return results
def authority_get_pi_emails(request, authority_hrn):
- #return ['jordan.auge@lip6.fr', 'loic.baron@lip6.fr']
+ return ['jordan.auge@lip6.fr', 'loic.baron@lip6.fr']
pi_users = authority_get_pis(request,authority_hrn)
pi_user_hrns = [ hrn for x in pi_users for hrn in x['pi_users'] ]
def sfa_add_user(request, user_params):
if 'email' in user_params:
- params['user_email'] = params['email']
+ user_params['user_email'] = user_params['email']
query = Query.create('user').set(user_params).select('user_hrn')
results = execute_query(request, query)
if not results:
def sfa_update_user(request, user_hrn, user_params):
# user_params: keys [public_key]
if 'email' in user_params:
- params['user_email'] = params['email']
+ user_params['user_email'] = user_params['email']
query = Query.update('user').filter_by('user_hrn', '==', user_hrn).set(user_params).select('user_hrn')
results = execute_query(request,query)
return results
return make_requests(pending_users, pending_slices, pending_authorities)
-def get_request_by_authority(authority_hrns):
+def get_requests(authority_hrns=None):
print "get_request_by_authority auth_hrns = ", authority_hrns
if not authority_hrns:
pending_users = PendingUser.objects.all()
pending_authorities = PendingAuthority.objects.filter(authority_hrn__in=authority_hrns).all()
return make_requests(pending_users, pending_slices, pending_authorities)
-
+
# XXX Is it in sync with the form fields ?
def portal_validate_request(wsgi_request, request_ids):
# XXX tmp sfa dependency
from sfa.util.xrn import Xrn
urn = Xrn(hrn, request['type']).get_urn()
-
+ if 'pi' in request:
+ auth_pi = request['pi']
+ else:
+ auth_pi = ''
sfa_user_params = {
'hrn' : hrn,
'urn' : urn,
'email' : request['email'],
#'slices' : None,
#'researcher': None,
- 'pi' : request['pi'],
+ 'pi' : [auth_pi],
'enabled' : True
}
# ignored in request: id, timestamp, password
+
+ # ADD USER TO SFA Registry
+ sfa_add_user(wsgi_request, sfa_user_params)
- # UPDATE user status = 2 = validated
- user_query = Query().get('local:user').select('config','email','status').filter_by('email', '==', request['email'])
+ # USER INFO
+ user_query = Query().get('local:user').select('user_id','config','email','status').filter_by('email', '==', request['email'])
user_details = execute_admin_query(request, user_query)
- print user_details[0]
+ #print user_details[0]
+
+ # UPDATE USER STATUS = 2
manifold_user_params = {
'status': 2
}
manifold_update_user(request, request['email'], manifold_user_params)
-
- sfa_add_user(wsgi_request, sfa_user_params)
- # XXX Remove from database
+ # USER MAIN ACCOUNT != reference
+ #print 'USER MAIN ACCOUNT != reference'
+ list_accounts_query = Query().get('local:account').select('user_id','platform_id','auth_type','config')\
+ .filter_by('user_id','==',user_details[0]['user_id'])\
+ .filter_by('auth_type','!=','reference')
+ list_accounts = execute_admin_query(request, list_accounts_query)
+ #print "List accounts = ",list_accounts
+ for account in list_accounts:
+ main_platform_query = Query().get('local:platform').select('platform_id','platform').filter_by('platform_id','==',account['platform_id'])
+ main_platform = execute_admin_query(request, main_platform_query)
+
+ # ADD REFERENCE ACCOUNTS ON SFA ENABLED PLATFORMS
+ #print 'ADD REFERENCE ACCOUNTS ON SFA ENABLED PLATFORMS'
+ platforms_query = Query().get('local:platform').filter_by('disabled', '==', '0').filter_by('gateway_type','==','sfa').select('platform_id','gateway_type')
+ platforms = execute_admin_query(request, platforms_query)
+ #print "platforms SFA ENABLED = ",platforms
+ for platform in platforms:
+ #print "add reference to platform ",platform
+ manifold_account_params = {
+ 'user_id': user_details[0]['user_id'],
+ 'platform_id': platform['platform_id'],
+ 'auth_type': 'reference',
+ 'config': '{"reference_platform": "' + main_platform[0]['platform'] + '"}',
+ }
+ manifold_add_account(request, manifold_account_params)
+
request_status['SFA user'] = {'status': True }
except Exception, e:
- request_status['SFA user'] = {'status': False, 'description': str(e)}
-
- user_params = {'status':2}
- manifold_update_user(request, request['email'], user_params)
+ request_status['SFA user'] = {'status': False, 'description': str(e)}
+
+# user_params = {'status':2}
+# manifold_update_user(request, request['email'], user_params)
# MANIFOLD user should be added beforehand, during registration
#try:
{% for authority, requests in my_authorities.items %}
<h3>{{authority}}</h3>
<div class="container">
- <table width=100% border=1 style="color:white;">
+ <table width=100% border=1>
<th>
<td>type</td>
<td>id</td>
#from portal.util import RegistrationView, ActivationView
from portal.models import PendingUser, PendingSlice
-from portal.actions import get_request_by_authority
+from portal.actions import get_requests
from manifold.manifoldapi import execute_query
from manifold.core.query import Query
from unfold.page import Page
print 'credential_authorities =', credential_authorities
print 'credential_authorities_expired =', credential_authorities_expired
- # Using cache manifold-tables to get the list of authorities faster
- all_authorities_query = Query.get('authority').select('name', 'authority_hrn')
- all_authorities = execute_query(self.request, all_authorities_query)
+# # Using cache manifold-tables to get the list of authorities faster
+# all_authorities_query = Query.get('authority').select('name', 'authority_hrn')
+# all_authorities = execute_query(self.request, all_authorities_query)
# ** Where am I a PI **
# For this we need to ask SFA (of all authorities) = PI function
for pa in pi_authorities_tmp:
pi_authorities |= set(pa['pi_authorities'])
- #print "all_auths = "
- #print all_authorities
-
- # include all sub-authorities of the PI
- # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on...
