1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
import random
import string
from flask import (Flask, g, render_template, url_for, request, make_response,
redirect, flash)
from wqflask import app
from wqflask.user_login import send_verification_email, send_invitation_email, basic_info, set_password
from utility.redis_tools import get_user_groups, get_group_info, save_user, create_group, delete_group, add_users_to_group, remove_users_from_group, \
change_group_name, save_verification_code, check_verification_code, get_user_by_unique_column, get_resources, get_resource_info
from utility.logger import getLogger
logger = getLogger(__name__)
@app.route("/groups/manage", methods=('GET', 'POST'))
def manage_groups():
params = request.form if request.form else request.args
if "add_new_group" in params:
return redirect(url_for('add_group'))
else:
admin_groups, member_groups = get_user_groups(g.user_session.user_id)
return render_template("admin/group_manager.html", admin_groups=admin_groups, member_groups=member_groups)
@app.route("/groups/view", methods=('GET', 'POST'))
def view_group():
params = request.form if request.form else request.args
group_id = params['id']
group_info = get_group_info(group_id)
admins_info = []
user_is_admin = False
if g.user_session.user_id in group_info['admins']:
user_is_admin = True
for user_id in group_info['admins']:
if user_id:
user_info = get_user_by_unique_column("user_id", user_id)
admins_info.append(user_info)
members_info = []
for user_id in group_info['members']:
if user_id:
user_info = get_user_by_unique_column("user_id", user_id)
members_info.append(user_info)
# ZS: This whole part might not scale well with many resources
resources_info = []
all_resources = get_resources()
for resource_id in all_resources:
resource_info = get_resource_info(resource_id)
group_masks = resource_info['group_masks']
if group_id in group_masks:
this_resource = {}
privileges = group_masks[group_id]
this_resource['id'] = resource_id
this_resource['name'] = resource_info['name']
this_resource['data'] = privileges['data']
this_resource['metadata'] = privileges['metadata']
this_resource['admin'] = privileges['admin']
resources_info.append(this_resource)
return render_template("admin/view_group.html", group_info=group_info, admins=admins_info, members=members_info, user_is_admin=user_is_admin, resources=resources_info)
@app.route("/groups/remove", methods=('POST',))
def remove_groups():
group_ids_to_remove = request.form['selected_group_ids']
for group_id in group_ids_to_remove.split(":"):
delete_group(g.user_session.user_id, group_id)
return redirect(url_for('manage_groups'))
@app.route("/groups/remove_users", methods=('POST',))
def remove_users():
group_id = request.form['group_id']
admin_ids_to_remove = request.form['selected_admin_ids']
member_ids_to_remove = request.form['selected_member_ids']
remove_users_from_group(g.user_session.user_id, admin_ids_to_remove.split(
":"), group_id, user_type="admins")
remove_users_from_group(g.user_session.user_id, member_ids_to_remove.split(
":"), group_id, user_type="members")
return redirect(url_for('view_group', id=group_id))
@app.route("/groups/add_<path:user_type>", methods=('POST',))
def add_users(user_type='members'):
group_id = request.form['group_id']
if user_type == "admins":
user_emails = request.form['admin_emails_to_add'].split(",")
add_users_to_group(g.user_session.user_id, group_id,
user_emails, admins=True)
elif user_type == "members":
user_emails = request.form['member_emails_to_add'].split(",")
add_users_to_group(g.user_session.user_id, group_id,
user_emails, admins=False)
return redirect(url_for('view_group', id=group_id))
@app.route("/groups/change_name", methods=('POST',))
def change_name():
group_id = request.form['group_id']
new_name = request.form['new_name']
group_info = change_group_name(g.user_session.user_id, group_id, new_name)
return new_name
@app.route("/groups/create", methods=('GET', 'POST'))
def add_or_edit_group():
params = request.form if request.form else request.args
if "group_name" in params:
member_user_ids = set()
admin_user_ids = set()
# ZS: Always add the user creating the group as an admin
admin_user_ids.add(g.user_session.user_id)
if "admin_emails_to_add" in params:
admin_emails = params['admin_emails_to_add'].split(",")
for email in admin_emails:
user_details = get_user_by_unique_column("email_address", email)
if user_details:
admin_user_ids.add(user_details['user_id'])
#send_group_invites(params['group_id'], user_email_list = admin_emails, user_type="admins")
if "member_emails_to_add" in params:
member_emails = params['member_emails_to_add'].split(",")
for email in member_emails:
user_details = get_user_by_unique_column("email_address", email)
if user_details:
member_user_ids.add(user_details['user_id'])
#send_group_invites(params['group_id'], user_email_list = user_emails, user_type="members")
create_group(list(admin_user_ids), list(
member_user_ids), params['group_name'])
return redirect(url_for('manage_groups'))
else:
return render_template("admin/create_group.html")
# ZS: Will integrate this later, for now just letting users be added directly
def send_group_invites(group_id, user_email_list=[], user_type="members"):
for user_email in user_email_list:
user_details = get_user_by_unique_column("email_address", user_email)
if user_details:
group_info = get_group_info(group_id)
# ZS: Probably not necessary since the group should normally always exist if group_id is being passed here,
# but it's technically possible to hit it if Redis is cleared out before submitting the new users or something
if group_info:
# ZS: Don't add user if they're already an admin or if they're being added a regular user and are already a regular user,
# but do add them if they're a regular user and are added as an admin
if (user_details['user_id'] in group_info['admins']) or \
((user_type == "members") and (user_details['user_id'] in group_info['members'])):
continue
else:
send_verification_email(user_details, template_name="email/group_verification.txt",
key_prefix="verification_code", subject = "You've been invited to join a GeneNetwork user group")
else:
temp_password = ''.join(random.choice(
string.ascii_uppercase + string.digits) for _ in range(6))
user_details = {
'user_id': str(uuid.uuid4()),
'email_address': user_email,
'registration_info': basic_info(),
'password': set_password(temp_password),
'confirmed': 0
}
save_user(user_details, user_details['user_id'])
send_invitation_email(user_email, temp_password)
# @app.route()
|
