def formfield_for_foreignkey(self, db_field, request, **kwargs): if db_field.name in ("subject_field", "broader_concept"): inner_qs = get_objects_for_user(request.user, ['is_lexicographer_in_this_glossary'], Glossary, False) kwargs["queryset"] = Concept.objects.filter(glossary__in=inner_qs) if db_field.name == "glossary": kwargs["queryset"] = get_objects_for_user(request.user, ['is_lexicographer_in_this_glossary'], Glossary, False) return super(ConceptAdmin, self).formfield_for_foreignkey(db_field, request, **kwargs)
def get_context(self): super_context = super(self.__class__,self).get_context() agents = Agent.objects.filter(enabled=True).order_by("name") actions = {} if not self.user.is_superuser: if self.user.has_perm('agent.show_widget_agent'): agents = get_objects_for_user(self.user, 'use_agent', Agent).filter(enabled=True).order_by("name") #Fix added to filter agents actions on set acls for agent in agents: if not self.user.is_superuser: current_actions = get_objects_for_user(self.user, 'use_action', Action).filter(agent=agent).order_by("name") actions[agent.name] = current_actions if not actions: agents = {} else: agents = {} operations = Operation.objects.filter(enabled=True).order_by("name") if not self.user.is_superuser: operations = get_objects_for_user(self.user, 'execute_operation', Operation).filter(enabled=True).order_by("name") context_operations = kermit_modules.extract(ContextOperation) automatic_operations = {} if context_operations: for c_op in context_operations: if c_op.get_enabled(self.user): menu_name = "Undefined" if c_op.get_type(): menu_name = c_op.get_type() if not menu_name in automatic_operations: automatic_operations[menu_name] = [] automatic_operations[menu_name].extend(c_op.get_operations()) else: logger.debug("Excluding operation %s. Not enabled for user %s" % (c_op.get_type(), self.user)) widget_context = {"agents":agents, "operations":operations, "actions": actions, 'automatic_operations':automatic_operations} return dict(super_context.items() + widget_context.items())
def post(self, request, *args, **kwargs): if request.POST.get("update_user_list"): form = ActivityAndUsersForm(request.POST, initial={ "user": request.user, "activities": get_objects_for_user(request.user, "administer_activity", mycoracle_models.ActivityProfile) }) mycoracle_models.ActivityProfile = mycoracle_models.ActivityProfile.objects.get(pk=form["activities"].value) request.session["organisation_users_current_activity"] = mycoracle_models.ActivityProfile return redirect(reverse("organization_users_add_from_brand", args=(self.organization.id,))) elif request.POST.get("save_group_users"): form = ActivityAndUsersForm(request.POST, initial={ "user": request.user, "activities": get_objects_for_user(request.user, "administer_activity", mycoracle_models.ActivityProfile) }) c = 0 for u in form["users"].value(): try: user = User.objects.get(pk=int(u)) self.organization.add_user(user) c += 1 except IntegrityError as ie: messages.warning(request, ie.message) except User.DoesNotExist: messages.error(request, _(u"This user ({0}) does not exist".format(u))) messages.success(request, "{0} users added to group {1}".format(c, self.organization)) return redirect(reverse("organization_user_list", args=(self.organization.id,)))
def validate_ip_address(self, value): ip_address = value if ip_address: user_pools = get_objects_for_user( self.context['request'].user, ['network.add_records_to_pool', 'network.change_pool'], any_perm=True ) user_nets = get_objects_for_user( self.context['request'].user, ['network.add_records_to_network', 'network.is_owner_network', 'network.change_network'], any_perm=True ) # Check address that are assigned and free to use addresses = Address.objects.filter( Q(pool__in=user_pools) | Q(pool__isnull=True) | Q(network__in=user_nets), Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()), Q(host__isnull=True) | Q(host=self.instance), address=ip_address, reserved=False ).values_list('address', flat=True) if ip_address not in addresses: raise serializers.ValidationError("The IP Address '%s' is reserved, in use, or not allowed." % ip_address) return value
def __init__(self, *args, **kwargs): self.instance = kwargs.pop('instance') super(UserForm, self).__init__(*args, **kwargs) self.can_use = get_objects_for_user(self.instance, 'can_use', DataSeries) self.can_view = get_objects_for_user(self.instance, 'can_view', DataSeries) self.initial['usable_countries']=[i.pk for i in self.can_use] self.initial['read_countries']=[i.pk for i in self.can_view]
def get_document_selection(request): minutes = get_objects_for_user( request.user, MinutesDocument.VIEW_PERMISSION_NAME, klass=MinutesDocument.objects.all() ) information_documents = get_objects_for_user( request.user, InformationDocument.VIEW_PERMISSION_NAME, klass=InformationDocument.objects.all() ) polls = get_objects_for_user( request.user, Poll.VIEW_PERMISSION_NAME, klass=Poll.objects.all() ) template = loader.get_template("search_api.json") return template.render( { 'minutes': minutes, 'information_documents': information_documents, 'polls': polls, 'id_only': True, }, request, )
def home(request): if request.user.is_superuser: users = User.objects.all() else: users = [] if not request.user.is_authenticated(): group = ExtendedGroup.objects.public_group() projects = get_objects_for_group( group, "core.read_project" ).filter( is_catch_all=False ) workflow_engines = get_objects_for_group( group, "core.read_workflowengine" ) data_sets = get_objects_for_group( group, "core.read_dataset" ) workflows = get_objects_for_group( group, "core.read_workflow" ).filter( is_active=True ) unassigned_analyses = [] else: projects = get_objects_for_user( request.user, "core.read_project" ).filter( is_catch_all=False ) try: unassigned_analyses = request.user.get_profile().catch_all_project.analyses.all().order_by( "-time_start" ) except: unassigned_analyses = [] logger.warning( "User " + request.user + " does not have a \"catch all\" project." ) workflow_engines = get_objects_for_user( request.user, "core.read_workflowengine" ) workflows = get_objects_for_user( request.user, "core.read_workflow" ).filter( is_active=True ) data_sets = get_objects_for_user( request.user, "core.read_dataset" ) return render_to_response('core/home.html', {'users': users, 'projects': projects, 'unassigned_analyses': unassigned_analyses, 'workflow_engines': workflow_engines, 'workflows': workflows, 'data_sets': data_sets }, context_instance=RequestContext( request ) )
def test_groups_perms(self): group1 = Group.objects.create(name="group1") group2 = Group.objects.create(name="group2") group3 = Group.objects.create(name="group3") groups = [group1, group2, group3] for group in groups: self.user.groups.add(group) # Objects to operate on ctypes = list(ContentType.objects.all().order_by("id")) assign_perm("auth.change_group", self.user) assign_perm("change_contenttype", self.user, ctypes[0]) assign_perm("change_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[1]) assign_perm("delete_contenttype", self.user, ctypes[2]) assign_perm("change_contenttype", groups[0], ctypes[3]) assign_perm("change_contenttype", groups[1], ctypes[3]) assign_perm("change_contenttype", groups[2], ctypes[4]) assign_perm("delete_contenttype", groups[0], ctypes[0]) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"]) self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4])) objects = get_objects_for_user( self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"] ) self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1])) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"]) self.assertEqual(set(objects.values_list("id", flat=True)), set(ctypes[i].id for i in [0, 1, 3, 4]))
def choices_for_request(self): user_pools = get_objects_for_user( self.request.user, ["network.add_records_to_pool", "network.change_pool"], any_perm=True, ) user_nets = get_objects_for_user( self.request.user, [ "network.add_records_to_network", "network.is_owner_network", "network.change_network", ], any_perm=True, ) self.choices = Address.objects.filter( Q(pool__in=user_pools) | Q(pool__isnull=True), Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()), network__in=user_nets, host__isnull=True, reserved=False, ) return super(AddressAvailableAutocomplete, self).choices_for_request()
def get_queryset(self,request): print "Queryset called" if request.user.is_superuser: return super(ProjectAdmin,self).get_queryset(request) projects = get_objects_for_user(request.user,'project_head',klass=Project)|get_objects_for_user(request.user,'collaborator',klass=Project) print projects return projects
def dehydrate(self, bundle): anonymous_user = get_user_model().objects.get(username='******') resources_with_view_permission = get_objects_for_user(bundle.request.user, 'catalog.view_resource')\ | get_objects_for_user(anonymous_user, 'catalog.view_resource') category_res_with_view_perm = (bundle.obj.resource_set.all() & resources_with_view_permission) bundle.data['resource_count'] = category_res_with_view_perm.count() return bundle
def handle(self, *args, **options): users = ['shaneshifflett', 'crondino'] requests = [1317] for usr in users: group = Group.objects.get(name=usr) user = User.objects.get(username=usr) print get_objects_for_user(user)
def by_dns_change_perms(self, user, pk=None): if user.has_perm('network.change_network') or user.has_perm('network.is_owner_network'): if pk: qs = self.filter(pk=pk) return qs[0] if qs else None else: return self.all() else: host_perms = get_objects_for_user( user, ['hosts.is_owner_host', 'hosts.change_host'], any_perm=True ).values_list('pk', flat=True) network_perms = get_objects_for_user( user, ['network.is_owner_network', 'network.add_records_to_network', 'network.change_network'], any_perm=True ).values_list('pk', flat=True) qs = self.filter( Q(host__mac__in=list(host_perms)) | Q(network__network__in=list(network_perms)) ) if pk: qs = qs.filter(pk=pk).first() return qs
