def get_queryset(self): query = (Q('registration_schema', 'eq', get_prereg_schema()) & Q('approval', 'ne', None)) ordering = self.get_ordering() if 'initiator' in ordering: return DraftRegistration.find(query).sort(ordering) if ordering == SORT_BY['title']: return DraftRegistration.find(query).sort( 'registration_metadata.q1.value') if ordering == SORT_BY['n_title']: return DraftRegistration.find(query).sort( '-registration_metadata.q1.value') return sort_drafts(DraftRegistration.find(query), ordering)
def get_queryset(self): query = ( Q('registration_schema', 'eq', get_prereg_schema()) & Q('approval', 'ne', None) ) ordering = self.get_ordering() if 'initiator' in ordering: return DraftRegistration.find(query).sort(ordering) if ordering == SORT_BY['title']: return DraftRegistration.find(query).sort( 'registration_metadata.q1.value') if ordering == SORT_BY['n_title']: return DraftRegistration.find(query).sort( '-registration_metadata.q1.value') return sort_drafts(DraftRegistration.find(query), ordering)
def check_access(node, auth, action, cas_resp): """Verify that user can perform requested action on resource. Raise appropriate error code if action cannot proceed. """ permission = permission_map.get(action, None) if permission is None: raise HTTPError(httplib.BAD_REQUEST) if cas_resp: if permission == 'read': if node.is_public: return True required_scope = oauth_scopes.CoreScopes.NODE_FILE_READ else: required_scope = oauth_scopes.CoreScopes.NODE_FILE_WRITE if not cas_resp.authenticated \ or required_scope not in oauth_scopes.normalize_scopes(cas_resp.attributes['accessTokenScope']): raise HTTPError(httplib.FORBIDDEN) if permission == 'read' and node.can_view(auth): return True if permission == 'write' and node.can_edit(auth): return True # Users attempting to register projects with components might not have # `write` permissions for all components. This will result in a 403 for # all `copyto` actions as well as `copyfrom` actions if the component # in question is not public. To get around this, we have to recursively # check the node's parent node to determine if they have `write` # permissions up the stack. # TODO(hrybacki): is there a way to tell if this is for a registration? # All nodes being registered that receive the `copyto` action will have # `node.is_registration` == True. However, we have no way of telling if # `copyfrom` actions are originating from a node being registered. # TODO This is raise UNAUTHORIZED for registrations that have not been archived yet if action == 'copyfrom' or (action == 'copyto' and node.is_registration): parent = node.parent_node while parent: if parent.can_edit(auth): return True parent = parent.parent_node # Users with the PREREG_ADMIN_TAG should be allowed to download files # from prereg challenge draft registrations. try: prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2)) allowed_nodes = [node] + node.parents prereg_draft_registration = DraftRegistration.find( Q('branched_from', 'in', [n._id for n in allowed_nodes]) & Q('registration_schema', 'eq', prereg_schema)) if action == 'download' and \ auth.user is not None and \ prereg_draft_registration.count() > 0 and \ settings.PREREG_ADMIN_TAG in auth.user.system_tags: return True except NoResultsFound: pass raise HTTPError(httplib.FORBIDDEN if auth.user else httplib.UNAUTHORIZED)
def get_draft(draft_pk): auth = Auth(adminUser) draft = DraftRegistration.find( Q('_id', 'eq', draft_pk) ) return utils.serialize_draft_registration(draft[0], auth), http.OK
def get_draft_obj(draft_pk): auth = Auth(adminUser) draft = DraftRegistration.find( Q('_id', 'eq', draft_pk) ) return draft[0], auth
def get_all_drafts(): # TODO[lauren]: add query parameters to only retrieve submitted drafts, they will have an approval associated with them all_drafts = DraftRegistration.find() auth = Auth(adminUser) serialized_drafts = { 'drafts': [utils.serialize_draft_registration(d, auth) for d in all_drafts] } return serialized_drafts
def get_queryset(self): prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2) ) query = ( Q('registration_schema', 'eq', prereg_schema) & Q('approval', 'ne', None) ) return DraftRegistration.find(query).sort(self.ordering)
def get_all_drafts(): # TODO # add query parameters to only retrieve submitted drafts all_drafts = DraftRegistration.find() auth = Auth(adminUser) serialized_drafts = { 'drafts': [utils.serialize_draft_registration(d, auth) for d in all_drafts] } return serialized_drafts
def get_prereg_drafts(user=None, filters=tuple()): prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2)) query = (Q('registration_schema', 'eq', prereg_schema) & Q('approval', 'ne', None)) if user: pass # TODO: filter by assignee; this requires multiple levels of Prereg admins- # one level that can see all drafts, and another than can see only the ones they're assigned. # As a followup to this, we need to make sure this applies to approval/rejection/commenting endpoints # query = query & Q('_metaschema_flags.assignee', 'eq', user._id) return sorted(DraftRegistration.find(query), key=operator.attrgetter('approval.initiation_date'))
