def get_cruved(info_role): """ Get the cruved for a user .. :quickref: Permissions; Params: :param user: the user who ask the route, auto kwargs via @check_cruved_scope :type user: User :param module_code: the code of the requested module - as querystring :type module_code: str :returns: dict of the CRUVED """ params = request.args.to_dict() # get modules q = DB.session.query(TModules) if "module_code" in params: q = q.filter(TModules.module_code.in_(params["module_code"])) modules = q.all() # for each modules get its cruved # then get its related object and their cruved modules_with_cruved = {} for mod in modules: mod_as_dict = mod.as_dict() # get mod objects module_objects = ( DB.session.query(TObjects) .join(CorObjectModule, CorObjectModule.id_object == TObjects.id_object) .filter_by(id_module=mod_as_dict["id_module"]) .all() ) module_cruved, herited = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod_as_dict["module_code"] ) mod_as_dict["cruved"] = module_cruved module_objects_as_dict = {} # get cruved for each object for _object in module_objects: object_as_dict = _object.as_dict() object_cruved, herited = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod_as_dict["module_code"], object_code=_object.code_object, ) object_as_dict["cruved"] = object_cruved module_objects_as_dict[object_as_dict["code_object"]] = object_as_dict mod_as_dict["module_objects"] = module_objects_as_dict modules_with_cruved[mod_as_dict["module_code"]] = mod_as_dict return modules_with_cruved
def user_cruved(id_role): """ .. :quickref: View_Permission; Get all scope CRUVED (with heritage) for a user in all modules """ user = DB.session.query(User).get(id_role).as_dict() modules_data = DB.session.query(TModules).order_by( TModules.module_order).all() groupes_data = DB.session.query(CorRole).filter( CorRole.id_role_utilisateur == id_role).all() actions_label = {} for action in DB.session.query(TActions).all(): actions_label[action.code_action] = action.description_action modules = [] for module in modules_data: module = module.as_dict() # for each module get its related object module_objects = (DB.session.query(TObjects).join( CorObjectModule, CorObjectModule.id_object == TObjects.id_object).filter_by( id_module=module["id_module"]).all()) # get cruved for all object module_objects_as_dict = [] for _object in module_objects: object_as_dict = _object.as_dict() object_cruved, (herited, herited_obj) = cruved_scope_for_user_in_module( id_role=id_role, module_code=module["module_code"], object_code=_object.code_object, get_herited_obj=True, ) object_as_dict["cruved"] = ( beautifulize_cruved(actions_label, object_cruved), herited, herited_obj, ) module_objects_as_dict.append(object_as_dict) module["module_objects"] = module_objects_as_dict # do not display cruved for module which have objects cruved, (herited, herited_obj) = cruved_scope_for_user_in_module( id_role, module["module_code"], get_herited_obj=True) cruved_beautiful = beautifulize_cruved(actions_label, cruved) module["module_cruved"] = (cruved_beautiful, herited, herited_obj) modules.append(module) return render_template( "cruved_user.html", user=user, groupes=[groupe.role.as_dict() for groupe in groupes_data], modules=modules, config=current_app.config, )
def test_cruved_scope_for_user_in_module(self): # get cruved for geonature cruved, herited = cruved_scope_for_user_in_module(id_role=9, module_code="GEONATURE") assert herited == False assert cruved == {"C": "3", "R": "3", "U": "3", "V": "3", "E": "3", "D": "3"} cruved, herited = cruved_scope_for_user_in_module( id_role=9, module_code="GEONATURE", get_id=True ) assert herited == False assert cruved == {"C": 4, "R": 4, "U": 4, "V": 4, "E": 4, "D": 4}
def test_permission(): ''' tests sur les permissions ''' user = get_user_from_token_and_raise(request) id_role = user['id_role'] cruved_monitoring = cruved_scope_for_user_in_module( id_role, MODULE_MONITORINGS_CODE, "ALL") cruved_test = cruved_scope_for_user_in_module(id_role, 'TEST', "ALL") return { 'cruved_test': cruved_test, 'cruved_monitoring': cruved_monitoring, }
def get_cruved(info_role): """ return the cruved for a user Params: user: (User): the user who ask the route, auto kwargs via @check_cruved_scope module_code (str): the code of the requested module - as querystring Returns - dict of the CRUVED """ params = dict(request.args) # get modules q = DB.session.query(TModules) if 'module_code' in params: q = q.filter(TModules.module_code.in_(params['module_code'])) modules = q.all() # for each modules get its cruved # then get its related object and their cruved modules_with_cruved = {} for mod in modules: mod_as_dict = mod.as_dict() # get mod objects module_objects = DB.session.query(TObjects).join( CorObjectModule, CorObjectModule.id_object == TObjects.id_object ).filter_by(id_module=mod_as_dict['id_module']).all() module_cruved, herited = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod_as_dict['module_code'], ) mod_as_dict['cruved'] = module_cruved module_objects_as_dict = {} # get cruved for each object for _object in module_objects: object_as_dict = _object.as_dict() object_cruved, herited = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod_as_dict['module_code'], object_code=_object.code_object ) object_as_dict['cruved'] = object_cruved module_objects_as_dict[object_as_dict['code_object']] = object_as_dict mod_as_dict['module_objects'] = module_objects_as_dict modules_with_cruved[mod_as_dict['module_code']] = mod_as_dict return modules_with_cruved
def get_modules(info_role): """ Return the allowed modules of user from its cruved .. :quickref: Commons; """ params = request.args q = DB.session.query(TModules).options(joinedload(TModules.objects)) if "exclude" in params: q = q.filter(TModules.module_code.notin_(params.getlist("exclude"))) q = q.order_by(TModules.module_order.asc()).order_by( TModules.module_label.asc()) modules = q.all() allowed_modules = [] for mod in modules: app_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod.module_code, )[0] if app_cruved["R"] != "0": module = mod.as_dict(fields=["objects"]) module["cruved"] = app_cruved if mod.active_frontend: # try to get module url from conf for new modules if module['module_code'] in current_app.config: module_url = current_app.config[module['module_code']].get( 'MODULE_URL', mod.module_path) else: # fallback for legacy modules module_url = mod.module_path module["module_url"] = "{}/#/{}".format( current_app.config["URL_APPLICATION"], module_url) else: module["module_url"] = mod.module_external_url module_objects_as_dict = {} # # get cruved for each object for _object in module.get("objects", []): object_cruved, herited = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=module["module_code"], object_code=_object["code_object"], ) _object["cruved"] = object_cruved module_objects_as_dict[_object["code_object"]] = _object module["module_objects"] = module_objects_as_dict allowed_modules.append(module) return allowed_modules
def get_modules(info_role): """ Return the allowed modules of user from its cruved """ params = request.args q = DB.session.query(TModules) if "exclude" in params: q = q.filter(TModules.module_code.notin_(params.getlist("exclude"))) modules = q.all() allowed_modules = [] for mod in modules: app_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod.module_code )[0] if app_cruved["R"] != "0": module = mod.as_dict() module["cruved"] = app_cruved if mod.active_frontend: module["module_url"] = "{}/#/{}".format( current_app.config["URL_APPLICATION"], mod.module_path ) else: module["module_url"] = mod.module_external_url allowed_modules.append(module) return allowed_modules
def cruved_scope_for_user_in_monitoring_module(module_code=None, object_code=None): user = get_user_from_token_and_raise(request) cruved_module = {"C": "0", "R": "0", "U": "0", "V": "0", "E": "0", "D": "0"} # If user not a dict: its a token issue # return the appropriate Response if not isinstance(user, dict): return user # get_monitoring from route parameter monitoring_url module = None herited = False if module_code and module_code != "null": module = get_module("module_code", module_code) module_code = module.module_code append = {15: ["MONITORINGS", object_code], 25: ["MONITORINGS", "ALL"]} else: module_code = "MONITORINGS" append = {} cruved_module, herited = cruved_scope_for_user_in_module( id_role=user["id_role"], module_code=module_code, object_code=object_code, append_to_select=append, ) return to_int_cruved(cruved_module)
def get_acquisition_frameworks(info_role): """ Get a simple list of AF without any nested relationships Use for AF select in form Get the GeoNature CRUVED """ only = [] af_list = ( TAcquisitionFramework.query.filter_by_readable().filter_by_params( request.args.to_dict()).options( Load(TAcquisitionFramework).raiseload('*'), # for permission checks: joinedload('creator'), joinedload('cor_af_actor').options( joinedload('role'), joinedload('organism'), ), joinedload('t_datasets').options( joinedload('digitizer'), joinedload('cor_dataset_actor').options( joinedload('role'), joinedload('organism'), ), ), )) if request.args.get('datasets', default=False, type=int): only.extend([ 't_datasets', ]) if request.args.get('creator', default=False, type=int): only.append('creator') af_list = af_list.options(joinedload('creator')) if request.args.get('actors', default=False, type=int): only.extend([ 