X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FPersons.py;h=59ff6ddc2c14f4a855f28867e80a2e9ce09d65d0;hb=dbd0288d599d2cb6fecf1e9bf7b4d0705a641f7a;hp=d8e67a4f6053b00fffda88642e80f7de09818996;hpb=794eb39a9cda777c3f5401666cb1eea52e863c5c;p=plcapi.git diff --git a/PLC/Persons.py b/PLC/Persons.py index d8e67a4..59ff6dd 100644 --- a/PLC/Persons.py +++ b/PLC/Persons.py @@ -4,12 +4,13 @@ # Mark Huang # Copyright (C) 2006 The Trustees of Princeton University # -# $Id: Persons.py,v 1.29 2007/01/08 16:34:12 tmack Exp $ +# $Id$ +# $URL$ # from types import StringTypes from datetime import datetime -import md5 +import hashlib import time from random import Random import re @@ -17,12 +18,12 @@ import crypt from PLC.Faults import * from PLC.Debug import log -from PLC.Parameter import Parameter +from PLC.Parameter import Parameter, Mixed from PLC.Filter import Filter from PLC.Table import Row, Table +from PLC.Roles import Role, Roles from PLC.Keys import Key, Keys from PLC.Messages import Message, Messages -import PLC.Sites class Person(Row): """ @@ -33,9 +34,9 @@ class Person(Row): table_name = 'persons' primary_key = 'person_id' - join_tables = ['person_role', 'person_site', 'slice_person', 'person_session'] + join_tables = ['person_key', 'person_role', 'person_site', 'slice_person', 'person_session', 'peer_person'] fields = { - 'person_id': Parameter(int, "Account identifier"), + 'person_id': Parameter(int, "User identifier"), 'first_name': Parameter(str, "Given name", max = 128), 'last_name': Parameter(str, "Surname", max = 128), 'title': Parameter(str, "Title", max = 128, nullok = True), @@ -45,8 +46,8 @@ class Person(Row): 'bio': Parameter(str, "Biography", max = 254, nullok = True), 'enabled': Parameter(bool, "Has been enabled"), 'password': Parameter(str, "Account password in crypt() form", max = 254), - 'verification_key': Parameter(str, "Reset password key", max = 254), - 'verification_expires': Parameter(str, "Date/Time when verification_key expires", max = 254), + 'verification_key': Parameter(str, "Reset password key", max = 254, nullok = True), + 'verification_expires': Parameter(int, "Date and time when verification_key expires", nullok = True), 'last_updated': Parameter(int, "Date and time of last update", ro = True), 'date_created': Parameter(int, "Date and time when account was created", ro = True), 'role_ids': Parameter([int], "List of role identifiers"), @@ -54,22 +55,24 @@ class Person(Row): 'site_ids': Parameter([int], "List of site identifiers"), 'key_ids': Parameter([int], "List of key identifiers"), 'slice_ids': Parameter([int], "List of slice identifiers"), - 'peer_id': Parameter(int, "Peer at which this slice was created", nullok = True), + 'peer_id': Parameter(int, "Peer to which this user belongs", nullok = True), + 'peer_person_id': Parameter(int, "Foreign user identifier at peer", nullok = True), + 'person_tag_ids' : Parameter ([int], "List of tags attached to this person"), } - - # for Cache - class_key = 'email' - foreign_fields = ['first_name', 'last_name', 'title', 'email', 'phone', 'url', - 'bio', 'enabled', 'password', ] - # forget about these ones, they are read-only anyway - # handling them causes Cache to re-sync all over again - # 'last_updated', 'date_created' - foreign_xrefs = [ - {'field' : 'key_ids', 'class': 'Key', 'table' : 'person_key' } , - {'field' : 'site_ids', 'class': 'Site', 'table' : 'person_site'}, -# xxx this is not handled by Cache yet -# 'role_ids': Parameter([int], "List of role identifiers"), -] + related_fields = { + 'roles': [Mixed(Parameter(int, "Role identifier"), + Parameter(str, "Role name"))], + 'sites': [Mixed(Parameter(int, "Site identifier"), + Parameter(str, "Site name"))], + 'keys': [Mixed(Parameter(int, "Key identifier"), + Filter(Key.fields))], + 'slices': [Mixed(Parameter(int, "Slice identifier"), + Parameter(str, "Slice name"))] + } + view_tags_name = "view_person_tags" + # tags are used by the Add/Get/Update methods to expose tags + # this is initialized here and updated by the accessors factory + tags = { } def validate_email(self, email): """ @@ -77,30 +80,23 @@ class Person(Row): """ invalid_email = PLCInvalidArgument("Invalid e-mail address") - email_badchars = r'[][()<>|;^,\200-\377]' - # Pretty minimal, cheesy check. We could do better... - if not email or email.count(' ') > 0: - raise invalid_email - if re.search(email_badchars, email) or email[0] == '-': + if not email: raise invalid_email - email = email.lower() - at_sign = email.find('@') - if at_sign < 1: - raise invalid_email - user = email[:at_sign] - rest = email[at_sign+1:] - domain = rest.split('.') - - # This means local, unqualified addresses, are no allowed - if not domain: - raise invalid_email - if len(domain) < 2: + email_re = re.compile('\A[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9._\-]+\.[a-zA-Z]+\Z') + if not email_re.match(email): raise invalid_email - conflicts = Persons(self.api, [email]) - for person in conflicts: + # check only against users on the same peer + if 'peer_id' in self: + namespace_peer_id = self['peer_id'] + else: + namespace_peer_id = None + + conflicts = Persons(self.api, {'email':email,'peer_id':namespace_peer_id}) + + for person in conflicts: if 'person_id' not in self or self['person_id'] != person['person_id']: raise PLCInvalidArgument, "E-mail address already in use" @@ -120,15 +116,12 @@ class Person(Row): else: # Generate a somewhat unique 8 character salt string salt = str(time.time()) + str(Random().random()) - salt = md5.md5(salt).hexdigest()[:8] + salt = hashlib.md5(salt).hexdigest()[:8] return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$") - # timestamps - # verification_expires in the DB but not exposed here - def validate_date_created (self, timestamp): - return self.validate_timestamp (timestamp) - def validate_last_updated (self, timestamp): - return self.validate_timestamp (timestamp) + validate_date_created = Row.validate_timestamp + validate_last_updated = Row.validate_timestamp + validate_verification_expires = Row.validate_timestamp def can_update(self, person): """ @@ -151,8 +144,8 @@ class Person(Row): if 'pi' in self['roles']: if set(self['site_ids']).intersection(person['site_ids']): - # Can update people with higher role IDs - return min(self['role_ids']) < min(person['role_ids']) + # Can update person is neither a PI or ADMIN + return (not (('pi' in person['roles']) or ('admin' in person['roles']))) return False @@ -174,101 +167,22 @@ class Person(Row): if 'pi' in self['roles']: if set(self['site_ids']).intersection(person['site_ids']): # Can view people with equal or higher role IDs - return min(self['role_ids']) <= min(person['role_ids']) + return 'admin' not in person['roles'] return False - def add_role(self, role_id, commit = True): - """ - Add role to existing account. - """ - - assert 'person_id' in self - - person_id = self['person_id'] - - if role_id not in self['role_ids']: - self.api.db.do("INSERT INTO person_role (person_id, role_id)" \ - " VALUES(%(person_id)d, %(role_id)d)", - locals()) - - if commit: - self.api.db.commit() - - self['role_ids'].append(role_id) - - def remove_role(self, role_id, commit = True): - """ - Remove role from existing account. - """ - - assert 'person_id' in self - - person_id = self['person_id'] - - if role_id in self['role_ids']: - self.api.db.do("DELETE FROM person_role" \ - " WHERE person_id = %(person_id)d" \ - " AND role_id = %(role_id)d", - locals()) - - if commit: - self.api.db.commit() - - self['role_ids'].remove(role_id) - - def add_key(self, key, commit = True): - """ - Add key to existing account. - """ - - assert 'person_id' in self - assert isinstance(key, Key) - assert 'key_id' in key - - person_id = self['person_id'] - key_id = key['key_id'] - - if key_id not in self['key_ids']: - self.api.db.do("INSERT INTO person_key (person_id, key_id)" \ - " VALUES(%(person_id)d, %(key_id)d)", - locals()) - - if commit: - self.api.db.commit() - - self['key_ids'].append(key_id) - - def remove_key(self, key, commit = True): - """ - Remove key from existing account. - """ - - assert 'person_id' in self - assert isinstance(key, Key) - assert 'key_id' in key - - person_id = self['person_id'] - key_id = key['key_id'] - - if key_id in self['key_ids']: - self.api.db.do("DELETE FROM person_key" \ - " WHERE person_id = %(person_id)d" \ - " AND key_id = %(key_id)d", - locals()) + add_role = Row.add_object(Role, 'person_role') + remove_role = Row.remove_object(Role, 'person_role') - if commit: - self.api.db.commit() - - self['key_ids'].remove(key_id) + add_key = Row.add_object(Key, 'person_key') + remove_key = Row.remove_object(Key, 'person_key') def set_primary_site(self, site, commit = True): """ - Set the primary site for an existing account. + Set the primary site for an existing user. """ assert 'person_id' in self - assert isinstance(site, PLC.Sites.Site) assert 'site_id' in site person_id = self['person_id'] @@ -291,74 +205,147 @@ class Person(Row): self['site_ids'].remove(site_id) self['site_ids'].insert(0, site_id) - def send_initiate_password_reset_email(self): - # email user next step instructions - to_addr = {} - to_addr[self['email']] = "%s %s" % \ - (self['first_name'], self['last_name']) - from_addr = {} - from_addr[self.api.config.PLC_MAIL_SUPPORT_ADDRESS] = \ - "%s %s" % ('Planetlab', 'Support') - - # fill in template - messages = Messages(self.api, ['ASSWORD_RESET_INITIATE']) - if not messages: - print >> log, "No such message template" - return 1 - - message = messages[0] - subject = message['subject'] - template = message['template'] % \ - (self.api.config.PLC_WWW_HOST, - self['verification_key'], self['person_id'], - self.api.config.PLC_MAIL_SUPPORT_ADDRESS, - self.api.config.PLC_WWW_HOST) - - self.api.mailer.mail(to_addr, None, from_addr, subject, template) - - def send_account_registered_email(self, site): + def update_last_updated(self, commit = True): + """ + Update last_updated field with current time + """ + + assert 'person_id' in self + assert self.table_name + + self.api.db.do("UPDATE %s SET last_updated = CURRENT_TIMESTAMP " % (self.table_name) + \ + " where person_id = %d" % (self['person_id']) ) + self.sync(commit) + + def associate_roles(self, auth, field, value): + """ + Adds roles found in value list to this person (using AddRoleToPerson). + Deletes roles not found in value list from this person (using DeleteRoleFromPerson). + """ + + assert 'role_ids' in self + assert 'person_id' in self + assert isinstance(value, list) + + (role_ids, role_names) = self.separate_types(value)[0:2] + + # Translate roles into role_ids + if role_names: + roles = Roles(self.api, role_names).dict('role_id') + role_ids += roles.keys() + + # Add new ids, remove stale ids + if self['role_ids'] != role_ids: + from PLC.Methods.AddRoleToPerson import AddRoleToPerson + from PLC.Methods.DeleteRoleFromPerson import DeleteRoleFromPerson + new_roles = set(role_ids).difference(self['role_ids']) + stale_roles = set(self['role_ids']).difference(role_ids) + + for new_role in new_roles: + AddRoleToPerson.__call__(AddRoleToPerson(self.api), auth, new_role, self['person_id']) + for stale_role in stale_roles: + DeleteRoleFromPerson.__call__(DeleteRoleFromPerson(self.api), auth, stale_role, self['person_id']) + + + def associate_sites(self, auth, field, value): + """ + Adds person to sites found in value list (using AddPersonToSite). + Deletes person from site not found in value list (using DeletePersonFromSite). + """ + + from PLC.Sites import Sites + + assert 'site_ids' in self + assert 'person_id' in self + assert isinstance(value, list) + + (site_ids, site_names) = self.separate_types(value)[0:2] + + # Translate roles into role_ids + if site_names: + sites = Sites(self.api, site_names, ['site_id']).dict('site_id') + site_ids += sites.keys() + + # Add new ids, remove stale ids + if self['site_ids'] != site_ids: + from PLC.Methods.AddPersonToSite import AddPersonToSite + from PLC.Methods.DeletePersonFromSite import DeletePersonFromSite + new_sites = set(site_ids).difference(self['site_ids']) + stale_sites = set(self['site_ids']).difference(site_ids) + + for new_site in new_sites: + AddPersonToSite.__call__(AddPersonToSite(self.api), auth, self['person_id'], new_site) + for stale_site in stale_sites: + DeletePersonFromSite.__call__(DeletePersonFromSite(self.api), auth, self['person_id'], stale_site) + + + def associate_keys(self, auth, field, value): + """ + Deletes key_ids not found in value list (using DeleteKey). + Adds key if key_fields w/o key_id is found (using AddPersonKey). + Updates key if key_fields w/ key_id is found (using UpdateKey). + """ + assert 'key_ids' in self + assert 'person_id' in self + assert isinstance(value, list) + + (key_ids, blank, keys) = self.separate_types(value) + + if self['key_ids'] != key_ids: + from PLC.Methods.DeleteKey import DeleteKey + stale_keys = set(self['key_ids']).difference(key_ids) - to_addr = {} - cc_addr = {} - from_addr = {} - from_addr[self.api.config.PLC_MAIL_SUPPORT_ADDRESS] = \ - "%s %s" % ('Planetlab', 'Support') - - # email user - user_full_name = "%s %s" % (self['first_name'], self['last_name']) - to_addr[self['email']] = "%s" % user_full_name - - # if the account had a admin role or a pi role, email support. - if set(['admin', 'pi']).intersection(self['roles']): - to_addr[self.api.config.PLC_MAIL_SUPPORT_ADDRESS] = \ - "%s %s" % ('Planetlab', 'Support') + for stale_key in stale_keys: + DeleteKey.