def get_publish(self, document, group):
document = Document.get_by_id(document)
if not document:
raise HttpErrorException.bad_request('invalid document id')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
group = Group.get_by_id(group)
if not group:
raise HttpErrorException.bad_request('invalid group id')
self.project = document.project.get()
version = self.request.get('v', 'latest')
pub = PublishDocument.get(document, group, version)
if not pub:
raise HttpErrorException.not_found()
if pub.group not in self.user.groups and pub.group != Group.get_worldshare_key(
):
raise HttpErrorException.forbidden()
self._create_analytic_session()
self.project.record_analytic('pro_opn', self.analytic_session)
template_index = JINJA_ENVIRONMENT.get_template('document_public.html')
return template_index.render({
'title': self.project.title,
'version': pub.version,
'created_at': pub.created_ts,
'published_to': pub.group.get().name,
'an_token': self.analytic_session.key.id(),
'project_id': self.project.id,
'html': pub.html,
})
def put(self):
if not self.json_request.get('organization') and \
not Organization.valid_id(self.json_request.get('organization')):
raise HttpErrorException.bad_request('invalid organization id')
org = Organization.get_by_id(self.json_request.get('organization'))
if not org:
raise HttpErrorException.bad_request('invalid organization id')
name = self.json_request.get('name', None)
hidden = self.json_request.get('hidden', False)
description = self.json_request.get('description', '')
if not name or name == 'super_admin' or name == 'admin':
raise HttpErrorException.bad_request('invalid group name')
if type(hidden) != bool:
raise HttpErrorException.bad_request('invalid hidden type must be boolean')
if Group.query(ndb.AND(Group.organization == org.key, Group.name == name)).count() > 0:
raise HttpErrorException.bad_request('group name taken')
group = Group(key=Group.create_key(), name=name, description=description, organization=org.key, active=True)
if hidden:
org.hidden_groups.append(group.key)
else:
org.groups.append(group.key)
ndb.put_multi([group, org])
if self.json_request.get('return', '') == 'group_dict':
self.write_json_response(group.to_dict())
def listActiveGroups(cls):
from models.account import Group
return Group.query\
.filter(~Group.status.in_(Group._r(Group.STATUS_DELETED)))\
.order_by(Group.alias)\
.all()
def post(self, group):
if not group and Group.valid_id(group):
raise HttpErrorException.bad_request('invalid group id')
group = Group.get_by_id(group)
if group is None:
raise HttpErrorException.bad_request('invalid group id')
if not self.json_request.get('username', None):
raise HttpErrorException.bad_request('invalid username')
user = user_user.User.get_by_id(self.json_request.get('username'))
if user is None:
raise HttpErrorException.bad_request('invalid username')
if not self.user.is_admin and not group.is_admin(self.user):
lr = tt_logging.construct_log(
msg_short='Non-Admin User Tried To Give Group Admin',
msg='User (%s) tried to give User (%s) group admin for group (%s)Request:'
'%s' % (self.user.key.id(), user.key.id(), group.key.id(), str(self.request)),
log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user,
artifact=group, request=self.request
)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
is_group_admin = self.json_request.get('is_group_admin')
if is_group_admin is None:
raise HttpErrorException.bad_request('no group settings')
if is_group_admin:
if user.key not in group.admins:
group.admins.append(user.key)
group.put()
lr = tt_logging.construct_log(
msg_short='User was set a group admin', log_type=tt_logging.USER,
request_user=self.user, affected_user=user, artifact=group, request=self.request
)
log.info(lr['dict_msg']['msg'], extra=lr)
else:
if user.key in group.admins:
group.admins.remove(user.key)
group.put()
lr = tt_logging.construct_log(
msg_short='User was removed as group admin', log_type=tt_logging.USER,
request_user=self.user, affected_user=user, artifact=group, request=self.request
)
log.info(lr['dict_msg']['msg'], extra=lr)
def delete(self, group):
if not group and not Group.valid_id(group):
raise HttpErrorException.bad_request('invalid group id')
group = Group.get_by_id(group)
if not group:
