Attention une mise à jour du serveur va être effectuée le lundi 17 mai entre 13h et 13h30. Cette mise à jour va générer une interruption du service de quelques minutes.

group.py 14.9 KB
Newer Older
Marc Duez's avatar
Marc Duez committed
1
import gluon.contrib.simplejson
2
from controller_utils import error_message
Marc Duez's avatar
Marc Duez committed
3 4 5 6 7
if request.env.http_origin:
    response.headers['Access-Control-Allow-Origin'] = request.env.http_origin  
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Max-Age'] = 86400

RyanHerb's avatar
RyanHerb committed
8 9
ACCESS_DENIED = "access denied"

10
## return group list
11
def index():
12
    count = db.auth_group.id.count()
13
    user_count = db.auth_user.id.count()
14
    query = db(
15 16 17 18 19 20 21 22 23 24
       (db.auth_group.id > 0) &
       (db.auth_membership.group_id == db.auth_group.id) &
       (db.auth_membership.user_id == db.auth_user.id)
    ).select(
            db.auth_group.role.with_alias('role'),
            db.auth_group.id.with_alias('id'),
            db.auth_group.description.with_alias('description'),
            user_count.with_alias('count'),
            groupby = db.auth_group.id,
            orderby=db.auth_group.role)
25 26

    for row in query:
27
        row.parents = ', '.join(str(value) for value in auth.get_group_parent(row.id))
28

29
        row.access = ''
30 31 32 33 34 35 36 37
        permissions_list = [PermissionEnum.create.value,
                            PermissionEnum.upload.value,
                            PermissionEnum.run.value,
                            PermissionEnum.anon.value,
                            PermissionEnum.admin.value,
                            PermissionEnum.save.value]
        permissions = auth.get_group_permissions(table_name='sample_set', group_id=row.id, myfilter=permissions_list)
        row.access = ''.join([PermissionLetterMapping[p].value for p in permissions])
38

39 40 41 42
    log.info("access group list", extra={'user_id': auth.user.id,
                'record_id': None,
                'table_name': "group"})

43
    return dict(message=T('Groups'), query=query, count=count)
44

45
## return an html form to add a group
46 47 48 49 50
def add():
    if auth.is_admin():
        groups = db(db.auth_group).select()
    else:
        groups = auth.get_user_groups()
51 52 53 54

    log.info('access group add form', extra={'user_id': auth.user.id,
                'record_id': None,
                'table_name': "group"})
55
    return dict(message=T('New group'), groups=groups)
56

57 58 59 60 61

## create a group if the html form is complete
## need ["group_name", "info"]
## redirect to group list if success
## return a flash error message if error
62 63 64 65
def add_form():
    if not auth.is_admin():
        return error_message(ACCESS_DENIED)

Marc Duez's avatar
Marc Duez committed
66 67 68 69 70 71 72 73 74 75 76 77 78
    error = ""

    if request.vars["group_name"] == "" :
        error += "group name needed, "

    if error=="" :
        id = db.auth_group.insert(role=request.vars["group_name"],
                               description=request.vars["info"])
        user_group = auth.user_group(auth.user.id)

        #group creator is a group member
        auth.add_membership(id, auth.user.id)

79
        # Associate group with parent group network
80
        group_parent = request.vars["group_parent"]
81
        if group_parent != None and group_parent != 'None':
82 83 84 85 86
            parent_list = db(db.group_assoc.second_group_id == group_parent).select(db.group_assoc.ALL)
            parent = None
            if len(parent_list) > 0:
                for parent in parent_list:
                    db.group_assoc.insert(first_group_id=parent.first_group_id, second_group_id=id)
87
                    auth.add_permission(parent.first_group_id, PermissionEnum.admin_group.value, db.auth_group, id)
88 89
            else:
                db.group_assoc.insert(first_group_id=group_parent, second_group_id=id)
90
                auth.add_permission(group_parent, PermissionEnum.admin_group.value, db.auth_group, id)
91
        else:
92
            auth.add_permission(id, PermissionEnum.admin_group.value, id)
93

94
        add_default_group_permissions(auth, id)
95

Marc Duez's avatar
Marc Duez committed
96
        res = {"redirect": "group/index",
97
               "message" : "group '%s' (%s) created" % (id, request.vars["group_name"])}
98 99 100 101

        log.info(res, extra={'user_id': auth.user.id,
                'record_id': id,
                'table_name': "group"})
102
        log.admin(res)
Marc Duez's avatar
Marc Duez committed
103 104 105 106
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else :
        res = {"success" : "false", "message" : error}
107
        log.error(res)
Marc Duez's avatar
Marc Duez committed
108
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
109

RyanHerb's avatar
RyanHerb committed
110 111 112 113
def edit():
    if auth.is_admin() or auth.has_permission(PermissionsEnum.admin.value, db.auth_group, request.vars["id"]):
        group = db.auth_group[request.vars["id"]]
        return dict(message=T('Edit group'), group=group)
114 115 116 117

    log.info('access group edit form', extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
RyanHerb's avatar
RyanHerb committed
118 119 120
    return error_message(ACCESS_DENIED)

def edit_form():
121 122 123
    if not auth.can_modify_group(request.vars['id']):
        return error_message(ACCESS_DENIED)

