projects.py 22.4 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
# Copyright 2013 GRNET S.A. All rights reserved.
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
#   1. Redistributions of source code must retain the above
#      copyright notice, this list of conditions and the following
#      disclaimer.
#
#   2. Redistributions in binary form must reproduce the above
#      copyright notice, this list of conditions and the following
#      disclaimer in the documentation and/or other materials
#      provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.

34
import re
35 36 37 38
from django.utils import simplejson as json
from django.views.decorators.csrf import csrf_exempt
from django.http import HttpResponse
from django.db.models import Q
39
from django.db import transaction
40 41 42 43 44 45 46 47 48 49

from astakos.api.util import json_response

from snf_django.lib import api
from snf_django.lib.api import faults
from .util import user_from_token, invert_dict, read_json_body

from astakos.im import functions
from astakos.im.models import (
    AstakosUser, Project, ProjectApplication, ProjectMembership,
50 51
    ProjectResourceQuota, ProjectResourceGrant, ProjectLog,
    ProjectMembershipLog)
52
import synnefo.util.date as date_util
53
from synnefo.util import units
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73


MEMBERSHIP_POLICY_SHOW = {
    functions.AUTO_ACCEPT_POLICY: "auto",
    functions.MODERATED_POLICY:   "moderated",
    functions.CLOSED_POLICY:      "closed",
}

MEMBERSHIP_POLICY = invert_dict(MEMBERSHIP_POLICY_SHOW)

APPLICATION_STATE_SHOW = {
    ProjectApplication.PENDING:   "pending",
    ProjectApplication.APPROVED:  "approved",
    ProjectApplication.REPLACED:  "replaced",
    ProjectApplication.DENIED:    "denied",
    ProjectApplication.DISMISSED: "dismissed",
    ProjectApplication.CANCELLED: "cancelled",
}

PROJECT_STATE_SHOW = {
74 75 76 77 78
    Project.UNINITIALIZED: "uninitialized",
    Project.NORMAL:        "active",
    Project.SUSPENDED:     "suspended",
    Project.TERMINATED:    "terminated",
    Project.DELETED:       "deleted",
79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
}

PROJECT_STATE = invert_dict(PROJECT_STATE_SHOW)

MEMBERSHIP_STATE_SHOW = {
    ProjectMembership.REQUESTED:       "requested",
    ProjectMembership.ACCEPTED:        "accepted",
    ProjectMembership.LEAVE_REQUESTED: "leave_requested",
    ProjectMembership.USER_SUSPENDED:  "suspended",
    ProjectMembership.REJECTED:        "rejected",
    ProjectMembership.CANCELLED:       "cancelled",
    ProjectMembership.REMOVED:         "removed",
}


94
def _grant_details(grants):
95 96
    resources = {}
    for grant in grants:
97 98
        if not grant.resource.api_visible:
            continue
99 100 101 102
        resources[grant.resource.name] = {
            "member_capacity": grant.member_capacity,
            "project_capacity": grant.project_capacity,
        }
103
    return resources
104

105 106 107 108 109 110

def _application_details(application, all_grants):
    grants = all_grants.get(application.id, [])
    resources = _grant_details(grants)
    join_policy = MEMBERSHIP_POLICY_SHOW.get(application.member_join_policy)
    leave_policy = MEMBERSHIP_POLICY_SHOW.get(application.member_leave_policy)
111 112

    d = {
113 114
        "id": application.id,
        "state": APPLICATION_STATE_SHOW[application.state],
115
        "name": application.name,
116
        "owner": application.owner.uuid if application.owner else None,
117 118 119 120 121
        "applicant": application.applicant.uuid,
        "homepage": application.homepage,
        "description": application.description,
        "start_date": application.start_date,
        "end_date": application.end_date,
122
        "comments": application.comments,
123 124 125
        "join_policy": join_policy,
        "leave_policy": leave_policy,
        "max_members": application.limit_on_members_number,
126
        "private": application.private,
127 128 129 130 131 132
        "resources": resources,
    }
    return d


def get_projects_details(projects, request_user=None):
133 134 135
    applications = [p.last_application for p in projects if p.last_application]
    proj_quotas = ProjectResourceQuota.objects.quotas_per_project(projects)
    app_grants = ProjectResourceGrant.objects.grants_per_app(applications)
136 137 138 139
    deactivations = ProjectLog.objects.last_deactivations(projects)

    l = []
    for project in projects:
140 141 142 143 144
        join_policy = MEMBERSHIP_POLICY_SHOW[project.member_join_policy]
        leave_policy = MEMBERSHIP_POLICY_SHOW[project.member_leave_policy]
        quotas = proj_quotas.get(project.id, [])
        resources = _grant_details(quotas)

