blob: 9b54da9858060c760888d779ca03c2713b4222bc [file] [log] [blame]
Siobhan Tully53437282013-04-26 19:30:27 -04001import os
2import datetime
Tony Mackc14de8f2013-05-09 21:44:17 -04003from collections import defaultdict
Siobhan Tully53437282013-04-26 19:30:27 -04004from django.db import models
Tony Mack5b061472014-02-04 07:57:10 -05005from django.db.models import F, Q
Scott Baker1a6a3902014-10-03 00:32:37 -07006from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
Sapan Bhatiaf7b29d22014-06-11 17:10:11 -04007from core.models.site import Deployment
Siobhan Tully30fd4292013-05-10 08:59:56 -04008from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
Scott Baker9266e6b2013-05-19 15:54:48 -07009from timezones.fields import TimeZoneField
Scott Baker2c3cb642014-05-19 17:55:56 -070010from operator import itemgetter, attrgetter
Scott Bakera36d77e2014-08-29 11:43:23 -070011from django.core.mail import EmailMultiAlternatives
12from core.middleware import get_request
Sapan Bhatia39097192014-09-04 00:39:19 -040013import model_policy
Scott Baker1a6a3902014-10-03 00:32:37 -070014from django.core.exceptions import PermissionDenied
Siobhan Tully53437282013-04-26 19:30:27 -040015
16# Create your models here.
Siobhan Tully30fd4292013-05-10 08:59:56 -040017class UserManager(BaseUserManager):
Siobhan Tully53437282013-04-26 19:30:27 -040018 def create_user(self, email, firstname, lastname, password=None):
19 """
20 Creates and saves a User with the given email, date of
21 birth and password.
22 """
23 if not email:
24 raise ValueError('Users must have an email address')
25
26 user = self.model(
Siobhan Tully30fd4292013-05-10 08:59:56 -040027 email=UserManager.normalize_email(email),
Siobhan Tully53437282013-04-26 19:30:27 -040028 firstname=firstname,
Siobhan Tully30fd4292013-05-10 08:59:56 -040029 lastname=lastname,
30 password=password
Siobhan Tully53437282013-04-26 19:30:27 -040031 )
Siobhan Tully30fd4292013-05-10 08:59:56 -040032 #user.set_password(password)
Siobhan Tully53437282013-04-26 19:30:27 -040033 user.is_admin = True
34 user.save(using=self._db)
35 return user
36
37 def create_superuser(self, email, firstname, lastname, password):
38 """
39 Creates and saves a superuser with the given email, date of
40 birth and password.
41 """
42 user = self.create_user(email,
43 password=password,
44 firstname=firstname,
45 lastname=lastname
46 )
47 user.is_admin = True
48 user.save(using=self._db)
49 return user
50
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040051class DeletedUserManager(UserManager):
Scott Baker92f14222014-09-12 12:57:27 -070052 def get_queryset(self):
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040053 return super(UserManager, self).get_query_set().filter(deleted=True)
Siobhan Tully53437282013-04-26 19:30:27 -040054
Scott Baker92f14222014-09-12 12:57:27 -070055 # deprecated in django 1.7 in favor of get_queryset()
56 def get_query_set(self):
57 return self.get_queryset()
58
Scott Baker1a6a3902014-10-03 00:32:37 -070059class User(AbstractBaseUser, DiffModelMixIn):
Siobhan Tully53437282013-04-26 19:30:27 -040060
61 class Meta:
62 app_label = "core"
63
64 email = models.EmailField(
65 verbose_name='email address',
66 max_length=255,
67 unique=True,
68 db_index=True,
69 )
Siobhan Tullyfece0d52013-09-06 12:57:05 -040070
71 username = models.CharField(max_length=255, default="Something" )
