# Mark Huang <mlhuang@cs.princeton.edu>
# Copyright (C) 2006 The Trustees of Princeton University
#
-# $Id: Persons.py,v 1.1 2006/09/06 15:36:07 mlhuang Exp $
-#
from types import StringTypes
-from datetime import datetime
-import md5
+try:
+ from hashlib import md5
+except ImportError:
+ from md5 import md5
import time
from random import Random
import re
+import crypt
from PLC.Faults import *
-from PLC.Parameter import Parameter
-from PLC.Debug import profile
+from PLC.Parameter import Parameter, Mixed
+from PLC.Filter import Filter
from PLC.Table import Row, Table
-from PLC.Roles import Roles
-from PLC.Addresses import Address, Addresses
+from PLC.Roles import Role, Roles
from PLC.Keys import Key, Keys
-from PLC import md5crypt
-import PLC.Sites
+from PLC.Messages import Message, Messages
class Person(Row):
"""
Representation of a row in the persons table. To use, optionally
instantiate with a dict of values. Update as you would a
- dict. Commit to the database with flush().
+ dict. Commit to the database with sync().
"""
+ table_name = 'persons'
+ primary_key = 'person_id'
+ join_tables = ['person_key', 'person_role', 'person_site', 'slice_person', 'person_session', 'peer_person']
fields = {
- 'person_id': Parameter(int, "Account identifier"),
- 'first_name': Parameter(str, "Given name"),
- 'last_name': Parameter(str, "Surname"),
- 'title': Parameter(str, "Title"),
- 'email': Parameter(str, "Primary e-mail address"),
- 'phone': Parameter(str, "Telephone number"),
- 'url': Parameter(str, "Home page"),
- 'bio': Parameter(str, "Biography"),
- 'accepted_aup': Parameter(bool, "Has accepted the AUP"),
+ 'person_id': Parameter(int, "User identifier"),
+ 'first_name': Parameter(str, "Given name", max = 128),
+ 'last_name': Parameter(str, "Surname", max = 128),
+ 'title': Parameter(str, "Title", max = 128, nullok = True),
+ 'email': Parameter(str, "Primary e-mail address", max = 254),
+ 'phone': Parameter(str, "Telephone number", max = 64, nullok = True),
+ 'url': Parameter(str, "Home page", max = 254, nullok = True),
+ 'bio': Parameter(str, "Biography", max = 254, nullok = True),
'enabled': Parameter(bool, "Has been enabled"),
- 'deleted': Parameter(bool, "Has been deleted"),
- 'password': Parameter(str, "Account password in crypt() form"),
- 'last_updated': Parameter(str, "Date and time of last update"),
- 'date_created': Parameter(str, "Date and time when account was created"),
- }
-
- # These fields are derived from join tables and are not actually
- # in the persons table.
- join_fields = {
+ 'password': Parameter(str, "Account password in crypt() form", max = 254),
+ 'verification_key': Parameter(str, "Reset password key", max = 254, nullok = True),
+ 'verification_expires': Parameter(int, "Date and time when verification_key expires", nullok = True),
+ 'last_updated': Parameter(int, "Date and time of last update", ro = True),
+ 'date_created': Parameter(int, "Date and time when account was created", ro = True),
'role_ids': Parameter([int], "List of role identifiers"),
'roles': Parameter([str], "List of roles"),
'site_ids': Parameter([int], "List of site identifiers"),
- }
-
- # These fields are derived from join tables and are not returned
- # by default unless specified.
