def index(self): if not request.environ.get('repoze.who.identity'): abort(401, "Not Authorised") ident = request.environ.get('repoze.who.identity') c.ident = ident c.granary_list = ag.authz(ident, permission=['administrator', 'manager']) http_method = request.environ['REQUEST_METHOD'] if http_method == 'GET': if not 'administrator' in ident['permissions'] and not 'manager' in ident['permissions']: abort(403, "Do not have administrator or manager credentials") else: if not 'administrator' in ident['permissions']: abort(403, "Do not have administrator credentials") if http_method == "GET": #c.granary = ag.granary # conneg return accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: return render("/admin_silos.html") elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = 'application/json; charset="UTF-8"' response.status_int = 200 response.status = "200 OK" return simplejson.dumps(list(c.granary_list)) try: mimetype = accept_list.pop(0) except IndexError: mimetype = None #Whoops nothing satisfies - return text/html return render("admin_silos.html") elif http_method == "POST": params = request.POST if 'silo' in params: if ag.granary.issilo(params['silo']): abort(403, "The silo %s exists"%params['silo']) if not allowable_id2(params['silo']): response.content_type = "text/plain" response.status_int = 400 response.status = "400 Bad request. Silo name not valid" return "Silo name can contain only the following characters - %s and has to be more than 1 character"%ag.naming_rule_humanized #NOTE: #If any userid in params['administrators']/params['managers']/params['submitters'] does not exist, return 403 #if administartor list is empty, append current user to administartor list #Owner is the superset of adminstrators, managers and submitters existing_users = list_usernames() owners = [] admins = [] managers = [] submitters = [] #if 'owners' in params and params['owners']: # owners = [x.strip() for x in kw['owners'].split(",") if x] if 'administrators' in params and params['administrators']: admins = [x.strip() for x in params['administrators'].split(",") if x] owners.extend(admins) if 'managers' in params and params['managers']: managers = [x.strip() for x in params['managers'].split(",") if x] owners.extend(managers) if 'submitters' in params and params['submitters']: submitters = [x.strip() for x in params['submitters'].split(",") if x] owners.extend(submitters) if not admins: owners.append(ident['user'].user_name) admins.append(ident['user'].user_name) owners = list(set(owners)) for o in owners: if not o in existing_users: abort (403, "User %s does not exist"%o) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) # Create new silo silo = params['silo'] g_root = config.get("granary.uri_root", "info:") c.silo = ag.granary.get_rdf_silo(silo, uri_base="%s%s/datasets/" % (g_root, silo)) ag.granary._register_silos() kw = {} for term in accepted_params: if term in params: kw[term] = params[term] kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) du = ag.granary.disk_usage_silo(silo) kw['disk_usage'] = du ag.granary.describe_silo(silo, **kw) ag.granary.sync() # Add silo to database add_silo(silo) try: ag.b.silo_creation(silo, ident=ident['repoze.who.userid']) except: pass #Add users belonging to the silo, to the database all_silo_users = [] for a in admins: all_silo_users.append((a, 'administrator')) for a in managers: all_silo_users.append((a, 'manager')) for a in submitters: all_silo_users.append((a, 'submitter')) add_group_users(params['silo'], all_silo_users) ag.granary.state.revert() ag.granary._register_silos() # conneg return accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: redirect(url(controller="datasets", action="siloview", silo=silo)) elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = "text/plain" response.status_int = 201 response.status = "201 Created" response.headers['Content-Location'] = url(controller="datasets", action="siloview", silo=silo) return "201 Created Silo %s" % silo try: mimetype = accept_list.pop(0) except IndexError: mimetype = None # Whoops - nothing satisfies - return text/plain response.content_type = "text/plain" response.status_int = 201 response.status = "201 Created" response.headers['Content-Location'] = url(controller="datasets", action="siloview", silo=silo) return "201 Created Silo %s" % silo else: response.content_type = "text/plain" response.status_int = 400 response.status = "400 Bad Request" return "400 Bad request. No valid parameters found."
