def delete(self, request, username, object_type, perm, object_id=0): permission_required(request.user, 'ACL', 'delete') u = get_object_or_404(User, username=username) for acl in u.userdata.get_perms(object_type, perm, object_id): acl.delete() data = {'status': 'ok'} return json_response(data)
def get(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) acls = ACL.objects.filter(object_type='AuthEvent', perm='vote', object_id=pk) userids = [] object_list = [] users = {} data = {} for acl in acls: userids.append(acl.user.pk) users[acl.user.user.username] = acl.user.user.email metadata = acl.user.serialize_data() data[acl.user.user.username] = metadata object_list.append({ "id": acl.user.pk, "username": acl.user.user.username, "metadata": metadata }) jsondata = json.dumps({ 'userids': userids, 'users': users, 'data': data, 'object_list': object_list }) return HttpResponse(jsondata, content_type='application/json')
def post(self, request): ''' Edit user. Only can change password. ''' pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') try: req = parse_json_request(request) except: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) old_pwd = req.get('old_pwd', '') new_pwd = req.get('new_pwd', '') if not old_pwd or not new_pwd: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) if not user.check_password(old_pwd): return json_response( status=400, error_codename="INVALID_OLD_PASSWORD") user.set_password(new_pwd) user.save() data = {'status': 'ok'} return json_response(data)
def post(self, request): ''' Edit user. Only can change password. ''' pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') try: req = parse_json_request(request) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) old_pwd = req.get('old_pwd', '') new_pwd = req.get('new_pwd', '') if not old_pwd or not new_pwd: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if not user.check_password(old_pwd): return json_response(status=400, error_codename="INVALID_OLD_PASSWORD") user.set_password(new_pwd) user.save() data = {'status': 'ok'} return json_response(data)
def post(self, request): permission_required(request.user, 'ACL', 'create') data = {'status': 'ok'} try: req = parse_json_request(request) user_id = req.get('userid', None) assert (isinstance(user_id, int)) perms = req.get('perms', []) assert (isinstance(perms, list)) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) u = User.objects.get(pk=req.get('userid', None)) for perm in perms: user = get_object_or_404(UserData, user__username=perm['user']) acl = ACL(user=user, perm=perm['perm'], object_type=perm['object_type'], object_id=perm.get('object_id', 0)) acl.save() return json_response(data)
def post(self, request): ''' Edit user. Only can change password. ''' pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') try: req = json.loads(request.body.decode('utf-8')) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) old_pwd = req.get('old_pwd') new_pwd = req.get('new_pwd') if not old_pwd or not new_pwd: return json_response(status=400, message="") if not user.check_password(old_pwd): return json_response(status=400, message="Invalid old password") user.set_password(new_pwd) user.save() data = {'status': 'ok'} return json_response(data)
def delete(self, request, username, object_type, perm, object_id=0): permission_required(request.user, 'ACL', 'delete') u = get_object_or_404(User, username=username) for acl in u.userdata.get_perms(object_type, perm, object_id): acl.delete() data = {'status': 'ok'} jsondata = json.dumps(data) return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk): ''' Send authentication emails to the whole census ''' permission_required(request.user, 'AuthEvent', ['edit', 'send-auth'], pk) data = {'msg': 'Sent successful'} # first, validate input e = get_object_or_404(AuthEvent, pk=pk) try: req = parse_json_request(request) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) userids = req.get("user-ids", None) if userids is None: permission_required(request.user, 'AuthEvent', ['edit', 'send-auth-all'], pk) extra_req = req.get('extra', {}) auth_method = req.get("auth-method", None) # force extra_req type to be a dict