+import json
+
from django.template import RequestContext
from django.shortcuts import render_to_response
from django.views.generic.base import TemplateView
from unfold.loginrequired import LoginRequiredView
+from unfold.page import Page
+
from django.http import HttpResponse
from django.shortcuts import render
from portal.actions import get_requests
from myslice.theme import ThemeView
-
-import json
+from myslice.settings import logger
class ManagementRequestsView (LoginRequiredView, ThemeView):
template_name = "management-tab-requests.html"
sfa_platforms_query = Query().get('local:platform').filter_by('gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type')
sfa_platforms = execute_query(self.request, sfa_platforms_query)
for sfa_platform in sfa_platforms:
- print "SFA PLATFORM > ", sfa_platform['platform']
+ logger.info("SFA PLATFORM > {}".format(sfa_platform['platform']))
if not 'auth_type' in sfa_platform:
continue
auth = sfa_platform['auth_type']
all_authorities.append(auth)
platform_ids.append(sfa_platform['platform_id'])
- print "W: Hardcoding platform myslice"
+ logger.warning("W: Hardcoding platform myslice")
# There has been a tweak on how new platforms are referencing a
# so-called 'myslice' platform for storing authentication tokens.
# XXX This has to be removed in final versions.
for user_account in user_accounts:
- print "USER ACCOUNT", user_account
if user_account['auth_type'] == 'reference':
continue # we hardcoded the myslice platform...
config = json.loads(user_account['config'])
creds = []
- print "CONFIG KEYS", config.keys()
if 'authority_credentials' in config:
- print "***", config['authority_credentials'].keys()
for authority_hrn, credential in config['authority_credentials'].items():
credential_authorities.add(authority_hrn)
if 'delegated_authority_credentials' in config:
- print "***", config['delegated_authority_credentials'].keys()
for authority_hrn, credential in config['delegated_authority_credentials'].items():
credential_authorities.add(authority_hrn)
- print 'credential_authorities =', credential_authorities
- print 'credential_authorities_expired =', credential_authorities_expired
+ # CACHE PB with fields
+ page = Page(self.request)
+ metadata = page.get_metadata()
+ user_md = metadata.details_by_object('user')
+ user_fields = [column['name'] for column in user_md['column']]
# ** Where am I a PI **
# For this we need to ask SFA (of all authorities) = PI function
- pi_authorities_query = Query.get('user').filter_by('user_hrn', '==', '$user_hrn').select('pi_authorities')
+ pi_authorities_query = Query.get('myslice:user').filter_by('user_hrn', '==', '$user_hrn').select(user_fields)
pi_authorities_tmp = execute_query(self.request, pi_authorities_query)
pi_authorities = set()
try:
for pa in pi_authorities_tmp:
pi_authorities |= set(pa['pi_authorities'])
- except:
- print 'No pi_authorities'
+ except Exception as e:
+ logger.error('No pi_authorities')
pi_credential_authorities = pi_authorities & credential_authorities
pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
# iterate on the requests and check if the authority matches a prefix
# startswith an authority on which the user is PI
- requests = get_requests()
+ if len(pi_my_authorities)>0:
+ requests = get_requests(pi_my_authorities)
+ else:
+ requests = get_requests()
for r in requests:
auth_hrn = r['authority_hrn']
for my_auth in pi_my_authorities:
if auth_hrn.startswith(my_auth):
dest = ctx_my_authorities
r['allowed'] = 'allowed'
- for my_auth in pi_delegation_authorities:
- if auth_hrn.startswith(my_auth):
- dest = ctx_delegation_authorities
- r['allowed'] = 'allowed'
+
+ #for my_auth in pi_delegation_authorities:
+ # if auth_hrn.startswith(my_auth):
+ # dest = ctx_delegation_authorities
+ # r['allowed'] = 'allowed'
if auth_hrn in pi_expired_credential_authorities:
r['allowed'] = 'expired'
if 'allowed' not in r: