2 # Functions for interacting with the persons table in the database
4 # Mark Huang <mlhuang@cs.princeton.edu>
5 # Copyright (C) 2006 The Trustees of Princeton University
7 # $Id: Persons.py,v 1.10 2006/10/10 21:51:35 mlhuang Exp $
10 from types import StringTypes
11 from datetime import datetime
14 from random import Random
18 from PLC.Faults import *
19 from PLC.Parameter import Parameter
20 from PLC.Debug import profile
21 from PLC.Table import Row, Table
22 from PLC.Keys import Key, Keys
27 Representation of a row in the persons table. To use, optionally
28 instantiate with a dict of values. Update as you would a
29 dict. Commit to the database with sync().
32 table_name = 'persons'
33 primary_key = 'person_id'
35 'person_id': Parameter(int, "Account identifier"),
36 'first_name': Parameter(str, "Given name", max = 128),
37 'last_name': Parameter(str, "Surname", max = 128),
38 'title': Parameter(str, "Title", max = 128),
39 'email': Parameter(str, "Primary e-mail address", max = 254),
40 'phone': Parameter(str, "Telephone number", max = 64),
41 'url': Parameter(str, "Home page", max = 254),
42 'bio': Parameter(str, "Biography", max = 254),
43 'enabled': Parameter(bool, "Has been enabled"),
44 'password': Parameter(str, "Account password in crypt() form", max = 254),
45 'last_updated': Parameter(str, "Date and time of last update", ro = True),
46 'date_created': Parameter(str, "Date and time when account was created", ro = True),
47 'role_ids': Parameter([int], "List of role identifiers", ro = True),
48 'roles': Parameter([str], "List of roles", ro = True),
49 'site_ids': Parameter([int], "List of site identifiers", ro = True),
50 'key_ids': Parameter([int], "List of key identifiers", ro = True),
51 'slice_ids': Parameter([int], "List of slice identifiers", ro = True),
54 def __init__(self, api, fields = {}):
55 Row.__init__(self, fields)
58 def validate_email(self, email):
60 Validate email address. Stolen from Mailman.
63 invalid_email = PLCInvalidArgument("Invalid e-mail address")
64 email_badchars = r'[][()<>|;^,\200-\377]'
66 # Pretty minimal, cheesy check. We could do better...
67 if not email or email.count(' ') > 0:
69 if re.search(email_badchars, email) or email[0] == '-':
73 at_sign = email.find('@')
76 user = email[:at_sign]
77 rest = email[at_sign+1:]
78 domain = rest.split('.')
80 # This means local, unqualified addresses, are no allowed
86 conflicts = Persons(self.api, [email])
87 for person_id, person in conflicts.iteritems():
88 if 'person_id' not in self or self['person_id'] != person_id:
89 raise PLCInvalidArgument, "E-mail address already in use"
93 def validate_password(self, password):
95 Encrypt password if necessary before committing to the
101 if len(password) > len(magic) and \
102 password[0:len(magic)] == magic:
105 # Generate a somewhat unique 8 character salt string
106 salt = str(time.time()) + str(Random().random())
107 salt = md5.md5(salt).hexdigest()[:8]
108 return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$")
110 def can_update(self, person):
112 Returns true if we can update the specified person. We can
115 1. We are the person.
117 3. We are a PI and the person is a user or tech or at
121 assert isinstance(person, Person)
123 if self['person_id'] == person['person_id']:
126 if 'admin' in self['roles']:
129 if 'pi' in self['roles']:
130 if set(self['site_ids']).intersection(person['site_ids']):
131 # Can update people with higher role IDs
132 return min(self['role_ids']) < min(person['role_ids'])
136 def can_view(self, person):
138 Returns true if we can view the specified person. We can
141 1. We are the person.
143 3. We are a PI and the person is at one of our sites.
