2 # Functions for interacting with the persons table in the database
4 # Mark Huang <mlhuang@cs.princeton.edu>
5 # Copyright (C) 2006 The Trustees of Princeton University
7 # $Id: Persons.py,v 1.8 2006/10/03 19:25:55 mlhuang Exp $
10 from types import StringTypes
11 from datetime import datetime
14 from random import Random
18 from PLC.Faults import *
19 from PLC.Parameter import Parameter
20 from PLC.Debug import profile
21 from PLC.Table import Row, Table
22 from PLC.Roles import Roles
23 from PLC.Addresses import Address, Addresses
24 from PLC.Keys import Key, Keys
29 Representation of a row in the persons table. To use, optionally
30 instantiate with a dict of values. Update as you would a
31 dict. Commit to the database with sync().
34 table_name = 'persons'
35 primary_key = 'person_id'
37 'person_id': Parameter(int, "Account identifier"),
38 'first_name': Parameter(str, "Given name", max = 128),
39 'last_name': Parameter(str, "Surname", max = 128),
40 'title': Parameter(str, "Title", max = 128),
41 'email': Parameter(str, "Primary e-mail address", max = 254),
42 'phone': Parameter(str, "Telephone number", max = 64),
43 'url': Parameter(str, "Home page", max = 254),
44 'bio': Parameter(str, "Biography", max = 254),
45 'enabled': Parameter(bool, "Has been enabled"),
46 'password': Parameter(str, "Account password in crypt() form", max = 254),
47 'last_updated': Parameter(str, "Date and time of last update", ro = True),
48 'date_created': Parameter(str, "Date and time when account was created", ro = True),
49 'role_ids': Parameter([int], "List of role identifiers", ro = True),
50 'roles': Parameter([str], "List of roles", ro = True),
51 'site_ids': Parameter([int], "List of site identifiers", ro = True),
52 'key_ids': Parameter([int], "List of key identifiers", ro = True),
53 'slice_ids': Parameter([int], "List of slice identifiers", ro = True),
56 def __init__(self, api, fields = {}):
57 Row.__init__(self, fields)
60 def validate_email(self, email):
62 Validate email address. Stolen from Mailman.
65 invalid_email = PLCInvalidArgument("Invalid e-mail address")
66 email_badchars = r'[][()<>|;^,\200-\377]'
68 # Pretty minimal, cheesy check. We could do better...
69 if not email or email.count(' ') > 0:
71 if re.search(email_badchars, email) or email[0] == '-':
75 at_sign = email.find('@')
78 user = email[:at_sign]
79 rest = email[at_sign+1:]
80 domain = rest.split('.')
82 # This means local, unqualified addresses, are no allowed
88 conflicts = Persons(self.api, [email])
89 for person_id, person in conflicts.iteritems():
90 if 'person_id' not in self or self['person_id'] != person_id:
91 raise PLCInvalidArgument, "E-mail address already in use"
95 def validate_password(self, password):
97 Encrypt password if necessary before committing to the
103 if len(password) > len(magic) and \
104 password[0:len(magic)] == magic:
107 # Generate a somewhat unique 8 character salt string
108 salt = str(time.time()) + str(Random().random())
109 salt = md5.md5(salt).hexdigest()[:8]
110 return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$")
112 def can_update(self, person):
114 Returns true if we can update the specified person. We can
117 1. We are the person.
119 3. We are a PI and the person is a user or tech or at
123 assert isinstance(person, Person)
125 if self['person_id'] == person['person_id']:
128 if 'admin' in self['roles']:
131 if 'pi' in self['roles']:
132 if set(self['site_ids']).intersection(person['site_ids']):
133 # Can update people with higher role IDs
134 return min(self['role_ids']) < min(person['role_ids'])
138 def can_view(self, person):
140 Returns true if we can view the specified person. We can
143 1. We are the person.
145 3. We are a PI and the person is at one of our sites.
148 assert isinstance(person, Person)
150 if self.can_update(person):
153 if 'pi' in self['roles']:
154 if set(self['site_ids']).intersection(person['site_ids']):
155 # Can view people with equal or higher role IDs
156 return min(self['role_ids']) <= min(person['role_ids'])
160 def add_role(self, role_id, commit = True):
162 Add role to existing account.
165 assert 'person_id' in self
167 person_id = self['person_id']
169 if role_id not in self['role_ids']:
170 self.api.db.do("INSERT INTO person_role (person_id, role_id)" \
171 " VALUES(%(person_id)d, %(role_id)d)",
177 self['role_ids'].append(role_id)
179 def remove_role(self, role_id, commit = True):
181 Remove role from existing account.
184 assert 'person_id' in self
186 person_id = self['person_id']
188 if role_id in self['role_ids']:
189 self.api.db.do("DELETE FROM person_role" \
190 " WHERE person_id = %(person_id)d" \
191 " AND role_id = %(role_id)d",
197 self['role_ids'].remove(role_id)
199 def set_primary_site(self, site, commit = True):
201 Set the primary site for an existing account.
204 assert 'person_id' in self
205 assert isinstance(site, PLC.Sites.Site)
206 assert 'site_id' in site
208 person_id = self['person_id']
209 site_id = site['site_id']
210 self.api.db.do("UPDATE person_site SET is_primary = False" \
211 " WHERE person_id = %(person_id)d",
213 self.api.db.do("UPDATE person_site SET is_primary = True" \
214 " WHERE person_id = %(person_id)d" \
215 " AND site_id = %(site_id)d",
221 assert 'site_ids' in self
222 assert site_id in self['site_ids']
224 # Make sure that the primary site is first in the list
225 self['site_ids'].remove(site_id)
226 self['site_ids'].insert(0, site_id)
228 def delete(self, commit = True):
230 Delete existing account.
234 keys = Keys(self.api, self['key_ids'])
235 for key in keys.values():
236 key.delete(commit = False)
238 # Clean up miscellaneous join tables
239 for table in ['person_role', 'person_site', 'slice_person']:
240 self.api.db.do("DELETE FROM %s" \
241 " WHERE person_id = %d" % \
242 (table, self['person_id']))
245 self['deleted'] = True
248 class Persons(Table):
250 Representation of row(s) from the persons table in the
251 database. Specify deleted and/or enabled to force a match on
252 whether a person is deleted and/or enabled. Default is to match on
253 non-deleted accounts.
256 def __init__(self, api, person_id_or_email_list = None, enabled = None):
259 sql = "SELECT %s FROM view_persons WHERE deleted IS False" % \
260 ", ".join(Person.fields)
262 if enabled is not None:
263 sql += " AND enabled IS %(enabled)s"
265 if person_id_or_email_list:
266 # Separate the list into integers and strings
267 person_ids = filter(lambda person_id: isinstance(person_id, (int, long)),
268 person_id_or_email_list)
269 emails = filter(lambda email: isinstance(email, StringTypes),
270 person_id_or_email_list)
273 sql += " OR person_id IN (%s)" % ", ".join(map(str, person_ids))
275 # Case insensitive e-mail address comparison
276 sql += " OR email IN (%s)" % ", ".join(api.db.quote(emails)).lower()
279 rows = self.api.db.selectall(sql, locals())
282 self[row['person_id']] = person = Person(api, row)
283 for aggregate in 'role_ids', 'roles', 'site_ids', 'key_ids', 'slice_ids':
284 if not person.has_key(aggregate) or person[aggregate] is None:
285 person[aggregate] = []
287 elements = person[aggregate].split(',')
289 person[aggregate] = map(int, elements)
291 person[aggregate] = elements