Gitiles
Code Review Sign In
gerrit.opencord.org / xos / 336e0f9c04a776e2aed57cd7eca4aa8d3dbe2e2a / . / planetstack / core / models / user.py
blob: 42ea652bab0a6f2e0a20bb0d3515d76984a04122 [file] [log] [blame]
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]1import os
2import datetime
Tony Mackc14de8f2013-05-09 21:44:17 -0400[diff] [blame]3from collections import defaultdict
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]4from django.db import models
Tony Mack5b061472014-02-04 07:57:10 -0500[diff] [blame]5from django.db.models import F, Q
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]6from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]7from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
Scott Baker9266e6b2013-05-19 15:54:48 -0700[diff] [blame]8from timezones.fields import TimeZoneField
Scott Baker2c3cb642014-05-19 17:55:56 -0700[diff] [blame]9from operator import itemgetter, attrgetter
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]10from django.core.mail import EmailMultiAlternatives
11from core.middleware import get_request
Sapan Bhatiabad67742014-09-04 00:39:19 -0400[diff] [blame]12import model_policy
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]13from django.core.exceptions import PermissionDenied
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]14
Scott Bakerfd8c7c42014-10-09 16:16:02 -0700[diff] [blame]15# ------ from plcorebase.py ------
16try:
17 # This is a no-op if observer_disabled is set to 1 in the config file
18 from observer import *
19except:
20 print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
21 import traceback
22 traceback.print_exc()
23
24 # guard against something failing
25 def notify_observer(*args, **kwargs):
26 pass
27# ------ ------
28
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]29# Create your models here.
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]30class UserManager(BaseUserManager):
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]31 def create_user(self, email, firstname, lastname, password=None):
32 """
33 Creates and saves a User with the given email, date of
34 birth and password.
35 """
36 if not email:
37 raise ValueError('Users must have an email address')
38
39 user = self.model(
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]40 email=UserManager.normalize_email(email),
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]41 firstname=firstname,
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]42 lastname=lastname,
43 password=password
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]44 )
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]45 #user.set_password(password)
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]46 user.is_admin = True
47 user.save(using=self._db)
48 return user
49
50 def create_superuser(self, email, firstname, lastname, password):
51 """
52 Creates and saves a superuser with the given email, date of
53 birth and password.
54 """
55 user = self.create_user(email,
56 password=password,
57 firstname=firstname,
58 lastname=lastname
59 )
60 user.is_admin = True
61 user.save(using=self._db)
62 return user
63
Scott Baker6c684842014-10-17 18:45:00 -0700[diff] [blame]64 def get_queryset(self):
65 parent=super(UserManager, self)
66 if hasattr(parent, "get_queryset"):
67 return parent.get_queryset().filter(deleted=False)
68 else:
69 return parent.get_query_set().filter(deleted=False)
70
71 # deprecated in django 1.7 in favor of get_queryset().
72 def get_query_set(self):
73 return self.get_queryset()
74
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400[diff] [blame]75class DeletedUserManager(UserManager):
Scott Bakerb08d6562014-09-12 12:57:27 -0700[diff] [blame]76 def get_queryset(self):
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400[diff] [blame]77 return super(UserManager, self).get_query_set().filter(deleted=True)
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]78
Scott Bakerb08d6562014-09-12 12:57:27 -0700[diff] [blame]79 # deprecated in django 1.7 in favor of get_queryset()
80 def get_query_set(self):
81 return self.get_queryset()
82
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]83class User(AbstractBaseUser, DiffModelMixIn):
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]84
85 class Meta:
86 app_label = "core"
87
88 email = models.EmailField(
89 verbose_name='email address',
90 max_length=255,
91 unique=True,
92 db_index=True,
93 )
Siobhan Tullyfece0d52013-09-06 12:57:05 -0400[diff] [blame]94
95 username = models.CharField(max_length=255, default="Something" )
96
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]97 firstname = models.CharField(help_text="person's given name", max_length=200)
98 lastname = models.CharField(help_text="person's surname", max_length=200)
99
100 phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
101 user_url = models.URLField(null=True, blank=True)
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400[diff] [blame]102 site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
Tony Mack5cbadf82013-06-10 13:56:07 -0400[diff] [blame]103 public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]104
105 is_active = models.BooleanField(default=True)
106 is_admin = models.BooleanField(default=True)
107 is_staff = models.BooleanField(default=True)
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500[diff] [blame]108 is_readonly = models.BooleanField(default=False)
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]109