__call__(DeleteKey(self.api), auth, stale_key) + + if keys: + from PLC.Methods.AddPersonKey import AddPersonKey + from PLC.Methods.UpdateKey import UpdateKey + updated_keys = filter(lambda key: 'key_id' in key, keys) + added_keys = filter(lambda key: 'key_id' not in key, keys) + + for key in added_keys: + AddPersonKey.__call__(AddPersonKey(self.api), auth, self['person_id'], key) + for key in updated_keys: + key_id = key.pop('key_id') + UpdateKey.__call__(UpdateKey(self.api), auth, key_id, key) + - # cc site pi's - site_persons = Persons(self.api, site['person_ids']) - for person in site_persons: - if 'pi' in person['roles'] and not person['email'] in to_addr.keys(): - cc_addr[person['email']] = "%s %s" % \ - (person['first_name'], person['last_name']) - - # fill in template - messages = Messages(self.api, ['ACCOUNT_REGISTERED']) - if not messages: - print >> log, "No such message template" - return 1 - - message = messages[0] - subject = message['subject'] % (user_full_name, site['name']) - template = message['template'] % \ - (user_full_name, site['name'], ", ".join(self['roles']), - self.api.config.PLC_WWW_HOST, self['person_id'], - self.api.config.PLC_MAIL_SUPPORT_ADDRESS, - self.api.config.PLC_WWW_HOST) - - self.api.mailer.mail(to_addr, cc_addr, from_addr, subject, template) + def associate_slices(self, auth, field, value): + """ + Adds person to slices found in value list (using AddPersonToSlice). + Deletes person from slices found in value list (using DeletePersonFromSlice). + """ + + from PLC.Slices import Slices + + assert 'slice_ids' in self + assert 'person_id' in self + assert isinstance(value, list) + + (slice_ids, slice_names) = self.separate_types(value)[0:2] + + # Translate roles into role_ids + if slice_names: + slices = Slices(self.api, slice_names, ['slice_id']).dict('slice_id') + slice_ids += slices.keys() + + # Add new ids, remove stale ids + if self['slice_ids'] != slice_ids: + from PLC.Methods.AddPersonToSlice import AddPersonToSlice + from PLC.Methods.DeletePersonFromSlice import DeletePersonFromSlice + new_slices = set(slice_ids).difference(self['slice_ids']) + stale_slices = set(self['slice_ids']).difference(slice_ids) + + for new_slice in new_slices: + AddPersonToSlice.__call__(AddPersonToSlice(self.api), auth, self['person_id'], new_slice) + for stale_slice in stale_slices: + DeletePersonFromSlice.__call__(DeletePersonFromSlice(self.api), auth, self['person_id'], stale_slice) + def delete(self, commit = True): """ - Delete existing account. + Delete existing user. """ # Delete all keys @@ -384,8 +371,13 @@ class Persons(Table): def __init__(self, api, person_filter = None, columns = None): Table.__init__(self, api, Person, columns) - sql = "SELECT %s FROM view_persons WHERE deleted IS False" % \ - ", ".join(self.columns) + view = "view_persons" + for tagname in self.tag_columns: + view= "%s left join %s using (%s)"%(view,Person.tagvalue_view_name(tagname), + Person.primary_key) + + sql = "SELECT %s FROM %s WHERE deleted IS False" % \ + (", ".join(self.columns.keys()+self.tag_columns.keys()),view) if person_filter is not None: if isinstance(person_filter, (list, tuple, set)): @@ -393,8 +385,17 @@ class Persons(Table): ints = filter(lambda x: isinstance(x, (int, long)), person_filter) strs = filter(lambda x: isinstance(x, StringTypes), person_filter) person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs}) - sql += " AND (%s)" % person_filter.sql(api, "OR") + sql += " AND (%s) %s" % person_filter.sql(api, "OR") elif isinstance(person_filter, dict): person_filter = Filter(Person.fields, person_filter) - sql += " AND (%s)" % person_filter.sql(api, "AND") + sql += " AND (%s) %s" % person_filter.sql(api, "AND") + elif isinstance (person_filter, StringTypes): + person_filter = Filter(Person.fields, {'email':[person_filter]}) + sql += " AND (%s) %s" % person_filter.sql(api, "AND") + elif isinstance (person_filter, int): + person_filter = Filter(Person.fields, {'person_id':[person_filter]}) + sql += " AND (%s) %s" % person_filter.sql(api, "AND") + else: + raise PLCInvalidArgument, "Wrong person filter %r"%person_filter + self.selectall(sql)