_create(context, data_dict): """Creates a new user""" model = context["model"] schema = context.get("schema") or ckan.logic.schema.default_user_schema() session = context["session"] check_access("user_create", context, data_dict) data, errors = validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors, error_summary(errors)) user = model_save.user_dict_save(data, context) # Flush the session to cause user.id to be initialised, because # activity_create() (below) needs it. session.flush() activity_create_context = {"model": model, "user": context["user"], "defer_commit": True, "session": session} activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "new user"} activity_create(activity_create_context, activity_dict, ignore_auth=True) if not context.get("defer_commit"): model.repo.commit() context["user"] = user context["id"] = user.id log.debug("Created user %s" % str(user.name)) return model_dictize.user_dictize(user, context)
def user_update(context, data_dict): '''Updates the user\'s details''' model = context['model'] user = context['user'] schema = context.get('schema') or default_update_user_schema() id = data_dict['id'] user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') check_access('user_update', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors, group_error_summary(errors)) user = user_dict_save(data, context) if not context.get('defer_commit'): model.repo.commit() return user_dictize(user, context)
def user_create(context, data_dict): model = context['model'] schema = context.get('schema') or ckan.logic.schema.default_user_schema() session = context['session'] _check_access('user_create', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) if user.email == pylons.config.get('ckan.loopback.email'): raise ValidationError({'Email Address': ['Invalid email address.']}) session.flush() loopback_user_create({ 'id': user.id, 'username': user.name, 'email': user.email, 'apikey': user.apikey, 'password': data['password'] }) activity_create_context = { 'model': model, 'user': context['user'], 'defer_commit': True, 'ignore_auth': True, 'session': session } activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'new user', } logic.get_action('activity_create')(activity_create_context, activity_dict) if not context.get('defer_commit'): model.repo.commit() user_dictize_context = context.copy() user_dictize_context['keep_apikey'] = True user_dictize_context['keep_email'] = True user_dict = model_dictize.user_dictize(user, user_dictize_context) context['user_obj'] = user context['id'] = user.id model.Dashboard.get(user.id) log.debug('CKAN user created: {}'.format(user.name)) return user_dict
def _user_dict(user): out = model_dictize.user_dictize(user, context={'model': model}) out['ckan_url'] = h.url_for('user.read', id=user.name) out['gravatar'] = h.gravatar(user.email_hash, size=48) out['gravatar_url'] = '''//gravatar.com/avatar/%s?s=%d''' % ( user.email_hash, 48) return out
def user_update(context, data_dict): """Updates the user\'s details""" model = context["model"] user = context["user"] session = context["session"] schema = context.get("schema") or default_update_user_schema() id = data_dict["id"] user_obj = model.User.get(id) context["user_obj"] = user_obj if user_obj is None: raise NotFound("User was not found.") check_access("user_update", context, data_dict) data, errors = validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors, group_error_summary(errors)) user = user_dict_save(data, context) activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "changed user"} activity_create_context = {"model": model, "user": user, "defer_commit": True, "session": session} from ckan.logic.action.create import activity_create activity_create(activity_create_context, activity_dict, ignore_auth=True) # TODO: Also create an activity detail recording what exactly changed in # the user. if not context.get("defer_commit"): model.repo.commit() return user_dictize(user, context)
def user_update(context, data_dict): '''Update a user account. Normal users can only update their own user accounts. Sysadmins can update any user account. For further parameters see :py:func:`~ckan.logic.action.create.user_create`. :param id: the name or id of the user to update :type id: string :returns: the updated user account :rtype: dictionary ''' model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or schema_.default_update_user_schema() id = _get_or_bust(data_dict, 'id') user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') _check_access('user_update', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) # user schema prevents non-sysadmins from providing password_hash if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': user, 'defer_commit': True, 'ignore_auth': True, 'session': session } _get_action('activity_create')(activity_create_context, activity_dict) # TODO: Also create an activity detail recording what exactly changed in # the user. if not context.get('defer_commit'): model.repo.commit() return model_dictize.user_dictize(user, context)
def user_create(context, data_dict): model = context['model'] schema = context.get('schema') or ckan.logic.schema.default_user_schema() session = context['session'] _check_access('user_create', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) if user.email == pylons.config.get('ckan.loopback.email'): raise ValidationError({'Email Address': ['Invalid email address.']}) session.flush() loopback_user_create({ 'id': user.id, 'username': user.name, 'email': user.email, 'password': data['password'] }) activity_create_context = { 'model': model, 'user': context['user'], 'defer_commit': True, 'ignore_auth': True, 'session': session } activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'new user', } logic.get_action('activity_create')(activity_create_context, activity_dict) if not context.get('defer_commit'): model.repo.commit() user_dictize_context = context.copy() user_dictize_context['keep_apikey'] = True user_dictize_context['keep_email'] = True user_dict = model_dictize.user_dictize(user, user_dictize_context) context['user_obj'] = user context['id'] = user.id model.Dashboard.get(user.id) log.debug('CKAN user created: {}'.format(user.name)) return user_dict
