def read(self, request, ticket="", group="", username=""): """ Promote a user as manager of a group Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name username (string) : the username Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: group = VPHShareSmartGroup.objects.get(name=request.GET.get("group")) user_to_promote = User.objects.get(username=request.GET.get("username")) if not group.is_manager(user): response = HttpResponse(status=403) response._is_string = True return response # add user to the managers group.managers.add(user_to_promote) # add user to the group and all sub groups while group is not None: group.user_set.add(user_to_promote) try: group = VPHShareSmartGroup.objects.get(parent=group) except ObjectDoesNotExist, e: group = None response = HttpResponse(status=200) response._is_string = True response.write("OK") return response else: response = HttpResponse(status=403) response._is_string = True return response except Exception, e: from raven.contrib.django.raven_compat.models import client client.captureException() response = HttpResponse(status=500) response._is_string = True return response
def read(self, request, ticket="", group="", name=""): """ Add a user to a smart group Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name name (string) : the username or the group name to add Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: group = VPHShareSmartGroup.objects.get(name=request.GET.get("group")) if not group.is_manager(user): response = HttpResponse(status=403) response._is_string = True return response try: user_to_add = User.objects.get(username=request.GET.get("name")) # add user to all children groups if request.GET.get("recursive", False): add_user_to_group(user_to_add, group) else: group.user_set.add(user_to_add) except ObjectDoesNotExist, e: try: group_to_add = VPHShareSmartGroup.objects.get(name=request.GET.get("name")) if not can_be_child(group_to_add, group): response = HttpResponse(status=500, content="constraint violation circularity") response._is_string = True return response group_to_add.parent = group group_to_add.save() except ObjectDoesNotExist, e: response = HttpResponse(status=403) response._is_string = True return response response = HttpResponse(status=200) response._is_string = True response.write("OK") return response else:
def read(self, request, ticket="", name=""): """ Delete a smart group Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: name = request.GET.get("group") group = VPHShareSmartGroup.objects.get(name=name) if not user in group.managers.all(): response = HttpResponse(status=403) response._is_string = True return response group.active = False group.remove_users() # remove this group from children parent reference for child in VPHShareSmartGroup.objects.filter(parent=group): child.parent = None child.save() group.parent = None group.save() response = HttpResponse(status=200) response._is_string = True response.write("OK") return response else: response = HttpResponse(status=403) response._is_string = True return response except Exception, e: from raven.contrib.django.raven_compat.models import client client.captureException() response = HttpResponse(status=500) response._is_string = True return response
def read(self, request, ticket="", group=""): """ Given a group name, return the list of subscribers Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: try: group = VPHShareSmartGroup.objects.get(name=request.GET.get("group")) except ObjectDoesNotExist, e: response = HttpResponse(status=404) response._is_string = True return response return { "users": [ { "username": user.username, "fullname": "%s %s" % (user.first_name, user.last_name), "email": user.email, } for user in group.user_set.all() ], "groups": [ {"groupname": g.name, "subscribers": len(g.user_set.all())} for g in VPHShareSmartGroup.objects.filter(parent=group) ], } else: response = HttpResponse(status=403) response._is_string = True return response except Exception, e: from raven.contrib.django.raven_compat.models import client client.captureException() response = HttpResponse(status=500) response._is_string = True return response
def update(self, request, global_id=None, *args, **kwargs): try: client_address = request.META['REMOTE_ADDR'] ticket = request.META.get('HTTP_MI_TICKET', '') if ticket: try: user, tkt64 = authenticate(ticket=ticket, cip=client_address) except Exception, e: return rc.FORBIDDEN else:
