blob: b30e89797483851eeb4876a875f053a62a255637 [file] [log] [blame]
Siobhan Tully53437282013-04-26 19:30:27 -04001import os
2import datetime
Scott Baker7ca05ab2014-12-19 13:02:31 -08003import sys
Tony Mackc14de8f2013-05-09 21:44:17 -04004from collections import defaultdict
Scott Baker301eee32014-12-19 12:22:51 -08005from django.forms.models import model_to_dict
Siobhan Tully53437282013-04-26 19:30:27 -04006from django.db import models
Tony Mack5b061472014-02-04 07:57:10 -05007from django.db.models import F, Q
Scott Bakercbfb6002014-10-03 00:32:37 -07008from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
Siobhan Tully30fd4292013-05-10 08:59:56 -04009from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
Scott Baker9266e6b2013-05-19 15:54:48 -070010from timezones.fields import TimeZoneField
Scott Baker2c3cb642014-05-19 17:55:56 -070011from operator import itemgetter, attrgetter
Scott Bakera36d77e2014-08-29 11:43:23 -070012from django.core.mail import EmailMultiAlternatives
13from core.middleware import get_request
Sapan Bhatiabad67742014-09-04 00:39:19 -040014import model_policy
Scott Bakercbfb6002014-10-03 00:32:37 -070015from django.core.exceptions import PermissionDenied
Siobhan Tully53437282013-04-26 19:30:27 -040016
Scott Bakerfd8c7c42014-10-09 16:16:02 -070017# ------ from plcorebase.py ------
18try:
19 # This is a no-op if observer_disabled is set to 1 in the config file
20 from observer import *
21except:
22 print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
23 import traceback
24 traceback.print_exc()
25
26 # guard against something failing
27 def notify_observer(*args, **kwargs):
28 pass
29# ------ ------
30
Siobhan Tully53437282013-04-26 19:30:27 -040031# Create your models here.
Siobhan Tully30fd4292013-05-10 08:59:56 -040032class UserManager(BaseUserManager):
Siobhan Tully53437282013-04-26 19:30:27 -040033 def create_user(self, email, firstname, lastname, password=None):
34 """
35 Creates and saves a User with the given email, date of
36 birth and password.
37 """
38 if not email:
39 raise ValueError('Users must have an email address')
40
41 user = self.model(
Siobhan Tully30fd4292013-05-10 08:59:56 -040042 email=UserManager.normalize_email(email),
Siobhan Tully53437282013-04-26 19:30:27 -040043 firstname=firstname,
Siobhan Tully30fd4292013-05-10 08:59:56 -040044 lastname=lastname,
45 password=password
Siobhan Tully53437282013-04-26 19:30:27 -040046 )
Siobhan Tully30fd4292013-05-10 08:59:56 -040047 #user.set_password(password)
Siobhan Tully53437282013-04-26 19:30:27 -040048 user.is_admin = True
49 user.save(using=self._db)
50 return user
51
52 def create_superuser(self, email, firstname, lastname, password):
53 """
54 Creates and saves a superuser with the given email, date of
55 birth and password.
56 """
57 user = self.create_user(email,
58 password=password,
59 firstname=firstname,
60 lastname=lastname
61 )
62 user.is_admin = True
63 user.save(using=self._db)
64 return user
65
Scott Baker6c684842014-10-17 18:45:00 -070066 def get_queryset(self):
67 parent=super(UserManager, self)
68 if hasattr(parent, "get_queryset"):
69 return parent.get_queryset().filter(deleted=False)
70 else:
71 return parent.get_query_set().filter(deleted=False)
72
73 # deprecated in django 1.7 in favor of get_queryset().
