Commit 4dc1e6ea authored by Marc Duez's avatar Marc Duez
Browse files
parents b1e5250b ec03a357
......@@ -2,6 +2,18 @@
data:
sh nginx_install.sh
install_web2py:
wget http://web2py.com/examples/static/web2py_src.zip
unzip web2py_src.zip
mv web2py/handlers/wsgihandler.py web2py/wsgihandler.py
rm web2py_src.zip
cp -i web2py/applications/vidjil/modules/defs.py.sample web2py/applications/vidjil/modules/defs.py
install_unit_tests:
pip install unittest2
pip install unittest-xml-reporting
unit: clean_unit_tests
cd web2py; python web2py.py -S vidjil -M -R testRunner.py
......
......@@ -219,11 +219,7 @@ exec uwsgi --master --die-on-term --emperor /etc/uwsgi --logto /var/log/uwsgi/uw
# Install Web2py
cd $CWD
wget http://web2py.com/examples/static/web2py_src.zip
unzip web2py_src.zip
mv web2py/handlers/wsgihandler.py web2py/wsgihandler.py
rm web2py_src.zip
cp web2py/applications/vidjil/modules/defs.py.sample web2py/applications/vidjil/modules/defs.py
make install_web2py
chown -R www-data:www-data web2py
cd $CWD/web2py
sudo -u www-data python -c "from gluon.main import save_password; save_password('$PW',443)"
......
......@@ -14,7 +14,7 @@ if request.env.http_origin:
## return admin_panel
def index():
if auth.has_membership("admin"):
if auth.is_admin():
p = subprocess.Popen(["uptime"], stdout=subprocess.PIPE)
uptime, err = p.communicate()
......@@ -50,7 +50,7 @@ def monitor():
def showlog():
if auth.has_membership("admin"):
if auth.is_admin():
lines = []
......@@ -115,7 +115,7 @@ def showlog():
## to use after change in the upload folder
def repair_missing_files():
if auth.has_membership("admin"):
if auth.is_admin():
flist = ""
for row in db(db.sequence_file.id>0 and db.sequence_file.data_file != None).select() :
......@@ -134,7 +134,7 @@ def repair_missing_files():
def make_backup():
if auth.has_membership("admin"):
if auth.is_admin():
db.export_to_csv_file(open(defs.DB_BACKUP_FILE, 'wb'))
......@@ -144,7 +144,7 @@ def make_backup():
def repair():
if auth.has_membership("admin"):
if auth.is_admin():
flist = "fix creator "
for row in db(db.patient.creator == None).select() :
......
......@@ -18,7 +18,7 @@ def index():
return dict(message=T('Configs'),
query=query,
isAdmin = auth.has_membership("admin"))
isAdmin = auth.is_admin())
def add():
......@@ -107,7 +107,7 @@ def delete():
def permission():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
query = db( (db.auth_group.role != 'admin') ).select()
......@@ -151,7 +151,7 @@ def permission():
#TODO refactor with patient/change_permission
def change_permission():
if (auth.has_permission('admin', 'config', request.vars["config_id"]) ):
if (auth.can_modify_config(request.vars["config_id"]) ):
error = ""
if request.vars["group_id"] == "" :
error += "missing group_id, "
......
......@@ -122,16 +122,16 @@ def run_request():
id_config = None
else:
id_config = request.vars["config_id"]
if not auth.has_permission("run", "results_file") and not auth.has_membership("admin") :
if not auth.can_process_file():
error += "permission needed"
id_patient = db.sequence_file[request.vars["sequence_file_id"]].patient_id
if not auth.has_permission('admin', 'patient', id_patient) :
if not auth.can_modify_patient(id_patient) :
error += "you do not have permission to launch process for this patient ("+str(id_patient)+"), "
if id_config:
if not auth.has_permission('read', 'config', id_config) :
if not auth.can_use_config(id_config) :
error += "you do not have permission to launch process for this config ("+str(id_config)+"), "
if error == "" :
......@@ -168,8 +168,7 @@ def get_data():
error += "id patient file needed, "
if not "config" in request.vars:
error += "id config needed, "
if not auth.has_permission('admin', 'patient', request.vars["patient"]) and \
not auth.has_permission('read', 'patient', request.vars["patient"]):
if not auth.can_view_patient(request.vars["patient"]):
error += "you do not have permission to consult this patient ("+str(request.vars["patient"])+")"
query = db( ( db.fused_file.patient_id == request.vars["patient"] )
......@@ -188,7 +187,7 @@ def get_data():
data = gluon.contrib.simplejson.loads(f.read())
f.close()
patient_name = vidjil_utils.anon(request.vars["patient"], auth.user_id)
patient_name = vidjil_utils.anon_ids(request.vars["patient"])
config_name = db.config[request.vars["config"]].name
command = db.config[request.vars["config"]].command
......@@ -247,8 +246,7 @@ def get_custom_data():
for id in request.vars["custom"] :
sequence_file_id = db.results_file[id].sequence_file_id
patient_id =db.sequence_file[sequence_file_id].patient_id
if not auth.has_permission('admin', 'patient', patient_id) and \
not auth.has_permission('read', 'patient', patient_id):
if not auth.can_view_patient(patient_id):
error += "you do not have permission to consult this patient ("+str(patient_id)+")"
if error == "" :
......@@ -265,7 +263,7 @@ def get_custom_data():
sequence_file_id = db.results_file[id].sequence_file_id
patient_id = db.sequence_file[sequence_file_id].patient_id
config_id = db.results_file[id].config_id
patient_name = vidjil_utils.anon(patient_id, auth.user_id)
patient_name = vidjil_utils.anon_ids(patient_id)
filename = db.sequence_file[sequence_file_id].filename
data["samples"]["original_names"].append(patient_name + "_" + filename)
data["samples"]["timestamp"].append(str(db.sequence_file[sequence_file_id].sampling_date))
......@@ -291,8 +289,7 @@ def get_analysis():
error += "id patient file needed, "
if not "config" in request.vars:
error += "id config needed, "
if not auth.has_permission('admin', 'patient', request.vars["patient"]) and \
not auth.has_permission('read', 'patient', request.vars["patient"]):
if not auth.can_view_patient(request.vars["patient"]):
error += "you do not have permission to consult this patient ("+str(request.vars["patient"])+")"
## empty analysis file
......@@ -351,7 +348,7 @@ def save_analysis():
error += "id patient file needed, "
if not "config" in request.vars:
error += "id config needed, "
if not auth.has_permission('admin', 'patient', request.vars['patient']) :
if not auth.can_modify_patient(request.vars['patient']) :
error += "you do not have permission to save changes on this patient"
if error == "" :
......
......@@ -10,11 +10,11 @@ if request.env.http_origin:
def add():
if not auth.has_permission('admin', 'patient', request.vars['id'], auth.user_id) and not auth.has_membership("admin"):
if not auth.can_modify_patient(request.vars['id'], auth.user_id):
res = {"success" : "false", "message" : "you need admin permission on this patient to add files"}
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id) and not auth.has_membership("admin"):
elif not auth.can_upload_file(request.vars['id']):
res = {"success" : "false", "message" : "you don't have right to upload files"}
log.error(res)
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
......@@ -77,9 +77,9 @@ def add_form():
def edit():
if auth.has_permission('admin', 'patient', request.vars['patient_id']) or auth.has_membership("admin"):
if auth.can_modify_patient(request.vars['patient_id']):
return dict(message=T('edit file'))
#elif not auth.has_permission('upload', 'sequence_file', request.vars['id'], auth.user_id):
#elif not auth.can_upload_file(request.vars['id']):
# res = {"success" : "false", "message" : "you don't have right to upload files"}
# return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
else:
......@@ -153,7 +153,7 @@ def upload():
def confirm():
if auth.has_permission('admin', 'patient', request.vars['patient_id']) or auth.has_membership("admin"):
if auth.can_modify_patient(request.vars['patient_id']):
return dict(message=T('confirm sequence file deletion'))
else:
res = {"success" : "false", "message" : "you need admin permission to delete this file"}
......@@ -166,7 +166,7 @@ def delete():
patient_id = db.sequence_file[request.vars["id"]].patient_id
if auth.has_permission('admin', 'patient', patient_id):
if auth.can_modify_patient(patient_id):
db(db.sequence_file.id == request.vars["id"]).delete()
db(db.results_file.sequence_file_id == request.vars["id"]).delete()
......