def read(self, request, ticket="", term=""): """ Process a search user request. Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. term (string) : search term Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: term = request.GET.get("term", "") users = User.objects.filter( Q(username__icontains=term) | Q(email__icontains=term) | Q(first_name__icontains=term) | Q(last_name__icontains=term) ) groups = Group.objects.filter(name__icontains=term) return { "users": [ {"username": user.username, "fullname": "%s %s" % (user.first_name, user.last_name)} for user in users ], "groups": [{"groupname": g.name, "subscribers": len(g.user_set.all())} for g in groups], } else: response = HttpResponse(status=403) response._is_string = True return response except Exception, e: from raven.contrib.django.raven_compat.models import client client.captureException() response = HttpResponse(status=500) response._is_string = True return response
def read(self, request, ticket="", username=""): """ Given a username, return the list of groups he is part of Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. username(string) : the username you want to know the groups Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: try: target_user = User.objects.get(username=request.GET.get("username")) except ObjectDoesNotExist, e: response = HttpResponse(status=404) response._is_string = True return response if request.GET.get("institution", None) is None: res = [ {"groupname": g.name, "subscribers": len(g.user_set.all())} for g in target_user.groups.all() ] else: res = [ {"groupname": g.institution.name, "subscribers": len(g.institution.user_set.all())} for g in InstitutionPortal.objects.all() if target_user in g.institution.user_set.all() ] return res else: response = HttpResponse(status=403) response._is_string = True return response except Exception, e: from raven.contrib.django.raven_compat.models import client client.captureException() response = HttpResponse(status=500) response._is_string = True return response
def delete(self, request, wfrun_id=None, *args, **kwargs): """ Deletes the workflow run specified in the request Parameters: - `request`: request - `wfrun_id`: workflow run id """ try: client_address = request.META['REMOTE_ADDR'] ticket = request.META.get('HTTP_MI_TICKET', '') if ticket: try: user, tkt64 = authenticate(ticket=ticket, cip=client_address) except Exception, e: pass #return rc.FORBIDDEN else:
def create(self, request, *args, **kwargs): """ Submits the workflow with the `global_id` specified in the request, and starts its execution. Parameters: - `request`: request - `args`: args - `kwargs`: kwargs """ try: client_address = request.META['REMOTE_ADDR'] ticket = request.META.get('HTTP_MI_TICKET', '') if ticket: try: user, tkt64 = authenticate(ticket=ticket, cip=client_address) except Exception, e: return rc.FORBIDDEN else:
def _check_header_ticket(req): """check header ticket """ ticket = None try: client_address = req.META['REMOTE_ADDR'] tkt = req.META.get('HTTP_MI_TICKET', '') if tkt: try: usr, tkt64 = authenticate(ticket=tkt, cip=client_address) ticket = (tkt,usr) except Exception: ticket = None else: ticket = None except Exception, e: logger.exception(e) ticket = None
def _check_header_ticket(req): ticket = None try: client_address = req.META['REMOTE_ADDR'] tkt = req.META.get('HTTP_MI_TICKET', '') if tkt: try: usr, tkt64 = authenticate(ticket=tkt, cip=client_address) ticket = (tkt,usr) except Exception: ticket = None else: ticket = None except Exception: client.captureException() ticket = None finally: return ticket
def read(self, request, global_id=None): """ Process a search user request. Arguments: request (HTTP request istance): HTTP request send from client. global_id (list): list of global id to check ticket (string) : the authentication ticket - optional Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: client_address = request.META['REMOTE_ADDR'] ticket = request.META.get('HTTP_MI_TICKET', '') if ticket: try: user, tkt64 = authenticate(ticket=ticket, cip=client_address) except Exception, e: return rc.FORBIDDEN else:
def auth_complete(self, *args, **kwargs): """Complete auth process""" response = self.consumer().complete(dict(self.data.items()), self.build_absolute_uri()) if not response: raise AuthException(self, 'OpenID relying party endpoint') elif response.status == SUCCESS: kwargs.update({ 'auth': self, 'response': response, self.AUTH_BACKEND.name: True }) user, tkt64 = authenticate(*args, **kwargs) if user: self.request.META['VPH_TKT_COOKIE'] = tkt64 return user else: AuthFailed(self, 'Authentication Error') elif response.status == FAILURE: raise AuthFailed(self, response.message) elif response.status == CANCEL: raise AuthCanceled(self) else: raise AuthUnknownError(self, response.status)
