From c457730e8d49ee507846edeb8a474374f0122f25 Mon Sep 17 00:00:00 2001
From: Loic Baron <loic.baron@lip6.fr>
Date: Tue, 17 Mar 2015 18:52:13 +0100
Subject: [PATCH] delete_local_user available from rest, check if user is a pi
 of the authority for security

---
 myslice/urls.py                               |   1 +
 portal/actions.py                             |  67 ++++---
 portal/static/js/institution.js               |  21 +-
 .../fed4fire/fed4fire_institution.html        |   2 +-
 portal/templates/institution.html             |   2 +-
 .../smartfire/smartfire_institution.html      | 185 ------------------
 rest/__init__.py                              |   5 +-
 rest/local_user.py                            |  28 +++
 8 files changed, 88 insertions(+), 223 deletions(-)
 delete mode 100644 portal/templates/smartfire/smartfire_institution.html
 create mode 100644 rest/local_user.py

diff --git a/myslice/urls.py b/myslice/urls.py
index ad151789..f792a057 100644
--- a/myslice/urls.py
+++ b/myslice/urls.py
@@ -79,6 +79,7 @@ urls = [
     (r'^update/(?P<object_type>[^/]+)/(?P<object_name>[^/]+)?/?$', 'rest.update.dispatch'),
     (r'^create/(?P<object_type>[^/]+)/(?P<object_name>[^/]+)?/?$', 'rest.create.dispatch'),
     (r'^delete/(?P<object_type>[^/]+)/(?P<object_name>[^/]+)?/?$', 'rest.delete.dispatch'),
+    (r'^local_user/(?P<action>[^/]+)/?$', 'rest.local_user.dispatch'),
     (r'^credentials/(?P<action>[^/]+)/?$', 'rest.credentials.dispatch'),
     (r'^cache/(?P<action>[^/]+)/?$', 'rest.cache.dispatch'),
     (r'^initscript/(?P<action>[^/]+)/?$', 'rest.initscript.dispatch'),
diff --git a/portal/actions.py b/portal/actions.py
index 047288d2..82221abc 100644
--- a/portal/actions.py
+++ b/portal/actions.py
@@ -192,7 +192,7 @@ def is_pi(wsgi_request, user_hrn, authority_hrn):
         query  = Query().get('myslice:user').select(user_fields).filter_by('user_hrn','==',user_hrn)
         #query = Query.get('myslice:user').filter_by('user_hrn', '==', user_hrn).select('pi_authorities')
         results = execute_query(wsgi_request, query)
-        print "is_pi results = ", results
+        #print "is_pi results = ", results
         for user_detail in results:
             if authority_hrn in user_detail['pi_authorities']:
                 return True
@@ -305,13 +305,15 @@ def manifold_update_account(request,user_id,account_params):
     return results
 
 #explicitly mention the platform_id
-def manifold_delete_account(request, platform_id, user_id, account_params):
-    query = Query.delete('local:account').filter_by('platform_id', '==', platform_id).filter_by('user_id', '==', user_id).set(account_params).select('user_id')
+def manifold_delete_account(request, user_id, platform_id = None):
+    query = Query.delete('local:account').filter_by('user_id', '==', user_id)
+    if platform_id is not None:
+        query.filter_by('platform_id', '==', platform_id)
     results = execute_admin_query(request,query)
     return results
 
-def manifold_delete_user(request, user_id, user_params):
-    query = Query.delete('local:user').filter_by('user_id', '==', user_id).set(user_params).select('user_id')
+def manifold_delete_user(request, user_id):
+    query = Query.delete('local:user').filter_by('user_id', '==', user_id).select('user_id')
     results = execute_admin_query(request,query)
     return results
 
@@ -325,6 +327,35 @@ def manifold_add_platform(request, platform_params):
     result, = results
     return result['platform_id']
 
