X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=PLC%2FPersons.py;h=ff1b6cb845fa27bfb9554f3e1949c664b40eb6ef;hb=bfbd7ab0a157ca63f286836252d143341ca677ec;hp=6d4be4472123803c146e6d41b3b135f2e35fa17d;hpb=24d16d18acab3da7bccc3e09df4927e9cf2d3246;p=plcapi.git diff --git a/PLC/Persons.py b/PLC/Persons.py index 6d4be44..ff1b6cb 100644 --- a/PLC/Persons.py +++ b/PLC/Persons.py @@ -4,7 +4,7 @@ # Mark Huang # Copyright (C) 2006 The Trustees of Princeton University # -# $Id$ +# $Id: Persons.py,v 1.32 2007/01/11 05:37:55 mlhuang Exp $ # from types import StringTypes @@ -13,62 +13,64 @@ import md5 import time from random import Random import re +import crypt from PLC.Faults import * +from PLC.Debug import log from PLC.Parameter import Parameter -from PLC.Debug import profile +from PLC.Filter import Filter from PLC.Table import Row, Table -from PLC.Roles import Roles -from PLC.Addresses import Address, Addresses +from PLC.Roles import Role, Roles from PLC.Keys import Key, Keys -from PLC import md5crypt +from PLC.Messages import Message, Messages class Person(Row): """ Representation of a row in the persons table. To use, optionally instantiate with a dict of values. Update as you would a - dict. Commit to the database with flush(). + dict. Commit to the database with sync(). """ + table_name = 'persons' + primary_key = 'person_id' + join_tables = ['person_key', 'person_role', 'person_site', 'slice_person', 'person_session', 'peer_person'] fields = { - 'person_id': Parameter(int, "Account identifier"), - 'first_name': Parameter(str, "Given name"), - 'last_name': Parameter(str, "Surname"), - 'title': Parameter(str, "Title"), - 'email': Parameter(str, "Primary e-mail address"), - 'phone': Parameter(str, "Telephone number"), - 'url': Parameter(str, "Home page"), - 'bio': Parameter(str, "Biography"), - 'accepted_aup': Parameter(bool, "Has accepted the AUP"), + 'person_id': Parameter(int, "User identifier"), + 'first_name': Parameter(str, "Given name", max = 128), + 'last_name': Parameter(str, "Surname", max = 128), + 'title': Parameter(str, "Title", max = 128, nullok = True), + 'email': Parameter(str, "Primary e-mail address", max = 254), + 'phone': Parameter(str, "Telephone number", max = 64, nullok = True), + 'url': Parameter(str, "Home page", max = 254, nullok = True), + 'bio': Parameter(str, "Biography", max = 254, nullok = True), 'enabled': Parameter(bool, "Has been enabled"), - 'deleted': Parameter(bool, "Has been deleted"), - 'password': Parameter(str, "Account password in crypt() form"), - 'last_updated': Parameter(str, "Date and time of last update"), - 'date_created': Parameter(str, "Date and time when account was created"), - } - - # These fields are derived from join tables and are not actually - # in the persons table. - join_fields = { + 'password': Parameter(str, "Account password in crypt() form", max = 254), + 'verification_key': Parameter(str, "Reset password key", max = 254, nullok = True), + 'verification_expires': Parameter(int, "Date and time when verification_key expires", nullok = True), + 'last_updated': Parameter(int, "Date and time of last update", ro = True), + 'date_created': Parameter(int, "Date and time when account was created", ro = True), 'role_ids': Parameter([int], "List of role identifiers"), 'roles': Parameter([str], "List of roles"), 'site_ids': Parameter([int], "List of site identifiers"), - } - - # These fields are derived from join tables and are not returned - # by default unless specified. - extra_fields = { - 'address_ids': Parameter([int], "List of address identifiers"), 'key_ids': Parameter([int], "List of key identifiers"), 'slice_ids': Parameter([int], "List of slice identifiers"), + 'peer_id': Parameter(int, "Peer to which this user belongs", nullok = True), + 'peer_person_id': Parameter(int, "Foreign user identifier at peer", nullok = True), } - default_fields = dict(fields.items() + join_fields.items()) - all_fields = dict(default_fields.items() + extra_fields.items()) - - def __init__(self, api, fields): - Row.