- extra_fields = {
- 'address_ids': Parameter([int], "List of address identifiers"),
'key_ids': Parameter([int], "List of key identifiers"),
'slice_ids': Parameter([int], "List of slice identifiers"),
+ 'peer_id': Parameter(int, "Peer to which this user belongs", nullok = True),
+ 'peer_person_id': Parameter(int, "Foreign user identifier at peer", nullok = True),
+ 'person_tag_ids' : Parameter ([int], "List of tags attached to this person"),
}
-
- default_fields = dict(fields.items() + join_fields.items())
- all_fields = dict(default_fields.items() + extra_fields.items())
-
- def __init__(self, api, fields):
- Row.__init__(self, fields)
- self.api = api
+ related_fields = {
+ 'roles': [Mixed(Parameter(int, "Role identifier"),
+ Parameter(str, "Role name"))],
+ 'sites': [Mixed(Parameter(int, "Site identifier"),
+ Parameter(str, "Site name"))],
+ 'keys': [Mixed(Parameter(int, "Key identifier"),
+ Filter(Key.fields))],
+ 'slices': [Mixed(Parameter(int, "Slice identifier"),
+ Parameter(str, "Slice name"))]
+ }
+ view_tags_name = "view_person_tags"
+ # tags are used by the Add/Get/Update methods to expose tags
+ # this is initialized here and updated by the accessors factory
+ tags = { }
def validate_email(self, email):
"""
Validate email address. Stolen from Mailman.
"""
+ email = email.lower()
+ invalid_email = PLCInvalidArgument("Invalid e-mail address %s"%email)
- invalid_email = PLCInvalidArgument("Invalid e-mail address")
- email_badchars = r'[][()<>|;^,\200-\377]'
-
- # Pretty minimal, cheesy check. We could do better...
- if not email or email.count(' ') > 0:
- raise invalid_email
- if re.search(email_badchars, email) or email[0] == '-':
+ if not email:
raise invalid_email
- email = email.lower()
- at_sign = email.find('@')
- if at_sign < 1:
+ email_re = re.compile('\A[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9._\-]+\.[a-zA-Z]+\Z')
+ if not email_re.match(email):
raise invalid_email
- user = email[:at_sign]
- rest = email[at_sign+1:]
- domain = rest.split('.')
- # This means local, unqualified addresses, are no allowed
- if not domain:
- raise invalid_email
- if len(domain) < 2:
- raise invalid_email
+ # check only against users on the same peer
+ if 'peer_id' in self:
+ namespace_peer_id = self['peer_id']
+ else:
+ namespace_peer_id = None
+
+ conflicts = Persons(self.api, {'email':email,'peer_id':namespace_peer_id})
- conflicts = Persons(self.api, [email])
- for person_id, person in conflicts.iteritems():
- if not person['deleted'] and ('person_id' not in self or self['person_id'] != person_id):
+ for person in conflicts:
+ if 'person_id' not in self or self['person_id'] != person['person_id']:
raise PLCInvalidArgument, "E-mail address already in use"
return email
database.
"""
- if len(password) > len(md5crypt.MAGIC) and \
- password[0:len(md5crypt.MAGIC)] == md5crypt.MAGIC:
+ magic = "$1$"
+
+ if len(password) > len(magic) and \
+ password[0:len(magic)] == magic:
return password
else:
- # Generate a somewhat unique 2 character salt string
+ # Generate a somewhat unique 8 character salt string
salt = str(time.time()) + str(Random().random())
- salt = md5.md5(salt).hexdigest()[:8]
- return md5crypt.md5crypt(password, salt)
-
- def validate_role_ids(self, role_ids):
- """
- Ensure that the specified role_ids are all valid.
- """
-
- roles = Roles(self.api)
- for role_id in role_ids:
- if role_id not in roles:
- raise PLCInvalidArgument, "No such role"
-
- return role_ids
-
- def validate_site_ids(self, site_ids):
- """
- Ensure that the specified site_ids are all valid.