RyanHerb's avatar
RyanHerb committed
124 125 126 127 128 129 130 131 132 133
    error = ""

    if request.vars["group_name"] == "" :
        error += "group name needed, "

    if error=="" :
        db.auth_group[request.vars["id"]] = dict(role=request.vars["group_name"],
                                               description=request.vars["info"])

        res = {"redirect": "group/index",
134
               "message" : "group '%s' modified" % request.vars["id"]}
135 136 137 138

        log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars['id'],
                'table_name': "group"})
139
        log.admin(res)
RyanHerb's avatar
RyanHerb committed
140 141 142 143 144 145
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else :
        res = {"success" : "false", "message" : error}
        log.error(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
146

147 148
## confirm page before group deletion
## need ["id"]
149
def confirm():
150 151 152
    if auth.can_modify_group(request.vars["id"]):
        return dict(message=T('confirm group deletion'))
    return error_message(ACCESS_DENIED)
153

154 155 156 157

## delete group
## need ["id"]
## redirect to group list if success
158
def delete():
159 160
    if not auth.can_modify_group(request.vars["id"]):
        return error_message(ACCESS_DENIED)
161 162 163 164
    #delete group
    db(db.auth_group.id == request.vars["id"]).delete()
    
    res = {"redirect": "group/index",
165
           "message": "group '%s' deleted" % request.vars["id"]}
166 167 168
    log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
169
    log.admin(res)
170 171
    return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

172 173 174

## return list of group member
## need ["id"]
175
def info():
176
    if auth.can_view_group(request.vars["id"]):
177 178 179
        log.info("access user list", extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
180 181 182 183 184 185

        group = db.auth_group[request.vars["id"]]

        base_query = ((db.auth_user.id == db.auth_membership.user_id)
                & (db.auth_membership.group_id == request.vars["id"]))

186 187 188 189 190 191 192 193 194 195 196 197
        parent_group = db(db.group_assoc.second_group_id == request.vars["id"]).select()

        group_ids = [request.vars["id"]] + [r.first_group_id for r in parent_group]

        base_left = [db.auth_permission.on(
                        (db.auth_permission.group_id.belongs(group_ids)) &
                        (db.auth_permission.name == 'access') &
                        (db.auth_permission.table_name == 'sample_set') &
                        (db.auth_permission.record_id > 0)),
                    db.sample_set_membership.on(
                        db.sample_set_membership.sample_set_id == db.auth_permission.record_id)]

198 199 200 201 202 203 204
        query = db(base_query).select(
                db.auth_user.id,
                db.auth_user.first_name,
                db.auth_user.last_name,
                db.auth_user.email,
                db.sequence_file.id.count(True).with_alias('file_count'),
                db.sequence_file.size_file.coalesce_zero().sum().with_alias('size'),
205
                left=base_left + [db.sequence_file.on(
206 207 208 209 210 211 212 213 214 215 216
                        (db.sequence_file.provider == db.auth_user.id) &
                        (db.sequence_file.id == db.sample_set_membership.sequence_file_id))
                ],
                groupby=(db.auth_user.id)
            )

        sset_count = db(base_query).select(
                db.auth_user.id,
                db.patient.id.count(True).with_alias('patient_count'),
                db.run.id.count(True).with_alias('run_count'),
                db.generic.id.count(True).with_alias('generic_count'),
217
                left=base_left + [db.patient.on(
218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253
                        (db.patient.creator == db.auth_user.id) &
                        (db.patient.sample_set_id == db.sample_set_membership.sample_set_id)),
                    db.run.on(
                        (db.run.creator == db.auth_user.id) &
                        (db.run.sample_set_id == db.sample_set_membership.sample_set_id)),
                    db.generic.on(
                        (db.generic.creator == db.auth_user.id) &
                        (db.generic.sample_set_id == db.sample_set_membership.sample_set_id))
                ],
                groupby=(db.auth_user.id)
            )

        logins = db(base_query).select(
                db.auth_user.id,
                db.auth_event.time_stamp.max().with_alias('last_login'),
                left=[db.auth_event.on(
                    (db.auth_event.user_id == db.auth_user.id) &
                    (db.auth_event.origin == 'auth') &
                    (db.auth_event.description.like('%Logged-in')))
                ],
                groupby=(db.auth_user.id, db.auth_event.description)
            )

        result = {}
        for row in query:
            result[row.auth_user.id] = row

        for row in sset_count:
            result[row.auth_user.id]['count'] = row.patient_count + row.run_count + row.generic_count

        for row in logins:
            result[row.auth_user.id]['last_login'] = row.last_login

        return dict(message=T('group info'),
                    result=result,
                    group=group)
254
    return error_message(ACCESS_DENIED)
255 256 257 258


