Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 1 | import os |
| 2 | import datetime |
Scott Baker | 7ca05ab | 2014-12-19 13:02:31 -0800 | [diff] [blame] | 3 | import sys |
Tony Mack | 2f5be42 | 2015-01-03 14:26:15 -0500 | [diff] [blame] | 4 | import hashlib |
Tony Mack | c14de8f | 2013-05-09 21:44:17 -0400 | [diff] [blame] | 5 | from collections import defaultdict |
Scott Baker | 301eee3 | 2014-12-19 12:22:51 -0800 | [diff] [blame] | 6 | from django.forms.models import model_to_dict |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 7 | from django.db import models |
Tony Mack | 5b06147 | 2014-02-04 07:57:10 -0500 | [diff] [blame] | 8 | from django.db.models import F, Q |
Scott Baker | daca816 | 2015-02-02 14:28:35 -0800 | [diff] [blame] | 9 | from django.utils import timezone |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 10 | from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 11 | from django.contrib.auth.models import AbstractBaseUser, BaseUserManager |
Scott Baker | 9266e6b | 2013-05-19 15:54:48 -0700 | [diff] [blame] | 12 | from timezones.fields import TimeZoneField |
Scott Baker | 2c3cb64 | 2014-05-19 17:55:56 -0700 | [diff] [blame] | 13 | from operator import itemgetter, attrgetter |
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 14 | from django.core.mail import EmailMultiAlternatives |
| 15 | from core.middleware import get_request |
Sapan Bhatia | bad6774 | 2014-09-04 00:39:19 -0400 | [diff] [blame] | 16 | import model_policy |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 17 | from django.core.exceptions import PermissionDenied |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 18 | |
Scott Baker | fd8c7c4 | 2014-10-09 16:16:02 -0700 | [diff] [blame] | 19 | # ------ from plcorebase.py ------ |
| 20 | try: |
| 21 | # This is a no-op if observer_disabled is set to 1 in the config file |
| 22 | from observer import * |
| 23 | except: |
| 24 | print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:" |
| 25 | import traceback |
| 26 | traceback.print_exc() |
| 27 | |
| 28 | # guard against something failing |
| 29 | def notify_observer(*args, **kwargs): |
| 30 | pass |
| 31 | # ------ ------ |
| 32 | |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 33 | # Create your models here. |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 34 | class UserManager(BaseUserManager): |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 35 | def create_user(self, email, firstname, lastname, password=None): |
| 36 | """ |
| 37 | Creates and saves a User with the given email, date of |
| 38 | birth and password. |
| 39 | """ |
| 40 | if not email: |
| 41 | raise ValueError('Users must have an email address') |
| 42 | |
| 43 | user = self.model( |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 44 | email=UserManager.normalize_email(email), |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 45 | firstname=firstname, |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 46 | lastname=lastname, |
| 47 | password=password |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 48 | ) |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 49 | #user.set_password(password) |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 50 | user.is_admin = True |
| 51 | user.save(using=self._db) |
| 52 | return user |
| 53 | |
| 54 | def create_superuser(self, email, firstname, lastname, password): |
| 55 | """ |
| 56 | Creates and saves a superuser with the given email, date of |
| 57 | birth and password. |
| 58 | """ |
| 59 | user = self.create_user(email, |
| 60 | password=password, |
