def post(self, request): """ Assign the record to a workspace. Args: request: Returns: """ document_ids = request.POST.getlist('document_id[]', []) workspace_id = request.POST.get('workspace_id', None) if workspace_id is None or workspace_id == '': workspace = None else: try: workspace = workspace_api.get_by_id(str(workspace_id)) except DoesNotExist: return HttpResponseBadRequest("The selected workspace does not exist anymore.") except Exception as exc: return HttpResponseBadRequest("Something wrong happened.") for data_id in document_ids: try: self.api.assign(self.api.get_by_id(data_id, request.user), workspace, request.user) except AccessControlError as ace: return HttpResponseBadRequest(str(ace)) except Exception as exc: return HttpResponseBadRequest("Something wrong happened.") return HttpResponse(json.dumps({}), content_type='application/javascript')
def _add_or_remove_to_user_or_group_right_to_workspace(request, pk, user_or_group_id, func, get_group_or_user_func): """ Add Args: request: pk: user_or_group_id: func: get_group_or_user_func Returns: """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Get user user_or_group = get_group_or_user_func(user_or_group_id) # Add right func(workspace_object, user_or_group, request.user) # Return response return Response(status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def switch_right(request): """ Switch user's right for the workspace. Args: request Returns """ workspace_id = request.POST.get('workspace_id', None) object_id = request.POST.get('object_id', None) group_or_user = request.POST.get('group_or_user', None) action = request.POST.get('action', None) value = request.POST.get('value', None) == 'true' try: workspace = workspace_api.get_by_id(str(workspace_id)) if group_or_user == USER: _switch_user_right(object_id, action, value, workspace, request.user) if group_or_user == GROUP: _switch_group_right(object_id, action, value, workspace, request.user) except AccessControlError as ace: return HttpResponseBadRequest(str(ace)) except DoesNotExist as dne: return HttpResponseBadRequest(str(dne)) except Exception as exc: return HttpResponseBadRequest('Something wrong happened.') return HttpResponse(json.dumps({}), content_type='application/javascript')
def set_workspace_public(request, pk): """ Set the workspace public. Args: request: pk: Returns: """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Set the workspace public workspace_api.set_workspace_public(workspace_object, request.user) # Return response return Response(status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def _list_of_users_or_groups_to_response(pk, func, user, serializer): """ List of users or groups to response. Args: pk: func: user: Returns: """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Get list User list_user = func(workspace_object, user) # Serialize object serializer = serializer(list_user, many=True) # Return response return Response(serializer.data, status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def delete(self, request, pk): """ Delete a workspace Args: request: pk: Returns: """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # delete object workspace_api.delete(workspace_object, request.user) # Return response return Response(status=status.HTTP_204_NO_CONTENT) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def switch_right(request): """ Switch user's right for the workspace. Args: request Returns """ workspace_id = request.POST.get('workspace_id', None) object_id = request.POST.get('object_id', None) group_or_user = request.POST.get('group_or_user', None) action = request.POST.get('action', None) value = request.POST.get('value', None) == 'true' try: workspace = workspace_api.get_by_id(str(workspace_id)) if group_or_user == USER: _switch_user_right(object_id, action, value, workspace, request.user) if group_or_user == GROUP: _switch_group_right(object_id, action, value, workspace, request.user) except AccessControlError, ace: return HttpResponseBadRequest(ace.message)
def get(self, request, pk): """ Get Workspace from db Args: request: HTTP request pk: ObjectId Returns: Workspace """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Serialize object serializer = WorkspaceSerializer(workspace_object) # Return response return Response(serializer.data) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def add_group_right_to_workspace(request): """ Add rights to group for the workspace. Args: request Returns """ workspace_id = request.POST.get('workspace_id', None) groups_ids = request.POST.getlist('groups_id[]', []) is_read_checked = request.POST.get('read', None) == 'true' is_write_checked = request.POST.get('write', None) == 'true' if len(groups_ids) == 0: return HttpResponseBadRequest("You need to select at least one group.") if not is_read_checked and not is_write_checked: return HttpResponseBadRequest( "You need to select at least one permission (read and/or write).") try: workspace = workspace_api.get_by_id(str(workspace_id)) for group in group_api.get_all_groups_by_list_id(groups_ids): if is_read_checked: workspace_api.add_group_read_access_to_workspace( workspace, group, request.user) if is_write_checked: workspace_api.add_group_write_access_to_workspace( workspace, group, request.user) except AccessControlError, ace: return HttpResponseBadRequest(ace.message)
