git://git.onelab.eu / plstackapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
observer_disabled was not being imported into core/models/user.py
[plstackapi.git] / planetstack / core / models / user.py
diff --git a/planetstack/core/models/user.py b/planetstack/core/models/user.py
index 9a62e34..1b3be29 100644 (file)
--- a/planetstack/core/models/user.py
+++ b/planetstack/core/models/user.py
@@ -3,7 +3,7 @@ import datetime
 from collections import defaultdict
 from django.db import models
 from django.db.models import F, Q
 from collections import defaultdict
 from django.db import models
 from django.db.models import F, Q
-from core.models import PlCoreBase,Site, DashboardView
+from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
 from core.models.site import Deployment
 from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
 from timezones.fields import TimeZoneField
 from core.models.site import Deployment
 from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
 from timezones.fields import TimeZoneField
@@ -11,6 +11,21 @@ from operator import itemgetter, attrgetter
 from django.core.mail import EmailMultiAlternatives
 from core.middleware import get_request
 import model_policy
 from django.core.mail import EmailMultiAlternatives
 from core.middleware import get_request
 import model_policy
+from django.core.exceptions import PermissionDenied
+
+# ------ from plcorebase.py ------
+try:
+    # This is a no-op if observer_disabled is set to 1 in the config file
+    from observer import *
+except:
+    print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
+    import traceback
+    traceback.print_exc()
+
+    # guard against something failing
+    def notify_observer(*args, **kwargs):
+        pass
+# ------ ------
 
 # Create your models here.
 class UserManager(BaseUserManager):
 
 # Create your models here.
 class UserManager(BaseUserManager):
@@ -55,7 +70,7 @@ class DeletedUserManager(UserManager):
     def get_query_set(self):
         return self.get_queryset()
 
     def get_query_set(self):
         return self.get_queryset()
 
-class User(AbstractBaseUser):
+class User(AbstractBaseUser, DiffModelMixIn):
 
     class Meta:
         app_label = "core"
 
     class Meta:
         app_label = "core"
@@ -99,6 +114,13 @@ class User(AbstractBaseUser):
     USERNAME_FIELD = 'email'
     REQUIRED_FIELDS = ['firstname', 'lastname']
 
     USERNAME_FIELD = 'email'
     REQUIRED_FIELDS = ['firstname', 'lastname']
 
+    PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
+    USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
+
+    def __init__(self, *args, **kwargs):
+        super(User, self).__init__(*args, **kwargs)
+        self._initial = self._dict # for DiffModelMixIn
+
     def isReadOnlyUser(self):
         return self.is_readonly
 
     def isReadOnlyUser(self):
         return self.is_readonly
 
@@ -182,6 +204,8 @@ class User(AbstractBaseUser):
         self.username = self.email
         super(User, self).save(*args, **kwds)
 
         self.username = self.email
         super(User, self).save(*args, **kwds)
 
+        self._initial = self._dict
+
     def send_temporary_password(self):
         password = User.objects.make_random_password()
         self.set_password(password)\r
     def send_temporary_password(self):
         password = User.objects.make_random_password()
         self.set_password(password)\r
@@ -193,6 +217,31 @@ class User(AbstractBaseUser):
         msg.attach_alternative(html_content, "text/html")\r
         msg.send()
 
         msg.attach_alternative(html_content, "text/html")\r
         msg.send()
 
+    def can_update(self, user):
+        from core.models import SitePrivilege
+        _cant_update_fieldName = None
+        if user.is_readonly:
+            return False
+        if user.is_admin:
+            return True
+        # site pis can update
+        site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+        for site_priv in site_privs:
+            if site_priv.role.role == 'pi':
+                for fieldName in self.diff.keys():
+                    if fieldName in self.PI_FORBIDDEN_FIELDS:
+                        _cant_update_fieldName = fieldName
+                        return False
+                return True
+        if (user.id == self.id):
+            for fieldName in self.diff.keys():
+                if fieldName in self.USER_FORBIDDEN_FIELDS:
+                    _cant_update_fieldName = fieldName
+                    return False
+            return True
+
+        return False
+
     @staticmethod
     def select_by_user(user):
         if user.is_admin:
     @staticmethod
     def select_by_user(user):
         if user.is_admin:
@@ -208,6 +257,20 @@ class User(AbstractBaseUser):
             qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
         return qs
 
             qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
         return qs
 
+    def save_by_user(self, user, *args, **kwds):
+        if not self.can_update(user):
+            if getattr(self, "_cant_update_fieldName", None) is not None:
+                raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
+            else:
+                raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+
+        self.save(*args, **kwds)
+
+    def delete_by_user(self, user, *args, **kwds):
+        if not self.can_update(user):
+            raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+        self.delete(*args, **kwds)
+
 class UserDashboardView(PlCoreBase):
      user = models.ForeignKey(User, related_name="dashboardViews")
      dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews")
 class UserDashboardView(PlCoreBase):
      user = models.ForeignKey(User, related_name="dashboardViews")
      dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews")
plstackapi