from django.shortcuts import render
from django.template.loader import render_to_string
-from unfold.loginrequired import FreeAccessView
+from unfold.loginrequired import LoginRequiredAutoLogoutView
from ui.topmenu import topmenu_items_live, the_user
from portal.event import Event
#from portal.util import RegistrationView, ActivationView
from portal.models import PendingUser, PendingSlice
-from portal.actions import get_request_by_authority
-from manifold.manifoldapi import execute_query
+from portal.actions import get_requests
+from manifoldapi.manifoldapi import execute_query
from manifold.core.query import Query
from unfold.page import Page
-class ValidatePendingView(FreeAccessView):
+from myslice.theme import ThemeView
+from myslice.settings import logger
+
+class ValidatePendingView(LoginRequiredAutoLogoutView, ThemeView):
template_name = "validate_pending.html"
def get_context_data(self, **kwargs):
+ pi = ""
# We might have slices on different registries with different user accounts
# We note that this portal could be specific to a given registry, to which we register users, but i'm not sure that simplifies things
# Different registries mean different identities, unless we identify via SFA HRN or have associated the user email to a single hrn
ctx_my_authorities = {}
ctx_delegation_authorities = {}
+ ctx_sub_authorities = {}
+ dest = {}
# The user need to be logged in
sfa_platforms_query = Query().get('local:platform').filter_by('gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type')
sfa_platforms = execute_query(self.request, sfa_platforms_query)
for sfa_platform in sfa_platforms:
- print "SFA PLATFORM > ", sfa_platform['platform']
+ logger.info("SFA PLATFORM > {}".format(sfa_platform['platform']))
if not 'auth_type' in sfa_platform:
continue
auth = sfa_platform['auth_type']
all_authorities.append(auth)
platform_ids.append(sfa_platform['platform_id'])
- print "W: Hardcoding platform myslice"
+ logger.warning("W: Hardcoding platform myslice")
# There has been a tweak on how new platforms are referencing a
# so-called 'myslice' platform for storing authentication tokens.
# XXX This has to be removed in final versions.
#print "=" * 80
for user_account in user_accounts:
- print "USER ACCOUNT", user_account
+ logger.debug("USER ACCOUNT {}".format(user_account))
if user_account['auth_type'] == 'reference':
continue # we hardcoded the myslice platform...
config = json.loads(user_account['config'])
creds = []
- print "CONFIG KEYS", config.keys()
+ logger.debug("CONFIG KEYS {}".format(config.keys()))
if 'authority_credentials' in config:
- print "***", config['authority_credentials'].keys()
+ logger.debug("*** AC {}".format(config['authority_credentials'].keys()))
for authority_hrn, credential in config['authority_credentials'].items():
#if credential is not expired:
credential_authorities.add(authority_hrn)
#else
# credential_authorities_expired.add(authority_hrn)
if 'delegated_authority_credentials' in config:
- print "***", config['delegated_authority_credentials'].keys()
+ logger.debug("*** DAC {}".format(config['delegated_authority_credentials'].keys()))
for authority_hrn, credential in config['delegated_authority_credentials'].items():
#if credential is not expired:
credential_authorities.add(authority_hrn)
#else
# credential_authorities_expired.add(authority_hrn)
- print 'credential_authorities =', credential_authorities
- print 'credential_authorities_expired =', credential_authorities_expired
+ logger.debug('credential_authorities = {}'.format(credential_authorities))
+ logger.debug('credential_authorities_expired = {}'.format(credential_authorities_expired))
+
+# # Using cache manifold-tables to get the list of authorities faster
+# all_authorities_query = Query.get('authority').select('name', 'authority_hrn')
+# all_authorities = execute_query(self.request, all_authorities_query)
# ** Where am I a PI **
# For this we need to ask SFA (of all authorities) = PI function
- pi_authorities_query = Query.get('user').filter_by('user_hrn', '==', '$user_hrn').select('pi_authorities')
+ pi_authorities_query = Query.get('myslice:user').filter_by('user_hrn', '==', '$user_hrn').select('pi_authorities')
pi_authorities_tmp = execute_query(self.request, pi_authorities_query)
pi_authorities = set()
- for pa in pi_authorities_tmp:
- pi_authorities |= set(pa['pi_authorities'])
-
- print "pi_authorities =", pi_authorities
+ try:
+ for pa in pi_authorities_tmp:
+ pi_authorities |= set(pa['pi_authorities'])
+ except Exception as e:
+ logger.error('No pi_authorities')
+# TODO: exception if no parent_authority
+# try:
+# for pa in pi_authorities_tmp:
+# pi_authorities |= set(pa['pi_authorities'])
+# except:
+
+
+# # include all sub-authorities of the PI
+# # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on...