'cor_af_actor', 'cor_af_actor.nomenclature_actor_role', 'cor_af_actor.organism', 'cor_af_actor.role', ]) af_list = af_list.options( joinedload('cor_af_actor').options( joinedload('nomenclature_actor_role'), ), ) if request.args.get('datasets', default=False, type=int): only.extend([ 't_datasets.cor_dataset_actor', 't_datasets.cor_dataset_actor.nomenclature_actor_role', 't_datasets.cor_dataset_actor.organism', 't_datasets.cor_dataset_actor.role', ]) af_list = af_list.options( joinedload('t_datasets').options( joinedload('cor_dataset_actor').options( joinedload('nomenclature_actor_role'), ), ), ) af_schema = AcquisitionFrameworkSchema(only=only) user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] af_schema.context = {'user_cruved': user_cruved} return af_schema.jsonify(af_list.all(), many=True)
def get_modules(info_role): """ Return the allowed modules of user from its cruved .. :quickref: Commons; """ params = request.args q = DB.session.query(TModules) if "exclude" in params: q = q.filter(TModules.module_code.notin_(params.getlist("exclude"))) q = q.order_by(TModules.module_order.asc()).order_by( TModules.module_label.asc()) modules = q.all() allowed_modules = [] for mod in modules: app_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code=mod.module_code)[0] if app_cruved["R"] != "0": module = mod.as_dict() module["cruved"] = app_cruved if mod.active_frontend: module["module_url"] = "{}/#/{}".format( current_app.config["URL_APPLICATION"], mod.module_path) else: module["module_url"] = mod.module_external_url allowed_modules.append(module) return allowed_modules
def acquisitionFrameworkHandler(request, *, acquisition_framework, info_role): # Test des droits d'édition du acquisition framework si modification if acquisition_framework.id_acquisition_framework is not None: user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] af_cruved = acquisition_framework.get_object_cruved( info_role, user_cruved) #verification des droits d'édition pour le acquisition framework if not af_cruved['U']: raise InsufficientRightsError( "User {} has no right in acquisition_framework {}".format( info_role.id_role, acquisition_framework.id_acquisition_framework), 403, ) else: acquisition_framework.id_digitizer = info_role.id_role acquisitionFrameworkSchema = AcquisitionFrameworkSchema() acquisition_framework, errors = acquisitionFrameworkSchema.load( request.get_json(), instance=acquisition_framework) if bool(errors): raise BadRequest(errors) DB.session.add(acquisition_framework) DB.session.commit() return acquisition_framework
def get_acquisition_framework(info_role, id_acquisition_framework): """ Get one AF with nomenclatures .. :quickref: Metadata; :param id_acquisition_framework: the id_acquisition_framework :param type: int :returns: dict<TAcquisitionFramework> """ acquisitionFrameworkSchema = AcquisitionFrameworkSchema() user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] acquisitionFrameworkSchema.context = { 'info_role': info_role, 'user_cruved': user_cruved } acquisition_framework = DB.session.query(TAcquisitionFramework).get( id_acquisition_framework) if not acquisition_framework: raise NotFound('Acquisition framework "{}" does not exist'.format( id_acquisition_framework)) return acquisitionFrameworkSchema.jsonify(acquisition_framework)
def get_dataset(info_role, id_dataset): """ Get one dataset .. :quickref: Metadata; :param id_dataset: the id_dataset :param type: int :returns: dict<TDataset> """ datasetSchema = DatasetSchema() user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] datasetSchema.context = { 'info_role': info_role, 'user_cruved': user_cruved } dataset = DB.session.query(TDatasets).get(id_dataset) if not dataset: raise NotFound('Dataset "{}" does not exist'.format(id_dataset)) return datasetSchema.jsonify(dataset)
def get_acquisition_frameworks_metadata(info_role): """ Get all AF with cruved filter Use for metadata module. Add the cruved permission for each row .. :quickref: Metadata; """ params = request.args afs = get_af_cruved(info_role, params, as_model=True) id_afs_user = TAcquisitionFramework.get_user_af(info_role, only_user=True) id_afs_org = TAcquisitionFramework.get_user_af(info_role, only_user=False) user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] afs_dict = [] for af in afs: af_dict = af.as_dict() af_dict["cruved"] = af.get_object_cruved( user_cruved=user_cruved, id_object=af.id_acquisition_framework, ids_object_user=id_afs_user, ids_object_organism=id_afs_org, ) afs_dict.append(af_dict) return afs_dict
