Statistics
| Branch: | Tag: | Revision:

root / snf-astakos-app / astakos / im / models.py @ de50d96d

History | View | Annotate | Download (65.9 kB)

1
# Copyright 2011-2012 GRNET S.A. All rights reserved.
2
#
3
# Redistribution and use in source and binary forms, with or
4
# without modification, are permitted provided that the following
5
# conditions are met:
6
#
7
#   1. Redistributions of source code must retain the above
8
#      copyright notice, this list of conditions and the following
9
#      disclaimer.
10
#
11
#   2. Redistributions in binary form must reproduce the above
12
#      copyright notice, this list of conditions and the following
13
#      disclaimer in the documentation and/or other materials
14
#      provided with the distribution.
15
#
16
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27
# POSSIBILITY OF SUCH DAMAGE.
28
#
29
# The views and conclusions contained in the software and
30
# documentation are those of the authors and should not be
31
# interpreted as representing official policies, either expressed
32
# or implied, of GRNET S.A.
33

    
34
import hashlib
35
import uuid
36
import logging
37
import json
38

    
39
from time import asctime, sleep
40
from datetime import datetime, timedelta
41
from base64 import b64encode
42
from urlparse import urlparse
43
from urllib import quote
44
from random import randint
45
from collections import defaultdict, namedtuple
46

    
47
from django.db import models, IntegrityError, transaction, connection
48
from django.contrib.auth.models import User, UserManager, Group, Permission
49
from django.utils.translation import ugettext as _
50
from django.db import transaction
51
from django.core.exceptions import ValidationError
52
from django.db.models.signals import (
53
    pre_save, post_save, post_syncdb, post_delete)
54
from django.contrib.contenttypes.models import ContentType
55

    
56
from django.dispatch import Signal
57
from django.db.models import Q
58
from django.core.urlresolvers import reverse
59
from django.utils.http import int_to_base36
60
from django.contrib.auth.tokens import default_token_generator
61
from django.conf import settings
62
from django.utils.importlib import import_module
63
from django.utils.safestring import mark_safe
64
from django.core.validators import email_re
65
from django.core.exceptions import PermissionDenied, ObjectDoesNotExist
66

    
67
from astakos.im.settings import (
68
    DEFAULT_USER_LEVEL, INVITATIONS_PER_LEVEL,
69
    AUTH_TOKEN_DURATION, EMAILCHANGE_ACTIVATION_DAYS, LOGGING_LEVEL,
70
    SITENAME, SERVICES, MODERATION_ENABLED, RESOURCES_PRESENTATION_DATA)
71
from astakos.im import settings as astakos_settings
72
from astakos.im.endpoints.qh import (
73
    register_users, register_resources, qh_add_quota, QuotaLimits,
74
    qh_query_serials, qh_ack_serials)
75
from astakos.im import auth_providers
76

    
77
import astakos.im.messages as astakos_messages
78
from .managers import ForUpdateManager
79

    
80
logger = logging.getLogger(__name__)
81

    
82
DEFAULT_CONTENT_TYPE = None
83
_content_type = None
84

    
85
def get_content_type():
86
    global _content_type
87
    if _content_type is not None:
88
        return _content_type
89

    
90
    try:
91
        content_type = ContentType.objects.get(app_label='im', model='astakosuser')
92
    except:
93
        content_type = DEFAULT_CONTENT_TYPE
94
    _content_type = content_type
95
    return content_type
96

    
97
RESOURCE_SEPARATOR = '.'
98

    
99
inf = float('inf')
100

    
101
class Service(models.Model):
102
    name = models.CharField(_('Name'), max_length=255, unique=True, db_index=True)
103
    url = models.FilePathField()
104
    icon = models.FilePathField(blank=True)
105
    auth_token = models.CharField(_('Authentication Token'), max_length=32,
106
                                  null=True, blank=True)
107
    auth_token_created = models.DateTimeField(_('Token creation date'), null=True)
108
    auth_token_expires = models.DateTimeField(
109
        _('Token expiration date'), null=True)
110

    
111
    def renew_token(self, expiration_date=None):
112
        md5 = hashlib.md5()
113
        md5.update(self.name.encode('ascii', 'ignore'))
114
        md5.update(self.url.encode('ascii', 'ignore'))
115
        md5.update(asctime())
116

    
117
        self.auth_token = b64encode(md5.digest())
118
        self.auth_token_created = datetime.now()
119
        if expiration_date:
120
            self.auth_token_expires = expiration_date
121
        else:
122
            self.auth_token_expires = None
123

    
124
    def __str__(self):
125
        return self.name
126

    
127
    @property
128
    def resources(self):
129
        return self.resource_set.all()
130

    
131
    @resources.setter
132
    def resources(self, resources):
133
        for s in resources:
134
            self.resource_set.create(**s)
135

    
136
    def add_resource(self, service, resource, uplimit, update=True):
137
        """Raises ObjectDoesNotExist, IntegrityError"""
138
        resource = Resource.objects.get(service__name=service, name=resource)
139
        if update:
140
            AstakosUserQuota.objects.update_or_create(user=self,
141
                                                      resource=resource,
142
                                                      defaults={'uplimit': uplimit})
143
        else:
144
            q = self.astakosuserquota_set
145
            q.create(resource=resource, uplimit=uplimit)
146

    
147

    
148
class ResourceMetadata(models.Model):
149
    key = models.CharField(_('Name'), max_length=255, unique=True, db_index=True)
150
    value = models.CharField(_('Value'), max_length=255)
151

    
152
_presentation_data = {}
153
def get_presentation(resource):
154
    global _presentation_data
155
    presentation = _presentation_data.get(resource, {})
156
    if not presentation:
157
        resource_presentation = RESOURCES_PRESENTATION_DATA.get('resources', {})
158
        presentation = resource_presentation.get(resource, {})
159
        _presentation_data[resource] = presentation
160
    return presentation
161