- """
+ salt = md5(salt).hexdigest()[:8]
+ return crypt.crypt(password.encode(self.api.encoding), magic + salt + "$")
- sites = PLC.Sites.Sites(self.api, site_ids)
- for site_id in site_ids:
- if site_id not in sites:
- raise PLCInvalidArgument, "No such site"
-
- return site_ids
+ validate_date_created = Row.validate_timestamp
+ validate_last_updated = Row.validate_timestamp
+ validate_verification_expires = Row.validate_timestamp
def can_update(self, person):
"""
if 'pi' in self['roles']:
if set(self['site_ids']).intersection(person['site_ids']):
- # Can update people with higher role IDs
- return min(self['role_ids']) < min(person['role_ids'])
+ # non-admin users cannot update a person who is neither a PI or ADMIN
+ return (not set(['pi','admin']).intersection(person['roles']))
return False
1. We are the person.
2. We are an admin.
- 3. We are a PI and the person is at one of our sites.
+ 3. We are a PI or Tech and the person is at one of our sites.
"""
assert isinstance(person, Person)
if self.can_update(person):
return True
- if 'pi' in self['roles']:
+ # pis and techs can see all people on their site
+ if set(['pi','tech']).intersection(self['roles']):
if set(self['site_ids']).intersection(person['site_ids']):
- # Can view people with equal or higher role IDs
- return min(self['role_ids']) <= min(person['role_ids'])
+ return True
return False
- def add_role(self, role_id, commit = True):
- """
- Add role to existing account.
- """
-
- assert 'person_id' in self
-
- person_id = self['person_id']
- self.api.db.do("INSERT INTO person_roles (person_id, role_id)" \
- " VALUES(%(person_id)d, %(role_id)d)",
- locals())
-
- if commit:
- self.api.db.commit()
-
- assert 'role_ids' in self
- if role_id not in self['role_ids']:
- self['role_ids'].append(role_id)
-
- def remove_role(self, role_id, commit = True):
- """
- Remove role from existing account.
- """
-
- assert 'person_id' in self
-
- person_id = self['person_id']
- self.api.db.do("DELETE FROM person_roles" \
- " WHERE person_id = %(person_id)d" \
- " AND role_id = %(role_id)d",
- locals())
-
- if commit:
- self.api.db.commit()
+ add_role = Row.add_object(Role, 'person_role')
+ remove_role = Row.remove_object(Role, 'person_role')
- assert 'role_ids' in self
- if role_id in self['role_ids']:
- self['role_ids'].remove(role_id)
+ add_key = Row.add_object(Key, 'person_key')
+ remove_key = Row.remove_object(Key, 'person_key')
def set_primary_site(self, site, commit = True):
"""
- Set the primary site for an existing account.
+ Set the primary site for an existing user.
"""
assert 'person_id' in self
- assert isinstance(site, PLC.Sites.Site)
assert 'site_id' in site
person_id = self['person_id']
self['site_ids'].remove(site_id)
self['site_ids'].insert(0, site_id)
- def flush(self, commit = True):
+ def update_last_updated(self, commit = True):
"""
- Commit changes back to the database.
+ Update last_updated field with current time
"""
- self.validate()
+ assert 'person_id' in self
+ assert self.table_name
- # Fetch a new person_id if necessary
- if 'person_id' not in self:
- rows = self.api.db.selectall("SELECT NEXTVAL('persons_person_id_seq') AS person_id")
- if not rows:
- raise PLCDBError, "Unable to fetch new person_id"
- self['person_id'] = rows[0]['person_id']
- insert = True
- else:
- insert = False
+ self.api.db.do("UPDATE %s SET last_updated = CURRENT_TIMESTAMP " % (self.table_name) + \
+ " where person_id = %d" % (self['person_id']) )
+ self.sync(commit)
- # Filter out fields that cannot be set or updated directly
- fields = dict(filter(lambda (key, value): key in self.fields,
- self.items()))
+ def associate_roles(self, auth, field, value):
+ """
+ Adds roles found in value list to this person (using AddRoleToPerson).
+ Deletes roles not found in value list from this person (using DeleteRoleFromPerson).
