def get_object_for_viewing(request, uid, target_klass=None):
"""
Return the specified instance by uid for viewing.
If a target_klass is provided, uid will be checked for consistency.
If the request has no authenticated user, a 401 Response will be returned.
If the item is not found, a 404 Response will be returned. If the user is
not authorized to view the item (not the owner or part of a group the item
is shared with), a 403 Not Authorized Response will be returned.
usage:
instance = get_object_for_viewing(request, 'mlpa_mpa_12', target_klass=Mpa)
if isinstance(instance, HttpResponse):
return instance
"""
if target_klass and not target_klass.model_uid() in uid:
return HttpResponse("Target class %s doesn't match the provided uid %s" %
(target_klass, uid),
status=401)
try:
instance = get_feature_by_uid(uid)
except ValueError:
return HttpResponse("Uid not valid: %s" % uid, status=401)
except:
return HttpResponse("Feature not found - %s" % uid, status=404)
viewable, response = instance.is_viewable(request.user)
if viewable:
return instance
else:
return response
def get_object_for_editing(request, uid, target_klass=None):
"""
Return the specified instance by uid for editing.
If a target_klass is provided, uid will be checked for consistency.
If the request has no logged-in user, a 401 Response will be returned. If
the item is not found, a 404 Response will be returned. If the user is
not authorized to edit the item (not the owner or a staff user), a 403 Not
Authorized Response will be returned.
usage:
instance = get_object_for_editing(request, 'mlpa_mpa_12', target_klass=Mpa)
if isinstance(instance, HttpResponse):
return instance
"""
if target_klass and not target_klass.model_uid() in uid:
return HttpResponse("Target class %s doesn't match the provided uid %s" %
(target_klass, uid),
status=401)
try:
instance = get_feature_by_uid(uid)
except ValueError:
return HttpResponse("Uid not valid: %s" % uid, status=401)
except:
return HttpResponse("Feature not found - %s" % uid, status=404)
if not request.user.is_authenticated():
return HttpResponse('You must be logged in.', status=401)
# Check that user owns the object or is staff
if not request.user.is_staff and request.user != instance.user:
return HttpResponseForbidden(
'You do not have permission to modify this object.')
return instance
def copy_design(request, uid):
try:
design_obj = get_feature_by_uid(uid)
except Feature.DoesNotExist:
raise Http404
#check permissions
viewable, response = design_obj.is_viewable(request.user)
if not viewable:
return response
design_obj.pk = None
design_obj.user = request.user
design_obj.save()
json = []
json.append({
'id': design_obj.id,
'uid': design_obj.uid,
'name': design_obj.name,
'description': design_obj.description,
'attributes': design_obj.serialize_attributes()
})
return HttpResponse(dumps(json), status=200)
def get_attributes(request, uid):
from django.contrib.auth.models import User
from marineplanner import settings as mpSettings
try:
scenario_obj = get_feature_by_uid(uid)
except Scenario.DoesNotExist:
raise Http404
#check permissions
viewable, response = scenario_obj.is_viewable(request.user)
if not viewable:
if mpSettings.ALLOW_ANONYMOUS_DRAW:
anonUser = User.objects.get(pk=mpSettings.ANONYMOUS_USER_PK)
anonViewable, response = scenario_obj.is_viewable(anonUser)
if not anonViewable:
return response
else:
return response
if 'serialize_attributes' in dir(scenario_obj):
if hasattr(scenario_obj, 'is_loading') and scenario_obj.is_loading:
scenario_obj.save()
return HttpResponse(dumps(scenario_obj.serialize_attributes()))
else:
return HttpResponse(dumps([]))
def get_object_for_editing(request, uid, target_klass=None):
"""
Return the specified instance by uid for editing.
If a target_klass is provided, uid will be checked for consistency.