    
162
class Resource(models.Model):
163
    name = models.CharField(_('Name'), max_length=255)
164
    meta = models.ManyToManyField(ResourceMetadata)
165
    service = models.ForeignKey(Service)
166
    desc = models.TextField(_('Description'), null=True)
167
    unit = models.CharField(_('Name'), null=True, max_length=255)
168
    group = models.CharField(_('Group'), null=True, max_length=255)
169

    
170
    class Meta:
171
        unique_together = ("name", "service")
172

    
173
    def __str__(self):
174
        return '%s%s%s' % (self.service, RESOURCE_SEPARATOR, self.name)
175

    
176
    @property
177
    def help_text(self):
178
        return get_presentation(str(self)).get('help_text', '')
179

    
180
    @property
181
    def help_text_input_each(self):
182
        return get_presentation(str(self)).get('help_text_input_each', '')
183

    
184
    @property
185
    def is_abbreviation(self):
186
        return get_presentation(str(self)).get('is_abbreviation', False)
187

    
188
    @property
189
    def report_desc(self):
190
        return get_presentation(str(self)).get('report_desc', '')
191

    
192
    @property
193
    def placeholder(self):
194
        return get_presentation(str(self)).get('placeholder', '')
195

    
196
    @property
197
    def verbose_name(self):
198
        return get_presentation(str(self)).get('verbose_name', '')
199

    
200

    
201
_default_quota = {}
202
def get_default_quota():
203
    global _default_quota
204
    if _default_quota:
205
        return _default_quota
206
    for s, data in SERVICES.iteritems():
207
        map(
208
            lambda d:_default_quota.update(
209
                {'%s%s%s' % (s, RESOURCE_SEPARATOR, d.get('name')):d.get('uplimit', 0)}
210
            ),
211
            data.get('resources', {})
212
        )
213
    return _default_quota
214

    
215
class AstakosUserManager(UserManager):
216

    
217
    def get_auth_provider_user(self, provider, **kwargs):
218
        """
219
        Retrieve AstakosUser instance associated with the specified third party
220
        id.
221
        """
222
        kwargs = dict(map(lambda x: ('auth_providers__%s' % x[0], x[1]),
223
                          kwargs.iteritems()))
224
        return self.get(auth_providers__module=provider, **kwargs)
225

    
226
    def get_by_email(self, email):
227
        return self.get(email=email)
228

    
229
    def get_by_identifier(self, email_or_username, **kwargs):
230
        try:
231
            return self.get(email__iexact=email_or_username, **kwargs)
232
        except AstakosUser.DoesNotExist:
233
            return self.get(username__iexact=email_or_username, **kwargs)
234

    
235
    def user_exists(self, email_or_username, **kwargs):
236
        qemail = Q(email__iexact=email_or_username)
237
        qusername = Q(username__iexact=email_or_username)
238
        return self.filter(qemail | qusername).exists()
239

    
240

    
241
class AstakosUser(User):
242
    """
243
    Extends ``django.contrib.auth.models.User`` by defining additional fields.
244
    """
245
    affiliation = models.CharField(_('Affiliation'), max_length=255, blank=True,
246
                                   null=True)
247

    
248
    # DEPRECATED FIELDS: provider, third_party_identifier moved in
249
    #                    AstakosUserProvider model.
250
    provider = models.CharField(_('Provider'), max_length=255, blank=True,
251
                                null=True)
252
    # ex. screen_name for twitter, eppn for shibboleth
253
    third_party_identifier = models.CharField(_('Third-party identifier'),
254
                                              max_length=255, null=True,
255
                                              blank=True)
256

    
257

    
258
    #for invitations
259
    user_level = DEFAULT_USER_LEVEL
260
    level = models.IntegerField(_('Inviter level'), default=user_level)
261
    invitations = models.IntegerField(
262
        _('Invitations left'), default=INVITATIONS_PER_LEVEL.get(user_level, 0))
263

    
264
    auth_token = models.CharField(_('Authentication Token'), max_length=32,
265
                                  null=True, blank=True)
266
    auth_token_created = models.DateTimeField(_('Token creation date'), null=True)
267
    auth_token_expires = models.DateTimeField(
268
        _('Token expiration date'), null=True)
269

    
270
    updated = models.DateTimeField(_('Update date'))
271
    is_verified = models.BooleanField(_('Is verified?'), default=False)
272

    
273
    email_verified = models.BooleanField(_('Email verified?'), default=False)
274

    
275
    has_credits = models.BooleanField(_('Has credits?'), default=False)
276
    has_signed_terms = models.BooleanField(
277
        _('I agree with the terms'), default=False)
278
    date_signed_terms = models.DateTimeField(
279
        _('Signed terms date'), null=True, blank=True)
280

    
281
    activation_sent = models.DateTimeField(
282
        _('Activation sent data'), null=True, blank=True)
283

    
284
    policy = models.ManyToManyField(
285
        Resource, null=True, through='AstakosUserQuota')
286

    
287
    uuid = models.CharField(max_length=255, null=True, blank=False, unique=True)
288

    
289
    __has_signed_terms = False
290
    disturbed_quota = models.BooleanField(_('Needs quotaholder syncing'),
291
                                           default=False, db_index=True)
292

    
293
    objects = AstakosUserManager()
294

    
295
    def __init__(self, *args, **kwargs):
296
        super(AstakosUser, self).__init__(*args, **kwargs)
297
        self.__has_signed_terms = self.has_signed_terms
298
        if not self.id:
299
            self.is_active = False
300

    
301
    @property
302
    def realname(self):
303
        return '%s %s' % (self.first_name, self.last_name)
304

    
305
    @realname.setter
306
    def realname(self, value):
307
        parts = value.split(' ')
308
        if len(parts) == 2:
309
            self.first_name = parts[0]
310
            self.last_name = parts[1]
311
        else:
312
            self.last_name = parts[0]
313