+ """
- # Parameterize for safety
- keys = fields.keys()
- values = [self.api.db.param(key, value) for (key, value) in fields.items()]
+ assert 'role_ids' in self
+ assert 'person_id' in self
+ assert isinstance(value, list)
- if insert:
- # Insert new row in persons table
- sql = "INSERT INTO persons (%s) VALUES (%s)" % \
- (", ".join(keys), ", ".join(values))
- else:
- # Update existing row in persons table
- columns = ["%s = %s" % (key, value) for (key, value) in zip(keys, values)]
- sql = "UPDATE persons SET " + \
- ", ".join(columns) + \
- " WHERE person_id = %(person_id)d"
+ (role_ids, role_names) = self.separate_types(value)[0:2]
- self.api.db.do(sql, fields)
+ # Translate roles into role_ids
+ if role_names:
+ roles = Roles(self.api, role_names).dict('role_id')
+ role_ids += roles.keys()
- if commit:
- self.api.db.commit()
+ # Add new ids, remove stale ids
+ if self['role_ids'] != role_ids:
+ from PLC.Methods.AddRoleToPerson import AddRoleToPerson
+ from PLC.Methods.DeleteRoleFromPerson import DeleteRoleFromPerson
+ new_roles = set(role_ids).difference(self['role_ids'])
+ stale_roles = set(self['role_ids']).difference(role_ids)
- def delete(self, commit = True):
+ for new_role in new_roles:
+ AddRoleToPerson.__call__(AddRoleToPerson(self.api), auth, new_role, self['person_id'])
+ for stale_role in stale_roles:
+ DeleteRoleFromPerson.__call__(DeleteRoleFromPerson(self.api), auth, stale_role, self['person_id'])
+
+
+ def associate_sites(self, auth, field, value):
+ """
+ Adds person to sites found in value list (using AddPersonToSite).
+ Deletes person from site not found in value list (using DeletePersonFromSite).
+ """
+
+ from PLC.Sites import Sites
+
+ assert 'site_ids' in self
+ assert 'person_id' in self
+ assert isinstance(value, list)
+
+ (site_ids, site_names) = self.separate_types(value)[0:2]
+
+ # Translate roles into role_ids
+ if site_names:
+ sites = Sites(self.api, site_names, ['site_id']).dict('site_id')
+ site_ids += sites.keys()
+
+ # Add new ids, remove stale ids
+ if self['site_ids'] != site_ids:
+ from PLC.Methods.AddPersonToSite import AddPersonToSite
+ from PLC.Methods.DeletePersonFromSite import DeletePersonFromSite
+ new_sites = set(site_ids).difference(self['site_ids'])
+ stale_sites = set(self['site_ids']).difference(site_ids)
+
+ for new_site in new_sites:
+ AddPersonToSite.__call__(AddPersonToSite(self.api), auth, self['person_id'], new_site)
+ for stale_site in stale_sites:
+ DeletePersonFromSite.__call__(DeletePersonFromSite(self.api), auth, self['person_id'], stale_site)
+
+
+ def associate_keys(self, auth, field, value):
+ """
+ Deletes key_ids not found in value list (using DeleteKey).
+ Adds key if key_fields w/o key_id is found (using AddPersonKey).
+ Updates key if key_fields w/ key_id is found (using UpdateKey).
+ """
+ assert 'key_ids' in self
+ assert 'person_id' in self
+ assert isinstance(value, list)
+
+ (key_ids, blank, keys) = self.separate_types(value)
+
+ if self['key_ids'] != key_ids:
+ from PLC.Methods.DeleteKey import DeleteKey
+ stale_keys = set(self['key_ids']).difference(key_ids)
+
+ for stale_key in stale_keys:
+ DeleteKey.__call__(DeleteKey(self.api), auth, stale_key)
+
+ if keys:
+ from PLC.Methods.AddPersonKey import AddPersonKey
+ from PLC.Methods.UpdateKey import UpdateKey
+ updated_keys = filter(lambda key: 'key_id' in key, keys)
+ added_keys = filter(lambda key: 'key_id' not in key, keys)
+
+ for key in added_keys:
+ AddPersonKey.__call__(AddPersonKey(self.api), auth, self['person_id'], key)
+ for key in updated_keys:
+ key_id = key.pop('key_id')
+ UpdateKey.__call__(UpdateKey(self.api), auth, key_id, key)
+
+
+ def associate_slices(self, auth, field, value):
"""
- Delete existing account.