74 def get_query_set(self):
75 return self.get_queryset()
76
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040077class DeletedUserManager(UserManager):
Scott Bakerb08d6562014-09-12 12:57:27 -070078 def get_queryset(self):
Sapan Bhatia5d605ff2014-07-21 20:08:04 -040079 return super(UserManager, self).get_query_set().filter(deleted=True)
Siobhan Tully53437282013-04-26 19:30:27 -040080
Scott Bakerb08d6562014-09-12 12:57:27 -070081 # deprecated in django 1.7 in favor of get_queryset()
82 def get_query_set(self):
83 return self.get_queryset()
84
Scott Baker301eee32014-12-19 12:22:51 -080085class User(AbstractBaseUser): #, DiffModelMixIn):
86
87 # ---- copy stuff from DiffModelMixin ----
88
89 @property
90 def _dict(self):
91 return model_to_dict(self, fields=[field.name for field in
92 self._meta.fields])
93
94 @property
95 def diff(self):
96 d1 = self._initial
97 d2 = self._dict
98 diffs = [(k, (v, d2[k])) for k, v in d1.items() if v != d2[k]]
99 return dict(diffs)
100
101 @property
102 def has_changed(self):
103 return bool(self.diff)
104
105 @property
106 def changed_fields(self):
107 return self.diff.keys()
108
109 def has_field_changed(self, field_name):
110 return field_name in self.diff.keys()
111
112 def get_field_diff(self, field_name):
113 return self.diff.get(field_name, None)
114 # ---- end copy stuff from DiffModelMixin ----
Siobhan Tully53437282013-04-26 19:30:27 -0400115
116 class Meta:
117 app_label = "core"
118
119 email = models.EmailField(
120 verbose_name='email address',
121 max_length=255,
122 unique=True,
123 db_index=True,
124 )
Siobhan Tullyfece0d52013-09-06 12:57:05 -0400125
126 username = models.CharField(max_length=255, default="Something" )
127
Siobhan Tully53437282013-04-26 19:30:27 -0400128 firstname = models.CharField(help_text="person's given name", max_length=200)
129 lastname = models.CharField(help_text="person's surname", max_length=200)
130
131 phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
132 user_url = models.URLField(null=True, blank=True)
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400133 site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
Tony Mack5cbadf82013-06-10 13:56:07 -0400134 public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
Siobhan Tully53437282013-04-26 19:30:27 -0400135
136 is_active = models.BooleanField(default=True)
137 is_admin = models.BooleanField(default=True)
138 is_staff = models.BooleanField(default=True)
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500139 is_readonly = models.BooleanField(default=False)
Siobhan Tully53437282013-04-26 19:30:27 -0400140
Tony Mack0553f282013-06-10 22:54:50 -0400141 created = models.DateTimeField(auto_now_add=True)
142 updated = models.DateTimeField(auto_now=True)
143 enacted = models.DateTimeField(null=True, default=None)
Sapan Bhatia47b9bf22014-04-28 21:09:53 -0400144 backend_status = models.CharField(max_length=140,
Sapan Bhatiad507f432014-04-29 00:41:39 -0400145 default="Provisioning in progress")
Sapan Bhatiabcc18992014-04-29 10:32:14 -0400146 deleted = models.BooleanField(default=False)
Tony Mack0553f282013-06-10 22:54:50 -0400147
Scott Baker9266e6b2013-05-19 15:54:48 -0700148 timezone = TimeZoneField()
149
Scott Baker2c3cb642014-05-19 17:55:56 -0700150 dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
151
Siobhan Tully30fd4292013-05-10 08:59:56 -0400152 objects = UserManager()
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400153 deleted_objects = DeletedUserManager()
Siobhan Tully53437282013-04-26 19:30:27 -0400154
155 USERNAME_FIELD = 'email'
156 REQUIRED_FIELDS = ['firstname', 'lastname']
157
Scott Baker0119c152014-10-06 22:58:48 -0700158 PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
159 USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
160
Scott Bakercbfb6002014-10-03 00:32:37 -0700161 def __init__(self, *args, **kwargs):
162 super(User, self).__init__(*args, **kwargs)
163 self._initial = self._dict # for DiffModelMixIn
164
Siobhan Tullycf04fb62014-01-11 11:25:57 -0500165 def isReadOnlyUser(self):
166 return self.is_readonly
167
Siobhan Tully53437282013-04-26 19:30:27 -0400168 def get_full_name(self):
169 # The user is identified by their email address
170 return self.email
171
172 def get_short_name(self):
173 # The user is identified by their email address
174 return self.email
175
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400176 def delete(self, *args, **kwds):
177 # so we have something to give the observer
178 purge = kwds.get('purge',False)
Scott Bakerc5b50602014-10-09 16:22:00 -0700179 if purge:
180 del kwds['purge']
Sapan Bhatia5d605ff2014-07-21 20:08:04 -0400181 try:
182 purge = purge or observer_disabled
183 except NameError:
184 pass
185
186 if (purge):
187 super(User, self).delete(*args, **kwds)
188 else:
189 self.deleted = True
190 self.enacted=None
191 self.save(update_fields=['enacted','deleted'])
192
Tony Mackb0d97422013-06-10 09:57:45 -0400193 @property
194 def keyname(self):
195 return self.email[:self.email.find('@')]
196
Siobhan Tully53437282013-04-26 19:30:27 -0400197 def __unicode__(self):
198 return self.email
199
200 def has_perm(self, perm, obj=None):
201 "Does the user have a specific permission?"
202 # Simplest possible answer: Yes, always
203 return True
204
205 def has_module_perms(self, app_label):
206 "Does the user have permissions to view the app `app_label`?"
