+ self._initial = self._dict
+
+ def send_temporary_password(self):
+ password = User.objects.make_random_password()
+ self.set_password(password)\r
+ subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)\r
+ text_content = 'This is an important message.'\r
+ userUrl="http://%s/" % get_request().get_host()\r
+ html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""\r
+ msg = EmailMultiAlternatives(subject,text_content, from_email, [to])\r
+ msg.attach_alternative(html_content, "text/html")\r
+ msg.send()
+
+ def can_update(self, user):
+ from core.models import SitePrivilege
+ _cant_update_fieldName = None
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ # site pis can update
+ site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
+ for site_priv in site_privs:
+ if site_priv.role.role == 'pi':
+ for fieldName in self.diff.keys():
+ if fieldName in self.PI_FORBIDDEN_FIELDS:
+ _cant_update_fieldName = fieldName
+ return False
+ return True
+ if (user.id == self.id):
+ for fieldName in self.diff.keys():
+ if fieldName in self.USER_FORBIDDEN_FIELDS:
+ _cant_update_fieldName = fieldName
+ return False
+ return True
+
+ return False
+
+ @staticmethod
+ def select_by_user(user):
+ if user.is_admin:
+ qs = User.objects.all()
+ else:
+ # can see all users at any site where this user has pi role
+ from core.models.site import SitePrivilege
+ site_privs = SitePrivilege.objects.filter(user=user)
+ sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
+ # get site privs of users at these sites
+ site_privs = SitePrivilege.objects.filter(site__in=sites)
+ user_ids = [sp.user.id for sp in site_privs] + [user.id]
+ qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
+ return qs
+
+ def save_by_user(self, user, *args, **kwds):
+ if not self.can_update(user):
+ if getattr(self, "_cant_update_fieldName", None) is not None:
+ raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
+ else:
+ raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
+
+ self.save(*args, **kwds)
+
+ def delete_by_user(self, user, *args, **kwds):
+ if not self.can_update(user):
+ raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
+ self.delete(*args, **kwds)