| 61 | firstname=firstname, |
| 62 | lastname=lastname |
| 63 | ) |
| 64 | user.is_admin = True |
| 65 | user.save(using=self._db) |
| 66 | return user |
| 67 | |
Scott Baker | 6c68484 | 2014-10-17 18:45:00 -0700 | [diff] [blame] | 68 | def get_queryset(self): |
| 69 | parent=super(UserManager, self) |
| 70 | if hasattr(parent, "get_queryset"): |
| 71 | return parent.get_queryset().filter(deleted=False) |
| 72 | else: |
| 73 | return parent.get_query_set().filter(deleted=False) |
| 74 | |
| 75 | # deprecated in django 1.7 in favor of get_queryset(). |
| 76 | def get_query_set(self): |
| 77 | return self.get_queryset() |
| 78 | |
Sapan Bhatia | 5d605ff | 2014-07-21 20:08:04 -0400 | [diff] [blame] | 79 | class DeletedUserManager(UserManager): |
Scott Baker | b08d656 | 2014-09-12 12:57:27 -0700 | [diff] [blame] | 80 | def get_queryset(self): |
Sapan Bhatia | 5d605ff | 2014-07-21 20:08:04 -0400 | [diff] [blame] | 81 | return super(UserManager, self).get_query_set().filter(deleted=True) |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 82 | |
Scott Baker | b08d656 | 2014-09-12 12:57:27 -0700 | [diff] [blame] | 83 | # deprecated in django 1.7 in favor of get_queryset() |
| 84 | def get_query_set(self): |
| 85 | return self.get_queryset() |
| 86 | |
Scott Baker | 301eee3 | 2014-12-19 12:22:51 -0800 | [diff] [blame] | 87 | class User(AbstractBaseUser): #, DiffModelMixIn): |
| 88 | |
| 89 | # ---- copy stuff from DiffModelMixin ---- |
| 90 | |
| 91 | @property |
| 92 | def _dict(self): |
| 93 | return model_to_dict(self, fields=[field.name for field in |
| 94 | self._meta.fields]) |
| 95 | |
Scott Baker | daca816 | 2015-02-02 14:28:35 -0800 | [diff] [blame] | 96 | def fields_differ(self,f1,f2): |
| 97 | if isinstance(f1,datetime.datetime) and isinstance(f2,datetime.datetime) and (timezone.is_aware(f1) != timezone.is_aware(f2)):
|
| 98 | return True
|
| 99 | else:
|
| 100 | return (f1 != f2)
|
| 101 | |
Scott Baker | 301eee3 | 2014-12-19 12:22:51 -0800 | [diff] [blame] | 102 | @property |
| 103 | def diff(self): |
| 104 | d1 = self._initial |
| 105 | d2 = self._dict |
Scott Baker | daca816 | 2015-02-02 14:28:35 -0800 | [diff] [blame] | 106 | diffs = [(k, (v, d2[k])) for k, v in d1.items() if self.fields_differ(v,d2[k])] |
Scott Baker | 301eee3 | 2014-12-19 12:22:51 -0800 | [diff] [blame] | 107 | return dict(diffs) |
| 108 | |
| 109 | @property |
| 110 | def has_changed(self): |
| 111 | return bool(self.diff) |
| 112 | |
| 113 | @property |
| 114 | def changed_fields(self): |
| 115 | return self.diff.keys() |
| 116 | |
| 117 | def has_field_changed(self, field_name): |
| 118 | return field_name in self.diff.keys() |
| 119 | |
| 120 | def get_field_diff(self, field_name): |
| 121 | return self.diff.get(field_name, None) |
Scott Baker | 9d89623 | 2015-01-05 17:26:36 -0800 | [diff] [blame] | 122 | |
| 123 | #classmethod |
| 124 | def getValidators(cls): |
| 125 | """ primarily for REST API, return a dictionary of field names mapped |
| 126 | to lists of the type of validations that need to be applied to |
| 127 | those fields. |
| 128 | """ |
| 129 | validators = {} |
| 130 | for field in cls._meta.fields: |
| 131 | l = [] |
| 132 | if field.blank==False: |
| 133 | l.append("notBlank") |
| 134 | if field.__class__.__name__=="URLField": |
| 135 | l.append("url") |
| 136 | validators[field.name] = l |
| 137 | return validators |
Scott Baker | 301eee3 | 2014-12-19 12:22:51 -0800 | [diff] [blame] | 138 | # ---- end copy stuff from DiffModelMixin ---- |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 139 | |
