awx/lib/main/views.py

from django.http import HttpResponse
from django.views.decorators.csrf import csrf_exempt
from lib.main.models import *
from django.contrib.auth.models import User
from lib.main.serializers import *
from lib.main.rbac import *
from django.core.exceptions import PermissionDenied
from rest_framework import mixins
from rest_framework import generics
from rest_framework import permissions
from rest_framework.response import Response
from rest_framework import status
import exceptions
import datetime
from base_views import BaseList, BaseDetail

class OrganizationsList(BaseList):

    model = Organization
    serializer_class = OrganizationSerializer
    permission_classes = (CustomRbac,)

    # I can see the organizations if:
    #   I am a superuser
    #   I am an admin of the organization 
    #   I am a member of the organization
   
    def _get_queryset(self):
        if self.request.user.is_superuser:
            return Organization.objects.all()
        return Organization.objects.filter(
            admins__in = [ self.request.user ]
        ).distinct() | Organization.objects.filter(
            users__in = [ self.request.user ]
        ).distinct()

class OrganizationsDetail(BaseDetail):

    model = Organization
    serializer_class = OrganizationSerializer
    permission_classes = (CustomRbac,)

    def item_permissions_check(self, request, obj):

        is_admin = request.user in obj.admins.all() 
        is_user  = request.user in obj.users.all()
        
        if request.method == 'GET':
            return is_admin or is_user
        elif request.method in [ 'PUT' ]:
            return is_admin
        return False

    def delete_permissions_check(self, request, obj):
        
        return request.user in obj.admins.all() 

class OrganizationsAuditTrailList(BaseList):

    model = AuditTrail
    serializer_class = AuditTrailSerializer
    permission_classes = (CustomRbac,)

    # FIXME: guts & tests
    pass

class OrganizationsUsersList(BaseList):
    
    model = User
    serializer_class = UserSerializer
    permission_classes = (CustomRbac,)

    # I can see the users in the organization if:
    #    I am a super user
    #    I am an admin of the organization

    def _get_queryset(self):
        # FIXME:
        base = User.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ])
        if self.request.user.is_superuser:
            return base.all()
        return base.objects.filter(
            organizations__organization__admins__in = [ self.request.user ]
        ).distinct() 


class OrganizationsAdminsList(BaseList):
    
    model = User
    serializer_class = UserSerializer
    permission_classes = (CustomRbac,)

    # I can see the admins in the organization if:
    #    I am a super user
    #    I am an admin of the organization
    
    def _get_queryset(self):

        # FIXME
        base = User.objects.all(admin_of_organizations__pk__in = [ self.kwargs.get('pk') ])

        if self.request.user.is_superuser:
            return base.all()
        return base.filter(
            organizations__organization__admins__in = [ self.request.user ]
        ).distinct() 


class OrganizationsProjectsList(BaseList):
    
    model = Project
    serializer_class = ProjectSerializer
    permission_classes = (CustomRbac,)
    
    # I can see the projects from the organization if:
    #    I'm the superuser
    #    I am a an administrator of the organization
    #    I am a member of a team on the project

    def _get_queryset(self):
        base = Project.objects.filter(organizations__in = [ self.kwargs.get('pk') ])
        if self.request.user.is_superuser:
            return base.all()
        return base.filter(
            organizations__admins__in = [ self.request.user ]
        ).distinct() | base.filter(
            teams__users__in = [ self.request.user ]
        ).distinct()

    # BOOKMARK
    def post(self, request, *args, **kwargs):

        # POST { pk: 7, disassociate: True }

        organization_id = kwargs['pk']
        project_id = request.DATA.get('id')
        organization = Organization.objects.get(pk=organization_id)
        projects = Project.objects.filter(pk=project_id)
        if len(projects) != 1:
            return Response(status=status.HTTP_400_BAD_REQUEST)
        project = projects[0]

        # you can only add a project to an organization if you are a superuser or
        # the person who created the project.  TODO -- want to defer this question
        # to the model. (FIXME)

        if not 'disassociate' in request.DATA:
            # admin of another org can't add a project to their org
            if not request.user.is_superuser or project.created_by == request.user:
                raise PermissionDenied()
            if project in organization.projects.all():
                return Response(status=status.HTTP_409_CONFLICT)
            organization.projects.add(project)
        else:
            # to disassociate, be the org admin or a superuser
            # FIXME: sprinkle these throughout the object layer & simplify
            if not request.user.is_superuser and not project.can_user_administrate(request.user):
                raise PermissionDenied()
            organization.projects.remove(project)
            # multiple attempts to delete the same thing aren't an error, we're cool
        return Response(status=status.HTTP_204_NO_CONTENT)


class OrganizationsTagsList(BaseList):
    # FIXME: guts & tests
    pass

class ProjectsDetail(BaseDetail):

    model = Project
    serializer_class = ProjectSerializer
    permission_classes = (CustomRbac,)

    def item_permissions_check(self, request, obj):