    
314
    def add_permission(self, pname):
315
        if self.has_perm(pname):
316
            return
317
        p, created = Permission.objects.get_or_create(
318
                                    codename=pname,
319
                                    name=pname.capitalize(),
320
                                    content_type=get_content_type())
321
        self.user_permissions.add(p)
322

    
323
    def remove_permission(self, pname):
324
        if self.has_perm(pname):
325
            return
326
        p = Permission.objects.get(codename=pname,
327
                                   content_type=get_content_type())
328
        self.user_permissions.remove(p)
329

    
330
    @property
331
    def invitation(self):
332
        try:
333
            return Invitation.objects.get(username=self.email)
334
        except Invitation.DoesNotExist:
335
            return None
336

    
337
    @property
338
    def quota(self):
339
        """Returns a dict with the sum of quota limits per resource"""
340
        d = defaultdict(int)
341
        default_quota = get_default_quota()
342
        d.update(default_quota)
343
        for q in self.policies:
344
            d[q.resource] += q.uplimit or inf
345
        for m in self.projectmembership_set.select_related().all():
346
            if not m.acceptance_date:
347
                continue
348
            p = m.project
349
            if not p.is_active():
350
                continue
351
            grants = p.application.projectresourcegrant_set.all()
352
            for g in grants:
353
                d[str(g.resource)] += g.member_capacity or inf
354
        return d
355

    
356
    @property
357
    def policies(self):
358
        return self.astakosuserquota_set.select_related().all()
359

    
360
    @policies.setter
361
    def policies(self, policies):
362
        for p in policies:
363
            service = policies.get('service', None)
364
            resource = policies.get('resource', None)
365
            uplimit = policies.get('uplimit', 0)
366
            update = policies.get('update', True)
367
            self.add_policy(service, resource, uplimit, update)
368

    
369
    def add_policy(self, service, resource, uplimit, update=True):
370
        """Raises ObjectDoesNotExist, IntegrityError"""
371
        resource = Resource.objects.get(service__name=service, name=resource)
372
        if update:
373
            AstakosUserQuota.objects.update_or_create(user=self,
374
                                                      resource=resource,
375
                                                      defaults={'uplimit': uplimit})
376
        else:
377
            q = self.astakosuserquota_set
378
            q.create(resource=resource, uplimit=uplimit)
379

    
380
    def remove_policy(self, service, resource):
381
        """Raises ObjectDoesNotExist, IntegrityError"""
382
        resource = Resource.objects.get(service__name=service, name=resource)
383
        q = self.policies.get(resource=resource).delete()
384

    
385
    def update_uuid(self):
386
        while not self.uuid:
387
            uuid_val =  str(uuid.uuid4())
388
            try:
389
                AstakosUser.objects.get(uuid=uuid_val)
390
            except AstakosUser.DoesNotExist, e:
391
                self.uuid = uuid_val
392
        return self.uuid
393

    
394
    @property
395
    def extended_groups(self):
396
        return self.membership_set.select_related().all()
397

    
398
    def save(self, update_timestamps=True, **kwargs):
399
        if update_timestamps:
400
            if not self.id:
401
                self.date_joined = datetime.now()
402
            self.updated = datetime.now()
403

    
404
        # update date_signed_terms if necessary
405
        if self.__has_signed_terms != self.has_signed_terms:
406
            self.date_signed_terms = datetime.now()
407

    
408
        self.update_uuid()
409

    
410
        if self.username != self.email.lower():
411
            # set username
412
            self.username = self.email.lower()
413

    
414
        self.validate_unique_email_isactive()
415

    
416
        super(AstakosUser, self).save(**kwargs)
417

    
418
    def renew_token(self, flush_sessions=False, current_key=None):
419
        md5 = hashlib.md5()
420
        md5.update(settings.SECRET_KEY)
421
        md5.update(self.username)
422
        md5.update(self.realname.encode('ascii', 'ignore'))
423
        md5.update(asctime())
424

    
425
        self.auth_token = b64encode(md5.digest())
426
        self.auth_token_created = datetime.now()
427
        self.auth_token_expires = self.auth_token_created + \
428
                                  timedelta(hours=AUTH_TOKEN_DURATION)
429
        if flush_sessions:
430
            self.flush_sessions(current_key)
431
        msg = 'Token renewed for %s' % self.email
432
        logger.log(LOGGING_LEVEL, msg)
433

    
434
    def flush_sessions(self, current_key=None):
435
        q = self.sessions
436
        if current_key:
437
            q = q.exclude(session_key=current_key)
438

    
439
        keys = q.values_list('session_key', flat=True)
440
        if keys:
441
            msg = 'Flushing sessions: %s' % ','.join(keys)
442
            logger.log(LOGGING_LEVEL, msg, [])
443
        engine = import_module(settings.SESSION_ENGINE)
444
        for k in keys:
445
            s = engine.SessionStore(k)
446
            s.flush()
447

    
448
    def __unicode__(self):
449
        return '%s (%s)' % (self.realname, self.email)
450

    
451
    def conflicting_email(self):
452
        q = AstakosUser.objects.exclude(username=self.username)
453
        q = q.filter(email__iexact=self.email)
454
        if q.count() != 0:
455
            return True
456
        return False
457

    
458
    def validate_unique_email_isactive(self):
459
        """
460
        Implements a unique_together constraint for email and is_active fields.
461
        """
462
        q = AstakosUser.objects.all()
463
        q = q.filter(email = self.email)
464
        if self.id:
465
            q = q.filter(~Q(id = self.id))
466
        if q.count() != 0:
467
            m = 'Another account with the same email = %(email)s & \
468
                is_active = %(is_active)s found.' % self.__dict__
469
            raise ValidationError(m)
470

    
471
    def email_change_is_pending(self):
472
        return self.emailchanges.count() > 0
473