def get_all(self, info_role, with_cruved=False, mapping_type=None): """ Get all mappings """ users_mapping = self.get_user_mapping(info_role) q = DB.session.query(TMappings).filter(TMappings.temporary == False) if mapping_type: q = q.filter(TMappings.mapping_type == mapping_type.upper()) if info_role.value_filter in ("1", "2"): q = q.filter( or_(TMappings.id_mapping.in_(users_mapping), TMappings.is_public == True)) data = q.all() if with_cruved: user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="IMPORT", object_code="MAPPING", )[0] mapping_as_dict = [] for d in data: temp = d.as_dict() temp["cruved"] = self.get_mapping_cruved( user_cruved, d.id_mapping, users_mapping) mapping_as_dict.append(temp) return mapping_as_dict return [d.as_dict() for d in data]
def datasetHandler(request, *, dataset, info_role): # Test des droits d'édition du dataset si modification if dataset.id_dataset is not None: user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] dataset_cruved = dataset.get_object_cruved(info_role, user_cruved) #verification des droits d'édition pour le dataset if not dataset_cruved['U']: raise InsufficientRightsError( "User {} has no right in dataset {}".format( info_role.id_role, dataset.id_dataset), 403, ) else: dataset.id_digitizer = info_role.id_role datasetSchema = DatasetSchema() dataset, errors = datasetSchema.load(request.get_json(), instance=dataset) if bool(errors): log.error(errors) raise BadRequest(errors) DB.session.add(dataset) DB.session.commit() return dataset
def test_cruved_scope_for_user_in_module(self): # get cruved for geonature cruved, herited = cruved_scope_for_user_in_module( id_role=9, module_code='GEONATURE' ) assert herited == False assert cruved == {'C': '3', 'R': '3', 'U': '3', 'V':'3', 'E':'3', 'D': '3'} cruved, herited = cruved_scope_for_user_in_module( id_role=9, module_code='GEONATURE', get_id=True ) assert herited == False assert cruved == {'C': 4, 'R': 4, 'U': 4, 'V':4, 'E':4, 'D': 4}
def _get_read_scope(self, user=None): if user is None: user = g.current_user cruved, herited = cruved_scope_for_user_in_module( id_role=user.id_role, module_code="GEONATURE" ) return int(cruved['R'])
def user_cruved(id_role): """ Get all scope CRUVED (with heritage) for a user in all modules """ user = DB.session.query(User).get(id_role).as_dict() modules_data = DB.session.query(TModules).all() groupes_data = DB.session.query(CorRole).filter(CorRole.id_role_utilisateur==id_role).all() actions_label = {} for action in DB.session.query(TActions).all(): actions_label[action.code_action] = action.description_action modules = [] for module in modules_data: module = module.as_dict() # for each module get its related object module_objects = DB.session.query(TObjects).join( CorObjectModule, CorObjectModule.id_object == TObjects.id_object ).filter_by(id_module=module['id_module']).all() # get cruved for all object module_objects_as_dict = [] for _object in module_objects: object_as_dict = _object.as_dict() object_cruved, herited = cruved_scope_for_user_in_module( id_role=id_role, module_code=module['module_code'], object_code=_object.code_object ) object_as_dict['cruved'] = beautifulize_cruved(actions_label, object_cruved) module_objects_as_dict.append(object_as_dict) module['module_objects'] = module_objects_as_dict # do not display cruved for module which have objects cruved, herited = cruved_scope_for_user_in_module(id_role, module['module_code']) cruved_beautiful = beautifulize_cruved(actions_label, cruved) #print(cruved_beautiful) module['module_cruved'] = (cruved_beautiful, herited) modules.append(module) return render_template( 'cruved_user.html', user=user, groupes=[groupe.role.as_dict() for groupe in groupes_data], modules=modules, config=current_app.config )
def _get_create_scope(self, module_code, user=None): if user is None: user = g.current_user cruved, herited = cruved_scope_for_user_in_module( id_role=user.id_role, module_code=module_code ) return int(cruved["C"])
def get_acquisition_frameworks_list(info_role): """ Get all AF with their datasets Use in metadata module for list of AF and DS Add the CRUVED permission for each row (Dataset and AD) .. :quickref: Metadata; :param info_role: add with kwargs :type info_role: TRole :qparam list excluded_fields: fields excluded from serialization :qparam boolean nested: Default False - serialized relationships. If false: remove add all relationships in excluded_fields """ if current_app.config["CAS_PUBLIC"]["CAS_AUTHENTIFICATION"]: # synchronise the CA and JDD from the MTD WS try: mtd_utils.post_jdd_from_user(id_user=info_role.id_role, id_organism=info_role.id_organisme) except Exception as e: log.error(e) params = request.args.to_dict() params["orderby"] = "acquisition_framework_name" if "selector" not in params: params["selector"] = None