def read(self, request, local_id='', type='', role='', ticket=''): """ Process a search user request. Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. global_id (list): list of global id to check local_id (list) : list of local id to check type (string) : the type of the resource role (string) : the role to be checked ticket (string) : the authentication ticket - optional Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: client_address = request.META['REMOTE_ADDR'] try: if request.GET.get('ticket'): user, tkt64 = authenticate(ticket=request.GET['ticket'], cip=client_address) else: auth = request.META['HTTP_AUTHORIZATION'].split() if len(auth) == 2: if auth[0].lower() == 'basic': # Currently, only basic http auth is used. username, ticket = base64.b64decode(auth[1]).split(':') user, tkt64 = authenticate(ticket=ticket, cip=client_address) except Exception, e: response = HttpResponse(status=401) response._is_string = True return response if user is not None: if request.GET.get('role','') not in Roles: response = HttpResponse(status=403) response._is_string = True return response role = request.GET['role'] # if global_id is provided, look for local resources if 'global_id' in request.GET: global_ids = request.GET.getlist('global_id', []) resources = [] for global_id in global_ids: try: resource = Resource.objects.get(global_id=global_id, metadata=False) except ObjectDoesNotExist, e: metadata = get_resource_metadata(global_id) author = User.objects.get(username=metadata['author']) if metadata['type'] == "Workflow": resource, created = Workflow.objects.get_or_create(global_id=global_id, metadata=metadata, owner=author, type=metadata['type']) resource.save() resource = resource.resource_ptr else: resource, created = Resource.objects.get_or_create(global_id=global_id, metadata=metadata, owner=author, type=metadata['type']) resource.save() if resource.can_I(role, user): resources.append(resource) else: return False if len(resources) == 0: # no resources with given ids! response = HttpResponse(status=403) response._is_string = True return response return True # if resource_type and local_ids are provided, else: local_ids = request.GET.getlist('local_id', []) resources = [] for local_id in local_ids: r = filter_resources_by_facet(request.GET['type'], 'localID', local_id ) resources += r['resource_metadata'] if len(resources) == 0: # no resources with given ids! response = HttpResponse(status=403) response._is_string = True return response for resource in resources: resource = resource.value try: if resource['localID'] not in local_ids: continue author = User.objects.get(username=resource['author']) if resource['type'] == "Workflow": resource_in_db, created = Workflow.objects.get_or_create(global_id=resource['globalID'], metadata=resource, owner=author, type=resource['type']) resource_in_db.save() resource_in_db = resource_in_db.resource_ptr else: resource_in_db, created = Resource.objects.get_or_create(global_id=resource['globalID'], metadata=resource, owner=author, type=resource['type']) resource_in_db.save() if not resource_in_db.can_I(role, user): return False except ObjectDoesNotExist, e: # not in local db, no roles return False return True
def read(self, request, type='', role='', ticket=''): """ Process a search user request. Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. type (string) : the type of the resource role (string) : the role to be checked ticket (string) : the authentication ticket - optional Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: client_address = request.META['REMOTE_ADDR'] try: if request.GET.get('ticket'): user, tkt64 = authenticate(ticket=request.GET['ticket'], cip=client_address) else: auth = request.META['HTTP_AUTHORIZATION'].split() if len(auth) == 2: if auth[0].lower() == 'basic': # Currently, only basic http auth is used. username, ticket = base64.b64decode(auth[1]).split(':') user, tkt64 = authenticate(ticket=ticket, cip=client_address) except Exception, e: response = HttpResponse(status=401) response._is_string = True return response if user is not None: if request.GET.get('role','') not in Roles: response = HttpResponse(status=403) response._is_string = True return response role = request.GET['role'] types = request.GET.get('type', None) user_resources = [] if types is not None: resources = Resource.objects.filter_by_roles(role=role, user=user, types=types, numResults=300 ) for resource in resources['data']: if resource.type == 'File' and not resource.can_I(role, user): continue user_resources.append({"local_id": resource.metadata['localID'], "global_id": resource.global_id}) return user_resources else: user_resources = [] roles = Roles[Roles.index(Role.objects.get(name=role).name):] role_relations = PrincipalRoleRelation.objects.filter( Q(user=user) | Q(group__in=user.groups.all()), role__name__in=roles, ) for role_relation in role_relations: if isinstance(role_relation.content, Resource) and role_relation.content not in user_resources: user_resources.append(role_relation.content.global_id) return user_resources else: response = HttpResponse(status=403) response._is_string = True return response