    
474
    def email_change_is_pending(self):
475
        return self.emailchanges.count() > 0
476

    
477
    @property
478
    def signed_terms(self):
479
        term = get_latest_terms()
480
        if not term:
481
            return True
482
        if not self.has_signed_terms:
483
            return False
484
        if not self.date_signed_terms:
485
            return False
486
        if self.date_signed_terms < term.date:
487
            self.has_signed_terms = False
488
            self.date_signed_terms = None
489
            self.save()
490
            return False
491
        return True
492

    
493
    def set_invitations_level(self):
494
        """
495
        Update user invitation level
496
        """
497
        level = self.invitation.inviter.level + 1
498
        self.level = level
499
        self.invitations = INVITATIONS_PER_LEVEL.get(level, 0)
500

    
501
    def can_login_with_auth_provider(self, provider):
502
        if not self.has_auth_provider(provider):
503
            return False
504
        else:
505
            return auth_providers.get_provider(provider).is_available_for_login()
506

    
507
    def can_add_auth_provider(self, provider, **kwargs):
508
        provider_settings = auth_providers.get_provider(provider)
509

    
510
        if not provider_settings.is_available_for_add():
511
            return False
512

    
513
        if self.has_auth_provider(provider) and \
514
           provider_settings.one_per_user:
515
            return False
516

    
517
        if 'provider_info' in kwargs:
518
            kwargs.pop('provider_info')
519

    
520
        if 'identifier' in kwargs:
521
            try:
522
                # provider with specified params already exist
523
                existing_user = AstakosUser.objects.get_auth_provider_user(provider,
524
                                                                   **kwargs)
525
            except AstakosUser.DoesNotExist:
526
                return True
527
            else:
528
                return False
529

    
530
        return True
531

    
532
    def can_remove_auth_provider(self, module):
533
        provider = auth_providers.get_provider(module)
534
        existing = self.get_active_auth_providers()
535
        existing_for_provider = self.get_active_auth_providers(module=module)
536

    
537
        if len(existing) <= 1:
538
            return False
539

    
540
        if len(existing_for_provider) == 1 and provider.is_required():
541
            return False
542

    
543
        return True
544

    
545
    def can_change_password(self):
546
        return self.has_auth_provider('local', auth_backend='astakos')
547

    
548
    def has_required_auth_providers(self):
549
        required = auth_providers.REQUIRED_PROVIDERS
550
        for provider in required:
551
            if not self.has_auth_provider(provider):
552
                return False
553
        return True
554

    
555
    def has_auth_provider(self, provider, **kwargs):
556
        return bool(self.auth_providers.filter(module=provider,
557
                                               **kwargs).count())
558

    
559
    def add_auth_provider(self, provider, **kwargs):
560
        info_data = ''
561
        if 'provider_info' in kwargs:
562
            info_data = kwargs.pop('provider_info')
563
            if isinstance(info_data, dict):
564
                info_data = json.dumps(info_data)
565

    
566
        if self.can_add_auth_provider(provider, **kwargs):
567
            self.auth_providers.create(module=provider, active=True,
568
                                       info_data=info_data,
569
                                       **kwargs)
570
        else:
571
            raise Exception('Cannot add provider')
572

    
573
    def add_pending_auth_provider(self, pending):
574
        """
575
        Convert PendingThirdPartyUser object to AstakosUserAuthProvider entry for
576
        the current user.
577
        """
578
        if not isinstance(pending, PendingThirdPartyUser):
579
            pending = PendingThirdPartyUser.objects.get(token=pending)
580

    
581
        provider = self.add_auth_provider(pending.provider,
582
                               identifier=pending.third_party_identifier,
583
                                affiliation=pending.affiliation,
584
                                          provider_info=pending.info)
585

    
586
        if email_re.match(pending.email or '') and pending.email != self.email:
587
            self.additionalmail_set.get_or_create(email=pending.email)
588

    
589
        pending.delete()
590
        return provider
591

    
592
    def remove_auth_provider(self, provider, **kwargs):
593
        self.auth_providers.get(module=provider, **kwargs).delete()
594

    
595
    # user urls
596
    def get_resend_activation_url(self):
597
        return reverse('send_activation', kwargs={'user_id': self.pk})
598

    
599
    def get_provider_remove_url(self, module, **kwargs):
600
        return reverse('remove_auth_provider', kwargs={
601
            'pk': self.auth_providers.get(module=module, **kwargs).pk})
602

    
603
    def get_activation_url(self, nxt=False):
604
        url = "%s?auth=%s" % (reverse('astakos.im.views.activate'),
605
                                 quote(self.auth_token))
606
        if nxt:
607
            url += "&next=%s" % quote(nxt)
608
        return url
609

    
610
    def get_password_reset_url(self, token_generator=default_token_generator):
611
        return reverse('django.contrib.auth.views.password_reset_confirm',
612
                          kwargs={'uidb36':int_to_base36(self.id),
613
                                  'token':token_generator.make_token(self)})
614

    
615
    def get_auth_providers(self):
616
        return self.auth_providers.all()
617

    
618
    def get_available_auth_providers(self):
619
        """
620
        Returns a list of providers available for user to connect to.
621
        """
622
        providers = []
623
        for module, provider_settings in auth_providers.PROVIDERS.iteritems():
624
            if self.can_add_auth_provider(module):
625
                providers.append(provider_settings(self))
626

    
627
        return providers
628

    
629
    def get_active_auth_providers(self, **filters):
630
        providers = []
631
        for provider in self.auth_providers.active(**filters):
632
            if auth_providers.get_provider(provider.module).is_available_for_login():
633
                providers.append(provider)
634
        return providers
635

    
636
    @property
637
    def auth_providers_display(self):
638
        return ",".join(map(lambda x:unicode(x), self.auth_providers.active()))
639

