planetstack/core/models/user.py

   1 import os
   2 import datetime
   3 from collections import defaultdict
   4 from django.db import models
   5 from django.db.models import F, Q
   6 from core.models import PlCoreBase,Site, DashboardView, DiffModelMixIn
   7 from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
   8 from timezones.fields import TimeZoneField
   9 from operator import itemgetter, attrgetter
  10 from django.core.mail import EmailMultiAlternatives
  11 from core.middleware import get_request
  12 import model_policy
  13 from django.core.exceptions import PermissionDenied
  14
  15 # ------ from plcorebase.py ------
  16 try:
  17     # This is a no-op if observer_disabled is set to 1 in the config file
  18     from observer import *
  19 except:
  20     print >> sys.stderr, "import of observer failed! printing traceback and disabling observer:"
  21     import traceback
  22     traceback.print_exc()
  23
  24     # guard against something failing
  25     def notify_observer(*args, **kwargs):
  26         pass
  27 # ------ ------
  28
  29 # Create your models here.
  30 class UserManager(BaseUserManager):
  31     def create_user(self, email, firstname, lastname, password=None):
  32         """
  33         Creates and saves a User with the given email, date of
  34         birth and password.
  35         """
  36         if not email:
  37             raise ValueError('Users must have an email address')
  38
  39         user = self.model(
  40             email=UserManager.normalize_email(email),
  41             firstname=firstname,
  42             lastname=lastname,
  43             password=password
  44         )
  45         #user.set_password(password)
  46         user.is_admin = True
  47         user.save(using=self._db)
  48         return user
  49
  50     def create_superuser(self, email, firstname, lastname, password):
  51         """
  52         Creates and saves a superuser with the given email, date of
  53         birth and password.
  54         """
  55         user = self.create_user(email,
  56             password=password,
  57             firstname=firstname,
  58             lastname=lastname
  59         )
  60         user.is_admin = True
  61         user.save(using=self._db)
  62         return user
  63
  64     def get_queryset(self):
  65         parent=super(UserManager, self)
  66         if hasattr(parent, "get_queryset"):
  67             return parent.get_queryset().filter(deleted=False)
  68         else:
  69             return parent.get_query_set().filter(deleted=False)
  70
  71     # deprecated in django 1.7 in favor of get_queryset().
  72     def get_query_set(self):
  73         return self.get_queryset()
  74
  75 class DeletedUserManager(UserManager):
  76     def get_queryset(self):
  77         return super(UserManager, self).get_query_set().filter(deleted=True)
  78
  79     # deprecated in django 1.7 in favor of get_queryset()
  80     def get_query_set(self):
  81         return self.get_queryset()
  82
  83 class User(AbstractBaseUser, DiffModelMixIn):
  84
  85     class Meta:
  86         app_label = "core"
  87
  88     email = models.EmailField(
  89         verbose_name='email address',
  90         max_length=255,
  91         unique=True,
  92         db_index=True,
  93     )
  94
  95     username = models.CharField(max_length=255, default="Something" )
  96
  97     firstname = models.CharField(help_text="person's given name", max_length=200)
  98     lastname = models.CharField(help_text="person's surname", max_length=200)
  99
 100     phone = models.CharField(null=True, blank=True, help_text="phone number contact", max_length=100)
 101     user_url = models.URLField(null=True, blank=True)
 102     site = models.ForeignKey(Site, related_name='users', help_text="Site this user will be homed too", null=True)
 103     public_key = models.TextField(null=True, blank=True, max_length=1024, help_text="Public key string")
 104
 105     is_active = models.BooleanField(default=True)
 106     is_admin = models.BooleanField(default=True)
 107     is_staff = models.BooleanField(default=True)
 108     is_readonly = models.BooleanField(default=False)
 109
 110     created = models.DateTimeField(auto_now_add=True)
 111     updated = models.DateTimeField(auto_now=True)
 112     enacted = models.DateTimeField(null=True, default=None)
 113     backend_status = models.CharField(max_length=140,
 114                                       default="Provisioning in progress")
 115     deleted = models.BooleanField(default=False)
 116
 117     timezone = TimeZoneField()
 118
 119     dashboards = models.ManyToManyField('DashboardView', through='UserDashboardView', blank=True)
 120
 121     objects = UserManager()
 122     deleted_objects = DeletedUserManager()
 123
 124     USERNAME_FIELD = 'email'
 125     REQUIRED_FIELDS = ['firstname', 'lastname']
 126
 127     PI_FORBIDDEN_FIELDS = ["is_admin", "site", "is_staff"]
 128     USER_FORBIDDEN_FIELDS = ["is_admin", "is_active", "site", "is_staff", "is_readonly"]
 129
 130     def __init__(self, *args, **kwargs):
 131         super(User, self).__init__(*args, **kwargs)
 132         self._initial = self._dict # for DiffModelMixIn
 133
 134     def isReadOnlyUser(self):
 135         return self.is_readonly
 136
 137     def get_full_name(self):
 138         # The user is identified by their email address
 139         return self.email
 140
 141     def get_short_name(self):
 142         # The user is identified by their email address
 143         return self.email
 144
 145     def delete(self, *args, **kwds):
 146         # so we have something to give the observer
 147         purge = kwds.get('purge',False)
 148         if purge:
 149             del kwds['purge']
 150         try:
 151             purge = purge or observer_disabled
 152         except NameError:
 153             pass
 154
 155         if (purge):
 156             super(User, self).delete(*args, **kwds)
 157         else:
 158             self.deleted = True
 159             self.enacted=None
 160             self.save(update_fields=['enacted','deleted'])
 161
 162     @property
 163     def keyname(self):
 164         return self.email[:self.email.find('@')]
 165
 166     def __unicode__(self):
 167         return self.email
 168
 169     def has_perm(self, perm, obj=None):
 170         "Does the user have a specific permission?"