def load_add_group_form(request): """ Load the form to list the groups with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get('workspace_id', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except exceptions.ModelError: return HttpResponseBadRequest('Invalid input.') except Exception: return HttpResponseBadRequest('An unexpected error occurred.') try: # We retrieve all groups with no access groups_with_no_access = list( workspace_api.get_list_group_with_no_access_workspace( workspace, request.user)) if len(groups_with_no_access) > 0: group_utils.remove_list_object_from_list(groups_with_no_access, [ group_api.get_anonymous_group(), group_api.get_default_group() ]) if len(groups_with_no_access) == 0: return HttpResponseBadRequest( "There is no groups that can be added.") form = GroupRightForm(groups_with_no_access) except AccessControlError, ace: return HttpResponseBadRequest(ace.message)
def load_add_user_form(request): """ Load the form to list the users with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get('workspace_id', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except exceptions.ModelError: return HttpResponseBadRequest('Invalid input.') except Exception: return HttpResponseBadRequest('An unexpected error occurred.') try: # We retrieve all users with no access users_with_no_access = list( workspace_api.get_list_user_with_no_access_workspace( workspace, request.user)) # We remove the owner of the workspace if len(users_with_no_access) > 0: users_with_no_access.remove( user_api.get_user_by_id(workspace.owner)) if len(users_with_no_access) == 0: return HttpResponseBadRequest( "There is no users that can be added.") form = UserRightForm(users_with_no_access) except AccessControlError, ace: return HttpResponseBadRequest(ace.message)
def is_workspace_public(request, pk): """ Is the workspace public Args: request: HTTP request pk: ObjectId Returns: - code: 200 content: Boolean - code: 404 content: Object was not found - code: 500 content: Internal server error """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Return response return Response(workspace_api.is_workspace_public(workspace_object), status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def add_group_right_to_workspace(request): """ Add rights to group for the workspace. Args: request Returns """ workspace_id = request.POST.get('workspace_id', None) groups_ids = request.POST.getlist('groups_id[]', []) is_read_checked = request.POST.get('read', None) == 'true' is_write_checked = request.POST.get('write', None) == 'true' if len(groups_ids) == 0: return HttpResponseBadRequest("You need to select at least one group.") if not is_read_checked and not is_write_checked: return HttpResponseBadRequest("You need to select at least one permission (read and/or write).") try: workspace = workspace_api.get_by_id(str(workspace_id)) for group in group_api.get_all_groups_by_list_id(groups_ids): if is_read_checked: workspace_api.add_group_read_access_to_workspace(workspace, group, request.user) if is_write_checked: workspace_api.add_group_write_access_to_workspace(workspace, group, request.user) except AccessControlError as ace: return HttpResponseBadRequest(str(ace)) except DoesNotExist as dne: return HttpResponseBadRequest(str(dne)) except Exception as exc: return HttpResponseBadRequest('Something wrong happened.') return HttpResponse(json.dumps({}), content_type='application/javascript')
def remove_user_or_group_rights(request): """ Remove user's right for the workspace. Args: request Returns """ workspace_id = request.POST.get('workspace_id', None) object_id = request.POST.get('object_id', None) group_or_user = request.POST.get('group_or_user', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) if group_or_user == USER: _remove_user_rights(object_id, workspace, request.user) if group_or_user == GROUP: _remove_group_rights(object_id, workspace, request.user) except AccessControlError as ace: return HttpResponseBadRequest(str(ace)) except ModelError: return HttpResponseBadRequest('Invalid input.') except DoesNotExist as dne: return HttpResponseBadRequest(str(dne)) except Exception: return HttpResponseBadRequest('Something wrong happened.') return HttpResponse(json.dumps({}), content_type='application/javascript')
def get(self, request, workspace_id, *args, **kwargs): workspace = workspace_api.get_by_id(workspace_id) try: workspace_data = workspace_data_api.get_all_by_workspace( workspace, request.user) except AccessControlError, ace: workspace_data = []
def load_add_group_form(request): """Load the form to list the groups with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get("workspace_id", None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except exceptions.ModelError: return HttpResponseBadRequest("Invalid input.") except Exception: return HttpResponseBadRequest("An unexpected error occurred.") try: # We retrieve all groups with no access groups_with_no_access = list( workspace_api.get_list_group_with_no_access_workspace( workspace, request.user)) if len(groups_with_no_access) > 0: group_utils.remove_list_object_from_list( groups_with_no_access, [ group_api.get_anonymous_group(), group_api.get_default_group() ], ) if len(groups_with_no_access) == 0: return HttpResponseBadRequest( "There is no groups that can be added.") form = GroupRightForm(groups_with_no_access) except AccessControlError as ace: return HttpResponseBadRequest(escape(str(ace))) except DoesNotExist as dne: return HttpResponseBadRequest(escape(str(dne))) except: return HttpResponseBadRequest("Something wrong happened.") context = {"add_group_form": form} return HttpResponse( json.dumps({ "form": loader.render_to_string( "core_main_app/user/workspaces/list/modals/add_group_form.html", context, ) }), "application/javascript", )