def test_groups_perms(self): group1 = Group.objects.create(name="group1") group2 = Group.objects.create(name="group2") group3 = Group.objects.create(name="group3") groups = [group1, group2, group3] for group in groups: self.user.groups.add(group) # Objects to operate on ctypes = dict(((ct.id, ct) for ct in ContentType.objects.all())) assign("change_contenttype", self.user, ctypes[1]) assign("change_contenttype", self.user, ctypes[2]) assign("delete_contenttype", self.user, ctypes[2]) assign("delete_contenttype", self.user, ctypes[3]) assign("change_contenttype", groups[0], ctypes[4]) assign("change_contenttype", groups[1], ctypes[4]) assign("change_contenttype", groups[2], ctypes[5]) assign("delete_contenttype", groups[0], ctypes[1]) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"]) self.assertEqual(set(objects.values_list("id", flat=True)), set([1, 2, 4, 5])) objects = get_objects_for_user( self.user, ["contenttypes.change_contenttype", "contenttypes.delete_contenttype"] ) self.assertEqual(set(objects.values_list("id", flat=True)), set([1, 2])) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"]) self.assertEqual(set(objects.values_list("id", flat=True)), set([1, 2, 4, 5]))
def dashboard(request): # allowed filters for clusters default_filter = 'active' clusters_filters = ['active', 'terminated', 'failed', 'all'] # the cluster filter defaults to active ones clusters_shown = request.GET.get('clusters', default_filter) if clusters_shown not in clusters_filters: clusters_shown = default_filter # get the model manager method depending on the cluster filter # and call it to get the base queryset clusters = get_objects_for_user( request.user, 'clusters.view_cluster', getattr(Cluster.objects, clusters_shown)().order_by('-start_date'), use_groups=False, with_superuser=False, ) spark_jobs = get_objects_for_user( request.user, 'jobs.view_sparkjob', SparkJob.objects.all().order_by('-start_date'), use_groups=False, with_superuser=False, ) context = { 'clusters': clusters, 'clusters_shown': clusters_shown, 'clusters_filters': clusters_filters, 'spark_jobs': spark_jobs, } return render(request, 'atmo/dashboard.html', context=context)
def get_queryset(self): gp_can_view = get_objects_for_user( self.request.user, 'ojuser.view_groupprofile', with_superuser=True ) self.problem_can_view_qs = Problem.objects.filter(groups__in=gp_can_view).distinct() gp_can_change = get_objects_for_user( self.request.user, 'ojuser.change_groupprofile', with_superuser=True ) self.problem_can_change_qs = Problem.objects.filter(groups__in=gp_can_change).distinct() groups_can_delete = get_objects_for_user( self.request.user, 'problem.delete_problem', with_superuser=True ) self.problem_can_delete_qs = Problem.objects.filter(pk__in=groups_can_delete).distinct() self.problem_can_change_qs |= self.problem_can_delete_qs self.problem_can_view_qs |= self.problem_can_change_qs self.filter = ProblemFilter( self.request.GET, queryset=self.problem_can_view_qs, user=self.request.user ) return self.filter.qs
def get_tree_nodes(self, user, level, path): logger.info("Calling get_tree_nodes for level: " + str(level)) if settings.FILTERS_CLASS: classes = get_objects_for_user(user, 'access_puppet_class', PuppetClass).filter(enabled=True, level=level+1) else: classes = PuppetClass.objects.filter(enabled=True, level=level+1) data = [] if path: path = path.replace('_', '/') else: path = '' for puppetclass in classes: test_path=path+'/'+puppetclass.name servers = Server.objects.filter(puppet_path__startswith=test_path) if user != 'fooUser': if not user.is_superuser and settings.FILTERS_SERVER: servers = get_objects_for_user(user, 'use_server', Server).filter(puppet_path__startswith=test_path) if len(servers)>0: content = {"isFolder": "true", "isLazy": "false", "title": puppetclass.name, "level":puppetclass.level, "key":puppetclass.name, "filtername":puppetclass.name} data.append(content) else: logger.info("Excluding class " + str(puppetclass) + " because there are no server inside") #We cannot use / inside rest url, so / was substituted by _ #Here we revert this change to obtain a correct path logger.info("Looking for servers in path: " + path) servers = Server.objects.filter(puppet_path=path, deleted=False) if user != 'fooUser': if not user.is_superuser and settings.FILTERS_SERVER: servers = get_objects_for_user(user, 'use_server', Server).filter(puppet_path=path, deleted=False) for server in servers: serverdata = {"title":server.fqdn, "url": settings.BASE_URL + "/server/details/"+server.hostname+"/", "key":server.fqdn, "filtername":server.hostname} data.append(serverdata) return json.dumps(data)
def post(self, request, *args, **kwargs): if request.POST.get("update_user_list"): form = ActivityAndUsersForm(request.POST, initial={ "user": request.user, "activities": get_objects_for_user(request.user, "administer_activity", ActivityProfile) }) activityProfile = ActivityProfile.objects.get(pk=form["activities"].value) request.session["organisation_users_current_activity"] = activityProfile return redirect(reverse("organization_users_add_from_activity", args=(self.organization.id,))) elif request.POST.get("save_group_users"): form = ActivityAndUsersForm(request.POST, initial={ "user": request.user, "activities": get_objects_for_user(request.user, "administer_activity", ActivityProfile) }) for u in form["users"].value(): try: user = User.objects.get(int(u)) self.organization.add_user(user) url = reverse("organization_detail", kwargs={"organization_pk": self.organization.pk}) if self.organization.send_signup_message and not self.organization.is_hidden: utils.learning_line_post_message(request.user, User.objects.get(pk=int(u)), DefaultFormatter().format(self.organization.signup_message, self.organization.name, "http://%s%s" % ( request.META["HTTP_HOST"], url))) except IntegrityError as ie: messages.warning(request, ie.message) except User.DoesNotExist: messages.error(request, _(u"This user ({0}) does not exist".format(u))) return redirect(reverse("organization_user_list", args=(self.organization.id,)))
def by_change_perms(self, user, pk=None, ids_only=False): # If global permission set, then return all. if user.has_perm("hosts.change_host") or user.has_perm("hosts.is_owner_host"): if pk: qs = self.filter(pk=pk) return qs[0] if qs else None else: return self.all() else: host_perms = get_objects_for_user( user, ["hosts.is_owner_host", "hosts.change_host"], any_perm=True ).values_list("mac", flat=True) domain_perms = get_objects_for_user( user, ["dns.is_owner_domain", "dns.change_domain"], any_perm=True ).values_list("name", flat=True) network_perms = get_objects_for_user( user, ["network.is_owner_network", "network.change_network"], any_perm=True, ).values_list("network", flat=True) perms_q_list = [Q(hostname__endswith=name) for name in domain_perms] perms_q_list.append(Q(mac__in=host_perms)) perms_q_list.append(Q(addresses__network__in=network_perms)) qs = self.filter(reduce(operator.or_, perms_q_list)) if pk: qs = qs.filter(pk=pk).first() if ids_only: return tuple([host.pk for host in qs]) else: return qs
def extend_projects(user, projects): """ Adds the properties is_editable and is_catalogueable to all projects passed. """ # Create sets of projects that are administrable and annotatable # by the current user and unify them to one set. This will only # work for authenticated users (i.e. not AnonymousUser) administrable_projects = set(get_objects_for_user(user, 'can_administer', Project)) annotatable_projects = set(get_objects_for_user(user, 'can_annotate', Project)) administrable_projects.union(annotatable_projects) # Just for readability, have another reference to the union editable_projects = administrable_projects # Find all the projects that are editable: catalogueable_projects = set(x.project.id for x in \ Class.objects.filter(class_name='driver_line').select_related('project')) result = [] for p in projects: ex_p = ExProject(p, user.is_superuser or p in editable_projects, p.id in catalogueable_projects) result.append(ex_p) return result
def get(self, request, *args, **kwargs): ctx = {} ctx['requests'] = ShowRequest.objects.filter(user=request.user,status="NEW") ctx['reviews'] = ShowRequest.objects.filter(status="NEW") ctx['shows'] = get_objects_for_user(request.user, 'radioportal.change_show', Show).extra( select={'lower_name': 'lower(name)'}).order_by('lower_name') ctx['channels'] = get_objects_for_user(request.user, 'radioportal.change_channel').order_by('cluster') return self.render_to_response(ctx)
def is_authorised(self, nick, chan, capability): user = None for d in self.users: if nick.lower() == d['nick']: user = d['object'] break if not user: return False if user.is_superuser: return True # do a quick assert to make sure we have a valid permissions, #if not the code is broken. if chan == '#': assert self._perm_exists(NetworkPermissions, capability) else: # Permissions don't make sense with regard to # a private message window so we shouldn't be # asking... assert chan[0] == '#' assert self._perm_exists(RoomPermissions, capability) # Test if user is a bot_admin and if so they always # have the capability try: net_perm = NetworkPermissions.objects.get(network=self.network) except NetworkPermissions.DoesNotExist: net_perm = None if net_perm: qs = get_objects_for_user(user, "bot_admin", NetworkPermissions) if qs.filter(network=self.network).exists(): return True if chan == '#': qs = get_objects_for_user(user, capability, NetworkPermissions) permission = qs.filter(network=self.network).exists() return permission else: # Test if user is a room_admin for the room in question # and if so they always have the capability try: room_perm = RoomPermissions.objects.get(network=self.network, room=chan.lower()) except RoomPermissions.DoesNotExist: return False qs = get_objects_for_user(user, 'room_admin', RoomPermissions) permission = qs.filter(network=self.network, room=chan.lower()).exists() if permission: return True qs = get_objects_for_user(user, capability, RoomPermissions) permission = qs.filter(network=self.network, room=chan.lower()).exists() return permission