raise HttpErrorException.bad_request('invalid group id')
group.delete(self)
users = user_user.User.get_all_users(
organization=group.organization.get(), to_dict=False,
request_user=self.user, request=self
)
mod_users = []
for user in users:
if group.key in user.groups:
user.groups.remove(group.key)
mod_users.append(user)
ndb.put_multi(mod_users)
def __init__(self, pro, doc, group, organization=None):
self.project = pro
self.document = doc
self.groups = [group.key, Group.get_worldshare().key]
self.organization = organization
self.user = User()
self.user.groups = self.groups
if organization:
self.user.organization = organization.key
self.html = ''
self.body = Pq('<span></span>')
def put(self, user=None):
gc = GlobalConfig.get_configs()
if not gc.allow_user_registration:
self.redirect('/register/disabled/', abort=True)
if self.json_request.get('organization'):
return HttpErrorException.forbidden()
User.new(self.json_request, request=self.request, worldshare_group=Group.get_worldshare_key())
creds = GenericCredentials(self.json_request.get('username'), self.json_request.get('password'))
if not creds.authenticate():
raise HttpErrorException.bad_request('faild to authinicate')
session = login(self.request, creds, User)
self.response.set_cookie('auth_user', base64.b64encode(creds.username))
self.response.set_cookie('user', creds.username)
self.response.set_cookie('auth_token', session.token)
def put(self, user_id=None):
if not self.user.is_admin:
lr = tt_logging.construct_log(
msg_short='Non-Admin User Try Create New User',
msg='User (%s) attemped to create a new user' % (self.user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user,
request=self.request
)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
if self.json_request.get('username'):
org = None
if self.json_request.get('organization'):
org = Organization.get_by_id(self.json_request.get('organization'))
User.new(self.json_request, verify_email=False, request=self.request,
worldshare_group=Group.get_worldshare_key(), organization=org)
def __init__(self, pro, doc, wc, group, organization=None):
self.project = pro
self.document = doc
self.word_count = wc
self.groups = [group.key, Group.get_worldshare().key]
self.organization = organization
self.user = User()
self.user.groups = self.groups
self.walker = ConceptPublishWalker(pro)
if organization:
self.user.organization = organization.key
self.html = ''
self.body = Pq('<span></span>')
self.con_count = 0
self.paragraph = None
def __init__(self, pro, doc, sc, minb, maxb, group, organization=None):
self.project = pro
self.document = doc
self.slide_count = sc
self.min_bullet = minb
self.max_bullet = maxb
self.groups = [group.key, Group.get_worldshare().key]
self.organization = organization
self.user = User()
self.user.groups = self.groups
self.walker = ConceptPublishWalker(pro)
if organization:
self.user.organization = organization.key
self.html = ''
self.body = Pq('<div></div>')
self.body.attr('id', 'presentation-div')
self.body.add_class('')
self.con_count = 0
self.slides = []
self.cur_y = 0
self.y_step = 525
def install_group_data():
"""Create all the required groups if not defined"""
from application import db
from models.account import Account, Group
from models.project import Project, Membership
groupList = [
{
'alias': Group.GROUP_ADMINISTRATOR,
'title': 'Administrator',
'info': """Administrators are the unstoppable guys - everything is permitted"""
},
{
'alias': 'privileged_manager',
'title': 'Privileged Manager',
'info': """Privileged Managers are almost as cool as the administrators"""
},
{
'alias': 'manager',
'title': 'Manager',
'info': """Managers have some extra features for management over the accounts and projects"""
},
{
'alias': 'privileged_member',
'title': 'Privileged Member',
'info': """Privileged Members have just few extra features"""
},
{
'alias': Group.GROUP_DEFAULT,
'title': 'Member',
'info': """Members can submit reports and watch their own stats"""
}
]
for groupItem in groupList:
group = Group.query.filter_by(alias=groupItem['alias']).first()
if not group:
group = Group()
group.alias = groupItem['alias']
group.title = groupItem['title']
group.info = groupItem['info']
group.save()
def get(self, user_id=None):
