def get_queryset(self):
query = (Q('registration_schema', 'eq', get_prereg_schema())
& Q('approval', 'ne', None))
ordering = self.get_ordering()
if 'initiator' in ordering:
return DraftRegistration.find(query).sort(ordering)
if ordering == SORT_BY['title']:
return DraftRegistration.find(query).sort(
'registration_metadata.q1.value')
if ordering == SORT_BY['n_title']:
return DraftRegistration.find(query).sort(
'-registration_metadata.q1.value')
return sort_drafts(DraftRegistration.find(query), ordering)
def get_queryset(self):
query = (
Q('registration_schema', 'eq', get_prereg_schema()) &
Q('approval', 'ne', None)
)
ordering = self.get_ordering()
if 'initiator' in ordering:
return DraftRegistration.find(query).sort(ordering)
if ordering == SORT_BY['title']:
return DraftRegistration.find(query).sort(
'registration_metadata.q1.value')
if ordering == SORT_BY['n_title']:
return DraftRegistration.find(query).sort(
'-registration_metadata.q1.value')
return sort_drafts(DraftRegistration.find(query), ordering)
def check_access(node, auth, action, cas_resp):
"""Verify that user can perform requested action on resource. Raise appropriate
error code if action cannot proceed.
"""
permission = permission_map.get(action, None)
if permission is None:
raise HTTPError(httplib.BAD_REQUEST)
if cas_resp:
if permission == 'read':
if node.is_public:
return True
required_scope = oauth_scopes.CoreScopes.NODE_FILE_READ
else:
required_scope = oauth_scopes.CoreScopes.NODE_FILE_WRITE
if not cas_resp.authenticated \
or required_scope not in oauth_scopes.normalize_scopes(cas_resp.attributes['accessTokenScope']):
raise HTTPError(httplib.FORBIDDEN)
if permission == 'read' and node.can_view(auth):
return True
if permission == 'write' and node.can_edit(auth):
return True
# Users attempting to register projects with components might not have
# `write` permissions for all components. This will result in a 403 for
# all `copyto` actions as well as `copyfrom` actions if the component
# in question is not public. To get around this, we have to recursively
# check the node's parent node to determine if they have `write`
# permissions up the stack.
# TODO(hrybacki): is there a way to tell if this is for a registration?
# All nodes being registered that receive the `copyto` action will have
# `node.is_registration` == True. However, we have no way of telling if
# `copyfrom` actions are originating from a node being registered.
# TODO This is raise UNAUTHORIZED for registrations that have not been archived yet
if action == 'copyfrom' or (action == 'copyto' and node.is_registration):
parent = node.parent_node
while parent:
if parent.can_edit(auth):