def get_all_user_objects(user, permissions, klass,use_groups=True,any_perm=False): qs = get_objects_for_user(user,permissions,klass,use_groups,any_perm) if not hasattr(klass,'get_all_objects'): return qs params = {klass.__name__: qs.values_list('id', flat=True)} for inherited in klass.inherited_classes: qs = get_objects_for_user(user,permissions,inherited,use_groups,any_perm) params[inherited.__name__]=qs.values_list('id', flat=True) return klass.get_all_objects(params)
def test_anonymous(self): self.user = AnonymousUser() ctypes = ContentType.objects.all() objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes) obj1 = ContentType.objects.create(name="ct1", model="foo", app_label="guardian-tests") assign_perm("change_contenttype", self.user, obj1) objects = get_objects_for_user(self.user, ["contenttypes.change_contenttype"], ctypes) self.assertEqual(set([obj1]), set(objects))
def layer_acls(request): """ returns json-encoded lists of layer identifiers that represent the sets of read-write and read-only layers for the currently authenticated user. """ # the layer_acls view supports basic auth, and a special # user which represents the geoserver administrator that # is not present in django. acl_user = request.user if 'HTTP_AUTHORIZATION' in request.META: try: username, password = _get_basic_auth_info(request) acl_user = authenticate(username=username, password=password) # Nope, is it the special geoserver user? if (acl_user is None and username == ogc_server_settings.USER and password == ogc_server_settings.PASSWORD): # great, tell geoserver it's an admin. result = { 'rw': [], 'ro': [], 'name': username, 'is_superuser': True, 'is_anonymous': False } return HttpResponse(json.dumps(result), mimetype="application/json") except Exception: pass if acl_user is None: return HttpResponse(_("Bad HTTP Authorization Credentials."), status=401, mimetype="text/plain") # Include permissions on the anonymous user all_readable = get_objects_for_user(acl_user, 'base.view_resourcebase') all_writable = get_objects_for_user(acl_user, 'base.change_resourcebase') read_only = [x.layer.typename for x in all_readable if x not in all_writable and hasattr(x, 'layer')] read_write = [x.layer.typename for x in all_writable if x in all_readable and hasattr(x, 'layer')] result = { 'rw': read_write, 'ro': read_only, 'name': acl_user.username, 'is_superuser': acl_user.is_superuser, 'is_anonymous': acl_user.is_anonymous(), } if acl_user.is_authenticated(): result['fullname'] = acl_user.first_name result['email'] = acl_user.email return HttpResponse(json.dumps(result), mimetype="application/json")
def get_enabled(self, user): if not user.is_superuser: agents = get_objects_for_user(user, 'use_agent', Agent).filter(enabled=True, name="oracledb") if len(agents)==1: action = get_objects_for_user(user, 'use_action', Action).filter(agent=agents[0], name="export_database") return action and len(action)==1 else: return False else: return True
def get_enabled(self, user): if not user.is_superuser: agents = get_objects_for_user(user, 'use_agent', Agent).filter(enabled=True, name="a7xoas") if len(agents)==1: action = get_objects_for_user(user, 'use_action', Action).filter(agent=agents[0], name="add_pool") return action and len(action)==1 else: return False else: return True
def get_queryset(self): qs = super(MessageListView, self).get_queryset() channel_type = ContentType.objects.get_for_model(Channel) channel_ids = get_objects_for_user(self.request.user, 'change_channel', klass=Channel).values_list('id', flat=True) channel_q = Q(content_type__pk=channel_type.id, object_id__in=channel_ids) show_type = ContentType.objects.get_for_model(Show) show_ids = get_objects_for_user(self.request.user, 'change_show', klass=Show).values_list('id', flat=True) show_q = Q(content_type__pk=show_type.id, object_id__in=show_ids) return qs.filter(channel_q | show_q)
def test_anonymous(self): self.user = AnonymousUser() ctypes = ContentType.objects.all() objects = get_objects_for_user(self.user, ['contenttypes.change_contenttype'], ctypes) obj1 = ContentType.objects.create(model='foo', app_label='guardian-tests') assign_perm('change_contenttype', self.user, obj1) objects = get_objects_for_user(self.user, ['contenttypes.change_contenttype'], ctypes) self.assertEqual(set([obj1]), set(objects))
def user_edit_allowed(request): result = {} result['user_edit_allowed'] = {} if (not request.user.is_superuser) and request.user.is_authenticated(): groups = get_objects_for_user(request.user, 'data.edit_group_timetable') teachers = get_objects_for_user(request.user, 'data.edit_teacher_timetable') result['user_edit_allowed']['groups'] = groups result['user_edit_allowed']['teachers'] = teachers return result
def csw_global_dispatch(request): """pycsw wrapper""" # this view should only operate if pycsw_local is the backend # else, redirect to the URL of the non-pycsw_local backend if settings.CATALOGUE['default'][ 'ENGINE'] != 'geonode.catalogue.backends.pycsw_local': return HttpResponseRedirect(settings.CATALOGUE['default']['URL']) mdict = dict(settings.PYCSW['CONFIGURATION'], **CONFIGURATION) access_token = None if request and request.user: access_token = get_or_create_token(request.user) if access_token and access_token.is_expired(): access_token = None absolute_uri = ('%s' % request.build_absolute_uri()) query_string = ('%s' % request.META['QUERY_STRING']) env = request.META.copy() if access_token and not access_token.is_expired(): env.update({'access_token': access_token.token}) if 'access_token' not in query_string: absolute_uri = ('%s&access_token=%s' % (absolute_uri, access_token.token)) query_string = ('%s&access_token=%s' % (query_string, access_token.token)) env.update({ 'local.app_root': os.path.dirname(__file__), 'REQUEST_URI': absolute_uri, 'QUERY_STRING': query_string }) # Save original filter before doing anything mdict_filter = mdict['repository']['filter'] try: # Filter out Layers not accessible to the User authorized_ids = [] if request.user: profiles = get_user_model().objects.filter( username=str(request.user)) else: profiles = get_user_model().objects.filter( username="******") if profiles: authorized = list( get_objects_for_user(profiles[0], 'base.view_resourcebase').values('id')) layers = ResourceBase.objects.filter( id__in=[d['id'] for d in authorized]) if layers: authorized_ids = [d['id'] for d in authorized] if len(authorized_ids) > 0: authorized_layers = "(" + (", ".join( str(e) for e in authorized_ids)) + ")" authorized_layers_filter = "id IN " + authorized_layers mdict['repository']['filter'] += " AND " + authorized_layers_filter if request.user and request.user.is_authenticated: mdict['repository']['filter'] = "({}) OR ({})".format( mdict['repository']['filter'], authorized_layers_filter) else: authorized_layers_filter = "id = -9999" mdict['repository']['filter'] += " AND " + authorized_layers_filter # Filter out Documents and Maps if 'ALTERNATES_ONLY' in settings.CATALOGUE[ 'default'] and settings.CATALOGUE['default']['ALTERNATES_ONLY']: mdict['repository']['filter'] += " AND alternate IS NOT NULL" # Filter out Layers belonging to specific Groups is_admin = False if request.user: is_admin = request.user.is_superuser if request.user else False if not is_admin and settings.GROUP_PRIVATE_RESOURCES: groups_ids = [] if request.user and request.user.is_authenticated: for group in request.user.groups.all(): groups_ids.append(group.id) group_list_all = [] try: group_list_all = request.user.group_list_all().values( 'group') except Exception: pass for group in group_list_all: if isinstance(group, dict): if 'group' in group: groups_ids.append(group['group']) else: groups_ids.append(group.id) public_groups = GroupProfile.objects.exclude( access="private").values('group') for group in public_groups: if isinstance(group, dict): if 'group' in group: groups_ids.append(group['group']) else: groups_ids.append(group.id) if len(groups_ids) > 0: groups = "(" + (", ".join(str(e) for e in groups_ids)) + ")" groups_filter = "(group_id IS NULL OR group_id IN " + groups + ")" mdict['repository']['filter'] += " AND " + groups_filter else: groups_filter = "group_id IS NULL" mdict['repository']['filter'] += " AND " + groups_filter csw = server.Csw(mdict, env, version='2.0.2') content = csw.dispatch_wsgi() # pycsw 2.0 has an API break: # pycsw < 2.0: content = xml_response # pycsw >= 2.0: content = [http_status_code, content] # deal with the API break if isinstance(content, list): # pycsw 2.0+ content = content[1] spaces = { 'csw': 'http://www.opengis.net/cat/csw/2.0.2', 'dc': 'http://purl.org/dc/elements/1.1/', 'dct': 'http://purl.org/dc/terms/', 'gmd': 'http://www.isotc211.org/2005/gmd', 'gml': 'http://www.opengis.net/gml', 'ows': 'http://www.opengis.net/ows', 'xs': 'http://www.w3.org/2001/XMLSchema', 'xsi': 'http://www.w3.org/2001/XMLSchema-instance', 'ogc': 'http://www.opengis.net/ogc', 'gco': 'http://www.isotc211.org/2005/gco', 'gmi': 'http://www.isotc211.org/2005/gmi' } for prefix, uri in spaces.items(): ET.register_namespace(prefix, uri) if access_token and not access_token.is_expired(): tree = dlxml.fromstring(content) for online_resource in tree.findall('*//gmd:CI_OnlineResource', spaces): try: linkage = online_resource.find('gmd:linkage', spaces) for url in linkage.findall('gmd:URL', spaces): if url.text: if '?' not in url.text: url.text += "?" else: url.text += "&" url.text += ("access_token=%s" % (access_token.token)) url.set('updated', 'yes') except Exception: pass content = ET.tostring(tree, encoding='utf8', method='xml') finally: # Restore original filter before doing anything mdict['repository']['filter'] = mdict_filter return HttpResponse(content, content_type=csw.contenttype)