Tony Mack | 2f5be42 | 2015-01-03 14:26:15 -0500 | [diff] [blame] | 140 | @property |
| 141 | def remote_password(self): |
| 142 | return hashlib.md5(self.password).hexdigest()[:12] |
| 143 | |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 144 | class Meta: |
| 145 | app_label = "core" |
| 146 | |
| 147 | email = models.EmailField( |
| 148 | verbose_name='email address', |
| 149 | max_length=255, |
| 150 | unique=True, |
| 151 | db_index=True, |
| 152 | ) |
Siobhan Tully | fece0d5 | 2013-09-06 12:57:05 -0400 | [diff] [blame] | 153 | |
| 154 | username = models.CharField(max_length=255, default="Something" ) |
| 155 | |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 156 | firstname = models.CharField(help_text="person's given name", max_length=200) |
| 157 | lastname = models.CharField(help_text="person's surname", max_length=200) |
| 158 | |
| 159 | phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100) |
| 160 | user_url = models.URLField(null=True, blank=True) |
Siobhan Tully | bfd11dc | 2013-09-03 12:59:24 -0400 | [diff] [blame] | 161 | site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True) |
Tony Mack | 5cbadf8 | 2013-06-10 13:56:07 -0400 | [diff] [blame] | 162 | public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string") |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 163 | |
| 164 | is_active = models.BooleanField(default=True) |
Tony Mack | 4bfcdc8 | 2015-01-28 12:03:39 -0500 | [diff] [blame] | 165 | is_admin = models.BooleanField(default=False) |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 166 | is_staff = models.BooleanField(default=True) |
Siobhan Tully | cf04fb6 | 2014-01-11 11:25:57 -0500 | [diff] [blame] | 167 | is_readonly = models.BooleanField(default=False) |
Scott Baker | 28e2e3a | 2015-01-28 16:03:40 -0800 | [diff] [blame] | 168 | is_registering = models.BooleanField(default=False) |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 169 | |
Tony Mack | 0553f28 | 2013-06-10 22:54:50 -0400 | [diff] [blame] | 170 | created = models.DateTimeField(auto_now_add=True) |
| 171 | updated = models.DateTimeField(auto_now=True) |
| 172 | enacted = models.DateTimeField(null=True, default=None) |
Sapan Bhatia | 103465d | 2015-01-23 16:02:09 +0000 | [diff] [blame] | 173 | policed = models.DateTimeField(null=True, default=None) |
Scott Baker | 85b98e7 | 2015-02-06 00:11:10 -0800 | [diff] [blame] | 174 | backend_status = models.CharField(max_length=1024, |
Sapan Bhatia | d507f43 | 2014-04-29 00:41:39 -0400 | [diff] [blame] | 175 | default="Provisioning in progress") |
Sapan Bhatia | bcc1899 | 2014-04-29 10:32:14 -0400 | [diff] [blame] | 176 | deleted = models.BooleanField(default=False) |
Tony Mack | 0553f28 | 2013-06-10 22:54:50 -0400 | [diff] [blame] | 177 | |
Scott Baker | 9266e6b | 2013-05-19 15:54:48 -0700 | [diff] [blame] | 178 | timezone = TimeZoneField() |
| 179 | |
Scott Baker | 2c3cb64 | 2014-05-19 17:55:56 -0700 | [diff] [blame] | 180 | dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True) |
| 181 | |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 182 | objects = UserManager() |
Sapan Bhatia | 5d605ff | 2014-07-21 20:08:04 -0400 | [diff] [blame] | 183 | deleted_objects = DeletedUserManager() |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 184 | |
| 185 | USERNAME_FIELD = 'email' |
| 186 | REQUIRED_FIELDS = ['firstname', 'lastname'] |
| 187 | |
Scott Baker | 0119c15 | 2014-10-06 22:58:48 -0700 | [diff] [blame] | 188 | PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"] |
| 189 | USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"] |
