blob: 7063f4f2a0ea5c49b24088de49e3dd072332173e [file] [log] [blame]
Siobhan Tully53437282013-04-26 19:30:27 -04001import os
2import datetime
Tony Mackc14de8f2013-05-09 21:44:17 -04003from collections import defaultdict
Siobhan Tully53437282013-04-26 19:30:27 -04004from django.db import models
Tony Mack5b061472014-02-04 07:57:10 -05005from django.db.models import F, Q
Scott Baker1a6a3902014-10-03 00:32:37 -07006from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
Sapan Bhatiaf7b29d22014-06-11 17:10:11 -04007from core.models.site import Deployment
Siobhan Tully30fd4292013-05-10 08:59:56 -04008from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
Scott Baker9266e6b2013-05-19 15:54:48 -07009from timezones.fields import TimeZoneField
Scott Baker2c3cb642014-05-19 17:55:56 -070010from operator import itemgetter, attrgetter
Scott Bakera36d77e2014-08-29 11:43:23 -070011from django.core.mail import EmailMultiAlternatives
12from core.middleware import get_request
Sapan Bhatia39097192014-09-04 00:39:19 -040013import model_policy
Scott Baker1a6a3902014-10-03 00:32:37 -070014from django.core.exceptions import PermissionDenied
Siobhan Tully53437282013-04-26 19:30:27 -040015
Scott Bakerd29431b2014-10-09 16:16:02 -070016# ------ from plcorebase.py ------
17try:
18 # This is a no-op if observer_disabled is set to 1 in the config file
19 from observer import *
20except:
21 print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
22 import traceback
23 traceback.print_exc()
24
25 # guard against something failing
26 def notify_observer(*args, **kwargs):
27 pass
28# ------ ------
29
Siobhan Tully53437282013-04-26 19:30:27 -040030# Create your models here.
Siobhan Tully30fd4292013-05-10 08:59:56 -040031class UserManager(BaseUserManager):
Siobhan Tully53437282013-04-26 19:30:27 -040032 def create_user(self, email, firstname, lastname, password=None):
33 """
34 Creates and saves a User with the given email, date of
35 birth and password.
36 """
37 if not email:
38 raise ValueError('Users must have an email address')
39
40 user = self.model(
Siobhan Tully30fd4292013-05-10 08:59:56 -040041 email=UserManager.normalize_email(email),
Siobhan Tully53437282013-04-26 19:30:27 -040042 firstname=firstname,
Siobhan Tully30fd4292013-05-10 08:59:56 -040043 lastname=lastname,
44 password=password
Siobhan Tully53437282013-04-26 19:30:27 -040045 )
Siobhan Tully30fd4292013-05-10 08:59:56 -040046 #user.set_password(password)
Siobhan Tully53437282013-04-26 19:30:27 -040047 user.is_admin = True
48 user.save(using=self._db)
49 return user
50
51 def create_superuser(self, email, firstname, lastname, password):
52 """
53 Creates and saves a superuser with the given email, date of
54 birth and password.
55 """
56 user = self.create_user(email,
57 password=password,
58 firstname=firstname,
59 lastname=lastname
60 )
61 user.is_admin = True
62 user.save(using=self._db)
63 return user
64
Scott Bakerf22e73a2014-10-17 18:45:00 -070065 def get_queryset(self):
66 parent=super(UserManager, self)
67 if hasattr(parent, "get_queryset"):
68 return parent.get_queryset().filter(deleted=False)
69 else:
70 return parent.get_query_set().filter(deleted=False)
71
72 # deprecated in django 1.7 in favor of get_queryset().
