git://git.onelab.eu / myslice.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
improved request validation
[myslice.git] / portal / views.py
diff --git a/portal/views.py b/portal/views.py
index cf5f59d..87f6cb6 100644 (file)
--- a/portal/views.py
+++ b/portal/views.py
@@ -27,18 +27,22 @@ from django.contrib              import messages
 from django.views.generic        import View
 from django.views.generic.base   import TemplateView
 from django.shortcuts            import render
+from django.template.loader      import render_to_string
+from django.core.mail            import send_mail
 
 from plugins.lists.simplelist    import SimpleList
-
+from plugins.hazelnut            import Hazelnut
 from plugins.pres_view           import PresView
 from portal.event import Event
 import json
 
 from portal                      import signals
-from portal.forms                import UserRegisterForm, SliceRequestForm, ContactForm
+from portal.forms                import SliceRequestForm, ContactForm
 from portal.util                 import RegistrationView, ActivationView
 from portal.models               import PendingUser, PendingSlice
+from portal.actions              import authority_get_pi_emails, get_request_by_authority
 from manifold.core.query         import Query
+from manifold.manifoldapi        import execute_query
 from unfold.page                 import Page
 from myslice.viewutils           import topmenu_items, the_user
 from django.http                 import HttpResponseRedirect, HttpResponse
@@ -61,6 +65,8 @@ class DashboardView(TemplateView):
         #slice_query = Query().get('slice').filter_by('user.user_hrn', 'contains', user_hrn).select('slice_hrn')
         slice_query = Query().get('user').filter_by('user_hrn', '==', '$user_hrn').select('user_hrn', 'slice.slice_hrn')
         auth_query  = Query().get('network').select('network_hrn')
+        print "AUTH QUERY =====================", auth_query
+        print "filter", auth_query.filters
         page.enqueue_query(slice_query)
         page.enqueue_query(auth_query)
 
@@ -479,6 +485,114 @@ def my_account(request):
         'username': the_user (request)
     })
 
+# View for platforms
+class PlatformsView(TemplateView):
+    template_name = "platforms.html"
+
+    def get_context_data(self, **kwargs):
+        page = Page(self.request)
+
+        network_query  = Query().get('local:platform').filter_by('disabled', '==', '0').select('platform','platform_longname','gateway_type')
+        page.enqueue_query(network_query)
+
+        page.expose_js_metadata()
+        page.expose_queries()
+        networklist = Hazelnut(
+            page  = page,
+            title = 'List',
+            domid = 'checkboxes',
+            # this is the query at the core of the slice list
+            query = network_query,
+            query_all = network_query,
+            checkboxes = False,
+            datatables_options = {
+            # for now we turn off sorting on the checkboxes columns this way
+            # this of course should be automatic in hazelnut
+            'aoColumns'      : [None, None, None, None, {'bSortable': False}],
+            'iDisplayLength' : 25,
+            'bLengthChange'  : True,
+            },
+        )
+#
+#        networklist = SimpleList(
+#            title = None,
+#            page  = page,
+#            key   = 'platform',
+#            query = network_query,
+#        )
+
+        context = super(PlatformsView, self).get_context_data(**kwargs)
+        context['person']   = self.request.user
+        context['networks'] = networklist.render(self.request)
+
+        # XXX This is repeated in all pages
+        # more general variables expected in the template
+        context['title'] = 'Platforms connected to MySlice'
+        # the menu items on the top
+        context['topmenu_items'] = topmenu_items('Platforms', self.request)
+        # so we can sho who is logged
+        context['username'] = the_user(self.request)
+
+        context.update(page.prelude_env())
+
+        return context
+
+# View for 1 platform and its details
+class PlatformView(TemplateView):
+    template_name = "platform.html"
+
+    def get_context_data(self, **kwargs):
+        page = Page(self.request)
+
+        for key, value in kwargs.iteritems():
+            print "%s = %s" % (key, value)       
+            if key == "platformname":
+                platformname=value
+                
+        network_query  = Query().get('local:platform').filter_by('platform', '==', platformname).select('platform','platform_longname','gateway_type')
+        page.enqueue_query(network_query)
+
+        page.expose_js_metadata()
+        page.expose_queries()
+        networklist = Hazelnut(
+            page  = page,
+            title = 'List',
+            domid = 'checkboxes',
+            # this is the query at the core of the slice list
+            query = network_query,
+            query_all = network_query,
+            checkboxes = False,
+            datatables_options = {
+            # for now we turn off sorting on the checkboxes columns this way
+            # this of course should be automatic in hazelnut
+            'aoColumns'      : [None, None, None, None, {'bSortable': False}],
+            'iDisplayLength' : 25,
+            'bLengthChange'  : True,
+            },
+        )
+#
+#        networklist = SimpleList(
+#            title = None,
+#            page  = page,
+#            key   = 'platform',
+#            query = network_query,
+#        )
+
+        context = super(PlatformView, self).get_context_data(**kwargs)
+        context['person']   = self.request.user
+        context['networks'] = networklist.render(self.request)
+
+        # XXX This is repeated in all pages
+        # more general variables expected in the template
+        context['title'] = 'Platforms connected to MySlice'
+        # the menu items on the top
+        context['topmenu_items'] = topmenu_items('Platforms', self.request)
+        # so we can sho who is logged
+        context['username'] = the_user(self.request)
+
+        context.update(page.prelude_env())
+
+        return context
 
