X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FPersons.py;h=8cd2856a0a238997d7d0b6f18bcdc0216b13c659;hb=e70e20fdbececafef842ec7b330fd48db42e614e;hp=27e8da81f1bc5ca7eae80fa85a1b0d18faafbd4a;hpb=3d52c346ea0b7eb846e02702f51edd3e01c4e163;p=plcapi.git

diff --git a/PLC/Persons.py b/PLC/Persons.py
index 27e8da8..8cd2856 100644
--- a/PLC/Persons.py
+++ b/PLC/Persons.py
@@ -4,104 +4,98 @@
 # Mark Huang <mlhuang@cs.princeton.edu>
 # Copyright (C) 2006 The Trustees of Princeton University
 #
-# $Id: Persons.py,v 1.1 2006/09/06 15:36:07 mlhuang Exp $
-#
 
 from types import StringTypes
-from datetime import datetime
-import md5
+try:
+    from hashlib import md5
+except ImportError:
+    from md5 import md5
 import time
 from random import Random
 import re
+import crypt
 
 from PLC.Faults import *
-from PLC.Parameter import Parameter
-from PLC.Debug import profile
+from PLC.Parameter import Parameter, Mixed
+from PLC.Filter import Filter
 from PLC.Table import Row, Table
-from PLC.Roles import Roles
-from PLC.Addresses import Address, Addresses
+from PLC.Roles import Role, Roles
 from PLC.Keys import Key, Keys
-from PLC import md5crypt
-import PLC.Sites
+from PLC.Messages import Message, Messages
 
 class Person(Row):
     """
     Representation of a row in the persons table. To use, optionally
     instantiate with a dict of values. Update as you would a
-    dict. Commit to the database with flush().
+    dict. Commit to the database with sync().
     """
 
+    table_name = 'persons'
+    primary_key = 'person_id'
+    join_tables = ['person_key', 'person_role', 'person_site', 'slice_person', 'person_session', 'peer_person']
     fields = {
-        'person_id': Parameter(int, "Account identifier"),
-        'first_name': Parameter(str, "Given name"),
-        'last_name': Parameter(str, "Surname"),
-        'title': Parameter(str, "Title"),
-        'email': Parameter(str, "Primary e-mail address"),
-        'phone': Parameter(str, "Telephone number"),
-        'url': Parameter(str, "Home page"),
-        'bio': Parameter(str, "Biography"),
-        'accepted_aup': Parameter(bool, "Has accepted the AUP"),
+        'person_id': Parameter(int, "User identifier"),
+        'first_name': Parameter(str, "Given name", max = 128),
+        'last_name': Parameter(str, "Surname", max = 128),
+        'title': Parameter(str, "Title", max = 128, nullok = True),
+        'email': Parameter(str, "Primary e-mail address", max = 254),
+        'phone': Parameter(str, "Telephone number", max = 64, nullok = True),
+        'url': Parameter(str, "Home page", max = 254, nullok = True),
+        'bio': Parameter(str, "Biography", max = 254, nullok = True),
         'enabled': Parameter(bool, "Has been enabled"),
-        'deleted': Parameter(bool, "Has been deleted"),
-        'password': Parameter(str, "Account password in crypt() form"),
-        'last_updated': Parameter(str, "Date and time of last update"),
-        'date_created': Parameter(str, "Date and time when account was created"),
-        }
-
-    # These fields are derived from join tables and are not actually
-    # in the persons table.
-    join_fields = {
+        'password': Parameter(str, "Account password in crypt() form", max = 254),
+        'verification_key': Parameter(str, "Reset password key", max = 254, nullok = True),
+        'verification_expires': Parameter(int, "Date and time when verification_key expires", nullok = True),
+        'last_updated': Parameter(int, "Date and time of last update", ro = True),
+        'date_created': Parameter(int, "Date and time when account was created", ro = True),
         'role_ids': Parameter([int], "List of role identifiers"),
         'roles': Parameter([str], "List of roles"),
         'site_ids': Parameter([int], "List of site identifiers"),
-        }
-    
-    # These fields are derived from join tables and are not returned
-    # by default unless specified.
-    extra_fields = {
-        'address_ids': Parameter([int], "List of address identifiers"),
         'key_ids': Parameter([int], "List of key identifiers"),
         'slice_ids': Parameter([int], "List of slice identifiers"),
+        'peer_id': Parameter(int, "Peer to which this user belongs", nullok = True),
+        'peer_person_id': Parameter(int, "Foreign user identifier at peer", nullok = True),
+        'person_tag_ids' : Parameter ([int], "List of tags attached to this person"),
         }
-
-    default_fields = dict(fields.items() + join_fields.items())
-    all_fields = dict(default_fields.items() + extra_fields.items())
-
-    def __init__(self, api, fields):
-        Row.__init__(self, fields)
-        self.api = api
+    related_fields = {
+        'roles': [Mixed(Parameter(int, "Role identifier"),
+                        Parameter(str, "Role name"))],
+        'sites': [Mixed(Parameter(int, "Site identifier"),
+                        Parameter(str, "Site name"))],
+        'keys': [Mixed(Parameter(int, "Key identifier"),
+                       Filter(Key.fields))],
+        'slices': [Mixed(Parameter(int, "Slice identifier"),
+                         Parameter(str, "Slice name"))]
+        }
+    view_tags_name = "view_person_tags"
+    # tags are used by the Add/Get/Update methods to expose tags
+    # this is initialized here and updated by the accessors factory
+    tags = { }
 
     def validate_email(self, email):
         """
         Validate email address. Stolen from Mailman.
         """
+        email = email.lower()
+        invalid_email = PLCInvalidArgument("Invalid e-mail address %s"%email)
 
-        invalid_email = PLCInvalidArgument("Invalid e-mail address")
-        email_badchars = r'[][()<>|;^,\200-\377]'
-
-        # Pretty minimal, cheesy check.  We could do better...
-        if not email or email.count(' ') > 0:
-            raise invalid_email
-        if re.search(email_badchars, email) or email[0] == '-':
+        if not email:
             raise invalid_email
 
-        email = email.lower()
-        at_sign = email.find('@')
-        if at_sign < 1:
+        email_re = re.compile('\A[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9._\-]+\.[a-zA-Z]+\Z')
+        if not email_re.match(email):
             raise invalid_email
-        user = email[:at_sign]
-        rest = email[at_sign+1:]
-        domain = rest.split('.')
 
-        # This means local, unqualified addresses, are no allowed
-        if not domain:
-            raise invalid_email
-        if len(domain) < 2:
-            raise invalid_email
+        # check only against users on the same peer
+        if 'peer_id' in self:
+            namespace_peer_id = self['peer_id']
+        else:
+            namespace_peer_id = None
+
+        conflicts = Persons(self.api, {'email':email,'peer_id':namespace_peer_id})
 
-        conflicts = Persons(self.api, [email])
-        for person_id, person in conflicts.iteritems():
-            if not person['deleted'] and ('person_id' not in self or self['person_id'] != person_id):
+        for person in conflicts:
+            if 'person_id' not in self or self['person_id'] != person['person_id']:
                 raise PLCInvalidArgument, "E-mail address already in use"
 
         return email
@@ -112,38 +106,20 @@ class Person(Row):
         database.
         """
 
-        if len(password) > len(md5crypt.MAGIC) and \
-           password[0:len(md5crypt.MAGIC)] == md5crypt.MAGIC:
+        magic = "$1$"
+
+        if len(password) > len(magic) and \
+           password[0:len(magic)] == magic:
             return password
         else:
-            # Generate a somewhat unique 2 character salt string
+            # Generate a somewhat unique 8 character salt string
             salt = str(time.time()) + str(Random().random())
-            salt = md5.md5(salt).hexdigest()[:8] 
-            return md5crypt.md5crypt(password, salt)
-
-    def validate_role_ids(self, role_ids):
-        """
-        Ensure that the specified role_ids are all valid.
-        """
-
-        roles = Roles(self.api)
-        for role_id in role_ids:
-            if role_id not in roles:
-                raise PLCInvalidArgument, "No such role"
-
-        return role_ids
-
-    def validate_site_ids(self, site_ids):
-        """
-        Ensure that the specified site_ids are all valid.
-        """
+            salt = md5(salt).hexdigest()[:8]
+            return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$")
 
-        sites = PLC.Sites.Sites(self.api, site_ids)
-        for site_id in site_ids:
-            if site_id not in sites:
-                raise PLCInvalidArgument, "No such site"
-
-        return site_ids
+    validate_date_created = Row.validate_timestamp
+    validate_last_updated = Row.validate_timestamp
+    validate_verification_expires = Row.validate_timestamp
 
     def can_update(self, person):
         """
@@ -166,8 +142,8 @@ class Person(Row):
 
         if 'pi' in self['roles']:
             if set(self['site_ids']).intersection(person['site_ids']):
-                # Can update people with higher role IDs
-                return min(self['role_ids']) < min(person['role_ids'])
+                # non-admin users cannot update a person who is neither a PI or ADMIN
+                return (not set(['pi','admin']).intersection(person['roles']))
 
         return False
 
@@ -178,7 +154,7 @@ class Person(Row):
 
         1. We are the person.
         2. We are an admin.
-        3. We are a PI and the person is at one of our sites.
+        3. We are a PI or Tech and the person is at one of our sites.
         """
 
         assert isinstance(person, Person)
@@ -186,59 +162,25 @@ class Person(Row):
         if self.can_update(person):
             return True
 
-        if 'pi' in self['roles']:
+        # pis and techs can see all people on their site
+        if set(['pi','tech']).intersection(self['roles']):
             if set(self['site_ids']).intersection(person['site_ids']):
-                # Can view people with equal or higher role IDs
-                return min(self['role_ids']) <= min(person['role_ids'])
+                return True
 
         return False
 
-    def add_role(self, role_id, commit = True):
-        """
-        Add role to existing account.
-        """
-
-        assert 'person_id' in self
-
-        person_id = self['person_id']
-        self.api.db.do("INSERT INTO person_roles (person_id, role_id)" \
-                       " VALUES(%(person_id)d, %(role_id)d)",
-                       locals())
-
-        if commit:
-            self.api.db.commit()
-
-        assert 'role_ids' in self
-        if role_id not in self['role_ids']:
-            self['role_ids'].append(role_id)
-
-    def remove_role(self, role_id, commit = True):
-        """
-        Remove role from existing account.
-        """
-
-        assert 'person_id' in self
-
-        person_id = self['person_id']
-        self.api.db.do("DELETE FROM person_roles" \
-                       " WHERE person_id = %(person_id)d" \
-                       " AND role_id = %(role_id)d",
-                       locals())
-
-        if commit:
-            self.api.db.commit()
+    add_role = Row.add_object(Role, 'person_role')
+    remove_role = Row.remove_object(Role, 'person_role')
 
-        assert 'role_ids' in self
-        if role_id in self['role_ids']:
-            self['role_ids'].remove(role_id)
+    add_key = Row.add_object(Key, 'person_key')
+    remove_key = Row.remove_object(Key, 'person_key')
 
     def set_primary_site(self, site, commit = True):
         """
-        Set the primary site for an existing account.
+        Set the primary site for an existing user.
         """
 
         assert 'person_id' in self
-        assert isinstance(site, PLC.Sites.Site)
         assert 'site_id' in site
 
         person_id = self['person_id']
@@ -261,158 +203,205 @@ class Person(Row):
         self['site_ids'].remove(site_id)
         self['site_ids'].insert(0, site_id)
 
-    def flush(self, commit = True):
+    def update_last_updated(self, commit = True):
         """
-        Commit changes back to the database.
+        Update last_updated field with current time
         """
 
-        self.validate()
+        assert 'person_id' in self
+        assert self.table_name
 
-        # Fetch a new person_id if necessary
-        if 'person_id' not in self:
-            rows = self.api.db.selectall("SELECT NEXTVAL('persons_person_id_seq') AS person_id")
-            if not rows:
-                raise PLCDBError, "Unable to fetch new person_id"
-            self['person_id'] = rows[0]['person_id']
-            insert = True
-        else:
-            insert = False
+        self.api.db.do("UPDATE %s SET last_updated = CURRENT_TIMESTAMP " % (self.table_name) + \
+                       " where person_id = %d" % (self['person_id']) )
+        self.sync(commit)
 
-        # Filter out fields that cannot be set or updated directly
-        fields = dict(filter(lambda (key, value): key in self.fields,
-                             self.items()))
+    def associate_roles(self, auth, field, value):
+        """
+        Adds roles found in value list to this person (using AddRoleToPerson).
+        Deletes roles not found in value list from this person (using DeleteRoleFromPerson).
+        """
 
-        # Parameterize for safety
-        keys = fields.keys()
-        values = [self.api.db.param(key, value) for (key, value) in fields.items()]
+        assert 'role_ids' in self
+        assert 'person_id' in self
+        assert isinstance(value, list)
 
-        if insert:
-            # Insert new row in persons table
-            sql = "INSERT INTO persons (%s) VALUES (%s)" % \
-                  (", ".join(keys), ", ".join(values))
-        else:
-            # Update existing row in persons table
-            columns = ["%s = %s" % (key, value) for (key, value) in zip(keys, values)]
-            sql = "UPDATE persons SET " + \
-                  ", ".join(columns) + \
-                  " WHERE person_id = %(person_id)d"
+        (role_ids, role_names) = self.separate_types(value)[0:2]
 
-        self.api.db.do(sql, fields)
+        # Translate roles into role_ids
+        if role_names:
+            roles = Roles(self.api, role_names).dict('role_id')
+            role_ids += roles.keys()
 
-        if commit:
-            self.api.db.commit()
+        # Add new ids, remove stale ids
+        if self['role_ids'] != role_ids:
+            from PLC.Methods.AddRoleToPerson import AddRoleToPerson
+            from PLC.Methods.DeleteRoleFromPerson import DeleteRoleFromPerson
+            new_roles = set(role_ids).difference(self['role_ids'])
+            stale_roles = set(self['role_ids']).difference(role_ids)
 
-    def delete(self, commit = True):
+            for new_role in new_roles:
+                AddRoleToPerson.__call__(AddRoleToPerson(self.api), auth, new_role, self['person_id'])
+            for stale_role in stale_roles:
+                DeleteRoleFromPerson.__call__(DeleteRoleFromPerson(self.api), auth, stale_role, self['person_id'])
+
+
+    def associate_sites(self, auth, field, value):
+        """
+        Adds person to sites found in value list (using AddPersonToSite).
+        Deletes person from site not found in value list (using DeletePersonFromSite).
+        """
+
+        from PLC.Sites import Sites
+
+        assert 'site_ids' in self
+        assert 'person_id' in self
+        assert isinstance(value, list)
+
+        (site_ids, site_names) = self.separate_types(value)[0:2]
+
+        # Translate roles into role_ids
+        if site_names:
+            sites = Sites(self.api, site_names, ['site_id']).dict('site_id')
+            site_ids += sites.keys()
+
+        # Add new ids, remove stale ids
+        if self['site_ids'] != site_ids:
+            from PLC.Methods.AddPersonToSite import AddPersonToSite
+            from PLC.Methods.DeletePersonFromSite import DeletePersonFromSite
+            new_sites = set(site_ids).difference(self['site_ids'])
+            stale_sites = set(self['site_ids']).difference(site_ids)
+
+            for new_site in new_sites:
+                AddPersonToSite.__call__(AddPersonToSite(self.api), auth, self['person_id'], new_site)
+            for stale_site in stale_sites:
+                DeletePersonFromSite.__call__(DeletePersonFromSite(self.api), auth, self['person_id'], stale_site)
+
+
+    def associate_keys(self, auth, field, value):
+        """
+        Deletes key_ids not found in value list (using DeleteKey).
+        Adds key if key_fields w/o key_id is found (using AddPersonKey).
+        Updates key if key_fields w/ key_id is found (using UpdateKey).
+        """
+        assert 'key_ids' in self
+        assert 'person_id' in self
+        assert isinstance(value, list)
+
+        (key_ids, blank, keys) = self.separate_types(value)
+
+        if self['key_ids'] != key_ids:
+            from PLC.Methods.DeleteKey import DeleteKey
+            stale_keys = set(self['key_ids']).difference(key_ids)
+
+            for stale_key in stale_keys:
+                DeleteKey.__call__(DeleteKey(self.api), auth, stale_key)
+
+        if keys:
+            from PLC.Methods.AddPersonKey import AddPersonKey
+            from PLC.Methods.UpdateKey import UpdateKey
+            updated_keys = filter(lambda key: 'key_id' in key, keys)
+            added_keys = filter(lambda key: 'key_id' not in key, keys)
+
+            for key in added_keys:
+                AddPersonKey.__call__(AddPersonKey(self.api), auth, self['person_id'], key)
+            for key in updated_keys:
+                key_id = key.pop('key_id')
+                UpdateKey.__call__(UpdateKey(self.api), auth, key_id, key)
+
+
+    def associate_slices(self, auth, field, value):
         """
-        Delete existing account.
+        Adds person to slices found in value list (using AddPersonToSlice).
+        Deletes person from slices found in value list (using DeletePersonFromSlice).
         """
 
+        from PLC.Slices import Slices
+
+        assert 'slice_ids' in self
         assert 'person_id' in self
+        assert isinstance(value, list)
+
+        (slice_ids, slice_names) = self.separate_types(value)[0:2]
+
+        # Translate roles into role_ids
+        if slice_names:
+            slices = Slices(self.api, slice_names, ['slice_id']).dict('slice_id')
+            slice_ids += slices.keys()
+
+        # Add new ids, remove stale ids
+        if self['slice_ids'] != slice_ids:
+            from PLC.Methods.AddPersonToSlice import AddPersonToSlice
+            from PLC.Methods.DeletePersonFromSlice import DeletePersonFromSlice
+            new_slices = set(slice_ids).difference(self['slice_ids'])
+            stale_slices = set(self['slice_ids']).difference(slice_ids)
+
+            for new_slice in new_slices:
+                AddPersonToSlice.__call__(AddPersonToSlice(self.api), auth, self['person_id'], new_slice)
+            for stale_slice in stale_slices:
+                DeletePersonFromSlice.__call__(DeletePersonFromSlice(self.api), auth, self['person_id'], stale_slice)
 
-        # Make sure extra fields are present
-        persons = Persons(self.api, [self['person_id']],
-                          ['address_ids', 'key_ids'])
-        assert persons
-        self.update(persons.values()[0])
 
-        # Delete all addresses
-        addresses = Addresses(self.api, self['address_ids'])
-        for address in addresses.values():
-            address.delete(commit = False)
+    def delete(self, commit = True):
+        """
+        Delete existing user.
+        """
 
         # Delete all keys
         keys = Keys(self.api, self['key_ids'])
-        for key in keys.values():
+        for key in keys:
             key.delete(commit = False)
 
         # Clean up miscellaneous join tables
-        for table in ['person_roles', 'person_capabilities', 'person_site',
-                      'node_root_access', 'dslice03_sliceuser']:
-            self.api.db.do("DELETE FROM %s" \
-                           " WHERE person_id = %d" % \
+        for table in self.join_tables:
+            self.api.db.do("DELETE FROM %s WHERE person_id = %d" % \
                            (table, self['person_id']))
 
         # Mark as deleted
         self['deleted'] = True
-        self.flush(commit)
+
+        # delete will fail if timestamp fields aren't validated, so lets remove them
+        for field in ['verification_expires', 'date_created', 'last_updated']:
+            if field in self:
+                self.pop(field)
+
+        # don't validate, so duplicates can be consistently removed
+        self.sync(commit, validate=False)
 
 class Persons(Table):
     """
     Representation of row(s) from the persons table in the
-    database. Specify deleted and/or enabled to force a match on
-    whether a person is deleted and/or enabled. Default is to match on
-    non-deleted accounts.
+    database.
     """
 
-    def __init__(self, api, person_id_or_email_list = None, extra_fields = [], deleted = False, enabled = None):
-        self.api = api
-
-        role_max = Roles.role_max
-
-        # N.B.: Site IDs returned may be deleted. Persons returned are
-        # never deleted, but may not be enabled.
-        sql = "SELECT persons.*" \
-              ", roles.role_id, roles.name AS role" \
-              ", person_site.site_id" \
-
-        # N.B.: Joined IDs may be marked as deleted in their primary tables
-        join_tables = {
-            # extra_field: (extra_table, extra_column, join_using)
-            'address_ids': ('person_address', 'address_id', 'person_id'),
-            'key_ids': ('person_keys', 'key_id', 'person_id'),
-            'slice_ids': ('dslice03_sliceuser', 'slice_id', 'person_id'),
-            }
-
-        extra_fields = filter(join_tables.has_key, extra_fields)
-        extra_tables = ["%s USING (%s)" % \
-                        (join_tables[field][0], join_tables[field][2]) \
-                        for field in extra_fields]
-        extra_columns = ["%s.%s" % \
-                         (join_tables[field][0], join_tables[field][1]) \
-                         for field in extra_fields]
-
-        if extra_columns:
-            sql += ", " + ", ".join(extra_columns)
-
-        sql += " FROM persons" \
-               " LEFT JOIN person_roles USING (person_id)" \
-               " LEFT JOIN roles USING (role_id)" \
-               " LEFT JOIN person_site USING (person_id)"
-
-        if extra_tables:
-            sql += " LEFT JOIN " + " LEFT JOIN ".join(extra_tables)
-
-        # So that people with no roles have empty role_ids and roles values
-        sql += " WHERE (role_id IS NULL or role_id <= %(role_max)d)"
-
-        if deleted is not None:
-            sql += " AND persons.deleted IS %(deleted)s"
-
-        if enabled is not None:
-            sql += " AND persons.enabled IS %(enabled)s"
-
-        if person_id_or_email_list:
-            # Separate the list into integers and strings
-            person_ids = filter(lambda person_id: isinstance(person_id, (int, long)),
-                                person_id_or_email_list)
-            emails = filter(lambda email: isinstance(email, StringTypes),
-                            person_id_or_email_list)
-            sql += " AND (False"
-            if person_ids:
-                sql += " OR person_id IN (%s)" % ", ".join(map(str, person_ids))
-            if emails:
-                # Case insensitive e-mail address comparison
-                sql += " OR lower(email) IN (%s)" % ", ".join(api.db.quote(emails)).lower()
-            sql += ")"
-
-        # The first site_id in the site_ids list is the primary site
-        # of the user. See AdmGetPersonSites().
-        sql += " ORDER BY person_site.is_primary DESC"
-
-        rows = self.api.db.selectall(sql, locals())
-        for row in rows:
-            if self.has_key(row['person_id']):
-                person = self[row['person_id']]
-                person.update(row)
+    def __init__(self, api, person_filter = None, columns = None):
+        Table.__init__(self, api, Person, columns)
+
+        view = "view_persons"
+        for tagname in self.tag_columns:
+            view= "%s left join %s using (%s)"%(view,Person.tagvalue_view_name(tagname),
+                                                Person.primary_key)
+
+        sql = "SELECT %s FROM %s WHERE deleted IS False" % \
+            (", ".join(self.columns.keys()+self.tag_columns.keys()),view)
+
+        if person_filter is not None:
+            if isinstance(person_filter, (list, tuple, set)):
+                # Separate the list into integers and strings
+                ints = filter(lambda x: isinstance(x, (int, long)), person_filter)
+                strs = filter(lambda x: isinstance(x, StringTypes), person_filter)
+                person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs})
+                sql += " AND (%s) %s" % person_filter.sql(api, "OR")
+            elif isinstance(person_filter, dict):
+                allowed_fields=dict(Person.fields.items()+Person.tags.items())
+                person_filter = Filter(allowed_fields, person_filter)
+                sql += " AND (%s) %s" % person_filter.sql(api, "AND")
+            elif isinstance (person_filter, StringTypes):
+                person_filter = Filter(Person.fields, {'email':person_filter})
+                sql += " AND (%s) %s" % person_filter.sql(api, "AND")
+            elif isinstance (person_filter, (int, long)):
+                person_filter = Filter(Person.fields, {'person_id':person_filter})
+                sql += " AND (%s) %s" % person_filter.sql(api, "AND")
             else:
-                self[row['person_id']] = Person(api, row)
+                raise PLCInvalidArgument, "Wrong person filter %r"%person_filter
+
+        self.selectall(sql)