Gitlab CSE Unil

views.py 14.9 KB
Newer Older
Julien Furrer's avatar
Julien Furrer committed
1
2
3
# coding=utf-8
from __future__ import unicode_literals

Julien Furrer's avatar
Julien Furrer committed
4
5
import json
import os
6
7
from django.contrib.auth.views import redirect_to_login
from django.views.decorators.csrf import csrf_exempt
8
import ldap
9
10
import logging

Julien Furrer's avatar
Julien Furrer committed
11
from django.conf import settings
12
from django.core.exceptions import PermissionDenied
Julien Furrer's avatar
Julien Furrer committed
13
from django.core.urlresolvers import reverse
14
15
from django.core.cache import cache
from django.db.models import Q
Julien Furrer's avatar
Julien Furrer committed
16
17
from django.http.response import HttpResponse, HttpResponseBadRequest, HttpResponseRedirect, Http404, \
    HttpResponseForbidden
18
from django.shortcuts import render, get_object_or_404, resolve_url
Julien Furrer's avatar
Julien Furrer committed
19
from django.contrib.auth.decorators import login_required
20
from django.contrib.auth.models import User
Julien Furrer's avatar
Julien Furrer committed
21
from django.views.decorators.http import require_POST
22
from django.views.decorators.cache import cache_control
23

24
from adim.models import AnObj, AnObjMembership
25
26
27
from adim.permissions import get_permission_class, has_anobj_access, get_ttp_sharing_mode, SHARING_MODE_NONE
from adim_ttp.decorators import attp_login
from adim_utils.decorators import clear_function_cache
28

Julien Furrer's avatar
Julien Furrer committed
29
30
from .forms import UploadImageFileForm
from sendfile import sendfile
Julien Furrer's avatar
Julien Furrer committed
31
32
from .utils import add_image_border, create_image_thumbnail

Julien Furrer's avatar
Julien Furrer committed
33

34
35
36
logger = logging.getLogger(__name__)


Julien Furrer's avatar
Julien Furrer committed
37
38
39
40
41
42
43
44
45
def home(request):
    """
    Home page
    :param request:
    :return:
    """
    context = {}
    if request.user.is_anonymous():
        context['next'] = request.GET.get('next', "")
Julien Furrer's avatar
Julien Furrer committed
46
    return render(request, "adim/home.html", context)
Julien Furrer's avatar
Julien Furrer committed
47
48
49
50


def handle_404(request):
    if request.user.is_authenticated():
51
        return HttpResponseRedirect(reverse("adim_app:annotate-new"))
Julien Furrer's avatar
Julien Furrer committed
52
    else:
53
        return HttpResponseRedirect(reverse('adim_app:home'))
Julien Furrer's avatar
Julien Furrer committed
54
55
56
57
58
59
60
61
62


@login_required()
def essai(request):
    """
    Page d'essais
    :param request:
    :return:
    """
Julien Furrer's avatar
Julien Furrer committed
63
    return render(request, "adim/essai.html", {})
Julien Furrer's avatar
Julien Furrer committed
64
65
66
67
68
69
70
71
72
73
74
75
76
    # return render(request, "adim_app/essai.html", {})


@login_required
def _get_anobj(request, anobj_uuid=None, anobj_id=None):
    """
    Returns an AnObj with the uuid or id passed in parameters if
    the request.user has sufficient permissions for it
    Raise a 404 if it cannot return the AnObj

    :param request:
    :param anobj_uuid:
    :return: AnObj
77
    :raise: PermissionDenied
Julien Furrer's avatar
Julien Furrer committed
78
79
80
81
82
83
84
85
86
    """
    q = {}
    if anobj_uuid is not None:
        q['uuid'] = anobj_uuid
    elif anobj_id is not None:
        q['id'] = anobj_id
    if not q:
        raise Http404()
    anobj = get_object_or_404(AnObj, **q)
87
88
89
90

    if not has_anobj_access(request, anobj):
        raise PermissionDenied()