    
640
    def get_inactive_message(self):
641
        msg_extra = ''
642
        message = ''
643
        if self.activation_sent:
644
            if self.email_verified:
645
                message = _(astakos_messages.ACCOUNT_INACTIVE)
646
            else:
647
                message = _(astakos_messages.ACCOUNT_PENDING_ACTIVATION)
648
                if astakos_settings.MODERATION_ENABLED:
649
                    msg_extra = _(astakos_messages.ACCOUNT_PENDING_ACTIVATION_HELP)
650
                else:
651
                    url = self.get_resend_activation_url()
652
                    msg_extra = mark_safe(_(astakos_messages.ACCOUNT_PENDING_ACTIVATION_HELP) + \
653
                                u' ' + \
654
                                _('<a href="%s">%s?</a>') % (url,
655
                                _(astakos_messages.ACCOUNT_RESEND_ACTIVATION_PROMPT)))
656
        else:
657
            if astakos_settings.MODERATION_ENABLED:
658
                message = _(astakos_messages.ACCOUNT_PENDING_MODERATION)
659
            else:
660
                message = astakos_messages.ACCOUNT_PENDING_ACTIVATION
661
                url = self.get_resend_activation_url()
662
                msg_extra = mark_safe(_('<a href="%s">%s?</a>') % (url,
663
                            _(astakos_messages.ACCOUNT_RESEND_ACTIVATION_PROMPT)))
664

    
665
        return mark_safe(message + u' '+ msg_extra)
666

    
667
    def owns_project(self, project):
668
        return project.user_status(self) == 100
669

    
670
    def is_project_member(self, project):
671
        return project.user_status(self) in [0,1,2,3]
672

    
673
    def is_project_accepted_member(self, project):
674
        return project.user_status(self) == 2
675

    
676

    
677
class AstakosUserAuthProviderManager(models.Manager):
678

    
679
    def active(self, **filters):
680
        return self.filter(active=True, **filters)
681

    
682

    
683
class AstakosUserAuthProvider(models.Model):
684
    """
685
    Available user authentication methods.
686
    """
687
    affiliation = models.CharField(_('Affiliation'), max_length=255, blank=True,
688
                                   null=True, default=None)
689
    user = models.ForeignKey(AstakosUser, related_name='auth_providers')
690
    module = models.CharField(_('Provider'), max_length=255, blank=False,
691
                                default='local')
692
    identifier = models.CharField(_('Third-party identifier'),
693
                                              max_length=255, null=True,
694
                                              blank=True)
695
    active = models.BooleanField(default=True)
696
    auth_backend = models.CharField(_('Backend'), max_length=255, blank=False,
697
                                   default='astakos')
698
    info_data = models.TextField(default="", null=True, blank=True)
699
    created = models.DateTimeField('Creation date', auto_now_add=True)
700

    
701
    objects = AstakosUserAuthProviderManager()
702

    
703
    class Meta:
704
        unique_together = (('identifier', 'module', 'user'), )
705
        ordering = ('module', 'created')
706

    
707
    def __init__(self, *args, **kwargs):
708
        super(AstakosUserAuthProvider, self).__init__(*args, **kwargs)
709
        try:
710
            self.info = json.loads(self.info_data)
711
            if not self.info:
712
                self.info = {}
713
        except Exception, e:
714
            self.info = {}
715

    
716
        for key,value in self.info.iteritems():
717
            setattr(self, 'info_%s' % key, value)
718

    
719

    
720
    @property
721
    def settings(self):
722
        return auth_providers.get_provider(self.module)
723

    
724
    @property
725
    def details_display(self):
726
        try:
727
          return self.settings.get_details_tpl_display % self.__dict__
728
        except:
729
          return ''
730

    
731
    @property
732
    def title_display(self):
733
        title_tpl = self.settings.get_title_display
734
        try:
735
            if self.settings.get_user_title_display:
736
                title_tpl = self.settings.get_user_title_display
737
        except Exception, e:
738
            pass
739
        try:
740
          return title_tpl % self.__dict__
741
        except:
742
          return self.settings.get_title_display % self.__dict__
743

    
744
    def can_remove(self):
745
        return self.user.can_remove_auth_provider(self.module)
746

    
747
    def delete(self, *args, **kwargs):
748
        ret = super(AstakosUserAuthProvider, self).delete(*args, **kwargs)
749
        if self.module == 'local':
750
            self.user.set_unusable_password()
751
            self.user.save()
752
        return ret
753

    
754
    def __repr__(self):
755
        return '<AstakosUserAuthProvider %s:%s>' % (self.module, self.identifier)
756

    
757
    def __unicode__(self):
758
        if self.identifier:
759
            return "%s:%s" % (self.module, self.identifier)
760
        if self.auth_backend:
761
            return "%s:%s" % (self.module, self.auth_backend)
762
        return self.module
763

    
764
    def save(self, *args, **kwargs):
765
        self.info_data = json.dumps(self.info)
766
        return super(AstakosUserAuthProvider, self).save(*args, **kwargs)
767

    
768

    
769
class ExtendedManager(models.Manager):
770
    def _update_or_create(self, **kwargs):
771
        assert kwargs, \
772
            'update_or_create() must be passed at least one keyword argument'
773
        obj, created = self.get_or_create(**kwargs)
774
        defaults = kwargs.pop('defaults', {})
775
        if created:
776
            return obj, True, False
777
        else:
778
            try:
779
                params = dict(
780
                    [(k, v) for k, v in kwargs.items() if '__' not in k])
781
                params.update(defaults)
782
                for attr, val in params.items():
783
                    if hasattr(obj, attr):
784
                        setattr(obj, attr, val)
785
                sid = transaction.savepoint()
786
                obj.save(force_update=True)
787
                transaction.savepoint_commit(sid)
788
                return obj, False, True
789
            except IntegrityError, e:
790
                transaction.savepoint_rollback(sid)
791
                try:
792
                    return self.get(**kwargs), False, False
793
                except self.model.DoesNotExist:
794
                    raise e
795

    
796
    update_or_create = _update_or_create
797

    
798

    
799
class AstakosUserQuota(models.Model):
800
    objects = ExtendedManager()
801
    limit = models.PositiveIntegerField(_('Limit'), null=True)    # obsolete field
802
    uplimit = models.BigIntegerField(_('Up limit'), null=True)
803
    resource = models.ForeignKey(Resource)
804
    user = models.ForeignKey(AstakosUser)
805

    
806
    class Meta:
807
        unique_together = ("resource", "user")
808

    
809

    
810
class ApprovalTerms(models.Model):
811
    """
812
    Model for approval terms
813
    """
814

    
815
    date = models.DateTimeField(
816
        _('Issue date'), db_index=True, default=datetime.now())
817
    location = models.CharField(_('Terms location'), max_length=255)
818

    
819

    
820
class Invitation(models.Model):
821
    """
822
    Model for registring invitations
823
    """
824
    inviter = models.ForeignKey(AstakosUser, related_name='invitations_sent',
825
                                null=True)
826
    realname = models.CharField(_('Real name'), max_length=255)
827
    username = models.CharField(_('Unique ID'), max_length=255, unique=True)
828
    code = models.BigIntegerField(_('Invitation code'), db_index=True)
829
    is_consumed = models.BooleanField(_('Consumed?'), default=False)
830
    created = models.DateTimeField(_('Creation date'), auto_now_add=True)
831
    consumed = models.DateTimeField(_('Consumption date'), null=True, blank=True)
832

    
833
    def __init__(self, *args, **kwargs):
834
        super(Invitation, self).__init__(*args, **kwargs)
835
        if not self.id:
836
            self.code = _generate_invitation_code()
837

    
838
    def consume(self):
839
        self.is_consumed = True
840
        self.consumed = datetime.now()
841
        self.save()
842

    
843
    def __unicode__(self):
844
        return '%s -> %s [%d]' % (self.inviter, self.username, self.code)
845

    
846

    
847
class EmailChangeManager(models.Manager):
848

    
849
    @transaction.commit_on_success
850
    def change_email(self, activation_key):
851
        """
852
        Validate an activation key and change the corresponding
853
        ``User`` if valid.
854

855
        If the key is valid and has not expired, return the ``User``
856
        after activating.
857

858
        If the key is not valid or has expired, return ``None``.
859

860
        If the key is valid but the ``User`` is already active,
861
        return ``None``.
862

863
        After successful email change the activation record is deleted.
864

865
        Throws ValueError if there is already
866
        """
867
        try:
868
            email_change = self.model.objects.get(
869
                activation_key=activation_key)
870
            if email_change.activation_key_expired():
871
                email_change.delete()
872
                raise EmailChange.DoesNotExist
873
            # is there an active user with this address?
874
            try:
875
                AstakosUser.objects.get(email__iexact=email_change.new_email_address)
876
            except AstakosUser.DoesNotExist:
877
                pass
878
            else:
879
                raise ValueError(_('The new email address is reserved.'))
880
            # update user
881
            user = AstakosUser.objects.get(pk=email_change.user_id)
882
            old_email = user.email
883
            user.email = email_change.new_email_address
884
            user.save()
885
            email_change.delete()
886
            msg = "User %d changed email from %s to %s" % (user.pk, old_email,
887
                                                          user.email)
888
            logger.log(LOGGING_LEVEL, msg)
889
            return user
890
        except EmailChange.DoesNotExist:
891
            raise ValueError(_('Invalid activation key.'))
892

    
893

    
894
class EmailChange(models.Model):
895
    new_email_address = models.EmailField(
896
        _(u'new e-mail address'),
897
        help_text=_('Your old email address will be used until you verify your new one.'))
898
    user = models.ForeignKey(
899
        AstakosUser, unique=True, related_name='emailchanges')
900
    requested_at = models.DateTimeField(default=datetime.now())
901
    activation_key = models.CharField(
902
        max_length=40, unique=True, db_index=True)
903

    
904
    objects = EmailChangeManager()
905

    
906
    def get_url(self):
907
        return reverse('email_change_confirm',
908
                      kwargs={'activation_key': self.activation_key})
909

    
910
    def activation_key_expired(self):
911
        expiration_date = timedelta(days=EMAILCHANGE_ACTIVATION_DAYS)
912
        return self.requested_at + expiration_date < datetime.now()
913

    
914

    
915
class AdditionalMail(models.Model):
916
    """
917
    Model for registring invitations
918
    """
919
    owner = models.ForeignKey(AstakosUser)
920
    email = models.EmailField()
921

    
922

    
923
def _generate_invitation_code():
924
    while True:
925
        code = randint(1, 2L ** 63 - 1)
926
        try:
927
            Invitation.objects.get(code=code)
928
            # An invitation with this code already exists, try again
929
        except Invitation.DoesNotExist:
930
            return code
931

    
932

    
933
def get_latest_terms():
934
    try:
935
        term = ApprovalTerms.objects.order_by('-id')[0]
936
        return term
937
    except IndexError:
938
        pass
939
    return None
940

    
941
class PendingThirdPartyUser(models.Model):
942
    """
943
    Model for registring successful third party user authentications
944
    """
945
    third_party_identifier = models.CharField(_('Third-party identifier'), max_length=255, null=True, blank=True)
946
    provider = models.CharField(_('Provider'), max_length=255, blank=True)
947
    email = models.EmailField(_('e-mail address'), blank=True, null=True)
948
    first_name = models.CharField(_('first name'), max_length=30, blank=True)
949
    last_name = models.CharField(_('last name'), max_length=30, blank=True)
950
    affiliation = models.CharField('Affiliation', max_length=255, blank=True)
951
    username = models.CharField(_('username'), max_length=30, unique=True, help_text=_("Required. 30 characters or fewer. Letters, numbers and @/./+/-/_ characters"))
952
    token = models.CharField(_('Token'), max_length=255, null=True, blank=True)
953
    created = models.DateTimeField(auto_now_add=True, null=True, blank=True)
954
    info = models.TextField(default="", null=True, blank=True)
955

