planetstack/core/models/user.py

   1 import os
   2 import datetime
   3 from collections import defaultdict
   4 from django.db import models
   5 from django.db.models import F, Q
   6 from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
   7 from core.models.site import Deployment
   8 from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
   9 from timezones.fields import TimeZoneField
  10 from operator import itemgetter, attrgetter
  11 from django.core.mail import EmailMultiAlternatives
  12 from core.middleware import get_request
  13 import model_policy
  14 from django.core.exceptions import PermissionDenied
  15
  16 # ------ from plcorebase.py ------
  17 try:
  18     # This is a no-op if observer_disabled is set to 1 in the config file
  19     from observer import *
  20 except:
  21     print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
  22     import traceback
  23     traceback.print_exc()
  24
  25     # guard against something failing
  26     def notify_observer(*args, **kwargs):
  27         pass
  28 # ------ ------
  29
  30 # Create your models here.
  31 class UserManager(BaseUserManager):
  32     def create_user(self, email, firstname, lastname, password=None):
  33         """
  34         Creates and saves a User with the given email, date of
  35         birth and password.
  36         """
  37         if not email:
  38             raise ValueError('Users must have an email address')
  39
  40         user = self.model(
  41             email=UserManager.normalize_email(email),
  42             firstname=firstname,
  43             lastname=lastname,
  44             password=password
  45         )
  46         #user.set_password(password)
  47         user.is_admin = True
  48         user.save(using=self._db)
  49         return user
  50
  51     def create_superuser(self, email, firstname, lastname, password):
  52         """
  53         Creates and saves a superuser with the given email, date of
  54         birth and password.
  55         """
  56         user = self.create_user(email,
  57             password=password,
  58             firstname=firstname,
  59             lastname=lastname
  60         )
  61         user.is_admin = True
  62         user.save(using=self._db)
  63         return user
  64
  65 class DeletedUserManager(UserManager):
  66     def get_queryset(self):
  67         return super(UserManager, self).get_query_set().filter(deleted=True)
  68
  69     # deprecated in django 1.7 in favor of get_queryset()
  70     def get_query_set(self):
  71         return self.get_queryset()
  72
  73 class User(AbstractBaseUser, DiffModelMixIn):
  74
  75     class Meta:
  76         app_label = "core"
  77
  78     email = models.EmailField(
  79         verbose_name='email address',
  80         max_length=255,
  81         unique=True,
  82         db_index=True,
  83     )
  84
  85     username = models.CharField(max_length=255, default="Something" )
  86
  87     firstname = models.CharField(help_text="person's given name", max_length=200)
  88     lastname = models.CharField(help_text="person's surname", max_length=200)
  89
  90     phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
  91     user_url = models.URLField(null=True, blank=True)
  92     site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
  93     public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
  94
  95     is_active = models.BooleanField(default=True)
  96     is_admin = models.BooleanField(default=True)
  97     is_staff = models.BooleanField(default=True)
  98     is_readonly = models.BooleanField(default=False)
  99
 100     created = models.DateTimeField(auto_now_add=True)
 101     updated = models.DateTimeField(auto_now=True)
 102     enacted = models.DateTimeField(null=True, default=None)
 103     backend_status = models.CharField(max_length=140,
 104                                       default="Provisioning in progress")
 105     deleted = models.BooleanField(default=False)
 106
 107     timezone = TimeZoneField()
 108
 109     dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
 110
 111     objects = UserManager()
 112     deleted_objects = DeletedUserManager()
 113
 114     USERNAME_FIELD = 'email'
 115     REQUIRED_FIELDS = ['firstname', 'lastname']
 116
 117     PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
 118     USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
 119
 120     def __init__(self, *args, **kwargs):
 121         super(User, self).__init__(*args, **kwargs)
 122         self._initial = self._dict # for DiffModelMixIn
 123
 124     def isReadOnlyUser(self):
 125         return self.is_readonly
 126
 127     def get_full_name(self):
 128         # The user is identified by their email address
 129         return self.email
 130
 131     def get_short_name(self):
 132         # The user is identified by their email address
 133         return self.email
 134
 135     def delete(self, *args, **kwds):
 136         # so we have something to give the observer
 137         purge = kwds.get('purge',False)
 138         if purge:
 139             del kwds['purge']
 140         try:
 141             purge = purge or observer_disabled
 142         except NameError:
 143             pass
 144
 145         if (purge):
 146             super(User, self).delete(*args, **kwds)
 147         else:
 148             self.deleted = True
 149             self.enacted=None
 150             self.save(update_fields=['enacted','deleted'])
 151
 152     @property
 153     def keyname(self):
 154         return self.email[:self.email.find('@')]
 155
 156     def __unicode__(self):
 157         return self.email
 158
 159     def has_perm(self, perm, obj=None):
 160         "Does the user have a specific permission?"