Tony Mack0553f282013-06-10 22:54:50 -0400[diff] [blame]110 created = models.DateTimeField(auto_now_add=True)
111 updated = models.DateTimeField(auto_now=True)
112 enacted = models.DateTimeField(null=True, default=None)
Sapan Bhatia47b9bf22014-04-28 21:09:53 -0400[diff] [blame]113 backend_status = models.CharField(max_length=140,
Sapan Bhatiad507f432014-04-29 00:41:39 -0400[diff] [blame]114 default="Provisioning in progress")
Sapan Bhatiabcc18992014-04-29 10:32:14 -0400[diff] [blame]115 deleted = models.BooleanField(default=False)
Tony Mack0553f282013-06-10 22:54:50 -0400[diff] [blame]116
Scott Baker9266e6b2013-05-19 15:54:48 -0700[diff] [blame]117 timezone = TimeZoneField()
118
Scott Baker2c3cb642014-05-19 17:55:56 -0700[diff] [blame]119 dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
120
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]121 objects = UserManager()
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400[diff] [blame]122 deleted_objects = DeletedUserManager()
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]123
124 USERNAME_FIELD = 'email'
125 REQUIRED_FIELDS = ['firstname', 'lastname']
126
Scott Baker0119c152014-10-06 22:58:48 -0700[diff] [blame]127 PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
128 USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
129
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]130 def __init__(self, *args, **kwargs):
131 super(User, self).__init__(*args, **kwargs)
132 self._initial = self._dict # for DiffModelMixIn
133
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500[diff] [blame]134 def isReadOnlyUser(self):
135 return self.is_readonly
136
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]137 def get_full_name(self):
138 # The user is identified by their email address
139 return self.email
140
141 def get_short_name(self):
142 # The user is identified by their email address
143 return self.email
144
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400[diff] [blame]145 def delete(self, *args, **kwds):
146 # so we have something to give the observer
147 purge = kwds.get('purge',False)
Scott Bakerc5b50602014-10-09 16:22:00 -0700[diff] [blame]148 if purge:
149 del kwds['purge']
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400[diff] [blame]150 try:
151 purge = purge or observer_disabled
152 except NameError:
153 pass
154
155 if (purge):
156 super(User, self).delete(*args, **kwds)
157 else:
158 self.deleted = True
159 self.enacted=None
160 self.save(update_fields=['enacted','deleted'])
161
Tony Mackb0d97422013-06-10 09:57:45 -0400[diff] [blame]162 @property
163 def keyname(self):
164 return self.email[:self.email.find('@')]
165
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]166 def __unicode__(self):
167 return self.email
168
169 def has_perm(self, perm, obj=None):
170 "Does the user have a specific permission?"
171 # Simplest possible answer: Yes, always
172 return True
173
174 def has_module_perms(self, app_label):
175 "Does the user have permissions to view the app `app_label`?"
176 # Simplest possible answer: Yes, always
177 return True
178
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400[diff] [blame]179 def is_superuser(self):
180 return False
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]181
Scott Baker2c3cb642014-05-19 17:55:56 -0700[diff] [blame]182 def get_dashboards(self):
183 DEFAULT_DASHBOARDS=["Tenant"]
184
Sapan Bhatia13d2db92014-11-11 21:47:45 -0500[diff] [blame]185 dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order'))
Scott Baker2c3cb642014-05-19 17:55:56 -0700[diff] [blame]186 dashboards = [x.dashboardView for x in dashboards]
187
188 if not dashboards:
189 for dashboardName in DEFAULT_DASHBOARDS:
190 dbv = DashboardView.objects.filter(name=dashboardName)
191 if dbv:
192 dashboards.append(dbv[0])
193
194 return dashboards
195
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400[diff] [blame]196# def get_roles(self):
197# from core.models.site import SitePrivilege
198# from core.models.slice import SliceMembership
199#
200# site_privileges = SitePrivilege.objects.filter(user=self)
201# slice_memberships = SliceMembership.objects.filter(user=self)
202# roles = defaultdict(list)
203# for site_privilege in site_privileges:
204# roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
205# for slice_membership in slice_memberships:
206# roles[slice_membership.role.role_type].append(slice_membership.slice.name)
207# return roles
Siobhan Tully53437282013-04-26 19:30:27 -0400[diff] [blame]208
Tony Mack53106f32013-04-27 16:43:01 -0400[diff] [blame]209 def save(self, *args, **kwds):
Siobhan Tully30fd4292013-05-10 08:59:56 -0400[diff] [blame]210 if not self.id:
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]211 self.set_password(self.password)
212 if self.is_active:
213 if self.password=="!":
214 self.send_temporary_password()
215
Siobhan Tullyfece0d52013-09-06 12:57:05 -0400[diff] [blame]216 self.username = self.email
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]217 super(User, self).save(*args, **kwds)
218
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]219 self._initial = self._dict
220
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]221 def send_temporary_password(self):
222 password = User.objects.make_random_password()
223 self.set_password(password)
224 subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)
225 text_content = 'This is an important message.'
