|
1 from logilab.common.decorators import cached |
|
2 |
|
3 from cubicweb import Unauthorized |
|
4 from cubicweb.entities import AnyEntity, fetch_config |
|
5 |
|
6 class EGroup(AnyEntity): |
|
7 id = 'EGroup' |
|
8 fetch_attrs, fetch_order = fetch_config(['name']) |
|
9 __rtags__ = dict(in_group='create') |
|
10 |
|
11 def db_key_name(self): |
|
12 """XXX goa specific""" |
|
13 return self.get('name') |
|
14 |
|
15 |
|
16 class EUser(AnyEntity): |
|
17 id = 'EUser' |
|
18 fetch_attrs, fetch_order = fetch_config(['login', 'firstname', 'surname']) |
|
19 |
|
20 __rtags__ = { 'firstname' : 'secondary', |
|
21 'surname' : 'secondary', |
|
22 'last_login_time' : 'generated', |
|
23 'todo_by' : 'create', |
|
24 'use_email' : 'inlineview', # 'primary', |
|
25 'in_state' : 'primary', |
|
26 'in_group' : 'primary', |
|
27 ('owned_by', '*', 'object') : ('generated', 'link'), |
|
28 ('created_by','*','object') : ('generated', 'link'), |
|
29 } |
|
30 |
|
31 # used by repository to check if the user can log in or not |
|
32 AUTHENTICABLE_STATES = ('activated',) |
|
33 |
|
34 # low level utilities ##################################################### |
|
35 def __init__(self, *args, **kwargs): |
|
36 groups = kwargs.pop('groups', None) |
|
37 properties = kwargs.pop('properties', None) |
|
38 super(EUser, self).__init__(*args, **kwargs) |
|
39 if groups is not None: |
|
40 self._groups = groups |
|
41 if properties is not None: |
|
42 self._properties = properties |
|
43 |
|
44 @property |
|
45 def groups(self): |
|
46 try: |
|
47 return self._groups |
|
48 except AttributeError: |
|
49 self._groups = set(g.name for g in self.in_group) |
|
50 return self._groups |
|
51 |
|
52 @property |
|
53 def properties(self): |
|
54 try: |
|
55 return self._properties |
|
56 except AttributeError: |
|
57 self._properties = dict((p.pkey, p.value) for p in self.reverse_for_user) |
|
58 return self._properties |
|
59 |
|
60 def property_value(self, key): |
|
61 try: |
|
62 # properties stored on the user aren't correctly typed |
|
63 # (e.g. all values are unicode string) |
|
64 return self.vreg.typed_value(key, self.properties[key]) |
|
65 except KeyError: |
|
66 pass |
|
67 except ValueError: |
|
68 self.warning('incorrect value for eproperty %s of user %s', key, self.login) |
|
69 return self.vreg.property_value(key) |
|
70 |
|
71 def matching_groups(self, groups): |
|
72 """return the number of the given group(s) in which the user is |
|
73 |
|
74 :type groups: str or iterable(str) |
|
75 :param groups: a group name or an iterable on group names |
|
76 """ |
|
77 if isinstance(groups, basestring): |
|
78 groups = frozenset((groups,)) |
|
79 elif isinstance(groups, (tuple, list)): |
|
80 groups = frozenset(groups) |
|
81 return len(groups & self.groups) |
|
82 |
|
83 def is_in_group(self, group): |
|
84 """convience / shortcut method to test if the user belongs to `group` |
|
85 """ |
|
86 return self.matching_groups(group) == 1 |
|
87 |
|
88 def owns(self, eid): |
|
89 if hasattr(self.req, 'unsafe_execute'): |
|
90 # use unsafe_execute on the repository side, in case |
|
91 # session's user doesn't have access to EUser |
|
92 execute = self.req.unsafe_execute |
|
93 else: |
|
94 execute = self.req.execute |
|
95 try: |
|
96 return execute('Any X WHERE X eid %(x)s, X owned_by U, U eid %(u)s', |
|
97 {'x': eid, 'u': self.eid}, 'x') |
|
98 except Unauthorized: |
|
99 return False |
|
100 owns = cached(owns, keyarg=1) |
|
101 |
|
102 def has_permission(self, pname, contexteid=None): |
|
103 rql = 'Any P WHERE P is EPermission, U eid %(u)s, U in_group G, '\ |
|
104 'P name %(pname)s, P require_group G' |
|
105 kwargs = {'pname': pname, 'u': self.eid} |
|
106 cachekey = None |
|
107 if contexteid is not None: |
|
108 rql += ', X require_permission P, X eid %(x)s' |
|
109 kwargs['x'] = contexteid |
|
110 cachekey = 'x' |
|
111 try: |
|
112 return self.req.execute(rql, kwargs, cachekey) |
|
113 except Unauthorized: |
|
114 return False |
|
115 |
|
116 # presentation utilities ################################################## |
|
117 |
|
118 def name(self): |
|
119 """construct a name using firstname / surname or login if not defined""" |
|
120 |
|
121 if self.firstname and self.surname: |
|
122 return self.req._('%(firstname)s %(surname)s') % { |
|
123 'firstname': self.firstname, 'surname' : self.surname} |
|
124 if self.firstname: |
|
125 return self.firstname |
|
126 return self.login |
|
127 |
|
128 def dc_title(self): |
|
129 return self.login |
|
130 |
|
131 dc_long_title = name |
|
132 |
|
133 def db_key_name(self): |
|
134 """XXX goa specific""" |
|
135 return self.get('login') |
|
136 |
|
137 from logilab.common.deprecation import class_renamed |
|
138 Euser = class_renamed('Euser', EUser) |
|
139 Euser.id = 'Euser' |