# TODO: This handler needs broken down into smaller methods. No point cleaning
# this up until that is complete.
if self.request.get('user_info') is not '':
if self.request.get('user_info') == self.user.username or self.user.is_admin:
user = User.get_by_id(self.request.get('user_info'))
if not user:
raise HttpErrorException.bad_request('invalid user id')
self.write_json_response(user.to_dict(user=self.user))
elif self.request.get('user_perms') is not '':
user = User.get_by_id(self.request.get('user_perms'))
if not user:
raise HttpErrorException.bad_request('invalid username')
if not user.is_admin and not self.user == user:
lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Another User',
msg='User (%s) attemped to access user\'s (%s) data ' %
(self.user.key.id(), user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user, affected_user=user,
request=self.request)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
user_perms_dict = {}
for group_key in user.groups:
group = group_key.get()
if group is None:
user.groups.remove(group_key)
user.put()
lr = tt_logging.construct_log(msg_short='Broken Group Key in User Group List',
msg='Found a broken group key (%s) in the user\'s group list\n'
'Key has been removed' %
str(group_key),
log_type=tt_logging.USER, request_user=self.user, affected_user=user,
request=self.request)
log.error(lr['dict_msg']['msg'], extra=lr)
elif (group.has_permission(self.user, 'set_user_perms') or
group.has_permission(self.user, 'remove_user_perms') or
user.key == self.user.key):
perms = user.get_group_perms_dict(group)
if perms is not None:
user_perms_dict[group.key.id()] = perms
self.write_json_response(user_perms_dict)
elif self.request.get('organization_users') is not '':
if self.request.get('organization_users') == 'all':
organization = Organization.get_by_id(self.request.get('organization_id'))
if organization.is_admin(self.user) or Group.get_by_id('super_admin').key in self.user.groups:
user_array = User.get_all_users(organization, request_user=self.user)
self.write_json_response(user_array)
else:
lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users',
msg='User (%s) attemped to access all Organization\'s users' %
(self.user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user,
request=self.request, artifact=organization)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
elif self.request.get('non_org') is not '':
if not self.user.is_super_admin:
lr = tt_logging.construct_log(msg_short='Non-Admin User Try Accessing Org Users',
msg='User (%s) attemped to access all Organization\'s users' %
(self.user.key.id()),
log_type=tt_logging.SECURITY, request_user=self.user,
request=self.request)
log.warning(lr['dict_msg']['msg'], extra=lr)
raise HttpErrorException.forbidden()
else:
users = User.query(User.organization == None).fetch()
users_dicts = []
for user in users:
users_dicts.append(user.to_dict())
self.write_json_response(users_dicts)
def get(self, document):
group = Group.get_worldshare()
self.response.write(self.get_publish(document, group))
def get(self, project, document, group):
if not project:
raise HttpErrorException.bad_request('invalid project given')
project = Project.get_by_id(project)
if not project:
raise HttpErrorException.bad_request('invalid project given')
if not project.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not document:
raise HttpErrorException.bad_request('invalid document given')
document = Document.get_by_id(document)
if not document:
raise HttpErrorException.bad_request('invalid document given')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not group:
raise HttpErrorException.bad_request('invalid group given')
group = Group.get_by_id(group)
if not group:
raise HttpErrorException.bad_request('invalid group given')
if document.key not in project.documents and document.key != project.distilled_document:
raise HttpErrorException.bad_request(
'document does not belong to project')
temp_user = User()
temp_user.groups = [group.key, Group.get_worldshare().key]
org = self.user.organization if self.user.organization else None
if org:
temp_user.organization = org
if not document.has_permission_read(temp_user):
raise HttpErrorException.bad_request(
'Group does not have permission to read the document')
pubs = document.get_presentation_published(group=group)