+ Adds person to slices found in value list (using AddPersonToSlice).
+ Deletes person from slices found in value list (using DeletePersonFromSlice).
"""
+ from PLC.Slices import Slices
+
+ assert 'slice_ids' in self
assert 'person_id' in self
+ assert isinstance(value, list)
+
+ (slice_ids, slice_names) = self.separate_types(value)[0:2]
+
+ # Translate roles into role_ids
+ if slice_names:
+ slices = Slices(self.api, slice_names, ['slice_id']).dict('slice_id')
+ slice_ids += slices.keys()
+
+ # Add new ids, remove stale ids
+ if self['slice_ids'] != slice_ids:
+ from PLC.Methods.AddPersonToSlice import AddPersonToSlice
+ from PLC.Methods.DeletePersonFromSlice import DeletePersonFromSlice
+ new_slices = set(slice_ids).difference(self['slice_ids'])
+ stale_slices = set(self['slice_ids']).difference(slice_ids)
+
+ for new_slice in new_slices:
+ AddPersonToSlice.__call__(AddPersonToSlice(self.api), auth, self['person_id'], new_slice)
+ for stale_slice in stale_slices:
+ DeletePersonFromSlice.__call__(DeletePersonFromSlice(self.api), auth, self['person_id'], stale_slice)
- # Make sure extra fields are present
- persons = Persons(self.api, [self['person_id']],
- ['address_ids', 'key_ids'])
- assert persons
- self.update(persons.values()[0])
- # Delete all addresses
- addresses = Addresses(self.api, self['address_ids'])
- for address in addresses.values():
- address.delete(commit = False)
+ def delete(self, commit = True):
+ """
+ Delete existing user.
+ """
# Delete all keys
keys = Keys(self.api, self['key_ids'])
- for key in keys.values():
+ for key in keys:
key.delete(commit = False)
# Clean up miscellaneous join tables
- for table in ['person_roles', 'person_capabilities', 'person_site',
- 'node_root_access', 'dslice03_sliceuser']:
- self.api.db.do("DELETE FROM %s" \
- " WHERE person_id = %d" % \
+ for table in self.join_tables:
+ self.api.db.do("DELETE FROM %s WHERE person_id = %d" % \
(table, self['person_id']))
# Mark as deleted
self['deleted'] = True
- self.flush(commit)
+
+ # delete will fail if timestamp fields aren't validated, so lets remove them
+ for field in ['verification_expires', 'date_created', 'last_updated']:
+ if field in self:
+ self.pop(field)
+
+ # don't validate, so duplicates can be consistently removed
+ self.sync(commit, validate=False)
class Persons(Table):
"""
Representation of row(s) from the persons table in the
- database. Specify deleted and/or enabled to force a match on
- whether a person is deleted and/or enabled. Default is to match on
- non-deleted accounts.
+ database.
"""
- def __init__(self, api, person_id_or_email_list = None, extra_fields = [], deleted = False, enabled = None):
- self.api = api
-
- role_max = Roles.role_max
-
- # N.B.: Site IDs returned may be deleted. Persons returned are
- # never deleted, but may not be enabled.
