portal/managementtabrequests.py

   1 import json
   2
   3 from django.template                 import RequestContext
   4 from django.shortcuts                import render_to_response
   5
   6 from manifold.core.query             import Query, AnalyzedQuery
   7 from manifoldapi.manifoldapi         import execute_query
   8
   9 from django.views.generic.base      import TemplateView
  10
  11 from unfold.loginrequired           import LoginRequiredView
  12 from unfold.page                    import Page
  13
  14 from django.http                    import HttpResponse
  15 from django.shortcuts               import render
  16
  17 from manifold.core.query            import Query, AnalyzedQuery
  18 from manifoldapi.manifoldapi        import execute_query
  19
  20 from portal.actions                 import get_requests
  21
  22 from myslice.theme import ThemeView
  23 from myslice.settings import logger
  24
  25 class ManagementRequestsView (LoginRequiredView, ThemeView):
  26     template_name = "management-tab-requests.html"
  27
  28     def get_context_data(self, **kwargs):
  29
  30         ctx_my_authorities = {}
  31         ctx_delegation_authorities = {}
  32         ctx_sub_authorities = {}
  33         dest = {}
  34
  35
  36         # The user need to be logged in
  37         if (self.request.user):
  38
  39             user_query = Query().get('local:user').filter_by('email', '==', self.request.user.email).select('user_id')
  40             user, = execute_query(self.request, user_query)
  41             user_id = user['user_id']
  42
  43             # Query manifold to learn about available SFA platforms for more information
  44             # In general we will at least have the portal
  45             # For now we are considering all registries
  46             all_authorities = []
  47             platform_ids = []
  48             sfa_platforms_query = Query().get('local:platform').filter_by('gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type')
  49             sfa_platforms = execute_query(self.request, sfa_platforms_query)
  50             for sfa_platform in sfa_platforms:
  51                 logger.info("SFA PLATFORM > {}".format(sfa_platform['platform']))
  52                 if not 'auth_type' in sfa_platform:
  53                     continue
  54                 auth = sfa_platform['auth_type']
  55                 if not auth in all_authorities:
  56                     all_authorities.append(auth)
  57                 platform_ids.append(sfa_platform['platform_id'])
  58
  59             logger.warning("W: Hardcoding platform myslice")
  60             # There has been a tweak on how new platforms are referencing a
  61             # so-called 'myslice' platform for storing authentication tokens.
  62             # XXX This has to be removed in final versions.
  63             myslice_platforms_query = Query().get('local:platform').filter_by('platform', '==', 'myslice').select('platform_id')
  64             myslice_platforms = execute_query(self.request, myslice_platforms_query)
  65             if myslice_platforms:
  66                 myslice_platform, = myslice_platforms
  67                 platform_ids.append(myslice_platform['platform_id'])
  68
  69             # We can check on which the user has authoritity credentials = PI rights
  70             credential_authorities = set()
  71             credential_authorities_expired = set()
  72
  73             # User account on these registries
  74             user_accounts_query = Query.get('local:account').filter_by('user_id', '==', user_id).filter_by('platform_id', 'included', platform_ids).select('auth_type', 'config')
  75             user_accounts = execute_query(self.request, user_accounts_query)
  76
  77             for user_account in user_accounts:
  78
  79                 if user_account['auth_type'] == 'reference':
  80                     continue # we hardcoded the myslice platform...