def user_list(context, data_dict): '''Lists the current users''' model = context['model'] user = context['user'] check_access('user_list',context, data_dict) q = data_dict.get('q','') order_by = data_dict.get('order_by','name') query = model.Session.query( model.User, model.User.name.label('name'), model.User.fullname.label('fullname'), model.User.about.label('about'), model.User.about.label('email'), model.User.created.label('created'), select([func.count(model.Revision.id)], or_( model.Revision.author==model.User.name, model.Revision.author==model.User.openid ) ).label('number_of_edits'), select([func.count(model.UserObjectRole.id)], and_( model.UserObjectRole.user_id==model.User.id, model.UserObjectRole.context=='Package', model.UserObjectRole.role=='admin' ) ).label('number_administered_packages') ) if q: query = model.User.search(q, query) if order_by == 'edits': query = query.order_by(desc( select([func.count(model.Revision.id)], or_( model.Revision.author==model.User.name, model.Revision.author==model.User.openid )) )) else: query = query.order_by( case([(or_(model.User.fullname == None, model.User.fullname == ''), model.User.name)], else_=model.User.fullname) ) ## hack for pagination if context.get('return_query'): return query users_list = [] for user in query.all(): result_dict = user_dictize(user[0], context) del result_dict['apikey'] users_list.append(result_dict) return users_list
def user_update(context, data_dict): model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or schema_.default_update_user_schema() id = _get_or_bust(data_dict, 'id') user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') _check_access('user_update', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) if user.name == pylons.config.get('ckan.loopback.username'): raise ValidationError({'Username': ['Invalid username.']}) loopback_user_info = { 'username': user.name, 'email': user.email, 'apikey': user.apikey } if 'password' in data: loopback_user_info['password'] = data['password'] loopback_user_update(user.id, loopback_user_info) activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': user, 'defer_commit': True, 'ignore_auth': True, 'session': session } _get_action('activity_create')(activity_create_context, activity_dict) if not context.get('defer_commit'): model.repo.commit() log.debug('CKAN user updated: {}'.format(user.name)) return model_dictize.user_dictize(user, context)
def user_update(context, data_dict): model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or schema_.default_update_user_schema() id = _get_or_bust(data_dict, 'id') user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') _check_access('user_update', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) if user.name == pylons.config.get('ckan.loopback.username'): raise ValidationError({'Username': ['Invalid username.']}) loopback_user_info = { 'username': user.name, 'email': user.email } if 'password' in data: loopback_user_info['password'] = data['password'] loopback_user_update(user.id, loopback_user_info) activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': user, 'defer_commit': True, 'ignore_auth': True, 'session': session } _get_action('activity_create')(activity_create_context, activity_dict) if not context.get('defer_commit'): model.repo.commit() log.debug('CKAN user updated: {}'.format(user.name)) return model_dictize.user_dictize(user, context)
def user_update(context, data_dict): """Update a user account. Normal users can only update their own user accounts. Sysadmins can update any user account. For further parameters see :py:func:`~ckan.logic.action.create.user_create`. :param id: the name or id of the user to update :type id: string :returns: the updated user account :rtype: dictionary """ model = context["model"] user = context["user"] session = context["session"] schema = context.get("schema") or schema_.default_update_user_schema() id = _get_or_bust(data_dict, "id") user_obj = model.User.get(id) context["user_obj"] = user_obj if user_obj is None: raise NotFound("User was not found.") _check_access("user_update", context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) # user schema prevents non-sysadmins from providing password_hash if "password_hash" in data: data["_password"] = data.pop("password_hash") user = model_save.user_dict_save(data, context) activity_dict = {"user_id": user.id, "object_id": user.id, "activity_type": "changed user"} activity_create_context = { "model": model, "user": user, "defer_commit": True, "ignore_auth": True, "session": session, } _get_action("activity_create")(activity_create_context, activity_dict) # TODO: Also create an activity detail recording what exactly changed in # the user. if not context.get("defer_commit"): model.repo.commit() return model_dictize.user_dictize(user, context)
def user_by_email(context, data_dict): email = data_dict.get("email", None) if email: user_obj_list = model.User.by_email(email) user_obj = None if (len(user_obj_list) > 0): user_obj = user_obj_list[0] else: raise NotFound user_dict = model_dictize.user_dictize(user_obj, context) return user_dict else: raise NotFound
def user_list(context, data_dict): '''Lists the current users''' model = context['model'] user = context['user'] check_access('user_list', context, data_dict) q = data_dict.get('q', '') order_by = data_dict.get('order_by', 'name') query = model.Session.query( model.User, model.User.name.label('name'), model.User.fullname.label('fullname'), model.User.about.label('about'), model.User.about.label('email'), model.User.created.label('created'), select([func.count(model.Revision.id)], or_(model.Revision.author == model.User.name, model.Revision.author == model.User.openid)).label( 'number_of_edits'), select([func.count(model.UserObjectRole.id)], and_(model.UserObjectRole.user_id == model.User.id, model.UserObjectRole.context == 'Package', model.UserObjectRole.role == 'admin')).label( 'number_administered_packages')) if q: query = model.User.search(q, query) if order_by == 'edits': query = query.order_by( desc( select([func.count(model.Revision.id)], or_(model.Revision.author == model.User.name, model.Revision.author == model.User.openid)))) else: query = query.order_by( case([(or_(model.User.fullname == None, model.User.fullname == ''), model.User.name)], else_=model.User.fullname)) ## hack for pagination if context.get('return_query'): return query users_list = [] for user in query.all(): result_dict = user_dictize(user[0], context) del result_dict['apikey'] users_list.append(result_dict) return users_list
def _user_list_dictize(obj_list, context, sort_key=lambda x: x['name'], reverse=False): import ckan.lib.dictization.model_dictize as model_dictize result_list = [] for obj in obj_list: user_dict = model_dictize.user_dictize(obj, context) user_dict.pop('reset_key', None) user_dict.pop('apikey', None) # user_dict.pop('email', None) result_list.append(user_dict) return sorted(result_list, key=sort_key, reverse=reverse)