- sql = "SELECT persons.*" \
- ", roles.role_id, roles.name AS role" \
- ", person_site.site_id" \
-
- # N.B.: Joined IDs may be marked as deleted in their primary tables
- join_tables = {
- # extra_field: (extra_table, extra_column, join_using)
- 'address_ids': ('person_address', 'address_id', 'person_id'),
- 'key_ids': ('person_keys', 'key_id', 'person_id'),
- 'slice_ids': ('dslice03_sliceuser', 'slice_id', 'person_id'),
- }
-
- extra_fields = filter(join_tables.has_key, extra_fields)
- extra_tables = ["%s USING (%s)" % \
- (join_tables[field][0], join_tables[field][2]) \
- for field in extra_fields]
- extra_columns = ["%s.%s" % \
- (join_tables[field][0], join_tables[field][1]) \
- for field in extra_fields]
-
- if extra_columns:
- sql += ", " + ", ".join(extra_columns)
-
- sql += " FROM persons" \
- " LEFT JOIN person_roles USING (person_id)" \
- " LEFT JOIN roles USING (role_id)" \
- " LEFT JOIN person_site USING (person_id)"
-
- if extra_tables:
- sql += " LEFT JOIN " + " LEFT JOIN ".join(extra_tables)
-
- # So that people with no roles have empty role_ids and roles values
- sql += " WHERE (role_id IS NULL or role_id <= %(role_max)d)"
-
- if deleted is not None:
- sql += " AND persons.deleted IS %(deleted)s"
-
- if enabled is not None:
- sql += " AND persons.enabled IS %(enabled)s"
-
- if person_id_or_email_list:
- # Separate the list into integers and strings
- person_ids = filter(lambda person_id: isinstance(person_id, (int, long)),
- person_id_or_email_list)
- emails = filter(lambda email: isinstance(email, StringTypes),
- person_id_or_email_list)
- sql += " AND (False"
- if person_ids:
- sql += " OR person_id IN (%s)" % ", ".join(map(str, person_ids))
- if emails:
- # Case insensitive e-mail address comparison
- sql += " OR lower(email) IN (%s)" % ", ".join(api.db.quote(emails)).lower()
- sql += ")"
-
- # The first site_id in the site_ids list is the primary site
- # of the user. See AdmGetPersonSites().
- sql += " ORDER BY person_site.is_primary DESC"
-
- rows = self.api.db.selectall(sql, locals())
- for row in rows:
- if self.has_key(row['person_id']):
- person = self[row['person_id']]
- person.update(row)
+ def __init__(self, api, person_filter = None, columns = None):
+ Table.__init__(self, api, Person, columns)
+
+ view = "view_persons"
+ for tagname in self.tag_columns:
+ view= "%s left join %s using (%s)"%(view,Person.tagvalue_view_name(tagname),
+ Person.primary_key)
+
+ sql = "SELECT %s FROM %s WHERE deleted IS False" % \
+ (", ".join(self.columns.keys()+self.tag_columns.keys()),view)
+
+ if person_filter is not None:
+ if isinstance(person_filter, (list, tuple, set)):
+ # Separate the list into integers and strings
+ ints = filter(lambda x: isinstance(x, (int, long)), person_filter)
+ strs = filter(lambda x: isinstance(x, StringTypes), person_filter)
+ person_filter = Filter(Person.fields, {'person_id': ints, 'email': strs})
+ sql += " AND (%s) %s" % person_filter.sql(api, "OR")
+ elif isinstance(person_filter, dict):
+ allowed_fields=dict(Person.fields.items()+Person.tags.items())
+ person_filter = Filter(allowed_fields, person_filter)
+ sql += " AND (%s) %s" % person_filter.sql(api, "AND")
+ elif isinstance (person_filter, StringTypes):
+ person_filter = Filter(Person.fields, {'email':person_filter})
+ sql += " AND (%s) %s" % person_filter.sql(api, "AND")
+ elif isinstance (person_filter, (int, long)):
+ person_filter = Filter(Person.fields, {'person_id':person_filter})
+ sql += " AND (%s) %s" % person_filter.sql(api, "AND")
else:
- self[row['person_id']] = Person(api, row)
+ raise PLCInvalidArgument, "Wrong person filter %r"%person_filter
+
+ self.selectall(sql)
git://git.onelab.eu / plcapi.git / blobdiff