def clean(self): from openipam.dns.models import DnsRecord, DnsType from openipam.network.models import Address # Perform check to on hostname to not let users create a host if self.hostname and self.hostname != self.original_hostname: existing_hostname = Host.objects.filter(hostname=self.hostname).first() if existing_hostname: raise ValidationError( "The hostname '%s' already exists." % (self.hostname) ) existing_dns_hostname = ( DnsRecord.objects.filter( dns_type__in=[DnsType.objects.A, DnsType.objects.AAAA], name=self.hostname, ) .exclude(host=self) .first() ) if existing_dns_hostname: raise ValidationError( "DNS Records already exist for this hostname: %s. " " Please contact an IPAM Administrator." % (self.hostname) ) # Perform permission checks if user is attached to this instance # Domain permission checks if hostname has changed if self.hostname and self.hostname != self.original_hostname: domain_from_host = self.hostname.split(".")[1:] domain_from_host = ".".join(domain_from_host) valid_domain = get_objects_for_user( self.user, [ "dns.add_records_to_domain", "dns.is_owner_domain", "dns.change_domain", ], any_perm=True, ).filter(name=domain_from_host) if not valid_domain: raise ValidationError( "Insufficient permissions to add hosts " "for domain: %s. Please contact an IPAM Administrator." % domain_from_host ) # Pool and Network permission checks # Check for pool assignment and perms if self.address_type and self.address_type.pool: valid_pools = get_objects_for_user( self.user, ["network.add_records_to_pool", "network.change_pool"], any_perm=True, ) if self.address_type.pool not in valid_pools: raise ValidationError( "Insufficient permissions to add hosts to " "the assigned pool: %s. Please contact an IPAM Administrator." % self.address_type.pool ) # If network defined check for address assignment and perms if self.network: valid_network = get_objects_for_user( self.user, [ "network.add_records_to_network", "network.is_owner_network", "network.change_network", ], any_perm=True, ) if self.network.network not in [ network.network for network in valid_network ]: raise ValidationError( "Insufficient permissions to add hosts to " "the assigned network: %s. Please contact an IPAM Administrator." % self.network.network ) # If IP Address defined, check validity and perms if self.ip_address: ip_address = self.ip_address user_pools = get_objects_for_user( self.user, ["network.add_records_to_pool", "network.change_pool"], any_perm=True, ) user_nets = get_objects_for_user( self.user, [ "network.add_records_to_network", "network.is_owner_network", "network.change_network", ], any_perm=True, ) # Make sure this is valid. validate_ipv46_address(ip_address) address = Address.objects.filter( Q(pool__in=user_pools) | Q(pool__isnull=True) | Q(network__in=user_nets), Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()) | Q(leases__host=self), Q(host__isnull=True) | Q(host=self), address=ip_address, reserved=False, ) if not address: raise ValidationError( "The IP Address is reserved, in use, or not allowed. " "Please contact an IPAM Administrator." )
def get_search(self, request, **kwargs): self.method_check(request, allowed=['get']) self.is_authenticated(request) self.throttle_check(request) # Get the list of objects that matches the filter sqs = self.build_haystack_filters(request.GET) if not settings.SKIP_PERMS_FILTER: filter_set = get_objects_for_user( request.user, 'base.view_resourcebase') filter_set = get_visible_resources( filter_set, request.user if request else None, admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, unpublished_not_visible=settings.RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES) filter_set_ids = filter_set.values_list('id') # Do the query using the filterset and the query term. Facet the # results if len(filter_set) > 0: sqs = sqs.filter(id__in=filter_set_ids).facet('type').facet('subtype').facet( 'owner') .facet('keywords').facet('regions').facet('category') else: sqs = None else: sqs = sqs.facet('type').facet('subtype').facet( 'owner').facet('keywords').facet('regions').facet('category') if sqs: # Build the Facet dict facets = {} for facet in sqs.facet_counts()['fields']: facets[facet] = {} for item in sqs.facet_counts()['fields'][facet]: facets[facet][item[0]] = item[1] # Paginate the results paginator = Paginator(sqs, request.GET.get('limit')) try: page = paginator.page( int(request.GET.get('offset') or 0) / int(request.GET.get('limit') or 0 + 1)) except InvalidPage: raise Http404("Sorry, no results on that page.") if page.has_previous(): previous_page = page.previous_page_number() else: previous_page = 1 if page.has_next(): next_page = page.next_page_number() else: next_page = 1 total_count = sqs.count() objects = page.object_list else: next_page = 0 previous_page = 0 total_count = 0 facets = {} objects = [] object_list = { "meta": { "limit": settings.CLIENT_RESULTS_LIMIT, "next": next_page, "offset": int(getattr(request.GET, 'offset', 0)), "previous": previous_page, "total_count": total_count, "facets": facets, }, "objects": [self.get_haystack_api_fields(x) for x in objects], } self.log_throttled_access(request) return self.create_response(request, object_list)
def test_ensure_returns_queryset(self): objects = get_objects_for_user(self.user, ['auth.change_group']) self.assertTrue(isinstance(objects, QuerySet))
def test_perms_single(self): perm = 'auth.change_group' assign(perm, self.user, self.group) self.assertEqual(set(get_objects_for_user(self.user, perm)), set(get_objects_for_user(self.user, [perm])))
def test_processingnodes(self): client = APIClient() pnode = ProcessingNode.objects.create(hostname="localhost", port=999) another_pnode = ProcessingNode.objects.create(hostname="localhost", port=998) # Cannot list processing nodes as guest res = client.get('/api/processingnodes/') self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN) res = client.get('/api/processingnodes/{}/'.format(pnode.id)) self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN) # Cannot get options as guest res = client.get('/api/processingnodes/options/') self.assertEqual(res.status_code, status.HTTP_403_FORBIDDEN) client.login(username="******", password="******") # Cannot list processing nodes, unless permissions have been granted res = client.get('/api/processingnodes/') self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 0) user = User.objects.get(username="******") self.assertFalse(user.is_staff) self.assertFalse(user.is_superuser) self.assertFalse(user.has_perm('view_processingnode', pnode)) assign_perm('view_processingnode', user, pnode) self.assertTrue(user.has_perm('view_processingnode', pnode)) # Now we can list processing nodes as normal user res = client.get('/api/processingnodes/') self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 1) self.assertTrue(res.data[0]["hostname"] == "localhost") # Can use filters res = client.get('/api/processingnodes/?id={}'.format(pnode.id)) self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 1) res = client.get('/api/processingnodes/?id={}'.format( another_pnode.id)) self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 0) # Can filter nodes with valid options res = client.get('/api/processingnodes/?has_available_options=true') self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 0) res = client.get('/api/processingnodes/?has_available_options=false') self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 1) self.assertTrue(res.data[0]['hostname'] == 'localhost') # Can get single processing node as normal user res = client.get('/api/processingnodes/{}/'.format(pnode.id)) self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(res.data["hostname"] == "localhost") # Verify online field exists self.assertTrue("online" in res.data) # Should be set to false self.assertFalse(res.data['online']) # Cannot delete a processing node as normal user res = client.delete('/api/processingnodes/{}/'.format(pnode.id)) self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN) # Cannot create a processing node as normal user res = client.post('/api/processingnodes/', { 'hostname': 'localhost', 'port': '1000' }) self.assertTrue(res.status_code, status.HTTP_403_FORBIDDEN) client.login(username="******", password="******") # Can delete a processing node as super user res = client.delete('/api/processingnodes/{}/'.format(pnode.id)) self.assertTrue(res.status_code, status.HTTP_200_OK) # Can create a processing node as super user res = client.post('/api/processingnodes/', { 'hostname': 'localhost', 'port': '1000' }) self.assertTrue(res.status_code, status.HTTP_200_OK) # Verify node has been created res = client.get('/api/processingnodes/') self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 2) self.assertTrue(res.data[1]["port"] == 1000) # Test available_options intersection # (with normal user) client.login(username="******", password="******") user = User.objects.get(username="******") self.assertFalse(user.is_superuser) p1 = ProcessingNode.objects.create(hostname="invalid-host", port=11223, last_refreshed=timezone.now(), available_options=[{ 'name': 'a' }, { 'name': 'b' }]) p2 = ProcessingNode.objects.create(hostname="invalid-host-2", port=11223, last_refreshed=timezone.now(), available_options=[{ 'name': 'a' }, { 'name': 'c' }]) p3 = ProcessingNode.objects.create(hostname="invalid-host-3", port=11223, last_refreshed=timezone.now(), available_options=[{ 'name': 'd' }]) p4 = ProcessingNode.objects.create( hostname="invalid-host-4", port=11223, last_refreshed=timezone.now() - datetime.timedelta(minutes=OFFLINE_MINUTES * 2), available_options=[{ 'name': 'd' }]) # offline assign_perm('view_processingnode', user, p1) assign_perm('view_processingnode', user, p2) assign_perm('view_processingnode', user, p4) self.assertFalse(user.has_perm('view_processingnode', p3)) nodes_available = get_objects_for_user( user, 'view_processingnode', ProcessingNode, accept_global_perms=False).exclude(available_options=dict()) self.assertTrue(len(nodes_available) == 3) res = client.get('/api/processingnodes/options/') self.assertEqual(res.status_code, status.HTTP_200_OK) self.assertTrue(len(res.data) == 1) self.assertTrue(res.data[0]['name'] == 'a')
