def _check_can_read_data(data, user): """ Check that the user can read a data. Args: data: user: Returns: """ # workspace case if data.user_id != str(user.id): # workspace is set if hasattr(data, 'workspace') and data.workspace is not None: # get list of accessible workspaces accessible_workspaces = workspace_api.get_all_workspaces_with_read_access_by_user( user) # check that accessed data belongs to an accessible workspace if data.workspace not in accessible_workspaces: raise AccessControlError( "The user doesn't have enough rights to access this " + get_data_label() + ".") # workspace is not set else: raise AccessControlError( "The user doesn't have enough rights to access this " + get_data_label() + ".")
def edit_record(request): """ Edit a record. Args: request: Returns: """ try: data = data_api.get_by_id(request.POST['id'], request.user) except DoesNotExist: message = Message( messages.ERROR, "It seems a " + get_data_label() + " is missing. Please refresh the page.") return HttpResponseBadRequest(json.dumps({ 'message': message.message, 'tags': message.tags }), content_type='application/json') # Check if the data is locked if lock_api.is_object_locked(data.id, request.user): message = Message( messages.ERROR, "The " + get_data_label() + " is locked. You can't edit it.") return HttpResponseBadRequest(json.dumps({ 'message': message.message, 'tags': message.tags }), content_type='application/json') try: # Check if a curate data structure already exists curate_data_structure = curate_data_structure_api.get_by_data_id( data.id) except DoesNotExist: # Create a new curate data structure curate_data_structure = CurateDataStructure( user=str(request.user.id), template=str(data.template.id), name=data.title, form_string=data.xml_content, data=data) curate_data_structure = curate_data_structure_api.upsert( curate_data_structure) except Exception, e: message = Message(messages.ERROR, "A problem occurred while editing.") return HttpResponseBadRequest(json.dumps({ 'message': message.message, 'tags': message.tags }), content_type='application/json')
def can_write_data_workspace(func, data, workspace, user): """ Can user write data in workspace. Args: func: data: workspace: user: Returns: """ if user.is_superuser: return func(data, workspace, user) if workspace is not None: if workspace_api.is_workspace_public(workspace): has_perm_publish_data(user) else: _check_can_write_workspace(workspace, user) check_can_write_data(data, user) # if we can not unpublish data if CAN_SET_PUBLIC_DATA_TO_PRIVATE is False: # if data is in public workspace if data.workspace is not None and workspace_api.is_workspace_public( data.workspace): # if target workspace is private if workspace is None or workspace_api.is_workspace_public( workspace) is False: raise AccessControlError("The " + get_data_label() + " can not be unpublished.") return func(data, workspace, user)
def _get_data(data_ids, user): """ Get all the data from the list of ids. Args: data_ids: user: Returns: data table """ data_table = [] try: for data_id in data_ids: # Get the data data = data_api.get_by_id(data_id, user) # Check the rights _check_rights_document(user.is_superuser, str(user.id), data.user_id) data_table.append(data) except DoesNotExist: raise Exception('It seems a ' + get_data_label() + ' is missing. Please refresh the page.') except Exception, e: raise Exception(e.message)
def set_status(data, status, user): """ Set the status of a data Args: data: status: user: Returns: Data """ if status == DataStatus.DELETED and (data.workspace is None or data.workspace.is_public is False): raise exceptions.ModelError( "the " + get_data_label() + " should be published if the targeted status is 'Deleted'") # build the xsd tree xml_tree = XSDTree.build_tree(data.xml_content) # get the root root = xml_tree.getroot() # and change the attribute root.attrib['status'] = status # update the xml content data.xml_content = XSDTree.tostring(xml_tree) # upsert the data return data_api.upsert(data, user)
