From 6ac49833d47387edc427c523a6ea2d18ed68c988 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jordan=20Aug=C3=A9?= Date: Wed, 12 Feb 2014 19:09:44 +0100 Subject: [PATCH] Validation of Users: add reference accounts to each SFA Enabled platform --- portal/actions.py | 65 ++++++++++++---- portal/templates/validate_pending.html | 2 +- portal/validationview.py | 103 ++++++++++++++----------- portal/views.py | 2 +- 4 files changed, 107 insertions(+), 65 deletions(-) diff --git a/portal/actions.py b/portal/actions.py index 87e07d55..abd29df1 100644 --- a/portal/actions.py +++ b/portal/actions.py @@ -24,7 +24,7 @@ def authority_get_pis(request, authority_hrn): return results def authority_get_pi_emails(request, authority_hrn): - #return ['jordan.auge@lip6.fr', 'loic.baron@lip6.fr'] + return ['jordan.auge@lip6.fr', 'loic.baron@lip6.fr'] pi_users = authority_get_pis(request,authority_hrn) pi_user_hrns = [ hrn for x in pi_users for hrn in x['pi_users'] ] @@ -37,7 +37,7 @@ def authority_get_pi_emails(request, authority_hrn): def sfa_add_user(request, user_params): if 'email' in user_params: - params['user_email'] = params['email'] + user_params['user_email'] = user_params['email'] query = Query.create('user').set(user_params).select('user_hrn') results = execute_query(request, query) if not results: @@ -47,7 +47,7 @@ def sfa_add_user(request, user_params): def sfa_update_user(request, user_hrn, user_params): # user_params: keys [public_key] if 'email' in user_params: - params['user_email'] = params['email'] + user_params['user_email'] = user_params['email'] query = Query.update('user').filter_by('user_hrn', '==', user_hrn).set(user_params).select('user_hrn') results = execute_query(request,query) return results @@ -212,7 +212,7 @@ def get_request_by_id(ids): return make_requests(pending_users, pending_slices, pending_authorities) -def get_request_by_authority(authority_hrns): +def get_requests(authority_hrns=None): print "get_request_by_authority auth_hrns = ", authority_hrns if not authority_hrns: pending_users = PendingUser.objects.all() @@ -224,7 +224,7 @@ def get_request_by_authority(authority_hrns): pending_authorities = PendingAuthority.objects.filter(authority_hrn__in=authority_hrns).all() return make_requests(pending_users, pending_slices, pending_authorities) - + # XXX Is it in sync with the form fields ? def portal_validate_request(wsgi_request, request_ids): @@ -252,7 +252,10 @@ def portal_validate_request(wsgi_request, request_ids): # XXX tmp sfa dependency from sfa.util.xrn import Xrn urn = Xrn(hrn, request['type']).get_urn() - + if 'pi' in request: + auth_pi = request['pi'] + else: + auth_pi = '' sfa_user_params = { 'hrn' : hrn, 'urn' : urn, @@ -263,30 +266,58 @@ def portal_validate_request(wsgi_request, request_ids): 'email' : request['email'], #'slices' : None, #'researcher': None, - 'pi' : request['pi'], + 'pi' : [auth_pi], 'enabled' : True } # ignored in request: id, timestamp, password + + # ADD USER TO SFA Registry + sfa_add_user(wsgi_request, sfa_user_params) - # UPDATE user status = 2 = validated - user_query = Query().get('local:user').select('config','email','status').filter_by('email', '==', request['email']) + # USER INFO + user_query = Query().get('local:user').select('user_id','config','email','status').filter_by('email', '==', request['email']) user_details = execute_admin_query(request, user_query) - print user_details[0] + #print user_details[0] + + # UPDATE USER STATUS = 2 manifold_user_params = { 'status': 2 } manifold_update_user(request, request['email'], manifold_user_params) - - sfa_add_user(wsgi_request, sfa_user_params) - # XXX Remove from database + # USER MAIN ACCOUNT != reference + #print 'USER MAIN ACCOUNT != reference' + list_accounts_query = Query().get('local:account').select('user_id','platform_id','auth_type','config')\ + .filter_by('user_id','==',user_details[0]['user_id'])\ + .filter_by('auth_type','!