def unified_elastic_search(request, resourcetype='base'): import re import requests from elasticsearch import Elasticsearch from six import iteritems from guardian.shortcuts import get_objects_for_user # elasticsearch_dsl overwrites any double underscores with a . # this changes the default to not overwrite import elasticsearch_dsl as edsl def newDSLBaseInit(self, _expand__to_dot=False, **params): self._params = {} for pname, pvalue in iteritems(params): if '__' in pname and _expand__to_dot: pname = pname.replace('__', '.') self._setattr(pname, pvalue) edsl.utils.DslBase.__init__ = newDSLBaseInit Search = edsl.Search Q = edsl.query.Q parameters = request.GET es = Elasticsearch(settings.ES_URL) search = Search(using=es) # Set base fields to search fields = ['title', 'text', 'abstract', 'title_alternate'] facets = [ '_index', 'type', 'subtype', 'owner__username', 'keywords', 'regions', 'category' ] # Text search query = parameters.get('q', None) offset = int(parameters.get('offset', '0')) limit = int(parameters.get('limit', settings.API_LIMIT_PER_PAGE)) # Make sure Category search works with either category__in or category__identifier__in categories = parameters.getlist( 'category__in', parameters.getlist('category__identifier__in', None)) keywords = parameters.getlist( 'keywords__in', parameters.getlist('keywords__slug__in', None)) # Publication date range (start,end) date_end = parameters.get("date__lte", None) date_start = parameters.get("date__gte", None) # Sort order sort = parameters.get("order_by", "relevance") # Geospatial Elements bbox = parameters.get("extent", None) # filter by resource type if included by path logger.debug( '-------------------------------------------------------------') logger.debug('>>>>>>>>> Filtering by Resource Type %s <<<<<<<<<<<<<' % resourcetype) logger.debug( '-------------------------------------------------------------') if resourcetype == 'documents': search = search.query("match", type_exact="document") elif resourcetype == 'layers': search = search.query("match", type_exact="layer") elif resourcetype == 'maps': search = search.query("match", type_exact="map") # Filter geonode layers by permissions if not settings.SKIP_PERMS_FILTER: # Get the list of objects the user has access to filter_set = get_objects_for_user(request.user, 'base.view_resourcebase') if settings.RESOURCE_PUBLISHING: filter_set = filter_set.filter(is_published=True) filter_set_ids = map(str, filter_set.values_list('id', flat=True)) # Do the query using the filterset and the query term. Facet the # results q = Q({"match": {"_type": "layer"}}) if len(filter_set_ids) > 0: q = Q({"terms": {"id": filter_set_ids}}) | q search = search.query(q) # Filter by Query Params if query: if query.startswith('"') or query.startswith('\''): # Match exact phrase phrase = query.replace('"', '') search = search.query("multi_match", type='phrase', query=phrase, fields=fields) else: words = [w for w in re.split('\W', query, flags=re.UNICODE) if w] for i, search_word in enumerate(words): if i == 0: word_query = Q("multi_match", query=search_word, fields=fields) elif search_word.upper() in ["AND", "OR"]: pass elif words[i - 1].upper() == "OR": word_query = word_query | Q( "multi_match", query=search_word, fields=fields) else: # previous word AND this word word_query = word_query & Q( "multi_match", query=search_word, fields=fields) # logger.debug('******* WORD_QUERY %s', word_query.to_dict()) search = search.query(word_query) if bbox: left, bottom, right, top = bbox.split(',') leftq = Q({'range': { 'bbox_left': { 'gte': left } }}) | Q({'range': { 'min_x': { 'gte': left } }}) bottomq = Q({'range': { 'bbox_bottom': { 'gte': bottom } }}) | Q({'range': { 'min_y': { 'gte': bottom } }}) rightq = Q({'range': { 'bbox_right': { 'lte': right } }}) | Q({'range': { 'max_x': { 'lte': right } }}) topq = Q({'range': { 'bbox_top': { 'lte': top } }}) | Q({'range': { 'max_y': { 'lte': top } }}) q = leftq & bottomq & rightq & topq search = search.query(q) # filter by date if date_start: q = Q({'range': { 'date': { 'gte': date_start } }}) | Q({'range': { 'layer_date': { 'gte': date_start } }}) search = search.query(q) if date_end: q = Q({'range': { 'date': { 'lte': date_end } }}) | Q({'range': { 'layer_date': { 'lte': date_end } }}) search = search.query(q) if categories: q = Q({'terms': {'category_exact': categories}}) search = search.query(q) if keywords: q = Q({'terms': {'keywords_exact': keywords}}) search = search.query(q) def facet_search(search, parameters, paramfield, esfield=None): if esfield is None: esfield = paramfield.replace('__in', '') if esfield != '_index': esfield = esfield + '_exact' getparams = parameters.getlist(paramfield) if getparams: q = Q({'terms': {esfield: getparams}}) if esfield == 'type_exact': q = q | Q({'terms': {'subtype_exact': getparams}}) return search.query(q) return search # Setup aggregations and filters for faceting for f in facets: param = '%s__in' % f if f not in ['category', 'keywords']: search = facet_search(search, parameters, param) search.aggs.bucket(f, 'terms', field=f + '_exact') # Apply sort if sort.lower() == "-date": search = search.sort( { "date": { "order": "desc", "missing": "_last", "unmapped_type": "date" } }, { "layer_date": { "order": "desc", "missing": "_last", "unmapped_type": "date" } }) elif sort.lower() == "date": search = search.sort( { "date": { "order": "asc", "missing": "_last", "unmapped_type": "date" } }, { "layer_date": { "order": "asc", "missing": "_last", "unmapped_type": "date" } }) elif sort.lower() == "title": search = search.sort('title') elif sort.lower() == "-title": search = search.sort('-title') elif sort.lower() == "-popular_count": search = search.sort('-popular_count') else: search = search.sort( { "date": { "order": "desc", "missing": "_last", "unmapped_type": "date" } }, { "layer_date": { "order": "desc", "missing": "_last", "unmapped_type": "date" } }) # print search.to_dict() search = search[offset:offset + limit] results = search.execute() # Get facet counts facet_results = {} for f in facets: facet_results[f] = {} for bucket in results.aggregations[f].buckets: facet_results[f][bucket.key] = bucket.doc_count # Get results objects = [] for hit in results.hits.hits: try: source = hit.get('_source') except: # No source pass result = {} result['index'] = hit.get('_index', None) for key, value in source.iteritems(): if key == 'bbox': result['bbox_left'] = value[0] result['bbox_bottom'] = value[1] result['bbox_right'] = value[2] result['bbox_top'] = value[3] bbox_str = ','.join(map(str, value)) elif key == 'links': # Get source link from Registry xml = value['xml'] js = '%s/%s' % (settings.REGISTRYURL, re.sub( r"xml$", "js", xml)) png = '%s/%s' % (settings.REGISTRYURL, value['png']) result['registry_url'] = js result['thumbnail_url'] = png else: result[key] = source.get(key, None) objects.append(result) object_list = { "meta": { "limit": limit, "next": None, "offset": offset, "previous": None, "total_count": results.hits.total, "facets": facet_results, }, "objects": objects, } return JsonResponse(object_list)
def vehicle_out_api(request): try: retval, retdetail = auth_check(request, 'group_user') if retval != 0: response.data = retdetail return response except Exception as ex: logger.error('Cannot get role for [%s]' % str(request.user)) detail = {'detail': '%s.' % ex} detail['status'] = STATUS_CODE['non_right'] logger.warning(response.data) response.data = detail return response parklot_ids = request.GET.get('parking_lot_id') plate_number = request.GET.get('plate_number') start_index = request.GET.get('start_index') max_results = request.GET.get('max_results') m = RESULTS start = 0 try: if max_results: m = int(max_results) if m > MAX_RESULTS: m = MAX_RESULTS if m < 0: m = RESULTS if start_index: start = int(start_index) if start < 0: start = 0 except Exception as ex: start = 0 m = RESULTS now = datetime.now(pytz.utc) before = now + timedelta(days=-7) before_str = before.strftime('%Y-%m-%d %H:%M:%S') parklots = get_objects_for_user(request.user, "parking.act_analyse_parkinglot") if parklot_ids: interparklot_ids = [ item.id for item in parklots if str(item.id) in parklot_ids ] else: interparklot_ids = [item.id for item in parklots] print("interparklot_ids: %s" % interparklot_ids) vehicleout_infos = VehicleOut.objects.filter(out_time__gt=before_str) detail = {} detail['kind'] = 'user#vehicle_out' try: #if parking_lot_id: if interparklot_ids: vehicleout_infos = vehicleout_infos.filter( parking_lot_id__in=interparklot_ids) if plate_number: vehicleout_infos = vehicleout_infos.filter( plate_number__startswith=plate_number) if start > 0: vehicleout_infos = vehicleout_infos.filter(pk__lt=start) vehicleout_infos = vehicleout_infos.order_by('-out_time') vehicleout_infos = vehicleout_infos[0:m] if not vehicleout_infos.exists(): detail['records'] = [] #{'detail': 'No vehicle-out record.'} detail['detail'] = 'No vehicle-out record.' detail['status'] = STATUS_CODE['non_vehicleout_record'] return Response(detail) serializer = VehicleOutSerializer(vehicleout_infos, many=True) parklot_ids = list(set([i['parking_lot'] for i in serializer.data])) except VehicleOut.DoesNotExist: logger.error('Can not find vehicle-out records. ex: %s' % ex) #if not isinstance(ex, VehicleOut.DoesNotExist): detail['records'] = [] #{'detail': 'No vehicle-out record.'} detail['detail'] = 'No vehicle-out record.' detail['status'] = STATUS_CODE['non_vehicleout_record'] return Response(detail) except Exception as ex: detail['records'] = [] #{'detail': 'No vehicle-out record.'} detail['detail'] = '%s.' % ex detail['status'] = STATUS_CODE['database_err'] return Response(detail) try: parkinglots = ParkingLot.objects.filter(pk__in=parklot_ids) lots_id2name = {i.id: i.name for i in parkinglots} vehicleout_data = serializer.data for i in vehicleout_data: i['id'] = i['parking_lot'] i['parking_lot'] = lots_id2name[i['parking_lot']] except (ParkingLot.DoesNotExist, Exception) as ex: logger.error('Can not find parking lot has id[%d], ex: %s' % (i.parking_lot, ex)) vehicleout_data['detail'] = "%s." % ex for i in vehicleout_data: i['id'] = i['parking_lot'] i['parking_lot'] = '' #vehicleout_data['kind'] = 'user#vehicle_out' #vehicleout_data['status'] = STATUS_CODE['success'] logger.info(vehicleout_data) return Response(vehicleout_data)