__init__(self, fields) - self.api = api + # for Cache + class_key = 'email' + foreign_fields = ['first_name', 'last_name', 'title', 'email', 'phone', 'url', + 'bio', 'enabled', 'password', ] + # forget about these ones, they are read-only anyway + # handling them causes Cache to re-sync all over again + # 'last_updated', 'date_created' + foreign_xrefs = [ + {'field' : 'key_ids', 'class': 'Key', 'table' : 'person_key' } , + {'field' : 'site_ids', 'class': 'Site', 'table' : 'person_site'}, +# xxx this is not handled by Cache yet +# 'role_ids': Parameter([int], "List of role identifiers"), +] def validate_email(self, email): """ @@ -92,15 +94,15 @@ class Person(Row): rest = email[at_sign+1:] domain = rest.split('.') - # This means local, unqualified addresses, are no allowed + # This means local, unqualified addresses, are not allowed if not domain: raise invalid_email if len(domain) < 2: raise invalid_email conflicts = Persons(self.api, [email]) - for person_id, person in conflicts.iteritems(): - if not person['deleted'] and ('person_id' not in self or self['person_id'] != person_id): + for person in conflicts: + if 'person_id' not in self or self['person_id'] != person['person_id']: raise PLCInvalidArgument, "E-mail address already in use" return email @@ -111,38 +113,20 @@ class Person(Row): database. """ - if len(password) > len(md5crypt.MAGIC) and \ - password[0:len(md5crypt.MAGIC)] == md5crypt.MAGIC: + magic = "$1$" + + if len(password) > len(magic) and \ + password[0:len(magic)] == magic: return password else: - # Generate a somewhat unique 2 character salt string + # Generate a somewhat unique 8 character salt string salt = str(time.time()) + str(Random().random()) salt = md5.md5(salt).hexdigest()[:8] - return md5crypt.md5crypt(password, salt) - - def validate_role_ids(self, role_ids): - """ - Ensure that the specified role_ids are all valid. - """ - - roles = Roles(self.api) - for role_id in role_ids: - if role_id not in roles: - raise PLCInvalidArgument, "No such role" + return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$") - return role_ids - - def validate_site_ids(self, site_ids): - """ - Ensure that the specified site_ids are all valid. - """ - - sites = Sites(self.api, site_ids) - for site_id in site_ids: - if site_id not in sites: - raise PLCInvalidArgument, "No such site" - - return site_ids + validate_date_created = Row.validate_timestamp + validate_last_updated = Row.validate_timestamp + validate_verification_expires = Row.validate_timestamp def can_update(self, person): """ @@ -155,6 +139,8 @@ class Person(Row): one of our sites. """ + assert isinstance(person, Person) + if self['person_id'] == person['person_id']: return True @@ -178,6 +164,8 @@ class Person(Row): 3. We are a PI and the person is at one of our sites. """ + assert isinstance(person, Person) + if self.can_update(person): return True @@ -188,158 +176,80 @@ class Person(Row): return False - def flush(self, commit = True): - """ - Commit changes back to the database. - """ + add_role = Row.add_object(Role, 'person_role') + remove_role = Row.remove_object(Role, 'person_role') - self.validate() + add_key = Row.add_object(Key, 'person_key') + remove_key = Row.remove_object(Key, 'person_key') - # Fetch a new person_id if necessary - if 'person_id' not in self: - rows = self.api.db.selectall("SELECT NEXTVAL('persons_person_id_seq') AS person_id") - if not rows: - raise PLCDBError, "Unable to fetch new person_id" - self['person_id'] = rows[0]['person_id'] - insert = True - else: - insert = False - - # Filter out fields that cannot be set or updated directly - fields = dict(filter(lambda (key, value): key in self.fields, - self.items())) - - # Parameterize for safety - keys = fields.keys() - values = [self.api.db.param(key, value) for (key, value) in fields.items()] - - if insert: - # Insert new row in persons table - sql = "INSERT INTO persons (%s) VALUES (%s)" % \ - (", ".join(keys), ", ".join(values)) - else: - # Update existing row in persons table - columns = ["%s = %s" % (key, value) for (key, value) in zip(keys, values)] - sql = "UPDATE persons SET " + \ - ", ".join(columns) + \ - " WHERE person_id = %(person_id)d" + def set_primary_site(self, site, commit = True): + """ + Set the primary site for an existing user. + """ - self.api.db.do(sql, fields) + assert 'person_id' in self + assert 'site_id' in site + + person_id = self['person_id'] + site_id = site['site_id'] + self.api.db.do("UPDATE person_site SET is_primary = False" \ + " WHERE person_id = %(person_id)d", + locals()) + self.api.db.do("UPDATE person_site SET is_primary = True" \ + " WHERE person_id = %(person_id)d" \ + " AND site_id = %(site_id)d", + locals()) if commit: self.api.db.commit() + assert 'site_ids' in self + assert site_id in self['site_ids'] + + # Make sure that the primary site is first in the list + self['site_ids'].remove(site_id) + self['site_ids'].insert(0, site_id) + def