示例#1
0
    def get_queryset(self):
        # For bulk requests, queryset is formed from request body.
        if is_bulk_request(self.request):
            query = Q('_id', 'in', [coll['id'] for coll in self.request.data])

            auth = get_user_auth(self.request)
            collections = Collection.find(query)
            for collection in collections:
                if not collection.can_edit(auth):
                    raise PermissionDenied
            return collections
        else:
            query = self.get_query_from_request()
            return Collection.find(query)
示例#2
0
文件: views.py 项目: adlius/osf.io
    def get_queryset(self):
        # For bulk requests, queryset is formed from request body.
        if is_bulk_request(self.request):
            query = Q('_id', 'in', [coll['id'] for coll in self.request.data])

            auth = get_user_auth(self.request)
            collections = Collection.find(query)
            for collection in collections:
                if not collection.can_edit(auth):
                    raise PermissionDenied
            return collections
        else:
            query = self.get_query_from_request()
            return Collection.find(query)
示例#3
0
 def has_object_permission(self, request, view, obj):
     assert isinstance(
         obj, (CollectionSubmission, Collection)
     ), 'obj must be an Collection or CollectionSubmission, got {}'.format(
         obj)
     auth = get_user_auth(request)
     collection = Collection.load(
         request.parser_context['kwargs']['node_id'])
     pointer_node = collection.collectionsubmission_set.get(
         guid___id=request.parser_context['kwargs']
         ['node_link_id']).guid.referent
     if request.method in permissions.SAFE_METHODS:
         has_collection_auth = auth.user and auth.user.has_perm(
             'read_collection', collection)
         if isinstance(pointer_node, AbstractNode):
             has_pointer_auth = pointer_node.can_view(auth)
         elif isinstance(pointer_node, Collection):
             has_pointer_auth = auth.user and auth.user.has_perm(
                 'read_collection', pointer_node)
         public = pointer_node.is_public
         has_auth = public or (has_collection_auth and has_pointer_auth)
         return has_auth
     else:
         return auth.user and auth.user.has_perm('write_collection',
                                                 collection)
示例#4
0
 def create(self, validated_data):
     node = Collection(**validated_data)
     node.category = ''
     try:
         node.save()
     except ValidationError as e:
         raise InvalidModelValueError(detail=e.messages[0])
     except IntegrityError:
         raise ser.ValidationError('Each user cannot have more than one Bookmark collection.')
     return node
示例#5
0
def get_targets():
    logger.info('Acquiring targets...')
    targets = [
        u for u in OSFUser.find(Q('merged_by', 'eq', None)) if Collection.find(
            Q('is_bookmark_collection', 'eq', True)
            & Q('is_deleted', 'eq', False)
            & Q('creator', 'eq', u)).count() == 0
    ]
    logger.info('Found {} target users.'.format(len(targets)))
    return targets
示例#6
0
 def get_object(self):
     cgm = get_object_or_error(
         CollectionSubmission,
         Q(collection=Collection.load(self.kwargs['collection_id']),
           guid___id=self.kwargs['cgm_id']),
         self.request,
         'submission',
     )
     # May raise a permission denied
     self.check_object_permissions(self.request, cgm)
     return cgm
示例#7
0
 def get_collection_submission(self, check_object_permissions=True):
     collection_submission = get_object_or_error(
         CollectionSubmission,
         Q(collection=Collection.load(self.kwargs['collection_id']),
           guid___id=self.kwargs['cgm_id']),
         self.request,
         'submission',
     )
     # May raise a permission denied
     if check_object_permissions:
         self.check_object_permissions(self.request, collection_submission)
     return collection_submission
示例#8
0
 def has_object_permission(self, request, view, obj):
     assert isinstance(obj, (CollectedGuidMetadata, Collection)), 'obj must be an Collection or CollectedGuidMetadata, got {}'.format(obj)
     auth = get_user_auth(request)
     collection = Collection.load(request.parser_context['kwargs']['node_id'])
     pointer_node = collection.collectedguidmetadata_set.get(guid___id=request.parser_context['kwargs']['node_link_id']).guid.referent
     if request.method in permissions.SAFE_METHODS:
         has_collection_auth = auth.user and auth.user.has_perm('read_collection', collection)
         if isinstance(pointer_node, AbstractNode):
             has_pointer_auth = pointer_node.can_view(auth)
         elif isinstance(pointer_node, Collection):
             has_pointer_auth = auth.user and auth.user.has_perm('read_collection', pointer_node)
         public = pointer_node.is_public
         has_auth = public or (has_collection_auth and has_pointer_auth)
         return has_auth
     else:
         return auth.user and auth.user.has_perm('write_collection', collection)
def migrate():
    targets = get_targets()
    total = len(targets)
    for i, user in enumerate(targets):
        logger.info('({}/{}) Preparing to migrate User {}'.format(i + 1, total, user._id))
        bookmarks = Collection.find(Q('is_bookmark_collection', 'eq', True) & Q('creator', 'eq', user))
        if sum([bool(n.nodes) for n in bookmarks]) > 1:
            logger.warn('Expected no users to have more than one bookmark with .nodes, {} violated. Selecting first one'.format(user._id))
        bookmark_to_keep = None
        for n in bookmarks:
            if n.nodes:
                bookmark_to_keep = n
                break
        bookmark_to_keep = bookmark_to_keep or bookmarks[0]
        logger.info('Marking Collection {} as primary Bookmark Collection for User {}, preparing to delete others'.format(bookmark_to_keep._id, user._id))
        for n in bookmarks:
            if n._id != bookmark_to_keep._id:
                n.is_deleted = True
                n.save()
        logger.info('Successfully migrated User {}'.format(user._id))
    logger.info('Successfully migrated {} users'.format(total))