| 190 | |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 191 | def __init__(self, *args, **kwargs): |
| 192 | super(User, self).__init__(*args, **kwargs) |
| 193 | self._initial = self._dict # for DiffModelMixIn |
| 194 | |
Siobhan Tully | cf04fb6 | 2014-01-11 11:25:57 -0500 | [diff] [blame] | 195 | def isReadOnlyUser(self): |
| 196 | return self.is_readonly |
| 197 | |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 198 | def get_full_name(self): |
| 199 | # The user is identified by their email address |
| 200 | return self.email |
| 201 | |
| 202 | def get_short_name(self): |
| 203 | # The user is identified by their email address |
| 204 | return self.email |
| 205 | |
Sapan Bhatia | 5d605ff | 2014-07-21 20:08:04 -0400 | [diff] [blame] | 206 | def delete(self, *args, **kwds): |
| 207 | # so we have something to give the observer |
| 208 | purge = kwds.get('purge',False) |
Scott Baker | c5b5060 | 2014-10-09 16:22:00 -0700 | [diff] [blame] | 209 | if purge: |
| 210 | del kwds['purge'] |
Sapan Bhatia | 5d605ff | 2014-07-21 20:08:04 -0400 | [diff] [blame] | 211 | try: |
| 212 | purge = purge or observer_disabled |
| 213 | except NameError: |
| 214 | pass |
| 215 | |
| 216 | if (purge): |
| 217 | super(User, self).delete(*args, **kwds) |
| 218 | else: |
| 219 | self.deleted = True |
| 220 | self.enacted=None |
| 221 | self.save(update_fields=['enacted','deleted']) |
| 222 | |
Tony Mack | b0d9742 | 2013-06-10 09:57:45 -0400 | [diff] [blame] | 223 | @property |
| 224 | def keyname(self): |
| 225 | return self.email[:self.email.find('@')] |
| 226 | |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 227 | def __unicode__(self): |
| 228 | return self.email |
| 229 | |
| 230 | def has_perm(self, perm, obj=None): |
| 231 | "Does the user have a specific permission?" |
| 232 | # Simplest possible answer: Yes, always |
| 233 | return True |
| 234 | |
| 235 | def has_module_perms(self, app_label): |
| 236 | "Does the user have permissions to view the app `app_label`?" |
| 237 | # Simplest possible answer: Yes, always |
| 238 | return True |
| 239 | |
Siobhan Tully | bfd11dc | 2013-09-03 12:59:24 -0400 | [diff] [blame] | 240 | def is_superuser(self): |
| 241 | return False |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 242 | |
Scott Baker | 2c3cb64 | 2014-05-19 17:55:56 -0700 | [diff] [blame] | 243 | def get_dashboards(self): |
| 244 | DEFAULT_DASHBOARDS=["Tenant"] |
| 245 | |
Sapan Bhatia | 13d2db9 | 2014-11-11 21:47:45 -0500 | [diff] [blame] | 246 | dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order')) |
Scott Baker | 2c3cb64 | 2014-05-19 17:55:56 -0700 | [diff] [blame] | 247 | dashboards = [x.dashboardView for x in dashboards] |
| 248 | |
| 249 | if not dashboards: |
| 250 | for dashboardName in DEFAULT_DASHBOARDS: |
| 251 | dbv = DashboardView.objects.filter(name=dashboardName) |
| 252 | if dbv: |
| 253 | dashboards.append(dbv[0]) |
| 254 | |
| 255 | return dashboards |
| 256 | |
Siobhan Tully | bfd11dc | 2013-09-03 12:59:24 -0400 | [diff] [blame] | 257 | # def get_roles(self): |
| 258 | # from core.models.site import SitePrivilege |
| 259 | # from core.models.slice import SliceMembership |
| 260 | # |
| 261 | # site_privileges = SitePrivilege.objects.filter(user=self) |
| 262 | # slice_memberships = SliceMembership.objects.filter(user=self) |
| 263 | # roles = defaultdict(list) |
| 264 | # for site_privilege in site_privileges: |
| 265 | # roles[site_privilege.role.role_type].append(site_privilege.site.login_base) |
| 266 | # for slice_membership in slice_memberships: |
| 267 | # roles[slice_membership.role.role_type].append(slice_membership.slice.name) |