if not isinstance(extra_req, dict): return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) if req.get('msg', '') or req.get('subject', ''): config = {} if req.get('msg', ''): config['msg'] = req.get('msg', '') if req.get('subject', ''): config['subject'] = req.get('subject', '') else: send_error = census_send_auth_task( pk, get_client_ip(request), None, userids, auth_method, request.user.id, **extra_req) if send_error: return json_response(**send_error) return json_response(data) if config.get('msg', None) is not None: if type(config.get('msg', '')) != str or len(config.get('msg', '')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) send_error = census_send_auth_task( pk, get_client_ip(request), config, userids, auth_method, request.user.id, **extra_req) if send_error: return json_response(**send_error) return json_response(data)
def get(self, request, username, object_type, perm, object_id=0): permission_required(request.user, 'ACL', 'view') data = {'status': 'ok'} u = get_object_or_404(User, username=username) if u.userdata.has_perms(object_type, perm, object_id): data['perm'] = True else: data['perm'] = False return json_response(data)
def get(self, request, pk, uid): permission_required(request.user, 'AuthEvent', 'edit', pk) ae = get_object_or_404(AuthEvent, pk=pk) u = get_object_or_404(UserData, event__pk=pk, user__username=uid) fname = u.user.username path = os.path.join(settings.IMAGE_STORE_PATH, fname) data = {'img': open(path).read()} return json_response(data)
def get(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) filter_str = request.GET.get('filter', None) query = ACL.objects.filter(object_type='AuthEvent', perm='vote', object_id=pk) if filter_str is not None: q = (Q(user__user__username__icontains=filter_str) | Q(user__user__email__icontains=filter_str) | Q(user__tlf__icontains=filter_str) | Q(user__metadata__icontains=filter_str)) query = query.filter(q) # filter, with constraints query = filter_query( filters=request.GET, query=query, constraints=dict( filters=dict( user__user__id=dict( lt=int, gt=int, ), user__user__is_active=dict( equals=bool ), user__user__date_joined=dict( lt=datetime, gt=datetime ) ), order_by=[ 'user__user__id', 'user__user__is_active', 'user__user__date_joined'] ), prefix='census__', contraints_policy='ignore_invalid') def serializer(acl): return { "id": acl.user.user.pk, "username": acl.user.user.username, "active": acl.user.user.is_active, "date_joined": acl.user.user.date_joined.isoformat(), "metadata": acl.user.serialize_data() } acls = paginate( request, query, serialize_method=serializer, elements_name='object_list') return json_response(acls)
def get(self, request, username, object_type, perm, object_id=0): permission_required(request.user, 'ACL', 'view') data = {'status': 'ok'} u = get_object_or_404(User, username=username) if u.userdata.has_perms(object_type, perm, object_id): data['perm'] = True else: data['perm'] = False jsondata = json.dumps(data) return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) ae = get_object_or_404(AuthEvent, pk=pk) req = json.loads(request.body.decode('utf-8')) for uid in req.get('user-ids'): u = get_object_or_404(User, pk=uid, userdata__event=ae) for acl in u.userdata.acls.all(): acl.delete() u.delete() return json_response()
def post(self, request, pk, status): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) if e.status != status: e.status = status e.save() st = 200 else: st = 400 return json_response(status=st, message='Authevent status: %s' % status)
def delete(request, pk): ''' Delete a auth-event. delete_authevent permission required ''' permission_required(request.user, 'AuthEvent', 'edit', pk) ae = AuthEvent.objects.get(pk=pk) ae.delete() data = {'status': 'ok'} return json_response(data)
def post(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) ae = get_object_or_404(AuthEvent, pk=pk) req = json.loads(request.body.decode('utf-8')) for uid in req.get('user-ids'): u = get_object_or_404(User, pk=uid, userdata__event=ae) u.is_active = self.activate u.save() if self.activate: send_codes.apply_async(args=[[u for u in req.get('user-ids')], get_client_ip(request)]) return json_response()
def delete(request, pk): ''' Delete a auth-event. delete_authevent permission required ''' permission_required(request.user, 'AuthEvent', ['edit', 'delete'], pk) ae = AuthEvent.objects.get(pk=pk) ae.delete() data = {'status': 'ok'} return json_response(data)
def post(self, request, pk): permission_required(request.user, 'AuthEvent', ['edit', 'census-delete'], pk) ae = get_object_or_404(AuthEvent, pk=pk) req = parse_json_request(request) user_ids = req.get('user-ids', []) check_contract(CONTRACTS['list_of_ints'], user_ids) for uid in user_ids: u = get_object_or_404(User, pk=uid, userdata__event=ae) for acl in u.userdata.acls.all(): acl.delete() u.delete() return json_response()
def delete(request, pk): ''' Delete a auth-event. delete_authevent permission required ''' permission_required(request.user, 'AuthEvent', 'edit', pk) ae = AuthEvent.objects.get(pk=pk) ae.delete() data = {'status': 'ok'} jsondata = json.dumps(data) return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) try: data = auth_census(e, request) except: bad_request = json.dumps({"error": "bad_request"}) return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if data['status'] == 'ok': return json_response(data) else: return json_response(status=400, message=data.get('msg'), error_codename=data.get('error_codename'))
def post(self, request, pk, status): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) if e.status != status: e.status = status e.save() st = 200 else: st = 400 jsondata = json.dumps({'msg': 'Authevent status: %s' % status}) return HttpResponse(jsondata, status=st, content_type='application/json')
def post(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) ae = get_object_or_404(AuthEvent, pk=pk) req = parse_json_request(request) user_ids = req.get('user-ids', []) check_contract(CONTRACTS['list_of_ints'], user_ids) for uid in user_ids: u = get_object_or_404(User, pk=uid, userdata__event=ae) for acl in u.userdata.acls.all(): acl.delete() u.delete() return json_response()
def get(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) filter_str = request.GET.get('filter', None) query = ACL.objects.filter(object_type='AuthEvent', perm='vote', object_id=pk) if filter_str is not None: q = (Q(user__user__username__icontains=filter_str) | Q(user__user__email__icontains=filter_str) | Q(user__tlf__icontains=filter_str) | Q(user__metadata__icontains=filter_str)) query = query.filter(q) # filter, with constraints query = filter_query(filters=request.GET, query=query, constraints=dict(filters=dict( user__user__id=dict( lt=int, gt=int, ), user__user__is_active=dict(equals=bool), user__user__date_joined=dict(lt=datetime, gt=datetime)), order_by=[ 'user__user__id', 'user__user__is_active', 'user__user__date_joined' ]), prefix='census__', contraints_policy='ignore_invalid') def serializer(acl): return { "id": acl.user.user.pk, "username": acl.user.user.username, "active": acl.user.user.is_active, "date_joined": acl.user.user.date_joined.isoformat(), "metadata": acl.user.serialize_data() } acls = paginate(request, query, serialize_method=serializer, elements_name='object_list') return json_response(acls)
def post(self, request, pk, status): alt = dict( notstarted="notstarted", started='start', stopped='stop' )[status] permission_required(request.user, 'AuthEvent', ['edit', alt], pk) e = get_object_or_404(AuthEvent, pk=pk) if e.status != status: e.status = status e.save() st = 200 else: st = 400 return json_response(status=st, message='Authevent status: %s' % status)
def get(self, request, pk=None): ''' Get user info ''' userdata = None if pk is None: pk = request.user.pk userdata = request.user.userdata permission_required(request.user, 'UserData', 'edit', pk) if userdata is None: userdata = get_object_or_404(UserData, pk=pk) data = userdata.serialize() extend_info = plugins.call("extend_user_info", userdata.user) if extend_info: for info in extend_info: data.update(info.serialize()) return json_response(data)