=','reference') + list_accounts = execute_admin_query(request, list_accounts_query) + #print "List accounts = ",list_accounts + for account in list_accounts: + main_platform_query = Query().get('local:platform').select('platform_id','platform').filter_by('platform_id','==',account['platform_id']) + main_platform = execute_admin_query(request, main_platform_query) + + # ADD REFERENCE ACCOUNTS ON SFA ENABLED PLATFORMS + #print 'ADD REFERENCE ACCOUNTS ON SFA ENABLED PLATFORMS' + platforms_query = Query().get('local:platform').filter_by('disabled', '==', '0').filter_by('gateway_type','==','sfa').select('platform_id','gateway_type') + platforms = execute_admin_query(request, platforms_query) + #print "platforms SFA ENABLED = ",platforms + for platform in platforms: + #print "add reference to platform ",platform + manifold_account_params = { + 'user_id': user_details[0]['user_id'], + 'platform_id': platform['platform_id'], + 'auth_type': 'reference', + 'config': '{"reference_platform": "' + main_platform[0]['platform'] + '"}', + } + manifold_add_account(request, manifold_account_params) + request_status['SFA user'] = {'status': True } except Exception, e: - request_status['SFA user'] = {'status': False, 'description': str(e)} - - user_params = {'status':2} - manifold_update_user(request, request['email'], user_params) + request_status['SFA user'] = {'status': False, 'description': str(e)} + +# user_params = {'status':2} +# manifold_update_user(request, request['email'], user_params) # MANIFOLD user should be added beforehand, during registration #try: diff --git a/portal/templates/validate_pending.html b/portal/templates/validate_pending.html index c9b971fe..cef58ea9 100644 --- a/portal/templates/validate_pending.html +++ b/portal/templates/validate_pending.html @@ -57,7 +57,7 @@ {% for authority, requests in my_authorities.items %}

{{authority}}

- +
diff --git a/portal/validationview.py b/portal/validationview.py index b3d2a370..23909b47 100644 --- a/portal/validationview.py +++ b/portal/validationview.py @@ -40,7 +40,7 @@ from plugins.raw import Raw #from portal.util import RegistrationView, ActivationView from portal.models import PendingUser, PendingSlice -from portal.actions import get_request_by_authority +from portal.actions import get_requests from manifold.manifoldapi import execute_query from manifold.core.query import Query from unfold.page import Page @@ -142,9 +142,9 @@ class ValidatePendingView(FreeAccessView): print 'credential_authorities =', credential_authorities print 'credential_authorities_expired =', credential_authorities_expired - # Using cache manifold-tables to get the list of authorities faster - all_authorities_query = Query.get('authority').select('name', 'authority_hrn') - all_authorities = execute_query(self.request, all_authorities_query) +# # Using cache manifold-tables to get the list of authorities faster +# all_authorities_query = Query.get('authority').select('name', 'authority_hrn') +# all_authorities = execute_query(self.request, all_authorities_query) # ** Where am I a PI ** # For this we need to ask SFA (of all authorities) = PI function @@ -154,17 +154,14 @@ class ValidatePendingView(FreeAccessView): for pa in pi_authorities_tmp: pi_authorities |= set(pa['pi_authorities']) - #print "all_auths = " - #print all_authorities - - # include all sub-authorities of the PI - # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on... - pi_subauthorities = set() - for authority in all_authorities: - authority_hrn = authority['authority_hrn'] - for my_authority in pi_authorities: - if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities: - pi_subauthorities.add(authority_hrn) +# # include all sub-authorities of the PI +# # if PI on ple, include all sub-auths ple.upmc, ple.inria and so on... +# pi_subauthorities = set() +# for authority in all_authorities: +# authority_hrn = authority['authority_hrn'] +# for my_authority in pi_authorities: +# if authority_hrn.startswith(my_authority) and authority_hrn not in pi_subauthorities: +# pi_subauthorities.add(authority_hrn) #print "pi_authorities =", pi_authorities #print "pi_subauthorities =", pi_subauthorities @@ -193,44 +190,58 @@ class ValidatePendingView(FreeAccessView): #print "pi_subauthorities = ", pi_subauthorities # Summary all - queried_pending_authorities = pi_my_authorities | pi_delegation_authorities | pi_subauthorities + queried_pending_authorities = pi_my_authorities | pi_delegation_authorities #| pi_subauthorities #print "----" #print "queried_pending_authorities = ", queried_pending_authorities - requests = get_request_by_authority(queried_pending_authorities) +# iterate on the requests and check if the authority matches a prefix startswith an authority on which the user is PI + requests = get_requests() +# requests = get_requests(queried_pending_authorities) for request in requests: auth_hrn = request['authority_hrn'] - #print "authority for this request", auth_hrn - - if auth_hrn in pi_my_authorities: - dest = ctx_my_authorities - - # define the css class - if auth_hrn in pi_credential_authorities: - request['allowed'] = 'allowed' - elif auth_hrn in pi_expired_credential_authorities: - request['allowed'] = 'expired' - else: # pi_no_credential_authorities - request['allowed'] = 'denied' - - elif auth_hrn in pi_delegation_authorities: - dest = ctx_delegation_authorities - - if auth_hrn in pi_delegation_credential_authorities: + for my_auth in pi_my_authorities: + if auth_hrn.startswith(my_auth): + dest = ctx_my_authorities request['allowed'] = 'allowed' - else: # pi_delegation_expired_authorities - request['allowed'] = 'expired' - - elif auth_hrn in pi_subauthorities: - dest = ctx_sub_authorities - - if auth_hrn in pi_subauthorities: + for my_auth in pi_delegation_authorities: + if auth_hrn.startswith(my_auth): + dest = ctx_delegation_authorities request['allowed'] = 'allowed' - else: # pi_delegation_expired_authorities - request['allowed'] = 'denied' - - else: - continue + if auth_hrn in pi_expired_credential_authorities: + request['allowed'] = 'expired' + if 'allowed' not in request: + request['allowed'] = 'denied' + #print "authority for this request", auth_hrn + +# if auth_hrn in pi_my_authorities: +# dest = ctx_my_authorities +# +# # define the css class +# if auth_hrn in pi_credential_authorities: +# request['allowed'] = 'allowed' +# elif auth_hrn in pi_expired_credential_authorities: +# request['allowed'] = 'expired' +# else: # pi_no_credential_authorities +# request['allowed'] = 'denied' +# +# elif auth_hrn in pi_delegation_authorities: +# dest = ctx_delegation_authorities +# +# if auth_hrn in pi_delegation_credential_authorities: +# request['allowed'] = 'allowed' +# else: # pi_delegation_expired_authorities +# request['allowed'] = 'expired' +# +# elif auth_hrn in pi_subauthorities: +# dest = ctx_sub_authorities +# +# if auth_hrn in pi_subauthorities: +# request['allowed'] = 'allowed' +# else: # pi_delegation_expired_authorities +# request['allowed'] = 'denied' +# +# else: +# continue if not auth_hrn in dest: dest[auth_hrn] = [] diff --git a/portal/views.py b/portal/views.py index 9596b177..f86cb4c2 100644 --- a/portal/views.py +++ b/portal/views.py @@ -40,7 +40,7 @@ from plugins.raw import Raw #from portal.util import RegistrationView, ActivationView from portal.models import PendingUser, PendingSlice -from portal.actions import get_request_by_authority +from portal.actions import get_requests from manifold.manifoldapi import execute_query from manifold.core.query import Query from unfold.page import Page -- 2.43.0
type id