def user_show(context, data_dict): '''Shows user details''' model = context['model'] user = context['user'] id = data_dict.get('id',None) provided_user = data_dict.get('user_obj',None) if id: user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound elif provided_user: context['user_obj'] = user_obj = provided_user else: raise NotFound check_access('user_show',context, data_dict) user_dict = model_dictize.user_dictize(user_obj,context) if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name): # If not sysadmin or the same user, strip sensible info del user_dict['apikey'] del user_dict['reset_key'] revisions_q = model.Session.query(model.Revision ).filter_by(author=user_obj.name) revisions_list = [] for revision in revisions_q.limit(20).all(): revision_dict = revision_show(context,{'id':revision.id}) revision_dict['state'] = revision.state revisions_list.append(revision_dict) user_dict['activity'] = revisions_list user_dict['datasets'] = [] dataset_q = model.Session.query(model.Package).join(model.PackageRole ).filter_by(user=user_obj, role=model.Role.ADMIN ).limit(50) for dataset in dataset_q: try: dataset_dict = package_show(context, {'id': dataset.id}) except logic.NotAuthorized: continue user_dict['datasets'].append(dataset_dict) return user_dict
def user_show(context, data_dict): '''Shows user details''' model = context['model'] user = context['user'] id = data_dict.get('id', None) provided_user = data_dict.get('user_obj', None) if id: user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound elif provided_user: context['user_obj'] = user_obj = provided_user else: raise NotFound check_access('user_show', context, data_dict) user_dict = model_dictize.user_dictize(user_obj, context) if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name): # If not sysadmin or the same user, strip sensible info del user_dict['apikey'] del user_dict['reset_key'] revisions_q = model.Session.query( model.Revision).filter_by(author=user_obj.name) revisions_list = [] for revision in revisions_q.limit(20).all(): revision_dict = revision_show(context, {'id': revision.id}) revision_dict['state'] = revision.state revisions_list.append(revision_dict) user_dict['activity'] = revisions_list user_dict['datasets'] = [] dataset_q = model.Session.query(model.Package).join( model.PackageRole).filter_by(user=user_obj, role=model.Role.ADMIN).limit(50) for dataset in dataset_q: try: dataset_dict = package_show(context, {'id': dataset.id}) except logic.NotAuthorized: continue user_dict['datasets'].append(dataset_dict) return user_dict
def pending_user_list(context, data_dict): check_access('sysadmin', context, {}) model = context['model'] query = model.Session.query(model.User) \ .filter_by(state=model.State.PENDING) users_list = [] for user in query.all(): groups = user.get_groups() if groups: result_dict = model_dictize.user_dictize(user, context) result_dict['group_name'] = user.get_groups()[0].title users_list.append(result_dict) return users_list
def user_update(context, data_dict): '''Updates the user\'s details''' model = context['model'] user = context['user'] session = context['session'] schema = context.get( 'schema') or ckan.logic.schema.default_update_user_schema() id = data_dict['id'] user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') check_access('user_update', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors, error_summary(errors)) user = model_save.user_dict_save(data, context) activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': user, 'defer_commit': True, 'session': session } get_action('activity_create')(activity_create_context, activity_dict, ignore_auth=True) # TODO: Also create an activity detail recording what exactly changed in # the user. if not context.get('defer_commit'): model.repo.commit() return model_dictize.user_dictize(user, context)
def user_auth(context, data_dict): '''Authenticates a user You must be a system administrator to authenticate users. :param email: the email address of the user :type email: string :param password: the password of the user :type password: string :returns: the newly created user :rtype: dictionary ''' model = context['model'] session = context['session'] _check_access('user_auth', context, data_dict) email = data_dict.get('email') password = data_dict.get('password') if not (email and password): raise ValidationError(['email and password are both required']) users = User.by_email(email) user = users[0] if users else None if (user is None) or \ (not user.is_active()) or \ (not user.validate_password(password)): raise ValidationError(['There was a problem authenticating this user']) user_dict = model_dictize.user_dictize(user, context) ## Get the user's organisation list to return with the login details fOrgList = get_action('organization_list_for_user') user_dict['organisations'] = fOrgList(context, {'id': user.name}) # DGU Hack: added encoding so we don't barf on unicode user names log.debug( 'Authenticated user {name}'.format(name=user.name.encode('utf8'))) return user_dict
def test_23_user_dictize_as_same_user(self): """User should be able to see their own sensitive data.""" context = {"model": model, "session": model.Session, "user": "******"} user = model.User.by_name("tester") user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert "name" in user_dict assert "about" in user_dict # Check sensitive data is available assert "apikey" in user_dict assert "email" in user_dict # Passwords and reset keys should never be available assert "password" not in user_dict assert "reset_key" not in user_dict
def test_22_user_dictize_as_sysadmin(self): """Sysadmins should be allowed to see certain sensitive data.""" context = {"model": model, "session": model.Session, "user": "******"} user = model.User.by_name("tester") user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert "name" in user_dict assert "about" in user_dict # Check sensitive data is available assert "apikey" in user_dict assert "reset_key" in user_dict assert "email" in user_dict # Passwords should never be available assert "password" not in user_dict
def test_25_user_dictize_as_anonymous(self): """Anonymous should not be able to see other's sensitive data.""" context = {"model": model, "session": model.Session, "user": ""} user = model.User.by_name("tester") user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert "name" in user_dict assert "about" in user_dict # Check sensitive data is not available assert "apikey" not in user_dict assert "reset_key" not in user_dict assert "email" not in user_dict # Passwords should never be available assert "password" not in user_dict