- pi_subauthorities = set()
- for authority in all_authorities:
- authority_hrn = authority['authority_hrn']
- for my_authority in pi_authorities:
- if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities:
- pi_subauthorities.add(authority_hrn)
+# # include all sub-authorities of the PI
+# # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on...
+# pi_subauthorities = set()
+# for authority in all_authorities:
+# authority_hrn = authority['authority_hrn']
+# for my_authority in pi_authorities:
+# if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities:
+# pi_subauthorities.add(authority_hrn)
#print "pi_authorities =", pi_authorities
#print "pi_subauthorities =", pi_subauthorities
#print "pi_subauthorities = ", pi_subauthorities
# Summary all
- queried_pending_authorities = pi_my_authorities | pi_delegation_authorities | pi_subauthorities
+ queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities
#print "----"
#print "queried_pending_authorities = ", queried_pending_authorities
- requests = get_request_by_authority(queried_pending_authorities)
+# iterate on the requests and check if the authority matches a prefix startswith an authority on which the user is PI
+ requests = get_requests()
+# requests = get_requests(queried_pending_authorities)
for request in requests:
auth_hrn = request['authority_hrn']
- #print "authority for this request", auth_hrn
-
- if auth_hrn in pi_my_authorities:
- dest = ctx_my_authorities
-
- # define the css class
- if auth_hrn in pi_credential_authorities:
- request['allowed'] = 'allowed'
- elif auth_hrn in pi_expired_credential_authorities:
- request['allowed'] = 'expired'
- else: # pi_no_credential_authorities
- request['allowed'] = 'denied'
-
- elif auth_hrn in pi_delegation_authorities:
- dest = ctx_delegation_authorities
-
- if auth_hrn in pi_delegation_credential_authorities:
+ for my_auth in pi_my_authorities:
+ if auth_hrn.startswith(my_auth):
+ dest = ctx_my_authorities
request['allowed'] = 'allowed'
- else: # pi_delegation_expired_authorities
- request['allowed'] = 'expired'
-
- elif auth_hrn in pi_subauthorities:
- dest = ctx_sub_authorities
-
- if auth_hrn in pi_subauthorities:
+ for my_auth in pi_delegation_authorities:
+ if auth_hrn.startswith(my_auth):
+ dest = ctx_delegation_authorities
request['allowed'] = 'allowed'
- else: # pi_delegation_expired_authorities
- request['allowed'] = 'denied'
-
- else:
- continue
+ if auth_hrn in pi_expired_credential_authorities:
+ request['allowed'] = 'expired'
+ if 'allowed' not in request:
+ request['allowed'] = 'denied'
+ #print "authority for this request", auth_hrn
+
+# if auth_hrn in pi_my_authorities:
+# dest = ctx_my_authorities
+#
+# # define the css class
+# if auth_hrn in pi_credential_authorities:
+# request['allowed'] = 'allowed'
+# elif auth_hrn in pi_expired_credential_authorities:
+# request['allowed'] = 'expired'
+# else: # pi_no_credential_authorities
+# request['allowed'] = 'denied'
+#
+# elif auth_hrn in pi_delegation_authorities:
+# dest = ctx_delegation_authorities
+#
+# if auth_hrn in pi_delegation_credential_authorities:
+# request['allowed'] = 'allowed'
+# else: # pi_delegation_expired_authorities
+# request['allowed'] = 'expired'
+#
+# elif auth_hrn in pi_subauthorities:
+# dest = ctx_sub_authorities
+#
+# if auth_hrn in pi_subauthorities:
+# request['allowed'] = 'allowed'
+# else: # pi_delegation_expired_authorities
+# request['allowed'] = 'denied'
+#
+# else:
+# continue
if not auth_hrn in dest:
dest[auth_hrn] = []
#from portal.util import RegistrationView, ActivationView
from portal.models import PendingUser, PendingSlice
-from portal.actions import get_request_by_authority
+from portal.actions import get_requests
from manifold.manifoldapi import execute_query
from manifold.core.query import Query
from unfold.page import Page
git://git.onelab.eu / unfold.git / commitdiff