def get_object_for_viewing(request, uid, target_klass=None):
    """
    Return the specified instance by uid for viewing.
    If a target_klass is provided, uid will be checked for consistency.
    If the request has no authenticated user, a 401 Response will be returned.
    If the item is not found, a 404 Response will be returned. If the user is 
    not authorized to view the item (not the owner or part of a group the item
    is shared with), a 403 Not Authorized Response will be returned.

    usage:

    instance = get_object_for_viewing(request, 'mlpa_mpa_12', target_klass=Mpa)
    if isinstance(instance, HttpResponse):
        return instance

    """
    if target_klass and not target_klass.model_uid() in uid:
        return HttpResponse("Target class %s doesn't match the provided uid %s" % 
                            (target_klass, uid),
                            status=401)
    try:
        instance = get_feature_by_uid(uid)
    except ValueError:
        return HttpResponse("Uid not valid: %s" % uid, status=401)
    except:
        return HttpResponse("Feature not found - %s" % uid, status=404)

    viewable, response = instance.is_viewable(request.user) 
    if viewable:
        return instance
    else:
        return response
def get_object_for_editing(request, uid, target_klass=None):
    """
    Return the specified instance by uid for editing.
    If a target_klass is provided, uid will be checked for consistency.
    If the request has no logged-in user, a 401 Response will be returned. If
    the item is not found, a 404 Response will be returned. If the user is
    not authorized to edit the item (not the owner or a staff user), a 403 Not
    Authorized Response will be returned.

    usage:

    instance = get_object_for_editing(request, 'mlpa_mpa_12', target_klass=Mpa)
    if isinstance(instance, HttpResponse):
        return instance

    """
    if target_klass and not target_klass.model_uid() in uid:
        return HttpResponse("Target class %s doesn't match the provided uid %s" % 
                            (target_klass, uid),
                            status=401)
    try:
        instance = get_feature_by_uid(uid)
    except ValueError:
        return HttpResponse("Uid not valid: %s" % uid, status=401)
    except:
        return HttpResponse("Feature not found - %s" % uid, status=404)

    if not request.user.is_authenticated():
        return HttpResponse('You must be logged in.', status=401)
    # Check that user owns the object or is staff
    if not request.user.is_staff and request.user != instance.user:
        return HttpResponseForbidden(
            'You do not have permission to modify this object.')
    return instance
def copy_design(request, uid):
    try:
        design_obj = get_feature_by_uid(uid)
    except Feature.DoesNotExist:
        raise Http404
       
    #check permissions
    viewable, response = design_obj.is_viewable(request.user)
    if not viewable:
        return response
        
    design_obj.pk = None
    design_obj.user = request.user
    design_obj.save()
    
    json = []
    json.append({
        'id': design_obj.id,
        'uid': design_obj.uid,
        'name': design_obj.name,
        'description': design_obj.description,
        'attributes': design_obj.serialize_attributes()
    })
    
    return HttpResponse(dumps(json), status=200)
示例#4
0
def get_attributes(request, uid):
    from django.contrib.auth.models import User
    from marineplanner import settings as mpSettings
    try:
        scenario_obj = get_feature_by_uid(uid)
    except Scenario.DoesNotExist:
        raise Http404

    #check permissions
    viewable, response = scenario_obj.is_viewable(request.user)
    if not viewable:

        if mpSettings.ALLOW_ANONYMOUS_DRAW:

            anonUser = User.objects.get(pk=mpSettings.ANONYMOUS_USER_PK)
            anonViewable, response = scenario_obj.is_viewable(anonUser)
            if not anonViewable:
                return response
        else:
            return response

    if 'serialize_attributes' in dir(scenario_obj):
        if hasattr(scenario_obj, 'is_loading') and scenario_obj.is_loading:
            scenario_obj.save()
        return HttpResponse(dumps(scenario_obj.serialize_attributes()))
    else:
        return HttpResponse(dumps([]))
示例#5
0
def get_object_for_editing(request, uid, target_klass=None):
    """
    Return the specified instance by uid for editing.
    If a target_klass is provided, uid will be checked for consistency.
    If the request has no logged-in user, a 401 Response will be returned. If
    the item is not found, a 404 Response will be returned. If the user is
    not authorized to edit the item (not the owner or a staff user), a 403 Not
    Authorized Response will be returned.

    usage:

    instance = get_object_for_editing(request, 'mlpa_mpa_12', target_klass=Mpa)
    if isinstance(instance, HttpResponse):
        return instance