73 def get_query_set(self):
74 return self.get_queryset()
75
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040076class DeletedUserManager(UserManager):
Scott Baker92f14222014-09-12 12:57:27 -070077 def get_queryset(self):
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040078 return super(UserManager, self).get_query_set().filter(deleted=True)
Siobhan Tully53437282013-04-26 19:30:27 -040079
Scott Baker92f14222014-09-12 12:57:27 -070080 # deprecated in django 1.7 in favor of get_queryset()
81 def get_query_set(self):
82 return self.get_queryset()
83
Scott Baker1a6a3902014-10-03 00:32:37 -070084class User(AbstractBaseUser, DiffModelMixIn):
Siobhan Tully53437282013-04-26 19:30:27 -040085
86 class Meta:
87 app_label = "core"
88
89 email = models.EmailField(
90 verbose_name='email address',
91 max_length=255,
92 unique=True,
93 db_index=True,
94 )
Siobhan Tullyfece0d52013-09-06 12:57:05 -040095
96 username = models.CharField(max_length=255, default="Something" )
97
Siobhan Tully53437282013-04-26 19:30:27 -040098 firstname = models.CharField(help_text="person's given name", max_length=200)
99 lastname = models.CharField(help_text="person's surname", max_length=200)
100
101 phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
102 user_url = models.URLField(null=True, blank=True)
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400103 site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
Tony Mack5cbadf82013-06-10 13:56:07 -0400104 public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
Siobhan Tully53437282013-04-26 19:30:27 -0400105
106 is_active = models.BooleanField(default=True)
107 is_admin = models.BooleanField(default=True)
108 is_staff = models.BooleanField(default=True)
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500109 is_readonly = models.BooleanField(default=False)
Siobhan Tully53437282013-04-26 19:30:27 -0400110
Tony Mack0553f282013-06-10 22:54:50 -0400111 created = models.DateTimeField(auto_now_add=True)
112 updated = models.DateTimeField(auto_now=True)
113 enacted = models.DateTimeField(null=True, default=None)
Sapan Bhatia47b9bf22014-04-28 21:09:53 -0400114 backend_status = models.CharField(max_length=140,
Sapan Bhatiad507f432014-04-29 00:41:39 -0400115 default="Provisioning in progress")
Sapan Bhatiabcc18992014-04-29 10:32:14 -0400116 deleted = models.BooleanField(default=False)
Tony Mack0553f282013-06-10 22:54:50 -0400117
Scott Baker9266e6b2013-05-19 15:54:48 -0700118 timezone = TimeZoneField()
119
Scott Baker2c3cb642014-05-19 17:55:56 -0700120 dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
121
Siobhan Tully30fd4292013-05-10 08:59:56 -0400122 objects = UserManager()
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400123 deleted_objects = DeletedUserManager()
Siobhan Tully53437282013-04-26 19:30:27 -0400124
125 USERNAME_FIELD = 'email'
126 REQUIRED_FIELDS = ['firstname', 'lastname']
127
Scott Baker1bffe942014-10-06 22:58:48 -0700128 PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
129 USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
130
Scott Baker1a6a3902014-10-03 00:32:37 -0700131 def __init__(self, *args, **kwargs):
132 super(User, self).__init__(*args, **kwargs)
133 self._initial = self._dict # for DiffModelMixIn
134
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500135 def isReadOnlyUser(self):
136 return self.is_readonly
137
Siobhan Tully53437282013-04-26 19:30:27 -0400138 def get_full_name(self):
139 # The user is identified by their email address
140 return self.email
141
142 def get_short_name(self):
143 # The user is identified by their email address
144 return self.email
145
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400146 def delete(self, *args, **kwds):
147 # so we have something to give the observer
148 purge = kwds.get('purge',False)
Scott Baker3d2d3e42014-10-09 16:22:00 -0700149 if purge:
150 del kwds['purge']
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400151 try:
152 purge = purge or observer_disabled
153 except NameError:
154 pass
155
156 if (purge):
157 super(User, self).delete(*args, **kwds)
158 else:
159 self.deleted = True
160 self.enacted=None
161 self.save(update_fields=['enacted','deleted'])
162
Tony Mackb0d97422013-06-10 09:57:45 -0400163 @property
164 def keyname(self):
165 return self.email[:self.email.find('@')]
166
Siobhan Tully53437282013-04-26 19:30:27 -0400167 def __unicode__(self):
168 return self.email
169
170 def has_perm(self, perm, obj=None):
171 "Does the user have a specific permission?"
172 # Simplest possible answer: Yes, always
173 return True
174
175 def has_module_perms(self, app_label):
176 "Does the user have permissions to view the app `app_label`?"