def siloview(self, silo): if not request.environ.get('repoze.who.identity'): abort(401, "Not Authorised") if not ag.granary.issilo(silo): abort(404) ident = request.environ.get('repoze.who.identity') c.ident = ident c.silo = silo silos = ag.authz(ident, permission=['administrator', 'manager']) if not silo in silos: abort(403, "Do not have administrator or manager credentials for silo %s"%silo) user_groups = list_user_groups(ident['user'].user_name) if ('*', 'administrator') in user_groups: #User is super user c.roles = ["admin", "manager", "user"] elif (silo, 'administrator') in user_groups: c.roles = ["admin", "manager", "user"] elif (silo, 'manager') in user_groups: c.roles = ["manager", "user"] else: abort(403, "Do not have administrator or manager credentials for silo %s"%silo) http_method = request.environ['REQUEST_METHOD'] c.kw = ag.granary.describe_silo(silo) if http_method == "GET": accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: return render("/admin_siloview.html") elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = 'application/json; charset="UTF-8"' response.status_int = 200 response.status = "200 OK" return simplejson.dumps(dict(c.kw)) try: mimetype = accept_list.pop(0) except IndexError: mimetype = None #Whoops nothing satisfies - return text/html return render("/admin_siloview.html") elif http_method == "POST": params = request.POST #Get existing owners, admins, managers and submitters owners = [] admins = [] managers = [] submitters = [] if 'owners' in c.kw and c.kw['owners']: owners = [x.strip() for x in c.kw['owners'].split(",") if x] if 'administrators' in c.kw and c.kw['administrators']: admins = [x.strip() for x in c.kw['administrators'].split(",") if x] if 'managers' in c.kw and c.kw['managers']: managers = [x.strip() for x in c.kw['managers'].split(",") if x] if 'submitters' in c.kw and c.kw['submitters']: submitters = [x.strip() for x in c.kw['submitters'].split(",") if x] #Get new members new_owners = [] #Get new admins new_admins = [] if 'administrators' in params and params['administrators']: returned_admins = [x.strip() for x in params['administrators'].split(",") if x] new_admins = [x for x in returned_admins if not x in admins] new_owners.extend(new_admins) #Get new managers new_managers = [] if 'managers' in params and params['managers']: returned_managers = [x.strip() for x in params['managers'].split(",") if x] new_managers = [x for x in returned_managers if not x in managers] new_owners.extend(new_managers) #Get new submitters new_submitters = [] if 'submitters' in params and params['submitters']: returned_submitters = [x.strip() for x in params['submitters'].split(",") if x] new_submitters = [x for x in returned_submitters if not x in submitters] new_owners.extend(new_submitters) #Check if the new members exist. If not return 403 existing_users = list_usernames() new_owners = list(set(new_owners)) for o in new_owners: if not o in existing_users: abort (403, "User %s does not exist"%o) if new_admins and not 'admin' in c.roles: abort (403, "Only administrators can assing users to role 'administrator'") owners.extend(new_owners) new_admins = list(set(new_admins)) admins.extend(new_admins) new_managers = list(set(new_managers)) managers.extend(new_managers) new_submitters = list(set(new_submitters)) submitters.extend(new_submitters) # Update silo info updateMetadata = False for term in accepted_params: if term in params and not term in ['owners', 'administrators', 'managers', 'submitters'] and params[term]: c.kw[term] = params[term] updateMetadata = True if new_owners or new_admins or new_managers or new_submitters or updateMetadata: new_silo_users = [] if new_owners: c.kw['owners'] = ','.join(owners) if new_admins: c.kw['administrators'] = ','.join(admins) for a in new_admins: new_silo_users.append((a, 'administrator')) if new_managers: c.kw['managers'] = ','.join(managers) for a in new_managers: new_silo_users.append((a, 'manager')) if new_submitters: c.kw['submitters'] = ','.join(submitters) for a in new_submitters: new_silo_users.append((a, 'submitter')) #Add metadat changes to the silo ag.granary.describe_silo(silo, **c.kw) ag.granary.sync() #Add new silo users into database if new_silo_users: add_group_users(silo, new_silo_users) if updateMetadata: try: ag.b.silo_change(silo, ident=ident['repoze.who.userid']) except: pass # conneg return accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: c.message = "Metadata updated" c.kw = ag.granary.describe_silo(silo) return render("/admin_siloview.html") elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = "text/plain" response.status_int = 204 response.status = "204 Updated" #return "Updated Silo %s" % silo return try: mimetype = accept_list.pop(0) except IndexError: mimetype = None # Whoops - nothing satisfies - return text/plain response.content_type = "text/plain" response.status_int = 204 response.status = "204 Updated" return elif http_method == "DELETE": # Deletion of an entire Silo... # Serious consequences follow this action # Walk through all the items, emit a delete msg for each # and then remove the silo todelete_silo = ag.granary.get_rdf_silo(silo) #for item in todelete_silo.list_items(): # try: # ag.b.deletion(silo, item, ident=ident['repoze.who.userid']) # except: # pass ag.granary.delete_silo(silo) try: ag.b.silo_deletion(silo, ident=ident['repoze.who.userid']) except: pass try: del ag.granary.state[silo] except: pass ag.granary.sync() ag.granary._register_silos() #Delete silo from database delete_silo(silo) # conneg return accept_list = None response.content_type = "text/plain" response.status_int = 200 response.status = "200 OK" return "{'ok':'true'}"