  81
  82                 config = json.loads(user_account['config'])
  83                 creds = []
  84                 if 'authority_credentials' in config:
  85                     for authority_hrn, credential in config['authority_credentials'].items():
  86                         credential_authorities.add(authority_hrn)
  87                 if 'delegated_authority_credentials' in config:
  88                     for authority_hrn, credential in config['delegated_authority_credentials'].items():
  89                         credential_authorities.add(authority_hrn)
  90
  91             # CACHE PB with fields
  92             page = Page(self.request)
  93             metadata = page.get_metadata()
  94             user_md = metadata.details_by_object('user')
  95             user_fields = [column['name'] for column in user_md['column']]
  96
  97             # ** Where am I a PI **
  98             # For this we need to ask SFA (of all authorities) = PI function
  99             pi_authorities_query = Query.get('myslice:user').filter_by('user_hrn', '==', '$user_hrn').select(user_fields)
 100             pi_authorities_tmp = execute_query(self.request, pi_authorities_query)
 101             pi_authorities = set()
 102             try:
 103                 for pa in pi_authorities_tmp:
 104                     pi_authorities |= set(pa['pi_authorities'])
 105             except Exception as e:
 106                 logger.error('No pi_authorities')
 107
 108             pi_credential_authorities = pi_authorities & credential_authorities
 109             pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
 110             pi_expired_credential_authorities = pi_authorities & credential_authorities_expired
 111             # Authorities I've been delegated PI rights
 112             pi_delegation_credential_authorities = credential_authorities - pi_authorities
 113             pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities
 114
 115             # Summary intermediary
 116             pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities
 117             pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities
 118
 119             # Summary all
 120             queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities
 121
 122             # iterate on the requests and check if the authority matches a prefix
 123             # startswith an authority on which the user is PI
 124             if len(pi_my_authorities)>0:
 125                 requests = get_requests(pi_my_authorities)
 126             else:
 127                 requests = get_requests()
 128             for r in requests:
 129                 auth_hrn = r['authority_hrn']
 130                 for my_auth in pi_my_authorities:
 131                     if auth_hrn.startswith(my_auth):
 132                         dest = ctx_my_authorities
 133                         r['allowed'] = 'allowed'
 134
 135                 #for my_auth in pi_delegation_authorities:
 136                 #    if auth_hrn.startswith(my_auth):
 137                 #        dest = ctx_delegation_authorities
 138                 #        r['allowed'] = 'allowed'
 139                 if auth_hrn in pi_expired_credential_authorities:
 140                     r['allowed'] = 'expired'
 141                 if 'allowed' not in r:
 142                     ## TEMP FIX for allowing new authority registration
 143                     #r['allowed'] = 'denied'
 144                     r['allowed'] = 'allowed'
 145
 146                 if not auth_hrn in dest:
 147                     dest[auth_hrn] = []
 148                 dest[auth_hrn].append(r)
 149
 150
 151 #         env = {}
 152 #         env['my_authorities']   = ctx_my_authorities
 153 #         env['sub_authorities']   = ctx_sub_authorities
 154 #         env['delegation_authorities'] = ctx_delegation_authorities
 155 #
 156 #         # XXX This is repeated in all pages
 157 #         # more general variables expected in the template
 158 #         # the menu items on the top
 159 #         #env['topmenu_items'] = topmenu_items_live('Validation', page)
 160 #         # so we can sho who is logged
 161 #         env['username'] = request.user
 162 #         env['pi'] = "is_pi"
 163 #         env['theme'] = self.theme
 164 #         env['section'] = "Requests"
 165
 166         context = super(ManagementRequestsView, self).get_context_data(**kwargs)
 167
 168
 169         context['my_authorities']   = ctx_my_authorities
 170         context['sub_authorities']   = ctx_sub_authorities
 171         context['delegation_authorities'] = ctx_delegation_authorities
 172
 173         # XXX This is repeated in all pages
 174         # more general variables expected in the template
 175         context['title'] = 'Test view that combines various plugins'
 176         # the menu items on the top
 177         #context['topmenu_items'] = topmenu_items_live('Validation', page)
 178         # so we can sho who is logged
 179         context['username'] = self.request.user
 180         context['pi'] = "is_pi"
 181         context['theme'] = self.theme
 182         context['section'] = "Requests"
 183         # XXX We need to prepare the page for queries
 184         #context.update(page.prelude_env())
 185
 186         return context
 187
 188         #return render_to_response(self.template, env, context_instance=RequestContext(request))