 #my_acc form value processing
 def acc_process(request):
@@ -573,11 +687,19 @@ def acc_process(request):
 
 def register_4m_f4f(request):
     errors = []
+
+    authorities_query = Query.get('authority').filter_by('authority_hrn', 'included', ['ple.inria', 'ple.upmc']).select('name', 'authority_hrn')
+    #authorities_query = Query.get('authority').select('authority_hrn')
+    authorities = execute_query(request, authorities_query)
+
     if request.method == 'POST':
+        # We shall use a form here
+
         #get_email = PendingUser.objects.get(email)
         reg_fname = request.POST.get('firstname', '')
         reg_lname = request.POST.get('lastname', '')
         reg_aff = request.POST.get('affiliation','')
+        reg_auth = request.POST.get('authority_hrn', '')
         reg_email = request.POST.get('email','').lower()
         
         #POST value validation  
@@ -593,6 +715,7 @@ def register_4m_f4f(request):
             errors.append('Affiliation may contain only letters, numbers, spaces and @/./+/-/_ characters.')
             #return HttpResponse("Only Letters, Numbers and _ is allowed in Affiliation")
             #return render(request, 'register_4m_f4f.html')
+        # XXX validate authority hrn !!
         if PendingUser.objects.filter(email__iexact=reg_email):
             errors.append('Email already registered.Please provide a new email address.')
             #return HttpResponse("Email Already exists")
@@ -645,9 +768,35 @@ def register_4m_f4f(request):
         #                email=reg_email, password=request.POST['password'], keypair=keypair)
         #b.save()
         if not errors:
-            b = PendingUser(first_name=reg_fname, last_name=reg_lname, affiliation=reg_aff,
-                            email=reg_email, password=request.POST['password'], keypair=keypair)
+            b = PendingUser(
+                first_name=reg_fname, 
+                last_name=reg_lname, 
+                affiliation=reg_aff,
+                authority_hrn=reg_auth,
+                email=reg_email, 
+                password=request.POST['password'],
+                keypair=keypair
+            )
             b.save()
+
+            # Send email
+            ctx = {
+                first_name   : reg_fname, 
+                last_name    : reg_lname, 
+                affiliation  : reg_aff,
+                authority_hrn: reg_auth,
+                email        : reg_email, 
+                keypair      : keypair,
+                cc_myself    : True # form.cleaned_data['cc_myself']
+            }
+
+            recipients = authority_get_pi_emails(authority_hrn)
+            if ctx['cc_myself']:
+                recipients.append(ctx['email'])
+
+            msg = render_to_string('user_request_email.txt', ctx)
+            send_mail("Onelab New User request submitted", msg, email, recipients)
+
             return render(request, 'user_register_complete.html')
 
     return render(request, 'register_4m_f4f.html',{
@@ -656,8 +805,10 @@ def register_4m_f4f(request):
         'firstname': request.POST.get('firstname', ''),
         'lastname': request.POST.get('lastname', ''),
         'affiliation': request.POST.get('affiliation', ''),
+        'authority_hrn': request.POST.get('authority_hrn', ''),
         'email': request.POST.get('email', ''),
         'password': request.POST.get('password', ''),           
+        'authorities': authorities
     })        
     
 
@@ -675,6 +826,7 @@ def contact(request):
             email = form.cleaned_data['email'] # email of the sender
             cc_myself = form.cleaned_data['cc_myself']
 
+            #recipients = authority_get_pi_emails(authority_hrn)
             recipients = ['yasin.upmc@gmail.com']
             if cc_myself:
                 recipients.append(email)
@@ -694,26 +846,54 @@ def contact(request):
 