return True
parent = parent.parent_node
# Users with the PREREG_ADMIN_TAG should be allowed to download files
# from prereg challenge draft registrations.
try:
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2))
allowed_nodes = [node] + node.parents
prereg_draft_registration = DraftRegistration.find(
Q('branched_from', 'in', [n._id for n in allowed_nodes])
& Q('registration_schema', 'eq', prereg_schema))
if action == 'download' and \
auth.user is not None and \
prereg_draft_registration.count() > 0 and \
settings.PREREG_ADMIN_TAG in auth.user.system_tags:
return True
except NoResultsFound:
pass
raise HTTPError(httplib.FORBIDDEN if auth.user else httplib.UNAUTHORIZED)
def get_draft(draft_pk):
auth = Auth(adminUser)
draft = DraftRegistration.find(
Q('_id', 'eq', draft_pk)
)
return utils.serialize_draft_registration(draft[0], auth), http.OK
def get_draft_obj(draft_pk):
auth = Auth(adminUser)
draft = DraftRegistration.find(
Q('_id', 'eq', draft_pk)
)
return draft[0], auth
def get_all_drafts():
# TODO[lauren]: add query parameters to only retrieve submitted drafts, they will have an approval associated with them
all_drafts = DraftRegistration.find()
auth = Auth(adminUser)
serialized_drafts = {
'drafts': [utils.serialize_draft_registration(d, auth) for d in all_drafts]
}
return serialized_drafts
def get_queryset(self):
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') &
Q('schema_version', 'eq', 2)
)
query = (
Q('registration_schema', 'eq', prereg_schema) &
Q('approval', 'ne', None)
)
return DraftRegistration.find(query).sort(self.ordering)
def get_all_drafts():
# TODO
# add query parameters to only retrieve submitted drafts
all_drafts = DraftRegistration.find()
auth = Auth(adminUser)
serialized_drafts = {
'drafts': [utils.serialize_draft_registration(d, auth) for d in all_drafts]
}
return serialized_drafts
def get_all_drafts():
# TODO[lauren]: add query parameters to only retrieve submitted drafts, they will have an approval associated with them
all_drafts = DraftRegistration.find()
auth = Auth(adminUser)
serialized_drafts = {
'drafts':
[utils.serialize_draft_registration(d, auth) for d in all_drafts]
}
return serialized_drafts
def get_prereg_drafts(user=None, filters=tuple()):
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2))
query = (Q('registration_schema', 'eq', prereg_schema)
& Q('approval', 'ne', None))
if user:
pass
# TODO: filter by assignee; this requires multiple levels of Prereg admins-
# one level that can see all drafts, and another than can see only the ones they're assigned.
# As a followup to this, we need to make sure this applies to approval/rejection/commenting endpoints
# query = query & Q('_metaschema_flags.assignee', 'eq', user._id)
return sorted(DraftRegistration.find(query),
key=operator.attrgetter('approval.initiation_date'))
def main(dry_run=True):
if dry_run:
logger.warn('DRY RUN mode')
pending_approval_drafts = DraftRegistration.find()
need_approval_drafts = [draft for draft in pending_approval_drafts
if draft.approval and draft.requires_approval and draft.approval.state == Sanction.UNAPPROVED]
for draft in need_approval_drafts:
sanction = draft.approval
try:
if not dry_run:
sanction.state = Sanction.APPROVED
sanction._on_complete(None)
sanction.save()
logger.warn('Approved {0}'.format(draft._id))
except Exception as e:
logger.error(e)
def get_prereg_drafts(user=None, filters=tuple()):
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') &
Q('schema_version', 'eq', 2)
)
query = (
Q('registration_schema', 'eq', prereg_schema) &
Q('approval', 'ne', None)
)
if user:
pass
# TODO: filter by assignee; this requires multiple levels of Prereg admins-
# one level that can see all drafts, and another than can see only the ones they're assigned.
# As a followup to this, we need to make sure this applies to approval/rejection/commenting endpoints
# query = query & Q('_metaschema_flags.assignee', 'eq', user._id)
return sorted(
DraftRegistration.find(query),
key=operator.attrgetter('approval.initiation_date')
)
def main(dry_run=True):
if dry_run:
logger.warn('DRY RUN mode')
pending_approval_drafts = DraftRegistration.find()
need_approval_drafts = [
draft for draft in pending_approval_drafts
if draft.approval and draft.requires_approval
and draft.approval.state == Sanction.UNAPPROVED
]
for draft in need_approval_drafts:
sanction = draft.approval