72
Siobhan Tully53437282013-04-26 19:30:27 -040073 firstname = models.CharField(help_text="person's given name", max_length=200)
74 lastname = models.CharField(help_text="person's surname", max_length=200)
75
76 phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
77 user_url = models.URLField(null=True, blank=True)
Siobhan Tullybfd11dc2013-09-03 12:59:24 -040078 site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
Tony Mack5cbadf82013-06-10 13:56:07 -040079 public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
Siobhan Tully53437282013-04-26 19:30:27 -040080
81 is_active = models.BooleanField(default=True)
82 is_admin = models.BooleanField(default=True)
83 is_staff = models.BooleanField(default=True)
Siobhan Tullycf04fb62014-01-11 11:25:57 -050084 is_readonly = models.BooleanField(default=False)
Siobhan Tully53437282013-04-26 19:30:27 -040085
Tony Mack0553f282013-06-10 22:54:50 -040086 created = models.DateTimeField(auto_now_add=True)
87 updated = models.DateTimeField(auto_now=True)
88 enacted = models.DateTimeField(null=True, default=None)
Sapan Bhatia47b9bf22014-04-28 21:09:53 -040089 backend_status = models.CharField(max_length=140,
Sapan Bhatiad507f432014-04-29 00:41:39 -040090 default="Provisioning in progress")
Sapan Bhatiabcc18992014-04-29 10:32:14 -040091 deleted = models.BooleanField(default=False)
Tony Mack0553f282013-06-10 22:54:50 -040092
Scott Baker9266e6b2013-05-19 15:54:48 -070093 timezone = TimeZoneField()
94
Scott Baker2c3cb642014-05-19 17:55:56 -070095 dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
96
Siobhan Tully30fd4292013-05-10 08:59:56 -040097 objects = UserManager()
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040098 deleted_objects = DeletedUserManager()
Siobhan Tully53437282013-04-26 19:30:27 -040099
100 USERNAME_FIELD = 'email'
101 REQUIRED_FIELDS = ['firstname', 'lastname']
102
Scott Baker1a6a3902014-10-03 00:32:37 -0700103 def __init__(self, *args, **kwargs):
104 super(User, self).__init__(*args, **kwargs)
105 self._initial = self._dict # for DiffModelMixIn
106
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500107 def isReadOnlyUser(self):
108 return self.is_readonly
109
Siobhan Tully53437282013-04-26 19:30:27 -0400110 def get_full_name(self):
111 # The user is identified by their email address
112 return self.email
113
114 def get_short_name(self):
115 # The user is identified by their email address
116 return self.email
117
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400118 def delete(self, *args, **kwds):
119 # so we have something to give the observer
120 purge = kwds.get('purge',False)
121 try:
122 purge = purge or observer_disabled
123 except NameError:
124 pass
125
126 if (purge):
127 super(User, self).delete(*args, **kwds)
128 else:
129 self.deleted = True
130 self.enacted=None
131 self.save(update_fields=['enacted','deleted'])
132
Tony Mackb0d97422013-06-10 09:57:45 -0400133 @property
134 def keyname(self):
135 return self.email[:self.email.find('@')]
136
Siobhan Tully53437282013-04-26 19:30:27 -0400137 def __unicode__(self):
138 return self.email
139
140 def has_perm(self, perm, obj=None):
141 "Does the user have a specific permission?"
142 # Simplest possible answer: Yes, always
143 return True
144
145 def has_module_perms(self, app_label):
146 "Does the user have permissions to view the app `app_label`?"