    """
    if target_klass and not target_klass.model_uid() in uid:
        return HttpResponse(
            "Target class %s doesn't match the provided uid %s" %
            (target_klass, uid),
            status=401)
    try:
        instance = get_feature_by_uid(uid)
    except ValueError:
        return HttpResponse("Uid not valid: %s" % uid, status=401)
    except:
        return HttpResponse("Feature not found - %s" % uid, status=404)

    if not request.user.is_authenticated():
        return HttpResponse('You must be logged in.', status=401)
    # Check that user owns the object or is staff
    if not request.user.is_staff and request.user != instance.user:
        return HttpResponseForbidden(
            'You do not have permission to modify this object.')
    return instance
示例#6
0
def copy_design(request, uid):
    try:
        design_obj = get_feature_by_uid(uid)
    except Feature.DoesNotExist:
        raise Http404

    #check permissions
    viewable, response = design_obj.is_viewable(request.user)
    if not viewable:
        return response

    design_obj.pk = None
    design_obj.user = request.user
    design_obj.save()

    json = []
    json.append({
        'id': design_obj.id,
        'uid': design_obj.uid,
        'name': design_obj.name,
        'description': design_obj.description,
        'attributes': design_obj.serialize_attributes()
    })

    return HttpResponse(dumps(json), status=200)
示例#7
0
def get_object_for_viewing(request, uid, target_klass=None):
    """
    Return the specified instance by uid for viewing.
    If a target_klass is provided, uid will be checked for consistency.
    If the request has no authenticated user, a 401 Response will be returned.
    If the item is not found, a 404 Response will be returned. If the user is
    not authorized to view the item (not the owner or part of a group the item
    is shared with), a 403 Not Authorized Response will be returned.

    usage:

    instance = get_object_for_viewing(request, 'mlpa_mpa_12', target_klass=Mpa)
    if isinstance(instance, HttpResponse):
        return instance

    """
    if target_klass and not target_klass.model_uid() in uid:
        return HttpResponse(
            "Target class %s doesn't match the provided uid %s" %
            (target_klass, uid),
            status=401)
    try:
        instance = get_feature_by_uid(uid)
    except ValueError:
        return HttpResponse("Uid not valid: %s" % uid, status=401)
    except:
        return HttpResponse("Feature not found - %s" % uid, status=404)

    viewable, response = instance.is_viewable(request.user)
    if viewable:
        return instance
    else:
        return response
示例#8
0
def delete_drawing(uid, **kwargs):
    request = kwargs.get("request")
    drawing_obj = get_feature_by_uid(uid)

    viewable, response = drawing_obj.is_viewable(request.user)

    if viewable:
        drawing_obj.delete()
示例#9
0
def delete_drawing(uid, **kwargs):
    from features.registry import get_feature_by_uid
    request = kwargs.get('request')
    drawing_obj = get_feature_by_uid(uid)

    viewable, response = drawing_obj.is_viewable(request.user)

    if viewable:
        drawing_obj.delete()
示例#10
0
def get_attributes(request, uid):
    try:
        scenario_obj = get_feature_by_uid(uid)
    except Scenario.DoesNotExist:
        raise Http404

    #check permissions
    viewable, response = scenario_obj.is_viewable(request.user)
    if not viewable:
        return response

    return HttpResponse(dumps(scenario_obj.serialize_attributes()))
def get_attributes(request, uid):
    try:
        scenario_obj = get_feature_by_uid(uid)
    except Scenario.DoesNotExist:
        raise Http404
    
    #check permissions
    viewable, response = scenario_obj.is_viewable(request.user)
    if not viewable:
        return response
    
    return HttpResponse(dumps(scenario_obj.serialize_attributes()))
def share_design(request):
    group_names = request.POST.getlist('groups[]')
    design_uid = request.POST['scenario']
    design = get_feature_by_uid(design_uid)
    viewable, response = design.is_viewable(request.user)
    if not viewable:
        return response
    #remove previously shared with groups, before sharing with new list
    design.share_with(None)
    groups = request.user.mapgroupmember_set.all()
    groups = groups.filter(map_group__name__in=group_names)
    groups = [g.map_group.permission_group for g in groups]
    design.share_with(groups, append=False)
    return HttpResponse("", status=200)
示例#13
0
def share_design(request):
    group_names = request.POST.getlist('groups[]')
    design_uid = request.POST['scenario']
    design = get_feature_by_uid(design_uid)
    viewable, response = design.is_viewable(request.user)
    if not viewable:
        return response
    #remove previously shared with groups, before sharing with new list
    design.share_with(None)
    groups = request.user.mapgroupmember_set.all()
    groups = groups.filter(map_group__name__in=group_names)
    groups = [g.map_group.permission_group for g in groups]
    design.share_with(groups, append=False)
    return HttpResponse("", status=200)
def delete_design(request, uid):
    try:
        design_obj = get_feature_by_uid(uid)
    except Feature.DoesNotExist:
        raise Http404
    