If the request has no logged-in user, a 401 Response will be returned. If
the item is not found, a 404 Response will be returned. If the user is
not authorized to edit the item (not the owner or a staff user), a 403 Not
Authorized Response will be returned.
usage:
instance = get_object_for_editing(request, 'mlpa_mpa_12', target_klass=Mpa)
if isinstance(instance, HttpResponse):
return instance
"""
if target_klass and not target_klass.model_uid() in uid:
return HttpResponse(
"Target class %s doesn't match the provided uid %s" %
(target_klass, uid),
status=401)
try:
instance = get_feature_by_uid(uid)
except ValueError:
return HttpResponse("Uid not valid: %s" % uid, status=401)
except:
return HttpResponse("Feature not found - %s" % uid, status=404)
if not request.user.is_authenticated():
return HttpResponse('You must be logged in.', status=401)
# Check that user owns the object or is staff
if not request.user.is_staff and request.user != instance.user:
return HttpResponseForbidden(
'You do not have permission to modify this object.')
return instance
def copy_design(request, uid):
try:
design_obj = get_feature_by_uid(uid)
except Feature.DoesNotExist:
raise Http404
#check permissions
viewable, response = design_obj.is_viewable(request.user)
if not viewable:
return response
design_obj.pk = None
design_obj.user = request.user
design_obj.save()
json = []
json.append({
'id': design_obj.id,
'uid': design_obj.uid,
'name': design_obj.name,
'description': design_obj.description,
'attributes': design_obj.serialize_attributes()
})
return HttpResponse(dumps(json), status=200)
def get_object_for_viewing(request, uid, target_klass=None):
"""
Return the specified instance by uid for viewing.
If a target_klass is provided, uid will be checked for consistency.
If the request has no authenticated user, a 401 Response will be returned.
If the item is not found, a 404 Response will be returned. If the user is
not authorized to view the item (not the owner or part of a group the item
is shared with), a 403 Not Authorized Response will be returned.
usage:
instance = get_object_for_viewing(request, 'mlpa_mpa_12', target_klass=Mpa)
if isinstance(instance, HttpResponse):
return instance
"""
if target_klass and not target_klass.model_uid() in uid:
return HttpResponse(
"Target class %s doesn't match the provided uid %s" %
(target_klass, uid),
status=401)
try:
instance = get_feature_by_uid(uid)
except ValueError:
return HttpResponse("Uid not valid: %s" % uid, status=401)
except:
return HttpResponse("Feature not found - %s" % uid, status=404)
viewable, response = instance.is_viewable(request.user)
if viewable:
return instance
else:
return response
def delete_drawing(uid, **kwargs):
request = kwargs.get("request")
drawing_obj = get_feature_by_uid(uid)
viewable, response = drawing_obj.is_viewable(request.user)
if viewable:
drawing_obj.delete()
def delete_drawing(uid, **kwargs):
from features.registry import get_feature_by_uid
request = kwargs.get('request')
drawing_obj = get_feature_by_uid(uid)
viewable, response = drawing_obj.is_viewable(request.user)
if viewable:
drawing_obj.delete()
def get_attributes(request, uid):
try:
scenario_obj = get_feature_by_uid(uid)
except Scenario.DoesNotExist:
raise Http404
#check permissions
viewable, response = scenario_obj.is_viewable(request.user)
if not viewable:
return response
return HttpResponse(dumps(scenario_obj.serialize_attributes()))
def get_attributes(request, uid):
try:
scenario_obj = get_feature_by_uid(uid)
except Scenario.DoesNotExist:
raise Http404
#check permissions
viewable, response = scenario_obj.is_viewable(request.user)
if not viewable:
return response
return HttpResponse(dumps(scenario_obj.serialize_attributes()))
def share_design(request):
group_names = request.POST.getlist('groups[]')
design_uid = request.POST['scenario']
design = get_feature_by_uid(design_uid)
viewable, response = design.is_viewable(request.user)
if not viewable:
return response
#remove previously shared with groups, before sharing with new list
design.share_with(None)
groups = request.user.mapgroupmember_set.all()
groups = groups.filter(map_group__name__in=group_names)
groups = [g.map_group.permission_group for g in groups]
design.share_with(groups, append=False)
return HttpResponse("", status=200)
def share_design(request):
group_names = request.POST.getlist('groups[]')
design_uid = request.POST['scenario']
design = get_feature_by_uid(design_uid)
viewable, response = design.is_viewable(request.user)
if not viewable:
return response
#remove previously shared with groups, before sharing with new list
design.share_with(None)
groups = request.user.mapgroupmember_set.all()
groups = groups.filter(map_group__name__in=group_names)
