X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FMethods%2FGetPersons.py;h=e48db7bef1b10d58447caca362bd8ef14d57785e;hb=a4b9f5d6a624c5d5b9c459bba26d07c7fe196094;hp=1ab08c27f0f0e69e7a8f9652457f13c0d3d5853f;hpb=c8005424dcfa9e09275402d6e8bacbc989e92174;p=plcapi.git diff --git a/PLC/Methods/GetPersons.py b/PLC/Methods/GetPersons.py index 1ab08c2..e48db7b 100644 --- a/PLC/Methods/GetPersons.py +++ b/PLC/Methods/GetPersons.py @@ -1,54 +1,84 @@ from PLC.Faults import * from PLC.Method import Method from PLC.Parameter import Parameter, Mixed +from PLC.Filter import Filter from PLC.Persons import Person, Persons -from PLC.Auth import PasswordAuth +from PLC.Sites import Site, Sites +from PLC.Auth import Auth + +hidden_fields = ['password', 'verification_key', 'verification_expires'] class GetPersons(Method): """ - Return an array of structs containing details about accounts. If - person_id_or_email_list is specified, only the specified accounts - will be queried. + Returns an array of structs containing details about users. If + person_filter is specified and is an array of user identifiers or + usernames, or a struct of user attributes, only users matching the + filter will be returned. If return_fields is specified, only the + specified details will be returned. Users and techs may only retrieve details about themselves. PIs may retrieve details about themselves and others at their - sites. Admins may retrieve details about all accounts. + sites. Admins and nodes may retrieve details about all accounts. """ - roles = ['admin', 'pi', 'user', 'tech'] + roles = ['admin', 'pi', 'user', 'tech', 'node'] accepts = [ - PasswordAuth(), - [Mixed(Person.fields['person_id'], - Person.fields['email'])], - Parameter([str], 'List of fields to return') + Auth(), + Mixed([Mixed(Person.fields['person_id'], + Person.fields['email'])], + Filter(Person.fields)), + Parameter([str], "List of fields to return", nullok = True) ] # Filter out password field - can_return = lambda (field, value): field not in ['password'] - return_fields = dict(filter(can_return, Person.fields.items())) + return_fields = dict(filter(lambda (field, value): field not in hidden_fields, + Person.fields.items())) returns = [return_fields] - - def call(self, auth, person_id_or_email_list = None): + + def call(self, auth, person_filter = None, return_fields = None): # If we are not admin, make sure to only return viewable accounts - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: # Get accounts that we are able to view valid_person_ids = [self.caller['person_id']] if 'pi' in self.caller['roles'] and self.caller['site_ids']: - sites = Sites(self.api, self.caller['site_ids']).values() + sites = Sites(self.api, self.caller['site_ids']) for site in sites: valid_person_ids += site['person_ids'] if not valid_person_ids: return [] - if not person_id_or_email_list: - person_id_or_email_list = valid_person_ids + if person_filter is None: + person_filter = valid_person_ids + + # Filter out password field + if return_fields: + return_fields = filter(lambda field: field not in hidden_fields, + return_fields) + else: + return_fields = self.return_fields.keys() - persons = Persons(self.api, person_id_or_email_list).values() + # Must query at least person_id, site_ids, and role_ids (see + # Person.can_view() and below). + if return_fields is not None: + added_fields = set(['person_id', 'site_ids', 'role_ids']).difference(return_fields) + return_fields += added_fields + else: + added_fields = [] + + persons = Persons(self.api, person_filter, return_fields) # Filter out accounts that are not viewable - if 'admin' not in self.caller['roles']: + if isinstance(self.caller, Person) and \ + 'admin' not in self.caller['roles']: persons = filter(self.caller.can_view, persons) + # Remove added fields if not specified + if added_fields: + for person in persons: + for field in added_fields: + del person[field] + return persons