X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=planetstack%2Fcore%2Fmodels%2Fuser.py;h=9b54da9858060c760888d779ca03c2713b4222bc;hb=e3ab5c3450f682b1315726fce8add6f5eddd872f;hp=9d0c2ec55f5a9a76f8a5591bb7afb1caf326eab6;hpb=69f1bc37947077697a4e76a0edb2d67171c2a465;p=plstackapi.git diff --git a/planetstack/core/models/user.py b/planetstack/core/models/user.py index 9d0c2ec..9b54da9 100644 --- a/planetstack/core/models/user.py +++ b/planetstack/core/models/user.py @@ -3,10 +3,15 @@ import datetime from collections import defaultdict from django.db import models from django.db.models import F, Q -from core.models import PlCoreBase,Site -from core.models.deployment import Deployment +from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn +from core.models.site import Deployment from django.contrib.auth.models import AbstractBaseUser, BaseUserManager from timezones.fields import TimeZoneField +from operator import itemgetter, attrgetter +from django.core.mail import EmailMultiAlternatives +from core.middleware import get_request +import model_policy +from django.core.exceptions import PermissionDenied # Create your models here. class UserManager(BaseUserManager): @@ -43,8 +48,15 @@ class UserManager(BaseUserManager): user.save(using=self._db) return user +class DeletedUserManager(UserManager): + def get_queryset(self): + return super(UserManager, self).get_query_set().filter(deleted=True) -class User(AbstractBaseUser): + # deprecated in django 1.7 in favor of get_queryset() + def get_query_set(self): + return self.get_queryset() + +class User(AbstractBaseUser, DiffModelMixIn): class Meta: app_label = "core" @@ -58,8 +70,6 @@ class User(AbstractBaseUser): username = models.CharField(max_length=255, default="Something" ) - - kuser_id = models.CharField(null=True, blank=True, help_text="keystone user id", max_length=200) firstname = models.CharField(help_text="person's given name", max_length=200) lastname = models.CharField(help_text="person's surname", max_length=200) @@ -76,14 +86,24 @@ class User(AbstractBaseUser): created = models.DateTimeField(auto_now_add=True) updated = models.DateTimeField(auto_now=True) enacted = models.DateTimeField(null=True, default=None) + backend_status = models.CharField(max_length=140, + default="Provisioning in progress") + deleted = models.BooleanField(default=False) timezone = TimeZoneField() + dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True) + objects = UserManager() + deleted_objects = DeletedUserManager() USERNAME_FIELD = 'email' REQUIRED_FIELDS = ['firstname', 'lastname'] + def __init__(self, *args, **kwargs): + super(User, self).__init__(*args, **kwargs) + self._initial = self._dict # for DiffModelMixIn + def isReadOnlyUser(self): return self.is_readonly @@ -95,6 +115,21 @@ class User(AbstractBaseUser): # The user is identified by their email address return self.email + def delete(self, *args, **kwds): + # so we have something to give the observer + purge = kwds.get('purge',False) + try: + purge = purge or observer_disabled + except NameError: + pass + + if (purge): + super(User, self).delete(*args, **kwds) + else: + self.deleted = True + self.enacted=None + self.save(update_fields=['enacted','deleted']) + @property def keyname(self): return self.email[:self.email.find('@')] @@ -115,6 +150,20 @@ class User(AbstractBaseUser): def is_superuser(self): return False + def get_dashboards(self): + DEFAULT_DASHBOARDS=["Tenant"] + + dashboards = sorted(list(self.dashboardViews.all()), key=attrgetter('order')) + dashboards = [x.dashboardView for x in dashboards] + + if not dashboards: + for dashboardName in DEFAULT_DASHBOARDS: + dbv = DashboardView.objects.filter(name=dashboardName) + if dbv: + dashboards.append(dbv[0]) + + return dashboards + # def get_roles(self): # from core.models.site import SitePrivilege # from core.models.slice import SliceMembership @@ -130,9 +179,61 @@ class User(AbstractBaseUser): def save(self, *args, **kwds): if not self.id: - self.set_password(self.password) + self.set_password(self.password) + if self.is_active: + if self.password=="!": + self.send_temporary_password() + self.username = self.email - super(User, self).save(*args, **kwds) + super(User, self).save(*args, **kwds) + + self._initial = self._dict + + def send_temporary_password(self): + password = User.objects.make_random_password() + self.set_password(password) + subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email) + text_content = 'This is an important message.' + userUrl="http://%s/" % get_request().get_host() + html_content = """

Your account has been created on OpenCloud. Please log in here to activate your account

Username: """+self.email+"""
Temporary Password: """+password+"""
Please change your password once you successully login into the site.

""" + msg = EmailMultiAlternatives(subject,text_content, from_email, [to]) + msg.attach_alternative(html_content, "text/html") + msg.send() + + def can_update_field(self, user, fieldName): + from core.models import SitePrivilege + if (user.is_admin): + # admin can update anything + return True + + # fields that a site PI can update + if fieldName in ["is_active", "is_readonly"]: + site_privs = SitePrivilege.objects.filter(user=user, site=self.site) + for site_priv in site_privs: + if site_priv.role.role == 'pi': + return True + + # fields that a user cannot update in his/her own record + if fieldName in ["is_admin", "is_active", "site", "is_staff", "is_readonly"]: + return False + + return True + + def can_update(self, user): + from core.models import SitePrivilege + if user.is_readonly: + return False + if user.is_admin: + return True + if (user.id == self.id): + return True + # site pis can update + site_privs = SitePrivilege.objects.filter(user=user, site=self.site) + for site_priv in site_privs: + if site_priv.role.role == 'pi': + return True + + return False @staticmethod def select_by_user(user): @@ -145,24 +246,26 @@ class User(AbstractBaseUser): sites = [sp.site for sp in site_privs if sp.role.role == 'pi'] # get site privs of users at these sites site_privs = SitePrivilege.objects.filter(site__in=sites) - user_ids = [sp.user.id for sp in site_privs] + [user.id] + user_ids = [sp.user.id for sp in site_privs] + [user.id] qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids)) - return qs + return qs - - -class UserDeployments(PlCoreBase): - user = models.ForeignKey(User) - deployment = models.ForeignKey(Deployment) - kuser_id = models.CharField(null=True, blank=True, max_length=200, help_text="Keystone user id") + def save_by_user(self, user, *args, **kwds): + if not self.can_update(user): + raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__) - def __unicode__(self): return u'%s %s' % (self.user, self.deployment.name) + for fieldName in self.changed_fields: + if not self.can_update_field(user, fieldName): + raise PermissionDenied("You do not have permission to update field %s in object %s" % (fieldName, self.__class__.__name__)) - @staticmethod - def select_by_user(user): - if user.is_admin: - qs = UserDeployments.objects.all() - else: - users = Users.select_by_user(user) - qs = Usereployments.objects.filter(user__in=slices) - return qs + self.save(*args, **kwds) + + def delete_by_user(self, user, *args, **kwds): + if not self.can_update(user): + raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__) + self.delete(*args, **kwds) + +class UserDashboardView(PlCoreBase): + user = models.ForeignKey(User, related_name="dashboardViews") + dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews") + order = models.IntegerField(default=0)