        # to get, must be in a team assigned to this project
        # or be an org admin of an org this project is in

        raise exceptions.NotImplementedError()

        #is_admin = request.user in obj.admins.all()
        #is_user  = request.user in obj.users.all()
        #
        #if request.method == 'GET':
        #    return is_admin or is_user
        #elif request.method in [ 'PUT' ]:
        #    return is_admin
        #return False

    def delete_permissions_check(self, request, obj):
        # FIXME: logic TBD
        raise exceptions.NotImplementedError()
        #return request.user in obj.admins.all()
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`from django.http import HttpResponse`
			`from django.views.decorators.csrf import csrf_exempt`
			`from lib.main.models import *`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`from django.contrib.auth.models import User`
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`from lib.main.serializers import *`
Move RBAC code to seperate file. 2013-03-21 08:34:59 +04:00			`from lib.main.rbac import *`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`from django.core.exceptions import PermissionDenied`
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`from rest_framework import mixins`
			`from rest_framework import generics`
			`from rest_framework import permissions`
Handle post to corrections by overriding post to not save the object. Work in progress. 2013-03-22 17:50:42 +04:00			`from rest_framework.response import Response`
			`from rest_framework import status`
Streamlining RBAC layer code, adding tests for PUT operations. 2013-03-21 18:25:49 +04:00			`import exceptions`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`import datetime`
Move base view code to seperate file, start of generalizing 2013-03-22 23:22:30 +04:00			`from base_views import BaseList, BaseDetail`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00
			`class OrganizationsList(BaseList):`
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00
			`model = Organization`
			`serializer_class = OrganizationSerializer`
			`permission_classes = (CustomRbac,)`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`# I can see the organizations if:`
			`# I am a superuser`
			`# I am an admin of the organization`
			`# I am a member of the organization`
Basic API RBAC filtering operational! 2013-03-21 07:14:09 +04:00
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`def _get_queryset(self):`
Basic API RBAC filtering operational! 2013-03-21 07:14:09 +04:00			`if self.request.user.is_superuser:`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`return Organization.objects.all()`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`return Organization.objects.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`admins__in = [ self.request.user ]`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`).distinct() \| Organization.objects.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`users__in = [ self.request.user ]`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`).distinct()`

			`class OrganizationsDetail(BaseDetail):`
Streamlining RBAC layer code, adding tests for PUT operations. 2013-03-21 18:25:49 +04:00
Switch over to django-rest-framework from tastypie. Less black magic, seems to just work :) 2013-03-20 06:26:35 +04:00			`model = Organization`
			`serializer_class = OrganizationSerializer`
			`permission_classes = (CustomRbac,)`

Deletes are operational plus access control hooks for deletes. 2013-03-21 19:06:47 +04:00			`def item_permissions_check(self, request, obj):`
Starting to defer some business logic to the model classes and out of the views. 2013-03-22 23:36:59 +04:00
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`is_admin = request.user in obj.admins.all()`
			`is_user = request.user in obj.users.all()`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00
Deletes are operational plus access control hooks for deletes. 2013-03-21 19:06:47 +04:00			`if request.method == 'GET':`
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`return is_admin or is_user`
			`elif request.method in [ 'PUT' ]:`
			`return is_admin`
			`return False`
PUT is operational. 2013-03-21 18:44:01 +04:00
Deleted objects are not really deleted but now appear to be via REST. 2013-03-21 22:20:59 +04:00			`def delete_permissions_check(self, request, obj):`
Starting to defer some business logic to the model classes and out of the views. 2013-03-22 23:36:59 +04:00
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`return request.user in obj.admins.all()`
PUT is operational. 2013-03-21 18:44:01 +04:00
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00			`class OrganizationsAuditTrailList(BaseList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`model = AuditTrail`
			`serializer_class = AuditTrailSerializer`
			`permission_classes = (CustomRbac,)`

			`# FIXME: guts & tests`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00			`pass`

			`class OrganizationsUsersList(BaseList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`model = User`
			`serializer_class = UserSerializer`
			`permission_classes = (CustomRbac,)`

			`# I can see the users in the organization if:`
			`# I am a super user`
			`# I am an admin of the organization`

			`def _get_queryset(self):`
			`# FIXME:`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`base = User.objects.all(organizations__pk__in = [ self.kwargs.get('pk') ])`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`if self.request.user.is_superuser:`
			`return base.all()`
			`return base.objects.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`organizations__organization__admins__in = [ self.request.user ]`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`).distinct()`

Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
			`class OrganizationsAdminsList(BaseList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`model = User`
			`serializer_class = UserSerializer`
			`permission_classes = (CustomRbac,)`

			`# I can see the admins in the organization if:`
			`# I am a super user`
			`# I am an admin of the organization`