......@@ -107,7 +107,7 @@ def change_permission():
## need ["group_id", "user_id"]
def invite():
#check admin
if auth.has_permission('admin', 'auth_group', request.vars["group_id"], auth.user.id):
if auth.can_modify_group(request.vars["group_id"]):
auth.add_membership(request.vars["group_id"], request.vars["user_id"])
res = {"redirect" : "group/info" ,
"args" : { "id" : request.vars["group_id"]},
......@@ -126,7 +126,7 @@ def invite():
## need ["group_id", "user_id"]
def kick():
#check admin
if auth.has_permission('admin', 'auth_group', request.vars["group_id"], auth.user.id):
if auth.can_modify_group(request.vars["group_id"]):
auth.del_membership(request.vars["group_id"], request.vars["user_id"])
res = {"redirect" : "group/info" ,
"args" : { "id" : request.vars["group_id"]},
......
......@@ -14,11 +14,14 @@ def info():
if 'next' in request.vars:
try:
new_id = request.vars["id"]
new_id = str(int(new_id)+int(request.vars["next"]))
while db.patient[new_id] is None and int(new_id) > 0:
new_id = str(int(new_id)+int(request.vars["next"]))
request.vars["id"] = new_id
current_id = request.vars["id"]
go_next = int(request.vars['next'])
if go_next > 0:
res = db(db.patient.id > current_id).select(db.patient.id, orderby=db.patient.id, limitby=(0,1))
else:
res = db(db.patient.id < current_id).select(db.patient.id, orderby=~db.patient.id, limitby=(0,1))
if (len(res) > 0):
request.vars["id"] = str(res[0].id)
except:
pass
......@@ -26,7 +29,7 @@ def info():
if request.vars["config_id"] and request.vars["config_id"] != "-1" :
config_id = long(request.vars["config_id"])
patient_name = vidjil_utils.anon(patient.id, auth.user_id)
patient_name = vidjil_utils.anon_names(patient.id, patient.first_name, patient.last_name)
config_name = db.config[request.vars["config_id"]].name
fused = db(
......@@ -92,7 +95,7 @@ def info():
log.debug('patient (%s)' % request.vars["id"])
if (auth.has_permission('read', 'patient', request.vars["id"]) ):
if (auth.can_view_patient(request.vars["id"]) ):
return dict(query=query,
patient=patient,
birth=vidjil_utils.anon_birth(request.vars["id"], auth.user.id),
......@@ -139,7 +142,7 @@ def custom():
)
query = db(q).select(
db.patient.id, db.patient.info, db.results_file.id, db.results_file.config_id, db.sequence_file.sampling_date,
db.patient.id, db.patient.info, db.patient.first_name, db.patient.last_name, db.results_file.id, db.results_file.config_id, db.sequence_file.sampling_date,
db.sequence_file.pcr, db.config.name, db.results_file.run_date, db.results_file.data_file, db.sequence_file.filename,
db.sequence_file.patient_id, db.sequence_file.data_file, db.sequence_file.id, db.sequence_file.info,
db.sequence_file.size_file,
......@@ -155,7 +158,9 @@ def custom():
row.checked = False
if (str(row.results_file.id) in request.vars["custom_list"]) :
row.checked = True
row.string = (vidjil_utils.anon(row.sequence_file.patient_id, auth.user_id) + row.sequence_file.filename +
row.names = vidjil_utils.anon_names(row.patient.id, row.patient.first_name, row.patient.last_name)
row.string = (row.names + row.sequence_file.filename +
str(row.sequence_file.sampling_date) + str(row.sequence_file.pcr) + str(row.config.name) + str(row.results_file.run_date)).lower()
query = query.find(lambda row : ( vidjil_utils.filter(row.string,request.vars["filter"]) or row.checked) )
......@@ -273,7 +278,7 @@ def index():
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
isAdmin = auth.has_membership("admin")
isAdmin = auth.is_admin()
##retrieve patient list
query = db(
......@@ -285,16 +290,12 @@ def index():
result = {}
for i, row in enumerate(query) :
try:
ln = unicode(row.last_name, 'utf-8')
except UnicodeDecodeError:
ln = row.last_name
result[row.id] = {
"id" :int(row.id),
"last_name" : row.last_name,
"first_name" : row.first_name,
"has_permission" : False,
"name" : ln[:3],
"anon_allowed": False,
"birth" : row.birth,
"info" : row.info,
"creator" : row.creator,
......@@ -310,7 +311,6 @@ def index():
keys = result.keys()
(auth.has_permission('admin', 'patient', row['id']) )
query = db(
(db.auth_permission.name == "admin") &
(db.auth_permission.table_name == "patient") &
......@@ -365,21 +365,20 @@ def index():
for i, row in enumerate(query4) :
if row.patient.id in keys :
result[row.patient.id]['group_list'].append(row.auth_group.role.replace('user_','u'))
query5 = db(
(db.auth_permission.name == "anon") &
(db.auth_permission.name == "anon") &
(db.auth_permission.table_name == "patient") &
(db.patient.id == db.auth_permission.record_id ) &
(db.auth_group.id == db.auth_permission.group_id ) &
(db.auth_membership.user_id == auth.user_id) &
(db.auth_membership.group_id == db.auth_group.id)
).select(
db.patient.id, db.patient.last_name, db.patient.first_name
db.patient.id
)
for i, row in enumerate(query5) :
if row.id in keys :
result[row.id]['name'] = row.last_name + " " + row.first_name
result[row.id]['anon_allowed'] = True
for key, row in result.iteritems():
row['most_used_conf'] = max(set(row['conf_id_list']), key=row['conf_id_list'].count)
......@@ -419,7 +418,7 @@ def index():
## return form to create new patient
def add():
if (auth.has_permission('create', 'patient') ):
if (auth.can_create_patient()):
return dict(message=T('add patient'))
else :
res = {"message": ACCESS_DENIED}
......@@ -433,7 +432,7 @@ def add():
## redirect to patient list if success
## return a flash error message if fail
def add_form():
if (auth.has_permission('create', 'patient') ):
if (auth.can_create_patient()):
error = ""
if request.vars["first_name"] == "" :
......@@ -485,7 +484,7 @@ def add_form():
## return edit form
def edit():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
return dict(message=T('edit patient'))
else :
res = {"message": ACCESS_DENIED}
......@@ -499,7 +498,7 @@ def edit():
## redirect to patient list if success
## return a flash error message if fail
def edit_form():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
error = ""
if request.vars["first_name"] == "" :
error += "first name needed, "
......@@ -541,7 +540,7 @@ def download():
#
def confirm():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
log.debug('request patient deletion')
return dict(message=T('confirm patient deletion'))
else :
......@@ -552,7 +551,7 @@ def confirm():
#
def delete():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
import shutil, os.path
#delete data file
query = db( (db.sequence_file.patient_id==request.vars["id"])).select()
......@@ -578,7 +577,7 @@ def delete():
#
def permission():
if (auth.has_permission('admin', 'patient', request.vars["id"]) ):
if (auth.can_modify_patient(request.vars["id"]) ):
query = db( db.auth_group.role != 'admin' ).select()
......@@ -621,7 +620,7 @@ def permission():
#
def change_permission():
if (auth.has_permission('admin', 'patient', request.vars["patient_id"]) ):
if (auth.can_modify_patient(request.vars["patient_id"]) ):
error = ""
if request.vars["group_id"] == "" :
error += "missing group_id, "
......