def user_create(context, data_dict): '''Creates a new user''' model = context['model'] schema = context.get('schema') or ckan.logic.schema.default_user_schema() session = context['session'] check_access('user_create', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors, error_summary(errors)) user = model_save.user_dict_save(data, context) # Flush the session to cause user.id to be initialised, because # activity_create() (below) needs it. session.flush() activity_create_context = { 'model': model, 'user': context['user'], 'defer_commit': True, 'session': session } activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'new user', } activity_create(activity_create_context, activity_dict, ignore_auth=True) if not context.get('defer_commit'): model.repo.commit() context['user'] = user context['id'] = user.id log.debug('Created user %s' % str(user.name)) return model_dictize.user_dictize(user, context)
def user_update(context, data_dict): '''Updates the user\'s details''' model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or ckan.logic.schema.default_update_user_schema() id = data_dict['id'] user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') check_access('user_update', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors, error_summary(errors)) user = model_save.user_dict_save(data, context) activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': user, 'defer_commit':True, 'session': session } get_action('activity_create')(activity_create_context, activity_dict, ignore_auth=True) # TODO: Also create an activity detail recording what exactly changed in # the user. if not context.get('defer_commit'): model.repo.commit() return model_dictize.user_dictize(user, context)
def user_invite(context, data_dict): '''Invite a new user. You must be authorized to create group members. :param email: the email of the user to be invited to the group :type email: string :param group_id: the id or name of the group :type group_id: string :param role: role of the user in the group. One of ``member``, ``editor``, or ``admin`` :type role: string :returns: the newly created yser :rtype: dictionary ''' _check_access('user_invite', context, data_dict) schema = context.get('schema', ckan.logic.schema.default_user_invite_schema()) data, errors = _validate(data_dict, schema, context) if errors: raise ValidationError(errors) name = _get_random_username_from_email(data['email']) password = str(random.SystemRandom().random()) data['name'] = name data['password'] = password data['state'] = ckan.model.State.PENDING user_dict = _get_action('user_create')(context, data) user = ckan.model.User.get(user_dict['id']) member_dict = { 'username': user.id, 'id': data['group_id'], 'role': data['role'] } _get_action('group_member_create')(context, member_dict) mailer.send_invite(user) return model_dictize.user_dictize(user, context)
def user_create(context, data_dict): '''Creates a new user''' model = context['model'] user = context['user'] schema = context.get('schema') or default_user_schema() check_access('user_create', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors, group_error_summary(errors)) user = user_dict_save(data, context) model.repo.commit() context['user'] = user context['id'] = user.id log.debug('Created user %s' % str(user.name)) return user_dictize(user, context)
def user_show(context, data_dict): '''Shows user details''' model = context['model'] user = context['user'] id = data_dict.get('id',None) provided_user = data_dict.get('user_obj',None) if id: user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound elif provided_user: context['user_obj'] = user_obj = provided_user else: raise NotFound check_access('user_show',context, data_dict) user_dict = user_dictize(user_obj,context) if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name): # If not sysadmin or the same user, strip sensible info del user_dict['apikey'] del user_dict['reset_key'] revisions_q = model.Session.query(model.Revision ).filter_by(author=user_obj.name) revisions_list = [] for revision in revisions_q.limit(20).all(): revision_dict = revision_show(context,{'id':revision.id}) revision_dict['state'] = revision.state revisions_list.append(revision_dict) user_dict['activity'] = revisions_list return user_dict
def user_show(context, data_dict): '''Shows user details''' model = context['model'] user = context['user'] id = data_dict.get('id', None) provided_user = data_dict.get('user_obj', None) if id: user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound elif provided_user: context['user_obj'] = user_obj = provided_user else: raise NotFound check_access('user_show', context, data_dict) user_dict = user_dictize(user_obj, context) if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name): # If not sysadmin or the same user, strip sensible info del user_dict['apikey'] del user_dict['reset_key'] revisions_q = model.Session.query( model.Revision).filter_by(author=user_obj.name) revisions_list = [] for revision in revisions_q.limit(20).all(): revision_dict = revision_show(context, {'id': revision.id}) revision_dict['state'] = revision.state revisions_list.append(revision_dict) user_dict['activity'] = revisions_list return user_dict
def test_22_user_dictize_as_sysadmin(self): '''Sysadmins should be allowed to see certain sensitive data.''' context = { 'model': model, 'session': model.Session, 'user': '******', } user = model.User.by_name('tester') user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert 'name' in user_dict assert 'about' in user_dict # Check sensitive data is available assert 'apikey' in user_dict assert 'reset_key' in user_dict assert 'email' in user_dict # Passwords should never be available assert 'password' not in user_dict
def user_create(context, data_dict): '''Creates a new user''' model = context['model'] user = context['user'] schema = context.get('schema') or default_user_schema() check_access('user_create', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors, group_error_summary(errors)) user = user_dict_save(data, context) if not context.get('defer_commit'): model.repo.commit() context['user'] = user context['id'] = user.id log.debug('Created user %s' % str(user.name)) return user_dictize(user, context)
def test_25_user_dictize_as_anonymous(self): '''Anonymous should not be able to see other's sensitive data.''' context = { 'model': model, 'session': model.Session, 'user': '', } user = model.User.by_name('tester') user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert 'name' in user_dict assert 'about' in user_dict # Check sensitive data is not available assert 'apikey' not in user_dict assert 'reset_key' not in user_dict assert 'email' not in user_dict # Passwords should never be available assert 'password' not in user_dict
def test_23_user_dictize_as_same_user(self): '''User should be able to see their own sensitive data.''' context = { 'model': model, 'session': model.Session, 'user': '******', } user = model.User.by_name('tester') user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert 'name' in user_dict assert 'about' in user_dict # Check sensitive data is available assert 'apikey' in user_dict assert 'email' in user_dict # Passwords and reset keys should never be available assert 'password' not in user_dict assert 'reset_key' not in user_dict
def user_show(context, data_dict): """Shows user details""" model = context["model"] user = context["user"] id = data_dict.get("id", None) provided_user = data_dict.get("user_obj", None) if id: user_obj = model.User.get(id) context["user_obj"] = user_obj if user_obj is None: raise NotFound elif provided_user: context["user_obj"] = user_obj = provided_user else: raise NotFound check_access("user_show", context, data_dict) user_dict = user_dictize(user_obj, context) if not (Authorizer().is_sysadmin(unicode(user)) or user == user_obj.name): # If not sysadmin or the same user, strip sensible info del user_dict["apikey"] del user_dict["reset_key"] revisions_q = model.Session.query(model.Revision).filter_by(author=user_obj.name) revisions_list = [] for revision in revisions_q.limit(20).all(): revision_dict = revision_show(context, {"id": revision.id}) revision_dict["state"] = revision.state revisions_list.append(revision_dict) user_dict["activity"] = revisions_list return user_dict
def test_user_dictize_as_sysadmin(self): """Sysadmins should be allowed to see certain sensitive data.""" CreateTestData.create() context = { "model": model, "session": model.Session, "user": "******", } user = model.User.by_name("tester") user_dict = user_dictize(user, context) # Check some of the non-sensitive data assert "name" in user_dict assert "about" in user_dict # Check sensitive data is available assert "apikey" in user_dict assert "email" in user_dict # Passwords and reset keys should never be available assert "password" not in user_dict assert "reset_key" not in user_dict
def user_update(context, data_dict): """Updates the user's details""" model = context["model"] user = context["user"] schema = context.get("schema") or default_update_user_schema() id = data_dict["id"] user_obj = model.User.get(id) context["user_obj"] = user_obj if user_obj is None: raise NotFound("User was not found.") check_access("user_update", context, data_dict) data, errors = validate(data_dict, schema, context) if errors: model.Session.rollback() raise ValidationError(errors, group_error_summary(errors)) user = user_dict_save(data, context) model.repo.commit() return user_dictize(user, context)
def action_user_update(context, data_dict): ''' Modified from CKAN: user_update Update a user account. Normal users can only update their own user accounts. Sysadmins can update any user account. For further parameters see ``user_create()``. :param id: the name or id of the user to update :type id: string :returns: the updated user account :rtype: dictionary ''' model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or logic.schema.default_update_user_schema() # Modify the schema by adding translation related keys add_translation_modify_schema(schema) upload = uploader.Upload('user') upload.update_data_dict(data_dict, 'image_url', 'image_upload', 'clear_upload') ignore_missing = toolkit.get_validator('ignore_missing') convert_to_extras = toolkit.get_converter('convert_to_extras') schema['job_title'] = [ignore_missing, unicode, convert_to_extras] schema['telephone_number'] = [ignore_missing, unicode, convert_to_extras] schema['main_organization'] = [ignore_missing, unicode, convert_to_extras] schema['image_url'] = [ignore_missing, unicode, convert_to_extras] schema['linkedin'] = [ignore_missing, unicode, convert_to_extras] schema['facebook'] = [ignore_missing, unicode, convert_to_extras] schema['twitter'] = [ignore_missing, unicode, convert_to_extras] schema['blog'] = [ignore_missing, to_list_json, convert_to_extras] schema['www_page'] = [ignore_missing, to_list_json, convert_to_extras] # Add the localized keys for the localized fields to the schema schema = add_languages_modify(schema, _localized_fields) not_empty = toolkit.get_validator('not_empty') schema['fullname'] = [not_empty, unicode] id = logic.get_or_bust(data_dict, 'id') user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') # If the translations are not in the data_dict, the user has not added any translations or the user has deleted all translations. # Therefore, the translations are not sent with the POST so we need to empty and update the translations here. if 'translations' not in data_dict: data_dict['translations'] = [] toolkit.check_access('user_update', context, data_dict) data, errors = validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) for extra in data['extras'] if 'extras' in data else []: user_obj.extras[extra['key']] = extra['value'] user = model_save.user_dict_save(data, context) activity_dict = {'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user'} activity_create_context = {'model': model, 'user': user, 'defer_commit': True, 'ignore_auth': True, 'session': session} toolkit.get_action('activity_create')(activity_create_context, activity_dict) # Attempt to update drupal user _update_drupal_user(context, data_dict) # TODO: Also create an activity detail recording what exactly changed in # the user. upload.upload(uploader.get_max_image_size()) if not context.get('defer_commit'): model.repo.commit() user_data = user_dictize(user, context) for key, value in user.extras.iteritems(): if key in user_data: log.warning("Trying to override user data with extra variable '%s'", key) continue user_data[key] = value return user_data
def user_create(context, data_dict): '''Create a new user. You must be authorized to create users. :param name: the name of the new user, a string between 2 and 100 characters in length, containing only lowercase alphanumeric characters, ``-`` and ``_`` :type name: string :param email: the email address for the new user :type email: string :param password: the password of the new user, a string of at least 4 characters :type password: string :param id: the id of the new user (optional) :type id: string :param fullname: the full name of the new user (optional) :type fullname: string :param about: a description of the new user (optional) :type about: string :param openid: (optional) :type openid: string :returns: the newly created yser :rtype: dictionary ''' model = context['model'] schema = context.get('schema') or ckan.logic.schema.default_user_schema() session = context['session'] _check_access('user_create', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) user = model_save.user_dict_save(data, context) # Flush the session to cause user.id to be initialised, because # activity_create() (below) needs it. session.flush() activity_create_context = { 'model': model, 'user': context['user'], 'defer_commit': True, 'ignore_auth': True, 'session': session } activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'new user', } logic.get_action('activity_create')(activity_create_context, activity_dict) if not context.get('defer_commit'): model.repo.commit() # A new context is required for dictizing the newly constructed user in # order that all the new user's data is returned, in particular, the # api_key. # # The context is copied so as not to clobber the caller's context dict. user_dictize_context = context.copy() user_dictize_context['keep_sensitive_data'] = True user_dict = model_dictize.user_dictize(user, user_dictize_context) context['user_obj'] = user context['id'] = user.id model.Dashboard.get(user.id) # Create dashboard for user. log.debug('Created user {name}'.format(name=user.name)) return user_dict
