AiC and REST login

[myslice.git] / portal / managementtabrequests.py

diff --git a/portal/managementtabrequests.py b/portal/managementtabrequests.py
index 31cbb0d..2d1cdef 100644 (file)
--- a/portal/managementtabrequests.py
+++ b/portal/managementtabrequests.py
@@ -1,3 +1,5 @@
+import json
+
 from django.template                 import RequestContext
 from django.shortcuts                import render_to_response
 
@@ -7,6 +9,8 @@ from manifoldapi.manifoldapi         import execute_query
 from django.views.generic.base      import TemplateView
 
 from unfold.loginrequired           import LoginRequiredView
+from unfold.page                    import Page
+
 from django.http                    import HttpResponse
 from django.shortcuts               import render
 
@@ -16,8 +20,7 @@ from manifoldapi.manifoldapi        import execute_query
 from portal.actions                 import get_requests
 
 from myslice.theme import ThemeView
-
-import json
+from myslice.settings import logger
 
 class ManagementRequestsView (LoginRequiredView, ThemeView):
     template_name = "management-tab-requests.html"
@@ -45,7 +48,7 @@ class ManagementRequestsView (LoginRequiredView, ThemeView):
             sfa_platforms_query = Query().get('local:platform').filter_by('gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type')
             sfa_platforms = execute_query(self.request, sfa_platforms_query)
             for sfa_platform in sfa_platforms:
-                print "SFA PLATFORM > ", sfa_platform['platform']
+                logger.info("SFA PLATFORM > {}".format(sfa_platform['platform']))
                 if not 'auth_type' in sfa_platform:
                     continue
                 auth = sfa_platform['auth_type']
@@ -53,7 +56,7 @@ class ManagementRequestsView (LoginRequiredView, ThemeView):
                     all_authorities.append(auth)
                 platform_ids.append(sfa_platform['platform_id'])
 
-            print "W: Hardcoding platform myslice"
+            logger.warning("W: Hardcoding platform myslice")
             # There has been a tweak on how new platforms are referencing a
             # so-called 'myslice' platform for storing authentication tokens.
             # XXX This has to be removed in final versions.
@@ -73,35 +76,34 @@ class ManagementRequestsView (LoginRequiredView, ThemeView):
             
             for user_account in user_accounts:
 
-                print "USER ACCOUNT", user_account
                 if user_account['auth_type'] == 'reference':
                     continue # we hardcoded the myslice platform...
 
                 config = json.loads(user_account['config'])
                 creds = []
-                print "CONFIG KEYS", config.keys()
                 if 'authority_credentials' in config:
-                    print "***", config['authority_credentials'].keys()
                     for authority_hrn, credential in config['authority_credentials'].items():
                         credential_authorities.add(authority_hrn)
                 if 'delegated_authority_credentials' in config:
-                    print "***", config['delegated_authority_credentials'].keys()
                     for authority_hrn, credential in config['delegated_authority_credentials'].items():
                         credential_authorities.add(authority_hrn)
 
-            print 'credential_authorities =', credential_authorities
-            print 'credential_authorities_expired =', credential_authorities_expired
+            # CACHE PB with fields
+            page = Page(self.request)
+            metadata = page.get_metadata()
+            user_md = metadata.details_by_object('user')
+            user_fields = [column['name'] for column in user_md['column']]
 
             # ** Where am I a PI **
             # For this we need to ask SFA (of all authorities) = PI function
-            pi_authorities_query = Query.get('user').filter_by('user_hrn', '==', '$user_hrn').select('pi_authorities')
+            pi_authorities_query = Query.get('myslice:user').filter_by('user_hrn', '==', '$user_hrn').select(user_fields)
             pi_authorities_tmp = execute_query(self.request, pi_authorities_query)
             pi_authorities = set()
             try:
                 for pa in pi_authorities_tmp:
                     pi_authorities |= set(pa['pi_authorities'])
-            except:
-                print 'No pi_authorities'
+            except Exception as e:
+                logger.error('No pi_authorities')
 
             pi_credential_authorities = pi_authorities & credential_authorities
             pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
@@ -119,17 +121,21 @@ class ManagementRequestsView (LoginRequiredView, ThemeView):
 
             # iterate on the requests and check if the authority matches a prefix 
             # startswith an authority on which the user is PI
-            requests = get_requests()
+            if len(pi_my_authorities)>0:
+                requests = get_requests(pi_my_authorities)
+            else:
+                requests = get_requests()
             for r in requests:
                 auth_hrn = r['authority_hrn']
                 for my_auth in pi_my_authorities: 
                     if auth_hrn.startswith(my_auth):
                         dest = ctx_my_authorities
                         r['allowed'] = 'allowed'
-                for my_auth in pi_delegation_authorities:
-                    if auth_hrn.startswith(my_auth):
-                        dest = ctx_delegation_authorities
-                        r['allowed'] = 'allowed'
+
+                #for my_auth in pi_delegation_authorities:
+                #    if auth_hrn.startswith(my_auth):
+                #        dest = ctx_delegation_authorities
+                #        r['allowed'] = 'allowed'
                 if auth_hrn in pi_expired_credential_authorities:
                     r['allowed'] = 'expired'
                 if 'allowed' not in r: