2 # Functions for interacting with the persons table in the database
4 # Mark Huang <mlhuang@cs.princeton.edu>
5 # Copyright (C) 2006 The Trustees of Princeton University
7 # $Id: Persons.py,v 1.24 2006/12/05 16:45:03 thierry Exp $
10 from types import StringTypes
11 from datetime import datetime
14 from random import Random
18 from PLC.Faults import *
19 from PLC.Parameter import Parameter
20 from PLC.Filter import Filter
21 from PLC.Table import Row, Table
22 from PLC.Keys import Key, Keys
27 Representation of a row in the persons table. To use, optionally
28 instantiate with a dict of values. Update as you would a
29 dict. Commit to the database with sync().
32 table_name = 'persons'
33 primary_key = 'person_id'
34 join_tables = ['person_role', 'person_site', 'slice_person', 'person_session']
36 'person_id': Parameter(int, "Account identifier"),
37 'first_name': Parameter(str, "Given name", max = 128),
38 'last_name': Parameter(str, "Surname", max = 128),
39 'title': Parameter(str, "Title", max = 128, nullok = True),
40 'email': Parameter(str, "Primary e-mail address", max = 254),
41 'phone': Parameter(str, "Telephone number", max = 64, nullok = True),
42 'url': Parameter(str, "Home page", max = 254, nullok = True),
43 'bio': Parameter(str, "Biography", max = 254, nullok = True),
44 'enabled': Parameter(bool, "Has been enabled"),
45 'password': Parameter(str, "Account password in crypt() form", max = 254),
46 'verification_key': Parameter(str, "Reset password key", max = 254),
47 'verification_expires': Parameter(str, "Date/Time verification_key expires", max = 254),
48 'last_updated': Parameter(int, "Date and time of last update", ro = True),
49 'date_created': Parameter(int, "Date and time when account was created", ro = True),
50 'role_ids': Parameter([int], "List of role identifiers"),
51 'roles': Parameter([str], "List of roles"),
52 'site_ids': Parameter([int], "List of site identifiers"),
53 'key_ids': Parameter([int], "List of key identifiers"),
54 'slice_ids': Parameter([int], "List of slice identifiers"),
55 'peer_id': Parameter(int, "Peer at which this slice was created", nullok = True),
60 foreign_fields = ['first_name', 'last_name', 'title', 'email', 'phone', 'url',
61 'bio', 'enabled', 'password', ]
62 # forget about these ones, they are read-only anyway
63 # handling them causes Cache to re-sync all over again
64 # 'last_updated', 'date_created'
66 {'field' : 'key_ids', 'class': 'Key', 'table' : 'person_key' } ,
67 {'field' : 'site_ids', 'class': 'Site', 'table' : 'person_site'},
68 # xxx this is not handled by Cache yet
69 # 'role_ids': Parameter([int], "List of role identifiers"),
72 def validate_email(self, email):
74 Validate email address. Stolen from Mailman.
77 invalid_email = PLCInvalidArgument("Invalid e-mail address")
78 email_badchars = r'[][()<>|;^,\200-\377]'
80 # Pretty minimal, cheesy check. We could do better...
81 if not email or email.count(' ') > 0:
83 if re.search(email_badchars, email) or email[0] == '-':
87 at_sign = email.find('@')
90 user = email[:at_sign]
91 rest = email[at_sign+1:]
92 domain = rest.split('.')
94 # This means local, unqualified addresses, are no allowed
100 conflicts = Persons(self.api, [email])
101 for person in conflicts:
102 if 'person_id' not in self or self['person_id'] != person['person_id']:
103 raise PLCInvalidArgument, "E-mail address already in use"
107 def validate_password(self, password):
109 Encrypt password if necessary before committing to the
115 if len(password) > len(magic) and \
116 password[0:len(magic)] == magic:
119 # Generate a somewhat unique 8 character salt string
120 salt = str(time.time()) + str(Random().random())
121 salt = md5.md5(salt).hexdigest()[:8]
122 return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$")
125 # verification_expires in the DB but not exposed here
126 def validate_date_created (self, timestamp):
127 return self.validate_timestamp (timestamp)
128 def validate_last_updated (self, timestamp):
129 return self.validate_timestamp (timestamp)
131 def can_update(self, person):
133 Returns true if we can update the specified person. We can
136 1. We are the person.