| 268 | # return roles |
Siobhan Tully | 5343728 | 2013-04-26 19:30:27 -0400 | [diff] [blame] | 269 | |
Tony Mack | 53106f3 | 2013-04-27 16:43:01 -0400 | [diff] [blame] | 270 | def save(self, *args, **kwds): |
Siobhan Tully | 30fd429 | 2013-05-10 08:59:56 -0400 | [diff] [blame] | 271 | if not self.id: |
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 272 | self.set_password(self.password) |
Scott Baker | 28e2e3a | 2015-01-28 16:03:40 -0800 | [diff] [blame] | 273 | print "XXX", self, self.is_active, self.is_registering |
| 274 | if self.is_active and self.is_registering: |
| 275 | self.send_temporary_password()
|
| 276 | self.is_registering=False
|
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 277 |
|
Siobhan Tully | fece0d5 | 2013-09-06 12:57:05 -0400 | [diff] [blame] | 278 | self.username = self.email |
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 279 | super(User, self).save(*args, **kwds) |
| 280 | |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 281 | self._initial = self._dict |
| 282 | |
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 283 | def send_temporary_password(self): |
| 284 | password = User.objects.make_random_password() |
| 285 | self.set_password(password)
|
| 286 | subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)
|
| 287 | text_content = 'This is an important message.'
|
Scott Baker | 51e7d40 | 2014-08-29 12:32:46 -0700 | [diff] [blame] | 288 | userUrl="http://%s/" % get_request().get_host()
|
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 289 | html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""
|
| 290 | msg = EmailMultiAlternatives(subject,text_content, from_email, [to])
|
| 291 | msg.attach_alternative(html_content, "text/html")
|
| 292 | msg.send() |
Tony Mack | 5b06147 | 2014-02-04 07:57:10 -0500 | [diff] [blame] | 293 | |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 294 | def can_update(self, user): |
| 295 | from core.models import SitePrivilege |
Scott Baker | 0119c15 | 2014-10-06 22:58:48 -0700 | [diff] [blame] | 296 | _cant_update_fieldName = None |
Tony Mack | 2a56ce5 | 2015-02-09 12:16:03 -0500 | [diff] [blame] | 297 | if user.can_update_root(): |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 298 | return True |
Tony Mack | 2a56ce5 | 2015-02-09 12:16:03 -0500 | [diff] [blame] | 299 | |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 300 | # site pis can update |
| 301 | site_privs = SitePrivilege.objects.filter(user=user, site=self.site) |
| 302 | for site_priv in site_privs: |
Tony Mack | 2a56ce5 | 2015-02-09 12:16:03 -0500 | [diff] [blame] | 303 | if site_priv.role.role == 'admin': |
| 304 | return True |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 305 | if site_priv.role.role == 'pi': |
Scott Baker | 0119c15 | 2014-10-06 22:58:48 -0700 | [diff] [blame] | 306 | for fieldName in self.diff.keys(): |
| 307 | if fieldName in self.PI_FORBIDDEN_FIELDS: |
| 308 | _cant_update_fieldName = fieldName |
| 309 | return False |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 310 | return True |
Scott Baker | 0119c15 | 2014-10-06 22:58:48 -0700 | [diff] [blame] | 311 | if (user.id == self.id): |
| 312 | for fieldName in self.diff.keys(): |
| 313 | if fieldName in self.USER_FORBIDDEN_FIELDS: |
| 314 | _cant_update_fieldName = fieldName |
| 315 | return False |
| 316 | return True |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 317 | |
| 318 | return False |
| 319 | |
Tony Mack | 5ff90fc | 2015-02-08 21:38:41 -0500 | [diff] [blame] | 320 | def can_update_root(self): |
| 321 | """ |
| 322 | Return True if user has root (global) write access. |