def get_search(self, request, **kwargs): self.method_check(request, allowed=['get']) self.is_authenticated(request) self.throttle_check(request) # Get the list of objects that matches the filter sqs = self.build_haystack_filters(request.GET) if not settings.SKIP_PERMS_FILTER: # Get the list of objects the user has access to filter_set = get_objects_for_user(request.user, 'base.view_resourcebase') if settings.RESOURCE_PUBLISHING: filter_set = filter_set.filter(is_published=True) filter_set_ids = filter_set.values_list('id') # Do the query using the filterset and the query term. Facet the # results if len(filter_set) > 0: sqs = sqs.filter(id__in=filter_set_ids).facet('type').facet('subtype').facet('owner')\ .facet('keywords').facet('regions').facet('category') else: sqs = None else: sqs = sqs.facet('type').facet('subtype').facet('owner').facet( 'keywords').facet('regions').facet('category') if sqs: # Build the Facet dict facets = {} for facet in sqs.facet_counts()['fields']: facets[facet] = {} for item in sqs.facet_counts()['fields'][facet]: facets[facet][item[0]] = item[1] # Paginate the results paginator = Paginator(sqs, request.GET.get('limit')) try: page = paginator.page( int(request.GET.get('offset')) / int(request.GET.get('limit'), 0) + 1) except InvalidPage: raise Http404("Sorry, no results on that page.") if page.has_previous(): previous_page = page.previous_page_number() else: previous_page = 1 if page.has_next(): next_page = page.next_page_number() else: next_page = 1 total_count = sqs.count() objects = page.object_list else: next_page = 0 previous_page = 0 total_count = 0 facets = {} objects = [] object_list = { "meta": { "limit": 100, # noqa "next": next_page, "offset": int(getattr(request.GET, 'offset', 0)), "previous": previous_page, "total_count": total_count, "facets": facets, }, 'objects': map(lambda x: self.get_haystack_api_fields(x), objects), } self.log_throttled_access(request) return self.create_response(request, object_list)
def facets(context): request = context['request'] title_filter = request.GET.get('title__icontains', '') extent_filter = request.GET.get('extent', None) keywords_filter = request.GET.getlist('keywords__slug__in', None) category_filter = request.GET.getlist('category__identifier__in', None) regions_filter = request.GET.getlist('regions__name__in', None) owner_filter = request.GET.getlist('owner__username__in', None) date_gte_filter = request.GET.get('date__gte', None) date_lte_filter = request.GET.get('date__lte', None) date_range_filter = request.GET.get('date__range', None) facet_type = context['facet_type'] if 'facet_type' in context else 'all' if not settings.SKIP_PERMS_FILTER: authorized = [] try: authorized = get_objects_for_user( request.user, 'base.view_resourcebase').values('id') except BaseException: pass if facet_type == 'documents': documents = Document.objects.filter(title__icontains=title_filter) if category_filter: documents = documents.filter(category__identifier__in=category_filter) if regions_filter: documents = documents.filter(regions__name__in=regions_filter) if owner_filter: documents = documents.filter(owner__username__in=owner_filter) if date_gte_filter: documents = documents.filter(date__gte=date_gte_filter) if date_lte_filter: documents = documents.filter(date__lte=date_lte_filter) if date_range_filter: documents = documents.filter(date__range=date_range_filter.split(',')) documents = get_visible_resources( documents, request.user if request else None, admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, unpublished_not_visible=settings.RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES) if keywords_filter: treeqs = HierarchicalKeyword.objects.none() for keyword in keywords_filter: try: kws = HierarchicalKeyword.objects.filter(name__iexact=keyword) for kw in kws: treeqs = treeqs | HierarchicalKeyword.get_tree(kw) except BaseException: # Ignore keywords not actually used? pass documents = documents.filter(Q(keywords__in=treeqs)) if not settings.SKIP_PERMS_FILTER: documents = documents.filter(id__in=authorized) counts = documents.values('doc_type').annotate(count=Count('doc_type')) facets = dict([(count['doc_type'], count['count']) for count in counts]) return facets else: layers = Layer.objects.filter(title__icontains=title_filter) if category_filter: layers = layers.filter(category__identifier__in=category_filter) if regions_filter: layers = layers.filter(regions__name__in=regions_filter) if owner_filter: layers = layers.filter(owner__username__in=owner_filter) if date_gte_filter: layers = layers.filter(date__gte=date_gte_filter) if date_lte_filter: layers = layers.filter(date__lte=date_lte_filter) if date_range_filter: layers = layers.filter(date__range=date_range_filter.split(',')) layers = get_visible_resources( layers, request.user if request else None, admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, unpublished_not_visible=settings.RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES) if extent_filter: bbox = extent_filter.split( ',') # TODO: Why is this different when done through haystack? bbox = map(str, bbox) # 2.6 compat - float to decimal conversion intersects = ~(Q(bbox_x0__gt=bbox[2]) | Q(bbox_x1__lt=bbox[0]) | Q(bbox_y0__gt=bbox[3]) | Q(bbox_y1__lt=bbox[1])) layers = layers.filter(intersects) if keywords_filter: treeqs = HierarchicalKeyword.objects.none() for keyword in keywords_filter: try: kws = HierarchicalKeyword.objects.filter(name__iexact=keyword) for kw in kws: treeqs = treeqs | HierarchicalKeyword.get_tree(kw) except BaseException: # Ignore keywords not actually used? pass layers = layers.filter(Q(keywords__in=treeqs)) if not settings.SKIP_PERMS_FILTER: layers = layers.filter(id__in=authorized) counts = layers.values('storeType').annotate(count=Count('storeType')) counts_array = [] try: for count in counts: counts_array.append((count['storeType'], count['count'])) except BaseException: pass count_dict = dict(counts_array) vector_time_series = layers.exclude(has_time=False).filter(storeType='dataStore'). \ values('storeType').annotate(count=Count('storeType')) if vector_time_series: count_dict['vectorTimeSeries'] = vector_time_series[0]['count'] facets = { 'raster': count_dict.get('coverageStore', 0), 'vector': count_dict.get('dataStore', 0), 'vector_time': count_dict.get('vectorTimeSeries', 0), 'remote': count_dict.get('remoteStore', 0), 'wms': count_dict.get('wmsStore', 0), } # Break early if only_layers is set. if facet_type == 'layers': return facets maps = Map.objects.filter(title__icontains=title_filter) documents = Document.objects.filter(title__icontains=title_filter) if category_filter: maps = maps.filter(category__identifier__in=category_filter) documents = documents.filter(category__identifier__in=category_filter) if regions_filter: maps = maps.filter(regions__name__in=regions_filter) documents = documents.filter(regions__name__in=regions_filter) if owner_filter: maps = maps.filter(owner__username__in=owner_filter) documents = documents.filter(owner__username__in=owner_filter) if date_gte_filter: maps = maps.filter(date__gte=date_gte_filter) documents = documents.filter(date__gte=date_gte_filter) if date_lte_filter: maps = maps.filter(date__lte=date_lte_filter) documents = documents.filter(date__lte=date_lte_filter) if date_range_filter: maps = maps.filter(date__range=date_range_filter.split(',')) documents = documents.filter(date__range=date_range_filter.split(',')) maps = get_visible_resources( maps, request.user if request else None, admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, unpublished_not_visible=settings.RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES) documents = get_visible_resources( documents, request.user if request else None, admin_approval_required=settings.ADMIN_MODERATE_UPLOADS, unpublished_not_visible=settings.RESOURCE_PUBLISHING, private_groups_not_visibile=settings.GROUP_PRIVATE_RESOURCES) if extent_filter: bbox = extent_filter.split( ',') # TODO: Why is this different when done through haystack? bbox = map(str, bbox) # 2.6 compat - float to decimal conversion intersects = ~(Q(bbox_x0__gt=bbox[2]) | Q(bbox_x1__lt=bbox[0]) | Q(bbox_y0__gt=bbox[3]) | Q(bbox_y1__lt=bbox[1])) maps = maps.filter(intersects) documents = documents.filter(intersects) if keywords_filter: treeqs = HierarchicalKeyword.objects.none() for keyword in keywords_filter: try: kws = HierarchicalKeyword.objects.filter(name__iexact=keyword) for kw in kws: treeqs = treeqs | HierarchicalKeyword.get_tree(kw) except BaseException: # Ignore keywords not actually used? pass maps = maps.filter(Q(keywords__in=treeqs)) documents = documents.filter(Q(keywords__in=treeqs)) if not settings.SKIP_PERMS_FILTER: maps = maps.filter(id__in=authorized) documents = documents.filter(id__in=authorized) facets['map'] = maps.count() facets['document'] = documents.count() if facet_type == 'home': facets['user'] = get_user_model().objects.exclude( username='******').count() facets['group'] = GroupProfile.objects.exclude( access="private").count() facets['layer'] = facets['raster'] + \ facets['vector'] + facets['remote'] + facets['wms'] # + facets['vector_time'] return facets
def get_queryset(self): return get_objects_for_user(self.request.user, 'view_report', Report)
def read_list(self, object_list, bundle): permitted_ids = get_objects_for_user( bundle.request.user, 'base.view_resourcebase').values('id') return object_list.filter(id__in=permitted_ids)
def delete_detail(self, object_list, bundle): permitted_ids = get_objects_for_user( bundle.request.user, 'layer.change_layer_style').values('id') resource_obj = bundle.obj.get_self_resource() return resource_obj in permitted_ids