145
        d = {
146
            "id": project.uuid,
147
            "state": PROJECT_STATE_SHOW[project.state],
148
            "creation_date": project.creation_date,
149 150 151 152 153 154 155 156 157 158 159 160 161
            "name": project.realname,
            "owner": project.owner.uuid if project.owner else None,
            "homepage": project.homepage,
            "description": project.description,
            "end_date": project.end_date,
            "join_policy": join_policy,
            "leave_policy": leave_policy,
            "max_members": project.limit_on_members_number,
            "private": project.private,
            "base_project": project.is_base,
            "resources": resources,
            }

162 163 164
        check = functions.project_check_allowed
        if check(project, request_user,
                 level=functions.APPLICANT_LEVEL, silent=True):
165 166 167 168
            application = project.last_application
            if application:
                d["last_application"] = _application_details(
                    application, app_grants)
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194
            deact = deactivations.get(project.id)
            if deact is not None:
                d["deactivation_date"] = deact.date
        l.append(d)
    return l


def get_project_details(project, request_user=None):
    return get_projects_details([project], request_user=request_user)[0]


def get_memberships_details(memberships, request_user):
    all_logs = ProjectMembershipLog.objects.last_logs(memberships)

    l = []
    for membership in memberships:
        logs = all_logs.get(membership.id, {})
        dates = {}
        for s, log in logs.iteritems():
            dates[MEMBERSHIP_STATE_SHOW[s]] = log.date

        allowed_actions = functions.membership_allowed_actions(
            membership, request_user)
        d = {
            "id": membership.id,
            "user": membership.person.uuid,
195
            "project": membership.project.uuid,
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
            "state": MEMBERSHIP_STATE_SHOW[membership.state],
            "allowed_actions": allowed_actions,
        }
        d.update(dates)
        l.append(d)
    return l


def get_membership_details(membership, request_user):
    return get_memberships_details([membership], request_user)[0]


def _query(attr):
    def inner(val):
        kw = attr + "__in" if isinstance(val, list) else attr
        return Q(**{kw: val})
    return inner


def _get_project_state(val):
    try:
        return PROJECT_STATE[val]
    except KeyError:
        raise faults.BadRequest("Unrecognized state %s" % val)


def _project_state_query(val):
    if isinstance(val, list):
        states = [_get_project_state(v) for v in val]
225 226
        return Q(state__in=states)
    return Q(state=_get_project_state(val))
227 228 229


PROJECT_QUERY = {
230 231
    "name": _query("realname"),
    "owner": _query("owner__uuid"),
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273
    "state": _project_state_query,
}


def make_project_query(filters):
    qs = Q()
    for attr, val in filters.iteritems():
        try:
            _q = PROJECT_QUERY[attr]
        except KeyError:
            raise faults.BadRequest("Unrecognized filter %s" % attr)
        qs &= _q(val)
    return qs


class ExceptionHandler(object):
    def __enter__(self):
        pass

    EXCS = {
        functions.ProjectNotFound:   faults.ItemNotFound,
        functions.ProjectForbidden:  faults.Forbidden,
        functions.ProjectBadRequest: faults.BadRequest,
        functions.ProjectConflict:   faults.Conflict,
    }

    def __exit__(self, exc_type, value, traceback):
        if value is not None:  # exception
            try:
                e = self.EXCS[exc_type]
            except KeyError:
                return False  # reraise
            raise e(value.message)


@csrf_exempt
def projects(request):
    method = request.method
    if method == "GET":
        return get_projects(request)
    elif method == "POST":
        return create_project(request)
274
    return api.api_method_not_allowed(request, allowed_methods=['GET', 'POST'])
275 276 277 278


@api.api_method(http_method="GET", token_required=True, user_required=False)
@user_from_token
279
@transaction.commit_on_success
280 281
def get_projects(request):
    user = request.user
282 283 284 285 286 287
    filters = {}
    for key in PROJECT_QUERY.keys():
        value = request.GET.get(key)
        if value is not None:
            filters[key] = value
    mode = request.GET.get("mode", "default")
288
    query = make_project_query(filters)
289
    projects = _get_projects(query, mode=mode, request_user=user)
290 291 292 293
    data = get_projects_details(projects, request_user=user)
    return json_response(data)


