def group_list(context, data_dict):
'''Returns a list of groups'''
model = context['model']
user = context['user']
api = context.get('api_version') or '1'
ref_group_by = 'id' if api == '2' else 'name'
order_by = data_dict.get('order_by', 'name')
if order_by not in set(('name', 'packages')):
raise logic.ParameterError('"order_by" value %r not implemented.' %
order_by)
all_fields = data_dict.get('all_fields', None)
check_access('group_list', context, data_dict)
query = model.Session.query(model.Group).join(model.GroupRevision)
query = query.filter(model.GroupRevision.state == 'active')
query = query.filter(model.GroupRevision.current == True)
if order_by == 'name':
sort_by, reverse = 'name', False
groups = query.all()
if order_by == 'packages':
sort_by, reverse = 'packages', True
group_list = model_dictize.group_list_dictize(groups, context,
lambda x: x[sort_by],
reverse)
if not all_fields:
group_list = [group[ref_group_by] for group in group_list]
return group_list
def string_to_timedelta(s):
'''Parse a string s and return a standard datetime.timedelta object.
Handles days, hours, minutes, seconds, and microseconds.
Accepts strings in these formats:
2 days
14 days
4:35:00 (hours, minutes and seconds)
4:35:12.087465 (hours, minutes, seconds and microseconds)
7 days, 3:23:34
7 days, 3:23:34.087465
.087465 (microseconds only)
:raises ckan.logic.ParameterError: if the given string does not match any
of the recognised formats
'''
patterns = []
days_only_pattern = '(?P<days>\d+)\s+day(s)?'
patterns.append(days_only_pattern)
hms_only_pattern = '(?P<hours>\d?\d):(?P<minutes>\d\d):(?P<seconds>\d\d)'
patterns.append(hms_only_pattern)
ms_only_pattern = '.(?P<milliseconds>\d\d\d)(?P<microseconds>\d\d\d)'
patterns.append(ms_only_pattern)
hms_and_ms_pattern = hms_only_pattern + ms_only_pattern
patterns.append(hms_and_ms_pattern)
days_and_hms_pattern = '{0},\s+{1}'.format(days_only_pattern,
hms_only_pattern)
patterns.append(days_and_hms_pattern)
days_and_hms_and_ms_pattern = days_and_hms_pattern + ms_only_pattern
patterns.append(days_and_hms_and_ms_pattern)
for pattern in patterns:
match = re.match('^{0}$'.format(pattern), s)
if match:
break
if not match:
raise logic.ParameterError('Not a valid time: {0}'.format(s))
gd = match.groupdict()
days = int(gd.get('days', '0'))
hours = int(gd.get('hours', '0'))
minutes = int(gd.get('minutes', '0'))
seconds = int(gd.get('seconds', '0'))
milliseconds = int(gd.get('milliseconds', '0'))
microseconds = int(gd.get('microseconds', '0'))
delta = datetime.timedelta(days=days,
hours=hours,
minutes=minutes,
seconds=seconds,
milliseconds=milliseconds,
microseconds=microseconds)
return delta
def send_email_notifications(context, data_dict):
'''Send any pending activity stream notification emails to users.
You must provide a sysadmin's API key in the Authorization header of the
request, or call this action from the command-line via a `paster post ...`
command.
'''
# If paste.command_request is True then this function has been called
# by a `paster post ...` command not a real HTTP request, so skip the
# authorization.
if not pylons.request.environ.get('paste.command_request'):
_check_access('send_email_notifications', context, data_dict)
if not paste.deploy.converters.asbool(
pylons.config.get('ckan.activity_streams_email_notifications')):
raise logic.ParameterError('ckan.activity_streams_email_notifications'
' is not enabled in config')
ckan.lib.email_notifications.get_and_send_notifications_for_all_users()
def user_role_update(context, data_dict):
'''Update a user or authorization group's roles for a domain object.
Either the ``user`` or the ``authorization_group`` parameter must be given.
You must be authorized to update the domain object.
To delete all of a user or authorization group's roles for domain object,
pass an empty list ``[]`` to the ``roles`` parameter.
:param user: the name or id of the user
:type user: string
:param authorization_group: the name or id of the authorization group
:type authorization_group: string
:param domain_object: the name or id of the domain object (e.g. a package,
group or authorization group)
:type domain_object: string
:param roles: the new roles, e.g. ``['editor']``
:type roles: list of strings
:returns: the updated roles of all users and authorization_groups for the
domain object
:rtype: dictionary
'''
model = context['model']
new_user_ref = data_dict.get(
'user') # the user who is being given the new role
new_authgroup_ref = data_dict.get(
'authorization_group') # the authgroup who is being given the new role
if bool(new_user_ref) == bool(new_authgroup_ref):
raise logic.ParameterError(
'You must provide either "user" or "authorization_group" parameter.'