def layer_acls(request): """ returns json-encoded lists of layer identifiers that represent the sets of read-write and read-only layers for the currently authenticated user. """ # the layer_acls view supports basic auth, and a special # user which represents the geoserver administrator that # is not present in django. acl_user = request.user if 'HTTP_AUTHORIZATION' in request.META: try: username, password = _get_basic_auth_info(request) acl_user = authenticate(username=username, password=password) # Nope, is it the special geoserver user? if (acl_user is None and username == ogc_server_settings.USER and password == ogc_server_settings.PASSWORD): # great, tell geoserver it's an admin. result = { 'rw': [], 'ro': [], 'name': username, 'is_superuser': True, 'is_anonymous': False } return HttpResponse(json.dumps(result), content_type="application/json") except Exception: pass if acl_user is None: return HttpResponse(_("Bad HTTP Authorization Credentials."), status=401, content_type="text/plain") # Include permissions on the anonymous user # use of polymorphic selectors/functions to optimize performances site_resources = resources_for_site() resources_readable = get_objects_for_user( acl_user, 'view_resourcebase', ResourceBase.objects.instance_of(Layer).filter(id__in=site_resources)) layer_writable = get_objects_for_user( acl_user, 'change_layer_data', Layer.objects.filter(id__in=site_resources)) _read = set( Layer.objects.filter(id__in=resources_readable).values_list('typename', flat=True)) _write = set(layer_writable.values_list('typename', flat=True)) read_only = _read ^ _write read_write = _read & _write result = { 'rw': list(read_write), 'ro': list(read_only), 'name': acl_user.username, 'is_superuser': acl_user.is_superuser, 'is_anonymous': acl_user.is_anonymous(), } if acl_user.is_authenticated(): result['fullname'] = acl_user.get_full_name() result['email'] = acl_user.email return HttpResponse(json.dumps(result), content_type="application/json")
def sidebar_menu(request): user = request.user resolver_match = request.resolver_match url_name = resolver_match.url_name pk = resolver_match.kwargs.get('pk') components = get_objects_for_user( user=user, perms=('view_component', ), klass=Component).annotate( has_star=Count('usercomponentstar')).order_by('-has_star', 'name') components_stars = list( UserComponentStar.objects.filter(user=request.user, component__in=components).values_list( 'component_id', flat=True)) components_items = [{ 'title': component.name, 'url': reverse('component_base_settings', kwargs={'pk': component.pk}), 'icon': 'angle-right', 'active': url_name in [ 'component_base_settings', 'component_env_settings', 'delete_component', 'update_component', 'update_component_base_settings', 'update_component_env_settings', ] and str(component.pk) == pk, 'has_star': component.pk in components_stars } for component in components[:25]] if components.count() > 25: components_items.append({ 'title': _('Show All'), 'url': reverse('components'), 'icon': 'angle-double-right', 'active': url_name in [ 'components', ] }) if user.is_staff: items = [ { 'title': _('Main menu'), 'header': True }, { 'title': _('Components'), 'url': reverse('components') if not components_items else None, 'icon': 'th-large', 'children': components_items, 'active': url_name in [ 'component_base_settings', 'component_env_settings', 'components', 'create_component', 'delete_component', 'update_component', 'update_component_base_settings', 'update_component_env_settings', ] }, { 'title': _('Environments'), 'url': reverse('environments'), 'icon': 'cloud', 'active': url_name in [ 'environments', 'create_environment', 'update_environment', 'delete_environment' ] }, { 'title': _('Logs'), 'url': reverse('logs'), 'icon': 'bars', 'active': url_name in [ 'logs', 'log_detail', ] }, { 'title': _('Users'), 'url': reverse('users'), 'icon': 'users', 'active': url_name in [ 'users', 'change_user_password', 'create_user', 'update_user', 'update_user_api_settings', 'update_user_permissions', 'update_user_permissions_by_model', 'delete_user', ] }, { 'title': _('Global Settings'), 'url': reverse('update_global_settings'), 'icon': 'cogs', 'active': url_name in [ 'update_global_settings', ] }, ] else: items = components_items return {'items': items}
def sftp_file(request): ##上传 if request.method == "GET": obj = get_objects_for_user(request.user, 'asset.change_asset') return render(request, 'tasks/sftp.html', { 'asset_list': obj, "tasks_active": "active", "sftp_active": "active" }) if request.method == 'POST': ids = request.POST.getlist('id') user = User.objects.get(username=request.user) checker = ObjectPermissionChecker(user) local_path = request.POST.get("local_path") server_path = request.POST.get("server_path") ids1 = [] for i in ids: assets = asset.objects.get(id=i) if checker.has_perm( 'delete_asset', assets, ) == True: ids1.append(i) user = request.user idstring = ','.join(ids1) if not ids: error_1 = "请选择主机" ret = {"error": error_1, "status": False} return HttpResponse(json.dumps(ret)) elif not local_path or not server_path: error_2 = "请输入上传文件目录及文件名" ret = {"error": error_2, "status": False} return HttpResponse(json.dumps(ret)) obj = asset.objects.extra(where=['id IN (' + idstring + ')']) ret = {} ret['data'] = [] for i in obj: try: s = sftp(ip=i.network_ip, port=i.port, username=i.system_user.username, password=i.system_user.password, local_path=local_path, server_path=server_path) historys = history.objects.create( ip=i.network_ip, root=i.system_user, port=i.port, cmd="上传{}".format(server_path), user=user) if s == None or s['data'] == '': s = {} s['ip'] = i.network_ip s['data'] = "返回值为空,可能是权限不够。" ret['data'].append(s) except Exception as e: ret['data'].append({ "ip": i.network_ip, "data": "账号密码不对,{}".format(e) }) return HttpResponse(json.dumps(ret))
def to_representation(self, instance): ret = super(GroupSerializer, self).to_representation(instance) # add header_logo # before check macrogroups number anche if is equal to 1 use it try: macrogroup = instance.macrogroups.get(use_logo_client=True) ret['header_logo_img'] = macrogroup.logo_img.name except: ret['header_logo_img'] = instance.header_logo_img.name try: macrogroup = instance.macrogroups.get(use_title_client=True) ret['name'] = macrogroup.title except: # change groupData name with title for i18n app ret['name'] = instance.title # add crs: ret['crs'] = int(str(self.instance.srid.srid)) ret['proj4'] = self.instance.srid.proj4text # map controls ret['mapcontrols'] = [mapcontrol.name for mapcontrol in instance.mapcontrols.all()] # add projects to group ret['projects'] = [] self.projects = {} anonymous_user = get_user_model().get_anonymous() for g3wProjectApp in settings.G3WADMIN_PROJECT_APPS: Project = apps.get_app_config(g3wProjectApp).get_model('project') projects = get_objects_for_user(self.request.user, '{}.view_project'.format(g3wProjectApp), Project) \ .filter(group=instance) projects_anonymous = get_objects_for_user(anonymous_user, '{}.view_project'.format(g3wProjectApp), Project).filter(group=instance) projects = list(set(projects) | set(projects_anonymous)) for project in projects: self.projects[g3wProjectApp+'-'+str(project.id)] = project # project thumbnail project_thumb = project.thumbnail.name if bool(project.thumbnail.name) \ else '{}client/images/FakeProjectThumb.png'.format(settings.STATIC_URL) ret['projects'].append({ 'id': project.id, 'title': project.title, 'description': project.description, 'thumbnail': project_thumb, 'type': g3wProjectApp, 'gid': "{}:{}".format(g3wProjectApp, project.id) }) # baselayers ret['baselayers'] = [] baselayers = instance.baselayers.all() for baselayer in baselayers: ret['baselayers'].append(BaseLayerSerializer(baselayer).data) # add initproject and overviewproject ret['initproject'] = "{}:{}".format(self.projectType, self.projectId) # add overviewproject is present overviewproject = instance.project_panoramic.all() if overviewproject: overviewproject = overviewproject[0] ret['overviewproject'] = { 'id': int(overviewproject.project_id), 'type': overviewproject.project_type, 'gid': "{}:{}".format(overviewproject.project_type, overviewproject.project_id) } else: ret['overviewproject'] = None ret['plugins'] = {} # plugins/module data dataPlugins = initconfig_plugin_start.send(sender=self, project=self.projectId, projectType=self.projectType) for dataPlugin in dataPlugins: if dataPlugin[1]: ret['plugins'] = copy(ret['plugins']) ret['plugins'].update(dataPlugin[1]) # powerd_by ret['powered_by'] = settings.G3WSUITE_POWERD_BY # header customs links header_custom_links = getattr(settings, 'G3W_CLIENT_HEADER_CUSTOM_LINKS', None) ret['header_custom_links'] = [] if header_custom_links: # check for possible callback for head_link in header_custom_links: if callable(head_link): ret['header_custom_links'].append(head_link(self.request)) else: ret['header_custom_links'].append(head_link) # custom layout ret['layout'] = {} # add legend settings if set to layout layout_legend = getattr(settings, 'G3W_CLIENT_LEGEND', None) if layout_legend: ret['layout']['legend'] = layout_legend # add legend settings if set to layout layout_right_panel = getattr(settings, 'G3W_CLIENT_RIGHT_PANEL', None) if layout_right_panel: ret['layout']['rightpanel'] = layout_right_panel return ret
def filter_by_user_perms(self, user, permission): return get_objects_for_user(user, permission, self)
def get_queryset(self): return get_objects_for_user(self.request.user, 'view_investigation', Investigation)
def get_queryset(self, **kwargs): """ Filter Apps by `owner` attribute or the `api.use_app` permission. """ return super(AppViewSet, self).get_queryset(**kwargs) | \ get_objects_for_user(self.request.user, 'api.use_app')