+def delete_local_user(wsgi_request, user_email):
+    user_query = Query().get('local:user') \
+        .filter_by('email', '==', user_email)           \
+        .select('user_id','config')
+    user = execute_admin_query(wsgi_request, user_query)
+    if len(user) == 0:
+        return False
+        #raise Exception, "User not found, check local DB"
+    else:
+        user_id = user[0]['user_id']
+        user_config = json.loads(user[0]['config'])
+        authority_hrn = user_config.get('authority', None)
+        
+        if is_pi(wsgi_request, '$user_hrn', authority_hrn):
+            # removing from Django auth_user
+            UserModel = get_user_model()
+            UserModel._default_manager.filter(email__iexact = user_email).delete()
+
+            # removing manifold account
+            manifold_delete_account(wsgi_request, user_id)           
+                     
+            # removing manifold user
+            manifold_delete_user(wsgi_request, user_id)
+        else:
+            return False
+            #raise Exception, "No sufficient rights on authority = ",authority_hrn
+
+    return True      
+
 
 def make_request_user(user):
     request = {}
@@ -658,31 +689,11 @@ def portal_reject_request(wsgi_request, request_ids):
                     msg.send()
                 except Exception, e:
                     print "Failed to send email, please check the mail templates and the SMTP configuration of your server"   
-            
-                # removing from Django auth_user
-                UserModel = get_user_model()
-                UserModel._default_manager.filter(email__iexact = user_email).delete()
+
                 # removing from Django portal_pendinguser
                 PendingUser.objects.get(id=request['id']).delete()
-                # removing from manifold
-                # removing manifold account
-                user_query = Query().get('local:user') \
-                    .filter_by('email', '==', user_email)           \
-                    .select('user_id')
-                user = execute_admin_query(wsgi_request, user_query)
-                user_id = user[0]['user_id']
-        
-                platform_query = Query().get('local:platform') \
-                    .filter_by('platform', '==', 'myslice')           \
-                    .select('platform_id')
-                platform = execute_admin_query(wsgi_request, platform_query)
-                platform_id = platform[0]['platform_id']
-                account_params = {'user_id':user_id}
-                manifold_delete_account(request, platform_id, user_id, account_params)           
-             
-                # removing manifold user
-                user_params = {'user_id':user_id}
-                manifold_delete_user(request, user_id, user_params)
+            
+                delete_local_user(wsgi_request, user_email)
             except Exception, e:
                 request_status['SFA authority'] = {'status': False, 'description': str(e)}
                       
diff --git a/portal/static/js/institution.js b/portal/static/js/institution.js
index e8d5121c..a48a9a4b 100644
--- a/portal/static/js/institution.js
+++ b/portal/static/js/institution.js
@@ -20,16 +20,27 @@ $(document).ready(function() {
         $('input:checkbox.user').each(function (index) {
             if(this.checked){
                 var record_id = this.id;
-                $.post("/delete/user/",{'filters':{'user_hrn':this.id}}, function(data) {
+                var user_email = this.dataset.email; 
+                console.log(this);
+                // Delete in SFA Registry
+                $.post("/delete/user/",{'filters':{'user_hrn':record_id}}, function(data) {
                     if(data.success){
-                        $('tr[id="'+record_id+'"]').fadeOut("slow");
-                        $('tr[id="'+record_id+'"]').remove();
-                        mysliceAlert('Success: user deleted','success', true);
+                        $.post("/local_user/delete/",{'filters':{'email':user_email}}, function(data) {
+                            console.log(data);
+                            if (data == true){
+                                mysliceAlert('Success: user deleted','success', true);
+                            }else{
+                                mysliceAlert('Local DB Error for: '+record_id,'warning', true);
+                            }
+                            $('tr[id="'+record_id+'"]').fadeOut("slow");
+                            $('tr[id="'+record_id+'"]').remove();
+                        });
+                        //$.post("/delete/local:user/",{'filters':{'user_hrn':this.id}}, function(data) {
                     }else{
                         mysliceAlert('Rest Error for: '+data.error,'warning', true);
                         //alert("Rest Error for "+record_id+": "+data.error);
                     }   
-                });     
+                });
             } 
         });
     });
diff --git a/portal/templates/fed4fire/fed4fire_institution.html b/portal/templates/fed4fire/fed4fire_institution.html
index 90da9840..7e9c176e 100644
--- a/portal/templates/fed4fire/fed4fire_institution.html
+++ b/portal/templates/fed4fire/fed4fire_institution.html
@@ -209,7 +209,7 @@ $(document).ready(function() {
             $.each( data, function( key, val ) {
                 list_users.push( "<li><a href=\"portal/user/"+val.user_email+"\">" + val.user_email + "</a></li>" );
                 user_row = "<tr id='"+val.user_hrn+"'>";
-                user_row += "<td><input type='checkbox' class='user' id='"+val.user_hrn+"'></td>";
+                user_row += "<td><input type='checkbox' class='user' id='"+val.user_hrn+"' data-email='"+val.user_email+"'></td>";
                 user_row += "<td>"+val.user_email+"</td>";
                 user_row += "<td>"+val.user_hrn+"</td>";
                 /*
diff --git a/portal/templates/institution.html b/portal/templates/institution.html
index 30fad6cf..04948553 100644
--- a/portal/templates/institution.html
+++ b/portal/templates/institution.html
@@ -169,7 +169,7 @@ $(document).ready(function() {
             $.each( data, function( key, val ) {
                 list_users.push( "<li><a href=\"portal/user/"+val.user_email+"\">" + val.user_email + "</a></li>" );
                 user_row = "<tr id='"+val.user_hrn+"'>";
-                user_row += "<td><input type='checkbox' class='user' id='"+val.user_hrn+"'></td>";
+                user_row += "<td><input type='checkbox' class='user' id='"+val.user_hrn+"' data-email='"+val.user_email+"'></td>";
                 user_row += "<td>"+val.user_email+"</td>";
                 user_row += "<td>"+val.user_hrn+"</td>";
                 /*
diff --git a/portal/templates/smartfire/smartfire_institution.html b/portal/templates/smartfire/smartfire_institution.html
deleted file mode 100644
index bd361de2..00000000
--- a/portal/templates/smartfire/smartfire_institution.html
+++ /dev/null
@@ -1,185 +0,0 @@
-{% extends "layout_wide.html" %}
-
-{% block head %} 
-<script type="text/javascript" src="{{STATIC_URL}}/js/institution.js"></script>
-{% endblock head %}
-
-{% block content %}
-<div class="container">
-	<div class="row">
-		<div class="col-md-12">
-			 <div class="breadcrumbs">
-			 	 Management &nbsp;>&nbsp; Institution: <span id="authority_name"></span>
-			 </div>
-		</div>
-	</div>
-</div>
-<div class="container">
-	<div class="row">
-		<div class="col-md-12">
-			<ul class="nav nav-tabs nav-section">
-				<li class="active"><a href="#about">About</a></li>
-				<li><a href="#users">Users</a></li>
-				<li><a href="#slices">Slices</a></li>
-				<li><a href="#requests">Requests</a></li>
-			</ul>
-	    </div>
-	</div>
-</div>
-<div class="container tab-content">
-	<div class="tab-pane active row" id="about">
-	</div>
-	
-	<div class="tab-pane row" id="users" data-authority="{{user_details.parent_authority}}">
-		<div class="col-md-12 el">
-			<div id="user-tab-loading"><img src="{{ STATIC_URL }}img/loading.gif" alt="Loading Slices" /></div>
-				<div id="user-tab-loaded" style="display:none;">
-    				<table id="user-tab" class="table">
-        				<tr>
-            				<th>+/-</th>
-            				<th>Email</th>
-            				<th>User hrn</th>
-                            <!--
-            				<th>First name</th>
-            				<th>Last name</th>
-            				<th>Enabled</th>
-                            -->
-        				</tr>
-    				</table>
-				
-			</div>
-			{%if 'is_pi'  in pi %}	
-			<div>
-				<button id="deleteusers" type="button" class="btn btn-danger"><span class="glyphicon glyphicon-remove"></span> Delete selected users</button>
-			</div>
-			{% endif %}
-		</div>
- 	</div>
-
-	<div class="tab-pane row" id="slices">
-		<div class="col-md-12 el">
-	    <div id="slice-tab-loading"><img src="{{ STATIC_URL }}img/loading.gif" alt="Loading Slices" /></div>
-	    <div id="slice-tab-loaded" style="display:none;">
-	        <table id="slice-tab" class="table">
-	            <tr>
-	                <th>+/-</th>
-	                <th>Slice hrn</th>
-	                <th>Users</th>
-	                <th>Url</th>
-	                <!-- <th>nodes</th> -->
-	                <th>Creation</th>
-	            </tr>
-	        </table>			
-	    </div>
-    	{% if 'is_pi'  in pi %}
-        <div>
-        	{% if 'is_pi'  in pi %}
-	  		<button id="createslice" type="button" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> Create slice</button>
-			{% else %}
-			<button id="createslice" type="button" class="btn btn-default"><span class="glyphicon glyphicon-plus"></span> Request slice</button>
-			{% endif %}
-            <button id="renewslices" type="button" class="btn btn-primary"><span class="glyphicon glyphicon-refresh"></span> Renew Slices</button>
-            <button id="deleteslices" type="button" class="btn btn-danger"><span class="glyphicon glyphicon-remove"></span> Delete Slices</button>
-        </div>
-		{% endif %} 
-	   </div>
-	</div>
-	<div class="tab-pane row" id="requests">
-	</div>
-</div>
-<script>
-$(document).ready(function() {
-    {% if person %}
-    {% if user_details.parent_authority %}
-
-        $.post("/rest/slice/",{'fields':['slice_hrn','users','url','slice_date_created'],'filters':{'parent_authority':'{{user_details.parent_authority}}'}}, function( data ) {
-            var list_slices = [];
-            var table_slices = [];
-            /* "slice_hrn", "slice_description", "slice_type", "parent_authority", "created", "nodes", "slice_url", "slice_last_updated", "users", "slice_urn", "slice_expires" */
-            $.each( data, function( key, val ) {
-                list_slices.push( "<li><a href=\"portal/slice/"+val.slice_hrn+"\">" + val.slice_hrn + "</a></li>" );
-                if(val.nodes=="undefined" || val.nodes==null){
-                    nodes_length=0;
-                }else{
-                    nodes_length=val.nodes.length;
-                }
-                console.log(val);
-                if(val.users=="undefined" || val.users==null){
-                    users_length=0;
-                }else{
-                    users_length=val.users.length;
-                }
-
-                if(val.url=="undefined" || val.url==null){
-                    slice_url="";
-                }else{
-                    slice_url="<a href='"+val.url+"' target='_blank'>"+val.url+"</a>";
-                }
-                
-                slice_row = "<tr id='"+val.slice_hrn+"'>";
-                slice_row += "<td><input type='checkbox' class='slice' id='"+val.slice_hrn+"'></td>";
-                slice_row += "<td><a href=\"/slice/"+val.slice_hrn+"\">" + val.slice_hrn + "</a></td>";
-                slice_row += "<td>"+users_length+"</td>";
-                slice_row += "<td>"+slice_url+"</td>";
-                //slice_row += "<td>"+nodes_length+"</td>";
-                slice_row += "<td>"+val.slice_date_created+"</td>";
-                slice_row += "</tr>";
-                table_slices.push(slice_row);
-                
-            });
-           
-            /* $("div#slice-list").html($( "<ul/>", { html: list_slices.join( "" ) })); */
-            $("table#slice-tab tr:last").after(table_slices.join( "" ));
-            $("div#slice-tab-loaded").css("display","block");
-            $("div#slice-tab-loading").css("display","none");
-        });
-		
-		
-        $.post("/rest/user/",{'fields':['user_hrn','user_email'],'filters':{'parent_authority':'{{user_details.parent_authority}}'}}, function( data ) {
-            var list_users = [];
-            var table_users = [];
-		    /* Available fields
-		    user_gid, user_enabled, slices, pi_authorities, keys, parent_authority, user_first_name,
-		    user_urn, user_last_name, user_phone, user_hrn, user_email, user_type
-		    */
-            $.each( data, function( key, val ) {
-                list_users.push( "<li><a href=\"portal/user/"+val.user_email+"\">" + val.user_email + "</a></li>" );
-                user_row = "<tr id='"+val.user_hrn+"'>";
-                user_row += "<td><input type='checkbox' class='user' id='"+val.user_hrn+"'></td>";
-                user_row += "<td>"+val.user_email+"</td>";
-                user_row += "<td>"+val.user_hrn+"</td>";
-                /*
-                user_row += "<td>"+val.user_first_name+"</td>";
-                user_row += "<td>"+val.user_last_name+"</td>";
-		   	    user_row += "<td>"+val.user_enabled+"</td>";
-                */
-                user_row += "</tr>";
-                table_users.push(user_row);
-            });
-            $("table#user-tab tr:last").after(table_users.join( "" ));
-            $("div#user-tab-loaded").css("display","block");
-            $("div#user-tab-loading").css("display","none");
-        });
-
-    {% endif %}
-    {% endif %}
-
-}); // End document.ready
-
-$(document).ready(function() {
-	$('.nav-tabs a').click(function (e) {
-  		e.preventDefault();
-  		$(this).tab('show');
-    	var id = $(this).attr('href').substr(1);
-    	if ((id == 'requests') || (id == 'about'))
-    		$("#" + id).load('/management/' + id);
-	});
-	var hash = window.location.hash;
-	if (hash) {
-		$('.nav-tabs a[href='+hash+']').click();
-	} else {
-		$('.nav-tabs a[href=#about]').click();
-	}
-});
-</script>
-{% endblock %}
diff --git a/rest/__init__.py b/rest/__init__.py
index 96b901f7..c3484835 100644
--- a/rest/__init__.py
+++ b/rest/__init__.py
@@ -1,5 +1,6 @@
 from manifold.core.query            import Query
 from manifoldapi.manifoldapi        import execute_query
+from portal.actions                 import is_pi
 
