3 from collections import defaultdict
4 from django.forms.models import model_to_dict
5 from django.db import models
6 from django.db.models import F, Q
7 from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
8 from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
9 from timezones.fields import TimeZoneField
10 from operator import itemgetter, attrgetter
11 from django.core.mail import EmailMultiAlternatives
12 from core.middleware import get_request
14 from django.core.exceptions import PermissionDenied
16 # ------ from plcorebase.py ------
18 # This is a no-op if observer_disabled is set to 1 in the config file
19 from observer import *
21 print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
25 # guard against something failing
26 def notify_observer(*args, **kwargs):
30 # Create your models here.
31 class UserManager(BaseUserManager):
32 def create_user(self, email, firstname, lastname, password=None):
34 Creates and saves a User with the given email, date of
38 raise ValueError('Users must have an email address')
41 email=UserManager.normalize_email(email),
46 #user.set_password(password)
48 user.save(using=self._db)
51 def create_superuser(self, email, firstname, lastname, password):
53 Creates and saves a superuser with the given email, date of
56 user = self.create_user(email,
62 user.save(using=self._db)
65 def get_queryset(self):
66 parent=super(UserManager, self)
67 if hasattr(parent, "get_queryset"):
68 return parent.get_queryset().filter(deleted=False)
70 return parent.get_query_set().filter(deleted=False)
72 # deprecated in django 1.7 in favor of get_queryset().
73 def get_query_set(self):
74 return self.get_queryset()
76 class DeletedUserManager(UserManager):
77 def get_queryset(self):
78 return super(UserManager, self).get_query_set().filter(deleted=True)
80 # deprecated in django 1.7 in favor of get_queryset()
81 def get_query_set(self):
82 return self.get_queryset()
84 class User(AbstractBaseUser): #, DiffModelMixIn):
86 # ---- copy stuff from DiffModelMixin ----
90 return model_to_dict(self, fields=[field.name for field in
97 diffs = [(k, (v, d2[k])) for k, v in d1.items() if v != d2[k]]
101 def has_changed(self):
102 return bool(self.diff)
105 def changed_fields(self):
106 return self.diff.keys()
108 def has_field_changed(self, field_name):
109 return field_name in self.diff.keys()
111 def get_field_diff(self, field_name):
112 return self.diff.get(field_name, None)
113 # ---- end copy stuff from DiffModelMixin ----
118 email = models.EmailField(
119 verbose_name='email address',
125 username = models.CharField(max_length=255, default="Something" )
127 firstname = models.CharField(help_text="person's given name", max_length=200)
128 lastname = models.CharField(help_text="person's surname", max_length=200)
130 phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
131 user_url = models.URLField(null=True, blank=True)
132 site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
133 public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
135 is_active = models.BooleanField(default=True)
136 is_admin = models.BooleanField(default=True)
137 is_staff = models.BooleanField(default=True)
138 is_readonly = models.BooleanField(default=False)
140 created = models.DateTimeField(auto_now_add=True)
141 updated = models.DateTimeField(auto_now=True)
142 enacted = models.DateTimeField(null=True, default=None)
143 backend_status = models.CharField(max_length=140,
144 default="Provisioning in progress")
145 deleted = models.BooleanField(default=False)
147 timezone = TimeZoneField()
149 dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
151 objects = UserManager()
152 deleted_objects = DeletedUserManager()
154 USERNAME_FIELD = 'email'
155 REQUIRED_FIELDS = ['firstname', 'lastname']
157 PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
158 USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
160 def __init__(self, *args, **kwargs):
161 super(User, self).__init__(*args, **kwargs)
162 self._initial = self._dict # for DiffModelMixIn
164 def isReadOnlyUser(self):
165 return self.is_readonly
167 def get_full_name(self):
168 # The user is identified by their email address
171 def get_short_name(self):
172 # The user is identified by their email address
175 def delete(self, *args, **kwds):
176 # so we have something to give the observer
177 purge = kwds.get('purge',False)
181 purge = purge or observer_disabled
186 super(User, self).delete(*args, **kwds)
190 self.save(update_fields=['enacted','deleted'])
194 return self.email[:self.email.find('@')]
196 def __unicode__(self):
199 def has_perm(self, perm, obj=None):
200 "Does the user have a specific permission?"
201 # Simplest possible answer: Yes, always
204 def has_module_perms(self, app_label):
205 "Does the user have permissions to view the app `app_label`?"
206 # Simplest possible answer: Yes, always
209 def is_superuser(self):
212 def get_dashboards(self):
213 DEFAULT_DASHBOARDS=["Tenant"]
215 dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order'))
216 dashboards = [x.dashboardView for x in dashboards]
219 for dashboardName in DEFAULT_DASHBOARDS:
220 dbv = DashboardView.objects.filter(name=dashboardName)
222 dashboards.append(dbv[0])
226 # def get_roles(self):
227 # from core.models.site import SitePrivilege
228 # from core.models.slice import SliceMembership
230 # site_privileges = SitePrivilege.objects.filter(user=self)
231 # slice_memberships = SliceMembership.objects.filter(user=self)
232 # roles = defaultdict(list)
233 # for site_privilege in site_privileges:
234 # roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
235 # for slice_membership in slice_memberships:
236 # roles[slice_membership.role.role_type].append(slice_membership.slice.name)
239 def save(self, *args, **kwds):
241 self.set_password(self.password)
243 if self.password=="!":
\r
244 self.send_temporary_password()
\r
246 self.username = self.email
247 super(User, self).save(*args, **kwds)
249 self._initial = self._dict
251 def send_temporary_password(self):
252 password = User.objects.make_random_password()
253 self.set_password(password)
\r
254 subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)
\r
255 text_content = 'This is an important message.'
\r
256 userUrl="http://%s/" % get_request().get_host()
\r
257 html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""
\r
258 msg = EmailMultiAlternatives(subject,text_content, from_email, [to])
\r
259 msg.attach_alternative(html_content, "text/html")
\r
262 def can_update(self, user):
263 from core.models import SitePrivilege
264 _cant_update_fieldName = None
269 # site pis can update
270 site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
271 for site_priv in site_privs:
272 if site_priv.role.role == 'pi':
273 for fieldName in self.diff.keys():
274 if fieldName in self.PI_FORBIDDEN_FIELDS:
275 _cant_update_fieldName = fieldName
278 if (user.id == self.id):
279 for fieldName in self.diff.keys():
280 if fieldName in self.USER_FORBIDDEN_FIELDS:
281 _cant_update_fieldName = fieldName
288 def select_by_user(user):
290 qs = User.objects.all()
292 # can see all users at any site where this user has pi role
293 from core.models.site import SitePrivilege
294 site_privs = SitePrivilege.objects.filter(user=user)
295 sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
296 # get site privs of users at these sites
297 site_privs = SitePrivilege.objects.filter(site__in=sites)
298 user_ids = [sp.user.id for sp in site_privs] + [user.id]
299 qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
302 def save_by_user(self, user, *args, **kwds):
303 if not self.can_update(user):
304 if getattr(self, "_cant_update_fieldName", None) is not None:
305 raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
307 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
309 self.save(*args, **kwds)
311 def delete_by_user(self, user, *args, **kwds):
312 if not self.can_update(user):
313 raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
314 self.delete(*args, **kwds)
316 class UserDashboardView(PlCoreBase):
317 user = models.ForeignKey(User, related_name='userdashboardviews')
318 dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews')
319 order = models.IntegerField(default=0)