user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] nested_serialization = params.get("nested", False) nested_serialization = True if nested_serialization == "true" else False exclude_fields = [] if "excluded_fields" in params: exclude_fields = params.get("excluded_fields") try: exclude_fields = exclude_fields.split(',') except: raise BadRequest("Malformated parameter 'excluded_fields'") if not nested_serialization: # exclude all relationships from serialization if nested = false exclude_fields = [ db_rel.key for db_rel in inspect(TAcquisitionFramework).relationships ] acquisitionFrameworkSchema = AcquisitionFrameworkSchema( exclude=exclude_fields) acquisitionFrameworkSchema.context = { 'info_role': info_role, 'user_cruved': user_cruved } return acquisitionFrameworkSchema.jsonify(get_metadata_list( info_role, params, exclude_fields).all(), many=True)
def test_cruved_scope_for_user_in_module(self): # get cruved for geonature cruved, herited = cruved_scope_for_user_in_module( id_role=9, module_code='GEONATURE') assert herited == False assert cruved == { 'C': '3', 'R': '3', 'U': '3', 'V': '3', 'E': '3', 'D': '3' } cruved, herited = cruved_scope_for_user_in_module( id_role=9, module_code='GEONATURE', get_id=True) assert herited == False assert cruved == {'C': 4, 'R': 4, 'U': 4, 'V': 4, 'E': 4, 'D': 4}
def get_one(self, id_mapping, info_role, with_cruved): users_mapping = self.get_user_mapping(info_role) mapping = DB.session.query(TMappings).get(id_mapping) if mapping: mapping_as_dict = mapping.as_dict() if with_cruved: user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="IMPORT", object_code="MAPPING", )[0] mapping_as_dict["cruved"] = self.get_mapping_cruved( user_cruved, id_mapping, users_mapping) return mapping_as_dict return None
def cruved_scope_for_user_in_monitoring_module(module_code=None): user = get_user_from_token_and_raise(request) cruved_module = { 'C': '0', 'R': '0', 'U': '0', 'V': '0', 'E': '0', 'D': '0' } # If user not a dict: its a token issue # return the appropriate Response if not isinstance(user, dict): return user # get_monitoring from route parameter monitoring_url module = None herited = False if module_code and module_code != 'null': module = get_module('module_code', module_code) if module: cruved_module, herited = cruved_scope_for_user_in_module( user['id_role'], module.module_code, 'ALL') if not herited: return to_int_cruved(cruved_module) cruved_monitorings, herited = cruved_scope_for_user_in_module( user['id_role'], 'MONITORINGS', 'ALL') if not herited: return to_int_cruved(cruved_monitorings) # return cruved_0, user return to_int_cruved(cruved_monitorings)
def get_acquisition_framework(info_role, id_acquisition_framework): """ Get one AF with nomenclatures .. :quickref: Metadata; :param id_acquisition_framework: the id_acquisition_framework :param type: int :returns: dict<TAcquisitionFramework> """ af = TAcquisitionFramework.query.get_or_404(id_acquisition_framework) if not af.has_instance_permission(scope=int(info_role.value_filter)): raise Forbidden(f"User {g.current_user} cannot read acquisition " "framework {af.id_acquisition_framework}") exclude = request.args.getlist("exclude") try: af_schema = AcquisitionFrameworkSchema(only=[ 'creator', 'nomenclature_territorial_level', 'nomenclature_financing_type', 'cor_af_actor', 'cor_af_actor.nomenclature_actor_role', 'cor_af_actor.organism', 'cor_af_actor.role', 'cor_volets_sinp', 'cor_objectifs', 'cor_territories', 't_datasets', 't_datasets.creator', 't_datasets.nomenclature_data_type', 't_datasets.cor_dataset_actor', 't_datasets.cor_dataset_actor.nomenclature_actor_role', 't_datasets.cor_dataset_actor.organism', 't_datasets.cor_dataset_actor.role', ], exclude=exclude) except ValueError as e: raise BadRequest(str(e)) user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] af_schema.context = {'user_cruved': user_cruved} return af_schema.jsonify(af)
def get_dataset(info_role, id_dataset): """ Get one dataset .. :quickref: Metadata; :param id_dataset: the id_dataset :param type: int :returns: dict<TDataset> """ dataset = TDatasets.query.get_or_404(id_dataset) if not dataset.has_instance_permission(scope=int(info_role.value_filter)): raise Forbidden( f"User {g.current_user} cannot read dataset {dataset.id_dataset}") dataset_schema = DatasetSchema(only=[ 'creator', 'cor_dataset_actor', 'cor_dataset_actor.nomenclature_actor_role', 'cor_dataset_actor.organism', 'cor_dataset_actor.role', 'modules', 'nomenclature_data_type', 'nomenclature_dataset_objectif', 'nomenclature_collecting_method', 'nomenclature_data_origin', 'nomenclature_source_status', 'nomenclature_resource_type', 'cor_territories', 'acquisition_framework', 'acquisition_framework.creator', 'acquisition_framework.cor_af_actor', 'acquisition_framework.cor_af_actor.nomenclature_actor_role', 'acquisition_framework.cor_af_actor.organism', 'acquisition_framework.cor_af_actor.role', ]) user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] dataset_schema.context = {'user_cruved': user_cruved} return dataset_schema.jsonify(dataset)