def user_create(context, data_dict): '''Create a new user. You must be authorized to create users. :param name: the name of the new user, a string between 2 and 100 characters in length, containing only lowercase alphanumeric characters, ``-`` and ``_`` :type name: string :param email: the email address for the new user :type email: string :param password: the password of the new user, a string of at least 4 characters :type password: string :param id: the id of the new user (optional) :type id: string :param fullname: the full name of the new user (optional) :type fullname: string :param about: a description of the new user (optional) :type about: string :param openid: (optional) :type openid: string :returns: the newly created yser :rtype: dictionary ''' model = context['model'] schema = context.get('schema') or ckan.logic.schema.default_user_schema() session = context['session'] _check_access('user_create', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) user = model_save.user_dict_save(data, context) # Flush the session to cause user.id to be initialised, because # activity_create() (below) needs it. session.flush() activity_create_context = { 'model': model, 'user': context['user'], 'defer_commit': True, 'session': session } activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'new user', } logic.get_action('activity_create')(activity_create_context, activity_dict, ignore_auth=True) if not context.get('defer_commit'): model.repo.commit() # A new context is required for dictizing the newly constructed user in # order that all the new user's data is returned, in particular, the # api_key. # # The context is copied so as not to clobber the caller's context dict. user_dictize_context = context.copy() user_dictize_context['keep_sensitive_data'] = True user_dict = model_dictize.user_dictize(user, user_dictize_context) context['user_obj'] = user context['id'] = user.id log.debug('Created user %s' % str(user.name)) return user_dict
def user_update(context, data_dict): '''Update a user account. Normal users can only update their own user accounts. Sysadmins can update any user account. Can not modify exisiting user's name. For further parameters see :py:func:`~ckan.logic.action.create.user_create`. :param id: the name or id of the user to update :type id: string :returns: the updated user account :rtype: dictionary ''' model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or schema_.default_update_user_schema() id = _get_or_bust(data_dict, 'id') user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') _check_access('user_update', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) # user schema prevents non-sysadmins from providing password_hash if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) # TODO: remove hack to update API Key in CAS database log.info('Updating Api Key in CAS Database') sql = 'UPDATE users SET apikey = %s WHERE username = %s' conn = None updated_rows = 0 try: log.info('apikey = ' + data['apikey']) log.info('username = '******'name']) log.info('connecting to cas') conn = psycopg2.connect( "dbname=casino_ar_prod_users user=cas_default password=casPWnasaace" ) cur = conn.cursor() log.info('connected') cur.execute(sql, (data['apikey'], data['name'])) updated_rows = cur.rowcount conn.commit() log.info('user apikey updated') cur.close() except (Exception, psycopg2.DatabaseError) as error: log.error(error) finally: if conn is not None: conn.close() #end hack activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': user, 'defer_commit': True, 'ignore_auth': True, 'session': session } _get_action('activity_create')(activity_create_context, activity_dict) # TODO: Also create an activity detail recording what exactly changed in # the user. if not context.get('defer_commit'): model.repo.commit() return model_dictize.user_dictize(user, context)
def _get_sysadmins(): context = {"ignore_auth": True, "model": model} sysadmins = helpers.get_valid_sysadmins() return [model_dictize.user_dictize(user, context) for user in sysadmins]
def action_user_list(context, data_dict): '''Return a list of the site's user accounts. :param q: restrict the users returned to those whose names contain a string (optional) :type q: string :param order_by: which field to sort the list by (optional, default: ``'name'``) :type order_by: string :rtype: list of dictionaries ''' # Modiefed from ckan/controlers/user.py: user_list model = context['model'] toolkit.check_access('user_list', context, data_dict) q = data_dict.get('q', '') order_by = data_dict.get('order_by', 'name') query = model.Session.query( model.User, model.User.name.label('name'), model.User.fullname.label('fullname'), model.User.about.label('about'), model.User.about.label('email'), model.User.created.label('created'), sqlalchemy.sql.select([sqlalchemy.func.count(model.Revision.id)], sqlalchemy.or_( model.Revision.author == model.User.name, model.Revision.author == model.User.openid)).label('number_of_edits'), sqlalchemy.sql.select( [sqlalchemy.func.count(model.UserObjectRole.id)], sqlalchemy.and_(model.UserObjectRole.user_id == model.User.id, model.UserObjectRole.context == 'Package', model.UserObjectRole.role == 'admin')).label( 'number_administered_packages')) if q: query = model.User.search(q, query, user_name=context.get('user')) if order_by == 'edits': query = query.order_by( sqlalchemy.desc( sqlalchemy.sql.select( [sqlalchemy.func.count(model.Revision.id)], sqlalchemy.or_( model.Revision.author == model.User.name, model.Revision.author == model.User.openid)))) elif order_by == 'created': query = query.order_by(model.User.created) else: query = query.order_by( sqlalchemy.case( [(sqlalchemy.or_(model.User.fullname == None, model.User.fullname == ''), model.User.name)], else_=model.User.fullname) # noqa ) # Filter deleted users query = query.filter(model.User.state != model.State.DELETED) # # hack for pagination if context.get('return_query'): return query users_list = [] for user in query.all(): result_dict = model_dictize.user_dictize(user[0], context) result_dict = _add_user_extras(user[0], result_dict) result_dict.pop('password', None) result_dict.pop('reset_key', None) result_dict.pop('apikey', None) result_dict.pop('email', None) result_dict.pop('sysadmin', None) result_dict.pop('email_hash', None) users_list.append(result_dict) return users_list