Julien Furrer's avatar
Julien Furrer committed
91
92
93
94
    return anobj


@login_required
95
@cache_control(public=True, max_age=120)
Julien Furrer's avatar
Julien Furrer committed
96
97
98
99
100
101
102
103
def send_anobj_img(request, anobj_uuid):
    try:
        anobj = _get_anobj(request, anobj_uuid=anobj_uuid)
        return sendfile(request, anobj.image.path)
    except Http404:
        return HttpResponseForbidden('Sorry, you cannot access this file')


104
105
106
107
108
109
110
111
@login_required
def anobj_thumb(request, anobj_uuid):
    if request.method == 'GET':
        return send_anobj_thumb(request, anobj_uuid=anobj_uuid)
    elif request.method == 'POST':
        return upload_anobj_thumb(request, anobj_uuid=anobj_uuid)


Julien Furrer's avatar
Julien Furrer committed
112
@login_required
Julien Furrer's avatar
Julien Furrer committed
113
@cache_control(public=True, max_age=1)
Julien Furrer's avatar
Julien Furrer committed
114
115
116
def send_anobj_thumb(request, anobj_uuid):
    try:
        anobj = _get_anobj(request, anobj_uuid=anobj_uuid)
117
        thumb_name = "{name}__{user}.png".format(name=os.path.splitext(anobj.image.name)[0], user=request.user.id)
Julien Furrer's avatar
Julien Furrer committed
118
119
        thumb_path = os.path.join(
            settings.MEDIA_ROOT,
120
            thumb_name
Julien Furrer's avatar
Julien Furrer committed
121
        )
122
123
124
125
126
127
128
129
        # If there is not yet a thumbnail for the current user
        # return the original one
        if not os.path.isfile(thumb_path):
            thumb_name = "{name}__.png".format(name=os.path.splitext(anobj.image.name)[0])
            thumb_path = os.path.join(
                settings.MEDIA_ROOT,
                thumb_name
            )
Julien Furrer's avatar
Julien Furrer committed
130
131
132
133
134
135
136
        return sendfile(request, thumb_path)
    except Http404:
        return HttpResponseForbidden('Sorry, you cannot access this file')


@login_required
def annotate_new(request):
Julien Furrer's avatar
Julien Furrer committed
137
    return render(request, "adim/annotation_new.html", {})
Julien Furrer's avatar
Julien Furrer committed
138
139


140
# @login_required
Julien Furrer's avatar
Julien Furrer committed
141
142
143
144
145
146
147
def annotate(request, anobj_uuid=None):
    """
    Annotation page
    :param request:
    :param anobj_uuid:
    :return:
    """
148
149
150
    # ----- Some preliminary validations
    if anobj_uuid is None or len(anobj_uuid) < 8:
        raise Http404()
Julien Furrer's avatar
Julien Furrer committed
151

152
153
154
155
    try:
        anobj = AnObj.objects.select_related('owner').get(uuid__startswith=anobj_uuid)
    except AnObj.DoesNotExist:
        raise Http404()
156
157
158
159

    # In case of fragmentary uuid, redirect to the url with full uuid
    if len(anobj_uuid) < 32:
        return HttpResponseRedirect(reverse('adim_app:annotate', kwargs={'anobj_uuid': anobj.uuid}))
160

161
162
163
164
165
166
167
168
169
170
171
172
173
    # ----- Login check. Not using decorator so we can delegate to Trusted Third Party if needed
    permission_class = get_permission_class(anobj.sharing_mode)
    if request.user.is_anonymous():
        if permission_class and permission_class.ttp:
            check_url = settings.ATTP.get(permission_class.ttp_id, {}).get('CHECK_URL')
            return HttpResponseRedirect(check_url.format(uuid=anobj.uuid))
        else:
            return redirect_to_login(resolve_url('adim_app:annotate', anobj_uuid=anobj.uuid))