def get(self, request, pk=None): ''' Lists all AuthEvents if not pk. If pk show the event with this pk ''' data = {'status': 'ok'} user, _, _ = get_login_user(request) if pk: e = AuthEvent.objects.get(pk=pk) if (user is not None and user.is_authenticated() and permission_required( user, 'AuthEvent', ['edit', 'view'], e.id, return_bool=True)): aes = e.serialize() else: aes = e.serialize_restrict() extend_info = plugins.call("extend_ae_info", user, e) if extend_info: for info in extend_info: aes.update(info.serialize()) data['events'] = aes else: events = AuthEvent.objects.all() aes = paginate(request, events, serialize_method='serialize_restrict', elements_name='events') data.update(aes) return json_response(data)
def post(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) e = get_object_or_404(AuthEvent, pk=pk) error_kwargs = plugins.call("extend_add_census", e, request) if error_kwargs: return json_response(**error_kwargs[0]) try: data = auth_census(e, request) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if data['status'] == 'ok': return json_response(data) else: return json_response(status=400, error_codename=data.get('error_codename'))
def post(self, request): pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') new_pwd = random_code(8) send_mail.apply_async(args=[ 'Reset password', 'This is your new password: %s' % new_pwd, user.email ]) user.set_password(new_pwd) user.save() data = {'status': 'ok'} return json_response(data)
def get(self, request, pk=None): ''' Lists all AuthEvents if not pk. If pk show the event with this pk ''' data = {'status': 'ok'} user, _ = get_login_user(request) if pk: e = AuthEvent.objects.get(pk=pk) if (user is not None and user.is_authenticated() and permission_required( user, 'AuthEvent', 'edit', e.id, return_bool=True)): aes = e.serialize() else: aes = e.serialize_restrict() extend_info = plugins.call("extend_ae_info", user, e) if extend_info: for info in extend_info: aes.update(info.serialize()) data['events'] = aes else: events = AuthEvent.objects.all() aes = paginate(request, events, serialize_method='serialize_restrict', elements_name='events') data.update(aes) return json_response(data)
def post(self, request): permission_required(request.user, 'ACL', 'create') data = {'status': 'ok'} try: req = json.loads(request.body.decode('utf-8')) except: bad_request = json.dumps({"error": "bad_request"}) return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) u = User.objects.get(pk=req['userid']) for perm in req['perms']: user = get_object_or_404(UserData, user__username=perm['user']) acl = ACL(user=user, perm=perm['perm'], object_type=perm['object_type'], object_id=perm.get('object_id', 0)) acl.save() return json_response(data)
def post(self, request, pk): permission_required(request.user, 'AuthEvent', ['edit', 'census-add'], pk) e = get_object_or_404(AuthEvent, pk=pk) error_kwargs = plugins.call("extend_add_census", e, request) if error_kwargs: return json_response(**error_kwargs[0]) try: data = auth_census(e, request) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if data['status'] == 'ok': return json_response(data) else: return json_response( status=400, error_codename=data.get('error_codename'))
def post(self, request): pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') new_pwd = random_code(8) send_mail.apply_async(args=[ 'Reset password', 'This is your new password: %s' % new_pwd, user.email ]) user.set_password(new_pwd) user.save() jsondata = json.dumps({'status': 'ok'}) return HttpResponse(jsondata, content_type='application/json')
def post(self, request): pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') new_pwd = random_code(8) send_mail.apply_async(args=[ 'Reset password', 'This is your new password: %s' % new_pwd, user.email]) user.set_password(new_pwd) user.save() data = {'status': 'ok'} return json_response(data)
def post(self, request, pk): permission_required(request.user, 'AuthEvent', 'edit', pk) ae = get_object_or_404(AuthEvent, pk=pk) req = parse_json_request(request) user_ids = req.get('user-ids', []) check_contract(CONTRACTS['list_of_ints'], user_ids) for uid in user_ids: u = get_object_or_404(User, pk=uid, userdata__event=ae) u.is_active = self.activate u.save() if self.activate: send_codes.apply_async(args=[[u for u in user_ids], get_client_ip(request)]) return json_response()