+# pi_subauthorities = set()
+# for authority in all_authorities:
+# authority_hrn = authority['authority_hrn']
+# for my_authority in pi_authorities:
+# if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities:
+# pi_subauthorities.add(authority_hrn)
+
+ #print "pi_authorities =", pi_authorities
+ #print "pi_subauthorities =", pi_subauthorities
# My authorities + I have a credential
pi_credential_authorities = pi_authorities & credential_authorities
pi_delegation_credential_authorities = credential_authorities - pi_authorities
pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities
- print "pi_credential_authorities =", pi_credential_authorities
- print "pi_no_credential_authorities =", pi_no_credential_authorities
- print "pi_expired_credential_authorities =", pi_expired_credential_authorities
- print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities
- print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities
+ #print "pi_credential_authorities =", pi_credential_authorities
+ #print "pi_no_credential_authorities =", pi_no_credential_authorities
+ #print "pi_expired_credential_authorities =", pi_expired_credential_authorities
+ #print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities
+ #print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities
# Summary intermediary
pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities
pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities
- print "--"
- print "pi_my_authorities = ", pi_my_authorities
- print "pi_delegation_authorities = ", pi_delegation_authorities
+ #print "--"
+ #print "pi_my_authorities = ", pi_my_authorities
+ #print "pi_delegation_authorities = ", pi_delegation_authorities
+ #print "pi_subauthorities = ", pi_subauthorities
# Summary all
- queried_pending_authorities = pi_my_authorities | pi_delegation_authorities
- print "----"
- print "queried_pending_authorities = ", queried_pending_authorities
+ queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities
+ #print "----"
+ #print "queried_pending_authorities = ", queried_pending_authorities
- requests = get_request_by_authority(queried_pending_authorities)
+# iterate on the requests and check if the authority matches a prefix startswith an authority on which the user is PI
+ requests = get_requests()
+# requests = get_requests(queried_pending_authorities)
for request in requests:
auth_hrn = request['authority_hrn']
-
- if auth_hrn in pi_my_authorities:
- dest = ctx_my_authorities
-
- # define the css class
- if auth_hrn in pi_credential_authorities:
+ for my_auth in pi_my_authorities:
+ if auth_hrn.startswith(my_auth):
+ dest = ctx_my_authorities
request['allowed'] = 'allowed'
- elif auth_hrn in pi_expired_credential_authorities:
- request['allowed'] = 'expired'
- else: # pi_no_credential_authorities
- request['allowed'] = 'denied'
-
- elif auth_hrn in pi_delegation_authorities:
- dest = ctx_delegation_authorities
-
- if auth_hrn in pi_delegation_credential_authorities:
+ for my_auth in pi_delegation_authorities:
+ if auth_hrn.startswith(my_auth):
+ dest = ctx_delegation_authorities
request['allowed'] = 'allowed'
- else: # pi_delegation_expired_authorities
- request['allowed'] = 'expired'
-
- else:
- continue
+ if auth_hrn in pi_expired_credential_authorities:
+ request['allowed'] = 'expired'
+ if 'allowed' not in request:
+ request['allowed'] = 'denied'
+ #print "authority for this request", auth_hrn
+
+# if auth_hrn in pi_my_authorities:
+# dest = ctx_my_authorities
+#
+# # define the css class
+# if auth_hrn in pi_credential_authorities:
+# request['allowed'] = 'allowed'
+# elif auth_hrn in pi_expired_credential_authorities:
+# request['allowed'] = 'expired'
+# else: # pi_no_credential_authorities
+# request['allowed'] = 'denied'
+#
+# elif auth_hrn in pi_delegation_authorities:
+# dest = ctx_delegation_authorities
+#
+# if auth_hrn in pi_delegation_credential_authorities:
+# request['allowed'] = 'allowed'
+# else: # pi_delegation_expired_authorities
+# request['allowed'] = 'expired'
+#
+# elif auth_hrn in pi_subauthorities:
+# dest = ctx_sub_authorities
+#
+# if auth_hrn in pi_subauthorities:
+# request['allowed'] = 'allowed'
+# else: # pi_delegation_expired_authorities
+# request['allowed'] = 'denied'
+#
+# else:
+# continue
if not auth_hrn in dest:
dest[auth_hrn] = []
- dest[auth_hrn].append(request)
+ dest[auth_hrn].append(request)
context = super(ValidatePendingView, self).get_context_data(**kwargs)
+ logger.debug("testing")
+ logger.debug(ctx_my_authorities)
context['my_authorities'] = ctx_my_authorities
+ context['sub_authorities'] = ctx_sub_authorities
context['delegation_authorities'] = ctx_delegation_authorities
# XXX This is repeated in all pages
context['topmenu_items'] = topmenu_items_live('Validation', page)
# so we can sho who is logged
context['username'] = the_user(self.request)
-
+ context['pi'] = "is_pi"
+ context['theme'] = self.theme
+ context['section'] = "Requests"
# XXX We need to prepare the page for queries
#context.update(page.prelude_env())