)
domain_object_ref = _get_or_bust(data_dict, 'domain_object')
if not isinstance(data_dict['roles'], (list, tuple)):
raise logic.ParameterError('Parameter "%s" must be of type: "%s"' %
('role', 'list'))
desired_roles = set(data_dict['roles'])
if new_user_ref:
user_object = model.User.get(new_user_ref)
if not user_object:
raise NotFound('Cannot find user %r' % new_user_ref)
data_dict['user'] = user_object.id
add_user_to_role_func = model.add_user_to_role
remove_user_from_role_func = model.remove_user_from_role
else:
user_object = model.AuthorizationGroup.get(new_authgroup_ref)
if not user_object:
raise NotFound('Cannot find authorization group %r' %
new_authgroup_ref)
data_dict['authorization_group'] = user_object.id
add_user_to_role_func = model.add_authorization_group_to_role
remove_user_from_role_func = model.remove_authorization_group_from_role
domain_object = logic.action.get_domain_object(model, domain_object_ref)
data_dict['id'] = domain_object.id
if isinstance(domain_object, model.Package):
_check_access('package_edit_permissions', context, data_dict)
elif isinstance(domain_object, model.Group):
_check_access('group_edit_permissions', context, data_dict)
elif isinstance(domain_object, model.AuthorizationGroup):
_check_access('authorization_group_edit_permissions', context,
data_dict)
# Todo: 'system' object
else:
raise logic.ParameterError(
'Not possible to update roles for domain object type %s' %
type(domain_object))
# current_uors: in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users\'
# current roles (if any)
current_role_dicts = _get_action('roles_show')(context, data_dict)['roles']
current_roles = set(
[role_dict['role'] for role_dict in current_role_dicts])
# Whenever our desired state is different from our current state,
# change it.
for role in (desired_roles - current_roles):
add_user_to_role_func(user_object, role, domain_object)
for role in (current_roles - desired_roles):
remove_user_from_role_func(user_object, role, domain_object)
# and finally commit all these changes to the database
if not (current_roles == desired_roles):
model.repo.commit_and_remove()
return _get_action('roles_show')(context, data_dict)
def user_role_update(context, data_dict):
'''
For a named user (or authz group), set his/her authz roles on a domain_object.
'''
model = context['model']
user = context['user'] # the current user, who is making the authz change
new_user_ref = data_dict.get(
'user') # the user who is being given the new role
new_authgroup_ref = data_dict.get(
'authorization_group') # the authgroup who is being given the new role
if bool(new_user_ref) == bool(new_authgroup_ref):
raise logic.ParameterError(
'You must provide either "user" or "authorization_group" parameter.'
)
domain_object_ref = data_dict['domain_object']
if not isinstance(data_dict['roles'], (list, tuple)):
raise logic.ParameterError('Parameter "%s" must be of type: "%s"' %
('role', 'list'))
desired_roles = set(data_dict['roles'])
if new_user_ref:
user_object = model.User.get(new_user_ref)
if not user_object:
raise NotFound('Cannot find user %r' % new_user_ref)
data_dict['user'] = user_object.id
add_user_to_role_func = model.add_user_to_role
remove_user_from_role_func = model.remove_user_from_role
else:
user_object = model.AuthorizationGroup.get(new_authgroup_ref)
if not user_object:
raise NotFound('Cannot find authorization group %r' %
new_authgroup_ref)
data_dict['authorization_group'] = user_object.id
add_user_to_role_func = model.add_authorization_group_to_role
remove_user_from_role_func = model.remove_authorization_group_from_role
domain_object = logic.action.get_domain_object(model, domain_object_ref)
data_dict['id'] = domain_object.id
if isinstance(domain_object, model.Package):
check_access('package_edit_permissions', context, data_dict)
elif isinstance(domain_object, model.Group):
check_access('group_edit_permissions', context, data_dict)
elif isinstance(domain_object, model.AuthorizationGroup):
check_access('authorization_group_edit_permissions', context,
data_dict)
# Todo: 'system' object
else:
raise logic.ParameterError(
'Not possible to update roles for domain object type %s' %
type(domain_object))
# current_uors: in order to avoid either creating a role twice or
# deleting one which is non-existent, we need to get the users\'
# current roles (if any)
current_role_dicts = get_action('roles_show')(context, data_dict)['roles']
current_roles = set(
[role_dict['role'] for role_dict in current_role_dicts])
# Whenever our desired state is different from our current state,
# change it.
for role in (desired_roles - current_roles):
add_user_to_role_func(user_object, role, domain_object)
for role in (current_roles - desired_roles):
remove_user_from_role_func(user_object, role, domain_object)
# and finally commit all these changes to the database
if not (current_roles == desired_roles):
model.repo.commit_and_remove()
return get_action('roles_show')(context, data_dict)