......@@ -10,7 +10,7 @@ if request.env.http_origin:
## return admin_panel
def index():
if auth.has_membership("admin"):
if auth.is_admin():
query = db(
(db.results_file.sequence_file_id==db.sequence_file.id)
......@@ -57,7 +57,7 @@ def index():
reverse=reverse)
def run_all():
if auth.has_membership("admin"):
if auth.is_admin():
query = db(
(db.results_file_file.sequence_file_id==db.sequence_file.id)
& (db.results_file.config_id==db.config.id)
......@@ -74,15 +74,15 @@ def run_all():
## display run page result
## need ["results_file_id"]
def info():
if (auth.has_permission('admin', 'patient', db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id ) ):
if (auth.can_modify_patient(db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id ) ):
return dict(message=T('result info'))
else :
res = {"message": "acces denied"}
return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
def confirm():
if (auth.has_permission('admin', 'patient', db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
& auth.has_permission("run", "results_file") ) or auth.has_membership("admin"):
if (auth.can_modify_patient(db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
& auth.can_process_file()):
return dict(message=T('result confirm'))
else :
res = {"message": "acces denied"}
......@@ -90,8 +90,8 @@ def confirm():
#
def delete():
if (auth.has_permission('admin', 'patient', db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
& auth.has_permission("run", "results_file") ) or auth.has_membership("admin"):
if (auth.can_modify_patient(db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id )
& auth.can_process_file()):
config_id = db.results_file[request.vars["results_file_id"]].config_id
patient_id = db.sequence_file[db.results_file[request.vars["results_file_id"]].sequence_file_id].patient_id
......
......@@ -13,9 +13,9 @@ def index():
row.created = db( db.patient.creator == row.id ).count()
row.access = ''
if auth.has_permission('create', 'patient', 0, row.id): row.access += 'c'
if auth.has_permission('upload', 'sequence_file', 0, row.id): row.access += 'u'
if auth.has_permission('run', 'results_file', 0, row.id): row.access += 'r'
if auth.can_create_patient(user=row.id): row.access += 'c'
if auth.can_upload_file(user=row.id): row.access += 'u'
if auth.can_process_file(user=row.id): row.access += 'r'
q = [g.group_id for g in db(db.auth_membership.user_id==row.id).select()]
q.sort()
......@@ -39,7 +39,7 @@ def info():
return dict(message=T('user info'))
def rights():
if auth.has_membership("admin"):
if auth.is_admin():
id = request.vars["id"]
group_id = auth.user_group(id)
msg = ""
......
from gluon.tools import Auth
class VidjilAuth(Auth):
admin = None
groups = None
permissions = {}
def __init__(self, environment=None, db=None):
super(VidjilAuth, self).__init__(environment, db)
def preload(self):
self.groups = self.get_group_names()
self.admin = 'admin' in self.groups
def get_group_names(self):
'''
Return a list of group names.
It is inspired from the code of Auth::groups
'''
result_groups = []
if self.user is not None:
memberships = self.db(
self.table_membership().user_id == self.user.id).select()
for member in memberships:
groups = self.db(self.table_group().id == member.group_id).select()
if groups and len(groups) > 0:
result_groups.append(groups[0].role)
return result_groups
def get_permission(self, action, object_of_action, id = 0, user = None):
'''
Returns whether the current user has the permission
to perform the action on the object_of_action.
The result is cached to avoid DB calls.
'''
key = action + '/' + object_of_action
is_current_user = user == None
if is_current_user:
user = self.user_id
if not key in self.permissions and is_current_user:
self.permissions[key] = {}
if not is_current_user or not id in self.permissions[key]:
result = self.has_permission(action, object_of_action, id, user)
if not is_current_user:
return result
self.permissions[key][id] = result
return self.permissions[key][id]
def is_admin(self, user = None):
'''Tells if the user is an admin. If the user is None, the current
user is taken into account'''
if self.admin == None:
self.preload()
if user == None:
return self.admin
return self.has_membership(user_id = user, role = 'admin')
def is_in_group(self, group):
'''
Tells if the current user is in the group
'''
if self.groups == None:
self.preload()
return group in self.groups
def can_create_patient(self, user = None):