try:
if not dry_run:
sanction.state = Sanction.APPROVED
sanction._on_complete(None)
sanction.save()
logger.warn('Approved {0}'.format(draft._id))
except Exception as e:
logger.error(e)
def main(dry_run=True):
if dry_run:
logger.warn('DRY RUN mode')
pending_approval_drafts = DraftRegistration.find()
need_approval_drafts = [draft for draft in pending_approval_drafts
if draft.requires_approval and draft.approval and draft.approval.state == Sanction.UNAPPROVED]
for draft in need_approval_drafts:
add_comments(draft)
sanction = draft.approval
try:
if not dry_run:
sanction.forcibly_reject()
#manually do the on_reject functionality to prevent send_mail problems
sanction.meta = {}
sanction.save()
draft.approval = None
draft.save()
logger.warn('Rejected {0}'.format(draft._id))
except Exception as e:
logger.error(e)
def main(dry_run=True):
if dry_run:
logger.warn('DRY RUN mode')
pending_approval_drafts = DraftRegistration.find()
need_approval_drafts = [draft for draft in pending_approval_drafts
if draft.requires_approval and draft.approval and draft.approval.state == Sanction.UNAPPROVED]
for draft in need_approval_drafts:
add_comments(draft)
sanction = draft.approval
try:
if not dry_run:
sanction.forcibly_reject()
#manually do the on_reject functionality to prevent send_mail problems
sanction.meta = {}
sanction.save()
draft.approval = None
draft.save()
logger.warn('Rejected {0}'.format(draft._id))
except Exception as e:
logger.error(e)
def get_draft(draft_pk):
auth = Auth(adminUser)
draft = DraftRegistration.find(Q('_id', 'eq', draft_pk))
return utils.serialize_draft_registration(draft[0], auth), http.OK
def check_access(node, auth, action, cas_resp):
"""Verify that user can perform requested action on resource. Raise appropriate
error code if action cannot proceed.
"""
permission = permission_map.get(action, None)
if permission is None:
raise HTTPError(httplib.BAD_REQUEST)
if cas_resp:
if permission == 'read':
if node.is_public:
return True
required_scope = oauth_scopes.CoreScopes.NODE_FILE_READ
else:
required_scope = oauth_scopes.CoreScopes.NODE_FILE_WRITE
if not cas_resp.authenticated \
or required_scope not in oauth_scopes.normalize_scopes(cas_resp.attributes['accessTokenScope']):
raise HTTPError(httplib.FORBIDDEN)
if permission == 'read' and node.can_view(auth):
return True
if permission == 'write' and node.can_edit(auth):
return True
# Users attempting to register projects with components might not have
# `write` permissions for all components. This will result in a 403 for
# all `copyto` actions as well as `copyfrom` actions if the component
# in question is not public. To get around this, we have to recursively
# check the node's parent node to determine if they have `write`
# permissions up the stack.
# TODO(hrybacki): is there a way to tell if this is for a registration?
# All nodes being registered that receive the `copyto` action will have
# `node.is_registration` == True. However, we have no way of telling if
# `copyfrom` actions are originating from a node being registered.
# TODO This is raise UNAUTHORIZED for registrations that have not been archived yet
if action == 'copyfrom' or (action == 'copyto' and node.is_registration):
parent = node.parent_node
while parent:
if parent.can_edit(auth):
return True
parent = parent.parent_node
# Users with the PREREG_ADMIN_TAG should be allowed to download files
# from prereg challenge draft registrations.
try:
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') &
Q('schema_version', 'eq', 2)
)
allowed_nodes = [node] + node.parents
prereg_draft_registration = DraftRegistration.find(
Q('branched_from', 'in', [n._id for n in allowed_nodes]) &
Q('registration_schema', 'eq', prereg_schema)
)
if action == 'download' and \
auth.user is not None and \
prereg_draft_registration.count() > 0 and \
settings.PREREG_ADMIN_TAG in auth.user.system_tags:
return True
except NoResultsFound:
pass
raise HTTPError(httplib.FORBIDDEN if auth.user else httplib.UNAUTHORIZED)
def get_draft_obj(draft_pk):
auth = Auth(adminUser)
draft = DraftRegistration.find(Q('_id', 'eq', draft_pk))
return draft[0], auth
def get_queryset(self):
prereg_schema = MetaSchema.find_one(
Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2))
query = (Q('registration_schema', 'eq', prereg_schema)
& Q('approval', 'ne', None))
return DraftRegistration.find(query).sort(self.ordering)