def get_workspace(self, workspace_id): """ Get workspace from database Args: workspace_id: Returns: """ try: return workspace_api.get_by_id(workspace_id) except exceptions.DoesNotExist: raise Http404
def load_add_group_form(request): """ Load the form to list the groups with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get('workspace_id', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except Exception, exc: return HttpResponseBadRequest(exc.message)
def load_add_user_form(request): """Load the form to list the users with no access to the workspace. Args: request: Returns: """ workspace_id = request.POST.get("workspace_id", None) try: workspace = workspace_api.get_by_id(str(workspace_id)) except exceptions.ModelError: return HttpResponseBadRequest("Invalid input.") except Exception: return HttpResponseBadRequest("An unexpected error occurred.") try: # We retrieve all users with no access users_with_no_access = list( workspace_api.get_list_user_with_no_access_workspace( workspace, request.user)) # We remove the owner of the workspace if len(users_with_no_access) > 0: users_with_no_access.remove( user_api.get_user_by_id(workspace.owner)) if len(users_with_no_access) == 0: return HttpResponseBadRequest( "There is no users that can be added.") form = UserRightForm(users_with_no_access) except AccessControlError as ace: return HttpResponseBadRequest(escape(str(ace))) except DoesNotExist as dne: return HttpResponseBadRequest(escape(str(dne))) except: return HttpResponseBadRequest("Something wrong happened.") context = {"add_user_form": form} return HttpResponse( json.dumps({ "form": loader.render_to_string( "core_main_app/user/workspaces/list/modals/add_user_form.html", context, ) }), "application/javascript", )
def get_workspace(self, workspace_id): """ Retrieve a Workspace Args: workspace_id: ObjectId Returns: - code: 404 content: Object was not found """ try: return workspace_api.get_by_id(workspace_id) except exceptions.DoesNotExist: raise Http404
def _add_or_remove_to_user_or_group_right_to_workspace(request, pk, user_or_group_id, func, get_group_or_user_func): """ Add or remove a right to a user or a group Args: request: HTTP request pk: ObjectId user_or_group_id: ObjectId func: function get_group_or_user_func: function Returns: - code: 200 content: None - code: 403 content: Authentication error - code: 404 content: Object was not found - code: 500 content: Internal server error """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Get user user_or_group = get_group_or_user_func(user_or_group_id) # Add right func(workspace_object, user_or_group, request.user) # Return response return Response(status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def get(self, request, pk): """ Get all user Data Url Parameters: template: template_id title: document_title Examples: ../data/ ../data?template=[template_id] ../data?title=[document_title] ../data?template=[template_id]&title=[document_title] Args: request: HTTP request pk: WorkspaceId Returns: - code: 200 content: List of data - code: 500 content: Internal server error """ try: # Get object workspace_object = workspace_api.get_by_id(pk) #data_object_list = data_api.get_all_by_user(request.user) data_object_list = data_api.get_all_by_workspace( workspace_object, request.user) #data_object_list = data_object_list.filter(workspace=pk) # Serialize object data_serializer = DataSerializer(data_object_list, many=True) # Return response return Response(data_serializer.data, status=status.HTTP_200_OK) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def _list_of_users_or_groups_to_response(pk, func, user, serializer): """List of users or groups to response Args: pk: ObjectId func: function user: user Returns: - code: 200 content: list of group or user - code: 403 content: Authentication error - code: 404 content: Object was not found - code: 500 content: Internal server error """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Get list User list_user = func(workspace_object, user) # Serialize object serializer = serializer(list_user, many=True) # Return response return Response(serializer.data, status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {"message": "Workspace not found."} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {"message": str(ace)} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {"message": str(api_exception)} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def assign_workspace(request): """ Assign the record to a workspace. Args: request: Returns: """ document_ids = request.POST.getlist('document_id[]', []) workspace_id = request.POST.get('workspace_id', None) if workspace_id is None or workspace_id == '': workspace = None else: try: workspace = workspace_api.get_by_id(str(workspace_id)) except DoesNotExist: return HttpResponseBadRequest( "The selected workspace does not exist anymore.") except Exception, exc: return HttpResponseBadRequest("Something wrong happened.")