177 # Simplest possible answer: Yes, always
178 return True
179
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400180 def is_superuser(self):
181 return False
Siobhan Tully53437282013-04-26 19:30:27 -0400182
Scott Baker2c3cb642014-05-19 17:55:56 -0700183 def get_dashboards(self):
184 DEFAULT_DASHBOARDS=["Tenant"]
185
Sapan Bhatia6bfa2ca2014-11-11 21:47:45 -0500186 dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order'))
Scott Baker2c3cb642014-05-19 17:55:56 -0700187 dashboards = [x.dashboardView for x in dashboards]
188
189 if not dashboards:
190 for dashboardName in DEFAULT_DASHBOARDS:
191 dbv = DashboardView.objects.filter(name=dashboardName)
192 if dbv:
193 dashboards.append(dbv[0])
194
195 return dashboards
196
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400197# def get_roles(self):
198# from core.models.site import SitePrivilege
199# from core.models.slice import SliceMembership
200#
201# site_privileges = SitePrivilege.objects.filter(user=self)
202# slice_memberships = SliceMembership.objects.filter(user=self)
203# roles = defaultdict(list)
204# for site_privilege in site_privileges:
205# roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
206# for slice_membership in slice_memberships:
207# roles[slice_membership.role.role_type].append(slice_membership.slice.name)
208# return roles
Siobhan Tully53437282013-04-26 19:30:27 -0400209
Tony Mack53106f32013-04-27 16:43:01 -0400210 def save(self, *args, **kwds):
Siobhan Tully30fd4292013-05-10 08:59:56 -0400211 if not self.id:
Scott Bakera36d77e2014-08-29 11:43:23 -0700212 self.set_password(self.password)
213 if self.is_active:
214 if self.password=="!":
215 self.send_temporary_password()
216
Siobhan Tullyfece0d52013-09-06 12:57:05 -0400217 self.username = self.email
Scott Bakera36d77e2014-08-29 11:43:23 -0700218 super(User, self).save(*args, **kwds)
219
Scott Baker1a6a3902014-10-03 00:32:37 -0700220 self._initial = self._dict
221
Scott Bakera36d77e2014-08-29 11:43:23 -0700222 def send_temporary_password(self):
223 password = User.objects.make_random_password()
224 self.set_password(password)
225 subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)
226 text_content = 'This is an important message.'
Scott Baker51e7d402014-08-29 12:32:46 -0700227 userUrl="http://%s/" % get_request().get_host()
Scott Bakera36d77e2014-08-29 11:43:23 -0700228 html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""
229 msg = EmailMultiAlternatives(subject,text_content, from_email, [to])
230 msg.attach_alternative(html_content, "text/html")
231 msg.send()
Tony Mack5b061472014-02-04 07:57:10 -0500232
Scott Baker1a6a3902014-10-03 00:32:37 -0700233 def can_update(self, user):
234 from core.models import SitePrivilege
Scott Baker1bffe942014-10-06 22:58:48 -0700235 _cant_update_fieldName = None
Scott Baker1a6a3902014-10-03 00:32:37 -0700236 if user.is_readonly:
237 return False
238 if user.is_admin:
239 return True
Scott Baker1a6a3902014-10-03 00:32:37 -0700240 # site pis can update
241 site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
242 for site_priv in site_privs:
243 if site_priv.role.role == 'pi':
Scott Baker1bffe942014-10-06 22:58:48 -0700244 for fieldName in self.diff.keys():
245 if fieldName in self.PI_FORBIDDEN_FIELDS:
246 _cant_update_fieldName = fieldName
247 return False
Scott Baker1a6a3902014-10-03 00:32:37 -0700248 return True
Scott Baker1bffe942014-10-06 22:58:48 -0700249 if (user.id == self.id):
250 for fieldName in self.diff.keys():
251 if fieldName in self.USER_FORBIDDEN_FIELDS:
252 _cant_update_fieldName = fieldName
253 return False
254 return True
Scott Baker1a6a3902014-10-03 00:32:37 -0700255
256 return False
257
Tony Mack5b061472014-02-04 07:57:10 -0500258 @staticmethod
259 def select_by_user(user):
260 if user.is_admin:
261 qs = User.objects.all()
262 else:
263 # can see all users at any site where this user has pi role
264 from core.models.site import SitePrivilege
265 site_privs = SitePrivilege.objects.filter(user=user)
266 sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
267 # get site privs of users at these sites
268 site_privs = SitePrivilege.objects.filter(site__in=sites)
Scott Bakera36d77e2014-08-29 11:43:23 -0700269 user_ids = [sp.user.id for sp in site_privs] + [user.id]
Tony Mack5b061472014-02-04 07:57:10 -0500270 qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
Scott Bakera36d77e2014-08-29 11:43:23 -0700271 return qs
Tony Mack5b061472014-02-04 07:57:10 -0500272
Scott Baker1a6a3902014-10-03 00:32:37 -0700273 def save_by_user(self, user, *args, **kwds):
274 if not self.can_update(user):
Scott Baker1bffe942014-10-06 22:58:48 -0700275 if getattr(self, "_cant_update_fieldName", None) is not None:
276 raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
277 else:
278 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
Scott Baker1a6a3902014-10-03 00:32:37 -0700279
280 self.save(*args, **kwds)
281
282 def delete_by_user(self, user, *args, **kwds):
283 if not self.can_update(user):
284 raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
285 self.delete(*args, **kwds)
286
Scott Baker2c3cb642014-05-19 17:55:56 -0700287class UserDashboardView(PlCoreBase):
Sapan Bhatia6bfa2ca2014-11-11 21:47:45 -0500288 user = models.ForeignKey(User, related_name='userdashboardviews')
289 dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews')
Scott Baker2c3cb642014-05-19 17:55:56 -0700290 order = models.IntegerField(default=0)