manage institution: hide slices, show only in projects
[myslice.git] / portal / managementtabrequests.py
1 import json
2
3 from django.template                 import RequestContext
4 from django.shortcuts                import render_to_response
5
6 from manifold.core.query             import Query, AnalyzedQuery
7 from manifoldapi.manifoldapi         import execute_query
8
9 from django.views.generic.base      import TemplateView
10
11 from unfold.loginrequired           import LoginRequiredView
12 from unfold.page                    import Page
13
14 from django.http                    import HttpResponse
15 from django.shortcuts               import render
16
17 from manifold.core.query            import Query, AnalyzedQuery
18 from manifoldapi.manifoldapi        import execute_query
19
20 from portal.actions                 import get_requests
21
22 from myslice.theme import ThemeView
23 from myslice.settings import logger
24
25 class ManagementRequestsView (LoginRequiredView, ThemeView):
26     template_name = "management-tab-requests.html"
27     
28     def get_context_data(self, **kwargs):
29        
30         ctx_my_authorities = {}
31         ctx_delegation_authorities = {}
32         ctx_sub_authorities = {}
33         dest = {}
34
35
36         # The user need to be logged in
37         if (self.request.user):
38            
39             user_query = Query().get('local:user').filter_by('email', '==', self.request.user.email).select('user_id')
40             user, = execute_query(self.request, user_query)
41             user_id = user['user_id']
42
43             # Query manifold to learn about available SFA platforms for more information
44             # In general we will at least have the portal
45             # For now we are considering all registries
46             all_authorities = []
47             platform_ids = []
48             sfa_platforms_query = Query().get('local:platform').filter_by('gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type')
49             sfa_platforms = execute_query(self.request, sfa_platforms_query)
50             for sfa_platform in sfa_platforms:
51                 logger.info("SFA PLATFORM > {}".format(sfa_platform['platform']))
52                 if not 'auth_type' in sfa_platform:
53                     continue
54                 auth = sfa_platform['auth_type']
55                 if not auth in all_authorities:
56                     all_authorities.append(auth)
57                 platform_ids.append(sfa_platform['platform_id'])
58
59             logger.warning("W: Hardcoding platform myslice")
60             # There has been a tweak on how new platforms are referencing a
61             # so-called 'myslice' platform for storing authentication tokens.
62             # XXX This has to be removed in final versions.
63             myslice_platforms_query = Query().get('local:platform').filter_by('platform', '==', 'myslice').select('platform_id')
64             myslice_platforms = execute_query(self.request, myslice_platforms_query)
65             if myslice_platforms:
66                 myslice_platform, = myslice_platforms
67                 platform_ids.append(myslice_platform['platform_id'])
68
69             # We can check on which the user has authoritity credentials = PI rights
70             credential_authorities = set()
71             credential_authorities_expired = set()
72
73             # User account on these registries
74             user_accounts_query = Query.get('local:account').filter_by('user_id', '==', user_id).filter_by('platform_id', 'included', platform_ids).select('auth_type', 'config')
75             user_accounts = execute_query(self.request, user_accounts_query)
76             
77             for user_account in user_accounts:
78
79                 if user_account['auth_type'] == 'reference':
80                     continue # we hardcoded the myslice platform...
81
82                 config = json.loads(user_account['config'])
83                 creds = []
84                 if 'authority_credentials' in config:
85                     for authority_hrn, credential in config['authority_credentials'].items():
86                         credential_authorities.add(authority_hrn)
87                 if 'delegated_authority_credentials' in config:
88                     for authority_hrn, credential in config['delegated_authority_credentials'].items():
89                         credential_authorities.add(authority_hrn)
90
91             # CACHE PB with fields
92             page = Page(self.request)
93             metadata = page.get_metadata()
94             user_md = metadata.details_by_object('user')
95             user_fields = [column['name'] for column in user_md['column']]
96
97             # ** Where am I a PI **
98             # For this we need to ask SFA (of all authorities) = PI function
99             pi_authorities_query = Query.get('myslice:user').filter_by('user_hrn', '==', '$user_hrn').select(user_fields)
100             pi_authorities_tmp = execute_query(self.request, pi_authorities_query)
101             pi_authorities = set()
102             try:
103                 for pa in pi_authorities_tmp:
104                     pi_authorities |= set(pa['pi_authorities'])
105             except Exception as e:
106                 logger.error('No pi_authorities')
107
108             pi_credential_authorities = pi_authorities & credential_authorities
109             pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
110             pi_expired_credential_authorities = pi_authorities & credential_authorities_expired
111             # Authorities I've been delegated PI rights
112             pi_delegation_credential_authorities = credential_authorities - pi_authorities
113             pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities
114
115             # Summary intermediary
116             pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities
117             pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities
118
119             # Summary all
120             queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities
121
122             # iterate on the requests and check if the authority matches a prefix 
123             # startswith an authority on which the user is PI
124             if len(pi_my_authorities)>0:
125                 requests = get_requests(pi_my_authorities)
126             else:
127                 requests = get_requests()
128             for r in requests:
129                 auth_hrn = r['authority_hrn']
130                 for my_auth in pi_my_authorities: 
131                     if auth_hrn.startswith(my_auth):
132                         dest = ctx_my_authorities
133                         r['allowed'] = 'allowed'
134
135                 #for my_auth in pi_delegation_authorities:
136                 #    if auth_hrn.startswith(my_auth):
137                 #        dest = ctx_delegation_authorities
138                 #        r['allowed'] = 'allowed'
139                 if auth_hrn in pi_expired_credential_authorities:
140                     r['allowed'] = 'expired'
141                 if 'allowed' not in r:
142                     ## TEMP FIX for allowing new authority registration
143                     #r['allowed'] = 'denied'
144                     r['allowed'] = 'allowed'
145
146                 if not auth_hrn in dest:
147                     dest[auth_hrn] = []
148                 dest[auth_hrn].append(r)
149                 
150               
151 #         env = {}
152 #         env['my_authorities']   = ctx_my_authorities
153 #         env['sub_authorities']   = ctx_sub_authorities
154 #         env['delegation_authorities'] = ctx_delegation_authorities
155
156 #         # XXX This is repeated in all pages
157 #         # more general variables expected in the template
158 #         # the menu items on the top
159 #         #env['topmenu_items'] = topmenu_items_live('Validation', page) 
160 #         # so we can sho who is logged
161 #         env['username'] = request.user
162 #         env['pi'] = "is_pi"       
163 #         env['theme'] = self.theme
164 #         env['section'] = "Requests"
165         
166         context = super(ManagementRequestsView, self).get_context_data(**kwargs)
167         
168             
169         context['my_authorities']   = ctx_my_authorities
170         context['sub_authorities']   = ctx_sub_authorities
171         context['delegation_authorities'] = ctx_delegation_authorities
172
173         # XXX This is repeated in all pages
174         # more general variables expected in the template
175         context['title'] = 'Test view that combines various plugins'
176         # the menu items on the top
177         #context['topmenu_items'] = topmenu_items_live('Validation', page) 
178         # so we can sho who is logged
179         context['username'] = self.request.user 
180         context['pi'] = "is_pi"       
181         context['theme'] = self.theme
182         context['section'] = "Requests"
183         # XXX We need to prepare the page for queries
184         #context.update(page.prelude_env())
185
186         return context
187     
188         #return render_to_response(self.template, env, context_instance=RequestContext(request))