## return list of group admin
## need ["id"]
259 260
def permission():
    if auth.can_modify_group(request.vars["id"]):
261 262 263
        log.info("view permission page", extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
264 265
        return dict(message=T('permission'))
    return error_message(ACCESS_DENIED)
266 267 268 269

## remove admin right
## need ["group_id", "user_id"]
def remove_permission():
270 271
    if not auth.can_modify_group(request.vars["group_id"]):
        return error_message(ACCESS_DENIED)
Marc Duez's avatar
Marc Duez committed
272 273 274 275 276 277 278 279
    error = ""

    if request.vars["group_id"] == "" :
        error += "missing group_id, "
    if request.vars["user_id"] == "" :
        error += "missing user_id, "

    if error=="":
HERBERT Ryan's avatar
HERBERT Ryan committed
280
        auth.del_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])
Marc Duez's avatar
Marc Duez committed
281 282

    res = {"redirect" : "group/permission" ,
283 284 285
           "args" : { "id" : request.vars["group_id"]},
           "message": "user '%s' is not anymore owner of the group '%s'" % (request.vars["user_id"], request.vars["group_id"]) 
    }
286 287 288
    log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
Marc Duez's avatar
Marc Duez committed
289
    return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
290 291 292 293

## give admin right to a group member
## need ["group_id", "user_id"]
def change_permission():
294 295
    if not auth.can_modify_group(request.vars["group_id"]):
        return error_message("ACCESS_DENIED")
HERBERT Ryan's avatar
HERBERT Ryan committed
296
    auth.add_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])
297

298 299 300
    res = {"redirect" : "group/permission" , "args" : { "id" : request.vars["group_id"]},
           "message": "user '%s' is now owner of the group '%s'" % (request.vars["user_id"], request.vars["group_id"]) }
    log.admin(res)
301 302 303
    log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
Marc Duez's avatar
Marc Duez committed
304
    return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
305 306 307 308
    
## invite an user to join the group
## need ["group_id", "user_id"]
def invite():
Marc Duez's avatar
Marc Duez committed
309
    #check admin 
310
    if auth.can_modify_group(request.vars["group_id"]):
Marc Duez's avatar
Marc Duez committed
311 312 313
        auth.add_membership(request.vars["group_id"], request.vars["user_id"])
        res = {"redirect" : "group/info" ,
               "args" : { "id" : request.vars["group_id"]},
314
               "message" : "user '%s' added to group '%s'" % (request.vars["user_id"], request.vars["group_id"])}
315
        log.admin(res)
316 317 318
        log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars["group_id"],
                'table_name': "group"})
Marc Duez's avatar
Marc Duez committed
319 320 321 322 323 324
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else:
        res = {"redirect" : "group/info" ,
               "args" : { "id" : request.vars["group_id"]},
               "message" : "you don't have permission to invite people"}
325
        log.error(res)
Marc Duez's avatar
Marc Duez committed
326
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
327 328 329 330
        
## revoke membership
## need ["group_id", "user_id"]
def kick():
Marc Duez's avatar
Marc Duez committed
331
    #check admin 
332
    if auth.can_modify_group(request.vars["group_id"]):
Marc Duez's avatar
Marc Duez committed
333 334 335
        auth.del_membership(request.vars["group_id"], request.vars["user_id"])
        res = {"redirect" : "group/info" ,
               "args" : { "id" : request.vars["group_id"]},
336
               "message" : "user '%s' removed from group '%s'" % (request.vars["user_id"], request.vars["group_id"])}
337
        log.admin(res)
338 339 340
        log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars["group_id"],
                'table_name': "group"})
Marc Duez's avatar
Marc Duez committed
341 342 343 344 345 346
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else:
        res = {"redirect" : "group/info" ,
               "args" : { "id" : request.vars["group_id"]},
               "message" : "you don't have permission to kick people"}
347
        log.error(res)
Marc Duez's avatar
Marc Duez committed
348
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
349 350 351 352 353 354 355 356 357 358 359 360 361

def rights():
    if auth.is_admin():
        group_id = request.vars["id"]
        msg = ""

        if request.vars["value"] == "true" :
            auth.add_permission(group_id, request.vars["right"], request.vars["name"], 0)
            msg += "add '" + request.vars["right"] + "' permission on '" + request.vars["name"] + "' for group " + db.auth_group[group_id].role
        else :
            auth.del_permission(group_id, request.vars["right"], request.vars["name"], 0)
            msg += "remove '" + request.vars["right"] + "' permission on '" + request.vars["name"] + "' for group " + db.auth_group[group_id].role

362
        res = { "redirect": "group/info",
363 364 365
                "args" : {"id" : group_id },
                "message": msg}
        log.admin(res)
366 367 368
        log.info(res, extra={'user_id': auth.user.id,
                'record_id': request.vars["id"],
                'table_name': "group"})
369 370 371 372 373
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
    else :
        res = {"message": "admin only"}
        log.error(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))