def cmd(request): ##命令行 if request.method == "GET": obj = get_objects_for_user(request.user, 'asset.change_asset') return render(request, 'tasks/cmd.html', { 'asset_list': obj, "tasks_active": "active", "cmd_active": "active" }) if request.method == 'POST': ids = request.POST.getlist('id') args = request.POST.getlist('args', None) module = request.POST.getlist('module', None) user = User.objects.get(username=request.user) checker = ObjectPermissionChecker(user) ids1 = [] for i in ids: assets = asset.objects.get(id=i) if checker.has_perm( 'task_asset', assets, ) == True: ids1.append(i) else: error_3 = "主机没有权限" ret = {"error": error_3, "status": False} return HttpResponse(json.dumps(ret)) idstring = ','.join(ids1) if not ids: error_1 = "请选择主机" ret = {"error": error_1, "status": False} return HttpResponse(json.dumps(ret)) elif args == ['']: error_2 = "请输入命令" ret = {"error": error_2, "status": False} return HttpResponse(json.dumps(ret)) obj = asset.objects.extra(where=['id IN (' + idstring + ')']) ret = {'data': []} tasks = [] for x in range(len(module)): tasks.append( { "action": { "module": module[x], "args": args[x] }, "name": 'task{}'.format(x) }, ) for i in obj: try: assets = [ { "hostname": 'host', "ip": i.network_ip, "port": i.port, "username": i.system_user.username, "password": decrypt_p(i.system_user.password), }, ] inventory = BaseInventory(assets) runner = AdHocRunner(inventory) retsult = runner.run(tasks, "all") ret1 = [] for c in range(len(module)): try: ret1.append(retsult.results_raw['ok']['host'][ 'task{}'.format(c)]['stdout']) except Exception as e: if retsult.results_summary['dark'] == ['']: ret1.append("执行成功") else: ret1.append("命令有问题,{}".format( retsult.results_summary['dark'])) history.objects.create(ip=i.network_ip, root=i.system_user, port=i.port, cmd=args, user=user) ret2 = {'ip': i.network_ip, 'data': '\n'.join(ret1)} ret['data'].append(ret2) except Exception as e: ret['data'].append({ "ip": i.network_ip, "data": "账号密码不对,{}".format(e) }) return HttpResponse(json.dumps(ret))
def dehydrate_layers_count(self, bundle): request = bundle.request obj_with_perms = get_objects_for_user(request.user, 'base.view_resourcebase').instance_of(Layer) filter_set = bundle.obj.resourcebase_set.filter(id__in=obj_with_perms.values('id')) if not settings.SKIP_PERMS_FILTER: is_admin = False is_staff = False is_manager = False if request.user: is_admin = request.user.is_superuser if request.user else False is_staff = request.user.is_staff if request.user else False try: is_manager = request.user.groupmember_set.all().filter(role='manager').exists() except: is_manager = False # Get the list of objects the user has access to if settings.ADMIN_MODERATE_UPLOADS: if not is_admin and not is_staff: if is_manager: groups = request.user.groups.all() group_list_all = [] try: group_list_all = request.user.group_list_all().values('group') except: pass public_groups = GroupProfile.objects.exclude(access="private").values('group') try: anonymous_group = Group.objects.get(name='anonymous') filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=groups) | Q(group__in=group_list_all) | Q(group__in=public_groups) | Q(group=anonymous_group) | Q(owner__username__iexact=str(request.user))) except: filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=groups) | Q(group__in=group_list_all) | Q(group__in=public_groups) | Q(owner__username__iexact=str(request.user))) else: filter_set = filter_set.filter(Q(is_published=True) | Q(owner__username__iexact=str(request.user))) if settings.RESOURCE_PUBLISHING: if not is_admin and not is_staff: if is_manager: groups = request.user.groups.all() group_list_all = [] try: group_list_all = request.user.group_list_all().values('group') except: pass public_groups = GroupProfile.objects.exclude(access="private").values('group') try: anonymous_group = Group.objects.get(name='anonymous') filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=groups) | Q(group__in=public_groups) | Q(group__in=group_list_all) | Q(group=anonymous_group) | Q(owner__username__iexact=str(request.user))) except: filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=groups) | Q(group__in=group_list_all) | Q(group__in=public_groups) | Q(owner__username__iexact=str(request.user))) else: filter_set = filter_set.filter(Q(is_published=True) | Q(owner__username__iexact=str(request.user))) try: anonymous_group = Group.objects.get(name='anonymous') except: anonymous_group = None if settings.GROUP_PRIVATE_RESOURCES: public_groups = GroupProfile.objects.exclude(access="private").values('group') if is_admin: filter_set = filter_set elif request.user: groups = request.user.groups.all() group_list_all = [] try: group_list_all = request.user.group_list_all().values('group') except: pass if anonymous_group: filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=groups) | Q(group__in=group_list_all) | Q(group__in=public_groups) | Q(group=anonymous_group) | Q(owner__username__iexact=str(request.user))) else: filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=public_groups) | Q(group__in=group_list_all) | Q(group__in=groups) | Q(owner__username__iexact=str(request.user))) else: if anonymous_group: filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=public_groups) | Q(group=anonymous_group)) else: filter_set = filter_set.filter( Q(group__isnull=True) | Q(group__in=public_groups)) return filter_set.distinct().count()
def get_queryset(self, *args, **kwargs): qs = super().get_queryset(*args, **kwargs) return get_objects_for_user(**self.get_get_objects_for_user_kwargs(qs))
def get_queryset(self, *args, **kwargs): return get_objects_for_user(self.request.user, 'tom_targets.change_target')
def Inception(request): ##Inception 审核 if request.method == "GET": obj = get_objects_for_user(request.user, 'db.change_db_mysql') return render(request, 'tasks/Inception.html', { 'sql_list': obj, "tasks_active": "active", "sql_active": "active" }) if request.method == 'POST': ids = request.POST.getlist('id') sql_db = request.POST.get('sql', None) user = User.objects.get(username=request.user) checker = ObjectPermissionChecker(user) ids1 = [] for i in ids: assets = db_mysql.objects.get(id=i) if checker.has_perm( 'delete_db_mysql', db_mysql, ) == True: ids1.append(i) user = request.user idstring = ','.join(ids1) if not ids: error_1 = "请选择数据库" ret = {"error": error_1, "status": False} return HttpResponse(json.dumps(ret)) elif not sql_db: error_2 = "请输入命令" ret = {"error": error_2, "status": False} return HttpResponse(json.dumps(ret)) obj = db_mysql.objects.extra(where=['id IN (' + idstring + ')']) ret = {} ret['data'] = [] for i in obj: try: historys = history.objects.create(ip=i.ip, root=i.db_user.username, port=i.port, cmd="审核:{0}".format(sql_db), user=user) s = sql(user=i.db_user.username, password=i.db_user.password, host=i.ip, port=i.port, sqls=sql_db) if s == None or s['data'] == '': s = {} s['ip'] = i.ip s['data'] = "返回值为空,可能是权限不够。" ret['data'].append(s) except Exception as e: ret['data'].append({"ip": i.ip, "data": "账号密码不对,{}".format(e)}) return HttpResponse(json.dumps(ret))
def test_empty_perms_sequence(self): self.assertEqual( set(get_objects_for_user(self.user, [], Group.objects.all())), set())
def under_limit(self, user): meta_name = self.serializer_class.Meta.model._meta.model_name permission_name = 'script_builder.change_{}'.format(meta_name) current_objects = get_objects_for_user(user, permission_name) return len(current_objects) <= self.USER_OBJECT_LIMIT or user.is_superuser
def add_ip_address(self, user=None, ip_address=None, network=None, hostname=None): from openipam.network.models import Network, Address from openipam.dns.models import DnsRecord, DnsType user = user or self._user if not user: raise Exception("A User must be given to add ip addresses.") if not hostname: raise ValidationError("A hostname is required.") address = None # Check to see if hostname already taken for any hosts other then the current one if being updated. used_hostname = ( DnsRecord.objects.filter( dns_type__in=[DnsType.objects.A, DnsType.objects.AAAA], name=hostname ) .exclude(ip_content__address=self.master_ip_address) .first() ) if used_hostname: raise ValidationError( "Hostname %s is already assigned to DNS A Record: %s." % (hostname, used_hostname.ip_content) ) user_pools = get_objects_for_user( user, ["network.add_records_to_pool", "network.change_pool"], any_perm=True ) user_nets = get_objects_for_user( user, [ "network.add_records_to_network", "network.is_owner_network", "network.change_network", ], any_perm=True, ) if network: if isinstance(network, string_types): network = Network.objects.get(network=network) if not user_nets.filter(network=network.network): raise ValidationError( "You do not have access to assign host '%s' to the " "network specified: %s." % (hostname, network) ) try: network_address = ( Address.objects.filter( Q(pool__in=user_pools) | Q(pool__isnull=True), Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()) | Q(leases__host=self), network=network, host__isnull=True, reserved=False, ) .order_by("address") .first() ) if not network_address: raise Address.DoesNotExist else: address = network_address except ValidationError: raise ValidationError("The network '%s' is invalid." % network) except Address.DoesNotExist: raise ValidationError( "There are no avaiable addresses for the network entered: %s" % network ) elif ip_address: # Validate IP Address try: validate_ipv46_address(ip_address) except ValidationError: raise ValidationError( "IP Address %s is invalid. Enter a valid IPv4 or IPv6 address." % ip_address ) if ip_address in self.ip_addresses: raise ValidationError( "IP address %s is already assigned to this host." % ip_address ) try: address = Address.objects.get( Q(pool__in=user_pools) | Q(pool__isnull=True) | Q(network__in=user_nets), Q(leases__isnull=True) | Q(leases__abandoned=True) | Q(leases__ends__lte=timezone.now()) | Q(leases__host=self), Q(host__isnull=True) | Q(host=self), address=ip_address, reserved=False, ) except ValidationError: raise ValidationError( "There IP Address %s is not available." % ip_address ) except Address.DoesNotExist: raise ValidationError( "There are no avaiable addresses for the IP entered: %s" % ip_address ) else: raise ValidationError( "A Network or IP Address must be given to assign this host an address." ) # Make sure pool is clear on addresses we are assigning. address.pool_id = None address.host = self address.changed_by = user address.save() # Update A and PTR dns records self.add_dns_records(user=user, hostname=hostname, address=address) return address
def test_klass_as_queryset(self): assign('auth.change_group', self.user, self.group) objects = get_objects_for_user(self.user, ['auth.change_group'], Group.objects.all()) self.assertEqual([obj.name for obj in objects], [self.group.name])
def dehydrate_documents_count(self, bundle): obj_with_perms = get_objects_for_user(bundle.request.user, 'base.view_resourcebase').instance_of(Document) return bundle.obj.resourcebase_set.filter(id__in=obj_with_perms.values('id')).distinct().count()