 171         # Simplest possible answer: Yes, always
 172         return True
 173
 174     def has_module_perms(self, app_label):
 175         "Does the user have permissions to view the app `app_label`?"
 176         # Simplest possible answer: Yes, always
 177         return True
 178
 179     def is_superuser(self):
 180         return False
 181
 182     def get_dashboards(self):
 183         DEFAULT_DASHBOARDS=["Tenant"]
 184
 185         dashboards = sorted(list(self.userdashboardviews.all()), key=attrgetter('order'))
 186         dashboards = [x.dashboardView for x in dashboards]
 187
 188         if not dashboards:
 189             for dashboardName in DEFAULT_DASHBOARDS:
 190                 dbv = DashboardView.objects.filter(name=dashboardName)
 191                 if dbv:
 192                     dashboards.append(dbv[0])
 193
 194         return dashboards
 195
 196 #    def get_roles(self):
 197 #        from core.models.site import SitePrivilege
 198 #        from core.models.slice import SliceMembership
 199 #
 200 #        site_privileges = SitePrivilege.objects.filter(user=self)
 201 #        slice_memberships = SliceMembership.objects.filter(user=self)
 202 #        roles = defaultdict(list)
 203 #        for site_privilege in site_privileges:
 204 #            roles[site_privilege.role.role_type].append(site_privilege.site.login_base)
 205 #        for slice_membership in slice_memberships:
 206 #            roles[slice_membership.role.role_type].append(slice_membership.slice.name)
 207 #        return roles
 208
 209     def save(self, *args, **kwds):
 210         if not self.id:
 211             self.set_password(self.password)
 212         if self.is_active:
 213             if self.password=="!":\r
 214                 self.send_temporary_password()\r
 215 \r
 216         self.username = self.email
 217         super(User, self).save(*args, **kwds)
 218
 219         self._initial = self._dict
 220
 221     def send_temporary_password(self):
 222         password = User.objects.make_random_password()
 223         self.set_password(password)\r
 224         subject, from_email, to = 'OpenCloud Account Credentials', 'support@opencloud.us', str(self.email)\r
 225         text_content = 'This is an important message.'\r
 226         userUrl="http://%s/" % get_request().get_host()\r
 227         html_content = """<p>Your account has been created on OpenCloud. Please log in <a href="""+userUrl+""">here</a> to activate your account<br><br>Username: """+self.email+"""<br>Temporary Password: """+password+"""<br>Please change your password once you successully login into the site.</p>"""\r
 228         msg = EmailMultiAlternatives(subject,text_content, from_email, [to])\r
 229         msg.attach_alternative(html_content, "text/html")\r
 230         msg.send()
 231
 232     def can_update(self, user):
 233         from core.models import SitePrivilege
 234         _cant_update_fieldName = None
 235         if user.is_readonly:
 236             return False
 237         if user.is_admin:
 238             return True
 239         # site pis can update
 240         site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
 241         for site_priv in site_privs:
 242             if site_priv.role.role == 'pi':
 243                 for fieldName in self.diff.keys():
 244                     if fieldName in self.PI_FORBIDDEN_FIELDS:
 245                         _cant_update_fieldName = fieldName
 246                         return False
 247                 return True
 248         if (user.id == self.id):
 249             for fieldName in self.diff.keys():
 250                 if fieldName in self.USER_FORBIDDEN_FIELDS:
 251                     _cant_update_fieldName = fieldName
 252                     return False
 253             return True
 254
 255         return False
 256
 257     @staticmethod
 258     def select_by_user(user):
 259         if user.is_admin:
 260             qs = User.objects.all()
 261         else:
 262             # can see all users at any site where this user has pi role
 263             from core.models.site import SitePrivilege
 264             site_privs = SitePrivilege.objects.filter(user=user)
 265             sites = [sp.site for sp in site_privs if sp.role.role == 'pi']
 266             # get site privs of users at these sites
 267             site_privs = SitePrivilege.objects.filter(site__in=sites)
 268             user_ids = [sp.user.id for sp in site_privs] + [user.id]
 269             qs = User.objects.filter(Q(site__in=sites) | Q(id__in=user_ids))
 270         return qs
 271
 272     def save_by_user(self, user, *args, **kwds):
 273         if not self.can_update(user):
 274             if getattr(self, "_cant_update_fieldName", None) is not None:
 275                 raise PermissionDenied("You do not have permission to update field %s on object %s" % (self._cant_update_fieldName, self.__class__.__name__))
 276             else:
 277                 raise PermissionDenied("You do not have permission to update %s objects" % self.__class__.__name__)
 278
 279         self.save(*args, **kwds)
 280
 281     def delete_by_user(self, user, *args, **kwds):
 282         if not self.can_update(user):
 283             raise PermissionDenied("You do not have permission to delete %s objects" % self.__class__.__name__)
 284         self.delete(*args, **kwds)
 285
 286 class UserDashboardView(PlCoreBase):
 287      user = models.ForeignKey(User, related_name='userdashboardviews')
 288      dashboardView = models.ForeignKey(DashboardView, related_name='userdashboardviews')
 289      order = models.IntegerField(default=0)