def post(self, request, pk): ''' Send authentication emails to the whole census ''' permission_required(request.user, 'AuthEvent', 'edit', pk) data = {'msg': 'Sent successful'} # first, validate input e = get_object_or_404(AuthEvent, pk=pk) if e.status != 'started': return json_response(status=400, error_codename="AUTH_EVENT_NOT_STARTED") try: req = parse_json_request(request) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) userids = req.get("user-ids", None) extra_req = req.get('extra', {}) # force extra_req type to be a dict if not isinstance(extra_req, dict): return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if req.get('msg', '') or req.get('subject', ''): config = {} if req.get('msg', ''): config['msg'] = req.get('msg', '') if req.get('subject', ''): config['subject'] = req.get('subject', '') else: send_error = census_send_auth_task(pk, get_client_ip(request), None, userids, **extra_req) if send_error: return json_response(**send_error) return json_response(data) if config.get('msg', None) is not None: if type(config.get('msg', '')) != str or len(config.get( 'msg', '')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) send_error = census_send_auth_task(pk, get_client_ip(request), config, userids, **extra_req) if send_error: return json_response(**send_error) return json_response(data)
def post(self, request, pk): ''' Send authentication emails to the whole census ''' permission_required(request.user, 'AuthEvent', 'edit', pk) data = {'msg': 'Sent successful'} # first, validate input e = get_object_or_404(AuthEvent, pk=pk) if e.status != 'started': return json_response( status=400, message='AuthEvent with id = %s has not started' % pk, error_codename=ErrorCodes.BAD_REQUEST) invalid_json = json.dumps({'error': "Invalid json"}) try: req = json.loads(request.body.decode('utf-8')) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) userids = req.get("user-ids", None) if req.get('msg') or req.get('subject'): config = {} if req.get('msg'): config['msg'] = req.get('msg') if req.get('subject'): config['subject'] = req.get('subject') else: msg = census_send_auth_task(pk, get_client_ip(request), None, userids) if msg: data['msg'] = msg return json_response(data) if config.get('msg', None) is not None: if type(config.get('msg')) != str or len(config.get( 'msg')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) msg = census_send_auth_task(pk, get_client_ip(request), config, userids) if msg: data['msg'] = msg return json_response(data)
def post(self, request, pk): ''' Send authentication emails to the whole census ''' permission_required(request.user, 'AuthEvent', 'edit', pk) data = {'msg': 'Sent successful'} # first, validate input e = get_object_or_404(AuthEvent, pk=pk) if e.status != 'started': jsondata = json.dumps( {'error': 'AuthEvent with id = %s has not started' % pk}) return HttpResponseBadRequest(jsondata, content_type='application/json') invalid_json = json.dumps({'error': "Invalid json"}) try: req = json.loads(request.body.decode('utf-8')) except: return HttpResponseBadRequest(invalid_json, content_type='application/json') userids = req.get("user-ids", None) if req.get('msg') or req.get('subject'): config = {} if req.get('msg'): config['msg'] = req.get('msg') if req.get('subject'): config['subject'] = req.get('subject') else: msg = census_send_auth_task(pk, None, userids) if msg: data['msg'] = msg return HttpResponse("", content_type='application/json') if config.get('msg', None) is not None: if type(config.get('msg')) != str or len(config.get( 'msg')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]: return HttpResponseBadRequest(invalid_json, content_type='application/json') msg = census_send_auth_task(pk, config, userids) if msg: data['msg'] = msg jsondata = json.dumps(data) return HttpResponse(jsondata, content_type='application/json')