groups = [g.map_group.permission_group for g in groups]
design.share_with(groups, append=False)
return HttpResponse("", status=200)
def delete_design(request, uid):
try:
design_obj = get_feature_by_uid(uid)
except Feature.DoesNotExist:
raise Http404
#check permissions
viewable, response = design_obj.is_viewable(request.user)
if not viewable:
return response
design_obj.delete()
#design_obj.active = False
#design_obj.save(rerun=False)
return HttpResponse("", status=200)
def delete_design(request, uid):
try:
design_obj = get_feature_by_uid(uid)
except Feature.DoesNotExist:
raise Http404
#check permissions
viewable, response = design_obj.is_viewable(request.user)
if not viewable:
return response
design_obj.delete()
#design_obj.active = False
#design_obj.save(rerun=False)
return HttpResponse("", status=200)
def share_bookmark(bookmark_uid, group_names, **kwargs):
request = kwargs["request"]
# group_names = request.POST.getlist('groups[]')
# bookmark_uid = request.POST['bookmark']
bookmark = get_feature_by_uid(bookmark_uid)
viewable, response = bookmark.is_viewable(request.user)
if not viewable:
return response
# remove previously shared with groups, before sharing with new list
bookmark.share_with(None)
groups = []
for group_name in group_names:
g = Group.objects.get(mapgroup__name=group_name)
groups.append(g)
bookmark.share_with(groups, append=False)
def share_bookmark(bookmark_uid, group_names, **kwargs):
from django.contrib.auth.models import Group
from features.registry import get_feature_by_uid
request = kwargs['request']
# group_names = request.POST.getlist('groups[]')
# bookmark_uid = request.POST['bookmark']
bookmark = get_feature_by_uid(bookmark_uid)
viewable, response = bookmark.is_viewable(request.user)
if not viewable:
return response
#remove previously shared with groups, before sharing with new list
bookmark.share_with(None)
groups = []
for group_name in group_names:
g = Group.objects.get(mapgroup__name=group_name)
groups.append(g)
bookmark.share_with(groups, append=False)
def get_feature(self, feature_id):
"""Get a feature by ID.
Return tuple of (feature, geometry), or raise 404
"""
try:
feature = get_feature_by_uid(feature_id)
except feature.__class__.DoesNotExist:
raise Http404()
if not feature.user == self.request.user:
# if we don't own the feature, see if it's shared with us
shared_with_user = feature.__class__.objects.shared_with_user(
self.request.user)
shared_with_user = shared_with_user.filter(id=feature.id)
if not shared_with_user.exists():
raise Http404()
def getattr_alot(obj, attrs, default=None):
"""Return the first attribute that isn't an attribute error,
or default
"""
for attr in attrs:
if hasattr(obj, attr):
return getattr(obj, attr, default)
return getattr(obj, attrs[-1]) # trigger AttributeError
# Even though the three objects are all subclasses of feature, they
# all have different names for the variable that they store geometry in.
# AOIs have "geometry_final", PlanningUnitSelections have 'geometry_actual'
# and Wind energy ("Scenario") has geometry_dissolved.
# Write a quick function to keep trying until it finds the right
# attribute name.
# A proper fix is, of course, to rename every reference to the same
# thing instead of inventing new names in subclasses.
geometry = getattr_alot(
feature,
['geometry_final', 'geometry_actual', 'geometry_dissolved'])
return feature, geometry
def get_feature(self, feature_id):
"""Get a feature by ID.
Return tuple of (feature, geometry), or raise 404
"""
try:
feature = get_feature_by_uid(feature_id)
except feature.__class__.DoesNotExist:
raise Http404()
if not feature.user == self.request.user:
# if we don't own the feature, see if it's shared with us
shared_with_user = feature.__class__.objects.shared_with_user(self.request.user)
shared_with_user = shared_with_user.filter(id=feature.id)
if not shared_with_user.exists():
raise Http404()
def getattr_alot(obj, attrs, default=None):
"""Return the first attribute that isn't an attribute error,
or default
"""
for attr in attrs:
if hasattr(obj, attr):
return getattr(obj, attr, default)
return getattr(obj, attrs[-1]) # trigger AttributeError
# Even though the three objects are all subclasses of feature, they
# all have different names for the variable that they store geometry in.
# AOIs have "geometry_final", LeaseBlockSelections have 'geometry_actual'
# and Wind energy ("Scenario") has geometry_dissolved.
# Write a quick function to keep trying until it finds the right
# attribute name.
# A proper fix is, of course, to rename every reference to the same
# thing instead of inventing new names in subclasses.
geometry = getattr_alot(feature, ['geometry_final', 'geometry_actual',
'geometry_dissolved'])
return feature, geometry