def test_get_releve_cruved(self): from occtax.backend.models import ReleveModel, VReleveList user_hight = UserRigth(**user_admin) releveInstance = VReleveList(**valide_occ_tax_releve) user_cruved, herited = cruved_scope_for_user_in_module( id_role=user_hight.id_role, module_code='OCCTAX' ) cruved = {'R': '3', 'E': '3', 'C': '3', 'V': '3', 'D': '3', 'U': '3'} assert cruved == user_cruved assert herited == True releve_cruved = releveInstance.get_releve_cruved(user_hight, cruved) user_releve_cruved = {'E': True, 'V': True, 'R': True, 'D': True, 'C': True, 'U': True} assert releve_cruved == user_releve_cruved
def get_dataset_details_dict(id_dataset, session_role): """ Return a dataset from TDatasetDetails model (with all relationships) return also the number of taxon and observation of the dataset Use for get_one datasert """ q = DB.session.query(TDatasetDetails) q = cruved_filter(q, TDatasetDetails, session_role) try: data = q.filter(TDatasetDetails.id_dataset == id_dataset).one() except NoResultFound: return None dataset = data.as_dict(True) imports = requests.get( current_app.config["API_ENDPOINT"] + "/import/by_dataset/" + str(id_dataset), headers={"Cookie": request.headers.get("Cookie")}, # recuperation du token ) if imports.status_code == 200: dataset["imports"] = imports.json() user_cruved = cruved_scope_for_user_in_module( id_role=session_role.id_role, module_code="METADATA", )[0] cruved = data.get_object_cruved( user_cruved=user_cruved, id_object=data.id_dataset, ids_object_user=TDatasets.get_user_datasets(session_role, only_user=True), ids_object_organism=TDatasets.get_user_datasets(session_role, only_user=False), ) dataset["cruved"] = cruved return dataset
def test_get_releve_cruved(self): from occtax.backend.models import ReleveModel, VReleveOccurrence user_hight = UserRigth(**user_admin) releveInstance = VReleveOccurrence(**valide_occ_tax_releve) user_cruved, herited = cruved_scope_for_user_in_module( id_role=user_hight.id_role, module_code="OCCTAX") cruved = {"R": "3", "E": "3", "C": "3", "V": "3", "D": "3", "U": "3"} assert cruved == user_cruved assert herited == True releve_cruved = releveInstance.get_releve_cruved(user_hight, cruved) user_releve_cruved = { "E": True, "V": True, "R": True, "D": True, "C": True, "U": True, } assert releve_cruved == user_releve_cruved
def test_get_releve_cruved(self): from occtax.backend.models import ReleveModel, VReleveList user_hight = UserRigth(**user_admin) releveInstance = VReleveList(**valide_occ_tax_releve) user_cruved, herited = cruved_scope_for_user_in_module( id_role=user_hight.id_role, module_code='OCCTAX') cruved = {'R': '3', 'E': '3', 'C': '3', 'V': '3', 'D': '3', 'U': '3'} assert cruved == user_cruved assert herited == True releve_cruved = releveInstance.get_releve_cruved(user_hight, cruved) user_releve_cruved = { 'E': True, 'V': True, 'R': True, 'D': True, 'C': True, 'U': True } assert releve_cruved == user_releve_cruved
def get_import_list(info_role): """ return import list """ ors = [] q = DB.session.query(TImports).order_by(TImports.id_import) if info_role.value_filter == "1": ors.append(TImports.author.any(id_role=info_role.id_role)) if info_role.value_filter == "2": ors.append(TImports.author.any(id_organisme=info_role.id_organisme)) q = q.filter(or_(*ors)) results = q.all() nrows = None if not results: return {"empty": True}, 200 else: nrows = len(results) user_cruved = cruved_scope_for_user_in_module(info_role.id_role, module_code="IMPORT")[0] return { "empty": False, "history": [r.to_dict(info_role, user_cruved) for r in results] }, 200
def get_af_and_ds_metadata(info_role): """ Get all AF with their datasets The Cruved in only apply on dataset in order to see all the AF where the user have rights with its dataset Use in maplist Add the CRUVED permission for each row (Dataset and AD) .. :quickref: Metadata; :param info_role: add with kwargs :type info_role: TRole :returns: `dict{'data':list<AF with Datasets>, 'with_erros': <boolean>}` """ with_mtd_error = False if current_app.config["CAS_PUBLIC"]["CAS_AUTHENTIFICATION"]: # synchronise the CA and JDD from the MTD WS try: mtd_utils.post_jdd_from_user(id_user=info_role.id_role, id_organism=info_role.id_organisme) except Exception as e: gunicorn_error_logger.info(e) log.error(e) with_mtd_error = True params = request.args.to_dict() params["orderby"] = "dataset_name" datasets = get_datasets_cruved(info_role, params, as_model=True) ids_dataset_user = TDatasets.get_user_datasets(info_role, only_user=True) ids_dataset_organisms = TDatasets.get_user_datasets(info_role, only_user=False) ids_afs_user = TAcquisitionFramework.get_user_af(info_role, only_user=True) ids_afs_org = TAcquisitionFramework.get_user_af(info_role, only_user=False) user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] # get all af from the JDD filtered with cruved or af where users has rights ids_afs_cruved = [ d.id_acquisition_framework for d in get_af_cruved(info_role, as_model=True) ] list_id_af = [d.id_acquisition_framework for d in datasets] + ids_afs_cruved afs = (DB.session.query(TAcquisitionFramework).filter( TAcquisitionFramework.id_acquisition_framework.in_( list_id_af)).order_by( TAcquisitionFramework.acquisition_framework_name).all()) afs_dict = [] # get cruved for each AF and prepare dataset for af in afs: af_dict = af.as_dict() af_dict["cruved"] = af.get_object_cruved( user_cruved=user_cruved, id_object=af.id_acquisition_framework, ids_object_user=ids_afs_user, ids_object_organism=ids_afs_org, ) af_dict["datasets"] = [] afs_dict.append(af_dict) # get cruved for each ds and push them in the af for d in datasets: dataset_dict = d.as_dict() dataset_dict["cruved"] = d.get_object_cruved( user_cruved=user_cruved, id_object=d.id_dataset, ids_object_user=ids_dataset_user, ids_object_organism=ids_dataset_organisms, ) af_of_dataset = get_af_from_id(d.id_acquisition_framework, afs_dict) af_of_dataset["datasets"].append(dataset_dict) afs_resp = {"data": afs_dict} if with_mtd_error: afs_resp["with_mtd_errors"] = True if not datasets: return afs_resp, 404 return afs_resp
def permission_form(info_role, id_module, id_role, id_object=None): #TODO: check post permissions form = None module = DB.session.query(TModules).get(id_module) object_instance = None module_objects = [] if id_object: object_instance = DB.session.query(TObjects).get(id_object) else: object_instance = DB.session.query(TObjects).filter_by(code_object='ALL').first() user = DB.session.query(User).get(id_role) if request.method == 'GET': cruved, herited = cruved_scope_for_user_in_module( id_role=id_role, module_code=module.module_code, object_code=object_instance.code_object, get_id=True ) form = CruvedScopeForm(**cruved) # get the real cruved of user to set a warning real_cruved = DB.session.query(CorRoleActionFilterModuleObject).filter_by( id_module=id_module, id_role=id_role, id_object=object_instance.id_object ).all() if len(real_cruved) == 0 and not module.module_code == 'ADMIN': flash( """ Attention ce role n'a pas encore de CRUVED dans ce module. Celui-ci lui est hérité de son groupe et/ou du module parent GEONATURE """ ) return render_template( 'cruved_scope_form.html', form=form, user=user, module=module, object_instance=object_instance, id_object=id_object, config=current_app.config ) else: form = CruvedScopeForm(request.form) if form.validate_on_submit(): actions_id = { action.code_action: action.id_action for action in DB.session.query(TActions).all() } for code_action, id_action in actions_id.items(): privilege = { 'id_role': id_role, 'id_action': id_action, 'id_module': id_module, 'id_object': object_instance.id_object } # check if a row already exist for a module, a role and an action # force to not set several filter for the same role-action-module-object permission_instance = DB.session.query( CorRoleActionFilterModuleObject ).filter_by( **privilege ).join( TFilters, TFilters.id_filter == CorRoleActionFilterModuleObject.id_filter ).join( BibFiltersType, BibFiltersType.id_filter_type == TFilters.id_filter_type ).filter( BibFiltersType.code_filter_type == 'SCOPE' ).first() # if already exist update the id_filter if permission_instance: permission_instance.id_filter = int(form.data[code_action]) DB.session.merge(permission_instance) else: permission_row = CorRoleActionFilterModuleObject( id_role=id_role, id_action=id_action, id_filter = int(form.data[code_action]), id_module=id_module, id_object=object_instance.id_object ) DB.session.add(permission_row) DB.session.commit() flash( 'CRUVED mis à jour pour le role {}'.format(user.id_role) ) return redirect(url_for('gn_permissions_backoffice.user_cruved', id_role=id_role))