def get(self, request, *args, **kwargs): data_id = request.GET["id"] try: data_object = data_api.get_by_id(data_id, request.user) page_context = data_view_builder.build_page(data_object) return data_view_builder.render_page(request, self.common_render, self.template, page_context) except exceptions.DoesNotExist: error_message = "Data not found" status_code = 404 except exceptions.ModelError: error_message = "Model error" status_code = 400 except AccessControlError: error_message = "Access Forbidden" status_code = 403 except Exception as e: error_message = str(e) status_code = 400 return self.common_render( request, "core_main_app/common/commons/error.html", context={ "error": "Unable to access the requested " + get_data_label() + ": {}.".format(error_message), "status_code": status_code, }, )
def get(self, request, *args, **kwargs): data_id = request.GET['id'] try: data = data_api.get_by_id(data_id, request.user) context = {'data': data} assets = { "js": [ { "path": 'core_main_app/common/js/XMLTree.js', "is_raw": False }, { "path": 'core_main_app/user/js/data/detail.js', "is_raw": False }, ], "css": ["core_main_app/common/css/XMLTree.css"], } modals = [] if "core_file_preview_app" in INSTALLED_APPS: assets["js"].extend([{ "path": 'core_file_preview_app/user/js/file_preview.js', "is_raw": False }]) assets["css"].append( "core_file_preview_app/user/css/file_preview.css") modals.append( "core_file_preview_app/user/file_preview_modal.html") return self.common_render(request, self.template, context=context, assets=assets, modals=modals) except exceptions.DoesNotExist: error_message = 'Data not found' except exceptions.ModelError: error_message = 'Model error' except Exception as e: error_message = str(e) return self.common_render( request, 'core_main_app/common/commons/error.html', context={ "error": "Unable to access the requested " + get_data_label() + ": {}.".format(error_message) })
def save_data(request): """Save data - delete curate data structure. Args: request: Returns: """ try: # get curate data structure curate_data_structure_id = request.POST["id"] curate_data_structure = curate_data_structure_api.get_by_id( curate_data_structure_id, request.user) # unlock from database if curate_data_structure.data is not None: lock_api.remove_lock_on_object(curate_data_structure.data, request.user) # generate the XML xml_data = render_xml( request, curate_data_structure.data_structure_element_root) if curate_data_structure.data is not None: # update existing data data = curate_data_structure.data else: # create new data data = Data() data.title = curate_data_structure.name template = template_api.get(str(curate_data_structure.template.id), request=request) data.template = template data.user_id = str(request.user.id) # set content data.xml_content = xml_data # save data data = data_api.upsert(data, request) curate_data_structure_api.delete(curate_data_structure, request.user) messages.add_message( request, messages.SUCCESS, get_data_label().capitalize() + " saved with success.", ) except Exception as e: return HttpResponseBadRequest(str(e).replace('"', "'"), content_type="application/javascript") return HttpResponse(json.dumps({"data_id": str(data.id)}), content_type="application/javascript")
def has_perm_publish_data(user): """ Does the user have the permission to publish a data. Args: user Returns """ publish_perm = permissions_api.get_by_codename(rights.publish_data) if not user.has_perm(publish_perm.content_type.app_label + '.' + publish_perm.codename): raise AccessControlError( "The user doesn't have enough rights to publish this " + get_data_label() + ".")