    
956
    class Meta:
957
        unique_together = ("provider", "third_party_identifier")
958

    
959
    def get_user_instance(self):
960
        d = self.__dict__
961
        d.pop('_state', None)
962
        d.pop('id', None)
963
        d.pop('token', None)
964
        d.pop('created', None)
965
        d.pop('info', None)
966
        user = AstakosUser(**d)
967

    
968
        return user
969

    
970
    @property
971
    def realname(self):
972
        return '%s %s' %(self.first_name, self.last_name)
973

    
974
    @realname.setter
975
    def realname(self, value):
976
        parts = value.split(' ')
977
        if len(parts) == 2:
978
            self.first_name = parts[0]
979
            self.last_name = parts[1]
980
        else:
981
            self.last_name = parts[0]
982

    
983
    def save(self, **kwargs):
984
        if not self.id:
985
            # set username
986
            while not self.username:
987
                username =  uuid.uuid4().hex[:30]
988
                try:
989
                    AstakosUser.objects.get(username = username)
990
                except AstakosUser.DoesNotExist, e:
991
                    self.username = username
992
        super(PendingThirdPartyUser, self).save(**kwargs)
993

    
994
    def generate_token(self):
995
        self.password = self.third_party_identifier
996
        self.last_login = datetime.now()
997
        self.token = default_token_generator.make_token(self)
998

    
999
class SessionCatalog(models.Model):
1000
    session_key = models.CharField(_('session key'), max_length=40)
1001
    user = models.ForeignKey(AstakosUser, related_name='sessions', null=True)
1002

    
1003

    
1004
### PROJECTS ###
1005
################
1006

    
1007
def synced_model_metaclass(class_name, class_parents, class_attributes):
1008

    
1009
    new_attributes = {}
1010
    sync_attributes = {}
1011

    
1012
    for name, value in class_attributes.iteritems():
1013
        sync, underscore, rest = name.partition('_')
1014
        if sync == 'sync' and underscore == '_':
1015
            sync_attributes[rest] = value
1016
        else:
1017
            new_attributes[name] = value
1018

    
1019
    if 'prefix' not in sync_attributes:
1020
        m = ("you did not specify a 'sync_prefix' attribute "
1021
             "in class '%s'" % (class_name,))
1022
        raise ValueError(m)
1023

    
1024
    prefix = sync_attributes.pop('prefix')
1025
    class_name = sync_attributes.pop('classname', prefix + '_model')
1026

    
1027
    for name, value in sync_attributes.iteritems():
1028
        newname = prefix + '_' + name
1029
        if newname in new_attributes:
1030
            m = ("class '%s' was specified with prefix '%s' "
1031
                 "but it already has an attribute named '%s'"
1032
                 % (class_name, prefix, newname))
1033
            raise ValueError(m)
1034

    
1035
        new_attributes[newname] = value
1036

    
1037
    newclass = type(class_name, class_parents, new_attributes)
1038
    return newclass
1039

    
1040

    
1041
def make_synced(prefix='sync', name='SyncedState'):
1042

    
1043
    the_name = name
1044
    the_prefix = prefix
1045

    
1046
    class SyncedState(models.Model):
1047

    
1048
        sync_classname      = the_name
1049
        sync_prefix         = the_prefix
1050
        __metaclass__       = synced_model_metaclass
1051

    
1052
        sync_new_state      = models.BigIntegerField(null=True)
1053
        sync_synced_state   = models.BigIntegerField(null=True)
1054
        STATUS_SYNCED       = 0
1055
        STATUS_PENDING      = 1
1056
        sync_status         = models.IntegerField(db_index=True)
1057

    
1058
        class Meta:
1059
            abstract = True
1060

    
1061
        class NotSynced(Exception):
1062
            pass
1063

    
1064
        def sync_init_state(self, state):
1065
            self.sync_synced_state = state
1066
            self.sync_new_state = state
1067
            self.sync_status = self.STATUS_SYNCED
1068

    
1069
        def sync_get_status(self):
1070
            return self.sync_status
1071

    
1072
        def sync_set_status(self):
1073
            if self.sync_new_state != self.sync_synced_state:
1074
                self.sync_status = self.STATUS_PENDING
1075
            else:
1076
                self.sync_status = self.STATUS_SYNCED
1077

    
1078
        def sync_set_synced(self):
1079
            self.sync_synced_state = self.sync_new_state
1080
            self.sync_status = self.STATUS_SYNCED
1081

    
1082
        def sync_get_synced_state(self):
1083
            return self.sync_synced_state
1084

    
1085
        def sync_set_new_state(self, new_state):
1086
            self.sync_new_state = new_state
1087
            self.sync_set_status()
1088

    
1089
        def sync_get_new_state(self):
1090
            return self.sync_new_state
1091

    
1092
        def sync_set_synced_state(self, synced_state):
1093
            self.sync_synced_state = synced_state
1094
            self.sync_set_status()
1095

    
1096
        def sync_get_pending_objects(self):
1097
            kw = dict((the_prefix + '_status', self.STATUS_PENDING))
1098
            return self.objects.filter(**kw)
1099

    
1100
        def sync_get_synced_objects(self):
1101
            kw = dict((the_prefix + '_status', self.STATUS_SYNCED))
1102
            return self.objects.filter(**kw)
1103

    
1104
        def sync_verify_get_synced_state(self):
1105
            status = self.sync_get_status()
1106
            state = self.sync_get_synced_state()
1107
            verified = (status == self.STATUS_SYNCED)
1108
            return state, verified
1109

    
1110
        def sync_is_synced(self):
1111
            state, verified = self.sync_verify_get_synced_state()
1112
            return verified
1113