294
def _get_projects(query, mode="default", request_user=None):
295 296
    projects = Project.objects.filter(query)

297 298 299
    if mode == "member":
        membs = request_user.projectmembership_set.\
            actually_accepted_and_active()
300 301
        memb_projects = membs.values_list("project", flat=True)
        is_memb = Q(id__in=memb_projects)
302 303 304 305 306 307 308 309 310 311 312 313
        projects = projects.filter(is_memb)
    elif mode == "default":
        if not request_user.is_project_admin():
            membs = request_user.projectmembership_set.any_accepted()
            memb_projects = membs.values_list("project", flat=True)
            is_memb = Q(id__in=memb_projects)
            owned = Q(owner=request_user)
            active = (Q(state=Project.NORMAL) &
                      Q(private=False))
            projects = projects.filter(is_memb | owned | active)
    else:
        raise faults.BadRequest("Unrecognized mode '%s'." % mode)
314
    return projects.select_related("last_application")
315 316 317 318


@api.api_method(http_method="POST", token_required=True, user_required=False)
@user_from_token
319
@transaction.commit_on_success
320 321
def create_project(request):
    user = request.user
322
    data = request.body
323
    app_data = json.loads(data)
324
    return submit_new_project(app_data, user)
325 326 327 328 329 330 331 332 333


@csrf_exempt
def project(request, project_id):
    method = request.method
    if method == "GET":
        return get_project(request, project_id)
    if method == "POST":
        return modify_project(request, project_id)
334
    return api.api_method_not_allowed(request, allowed_methods=['GET', 'POST'])
335 336 337 338


@api.api_method(http_method="GET", token_required=True, user_required=False)
@user_from_token
339
@transaction.commit_on_success
340 341 342 343 344 345 346 347 348
def get_project(request, project_id):
    user = request.user
    with ExceptionHandler():
        project = _get_project(project_id, request_user=user)
    data = get_project_details(project, user)
    return json_response(data)


def _get_project(project_id, request_user=None):
349
    project = functions.get_project_by_uuid(project_id)
350 351 352 353 354 355 356
    functions.project_check_allowed(
        project, request_user, level=functions.ANY_LEVEL)
    return project


@api.api_method(http_method="POST", token_required=True, user_required=False)
@user_from_token
357
@transaction.commit_on_success
358 359
def modify_project(request, project_id):
    user = request.user
360
    data = request.body
361
    app_data = json.loads(data)
362
    return submit_modification(app_data, user, project_id=project_id)
363 364 365 366 367 368 369 370 371 372 373 374 375


def _get_date(d, key):
    date_str = d.get(key)
    if date_str is not None:
        try:
            return date_util.isoparse(date_str)
        except:
            raise faults.BadRequest("Invalid %s" % key)
    else:
        return None


376
def _get_maybe_string(d, key, default=None):
377 378 379
    value = d.get(key)
    if value is not None and not isinstance(value, basestring):
        raise faults.BadRequest("%s must be string" % key)
380 381
    if value is None:
        return default
382 383 384
    return value


385
def _get_maybe_boolean(d, key, default=None):
386 387 388
    value = d.get(key)
    if value is not None and not isinstance(value, bool):
        raise faults.BadRequest("%s must be boolean" % key)
389 390
    if value is None:
        return default
391 392 393
    return value


394 395 396 397 398 399 400 401 402
DOMAIN_VALUE_REGEX = re.compile(
    r'^([a-zA-Z0-9]([a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,6}$',
    re.IGNORECASE)


def valid_project_name(name):
    return DOMAIN_VALUE_REGEX.match(name) is not None


403 404 405 406 407 408 409 410 411 412 413
def _parse_max_members(s):
    try:
        max_members = units.parse(s)
        if max_members < 0:
            raise faults.BadRequest("Invalid max_members")
        return max_members
    except units.ParseError:
        raise faults.BadRequest("Invalid max_members")


def submit_new_project(app_data, user):
414 415 416 417 418
    uuid = app_data.get("owner")
    if uuid is None:
        owner = user
    else:
        try:
419
            owner = AstakosUser.objects.accepted().get(uuid=uuid)
420 421 422 423 424 425 426 427
        except AstakosUser.DoesNotExist:
            raise faults.BadRequest("User does not exist.")

    try:
        name = app_data["name"]
    except KeyError:
        raise faults.BadRequest("Name missing.")