def __init__( self, user, list_current_workspace=[], is_administration=False, show_global_workspace=False, ): self.WORKSPACES_OPTIONS = [] self.WORKSPACES_OPTIONS.append(("", "-----------")) # We retrieve all workspaces with write access, or all workspaces if administration if is_administration: all_workspaces = workspace_api.get_all() else: all_workspaces = list( workspace_api.get_all_workspaces_with_write_access_by_user( user)) if show_global_workspace: workspace_global = workspace_api.get_global_workspace() if workspace_global not in all_workspaces: all_workspaces.append(workspace_global) if len(all_workspaces) == 0: raise DoesNotExist( "You don't have access to any workspaces with sufficient rights to assign a " + get_data_label() + ".") # We sort by title, case insensitive sort_workspaces = sorted(all_workspaces, key=lambda s: s.title.lower()) # We add them for workspace in sort_workspaces: is_workspace_global = workspace_api.is_workspace_global(workspace) if (list_current_workspace == [] or (len(list_current_workspace) > 0 and workspace not in list_current_workspace)) and ( (show_global_workspace and is_workspace_global) or not is_workspace_global): self.WORKSPACES_OPTIONS.append(( workspace.id, workspace.title + " (" + ("GLOBAL" if is_workspace_global else user_api.get_user_by_id(workspace.owner).username) + ")", )) super(ChangeWorkspaceForm, self).__init__() self.fields["workspaces"].choices = [] self.fields["workspaces"].choices = self.WORKSPACES_OPTIONS
def save_data(request): """Save data - delete curate data structure. Args: request: Returns: """ try: # get curate data structure curate_data_structure_id = request.POST['id'] curate_data_structure = curate_data_structure_api.get_by_id( curate_data_structure_id) # unlock from database if curate_data_structure.data is not None: lock_api.remove_lock_on_object(curate_data_structure.data, request.user) # generate the XML xml_data = render_xml( curate_data_structure.data_structure_element_root) if curate_data_structure.data is not None: # update existing data data = curate_data_structure.data else: # create new data data = Data() data.title = curate_data_structure.name data.template = curate_data_structure.template data.user_id = str(request.user.id) # set content data.xml_content = xml_data # save data data_api.upsert(data, request.user) curate_data_structure_api.delete(curate_data_structure) messages.add_message( request, messages.SUCCESS, get_data_label().capitalize() + ' saved with success.') except Exception, e: message = e.message.replace('"', '\'') return HttpResponseBadRequest(message, content_type='application/javascript')
class ViewData(CommonView): """ View detail data. """ template = 'core_main_app/user/data/detail.html' def get(self, request, *args, **kwargs): data_id = request.GET['id'] try: data = data_api.get_by_id(data_id, request.user) context = {'data': data} assets = { "js": [ { "path": 'core_main_app/common/js/XMLTree.js', "is_raw": False }, { "path": 'core_main_app/user/js/data/detail.js', "is_raw": False }, ], "css": ["core_main_app/common/css/XMLTree.css"], } return self.common_render(request, self.template, context=context, assets=assets) except exceptions.DoesNotExist: error_message = 'Data not found' except exceptions.ModelError: error_message = 'Model error' except Exception, e: error_message = e.message return self.common_render( request, 'core_main_app/common/commons/error.html', context={ "error": "Unable to access the requested " + get_data_label() + ": {}.".format(error_message) })
def has_perm_administration(func, *args, **kwargs): """ Is the given user has administration rights. Args: func: *args: **kwargs: Returns: """ try: if args[0].is_superuser: return func(*args, **kwargs) except Exception: pass raise AccessControlError( "The user doesn't have enough rights to access this " + get_data_label() + ".")
def can_change_owner(func, data, new_user, user): """ Can user change data's owner. Args: func: data: new_user: user: Returns: """ if user.is_superuser: return func(data, new_user, user) if data.user_id != str(user.id): raise AccessControlError( "The user doesn't have enough rights to access this " + get_data_label() + ".") return func(data, new_user, user)
def publish(request): """Publish a resource. Returns: """ try: data_id = request.POST.get("data_id", None) if data_id is not None: data = data_api.get_by_id(data_id, request.user) data_registry_api.publish(data, request.user) messages.add_message( request, messages.SUCCESS, get_data_label().capitalize() + " published with success.", ) else: return HttpResponseBadRequest( json.dumps({"message": "The data id is required"}), content_type="application/javascript", ) except exceptions.DoesNotExist as dne: return HttpResponseBadRequest( json.dumps({"message": escape(str(dne))}), content_type="application/json" ) except AccessControlError as ace: return HttpResponseBadRequest( json.dumps( {"message": "You don't have enough right to perform this action."} ), content_type="application/json", ) except Exception as e: return HttpResponseBadRequest( json.dumps({"message": escape(str(e))}), content_type="application/javascript", ) return HttpResponse(json.dumps({}), content_type="application/javascript")
def _check_can_read_data_list(data_list, user): """ Check that the user can read each data of the list. Args: data_list: user: Returns: """ if len(data_list) > 0: # get list of accessible workspaces accessible_workspaces = workspace_api.get_all_workspaces_with_read_access_by_user( user) # check access is correct for data in data_list: # user is data owner if data.user_id == str(user.id): continue # user is not owner or data not in accessible workspace if data.workspace is None or data.workspace not in accessible_workspaces: raise AccessControlError( "The user doesn't have enough rights to access this " + get_data_label() + ".")