146 assert isinstance(person, Person)
148 if self.can_update(person):
151 if 'pi' in self['roles']:
152 if set(self['site_ids']).intersection(person['site_ids']):
153 # Can view people with equal or higher role IDs
154 return min(self['role_ids']) <= min(person['role_ids'])
158 def add_role(self, role_id, commit = True):
160 Add role to existing account.
163 assert 'person_id' in self
165 person_id = self['person_id']
167 if role_id not in self['role_ids']:
168 self.api.db.do("INSERT INTO person_role (person_id, role_id)" \
169 " VALUES(%(person_id)d, %(role_id)d)",
175 self['role_ids'].append(role_id)
177 def remove_role(self, role_id, commit = True):
179 Remove role from existing account.
182 assert 'person_id' in self
184 person_id = self['person_id']
186 if role_id in self['role_ids']:
187 self.api.db.do("DELETE FROM person_role" \
188 " WHERE person_id = %(person_id)d" \
189 " AND role_id = %(role_id)d",
195 self['role_ids'].remove(role_id)
197 def add_key(self, key, commit = True):
199 Add key to existing account.
202 assert 'person_id' in self
203 assert isinstance(key, Key)
204 assert 'key_id' in key
206 person_id = self['person_id']
207 key_id = key['key_id']
209 if key_id not in self['key_ids']:
210 self.api.db.do("INSERT INTO person_key (person_id, key_id)" \
211 " VALUES(%(person_id)d, %(key_id)d)",
217 self['key_ids'].append(key_id)
219 def remove_key(self, key, commit = True):
221 Remove key from existing account.
224 assert 'person_id' in self
225 assert isinstance(key, Key)
226 assert 'key_id' in key
228 person_id = self['person_id']
229 key_id = key['key_id']
231 if key_id in self['key_ids']:
232 self.api.db.do("DELETE FROM person_key" \
233 " WHERE person_id = %(person_id)d" \
234 " AND key_id = %(key_id)d",
240 self['key_ids'].remove(key_id)
242 def set_primary_site(self, site, commit = True):
244 Set the primary site for an existing account.
247 assert 'person_id' in self
248 assert isinstance(site, PLC.Sites.Site)
249 assert 'site_id' in site
251 person_id = self['person_id']
252 site_id = site['site_id']
253 self.api.db.do("UPDATE person_site SET is_primary = False" \
254 " WHERE person_id = %(person_id)d",
256 self.api.db.do("UPDATE person_site SET is_primary = True" \
257 " WHERE person_id = %(person_id)d" \
258 " AND site_id = %(site_id)d",
264 assert 'site_ids' in self
265 assert site_id in self['site_ids']
267 # Make sure that the primary site is first in the list
268 self['site_ids'].remove(site_id)
269 self['site_ids'].insert(0, site_id)
271 def delete(self, commit = True):
273 Delete existing account.
277 keys = Keys(self.api, self['key_ids'])
278 for key in keys.values():
279 key.delete(commit = False)
281 # Clean up miscellaneous join tables
282 for table in ['person_role', 'person_site', 'slice_person']:
283 self.api.db.do("DELETE FROM %s" \
284 " WHERE person_id = %d" % \
285 (table, self['person_id']))
288 self['deleted'] = True
291 class Persons(Table):
293 Representation of row(s) from the persons table in the
294 database. Specify deleted and/or enabled to force a match on
295 whether a person is deleted and/or enabled. Default is to match on
296 non-deleted accounts.
299 def __init__(self, api, person_id_or_email_list = None, enabled = None):
302 sql = "SELECT %s FROM view_persons WHERE deleted IS False" % \
303 ", ".join(Person.fields)
305 if enabled is not None:
306 sql += " AND enabled IS %(enabled)s"
308 if person_id_or_email_list:
309 # Separate the list into integers and strings
310 person_ids = filter(lambda person_id: isinstance(person_id, (int, long)),
311 person_id_or_email_list)
312 emails = filter(lambda email: isinstance(email, StringTypes),
313 person_id_or_email_list)
316 sql += " OR person_id IN (%s)" % ", ".join(map(str, person_ids))
318 # Case insensitive e-mail address comparison
319 sql += " OR email IN (%s)" % ", ".join(api.db.quote(emails)).lower()
322 rows = self.api.db.selectall(sql, locals())
325 self[row['person_id']] = person = Person(api, row)
326 for aggregate in 'role_ids', 'roles', 'site_ids', 'key_ids', 'slice_ids':
327 if not person.has_key(aggregate) or person[aggregate] is None:
328 person[aggregate] = []
330 elements = person[aggregate].split(',')
332 person[aggregate] = map(int, elements)
334 person[aggregate] = elements