def sync_members(g): # NOTE: g._register_silos() IS AN EXPENSIVE OPERATION. # THIS FUNCTION IS EXPENSIVE AND SHOULD BE CALLED ONLY IF REALLY NECESSARY #g = ag.granary g.state.revert() g._register_silos() granary_list = g.silos granary_list_database = list_silos() usernames = list_usernames() for silo in granary_list: if not silo in granary_list_database: add_silo(silo) kw = g.describe_silo(silo) #Get existing owners, admins, managers and submitters from silo metadata owners = [] admins = [] managers = [] submitters = [] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] # Check users in silo metadata are valid users owners = [x for x in owners if x in usernames] admins = [x for x in admins if x in usernames] managers = [x for x in managers if x in usernames] submitters = [x for x in submitters if x in usernames] #Synchronize members in silo metadata with users in database d_admins = [] d_managers = [] d_sunbmitters = [] if silo in granary_list_database: d_admins, d_managers, d_submitters = list_group_usernames(silo) admins.extend(d_admins) managers.extend(d_managers) submitters.extend(d_submitters) # Ensure users are listed just once in silo metadata and owner is superset owners.extend(admins) owners.extend(managers) owners.extend(submitters) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) owners = list(set(owners)) # Add users in silo metadata to the database new_silo_users = [] for a in admins: if not a in d_admins: new_silo_users.append((a, 'administrator')) for a in managers: if not a in d_managers: new_silo_users.append((a, 'manager')) for a in new_submitters: if not a in d_submitters: new_silo_users.append((a, 'submitter')) if new_silo_users: add_group_users(silo, new_silo_users) #Write members into silo kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) g.describe_silo(silo, **kw) g.sync() return
def silouserview(self, silo, username): if not request.environ.get('repoze.who.identity'): abort(401, "Not Authorised") if not ag.granary.issilo(silo): abort(404) ident = request.environ.get('repoze.who.identity') http_method = request.environ['REQUEST_METHOD'] if http_method == 'GET': silos = ag.authz(ident) if not silo in silos: abort(403, "User is not a member of the silo %s"%silo) if not ('administrator' in ident['permissions'] or \ 'manager' in ident['permissions'] or ident['user'].user_name == username): abort(403, "Do not have administrator or manager credentials to view profiles of other users") else: silos = ag.authz(ident, permission=['administrator', 'manager']) if not silo in silos: abort(403, "Do not have administrator or manager credentials for silo %s"%silo) if not ('administrator' in ident['permissions'] or 'manager' in ident['permissions']): abort(403, "Do not have administrator or manager credentials") existing_users = list_usernames() if not username in existing_users: abort(404, "User not found") c.ident = ident c.silo = silo c.username = username if http_method == "GET": a, m, s = list_group_usernames(silo) if not (username in a or username in m or username in s): abort(404, "User not found in silo") c.user = list_user(username) #if 'groups' in c.user and c.user['groups']: # for i in c.user['groups']: # if i[0] != silo: # c.user['groups'].remove(i) accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: return render("/silo_user.html") elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = 'application/json; charset="UTF-8"' response.status_int = 200 response.status = "200 OK" return simplejson.dumps(c.user) try: mimetype = accept_list.pop(0) except IndexError: mimetype = None #Whoops nothing satisfies - return text/plain response.content_type = 'application/json; charset="UTF-8"' response.status_int = 200 response.status = "200 OK" return simplejson.dumps(c.user) elif http_method == "POST": params = request.POST if not ('role' in params and params['role'] and params['role'] in ['administrator', 'manager', 'submitter']): abort(400, "Parameters 'role' not found or is invalid") kw = ag.granary.describe_silo(silo) #Get existing owners, admins, managers and users owners = [] admins = [] managers = [] submitters = [] if 'owners' in kw and kw['owners']: owners = [x.strip() for x in kw['owners'].split(",") if x] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] to_remove = [] to_add = [] if params['role'] == 'administrator': if not 'administrator' in ident['permissions']: abort(403, "Need