207 # Simplest possible answer: Yes, always
208 return True
209
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400210 def is_superuser(self):
211 return False
Siobhan Tully53437282013-04-26 19:30:27 -0400212
Scott Baker2c3cb642014-05-19 17:55:56 -0700213 def get_dashboards(self):
214 DEFAULT_DASHBOARDS=["Tenant"]
215
Sapan Bhatia13d2db92014-11-11 21:47:45 -0500216 dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order'))
Scott Baker2c3cb642014-05-19 17:55:56 -0700217 dashboards = [x.dashboardView for x in dashboards]
218
219 if not dashboards:
220 for dashboardName in DEFAULT_DASHBOARDS:
221 dbv = DashboardView.objects.filter(name=dashboardName)
222 if dbv:
223 dashboards.append(dbv[0])
224
225 return dashboards
226
Siobhan Tullybfd11dc2013-09-03 12:59:24 -0400227# def get_roles(self):
228# from core.models.site import SitePrivilege
229# from core.models.slice import SliceMembership
230#
231# site_privileges = SitePrivilege.objects.filter(user=self)
232# slice_memberships = SliceMembership.objects.filter(user=self)
233# roles = defaultdict(list)
234# for site_privilege in site_privileges:
235# roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
236# for slice_membership in slice_memberships:
237# roles[slice_membership.role.role_type].append(slice_membership.slice.name)
238# return roles
Siobhan Tully53437282013-04-26 19:30:27 -0400239
Tony Mack53106f32013-04-27 16:43:01 -0400240 def save(self, *args, **kwds):
Siobhan Tully30fd4292013-05-10 08:59:56 -0400241 if not self.id:
Scott Bakera36d77e2014-08-29 11:43:23 -0700242 self.set_password(self.password)
243 if self.is_active:
244 if self.password=="!":
245 self.send_temporary_password()
246
Siobhan Tullyfece0d52013-09-06 12:57:05 -0400247 self.username = self.email
Scott Bakera36d77e2014-08-29 11:43:23 -0700248 super(User, self).save(*args, **kwds)
249
Scott Bakercbfb6002014-10-03 00:32:37 -0700250 self._initial = self._dict
251
Scott Bakera36d77e2014-08-29 11:43:23 -0700252 def send_temporary_password(self):
253 password = User.objects.make_random_password()
254 self.set_password(password)
255 subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)
256 text_content = 'This is an important message.'
Scott Baker51e7d402014-08-29 12:32:46 -0700257 userUrl="http://%s/" % get_request().get_host()
Scott Bakera36d77e2014-08-29 11:43:23 -0700258 html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""
259 msg = EmailMultiAlternatives(subject,text_content, from_email, [to])
260 msg.attach_alternative(html_content, "text/html")
261 msg.send()
Tony Mack5b061472014-02-04 07:57:10 -0500262
Scott Bakercbfb6002014-10-03 00:32:37 -0700263 def can_update(self, user):
264 from core.models import SitePrivilege
Scott Baker0119c152014-10-06 22:58:48 -0700265 _cant_update_fieldName = None
Scott Bakercbfb6002014-10-03 00:32:37 -0700266 if user.is_readonly:
267 return False
268 if user.is_admin:
269 return True
Scott Bakercbfb6002014-10-03 00:32:37 -0700270 # site pis can update
271 site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
272 for site_priv in site_privs:
273 if site_priv.role.role == 'pi':
Scott Baker0119c152014-10-06 22:58:48 -0700274 for fieldName in self.diff.keys():
275 if fieldName in self.PI_FORBIDDEN_FIELDS:
276 _cant_update_fieldName = fieldName
277 return False
Scott Bakercbfb6002014-10-03 00:32:37 -0700278 return True
Scott Baker0119c152014-10-06 22:58:48 -0700279 if (user.id == self.id):
280 for fieldName in self.diff.keys():
281 if fieldName in self.USER_FORBIDDEN_FIELDS:
282 _cant_update_fieldName = fieldName
283 return False
284 return True
Scott Bakercbfb6002014-10-03 00:32:37 -0700285
286 return False
287
Tony Mack5b061472014-02-04 07:57:10 -0500288 @staticmethod
289 def select_by_user(user):
290 if user.is_admin:
291 qs = User.objects.all()
292 else:
293 # can see all users at any site where this user has pi role
294 from core.models.site import SitePrivilege
295 site_privs = SitePrivilege.objects.filter(user=user)
296 sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
297 # get site privs of users at these sites
298 site_privs = SitePrivilege.objects.filter(site__in=sites)
Scott Bakera36d77e2014-08-29 11:43:23 -0700299 user_ids = [sp.user.id for sp in site_privs] + [user.id]
Tony Mack5b061472014-02-04 07:57:10 -0500300 qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
Scott Bakera36d77e2014-08-29 11:43:23 -0700301 return qs
Tony Mack5b061472014-02-04 07:57:10 -0500302
Scott Bakercbfb6002014-10-03 00:32:37 -0700303 def save_by_user(self, user, *args, **kwds):
304 if not self.can_update(user):
Scott Baker0119c152014-10-06 22:58:48 -0700305 if getattr(self, "_cant_update_fieldName", None) is not None:
306 raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
307 else:
308 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
Scott Bakercbfb6002014-10-03 00:32:37 -0700309
310 self.save(*args, **kwds)
311
312 def delete_by_user(self, user, *args, **kwds):
313 if not self.can_update(user):
314 raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
315 self.delete(*args, **kwds)
316
Scott Baker2c3cb642014-05-19 17:55:56 -0700317class UserDashboardView(PlCoreBase):
Sapan Bhatia13d2db92014-11-11 21:47:45 -0500318 user = models.ForeignKey(User, related_name='userdashboardviews')
319 dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews')
Scott Baker2c3cb642014-05-19 17:55:56 -0700320 order = models.IntegerField(default=0)