X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fmodels%2Fuser.py;h=244ef6a0c5a13126f0012575662ac7e7e3896404;hb=254d0542b79c44d316011358d6b37bca169ac4d5;hp=9a62e3438b3f0cbb60cc5bc5e6fb41cfae458138;hpb=914bc6ff57d325914c3712208e10b087d87630a7;p=plstackapi.git diff --git a/planetstack/core/models/user.py b/planetstack/core/models/user.py index 9a62e34..244ef6a 100644 --- a/planetstack/core/models/user.py +++ b/planetstack/core/models/user.py @@ -1,16 +1,33 @@ import os import datetime +import sys +import hashlib from collections import defaultdict +from django.forms.models import model_to_dict from django.db import models from django.db.models import F, Q -from core.models import PlCoreBase,Site, DashboardView -from core.models.site import Deployment +from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn from django.contrib.auth.models import AbstractBaseUser, BaseUserManager from timezones.fields import TimeZoneField from operator import itemgetter, attrgetter from django.core.mail import EmailMultiAlternatives from core.middleware import get_request import model_policy +from django.core.exceptions import PermissionDenied + +# ------ from plcorebase.py ------ +try: + # This is a no-op if observer_disabled is set to 1 in the config file + from observer import * +except: + print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:" + import traceback + traceback.print_exc() + + # guard against something failing + def notify_observer(*args, **kwargs): + pass +# ------ ------ # Create your models here. class UserManager(BaseUserManager): @@ -47,6 +64,17 @@ class UserManager(BaseUserManager): user.save(using=self._db) return user + def get_queryset(self): + parent=super(UserManager, self) + if hasattr(parent, "get_queryset"): + return parent.get_queryset().filter(deleted=False) + else: + return parent.get_query_set().filter(deleted=False) + + # deprecated in django 1.7 in favor of get_queryset(). + def get_query_set(self): + return self.get_queryset() + class DeletedUserManager(UserManager): def get_queryset(self): return super(UserManager, self).get_query_set().filter(deleted=True) @@ -55,7 +83,56 @@ class DeletedUserManager(UserManager): def get_query_set(self): return self.get_queryset() -class User(AbstractBaseUser): +class User(AbstractBaseUser): #, DiffModelMixIn): + + # ---- copy stuff from DiffModelMixin ---- + + @property + def _dict(self): + return model_to_dict(self, fields=[field.name for field in + self._meta.fields]) + + @property + def diff(self): + d1 = self._initial + d2 = self._dict + diffs = [(k, (v, d2[k])) for k, v in d1.items() if v != d2[k]] + return dict(diffs) + + @property + def has_changed(self): + return bool(self.diff) + + @property + def changed_fields(self): + return self.diff.keys() + + def has_field_changed(self, field_name): + return field_name in self.diff.keys() + + def get_field_diff(self, field_name): + return self.diff.get(field_name, None) + + #classmethod + def getValidators(cls): + """ primarily for REST API, return a dictionary of field names mapped + to lists of the type of validations that need to be applied to + those fields. + """ + validators = {} + for field in cls._meta.fields: + l = [] + if field.blank==False: + l.append("notBlank") + if field.__class__.__name__=="URLField": + l.append("url") + validators[field.name] = l + return validators + # ---- end copy stuff from DiffModelMixin ---- + + @property + def remote_password(self): + return hashlib.md5(self.password).hexdigest()[:12] class Meta: app_label = "core" @@ -85,6 +162,7 @@ class User(AbstractBaseUser): created = models.DateTimeField(auto_now_add=True) updated = models.DateTimeField(auto_now=True) enacted = models.DateTimeField(null=True, default=None) + policed = models.DateTimeField(null=True, default=None) backend_status = models.CharField(max_length=140, default="Provisioning in progress") deleted = models.BooleanField(default=False) @@ -99,6 +177,13 @@ class User(AbstractBaseUser): USERNAME_FIELD = 'email' REQUIRED_FIELDS = ['firstname', 'lastname'] + PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"] + USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"] + + def __init__(self, *args, **kwargs): + super(User, self).__init__(*args, **kwargs) + self._initial = self._dict # for DiffModelMixIn + def isReadOnlyUser(self): return self.is_readonly @@ -113,6 +198,8 @@ class User(AbstractBaseUser): def delete(self, *args, **kwds): # so we have something to give the observer purge = kwds.get('purge',False) + if purge: + del kwds['purge'] try: purge = purge or observer_disabled except NameError: @@ -148,7 +235,7 @@ class User(AbstractBaseUser): def get_dashboards(self): DEFAULT_DASHBOARDS=["Tenant"] - dashboards = sorted(list(self.dashboardViews.all()), key=attrgetter('order')) + dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order')) dashboards = [x.dashboardView for x in dashboards] if not dashboards: @@ -182,6 +269,8 @@ class User(AbstractBaseUser): self.username = self.email super(User, self).save(*args, **kwds) + self._initial = self._dict + def send_temporary_password(self): password = User.objects.make_random_password() self.set_password(password) @@ -193,6 +282,31 @@ class User(AbstractBaseUser): msg.attach_alternative(html_content, "text/html") msg.send() + def can_update(self, user): + from core.models import SitePrivilege + _cant_update_fieldName = None + if user.is_readonly: + return False + if user.is_admin: + return True + # site pis can update + site_privs = SitePrivilege.objects.filter(user=user, site=self.site) + for site_priv in site_privs: + if site_priv.role.role == 'pi': + for fieldName in self.diff.keys(): + if fieldName in self.PI_FORBIDDEN_FIELDS: + _cant_update_fieldName = fieldName + return False + return True + if (user.id == self.id): + for fieldName in self.diff.keys(): + if fieldName in self.USER_FORBIDDEN_FIELDS: + _cant_update_fieldName = fieldName + return False + return True + + return False + @staticmethod def select_by_user(user): if user.is_admin: @@ -208,7 +322,21 @@ class User(AbstractBaseUser): qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids)) return qs + def save_by_user(self, user, *args, **kwds): + if not self.can_update(user): + if getattr(self, "_cant_update_fieldName", None) is not None: + raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__)) + else: + raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__) + + self.save(*args, **kwds) + + def delete_by_user(self, user, *args, **kwds): + if not self.can_update(user): + raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__) + self.delete(*args, **kwds) + class UserDashboardView(PlCoreBase): - user = models.ForeignKey(User, related_name="dashboardViews") - dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews") + user = models.ForeignKey(User, related_name='userdashboardviews') + dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews') order = models.IntegerField(default=0)