to be administrator to add user to role admin") if not username in admins: to_add.append((username, 'administrator')) admins.append(username) if not username in owners: owners.append(username) if username in managers: managers.remove(username) to_remove.append((username, 'manager')) if username in submitters: submitters.remove(username) to_remove.append((username, 'submitter')) elif params['role'] == 'manager': if not username in managers: to_add.append((username, 'manager')) managers.append(username) if not username in owners: owners.append(username) if username in admins: if not 'administrator' in ident['permissions']: abort(403, "Need to be admin to modify user of role admin") if len(admins) == 1: abort(403, "Add another administrator to silo before updating user role") admins.remove(username) to_remove.append((username, 'administrator')) if username in submitters: submitters.remove(username) to_remove.append((username, 'submitter')) elif params['role'] == 'submitter': if not username in submitters: to_add.append((username, 'submitter')) submitters.append(username) if not username in owners: owners.append(username) if username in admins: if not 'administrator' in ident['permissions']: abort(403, "Need to be admin to modify user of role admin") if len(admins) == 1: abort(403, "Add another administrator to silo before updating user role") admins.remove(username) to_remove.append((username, 'administrator')) if username in managers: if len(managers) == 1 and len(admins) == 0: abort(403, "Add another administrator or manager to silo before updating user role") managers.remove(username) to_remove.append((username, 'manager')) owners = list(set(owners)) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) # Update silo info if to_remove or to_add: kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) ag.granary.describe_silo(silo, **kw) ag.granary.sync() #Add new silo users into database if to_add: add_group_users(silo, to_add) response.status_int = 201 response.status = "201 Created" response.headers['Content-Location'] = url(controller="users", action="silouserview", silo=silo, username=username) response_message = "201 Created" if to_remove: delete_group_users(silo, to_remove) response.status_int = 204 response.status = "204 Updated" response_message = None else: response.status_int = 400 response.status = "400 Bad Request" response_message = "No updates to user role" #Conneg return accept_list = None if 'HTTP_ACCEPT' in request.environ: try: accept_list = conneg_parse(request.environ['HTTP_ACCEPT']) except: accept_list= [MT("text", "html")] if not accept_list: accept_list= [MT("text", "html")] mimetype = accept_list.pop(0) while(mimetype): if str(mimetype).lower() in ["text/html", "text/xhtml"]: redirect(url(controller="users", action="silouserview", silo=silo, username=username)) elif str(mimetype).lower() in ["text/plain", "application/json"]: response.content_type = 'application/json; charset="UTF-8"' return response_message try: mimetype = accept_list.pop(0) except IndexError: mimetype = None #Whoops nothing satisfies - return text/plain response.content_type = 'application/json; charset="UTF-8"' return response_message elif http_method == "DELETE": kw = ag.granary.describe_silo(silo) #Get existing owners, admins, managers and users owners = [] admins = [] managers = [] submitters = [] if 'owners' in kw and kw['owners']: owners = [x.strip() for x in kw['owners'].split(",") if x] if 'administrators' in kw and kw['administrators']: admins = [x.strip() for x in kw['administrators'].split(",") if x] if 'managers' in kw and kw['managers']: managers = [x.strip() for x in kw['managers'].split(",") if x] if 'submitters' in kw and kw['submitters']: submitters = [x.strip() for x in kw['submitters'].split(",") if x] #Gather user roles to delete to_remove = [] if username in admins: if not 'administrator' in ident['permissions']: abort(403, "Need to be admin to modify user of role admin") if len(admins) == 1: abort(403, "Add another administrator to silo before deleting user") to_remove.append((username, 'administrator')) admins.remove(username) if username in managers: if len(managers) == 1 and len(admins) == 0: abort(403, "Add another administrator or manager to silo before deleting user") managers.remove(username) to_remove.append((username, 'manager')) if username in submitters: submitters.remove(username) to_remove.append((username, 'submitter')) if username in owners: owners.remove(username) owners = list(set(owners)) admins = list(set(admins)) managers = list(set(managers)) submitters = list(set(submitters)) if to_remove: # Update silo info kw['owners'] = ','.join(owners) kw['administrators'] = ','.join(admins) kw['managers'] = ','.join(managers) kw['submitters'] = ','.join(submitters) ag.granary.describe_silo(silo, **kw) ag.granary.sync() delete_group_users(silo, to_remove) else: abort(400, "No user to delete") accept_list = None response.content_type = "text/plain" response.status_int = 200 response.status = "200 OK" return "{'ok':'true'}"