def post(self, request): permission_required(request.user, 'ACL', 'create') data = {'status': 'ok'} try: req = json.loads(request.body.decode('utf-8')) except: bad_request = json.dumps({"error": "bad_request"}) return HttpResponseBadRequest(bad_request, content_type='application/json') u = User.objects.get(pk=req['userid']) for perm in req['perms']: user = get_object_or_404(UserData, user__username=perm['user']) acl = ACL(user=user, perm=perm['perm'], object_type=perm['object_type'], object_id=perm.get('object_id', 0)) acl.save() jsondata = json.dumps(data) return HttpResponse(jsondata, content_type='application/json')
def post(self, request, pk): permission_required(request.user, 'AuthEvent', ['edit', 'census-activation'], pk) ae = get_object_or_404(AuthEvent, pk=pk) req = parse_json_request(request) user_ids = req.get('user-ids', []) check_contract(CONTRACTS['list_of_ints'], user_ids) for uid in user_ids: u = get_object_or_404(User, pk=uid, userdata__event=ae) u.is_active = self.activate u.save() if self.activate: send_codes.apply_async( args=[ [u for u in user_ids], get_client_ip(request), ae.auth_method ]) return json_response()
def post(self, request, pk): ''' Send authentication emails to the whole census ''' permission_required(request.user, 'AuthEvent', 'edit', pk) data = {'msg': 'Sent successful'} # first, validate input e = get_object_or_404(AuthEvent, pk=pk) if e.status != 'started': return json_response(status=400, message='AuthEvent with id = %s has not started' % pk, error_codename=ErrorCodes.BAD_REQUEST) invalid_json = json.dumps({'error': "Invalid json"}) try: req = json.loads(request.body.decode('utf-8')) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) userids = req.get("user-ids", None) if req.get('msg') or req.get('subject'): config = {} if req.get('msg'): config['msg'] = req.get('msg') if req.get('subject'): config['subject'] = req.get('subject') else: msg = census_send_auth_task(pk, get_client_ip(request), None, userids) if msg: data['msg'] = msg return json_response(data) if config.get('msg', None) is not None: if type(config.get('msg')) != str or len(config.get('msg')) > settings.MAX_AUTH_MSG_SIZE[e.auth_method]: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) msg = census_send_auth_task(pk, get_client_ip(request), config, userids) if msg: data['msg'] = msg return json_response(data)
def post(self, request): permission_required(request.user, 'ACL', 'create') data = {'status': 'ok'} try: req = parse_json_request(request) user_id = req.get('userid', None) assert(isinstance(user_id, int)) perms = req.get('perms', []) assert(isinstance(perms, list)) except: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) u = User.objects.get(pk=req.get('userid', None)) for perm in perms: user = get_object_or_404(UserData, user__username=perm['user']) acl = ACL(user=user, perm=perm['perm'], object_type=perm['object_type'], object_id=perm.get('object_id', 0)) acl.save() return json_response(data)
def post(self, request): ''' Edit user. Only can change password. ''' pk = request.user.pk user = request.user permission_required(user, 'UserData', 'edit', pk) permission_required(user, 'AuthEvent', 'create') try: req = json.loads(request.body.decode('utf-8')) except: bad_request = json.dumps({"error": "bad_request"}) return HttpResponseBadRequest(bad_request, content_type='application/json') old_pwd = req.get('old_pwd') new_pwd = req.get('new_pwd') if not old_pwd or not new_pwd: jsondata = json.dumps({'status': 'nok'}) return HttpResponse(jsondata, status=400, content_type='application/json') if not user.check_password(old_pwd): jsondata = json.dumps({ 'status': 'nok', 'msg': 'Invalid old password' }) return HttpResponse(jsondata, status=400, content_type='application/json') user.set_password(new_pwd) user.save() jsondata = json.dumps({'status': 'ok'}) return HttpResponse(jsondata, content_type='application/json')