def hdx_user_invite(context, data_dict): '''Invite a new user. You must be authorized to create group members. :param email: the email of the user to be invited to the group :type email: string :param group_id: the id or name of the group :type group_id: string :param role: role of the user in the group. One of ``member``, ``editor``, or ``admin`` :type role: string :returns: the newly created user :rtype: dictionary ''' import string _check_access('user_invite', context, data_dict) schema = context.get('schema', core_schema.default_user_invite_schema()) data, errors = _validate(data_dict, schema, context) if errors: raise ValidationError(errors) model = context['model'] group = model.Group.get(data['group_id']) if not group: raise NotFound() name = core_create._get_random_username_from_email(data['email']) # Choose a password. However it will not be used - the invitee will not be # told it - they will need to reset it while True: password = ''.join(random.SystemRandom().choice( string.ascii_lowercase + string.ascii_uppercase + string.digits) for _ in range(12)) # Occasionally it won't meet the constraints, so check errors = {} logic.validators.user_password_validator( 'password', {'password': password}, errors, None) if not errors: break data['name'] = name data['password'] = password data['state'] = core_model.State.PENDING user_dict = _get_action('user_create')(context, data) user = core_model.User.get(user_dict['id']) member_dict = { 'username': user.id, 'id': data['group_id'], 'role': data['role'] } if group.is_organization: _get_action('organization_member_create')(context, member_dict) group_dict = _get_action('organization_show')(context, {'id': data['group_id']}) else: _get_action('group_member_create')(context, member_dict) group_dict = _get_action('group_show')(context, {'id': data['group_id']}) try: expiration_in_hours = int(config.get('hdx.password.invitation_reset_key.expiration_in_hours', 48)) reset_password.create_reset_key(user, expiration_in_hours=expiration_in_hours) subject = u'HDX account creation' email_data = { 'org_name': group_dict.get('display_name'), 'capacity': data['role'], 'user_fullname': c.userobj.display_name, 'expiration_in_hours': expiration_in_hours, 'user_reset_link': h.url_for(controller='user', action='perform_reset', id=user.id, key=user.reset_key, qualified=True) } hdx_mailer.mail_recipient([{'display_name': user.email, 'email': user.email}], subject, email_data, snippet='email/content/new_account_confirmation_to_user.html') subject = u'New HDX user confirmation' email_data = { 'org_name': group_dict.get('display_name'), 'capacity': data['role'], 'user_username': user.name, 'user_email': user.email, } admin_list = get_organization_admins(group_dict.get('id'), user.email) hdx_mailer.mail_recipient(admin_list, subject, email_data, footer='*****@*****.**', snippet='email/content/new_account_confirmation_to_admins.html') except (socket_error, Exception) as error: # Email could not be sent, delete the pending user _get_action('user_delete')(context, {'id': user.id}) _err_str = 'Error sending the invite email, the user was not created: {0}'.format(error) msg = _(_err_str) raise ValidationError({'message': msg}, error_summary=msg) return model_dictize.user_dictize(user, context)
def user_create(context, data_dict): '''Create a new user. You must be authorized to create users. :param name: the name of the new user, a string between 2 and 100 characters in length, containing only lowercase alphanumeric characters, ``-`` and ``_`` :type name: string :param email: the email address for the new user :type email: string :param password: the password of the new user, a string of at least 4 characters :type password: string :param id: the id of the new user (optional) :type id: string :param fullname: the full name of the new user (optional) :type fullname: string :param about: a description of the new user (optional) :type about: string :param openid: (optional) :type openid: string :returns: the newly created yser :rtype: dictionary ''' model = context['model'] schema = context.get('schema') or ckan.logic.schema.default_user_schema() session = context['session'] _check_access('user_create', context, data_dict) data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors, _error_summary(errors)) user = model_save.user_dict_save(data, context) # Flush the session to cause user.id to be initialised, because # activity_create() (below) needs it. session.flush() activity_create_context = { 'model': model, 'user': context['user'], 'defer_commit': True, 'session': session } activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'new user', } activity_create(activity_create_context, activity_dict, ignore_auth=True) if not context.get('defer_commit'): model.repo.commit() context['user'] = user context['id'] = user.id log.debug('Created user %s' % str(user.name)) return model_dictize.user_dictize(user, context)
def user_update(context: Context, data_dict: DataDict) -> ActionResult.UserUpdate: '''Update a user account. Normal users can only update their own user accounts. Sysadmins can update any user account. Can not modify exisiting user's name. .. note:: Update methods may delete parameters not explicitly provided in the data_dict. If you want to edit only a specific attribute use `user_patch` instead. For further parameters see :py:func:`~ckan.logic.action.create.user_create`. :param id: the name or id of the user to update :type id: string :returns: the updated user account :rtype: dictionary ''' model = context['model'] user = context['user'] session = context['session'] schema = context.get('schema') or schema_.default_update_user_schema() id = _get_or_bust(data_dict, 'id') user_obj = model.User.get(id) if user_obj is None: raise NotFound('User was not found.') context['user_obj'] = user_obj _check_access('user_update', context, data_dict) upload = uploader.get_uploader('user') upload.update_data_dict(data_dict, 'image_url', 'image_upload', 'clear_upload') data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) # user schema prevents non-sysadmins from providing password_hash if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) upload.upload(uploader.get_max_image_size()) if not context.get('defer_commit'): with logic.guard_against_duplicated_email(data_dict['email']): model.repo.commit() author_obj = model.User.get(context.get('user')) include_plugin_extras = False if author_obj: include_plugin_extras = author_obj.sysadmin and 'plugin_extras' in data user_dict = model_dictize.user_dictize( user, context, include_plugin_extras=include_plugin_extras) return user_dict