    # ----- Build context
    context = {
        'membership': False
    }
174
175
176
    # is_owner = request.user == anobj.owner
    # is_owner = request.user in anobj.owners.all()
    is_owner = anobj.is_owned(request.user.id)
177

178
    # ----- Detailed check for permissions
179
    membership = None
180
181
    if is_owner and not (permission_class and permission_class.ttp):
        # User is owner and anobj is not shared via Trusted Third Party
182
183
184
        if anobj.sharing_mode != SHARING_MODE_NONE:
            membership, _ = AnObjMembership.objects.get_or_create(anobj=anobj, user=request.user)
    else:
185
186
        # User is guest or owner and anobj shared via TTP
        if permission_class is None:
187
188
189
190
            # AnObj not shared
            raise Http404()
            # raise PermissionDenied()

191
192
193
        elif not permission_class.has_permission(request, anobj):
            # AnObj shared but user has no permission yet
            if permission_class.has_interactive_registration:
194
                # Interactive registration exists, call it
195
196
                return permission_class.get_interactive_registration_response(request, anobj)
            # No interactive registration for this sharing model, deny access
197
198
199
            raise PermissionDenied()

        else:
200
            # AnObj shared, user authorized and registered
201
202
            pass

203
204
205
206
207
        #  TTP permission may have changed ownership
        if permission_class.ttp:
            clear_function_cache(f='adim.models.annotablesis_owned', args=(anobj, request.user.id))
            is_owner = anobj.is_owned(request.user.id)

208
        membership = AnObjMembership.objects.get(anobj=anobj, user=request.user)
209

210
    # Interactive registration may post credentials, if so redirect to current view with GET method
211
212
213
    if request.method == 'POST':
        return HttpResponseRedirect(reverse('adim_app:annotate', kwargs={'anobj_uuid': anobj_uuid}))

Julien Furrer's avatar
Julien Furrer committed
214
    context.update({
215
        'is_owner': is_owner,
216
        'membership': membership,
Julien Furrer's avatar
Julien Furrer committed
217
218
        'anobj': anobj
    })
219
220

    # Determine if we may display shared annotations
221
    if is_owner:
222
        owner_membership = membership
223
224
    else:
        try:
225
            owner_membership = AnObjMembership.objects.get(anobj=anobj, user=anobj.owner)
226
        except AnObjMembership.DoesNotExist:
227
            owner_membership = None
228

229
230
231
    context.update({'display_shared_annotations':
        (anobj.sharing_mode != SHARING_MODE_NONE) and
        (
232
233
            # (request.user == anobj.owner) or
            anobj.is_owned(request.user.id) or
234
235
            anobj.allow_public_publishing or
            (
236
                owner_membership and owner_membership.publish_mode == 2
237
            )
238
239
        )
    })
Julien Furrer's avatar
Julien Furrer committed
240
    return render(request, "adim/annotation.html", context)
Julien Furrer's avatar
Julien Furrer committed
241
242


243
244
@csrf_exempt
@attp_login
Julien Furrer's avatar
Julien Furrer committed
245
246
247
248
249
250
251
252
253
254
255
256
257
@login_required
def upload_file(request, anobj_uuid=None):
    """
    -- inspired by: https://github.com/miki725/Django-jQuery-File-Uploader-Integration-demo/blob/master/upload/views.py
    :param request:
    :return:
    """
    if request.method != 'POST':
        return HttpResponseBadRequest()

    response_type = "application/json"
    response_data = {}

258
259
    user = request.user  # if request.user.is_authenticated() else moodle_meta.get('user')

Julien Furrer's avatar
Julien Furrer committed
260
261
262
263
264
265
266
267
    form = UploadImageFileForm(request.POST, request.FILES)
    if form.is_valid():
        image_file = request.FILES['image_file']
        file_response = _validate_uploaded_file(image_file)
        response_data.update({
            'error': file_response.get('error'),
            'files': [file_response],
        })
268
        anobj_name = form.cleaned_data['name']
Julien Furrer's avatar
Julien Furrer committed
269
270
271

        # Create AnObj
        if not file_response['error']:
272
273
274
275
276
277
278
279
            anobj = None
            if anobj_uuid:
                try:
                    anobj = _get_anobj(request, anobj_uuid=anobj_uuid)
                except Http404:
                    anobj = None

            if anobj:
Julien Furrer's avatar
Julien Furrer committed
280
                anobj.image = image_file
281
282
                if anobj_name:
                    anobj.name = anobj_name
Julien Furrer's avatar
Julien Furrer committed
283
                anobj.save()
284
            else:
Julien Furrer's avatar
Julien Furrer committed
285
                anobj = AnObj.objects.create(
286
287
                    owner=user,
                    name=anobj_name or os.path.splitext(image_file.name)[0],
Julien Furrer's avatar
Julien Furrer committed
288
289
                    image=image_file
                )
Julien Furrer's avatar
Julien Furrer committed
290

291
292
293
294
295
296
297
298
299
300
            if hasattr(request, 'attp_message'):
                ttp_id = request.attp_message.get('attp_id')
                sharing_mode = get_ttp_sharing_mode(ttp_id=ttp_id)
                if sharing_mode:
                    anobj.sharing_mode = sharing_mode
                    sharing_opts = request.attp_message.get('opts')
                    if sharing_opts:
                        anobj.sharing_opts = sharing_opts
                    anobj.save()

301
            # Create original thumbnail, returned to user who has not yet annotated
Julien Furrer's avatar
Julien Furrer committed
302
            create_image_thumbnail(anobj.image.path)
303
            response_data['next'] = reverse('adim_app:annotate', kwargs={'anobj_uuid': anobj.uuid})
304
            response_data['uuid'] = anobj.uuid
Julien Furrer's avatar
Julien Furrer committed
305
306
307
308
309
310
311

        # Needed when using iFrame transport
        if "text/html" in request.META["HTTP_ACCEPT"]:
            response_type = "text/html"
    else:
        response_data['error'] = "invalid"

312
313
314
    print("#" * 80, "\n", request.META.get('HTTP_ACCEPT', ''), "#" * 80)
    
    if 'application/json' in request.META.get('HTTP_ACCEPT', ''):
Julien Furrer's avatar
Julien Furrer committed
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
        return HttpResponse(json.dumps(response_data), content_type=response_type)
    else:
        return HttpResponseRedirect(response_data['next'])
    

def _validate_uploaded_file(image_file):
    options = {
        # the maximum file size (must be in bytes)
        "maxfilesize": settings.ADIM_UPLOAD_MAX_FILESIZE * 2 ** 20,  # 2 Mb
        # the file types which are going to be allowed for upload
        # must be a mimetype
        "acceptedformats": (
            "image/jpeg",
            "image/jpg",
            "image/png",
        )
    }

    error_id = False
    if image_file.size > options["maxfilesize"]:
        error_id = "maxFileSize"
    # allowed file type
    if image_file.content_type not in options["acceptedformats"]:
        error_id = "acceptFileTypes"

    response_data = {
        "name": image_file.name,
        "size": image_file.size,
        "type": image_file.content_type,
        "error": error_id,
    }

    return response_data


@login_required
@require_POST
352
353
354
355
356
357
358
359
360
def upload_anobj_thumb(request, anobj_uuid=None):
    if anobj_uuid:
        anobj = _get_anobj(request, anobj_uuid=anobj_uuid)
    else:
        try:
            anobj_id = int(request.POST.get('aid'))
            anobj = _get_anobj(request, anobj_id=anobj_id)
        except TypeError:
            return HttpResponseBadRequest()
Julien Furrer's avatar
Julien Furrer committed
361