428 429 430
    if not valid_project_name(name):
        raise faults.BadRequest("Project name should be in domain format")

431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448
    join_policy = app_data.get("join_policy", "moderated")
    try:
        join_policy = MEMBERSHIP_POLICY[join_policy]
    except KeyError:
        raise faults.BadRequest("Invalid join policy")

    leave_policy = app_data.get("leave_policy", "auto")
    try:
        leave_policy = MEMBERSHIP_POLICY[leave_policy]
    except KeyError:
        raise faults.BadRequest("Invalid leave policy")

    start_date = _get_date(app_data, "start_date")
    end_date = _get_date(app_data, "end_date")

    if end_date is None:
        raise faults.BadRequest("Missing end date")

449 450 451 452
    try:
        max_members = _parse_max_members(app_data["max_members"])
    except KeyError:
        max_members = units.PRACTICALLY_INFINITE
453

454
    private = bool(_get_maybe_boolean(app_data, "private"))
455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518
    homepage = _get_maybe_string(app_data, "homepage", "")
    description = _get_maybe_string(app_data, "description", "")
    comments = _get_maybe_string(app_data, "comments", "")
    resources = app_data.get("resources", {})

    submit = functions.submit_application
    with ExceptionHandler():
        application = submit(
            owner=owner,
            name=name,
            project_id=None,
            homepage=homepage,
            description=description,
            start_date=start_date,
            end_date=end_date,
            member_join_policy=join_policy,
            member_leave_policy=leave_policy,
            limit_on_members_number=max_members,
            private=private,
            comments=comments,
            resources=resources,
            request_user=user)

    result = {"application": application.id,
              "id": application.chain.uuid,
              }
    return json_response(result, status_code=201)


def submit_modification(app_data, user, project_id):
    owner = app_data.get("owner")
    if owner is not None:
        try:
            owner = AstakosUser.objects.accepted().get(uuid=owner)
        except AstakosUser.DoesNotExist:
            raise faults.BadRequest("User does not exist.")

    name = app_data.get("name")

    if name is not None and not valid_project_name(name):
        raise faults.BadRequest("Project name should be in domain format")

    join_policy = app_data.get("join_policy")
    if join_policy is not None:
        try:
            join_policy = MEMBERSHIP_POLICY[join_policy]
        except KeyError:
            raise faults.BadRequest("Invalid join policy")

    leave_policy = app_data.get("leave_policy")
    if leave_policy is not None:
        try:
            leave_policy = MEMBERSHIP_POLICY[leave_policy]
        except KeyError:
            raise faults.BadRequest("Invalid leave policy")

    start_date = _get_date(app_data, "start_date")
    end_date = _get_date(app_data, "end_date")

    max_members = app_data.get("max_members")
    if max_members is not None:
        max_members = _parse_max_members(max_members)

    private = _get_maybe_boolean(app_data, "private")
519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536
    homepage = _get_maybe_string(app_data, "homepage")
    description = _get_maybe_string(app_data, "description")
    comments = _get_maybe_string(app_data, "comments")
    resources = app_data.get("resources", {})

    submit = functions.submit_application
    with ExceptionHandler():
        application = submit(
            owner=owner,
            name=name,
            project_id=project_id,
            homepage=homepage,
            description=description,
            start_date=start_date,
            end_date=end_date,
            member_join_policy=join_policy,
            member_leave_policy=leave_policy,
            limit_on_members_number=max_members,
537
            private=private,
538 539 540 541 542
            comments=comments,
            resources=resources,
            request_user=user)

    result = {"application": application.id,
543
              "id": application.chain.uuid,
544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572
              }
    return json_response(result, status_code=201)


def get_action(actions, input_data):
    action = None
    data = None
    for option in actions.keys():
        if option in input_data:
            if action:
                raise faults.BadRequest("Multiple actions not supported")
            else:
                action = option
                data = input_data[action]
    if not action:
        raise faults.BadRequest("No recognized action")
    return actions[action], data


PROJECT_ACTION = {
    "terminate": functions.terminate,
    "suspend":   functions.suspend,
    "unsuspend": functions.unsuspend,
    "reinstate": functions.reinstate,
}