147 # Simplest possible answer: Yes, always
148 return True
149
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400150 def is_superuser(self):
151 return False
Siobhan Tully53437282013-04-26 19:30:27 -0400152
Scott Baker2c3cb642014-05-19 17:55:56 -0700153 def get_dashboards(self):
154 DEFAULT_DASHBOARDS=["Tenant"]
155
156 dashboards = sorted(list(self.dashboardViews.all()), key=attrgetter('order'))
157 dashboards = [x.dashboardView for x in dashboards]
158
159 if not dashboards:
160 for dashboardName in DEFAULT_DASHBOARDS:
161 dbv = DashboardView.objects.filter(name=dashboardName)
162 if dbv:
163 dashboards.append(dbv[0])
164
165 return dashboards
166
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400167# def get_roles(self):
168# from core.models.site import SitePrivilege
169# from core.models.slice import SliceMembership
170#
171# site_privileges = SitePrivilege.objects.filter(user=self)
172# slice_memberships = SliceMembership.objects.filter(user=self)
173# roles = defaultdict(list)
174# for site_privilege in site_privileges:
175# roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
176# for slice_membership in slice_memberships:
177# roles[slice_membership.role.role_type].append(slice_membership.slice.name)
178# return roles
Siobhan Tully53437282013-04-26 19:30:27 -0400179
Tony Mack53106f32013-04-27 16:43:01 -0400180 def save(self, *args, **kwds):
Siobhan Tully30fd4292013-05-10 08:59:56 -0400181 if not self.id:
Scott Bakera36d77e2014-08-29 11:43:23 -0700182 self.set_password(self.password)
183 if self.is_active:
184 if self.password=="!":
185 self.send_temporary_password()
186
Siobhan Tullyfece0d52013-09-06 12:57:05 -0400187 self.username = self.email
Scott Bakera36d77e2014-08-29 11:43:23 -0700188 super(User, self).save(*args, **kwds)
189
Scott Baker1a6a3902014-10-03 00:32:37 -0700190 self._initial = self._dict
191
Scott Bakera36d77e2014-08-29 11:43:23 -0700192 def send_temporary_password(self):
193 password = User.objects.make_random_password()
194 self.set_password(password)
195 subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)
196 text_content = 'This is an important message.'
Scott Baker51e7d402014-08-29 12:32:46 -0700197 userUrl="http://%s/" % get_request().get_host()
Scott Bakera36d77e2014-08-29 11:43:23 -0700198 html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""
199 msg = EmailMultiAlternatives(subject,text_content, from_email, [to])
200 msg.attach_alternative(html_content, "text/html")
201 msg.send()
Tony Mack5b061472014-02-04 07:57:10 -0500202
Scott Baker1a6a3902014-10-03 00:32:37 -0700203 def can_update_field(self, user, fieldName):
204 from core.models import SitePrivilege
205 if (user.is_admin):
206 # admin can update anything
207 return True
208
209 # fields that a site PI can update
210 if fieldName in ["is_active", "is_readonly"]:
211 site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
212 for site_priv in site_privs:
213 if site_priv.role.role == 'pi':
214 return True
215
216 # fields that a user cannot update in his/her own record
217 if fieldName in ["is_admin", "is_active", "site", "is_staff", "is_readonly"]:
218 return False
219
220 return True
221
222 def can_update(self, user):
223 from core.models import SitePrivilege
224 if user.is_readonly:
225 return False
226 if user.is_admin:
227 return True
228 if (user.id == self.id):
229 return True
230 # site pis can update
231 site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
232 for site_priv in site_privs:
233 if site_priv.role.role == 'pi':
234 return True
235
236 return False
237
Tony Mack5b061472014-02-04 07:57:10 -0500238 @staticmethod
239 def select_by_user(user):
240 if user.is_admin:
241 qs = User.objects.all()
242 else:
243 # can see all users at any site where this user has pi role
244 from core.models.site import SitePrivilege
245 site_privs = SitePrivilege.objects.filter(user=user)
246 sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
247 # get site privs of users at these sites
248 site_privs = SitePrivilege.objects.filter(site__in=sites)
Scott Bakera36d77e2014-08-29 11:43:23 -0700249 user_ids = [sp.user.id for sp in site_privs] + [user.id]
Tony Mack5b061472014-02-04 07:57:10 -0500250 qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
Scott Bakera36d77e2014-08-29 11:43:23 -0700251 return qs
Tony Mack5b061472014-02-04 07:57:10 -0500252
Scott Baker1a6a3902014-10-03 00:32:37 -0700253 def save_by_user(self, user, *args, **kwds):
254 if not self.can_update(user):
255 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
256
257 for fieldName in self.changed_fields:
258 if not self.can_update_field(user, fieldName):
259 raise PermissionDenied("You do not have permission to update field %s in object %s" % (fieldName, self.__class__.__name__))
260
261 self.save(*args, **kwds)
262
263 def delete_by_user(self, user, *args, **kwds):
264 if not self.can_update(user):
265 raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
266 self.delete(*args, **kwds)
267
Scott Baker2c3cb642014-05-19 17:55:56 -0700268class UserDashboardView(PlCoreBase):
269 user = models.ForeignKey(User, related_name="dashboardViews")
270 dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews")
271 order = models.IntegerField(default=0)