def get(self, request, pk): permission_required(request.user, 'AuthEvent', ['edit', 'view-census'], pk) e = get_object_or_404(AuthEvent, pk=pk) filter_str = request.GET.get('filter', None) query = e.get_census_query() if filter_str is not None: if len(e.extra_fields): filter_str = "%" + filter_str + "%" raw_sql = ''' SELECT "api_acl"."id", "api_acl"."user_id", "api_acl"."perm", "api_acl"."object_type", "api_acl"."object_id", "api_acl"."created", "api_userdata"."id", "api_userdata"."user_id", "api_userdata"."event_id", "api_userdata"."tlf", "api_userdata"."metadata", "api_userdata"."status" FROM "api_acl" INNER JOIN "api_userdata" ON ("api_acl"."user_id" = "api_userdata"."id") INNER JOIN "auth_user" ON ("api_userdata"."user_id" = "auth_user"."id") WHERE ("api_acl"."object_id"::int = %s AND "api_acl"."perm" = 'vote' AND "api_acl"."object_type" = 'AuthEvent' AND (UPPER("auth_user"."username"::text) LIKE UPPER(%s) OR UPPER("auth_user"."email"::text) LIKE UPPER(%s) OR UPPER("api_userdata"."tlf"::text) LIKE UPPER(%s)''' params_array = [pk, filter_str, filter_str, filter_str] for field in e.extra_fields: raw_sql += ''' OR UPPER(api_userdata.metadata::jsonb->>%s) LIKE UPPER(%s)''' params_array += [field['name'], filter_str] raw_sql += ''' ))''' raw_query = ACL.objects.raw(raw_sql, params=params_array) id_list = [obj.id for obj in raw_query] query = query.filter(id__in=id_list) else: q = (Q(user__user__username__icontains=filter_str) | Q(user__user__email__icontains=filter_str) | Q(user__tlf__icontains=filter_str)) query = query.filter(q) has_voted_str = request.GET.get('has_voted__equals', None) if has_voted_str is not None: if 'false' == has_voted_str: query = query.annotate(logins=Count('user__successful_logins')).filter(logins__exact=0) elif 'true' == has_voted_str: query = query.annotate(logins=Count('user__successful_logins')).filter(logins__gt=0) # filter, with constraints query = filter_query( filters=request.GET, query=query, constraints=dict( filters=dict( user__user__id=dict( lt=int, gt=int, ), user__user__is_active=dict( equals=bool ), user__user__date_joined=dict( lt=datetime, gt=datetime ) ), order_by=[ 'user__user__id', 'user__user__is_active', 'user__user__date_joined'] ), prefix='census__', contraints_policy='ignore_invalid') def serializer(acl): return { "id": acl.user.user.pk, "username": acl.user.user.username, "active": acl.user.user.is_active, "date_joined": acl.user.user.date_joined.isoformat(), "metadata": acl.user.serialize_data() } acls = paginate( request, query, serialize_method=serializer, elements_name='object_list') return json_response(acls)
def post(request, pk=None): ''' Creates a new auth-event or edit auth_event create_authevent permission required or edit_authevent permission required ''' try: req = parse_json_request(request) except: return json_response( status=400, error_codename=ErrorCodes.BAD_REQUEST) if pk is None: # create real = req.get('real', False) if real: # requires create perm permission_required(request.user, 'AuthEvent', 'create') else: # requires create or create-notreal permission_required(request.user, 'AuthEvent', ['create', 'create-notreal']) auth_method = req.get('auth_method', '') msg = check_authmethod(auth_method) if msg: return json_response(status=400, message=msg) auth_method_config = { "config": METHODS.get(auth_method).CONFIG, "pipeline": METHODS.get(auth_method).PIPELINES } config = req.get('auth_method_config', None) if config: msg += check_config(config, auth_method) extra_fields = req.get('extra_fields', None) if extra_fields: msg += check_extra_fields( extra_fields, METHODS.get(auth_method).USED_TYPE_FIELDS) slug_set = set() for field in extra_fields: if 'name' in field: field['slug'] = slugify(field['name']).replace("-","_").upper() slug_set.add(field['slug']) else: msg += "some extra_fields have no name\n" if len(slug_set) != len(extra_fields): msg += "some extra_fields may have repeated slug names\n" census = req.get('census', '') # check census mode if not census in ('open', 'close'): return json_response( status=400, error_codename="INVALID_CENSUS_TYPE") error_kwargs = plugins.call("extend_type_census", census) if error_kwargs: return json_response(**error_kwargs[0]) based_in = req.get('based_in', None) if based_in and not ACL.objects.filter(user=request.user.userdata, perm='edit', object_type='AuthEvent', object_id=based_in): msg += "Invalid id to based_in" # Note that a login is only complete if a call has been received and # accepted at /authevent/<ID>/successful_login num_successful_logins_allowed = req.get( 'num_successful_logins_allowed', 0) if type(num_successful_logins_allowed) is not int: msg += "num_successful_logins_allowed invalid type" if msg: return