def read(self, request, ticket="", name="", parent=""): """ Create a smart group Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name parent (string): the parent group name (optional) Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: name = request.GET.get("group") # check if a user with the group name exists try: User.objects.get(username__iexact=name) # select case-insensitive response = HttpResponse(status=500) response._is_string = True return response except ObjectDoesNotExist, e: pass try: Group.objects.get(name__iexact=name) # select case-insensitive response = HttpResponse(status=500) response._is_string = True return response except ObjectDoesNotExist, e: pass parent = request.GET.get("parent", "") group = VPHShareSmartGroup.objects.create(name=name) group.managers.add(user) group.user_set.add(user) add_local_role(group, user, group_manager) if parent: try: group.parent = Group.objects.get(name=parent) except ObjectDoesNotExist, e: pass group.save() response = HttpResponse(status=200) response._is_string = True response.write("OK") return response
def read(self, request): """ Notifycation message service. At the service invocation: - check the sender ticket validity - send an email to the recipient(s) from [email protected] with the given text and subject (if provided). - when the receiver will login into the MI, a popup message will be shown in the homepage. The user will be able to hide the message by clicking the "X" control on the message itself. Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : the ticket of the sender base 64 ticket. recipient: the username of the receiver (or the group id if you want to notify a group of users) message: the message body (plain text) subject: the message subject [optional] Return: Successes - status message 200 Failure - 400 error with message Failure - 403 error when ticket is not valid. """ try: if request.GET.get('ticket'): client_address = request.META['REMOTE_ADDR'] user, tkt64 = authenticate(ticket=request.GET['ticket'], cip=client_address) if user is not None: try: if request.GET.get('recipient', None): recipient = request.GET['recipient'] else: recipient = None if request.GET.get('message', None): message = request.GET['message'] else: message = None if request.GET.get('subject', None): subject = request.GET['subject'] else: subject = '' if recipient is None: raise NotifyException('Recipient is wrong') elif message is None or message == '': raise NotifyException('Message is empty') try: user = User.objects.get(username=recipient) n = Notification(recipient=user, message=message, subject=subject).save() except ObjectDoesNotExist: try: group = Group.objects.get(name=recipient) for user in group.user_set.all(): Notification(recipient=user, message=message, subject=subject).save() pass except ObjectDoesNotExist: raise NotifyException('recipient is wrong') response = HttpResponse(status=200) response._is_string = True return response except NotifyException, e: response = HttpResponse(status=400, content=e) response._is_string = True return response else: raise Exception except Exception, e: client.captureException() response = HttpResponse(status=403) response._is_string = True return response
def read(self, request, ticket="", group="", username="", recursive=False): """ Remove a user from a smart group Arguments: request (HTTP request istance): HTTP request send from client. ticket (string) : base 64 ticket. group (string) : the group name username (string) : the username recursive (string) : if present the user will be removed from all the tree of group Return: Successes - Json/xml/yaml format response Failure - 403 error """ try: if request.GET.get("ticket"): client_address = request.META["REMOTE_ADDR"] user, tkt64 = authenticate(ticket=request.GET["ticket"], cip=client_address) if user is not None: group = VPHShareSmartGroup.objects.get(name=request.GET.get("group")) user_to_remove = User.objects.get(username=request.GET.get("username")) if not group.is_manager(user): response = HttpResponse(status=403) response._is_string = True return response if request.GET.get("recursive", False): # remove user from all sub groups while group is not None: group.user_set.remove(user_to_remove) try: group = VPHShareSmartGroup.objects.get(parent=group) except ObjectDoesNotExist, e: group = None else: # remove only from this group group.user_set.remove(user_to_remove) response = HttpResponse(status=200) response._is_string = True response.write("OK") return response else: response = HttpResponse(status=403) response._is_string = True return response except Exception, e: from raven.contrib.django.raven_compat.models import client client.captureException() response = HttpResponse(status=500) response._is_string = True return response