 161         # Simplest possible answer: Yes, always
 162         return True
 163
 164     def has_module_perms(self, app_label):
 165         "Does the user have permissions to view the app `app_label`?"
 166         # Simplest possible answer: Yes, always
 167         return True
 168
 169     def is_superuser(self):
 170         return False
 171
 172     def get_dashboards(self):
 173         DEFAULT_DASHBOARDS=["Tenant"]
 174
 175         dashboards = sorted(list(self.dashboardViews.all()), key=attrgetter('order'))
 176         dashboards = [x.dashboardView for x in dashboards]
 177
 178         if not dashboards:
 179             for dashboardName in DEFAULT_DASHBOARDS:
 180                 dbv = DashboardView.objects.filter(name=dashboardName)
 181                 if dbv:
 182                     dashboards.append(dbv[0])
 183
 184         return dashboards
 185
 186 #    def get_roles(self):
 187 #        from core.models.site import SitePrivilege
 188 #        from core.models.slice import SliceMembership
 189 #
 190 #        site_privileges = SitePrivilege.objects.filter(user=self)
 191 #        slice_memberships = SliceMembership.objects.filter(user=self)
 192 #        roles = defaultdict(list)
 193 #        for site_privilege in site_privileges:
 194 #            roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
 195 #        for slice_membership in slice_memberships:
 196 #            roles[slice_membership.role.role_type].append(slice_membership.slice.name)
 197 #        return roles
 198
 199     def save(self, *args, **kwds):
 200         if not self.id:
 201             self.set_password(self.password)
 202         if self.is_active:
 203             if self.password=="!":\r
 204                 self.send_temporary_password()\r
 205 \r
 206         self.username = self.email
 207         super(User, self).save(*args, **kwds)
 208
 209         self._initial = self._dict
 210
 211     def send_temporary_password(self):
 212         password = User.objects.make_random_password()
 213         self.set_password(password)\r
 214         subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)\r
 215         text_content = 'This is an important message.'\r
 216         userUrl="http://%s/" % get_request().get_host()\r
 217         html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""\r
 218         msg = EmailMultiAlternatives(subject,text_content, from_email, [to])\r
 219         msg.attach_alternative(html_content, "text/html")\r
 220         msg.send()
 221
 222     def can_update(self, user):
 223         from core.models import SitePrivilege
 224         _cant_update_fieldName = None
 225         if user.is_readonly:
 226             return False
 227         if user.is_admin:
 228             return True
 229         # site pis can update
 230         site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
 231         for site_priv in site_privs:
 232             if site_priv.role.role == 'pi':
 233                 for fieldName in self.diff.keys():
 234                     if fieldName in self.PI_FORBIDDEN_FIELDS:
 235                         _cant_update_fieldName = fieldName
 236                         return False
 237                 return True
 238         if (user.id == self.id):
 239             for fieldName in self.diff.keys():
 240                 if fieldName in self.USER_FORBIDDEN_FIELDS:
 241                     _cant_update_fieldName = fieldName
 242                     return False
 243             return True
 244
 245         return False
 246
 247     @staticmethod
 248     def select_by_user(user):
 249         if user.is_admin:
 250             qs = User.objects.all()
 251         else:
 252             # can see all users at any site where this user has pi role
 253             from core.models.site import SitePrivilege
 254             site_privs = SitePrivilege.objects.filter(user=user)
 255             sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
 256             # get site privs of users at these sites
 257             site_privs = SitePrivilege.objects.filter(site__in=sites)
 258             user_ids = [sp.user.id for sp in site_privs] + [user.id]
 259             qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
 260         return qs
 261
 262     def save_by_user(self, user, *args, **kwds):
 263         if not self.can_update(user):
 264             if getattr(self, "_cant_update_fieldName", None) is not None:
 265                 raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
 266             else:
 267                 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
 268
 269         self.save(*args, **kwds)
 270
 271     def delete_by_user(self, user, *args, **kwds):
 272         if not self.can_update(user):
 273             raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
 274         self.delete(*args, **kwds)
 275
 276 class UserDashboardView(PlCoreBase):
 277      user = models.ForeignKey(User, related_name="dashboardViews")
 278      dashboardView = models.ForeignKey(DashboardView, related_name="dashboardViews")
 279      order = models.IntegerField(default=0)