362
363
    thumb_name = "{name}__{user}.png".format(name=os.path.splitext(anobj.image.name)[0], user=request.user.id)
    # thumb_name = "{name}__.png".format(name=os.path.splitext(anobj.image.name)[0])
Julien Furrer's avatar
Julien Furrer committed
364
    thumb_path = os.path.join(settings.MEDIA_ROOT, thumb_name)
365

Julien Furrer's avatar
Julien Furrer committed
366
    # thumb_url = reverse('adim.app:ao_thumb', kwargs={'anobj_uuid': anobj.uuid})
Julien Furrer's avatar
Julien Furrer committed
367
368
369
370
371
372
373
374
375
376

    thumb_file = request.FILES['file']
    response_data = _validate_uploaded_file(thumb_file)
    if response_data['error']:
        return HttpResponseBadRequest()

    with open(thumb_path, 'wb+') as destination:
        for chunk in thumb_file.chunks():
            destination.write(chunk)

Julien Furrer's avatar
Julien Furrer committed
377
378
    add_image_border(thumb_path, save=True)
    return HttpResponse()
Julien Furrer's avatar
Julien Furrer committed
379
380
381
382
383
384
385


def _handle_uploaded_file(image_file, destination):
    destination_path = os.path.join(settings.MEDIA_ROOT, destination, image_file.name)
    with open(destination_path, 'wb+') as destination:
        for chunk in image_file.chunks():
            destination.write(chunk)
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405


@login_required
def suggest_users(request):
    """
    Return a list of usernames that match a query passed in as a query string
    This is the end point for the Bloodhound suggestion engine used for user suggestion
    while adding users to a shared AnObj
    :param request:
    :return:
    """
    query_str = request.GET.get('q', "")
    # tokens = filter(bool, re.compile("\W+").split(query_str))  ## Use this for nonword limit instead of whitespace
    tokens = query_str.split()
    matching_users = []
    usernames = []

    if not tokens:
        return HttpResponse(content=json.dumps(matching_users), content_type="application/json")

Julien Furrer's avatar
Julien Furrer committed
406
    # -- Search for local users
407
408
409
410
411
412
413
414
    q = Q()
    for token in tokens:
        q = q & Q(username__icontains=token)

    for user in User.objects.filter(q):
        matching_users.append({'username': user.username, 'id': user.id})
        usernames.append(user.username)

Julien Furrer's avatar
Julien Furrer committed
415
    # -- Search for ldap users
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
    if len(matching_users) < settings.ADIM_SUGGESTION['LIMIT']:
        cache_key = "ldapusers_" + "_".join(tokens)
        ldap_users = cache.get(cache_key)

        if ldap_users is None:
            filter_str = "(mail=*{}*)".format("*".join(tokens))
            print "\n{h} HIT LDAP: {q} {h}\n".format(h="#" * 30, q=filter_str)

            ldap_object = ldap.initialize(settings.ADIM_SUGGESTION['LDAP']['URL'])
            try:
                results = ldap_object.search_st(
                    base=settings.ADIM_SUGGESTION['LDAP']['BASE'],
                    scope=ldap.SCOPE_SUBTREE,
                    filterstr=filter_str,
                    attrlist=(str("mail"),),
                    timeout=settings.ADIM_SUGGESTION['LDAP']['TIMEOUT']
                )
            except ldap.TIMEOUT:
                results = []
            ldap_users = map(lambda r: r[1].get('mail', [""])[0], results)

            # ldap_users = [
            #     "Julien.Furrer@unil.ch",
            #     "Julien.Furrer.1@unil.ch",
            #     "Julien.Furrer.2@unil.ch",
            # ]

            cache.set(cache_key, ldap_users, 3600 * 24)

        matching_users += [
            {'username': user}
            for user in ldap_users if user not in usernames
        ]

    return HttpResponse(content=json.dumps(matching_users), content_type="application/json")