def action_user_list(context, data_dict): '''Return a list of the site's user accounts. :param q: restrict the users returned to those whose names contain a string (optional) :type q: string :param order_by: which field to sort the list by (optional, default: ``'name'``) :type order_by: string :rtype: list of dictionaries ''' # Modiefed from ckan/controlers/user.py: user_list model = context['model'] toolkit.check_access('user_list', context, data_dict) q = data_dict.get('q', '') order_by = data_dict.get('order_by', 'name') query = model.Session.query( model.User, model.User.name.label('name'), model.User.fullname.label('fullname'), model.User.about.label('about'), model.User.about.label('email'), model.User.created.label('created'), sqlalchemy.sql.select([sqlalchemy.func.count(model.Revision.id)], sqlalchemy.or_(model.Revision.author == model.User.name, model.Revision.author == model.User.openid ) ).label('number_of_edits'), sqlalchemy.sql.select([sqlalchemy.func.count(model.UserObjectRole.id)], sqlalchemy.and_( model.UserObjectRole.user_id == model.User.id, model.UserObjectRole.context == 'Package', model.UserObjectRole.role == 'admin') ).label('number_administered_packages') ) if q: query = model.User.search(q, query, user_name=context.get('user')) if order_by == 'edits': query = query.order_by(sqlalchemy.desc( sqlalchemy.sql.select([sqlalchemy.func.count(model.Revision.id)], sqlalchemy.or_( model.Revision.author == model.User.name, model.Revision.author == model.User.openid )) )) elif order_by == 'created': query = query.order_by(model.User.created) else: query = query.order_by( sqlalchemy.case([(sqlalchemy.or_(model.User.fullname == None, model.User.fullname == ''), model.User.name)], else_=model.User.fullname) # noqa ) # Filter deleted users query = query.filter(model.User.state != model.State.DELETED) # # hack for pagination if context.get('return_query'): return query users_list = [] for user in query.all(): result_dict = model_dictize.user_dictize(user[0], context) result_dict = _add_user_extras(user[0], result_dict) result_dict.pop('password', None) result_dict.pop('reset_key', None) result_dict.pop('apikey', None) result_dict.pop('email', None) result_dict.pop('sysadmin', None) result_dict.pop('email_hash', None) users_list.append(result_dict) return users_list
def action_user_show(context, data_dict): '''Modified from CKAN: user_show. Return a user account. Either the ``id`` or the ``user_obj`` parameter must be given. :param id: the id or name of the user (optional) :type id: string :param user_obj: the user dictionary of the user (optional) :type user_obj: user dictionary :rtype: dictionary ''' model = context['model'] id = data_dict.get('id', None) provided_user = data_dict.get('user_obj', None) if id: user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound elif provided_user: context['user_obj'] = user_obj = provided_user else: raise NotFound toolkit.check_access('user_show', context, data_dict) user_dict = model_dictize.user_dictize(user_obj, context) user_dict = _add_user_extras(user_obj, user_dict) user_dict.pop('password', None) user_dict.pop('reset_key', None) keep_apikey = context.get('keep_apikey', False) or (context.get('for_view', False) and c.user == user_obj.name) keep_email = context.get('keep_email', False) or (context.get('for_view', False) and c.user == user_obj.name) if not keep_apikey: user_dict.pop('apikey', None) if not keep_email: user_dict.pop('email', None) user_dict.pop('email_hash', None) if context.get('return_minimal'): return user_dict revisions_q = model.Session.query(model.Revision).filter_by(author=user_obj.name) revisions_list = [] for revision in revisions_q.limit(20).all(): revision_dict = logic.get_action('revision_show')(context, {'id': revision.id}) revision_dict['state'] = revision.state revisions_list.append(revision_dict) user_dict['activity'] = revisions_list user_dict['datasets'] = [] dataset_q = model.Session.query(model.Package).join(model.PackageRole).filter_by(user=user_obj, role=model.Role.ADMIN).limit(50) for dataset in dataset_q: try: dataset_dict = logic.get_action('package_show')(context, {'id': dataset.id}) except logic.NotAuthorized: continue user_dict['datasets'].append(dataset_dict) user_dict['num_followers'] = logic.get_action('user_follower_count')({'model': model, 'session': model.Session}, {'id': user_dict['id']}) return user_dict
def user_update(context, data_dict): '''Update a user account. Normal users can only update their own user accounts. Sysadmins can update any user account. Can not modify exisiting user's name. .. note:: Update methods may delete parameters not explicitly provided in the data_dict. If you want to edit only a specific attribute use `user_patch` instead. For further parameters see :py:func:`~ckan.logic.action.create.user_create`. :param id: the name or id of the user to update :type id: string :returns: the updated user account :rtype: dictionary ''' model = context['model'] user = author = context['user'] session = context['session'] schema = context.get('schema') or schema_.default_update_user_schema() id = _get_or_bust(data_dict, 'id') user_obj = model.User.get(id) context['user_obj'] = user_obj if user_obj is None: raise NotFound('User was not found.') _check_access('user_update', context, data_dict) upload = uploader.get_uploader('user') upload.update_data_dict(data_dict, 'image_url', 'image_upload', 'clear_upload') data, errors = _validate(data_dict, schema, context) if errors: session.rollback() raise ValidationError(errors) # user schema prevents non-sysadmins from providing password_hash if 'password_hash' in data: data['_password'] = data.pop('password_hash') user = model_save.user_dict_save(data, context) activity_dict = { 'user_id': user.id, 'object_id': user.id, 'activity_type': 'changed user', } activity_create_context = { 'model': model, 'user': author, 'defer_commit': True, 'ignore_auth': True, 'session': session } _get_action('activity_create')(activity_create_context, activity_dict) # TODO: Also create an activity detail recording what exactly changed in # the user. upload.upload(uploader.get_max_image_size()) if not context.get('defer_commit'): model.repo.commit() author_obj = model.User.get(context.get('user')) include_plugin_extras = False if author_obj: include_plugin_extras = author_obj.sysadmin and 'plugin_extras' in data user_dict = model_dictize.user_dictize( user, context, include_plugin_extras=include_plugin_extras) return user_dict