Scott Baker51e7d402014-08-29 12:32:46 -0700[diff] [blame]226 userUrl="http://%s/" % get_request().get_host()
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]227 html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""
228 msg = EmailMultiAlternatives(subject,text_content, from_email, [to])
229 msg.attach_alternative(html_content, "text/html")
230 msg.send()
Tony Mack5b061472014-02-04 07:57:10 -0500[diff] [blame]231
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]232 def can_update(self, user):
233 from core.models import SitePrivilege
Scott Baker0119c152014-10-06 22:58:48 -0700[diff] [blame]234 _cant_update_fieldName = None
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]235 if user.is_readonly:
236 return False
237 if user.is_admin:
238 return True
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]239 # site pis can update
240 site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
241 for site_priv in site_privs:
242 if site_priv.role.role == 'pi':
Scott Baker0119c152014-10-06 22:58:48 -0700[diff] [blame]243 for fieldName in self.diff.keys():
244 if fieldName in self.PI_FORBIDDEN_FIELDS:
245 _cant_update_fieldName = fieldName
246 return False
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]247 return True
Scott Baker0119c152014-10-06 22:58:48 -0700[diff] [blame]248 if (user.id == self.id):
249 for fieldName in self.diff.keys():
250 if fieldName in self.USER_FORBIDDEN_FIELDS:
251 _cant_update_fieldName = fieldName
252 return False
253 return True
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]254
255 return False
256
Tony Mack5b061472014-02-04 07:57:10 -0500[diff] [blame]257 @staticmethod
258 def select_by_user(user):
259 if user.is_admin:
260 qs = User.objects.all()
261 else:
262 # can see all users at any site where this user has pi role
263 from core.models.site import SitePrivilege
264 site_privs = SitePrivilege.objects.filter(user=user)
265 sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
266 # get site privs of users at these sites
267 site_privs = SitePrivilege.objects.filter(site__in=sites)
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]268 user_ids = [sp.user.id for sp in site_privs] + [user.id]
Tony Mack5b061472014-02-04 07:57:10 -0500[diff] [blame]269 qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
Scott Bakera36d77e2014-08-29 11:43:23 -0700[diff] [blame]270 return qs
Tony Mack5b061472014-02-04 07:57:10 -0500[diff] [blame]271
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]272 def save_by_user(self, user, *args, **kwds):
273 if not self.can_update(user):
Scott Baker0119c152014-10-06 22:58:48 -0700[diff] [blame]274 if getattr(self, "_cant_update_fieldName", None) is not None:
275 raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
276 else:
277 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
Scott Bakercbfb6002014-10-03 00:32:37 -0700[diff] [blame]278
279 self.save(*args, **kwds)
280
281 def delete_by_user(self, user, *args, **kwds):
282 if not self.can_update(user):
283 raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
284 self.delete(*args, **kwds)
285
Scott Baker2c3cb642014-05-19 17:55:56 -0700[diff] [blame]286class UserDashboardView(PlCoreBase):
Sapan Bhatia13d2db92014-11-11 21:47:45 -0500[diff] [blame]287 user = models.ForeignKey(User, related_name='userdashboardviews')
288 dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews')
Scott Baker2c3cb642014-05-19 17:55:56 -0700[diff] [blame]289 order = models.IntegerField(default=0)