def main(dry_run=True): if dry_run: logger.warn('DRY RUN mode') pending_approval_drafts = DraftRegistration.find() need_approval_drafts = [draft for draft in pending_approval_drafts if draft.approval and draft.requires_approval and draft.approval.state == Sanction.UNAPPROVED] for draft in need_approval_drafts: sanction = draft.approval try: if not dry_run: sanction.state = Sanction.APPROVED sanction._on_complete(None) sanction.save() logger.warn('Approved {0}'.format(draft._id)) except Exception as e: logger.error(e)
def get_prereg_drafts(user=None, filters=tuple()): prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2) ) query = ( Q('registration_schema', 'eq', prereg_schema) & Q('approval', 'ne', None) ) if user: pass # TODO: filter by assignee; this requires multiple levels of Prereg admins- # one level that can see all drafts, and another than can see only the ones they're assigned. # As a followup to this, we need to make sure this applies to approval/rejection/commenting endpoints # query = query & Q('_metaschema_flags.assignee', 'eq', user._id) return sorted( DraftRegistration.find(query), key=operator.attrgetter('approval.initiation_date') )
def main(dry_run=True): if dry_run: logger.warn('DRY RUN mode') pending_approval_drafts = DraftRegistration.find() need_approval_drafts = [ draft for draft in pending_approval_drafts if draft.approval and draft.requires_approval and draft.approval.state == Sanction.UNAPPROVED ] for draft in need_approval_drafts: sanction = draft.approval try: if not dry_run: sanction.state = Sanction.APPROVED sanction._on_complete(None) sanction.save() logger.warn('Approved {0}'.format(draft._id)) except Exception as e: logger.error(e)
def main(dry_run=True): if dry_run: logger.warn('DRY RUN mode') pending_approval_drafts = DraftRegistration.find() need_approval_drafts = [draft for draft in pending_approval_drafts if draft.requires_approval and draft.approval and draft.approval.state == Sanction.UNAPPROVED] for draft in need_approval_drafts: add_comments(draft) sanction = draft.approval try: if not dry_run: sanction.forcibly_reject() #manually do the on_reject functionality to prevent send_mail problems sanction.meta = {} sanction.save() draft.approval = None draft.save() logger.warn('Rejected {0}'.format(draft._id)) except Exception as e: logger.error(e)
def get_draft(draft_pk): auth = Auth(adminUser) draft = DraftRegistration.find(Q('_id', 'eq', draft_pk)) return utils.serialize_draft_registration(draft[0], auth), http.OK
def check_access(node, auth, action, cas_resp): """Verify that user can perform requested action on resource. Raise appropriate error code if action cannot proceed. """ permission = permission_map.get(action, None) if permission is None: raise HTTPError(httplib.BAD_REQUEST) if cas_resp: if permission == 'read': if node.is_public: return True required_scope = oauth_scopes.CoreScopes.NODE_FILE_READ else: required_scope = oauth_scopes.CoreScopes.NODE_FILE_WRITE if not cas_resp.authenticated \ or required_scope not in oauth_scopes.normalize_scopes(cas_resp.attributes['accessTokenScope']): raise HTTPError(httplib.FORBIDDEN) if permission == 'read' and node.can_view(auth): return True if permission == 'write' and node.can_edit(auth): return True # Users attempting to register projects with components might not have # `write` permissions for all components. This will result in a 403 for # all `copyto` actions as well as `copyfrom` actions if the component # in question is not public. To get around this, we have to recursively # check the node's parent node to determine if they have `write` # permissions up the stack. # TODO(hrybacki): is there a way to tell if this is for a registration? # All nodes being registered that receive the `copyto` action will have # `node.is_registration` == True. However, we have no way of telling if # `copyfrom` actions are originating from a node being registered. # TODO This is raise UNAUTHORIZED for registrations that have not been archived yet if action == 'copyfrom' or (action == 'copyto' and node.is_registration): parent = node.parent_node while parent: if parent.can_edit(auth): return True parent = parent.parent_node # Users with the PREREG_ADMIN_TAG should be allowed to download files # from prereg challenge draft registrations. try: prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2) ) allowed_nodes = [node] + node.parents prereg_draft_registration = DraftRegistration.find( Q('branched_from', 'in', [n._id for n in allowed_nodes]) & Q('registration_schema', 'eq', prereg_schema) ) if action == 'download' and \ auth.user is not None and \ prereg_draft_registration.count() > 0 and \ settings.PREREG_ADMIN_TAG in auth.user.system_tags: return True except NoResultsFound: pass raise HTTPError(httplib.FORBIDDEN if auth.user else httplib.UNAUTHORIZED)
def get_draft_obj(draft_pk): auth = Auth(adminUser) draft = DraftRegistration.find(Q('_id', 'eq', draft_pk)) return draft[0], auth
def get_queryset(self): prereg_schema = MetaSchema.find_one( Q('name', 'eq', 'Prereg Challenge') & Q('schema_version', 'eq', 2)) query = (Q('registration_schema', 'eq', prereg_schema) & Q('approval', 'ne', None)) return DraftRegistration.find(query).sort(self.ordering)