def export_observations_web(info_role): """ Optimized route for observations web export This view is customisable by the administrator Some columns arer mandatory: id_sythese, geojson and geojson_local to generate the exported files Parameters : Via POST: Use a list of id_synthese (in POST parameters) to filter the v_synthese_for_export_view Via GET: 'export_format' str<'csv', 'geojson', 'shapefiles'> """ params = request.args # set default to csv export_format = "csv" export_view = GenericTable( "v_synthese_for_export", "gn_synthese", "the_geom_local", current_app.config["LOCAL_SRID"], ) if "export_format" in params: export_format = params["export_format"] # get list of id synthese from POST id_list = request.get_json() db_cols_for_shape = [] columns_to_serialize = [] # loop over synthese config to get the columns for export for db_col in export_view.db_cols: if db_col.key in current_app.config["SYNTHESE"]["EXPORT_COLUMNS"]: db_cols_for_shape.append(db_col) columns_to_serialize.append(db_col.key) q = DB.session.query(export_view.tableDef).filter( export_view.tableDef.columns.idSynthese.in_(id_list) ) # check R and E CRUVED to know if we filter with cruved cruved = cruved_scope_for_user_in_module(info_role.id_role, module_code="SYNTHESE")[ 0 ] if cruved["R"] > cruved["E"]: # filter on cruved specifying the column # id_dataset, id_synthese, id_digitiser and observer in the v_synthese_for_export_view q = synthese_query.filter_query_with_cruved( export_view.tableDef, q, info_role, id_synthese_column=current_app.config["SYNTHESE"]["EXPORT_ID_SYNTHESE_COL"], id_dataset_column=current_app.config["SYNTHESE"]["EXPORT_ID_DATASET_COL"], observers_column=current_app.config["SYNTHESE"]["EXPORT_OBSERVERS_COL"], id_digitiser_column=current_app.config["SYNTHESE"][ "EXPORT_ID_DIGITISER_COL" ], with_generic_table=True, ) results = q.limit(current_app.config["SYNTHESE"]["NB_MAX_OBS_EXPORT"]) file_name = datetime.datetime.now().strftime("%Y_%m_%d_%Hh%Mm%S") file_name = filemanager.removeDisallowedFilenameChars(file_name) # columns = [db_col.key for db_col in export_view.db_cols] if export_format == "csv": formated_data = [ export_view.as_dict(d, columns=columns_to_serialize) for d in results ] return to_csv_resp( file_name, formated_data, separator=";", columns=columns_to_serialize ) elif export_format == "geojson": features = [] for r in results: geometry = ast.literal_eval( getattr(r, current_app.config["SYNTHESE"]["EXPORT_GEOJSON_4326_COL"]) ) feature = Feature( geometry=geometry, properties=export_view.as_dict(r, columns=columns_to_serialize), ) features.append(feature) results = FeatureCollection(features) return to_json_resp(results, as_file=True, filename=file_name, indent=4) else: try: filemanager.delete_recursively( str(ROOT_DIR / "backend/static/shapefiles"), excluded_files=[".gitkeep"] ) dir_path = str(ROOT_DIR / "backend/static/shapefiles") export_view.as_shape( db_cols=db_cols_for_shape, data=results, geojson_col=current_app.config["SYNTHESE"]["EXPORT_GEOJSON_LOCAL_COL"], dir_path=dir_path, file_name=file_name, ) return send_from_directory(dir_path, file_name + ".zip", as_attachment=True) except GeonatureApiError as e: message = str(e) return render_template( "error.html", error=message, redirect=current_app.config["URL_APPLICATION"] + "/#/synthese", )
def get_export_pdf_dataset(id_dataset, info_role): """ Get a PDF export of one dataset """ datasetSchema = DatasetSchema() user_cruved = cruved_scope_for_user_in_module( id_role=info_role.id_role, module_code="METADATA", )[0] datasetSchema.context = { 'info_role': info_role, 'user_cruved': user_cruved } dataset = DB.session.query(TDatasets).get(id_dataset) if not dataset: raise NotFound('Dataset "{}" does not exist'.format(id_dataset)) dataset = json.loads((datasetSchema.dumps(dataset)).data) #test du droit d'export de l'utilisateur if not dataset.get('cruved').get('E'): return ( render_template( "error.html", error="Vous n'avez pas les droits d'exporter ces informations", redirect=current_app.config["URL_APPLICATION"] + "/#/metadata", ), 404, ) if len(dataset.get("dataset_desc")) > 240: dataset["dataset_desc"] = dataset.get("dataset_desc")[:240] + "..." dataset["css"] = { "logo": "Logo_pdf.png", "bandeau": "Bandeau_pdf.png", "entite": "sinp", } dataset["title"] = current_app.config["METADATA"]["DS_PDF_TITLE"] date = dt.datetime.now().strftime("%d/%m/%Y") dataset["footer"] = { "url": current_app.config["URL_APPLICATION"] + "/#/metadata/dataset_detail/" + id_dataset, "date": date, } filename = "jdd_{}_{}_{}.pdf".format( id_dataset, secure_filename(dataset["dataset_shortname"]), dt.datetime.now().strftime("%d%m%Y_%H%M%S"), ) try: f = open(str(BACKEND_DIR) + "/static/images/taxa.png") f.close() dataset["chart"] = True except IOError: dataset["chart"] = False # Appel de la methode pour generer un pdf pdf_file = fm.generate_pdf("dataset_template_pdf.html", dataset, filename) pdf_file_posix = Path(pdf_file) return send_from_directory(str(pdf_file_posix.parent), pdf_file_posix.name, as_attachment=True)