 
 def slice_request(request):
-    if request.method == 'POST': # If the form has been submitted...
-        form = SliceRequestForm(request.POST) # A form bound to the POST data
-        if form.is_valid(): # All validation rules pass
-            # Process the data in form.cleaned_data
-            slice_name = form.cleaned_data['slice_name']
+    errors = []
+
+    authorities_query = Query.get('authority').filter_by('authority_hrn', 'included', ['ple.inria', 'ple.upmc']).select('name', 'authority_hrn')
+    #authorities_query = Query.get('authority').select('authority_hrn')
+    authorities = execute_query(request, authorities_query)
+
+    authority_hrn_tuple = []
+    for authority in authorities:
+        authority_hrn_tuple.append((authority['authority_hrn'], authority['name']))
+    authority_hrn_initial = {'authority_hrn': authority_hrn_tuple}
+        
+    # request.POST or None ?
+    if request.method == 'POST':
+        # The form has been submitted
+        form = SliceRequestForm(request.POST, initial=authority_hrn_initial) 
+
+        if form.is_valid():
+            slice_name      = form.cleaned_data['slice_name']
+            authority_hrn   = form.cleaned_data['authority_hrn']
             number_of_nodes = form.cleaned_data['number_of_nodes']
-            type_of_nodes = form.cleaned_data['type_of_nodes']
-            purpose = form.cleaned_data['purpose']
+            type_of_nodes   = form.cleaned_data['type_of_nodes']
+            purpose         = form.cleaned_data['purpose']
+            
+            s = PendingSlice(
+                slice_name      = slice_name,
+                authority_hrn   = authority_hrn,
+                number_of_nodes = number_of_nodes,
+                type_of_nodes   = type_of_nodes,
+                purpose         = purpose
+            )
+            s.save()
+
+            # All validation rules pass; process data in form.cleaned_data
+            # slice_name, number_of_nodes, type_of_nodes, purpose
             email = form.cleaned_data['email'] # email of the sender
             cc_myself = form.cleaned_data['cc_myself']
 
-            recipients = ['yasin.upmc@gmail.com','jordan.auge@lip6.fr']
+            # The recipients are the PI of the authority
+            recipients = authority_get_pi_emails(authority_hrn)
+            #recipients = ['yasin.upmc@gmail.com','jordan.auge@lip6.fr']
             if cc_myself:
                 recipients.append(email)
+            msg = render_to_string('slice_request_email.txt', form.cleaned_data)
+            send_mail("Onelab New Slice request form submitted", msg, email, recipients)
 
-            from django.core.mail import send_mail
-            send_mail("Onelab New Slice request form submitted", [slice_name,number_of_nodes,type_of_nodes,purpose], email, recipients)
             return render(request,'slicereq_recvd.html') # Redirect after POST
     else:
-        form = SliceRequestForm() # An unbound form
+        form = SliceRequestForm(initial=authority_hrn_initial)
 
 #    template_env = {}
 #    template_env['form'] = form
@@ -904,3 +1084,165 @@ def pres_view_static(request, constraints, id):
 