delete(self, commit = True): """ - Delete existing account. + Delete existing user. """ - assert 'person_id' in self - - # Make sure extra fields are present - persons = Persons(self.api, [self['person_id']], - ['address_ids', 'key_ids']) - assert persons - self.update(persons.values()[0]) - - # Delete all addresses - addresses = Addresses(self.api, self['address_ids']) - for address in addresses.values(): - address.delete(commit = False) - # Delete all keys keys = Keys(self.api, self['key_ids']) - for key in keys.values(): + for key in keys: key.delete(commit = False) # Clean up miscellaneous join tables - for table in ['person_roles', 'person_capabilities', 'person_site', - 'node_root_access', 'dslice03_sliceuser']: - self.api.db.do("DELETE FROM %s" \ - " WHERE person_id = %d" % \ + for table in self.join_tables: + self.api.db.do("DELETE FROM %s WHERE person_id = %d" % \ (table, self['person_id'])) # Mark as deleted self['deleted'] = True - self.flush(commit) + self.sync(commit) class Persons(Table): """ Representation of row(s) from the persons table in the - database. Specify deleted and/or enabled to force a match on - whether a person is deleted and/or enabled. Default is to match on - non-deleted accounts. + database. """ - def __init__(self, api, person_id_or_email_list = None, extra_fields = [], deleted = False, enabled = None): - self.api = api - - role_max = Roles.role_max - - # N.B.: Site IDs returned may be deleted. Persons returned are - # never deleted, but may not be enabled. - sql = "SELECT persons.*" \ - ", roles.role_id, roles.name AS role" \ - ", person_site.site_id" \ - - # N.B.: Joined IDs may be marked as deleted in their primary tables - join_tables = { - # extra_field: (extra_table, extra_column, join_using) - 'address_ids': ('person_address', 'address_id', 'person_id'), - 'key_ids': ('person_keys', 'key_id', 'person_id'), - 'slice_ids': ('dslice03_sliceuser', 'slice_id', 'person_id'), - } - - extra_fields = filter(join_tables.has_key, extra_fields) - extra_tables = ["%s USING (%s)" % \ - (join_tables[field][0], join_tables[field][2]) \ - for field in extra_fields] - extra_columns = ["%s.%s" % \ - (join_tables[field][0], join_tables[field][1]) \ - for field in extra_fields] - - if extra_columns: - sql += ", " + ", ".join(extra_columns) - - sql += " FROM persons" \ - " LEFT JOIN person_roles USING (person_id)" \ - " LEFT JOIN roles USING (role_id)" \ - " LEFT JOIN person_site USING (person_id)" - - if extra_tables: - sql += " LEFT JOIN " + " LEFT JOIN ".join(extra_tables) - - # So that people with no roles have empty role_ids and roles values - sql += " WHERE (role_id IS NULL or role_id <= %(role_max)d)" - - if deleted is not None: - sql += " AND deleted IS %(deleted)s" - - if enabled is not None: - sql += " AND enabled IS %(enabled)s" - - if person_id_or_email_list: - # Separate the list into integers and strings - person_ids = filter(lambda person_id: isinstance(person_id, (int, long)), - person_id_or_email_list) - emails = filter(lambda email: isinstance(email, StringTypes), - person_id_or_email_list) - sql += " AND (False" - if person_ids: - sql += " OR person_id IN (%s)" % ", ".join(map(str, person_ids)) - if emails: - # Case insensitive e-mail address comparison - sql += " OR lower(email) IN (%s)" % ", ".join(api.db.quote(emails)).lower() - sql += ")" - - # The first site_id in the site_ids list is the primary site - # of the user. See AdmGetPersonSites(). - sql += " ORDER BY person_site.is_primary DESC" - - rows = self.api.db.selectall(sql, locals()) - for row in rows: - if self.has_key(row['person_id']): - person = self[row['person_id']] - person.update(row) - else: - self[row['person_id']] = Person(api, row) + def __init__(self, api, person_filter = None, columns = None): + Table.__init__(self, api, Person, columns) + + sql = "SELECT %s FROM view_persons WHERE deleted IS False" % \ + ", ".join(self.columns) + + if person_filter is not None: + if isinstance(person_filter, (list, tuple, set)): + # Separate the list into integers and strings + ints = filter(lambda x: isinstance(x, (int, long)), person_filter) + strs = filter(lambda x: isinstance(x, StringTypes), person_filter) + person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs}) + sql += " AND (%s)" % person_filter.sql(api, "OR") + elif isinstance(person_filter, dict): + person_filter = Filter(Person.fields, person_filter) + sql += " AND (%s)" % person_filter.sql(api, "AND") + + self.selectall(sql)