    #check permissions
    viewable, response = design_obj.is_viewable(request.user)
    if not viewable:
        return response
        
    design_obj.delete()
    #design_obj.active = False
    #design_obj.save(rerun=False)
    
    return HttpResponse("", status=200)
示例#15
0
def delete_design(request, uid):
    try:
        design_obj = get_feature_by_uid(uid)
    except Feature.DoesNotExist:
        raise Http404

    #check permissions
    viewable, response = design_obj.is_viewable(request.user)
    if not viewable:
        return response

    design_obj.delete()
    #design_obj.active = False
    #design_obj.save(rerun=False)

    return HttpResponse("", status=200)
示例#16
0
def share_bookmark(bookmark_uid, group_names, **kwargs):
    request = kwargs["request"]
    # group_names = request.POST.getlist('groups[]')
    # bookmark_uid = request.POST['bookmark']
    bookmark = get_feature_by_uid(bookmark_uid)

    viewable, response = bookmark.is_viewable(request.user)
    if not viewable:
        return response

    # remove previously shared with groups, before sharing with new list
    bookmark.share_with(None)

    groups = []
    for group_name in group_names:
        g = Group.objects.get(mapgroup__name=group_name)
        groups.append(g)

    bookmark.share_with(groups, append=False)
示例#17
0
def share_bookmark(bookmark_uid, group_names, **kwargs):
    from django.contrib.auth.models import Group
    from features.registry import get_feature_by_uid
    request = kwargs['request']
    # group_names = request.POST.getlist('groups[]')
    # bookmark_uid = request.POST['bookmark']
    bookmark = get_feature_by_uid(bookmark_uid)

    viewable, response = bookmark.is_viewable(request.user)
    if not viewable:
        return response

    #remove previously shared with groups, before sharing with new list
    bookmark.share_with(None)

    groups = []
    for group_name in group_names:
        g = Group.objects.get(mapgroup__name=group_name)
        groups.append(g)

    bookmark.share_with(groups, append=False)
示例#18
0
    def get_feature(self, feature_id):
        """Get a feature by ID.
        Return tuple of (feature, geometry), or raise 404
        """
        try:
            feature = get_feature_by_uid(feature_id)
        except feature.__class__.DoesNotExist:
            raise Http404()

        if not feature.user == self.request.user:
            # if we don't own the feature, see if it's shared with us
            shared_with_user = feature.__class__.objects.shared_with_user(
                self.request.user)
            shared_with_user = shared_with_user.filter(id=feature.id)
            if not shared_with_user.exists():
                raise Http404()

        def getattr_alot(obj, attrs, default=None):
            """Return the first attribute that isn't an attribute error,
            or default
            """
            for attr in attrs:
                if hasattr(obj, attr):
                    return getattr(obj, attr, default)
            return getattr(obj, attrs[-1])  # trigger AttributeError

        # Even though the three objects are all subclasses of feature, they
        # all have different names for the variable that they store geometry in.
        # AOIs have "geometry_final", PlanningUnitSelections have 'geometry_actual'
        # and Wind energy ("Scenario") has geometry_dissolved.
        # Write a quick function to keep trying until it finds the right
        # attribute name.
        # A proper fix is, of course, to rename every reference to the same
        # thing instead of inventing new names in subclasses.

        geometry = getattr_alot(
            feature,
            ['geometry_final', 'geometry_actual', 'geometry_dissolved'])

        return feature, geometry
    def get_feature(self, feature_id):
        """Get a feature by ID.
        Return tuple of (feature, geometry), or raise 404
        """
        try:
            feature = get_feature_by_uid(feature_id)
        except feature.__class__.DoesNotExist:
            raise Http404()

        if not feature.user == self.request.user:
            # if we don't own the feature, see if it's shared with us
            shared_with_user = feature.__class__.objects.shared_with_user(self.request.user)
            shared_with_user = shared_with_user.filter(id=feature.id)
            if not shared_with_user.exists():
                raise Http404()

        def getattr_alot(obj, attrs, default=None):
            """Return the first attribute that isn't an attribute error,
            or default
            """
            for attr in attrs:
                if hasattr(obj, attr):
                    return getattr(obj, attr, default)
            return getattr(obj, attrs[-1]) # trigger AttributeError

        # Even though the three objects are all subclasses of feature, they
        # all have different names for the variable that they store geometry in.
        # AOIs have "geometry_final", LeaseBlockSelections have 'geometry_actual'
        # and Wind energy ("Scenario") has geometry_dissolved.
        # Write a quick function to keep trying until it finds the right
        # attribute name.
        # A proper fix is, of course, to rename every reference to the same
        # thing instead of inventing new names in subclasses.

        geometry = getattr_alot(feature, ['geometry_final', 'geometry_actual',
                                          'geometry_dissolved'])

        return feature, geometry