138 3. We are a PI and the person is a user or tech or at
142 assert isinstance(person, Person)
144 if self['person_id'] == person['person_id']:
147 if 'admin' in self['roles']:
150 if 'pi' in self['roles']:
151 if set(self['site_ids']).intersection(person['site_ids']):
152 # Can update people with higher role IDs
153 return min(self['role_ids']) < min(person['role_ids'])
157 def can_view(self, person):
159 Returns true if we can view the specified person. We can
162 1. We are the person.
164 3. We are a PI and the person is at one of our sites.
167 assert isinstance(person, Person)
169 if self.can_update(person):
172 if 'pi' in self['roles']:
173 if set(self['site_ids']).intersection(person['site_ids']):
174 # Can view people with equal or higher role IDs
175 return min(self['role_ids']) <= min(person['role_ids'])
179 def add_role(self, role_id, commit = True):
181 Add role to existing account.
184 assert 'person_id' in self
186 person_id = self['person_id']
188 if role_id not in self['role_ids']:
189 self.api.db.do("INSERT INTO person_role (person_id, role_id)" \
190 " VALUES(%(person_id)d, %(role_id)d)",
196 self['role_ids'].append(role_id)
198 def remove_role(self, role_id, commit = True):
200 Remove role from existing account.
203 assert 'person_id' in self
205 person_id = self['person_id']
207 if role_id in self['role_ids']:
208 self.api.db.do("DELETE FROM person_role" \
209 " WHERE person_id = %(person_id)d" \
210 " AND role_id = %(role_id)d",
216 self['role_ids'].remove(role_id)
218 def add_key(self, key, commit = True):
220 Add key to existing account.
223 assert 'person_id' in self
224 assert isinstance(key, Key)
225 assert 'key_id' in key
227 person_id = self['person_id']
228 key_id = key['key_id']
230 if key_id not in self['key_ids']:
231 self.api.db.do("INSERT INTO person_key (person_id, key_id)" \
232 " VALUES(%(person_id)d, %(key_id)d)",
238 self['key_ids'].append(key_id)
240 def remove_key(self, key, commit = True):
242 Remove key from existing account.
245 assert 'person_id' in self
246 assert isinstance(key, Key)
247 assert 'key_id' in key
249 person_id = self['person_id']
250 key_id = key['key_id']
252 if key_id in self['key_ids']:
253 self.api.db.do("DELETE FROM person_key" \
254 " WHERE person_id = %(person_id)d" \
255 " AND key_id = %(key_id)d",
261 self['key_ids'].remove(key_id)
263 def set_primary_site(self, site, commit = True):
265 Set the primary site for an existing account.
268 assert 'person_id' in self
269 assert isinstance(site, PLC.Sites.Site)
270 assert 'site_id' in site
272 person_id = self['person_id']
273 site_id = site['site_id']
274 self.api.db.do("UPDATE person_site SET is_primary = False" \
275 " WHERE person_id = %(person_id)d",
277 self.api.db.do("UPDATE person_site SET is_primary = True" \
278 " WHERE person_id = %(person_id)d" \
279 " AND site_id = %(site_id)d",
285 assert 'site_ids' in self
286 assert site_id in self['site_ids']
288 # Make sure that the primary site is first in the list
289 self['site_ids'].remove(site_id)
290 self['site_ids'].insert(0, site_id)
292 def delete(self, commit = True):
294 Delete existing account.
298 keys = Keys(self.api, self['key_ids'])
300 key.delete(commit = False)
302 # Clean up miscellaneous join tables
303 for table in self.join_tables:
304 self.api.db.do("DELETE FROM %s WHERE person_id = %d" % \
305 (table, self['person_id']))
308 self['deleted'] = True
311 class Persons(Table):
313 Representation of row(s) from the persons table in the
317 def __init__(self, api, person_filter = None, columns = None):
318 Table.__init__(self, api, Person, columns)
320 sql = "SELECT %s FROM view_persons WHERE deleted IS False" % \
321 ", ".join(self.columns)
323 if person_filter is not None:
324 if isinstance(person_filter, (list, tuple, set)):
325 # Separate the list into integers and strings
326 ints = filter(lambda x: isinstance(x, (int, long)), person_filter)
327 strs = filter(lambda x: isinstance(x, StringTypes), person_filter)
328 person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs})
329 sql += " AND (%s)" % person_filter.sql(api, "OR")
330 elif isinstance(person_filter, dict):
331 person_filter = Filter(Person.fields, person_filter)
332 sql += " AND (%s)" % person_filter.sql(api, "AND")