 from django.http                    import HttpResponse
 
@@ -45,8 +46,7 @@ class ObjectRequest(object):
             table = self.type.split(':')
             prefix = table[0]
             table = table[1]
-
-            if prefix is 'local':
+            if prefix == 'local':
                 # XXX TODO: find a generic Query to get the fields like 
                 # select column.name from local:object where table == local:user
                 table = self.type.split(':')
@@ -74,7 +74,6 @@ class ObjectRequest(object):
     def setKey(self):
         # What about key formed of multiple fields???
         query = Query.get('local:object').filter_by('table', '==', self.type).select('key')
-        print query
         results = execute_query(self.request, query)
         print "key of object = %s" % results
         if results :
diff --git a/rest/local_user.py b/rest/local_user.py
new file mode 100644
index 00000000..82b2c4da
--- /dev/null
+++ b/rest/local_user.py
@@ -0,0 +1,28 @@
+from django.http        import HttpResponse
+from portal.actions     import delete_local_user
+import json
+
+def dispatch(request, action):
+    
+    if (action == 'delete') :
+        res=[]
+        email = request.POST.get('email')
+        if not email:
+            email = request.GET.get('email')
+
+        ret = delete_local_user(request, email)
+        #if emails :
+        #    for email in emails :
+        #        try :
+        #            clear = clear_user_creds(request, email)
+        #            if clear is not None:
+        #                res.append(clear)
+        #        except :
+        #            pass
+        #
+        #if not res :
+        #    ret = { "ret" : 1, "emails" : emails }
+        #else :
+        #    ret = { "ret" : 0 }
+    
+    return HttpResponse(json.dumps(ret), content_type="application/json")
-- 
2.43.0