APPLICATION_ACTION = {
    "approve": functions.approve_application,
573
    "deny":    functions.deny_application,
574
    "dismiss": functions.dismiss_application,
575
    "cancel":  functions.cancel_application,
576 577 578
}


579 580 581 582
PROJECT_ACTION.update(APPLICATION_ACTION)
APP_ACTION_FUNCS = APPLICATION_ACTION.values()


583 584 585
@csrf_exempt
@api.api_method(http_method="POST", token_required=True, user_required=False)
@user_from_token
586
@transaction.commit_on_success
587
def project_action(request, project_id):
588
    user = request.user
589
    data = request.body
590 591
    input_data = json.loads(data)

592
    func, action_data = get_action(PROJECT_ACTION, input_data)
593
    with ExceptionHandler():
594 595 596 597 598 599
        kwargs = {"request_user": user,
                  "reason": action_data.get("reason", ""),
                  }
        if func in APP_ACTION_FUNCS:
            kwargs["application_id"] = action_data["app_id"]
        func(project_id=project_id, **kwargs)
600 601 602 603 604 605 606 607 608 609
    return HttpResponse()


@csrf_exempt
def memberships(request):
    method = request.method
    if method == "GET":
        return get_memberships(request)
    elif method == "POST":
        return post_memberships(request)
610
    return api.api_method_not_allowed(request, allowed_methods=['GET', 'POST'])
611 612 613 614 615


def make_membership_query(input_data):
    project_id = input_data.get("project")
    if project_id is not None:
616
        return Q(project__uuid=project_id)
617 618 619 620 621
    return Q()


@api.api_method(http_method="GET", token_required=True, user_required=False)
@user_from_token
622
@transaction.commit_on_success
623 624
def get_memberships(request):
    user = request.user
625
    query = make_membership_query(request.GET)
626 627 628 629 630 631 632 633
    memberships = _get_memberships(query, request_user=user)
    data = get_memberships_details(memberships, user)
    return json_response(data)


def _get_memberships(query, request_user=None):
    memberships = ProjectMembership.objects
    if not request_user.is_project_admin():
634
        owned = Q(project__owner=request_user)
635 636 637 638
        memb = Q(person=request_user)
        memberships = memberships.filter(owned | memb)

    return memberships.select_related(
639
        "project", "project__owner", "person").filter(query)
640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668


def join_project(data, request_user):
    project_id = data.get("project")
    with ExceptionHandler():
        membership = functions.join_project(project_id, request_user)
    response = {"id": membership.id}
    return json_response(response)


def enroll_user(data, request_user):
    project_id = data.get("project")
    email = data.get("user")
    with ExceptionHandler():
        m = functions.enroll_member_by_email(
            project_id, email, request_user)

    response = {"id": m.id}
    return json_response(response)


MEMBERSHIPS_ACTION = {
    "join":   join_project,
    "enroll": enroll_user,
}


@api.api_method(http_method="POST", token_required=True, user_required=False)
@user_from_token
669
@transaction.commit_on_success
670 671
def post_memberships(request):
    user = request.user
672
    data = request.body
673 674 675 676 677 678 679
    input_data = json.loads(data)
    func, action_data = get_action(MEMBERSHIPS_ACTION, input_data)
    return func(action_data, user)


@api.api_method(http_method="GET", token_required=True, user_required=False)
@user_from_token
680
@transaction.commit_on_success
681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706
def membership(request, memb_id):
    user = request.user
    with ExceptionHandler():
        m = _get_membership(memb_id, request_user=user)
    data = get_membership_details(m, user)
    return json_response(data)


def _get_membership(memb_id, request_user=None):
    membership = functions.get_membership_by_id(memb_id)
    functions.membership_check_allowed(membership, request_user)
    return membership


MEMBERSHIP_ACTION = {
    "leave":  functions.leave_project,
    "cancel": functions.cancel_membership,
    "accept": functions.accept_membership,
    "reject": functions.reject_membership,
    "remove": functions.remove_membership,
}


@csrf_exempt
@api.api_method(http_method="POST", token_required=True, user_required=False)
@user_from_token
707
@transaction.commit_on_success
708 709 710 711 712 713 714
def membership_action(request, memb_id):
    user = request.user
    input_data = read_json_body(request, default={})
    func, action_data = get_action(MEMBERSHIP_ACTION, input_data)
    with ExceptionHandler():
        func(memb_id, user, reason=action_data)
    return HttpResponse()