version_int = PublishDocument.get_largest_version(pubs)
if version_int is None:
version_int = 1
else:
version_int += 1
version = self.request.get('version', str(version_int))
if version == 'latest':
raise HttpErrorException.bad_request('invalid version given')
for pub in pubs:
if pub.version == version:
raise HttpErrorException.bad_request(
'version name already taken')
try:
slide_count = int(self.request.get('slide_count', 15))
except ValueError:
raise HttpErrorException.bad_request(
'invalid slide count, must be integer')
if slide_count < 1:
raise HttpErrorException.bad_request(
'invalid slide_count given min 1')
if slide_count > 100:
raise HttpErrorException.bad_request(
'invalid slide_count given max 100')
try:
min_bullet = int(self.request.get('min_bullet', 4))
except ValueError:
raise HttpErrorException.bad_request(
'invalid min bullet, must be integer')
if min_bullet < 1:
raise HttpErrorException.bad_request(
'invalid min_bullet given min 1')
if min_bullet > 15:
raise HttpErrorException.bad_request(
'invalid min_bullet given max 15')
try:
max_bullet = int(self.request.get('max_bullet', 6))
except ValueError:
raise HttpErrorException.bad_request(
'invalid max bullet, must be integer')
if max_bullet < 1:
raise HttpErrorException.bad_request(
'invalid max_bullet given min 1')
if max_bullet > 15:
raise HttpErrorException.bad_request(
'invalid max_bullet given max 15')
if min_bullet > max_bullet:
raise HttpErrorException.bad_request(
'min_bullet can not be greater than max_bullet')
publisher = PresentationPublisherThread()
publisher.id = server.create_uuid()
publisher.request = self
publisher.project = project
publisher.document = document
publisher.slide_count = slide_count
publisher.min_bullet = min_bullet
publisher.max_bullet = max_bullet
publisher.group = group
publisher.user = self.user
publisher.version = version
if publisher.is_lock():
raise HttpErrorException.bad_request('publisher already running')
publisher.start()
self.write_json_response({'id': publisher.id})
self.get_analytic_session()
document.record_analytic('pres_publish',
self.analytic_session,
project=project.key)
def get(self, project, document, group):
if not project:
raise HttpErrorException.bad_request('invalid project given')
project = Project.get_by_id(project)
if not project:
raise HttpErrorException.bad_request('invalid project given')
if not project.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not document:
raise HttpErrorException.bad_request('invalid document given')
document = Document.get_by_id(document)
if not document:
raise HttpErrorException.bad_request('invalid document given')
if not document.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not group:
raise HttpErrorException.bad_request('invalid group given')
group = Group.get_by_id(group)
if not group:
raise HttpErrorException.bad_request('invalid group given')
temp_user = User()
temp_user.groups = [group.key, Group.get_worldshare().key]
org = self.user.organization if self.user.organization else None
if org:
temp_user.organization = org
if not document.has_permission_read(temp_user):
raise HttpErrorException.bad_request(
'Group does not have permission to read the document')
if document.key not in project.documents and document.key != project.distilled_document:
raise HttpErrorException.bad_request(
'document does not belong to project')
pubs = document.get_published(group=group)
version_int = PublishDocument.get_largest_version(pubs)
if version_int is None:
version_int = 1
else:
version_int += 1
version = self.request.get('version', str(version_int))
if version == 'latest':
raise HttpErrorException.bad_request('invalid version given')
pubs = document.get_published(group=group)
for pub in pubs:
if pub.version == version:
raise HttpErrorException.bad_request(
'version name already taken')
publisher = DocumentPublisherThread()
publisher.id = server.create_uuid()
publisher.request = self
publisher.project = project
publisher.document = document
publisher.group = group
publisher.user = self.user
publisher.version = version
if publisher.is_lock():
raise HttpErrorException.bad_request('publisher already running')
publisher.start()
self.write_json_response({'id': publisher.id})
self.get_analytic_session()
document.record_analytic('doc_publish',
self.analytic_session,
project=project.key)