| 323 | """ |
| 324 | if self.is_readonly: |
| 325 | return False |
| 326 | if self.is_admin: |
| 327 | return True |
| 328 | |
| 329 | return False |
| 330 | |
| 331 | def can_update_deployment(self, deployment): |
| 332 | from core.models.site import DeploymentPrivilege |
| 333 | if self.can_update_root(): |
| 334 | return True |
| 335 | |
| 336 | if DeploymentPrivilege.objects.filter( |
| 337 | deployment=deployment, |
| 338 | user=self, |
| 339 | role__role__in=['admin', 'Admin']): |
| 340 | return True |
| 341 | return False |
| 342 | |
| 343 | def can_update_site(self, site, allow=[]): |
| 344 | from core.models.site import SitePrivilege |
| 345 | if self.can_update_root(): |
| 346 | return True |
| 347 | if SitePrivilege.objects.filter( |
| 348 | site=site, user=self, role__role__in=['admin', 'Admin']+allow): |
| 349 | return True |
| 350 | return False |
| 351 | |
| 352 | def can_update_slice(self, slice): |
| 353 | from core.models.slice import SlicePrivilege |
| 354 | if self.can_update_root(): |
| 355 | return True |
| 356 | if self == slice.creator: |
| 357 | return True |
| 358 | if self.can_update_site(slice.site, allow=['pi']): |
| 359 | return True |
| 360 | |
| 361 | if SlicePrivilege.objects.filter( |
| 362 | slice=slice, user=self, role__role__in=['admin', 'Admin']): |
| 363 | return True |
| 364 | return False |
| 365 | |
Tony Mack | 5b06147 | 2014-02-04 07:57:10 -0500 | [diff] [blame] | 366 | @staticmethod |
| 367 | def select_by_user(user): |
| 368 | if user.is_admin: |
| 369 | qs = User.objects.all() |
| 370 | else: |
| 371 | # can see all users at any site where this user has pi role |
| 372 | from core.models.site import SitePrivilege |
| 373 | site_privs = SitePrivilege.objects.filter(user=user) |
| 374 | sites = [sp.site for sp in site_privs if sp.role.role == 'pi'] |
| 375 | # get site privs of users at these sites |
| 376 | site_privs = SitePrivilege.objects.filter(site__in=sites) |
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 377 | user_ids = [sp.user.id for sp in site_privs] + [user.id] |
Tony Mack | 5b06147 | 2014-02-04 07:57:10 -0500 | [diff] [blame] | 378 | qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids)) |
Scott Baker | a36d77e | 2014-08-29 11:43:23 -0700 | [diff] [blame] | 379 | return qs |
Tony Mack | 5b06147 | 2014-02-04 07:57:10 -0500 | [diff] [blame] | 380 | |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 381 | def save_by_user(self, user, *args, **kwds): |
| 382 | if not self.can_update(user): |
Scott Baker | 0119c15 | 2014-10-06 22:58:48 -0700 | [diff] [blame] | 383 | if getattr(self, "_cant_update_fieldName", None) is not None: |
| 384 | raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__)) |
| 385 | else: |
| 386 | raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__) |
Scott Baker | cbfb600 | 2014-10-03 00:32:37 -0700 | [diff] [blame] | 387 | |
| 388 | self.save(*args, **kwds) |
| 389 | |
| 390 | def delete_by_user(self, user, *args, **kwds): |
| 391 | if not self.can_update(user): |
| 392 | raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__) |
| 393 | self.delete(*args, **kwds) |
| 394 | |
Scott Baker | 2c3cb64 | 2014-05-19 17:55:56 -0700 | [diff] [blame] | 395 | class UserDashboardView(PlCoreBase): |
Sapan Bhatia | 13d2db9 | 2014-11-11 21:47:45 -0500 | [diff] [blame] | 396 | user = models.ForeignKey(User, related_name='userdashboardviews') |
| 397 | dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews') |
Scott Baker | 2c3cb64 | 2014-05-19 17:55:56 -0700 | [diff] [blame] | 398 | order = models.IntegerField(default=0) |