def is_workspace_public(request, pk): """ Is the workspace public. Args: request: pk: Returns: """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Return response return Response(workspace_api.is_workspace_public(workspace_object), status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def delete(self, request, pk): """ Delete a Workspace Args: request: HTTP request pk: ObjectId Returns: - code: 204 content: Deletion succeed - code: 403 content: Authentication error - code: 404 content: Object was not found - code: 500 content: Internal server error """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # delete object workspace_api.delete(workspace_object, request.user) # Return response return Response(status=status.HTTP_204_NO_CONTENT) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def remove_user_or_group_rights(request): """ Remove user's right for the workspace. Args: request Returns """ workspace_id = request.POST.get('workspace_id', None) object_id = request.POST.get('object_id', None) group_or_user = request.POST.get('group_or_user', None) try: workspace = workspace_api.get_by_id(str(workspace_id)) if group_or_user == USER: _remove_user_rights(object_id, workspace, request.user) if group_or_user == GROUP: _remove_group_rights(object_id, workspace, request.user) except AccessControlError, ace: return HttpResponseBadRequest(ace.message)
def set_workspace_public(request, pk): """ Set the workspace public Args: request: HTTP request pk: ObjectId Returns: - code: 200 content: None - code: 403 content: Authentication error - code: 404 content: Object was not found - code: 500 content: Internal server error """ try: # Get object workspace_object = workspace_api.get_by_id(pk) # Set the workspace public workspace_api.set_workspace_public(workspace_object, request.user) # Return response return Response(status=status.HTTP_200_OK) except exceptions.DoesNotExist: content = {'message': 'Workspace not found.'} return Response(content, status=status.HTTP_404_NOT_FOUND) except AccessControlError as ace: content = {'message': ace.message} return Response(content, status=status.HTTP_403_FORBIDDEN) except Exception as api_exception: content = {'message': api_exception.message} return Response(content, status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def add_user_right_to_workspace(request): """Add rights to user for the workspace. Args: request Returns """ workspace_id = request.POST.get("workspace_id", None) users_ids = request.POST.getlist("users_id[]", []) is_read_checked = request.POST.get("read", None) == "true" is_write_checked = request.POST.get("write", None) == "true" if len(users_ids) == 0: return HttpResponseBadRequest("You need to select at least one user.") if not is_read_checked and not is_write_checked: return HttpResponseBadRequest( "You need to select at least one permission (read and/or write).") try: workspace = workspace_api.get_by_id(str(workspace_id)) for user in user_api.get_all_users_by_list_id(users_ids): if is_read_checked: workspace_api.add_user_read_access_to_workspace( workspace, user, request.user) if is_write_checked: workspace_api.add_user_write_access_to_workspace( workspace, user, request.user) except AccessControlError as ace: return HttpResponseBadRequest(escape(str(ace))) except DoesNotExist as dne: return HttpResponseBadRequest(escape(str(dne))) except Exception as exc: return HttpResponseBadRequest("Something wrong happened.") return HttpResponse(json.dumps({}), content_type="application/javascript")
def _get_workspaces(workspace_ids, request_user_is_superuser, request_user_id): """ Get all the workspaces from the list of ids. Args: workspace_ids: request_user_is_superuser: request_user_id: Returns: list form """ list_workspaces = [] try: for workspace_id in workspace_ids: # Get the workspace workspace = workspace_api.get_by_id(workspace_id) list_workspaces.append(workspace) except DoesNotExist: raise Exception( 'It seems a workspace is missing. Please refresh the page.') except Exception, e: raise Exception(e.message)