     json_answer = json.dumps(cmd)
     return HttpResponse (json_answer, mimetype="application/json")
+
+class ValidatePendingView(TemplateView):
+    template_name = "validate_pending.html"
+
+    def get_context_data(self, **kwargs):
+        # We might have slices on different registries with different user accounts 
+        # We note that this portal could be specific to a given registry, to which we register users, but i'm not sure that simplifies things
+        # Different registries mean different identities, unless we identify via SFA HRN or have associated the user email to a single hrn
+
+        #messages.info(self.request, 'You have logged in')
+        page = Page(self.request)
+
+        ctx_my_authorities = {}
+        ctx_delegation_authorities = {}
+
+
+        # The user need to be logged in
+        if the_user(self.request):
+            # Who can a PI validate:
+            # His own authorities + those he has credentials for.
+            # In MySlice we need to look at credentials also.
+            
+
+            # XXX This will have to be asynchroneous. Need to implement barriers,
+            # for now it will be sufficient to have it working statically
+
+            # get user_id to later on query accounts
+            # XXX Having real query plan on local tables would simplify all this
+            # XXX $user_email is still not available for local tables
+            #user_query = Query().get('local:user').filter_by('email', '==', '$user_email').select('user_id')
+            user_query = Query().get('local:user').filter_by('email', '==', the_user(self.request)).select('user_id')
+            user, = execute_query(self.request, user_query)
+            user_id = user['user_id']
+
+            # Query manifold to learn about available SFA platforms for more information
+            # In general we will at least have the portal
+            # For now we are considering all registries
+            all_authorities = []
+            platform_ids = []
+            sfa_platforms_query = Query().get('local:platform').filter_by('gateway_type', '==', 'sfa').select('platform_id', 'platform', 'auth_type')
+            sfa_platforms = execute_query(self.request, sfa_platforms_query)
+            for sfa_platform in sfa_platforms:
+                print "SFA PLATFORM > ", sfa_platform['platform']
+                if not 'auth_type' in sfa_platform:
+                    continue
+                auth = sfa_platform['auth_type']
+                if not auth in all_authorities:
+                    all_authorities.append(auth)
+                platform_ids.append(sfa_platform['platform_id'])
+
+            # We can check on which the user has authoritity credentials = PI rights
+            credential_authorities = set()
+            credential_authorities_expired = set()
+
+            # User account on these registries
+            user_accounts_query = Query.get('local:account').filter_by('user_id', '==', user_id).filter_by('platform_id', 'included', platform_ids).select('config')
+            user_accounts = execute_query(self.request, user_accounts_query)
+            #print "=" * 80
+            #print user_accounts
+            #print "=" * 80
+            for user_account in user_accounts:
+                config = json.loads(user_account['config'])
+                creds = []
+                if 'authority_credentials' in config:
+                    for authority_hrn, credential in config['authority_credentials'].items():
+                        #if credential is not expired:
+                        credential_authorities.add(authority_hrn)
+                        #else
+                        #    credential_authorities_expired.add(authority_hrn)
+                if 'delegated_authority_credentials' in config:
+                    for authority_hrn, credential in config['delegated_authority_credentials'].items():
+                        #if credential is not expired:
+                        credential_authorities.add(authority_hrn)
+                        #else
+                        #    credential_authorities_expired.add(authority_hrn)
+
+            print 'credential_authorities =', credential_authorities
+            print 'credential_authorities_expired =', credential_authorities_expired
+
+            # ** Where am I a PI **
+            # For this we need to ask SFA (of all authorities) = PI function
+            pi_authorities_query = Query.get('user').filter_by('user_hrn', '==', '$user_hrn').select('pi_authorities')
+            pi_authorities_tmp = execute_query(self.request, pi_authorities_query)
+            pi_authorities = set()
+            for pa in pi_authorities_tmp:
+                pi_authorities |= set(pa['pi_authorities'])
+
+            print "pi_authorities =", pi_authorities
+            
+            # My authorities + I have a credential
+            pi_credential_authorities = pi_authorities & credential_authorities
+            pi_no_credential_authorities = pi_authorities - credential_authorities - credential_authorities_expired
+            pi_expired_credential_authorities = pi_authorities & credential_authorities_expired
+            # Authorities I've been delegated PI rights
+            pi_delegation_credential_authorities = credential_authorities - pi_authorities
+            pi_delegation_expired_authorities = credential_authorities_expired - pi_authorities
+
+            print "pi_credential_authorities =", pi_credential_authorities
+            print "pi_no_credential_authorities =", pi_no_credential_authorities
+            print "pi_expired_credential_authorities =", pi_expired_credential_authorities
+            print "pi_delegation_credential_authorities = ", pi_delegation_credential_authorities
+            print "pi_delegation_expired_authorities = ", pi_delegation_expired_authorities
+
+            # Summary intermediary
+            pi_my_authorities = pi_credential_authorities | pi_no_credential_authorities | pi_expired_credential_authorities
+            pi_delegation_authorities = pi_delegation_credential_authorities | pi_delegation_expired_authorities
+
+            print "--"
+            print "pi_my_authorities = ", pi_my_authorities
+            print "pi_delegation_authorities = ", pi_delegation_authorities
+
+            # Summary all
+            queried_pending_authorities = pi_my_authorities | pi_delegation_authorities
+            print "----"
+            print "queried_pending_authorities = ", queried_pending_authorities
+
+            requests = get_request_by_authority(queried_pending_authorities)
+            for request in requests:
+                auth_hrn = request['authority_hrn']
+
+                if auth_hrn in pi_my_authorities:
+                    dest = ctx_my_authorities
+
+                    # define the css class
+                    if auth_hrn in pi_credential_authorities:
+                        request['allowed'] = 'allowed'
+                    elif auth_hrn in pi_expired_credential_authorities:
+                        request['allowed'] = 'expired'
+                    else: # pi_no_credential_authorities
+                        request['allowed'] = 'denied'
+
+                elif auth_hrn in pi_delegation_authorities:
+                    dest = ctx_delegation_authorities
+
+                    if auth_hrn in pi_delegation_credential_authorities:
+                        request['allowed'] = 'allowed'
+                    else: # pi_delegation_expired_authorities
+                        request['allowed'] = 'expired'
+
+                else:
+                    continue
+
+                if not auth_hrn in dest:
+                    dest[auth_hrn] = []
+                dest[auth_hrn].append(request) 
+        
+        context = super(ValidatePendingView, self).get_context_data(**kwargs)
+        context['my_authorities']   = ctx_my_authorities
+        context['delegation_authorities'] = ctx_delegation_authorities
+
+        # XXX This is repeated in all pages
+        # more general variables expected in the template
+        context['title'] = 'Test view that combines various plugins'
+        # the menu items on the top
+        context['topmenu_items'] = topmenu_items('Dashboard', self.request) 
+        # so we can sho who is logged
+        context['username'] = the_user(self.request) 
+
+        # XXX We need to prepare the page for queries
+        #context.update(page.prelude_env())
+
+        return context
myslice (django)