""" try: list_data = _get_data(data_ids, request.user) except Exception, e: messages.add_message(request, messages.INFO, e.message) return HttpResponse(json.dumps({}), content_type='application/javascript') try: for data in list_data: # Check if the data is locked if lock_api.is_object_locked(data.id, request.user): messages.add_message( request, messages.ERROR, get_data_label().capitalize() + " locked. " "You can't delete it.") return HttpResponse(json.dumps({}), content_type='application/javascript') data_api.delete(data, request.user) messages.add_message( request, messages.INFO, get_data_label().capitalize() + ' deleted with success.') except: messages.add_message(request, messages.INFO, 'A problem occurred while deleting.') return HttpResponse(json.dumps({}), content_type='application/javascript')
def get(self, request, workspace_id, *args, **kwargs): workspace = workspace_api.get_by_id(workspace_id) try: workspace_data = workspace_data_api.get_all_by_workspace( workspace, request.user ) except AccessControlError as ace: workspace_data = workspace_data_api.get_none() user_can_read = workspace_api.can_user_read_workspace(workspace, request.user) user_can_write = workspace_api.can_user_write_workspace(workspace, request.user) # Paginator page = request.GET.get("page", 1) results_paginator = ResultsPaginator.get_results( workspace_data, page, settings.RECORD_PER_PAGE_PAGINATION ) # Data context try: results_paginator.object_list = self._format_data_context( results_paginator.object_list, request.user, user_can_read, user_can_write, ) except: results_paginator.object_list = [] # Add user_form for change owner user_form = UserForm(request.user) context = { "number_total": workspace_data.count(), "user_data": results_paginator, "user_form": user_form, "document": dashboard_constants.FUNCTIONAL_OBJECT_ENUM.RECORD.value, "template": self.data_template, "administration": self.administration, "username_list": get_id_username_dict(user_api.get_all_users()), } # Get all username and corresponding ids user_names = dict((str(x.id), x.username) for x in user_api.get_all_users()) context.update({"usernames": user_names}) context.update( { "title": "List of " + get_data_label() + "s of workspace: " + workspace.title } ) modals = self._get_modals() assets = self._get_assets() return self.common_render( request, self.template, context=context, assets=assets, modals=modals )
Menu.add_item( "composer", MenuItem("My Types", reverse("core_dashboard_types"), require_authentication=True)) Menu.items["dashboard"] = [] Menu.add_item( "dashboard", MenuItem("My Workspaces", reverse('core_dashboard_workspaces'), icon="folder-open")) Menu.add_item( "dashboard", MenuItem("My {0}s".format(get_data_label().title()), reverse('core_dashboard_records'), icon="file-text-o")) Menu.add_item( "dashboard", MenuItem("My {0}s".format(get_form_label().title()), reverse('core_dashboard_forms'), icon="file-text-o")) Menu.add_item( "dashboard", MenuItem("My Files", reverse('core_dashboard_files'), icon="file")) Menu.add_item( "help", MenuItem("API Documentation", reverse("swagger_view"),
Menu.add_item( "composer", MenuItem("My Templates", reverse("core_dashboard_templates"), require_authentication=True) ) Menu.add_item( "composer", MenuItem("My Types", reverse("core_dashboard_types"), require_authentication=True) ) Menu.items["dashboard"] = [] Menu.add_item( "dashboard", MenuItem("My Workspaces", reverse('core_dashboard_workspaces'), icon="folder-open") ) Menu.add_item( "dashboard", MenuItem("My {0}s".format(get_data_label().title()), reverse('core_dashboard_records'), icon="file-text-o") ) Menu.add_item( "dashboard", MenuItem("My {0}s".format(get_form_label().title()), reverse('core_dashboard_forms'), icon="file-text-o") ) Menu.add_item( "dashboard", MenuItem("My Files", reverse('core_dashboard_files'), icon="file") ) Menu.add_item( "help", MenuItem("API Documentation", reverse("swagger_view"), icon="cogs") )
class DashboardWorkspaceRecords(CommonView): """ List the records of a workspace. """ template = dashboard_constants.DASHBOARD_TEMPLATE data_template = dashboard_constants.DASHBOARD_RECORDS_TEMPLATE_TABLE_PAGINATION def get(self, request, workspace_id, *args, **kwargs): workspace = workspace_api.get_by_id(workspace_id) try: workspace_data = workspace_data_api.get_all_by_workspace( workspace, request.user) except AccessControlError, ace: workspace_data = [] user_can_read = workspace_api.can_user_read_workspace( workspace, request.user) user_can_write = workspace_api.can_user_write_workspace( workspace, request.user) # Paginator page = request.GET.get('page', 1) results_paginator = ResultsPaginator.get_results( workspace_data, page, settings.RECORD_PER_PAGE_PAGINATION) # Data context results_paginator.object_list = self._format_data_context( results_paginator.object_list, request.user, user_can_read, user_can_write) # Add user_form for change owner user_form = UserForm(request.user) context = { 'number_total': len(workspace_data), 'user_data': results_paginator, 'user_form': user_form, 'document': dashboard_constants.FUNCTIONAL_OBJECT_ENUM.RECORD, 'template': self.data_template, 'administration': self.administration, 'username_list': get_id_username_dict(user_api.get_all_users()) } # Get all username and corresponding ids user_names = dict( (str(x.id), x.username) for x in user_api.get_all_users()) context.update({'usernames': user_names}) context.update({ 'title': 'List of ' + get_data_label() + 's of workspace: ' + workspace.title }) modals = [ "core_main_app/user/workspaces/list/modals/assign_workspace.html", dashboard_constants.MODALS_COMMON_CHANGE_OWNER, dashboard_constants.MODALS_COMMON_DELETE ] assets = self._get_assets() return self.common_render(request, self.template, context=context, assets=assets, modals=modals)
) JS_EDIT_RECORD = "core_dashboard_common_app/user/js/list/edit_record.js" USER_VIEW_RECORD_RAW = "core_dashboard_common_app/user/js/list/view_record.raw.js" JS_VIEW_RECORD = "core_dashboard_common_app/common/js/list/view_record.js" # Admin JS_ADMIN_COUNT_CHECK = "core_dashboard_common_app/admin/js/count_checked.js" JS_ADMIN_RESET_CHECKBOX = "core_dashboard_common_app/admin/js/reset_checkbox.js" JS_ADMIN_SELECT_ALL = "core_dashboard_common_app/admin/js/select_all.js" JS_ADMIN_SELETED_ELEMENT = ( "core_dashboard_common_app/admin/js/get_selected_document_admin.js" ) JS_ADMIN_INIT_MENU = "core_dashboard_common_app/admin/js/init_admin_menu.js" JS_INIT_ADMIN = "core_dashboard_common_app/admin/js/init_admin.js" JS_ADMIN_ACTION_DASHBOARD = "core_dashboard_common_app/admin/js/action_dashboard.js" JS_ADMIN_TABLE = "core_dashboard_common_app/admin/js/admin_table.js" ADMIN_VIEW_RECORD_RAW = "core_dashboard_common_app/admin/js/list/view_record.raw.js" FUNCTIONAL_OBJECT_ENUM = Enum( "FUNCTIONAL_OBJECT_ENUM", { "RECORD": get_data_label(), "FORM": get_form_label(), "TEMPLATE": "template", "TYPE": "type", "FILE": "file", "QUERY": "query", "WORKSPACE": "workspace", }, )