			`def _get_queryset(self):`

			`# FIXME`
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`base = User.objects.all(admin_of_organizations__pk__in = [ self.kwargs.get('pk') ])`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`if self.request.user.is_superuser:`
			`return base.all()`
			`return base.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`organizations__organization__admins__in = [ self.request.user ]`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`).distinct()`

Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
			`class OrganizationsProjectsList(BaseList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`model = Project`
			`serializer_class = ProjectSerializer`
			`permission_classes = (CustomRbac,)`

Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`# I can see the projects from the organization if:`
			`# I'm the superuser`
			`# I am a an administrator of the organization`
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`# I am a member of a team on the project`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00
			`def _get_queryset(self):`
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`base = Project.objects.filter(organizations__in = [ self.kwargs.get('pk') ])`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`if self.request.user.is_superuser:`
			`return base.all()`
			`return base.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`organizations__admins__in = [ self.request.user ]`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`).distinct() \| base.filter(`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`teams__users__in = [ self.request.user ]`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`).distinct()`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00
Example of how to disassociate an object from a collection, to be generalized later! 2013-03-22 22:48:18 +04:00			`# BOOKMARK`
Handle post to corrections by overriding post to not save the object. Work in progress. 2013-03-22 17:50:42 +04:00			`def post(self, request, args, *kwargs):`

Minor test/view fixes. 2013-03-22 19:22:04 +04:00			`# POST { pk: 7, disassociate: True }`

Merge conflict 2013-03-22 21:49:26 +04:00			`organization_id = kwargs['pk']`
			`project_id = request.DATA.get('id')`
Test code for posting an object to a subcollection, and accompanying view code. (In this case organizations/n/projects) To be generalized later. 2013-03-22 22:23:50 +04:00			`organization = Organization.objects.get(pk=organization_id)`
			`projects = Project.objects.filter(pk=project_id)`
			`if len(projects) != 1:`
			`return Response(status=status.HTTP_400_BAD_REQUEST)`
			`project = projects[0]`
Merge conflict 2013-03-22 21:49:26 +04:00
			`# you can only add a project to an organization if you are a superuser or`
Test code for posting an object to a subcollection, and accompanying view code. (In this case organizations/n/projects) To be generalized later. 2013-03-22 22:23:50 +04:00			`# the person who created the project. TODO -- want to defer this question`
			`# to the model. (FIXME)`
Merge conflict 2013-03-22 21:49:26 +04:00
Example of how to disassociate an object from a collection, to be generalized later! 2013-03-22 22:48:18 +04:00			`if not 'disassociate' in request.DATA:`
			`# admin of another org can't add a project to their org`
			`if not request.user.is_superuser or project.created_by == request.user:`
			`raise PermissionDenied()`
			`if project in organization.projects.all():`
			`return Response(status=status.HTTP_409_CONFLICT)`
			`organization.projects.add(project)`
			`else:`
			`# to disassociate, be the org admin or a superuser`
			`# FIXME: sprinkle these throughout the object layer & simplify`
			`if not request.user.is_superuser and not project.can_user_administrate(request.user):`
			`raise PermissionDenied()`
			`organization.projects.remove(project)`
			`# multiple attempts to delete the same thing aren't an error, we're cool`
			`return Response(status=status.HTTP_204_NO_CONTENT)`
Merge conflict 2013-03-22 21:49:26 +04:00
Handle post to corrections by overriding post to not save the object. Work in progress. 2013-03-22 17:50:42 +04:00



Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00			`class OrganizationsTagsList(BaseList):`
Various stub view logic (tests pending) for subresources under the organization. 2013-03-21 23:43:35 +04:00			`# FIXME: guts & tests`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00			`pass`

Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`class ProjectsDetail(BaseDetail):`

			`model = Project`
			`serializer_class = ProjectSerializer`
			`permission_classes = (CustomRbac,)`

			`def item_permissions_check(self, request, obj):`

			`# to get, must be in a team assigned to this project`
			`# or be an org admin of an org this project is in`

			`raise exceptions.NotImplementedError()`

Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`#is_admin = request.user in obj.admins.all()`
			`#is_user = request.user in obj.users.all()`
Implementation and testing of the organizations projects subresource. 2013-03-22 01:38:53 +04:00			`#`
			`#if request.method == 'GET':`
			`# return is_admin or is_user`
			`#elif request.method in [ 'PUT' ]:`
			`# return is_admin`
			`#return False`

			`def delete_permissions_check(self, request, obj):`
			`# FIXME: logic TBD`
			`raise exceptions.NotImplementedError()`
Simplify user model by just using the Django user object. 2013-03-22 19:35:26 +04:00			`#return request.user in obj.admins.all()`
Add support for related resources, and all present related resources on the organization object. Implementation of sub services still on deck. 2013-03-21 23:11:47 +04:00