json_response( status=400, message=msg, error_codename=ErrorCodes.BAD_REQUEST) if config: auth_method_config.get('config').update(config) ae = AuthEvent(auth_method=auth_method, auth_method_config=auth_method_config, extra_fields=extra_fields, census=census, real=real, num_successful_logins_allowed=num_successful_logins_allowed, based_in=based_in) # Save before the acl creation to get the ae id ae.save() acl = ACL(user=request.user.userdata, perm='edit', object_type='AuthEvent', object_id=ae.id) acl.save() acl = ACL(user=request.user.userdata, perm='create', object_type='UserData', object_id=ae.id) acl.save() # if necessary, generate captchas from authmethods.utils import have_captcha if have_captcha(ae): generate_captcha(settings.PREGENERATION_CAPTCHA) else: # edit permission_required(request.user, 'AuthEvent', 'edit', pk) auth_method = req.get('auth_method', '') msg = check_authmethod(auth_method) if msg: return json_response(status=400, message=msg) config = req.get('auth_method_config', None) if config: msg += check_config(config, auth_method) extra_fields = req.get('extra_fields', None) if extra_fields: msg += check_extra_fields(extra_fields) if msg: return json_response(status=400, message=msg) ae = AuthEvent.objects.get(pk=pk) ae.auth_method = auth_method if config: ae.auth_method_config.get('config').update(config) if extra_fields: ae.extra_fields = extra_fields ae.save() # TODO: Problem if object_id is None, change None by 0 acl = get_object_or_404(ACL, user=request.user.userdata, perm='edit', object_type='AuthEvent', object_id=ae.pk) data = {'status': 'ok', 'id': ae.pk, 'perm': acl.get_hmac()} return json_response(data)
def post(request, pk=None): ''' Creates a new auth-event or edit auth_event create_authevent permission required or edit_authevent permission required ''' try: req = json.loads(request.body.decode('utf-8')) except: return json_response(status=400, error_codename=ErrorCodes.BAD_REQUEST) if pk is None: # create permission_required(request.user, 'AuthEvent', 'create') auth_method = req.get('auth_method', '') msg = check_authmethod(auth_method) if msg: return json_response(status=400, message=msg) auth_method_config = { "config": METHODS.get(auth_method).CONFIG, "pipeline": METHODS.get(auth_method).PIPELINES } config = req.get('auth_method_config', None) if config: msg += check_config(config, auth_method) extra_fields = req.get('extra_fields', None) if extra_fields: msg += check_extra_fields(extra_fields, METHODS.get(auth_method).USED_TYPE_FIELDS) census = req.get('census', '') if not census in ('open', 'close'): msg += "Invalid type of census\n" if msg: return json_response(status=400, message=msg) if config: auth_method_config.get('config').update(config) ae = AuthEvent(auth_method=auth_method, auth_method_config=auth_method_config, extra_fields=extra_fields, census=census) # Save before the acl creation to get the ae id ae.save() acl = ACL(user=request.user.userdata, perm='edit', object_type='AuthEvent', object_id=ae.id) acl.save() acl = ACL(user=request.user.userdata, perm='create', object_type='UserData', object_id=ae.id) acl.save() # if necessary, generate captchas from authmethods.utils import have_captcha if have_captcha(ae): generate_captcha(settings.PREGENERATION_CAPTCHA) else: # edit permission_required(request.user, 'AuthEvent', 'edit', pk) auth_method = req.get('auth_method', '') msg = check_authmethod(auth_method) if msg: return json_response(status=400, message=msg) config = req.get('auth_method_config', None) if config: msg += check_config(config, auth_method) extra_fields = req.get('extra_fields', None) if extra_fields: msg += check_extra_fields(extra_fields) if msg: return json_response(status=400, message=msg) ae = AuthEvent.objects.get(pk=pk) ae.auth_method = auth_method if config: ae.auth_method_config.get('config').update(config) if extra_fields: ae.extra_fields = extra_fields ae.save() # TODO: Problem if object_id is None, change None by 0 acl = get_object_or_404(ACL, user=request.user.userdata, perm='edit', object_type='AuthEvent', object_id=ae.pk) data = {'status': 'ok', 'id': ae.pk, 'perm': acl.get_hmac()} return json_response(data)