    
1114
    return SyncedState
1115

    
1116
SyncedState = make_synced(prefix='sync', name='SyncedState')
1117

    
1118

    
1119
class ProjectApplicationManager(ForUpdateManager):
1120

    
1121
    def user_projects(self, user):
1122
        """
1123
        Return projects accessed by specified user.
1124
        """
1125
        return self.filter(Q(owner=user) | Q(applicant=user) | \
1126
                        Q(project__projectmembership__person=user)).distinct()
1127

    
1128
    def search_by_name(self, *search_strings):
1129
        q = Q()
1130
        for s in search_strings:
1131
            q = q | Q(name__icontains=s)
1132
        return self.filter(q)
1133

    
1134

    
1135
class ProjectApplication(models.Model):
1136
    PENDING, APPROVED, REPLACED, UNKNOWN = 'Pending', 'Approved', 'Replaced', 'Unknown'
1137
    applicant               =   models.ForeignKey(
1138
                                    AstakosUser,
1139
                                    related_name='projects_applied',
1140
                                    db_index=True)
1141

    
1142
    state                   =   models.CharField(max_length=80,
1143
                                                default=UNKNOWN)
1144

    
1145
    owner                   =   models.ForeignKey(
1146
                                    AstakosUser,
1147
                                    related_name='projects_owned',
1148
                                    db_index=True)
1149

    
1150
    precursor_application   =   models.OneToOneField('ProjectApplication',
1151
                                                     null=True,
1152
                                                     blank=True,
1153
                                                     db_index=True)
1154

    
1155
    name                    =   models.CharField(max_length=80,
1156
                                                 help_text=_("The Project's name should be in a domain format. The domain shouldn't neccessarily exist in the real world but is helpful to imply a structure. e.g.: myproject.mylab.ntua.gr or myservice.myteam.myorganization"))
1157
    homepage                =   models.URLField(max_length=255,
1158
                                                null=True,
1159
                                                blank=True,help_text=_("This should be a URL pointing at your project's site. e.g.: http://myproject.com ",))
1160
    description             =   models.TextField(null=True,
1161
                                                 blank=True,
1162
                                                 help_text=_("Please provide a short but descriptive abstract of your Project, so that anyone searching can quickly understand what this Project is about. "))
1163
    start_date              =   models.DateTimeField(help_text=_("Here you specify the date you want your Project to start granting its resources. Its members will get the resources coming from this Project on this exact date."))
1164
    end_date                =   models.DateTimeField(help_text=_("Here you specify the date you want your Project to cease. This means that after this date all members will no longer be able to allocate resources from this Project.  "))
1165
    member_join_policy      =   models.IntegerField()
1166
    member_leave_policy     =   models.IntegerField()
1167
    limit_on_members_number =   models.PositiveIntegerField(null=True,
1168
                                                            blank=True,help_text=_("Here you specify the number of members this Project is going to have. This means that this number of people will be granted the resources you will specify in the next step. This can be '1' if you are the only one wanting to get resources. "))
1169
    resource_grants         =   models.ManyToManyField(
1170
                                    Resource,
1171
                                    null=True,
1172
                                    blank=True,
1173
                                    through='ProjectResourceGrant')
1174
    comments                =   models.TextField(null=True, blank=True)
1175
    issue_date              =   models.DateTimeField()
1176

    
1177

    
1178
    objects                 =   ProjectApplicationManager()
1179

    
1180
    def __unicode__(self):
1181
        return "%s applied by %s" % (self.name, self.applicant)
1182

    
1183
    def add_resource_policy(self, service, resource, uplimit):
1184
        """Raises ObjectDoesNotExist, IntegrityError"""
1185
        q = self.projectresourcegrant_set
1186
        resource = Resource.objects.get(service__name=service, name=resource)
1187
        q.create(resource=resource, member_capacity=uplimit)
1188

    
1189
    def user_status(self, user):
1190
        """
1191
        100 OWNER
1192
        0   REQUESTED
1193
        1   PENDING
1194
        2   ACCEPTED
1195
        3   REMOVING
1196
        4   REMOVED
1197
       -1   User has no association with the project
1198
        """
1199
        if user == self.owner:
1200
            status = 100
1201
        else:
1202
            try:
1203
                membership = self.project.projectmembership_set.get(person=user)
1204
                status = membership.state
1205
            except Project.DoesNotExist:
1206
                status = -1
1207
            except ProjectMembership.DoesNotExist:
1208
                status = -1
1209

    
1210
        return status
1211

    
1212
    def members_count(self):
1213
        return self.project.approved_memberships.count()
1214

    
1215
    @property
1216
    def grants(self):
1217
        return self.projectresourcegrant_set.values('member_capacity', 'resource__name', 'resource__service__name')
1218

    
1219
    @property
1220
    def resource_policies(self):
1221
        return self.projectresourcegrant_set.all()
1222

    
1223
    @resource_policies.setter
1224
    def resource_policies(self, policies):
1225
        for p in policies:
1226
            service = p.get('service', None)
1227
            resource = p.get('resource', None)
1228
            uplimit = p.get('uplimit', 0)
1229
            self.add_resource_policy(service, resource, uplimit)
1230

    
1231
    @property
1232
    def follower(self):
1233
        try:
1234
            return ProjectApplication.objects.get(precursor_application=self)
1235
        except ProjectApplication.DoesNotExist:
1236
            return
1237

    
1238
    def submit(self, resource_policies, applicant, comments,
1239
               precursor_application=None):
1240

    
1241
        if precursor_application:
1242
            self.precursor_application = precursor_application
1243
            self.owner = precursor_application.owner
1244
        else:
1245
            self.owner = applicant
1246

    
1247
        self.id = None
1248
        self.applicant = applicant
1249
        self.comments = comments
1250
        self.issue_date = datetime.now()
1251
        self.state = self.PENDING
1252
        self.save()
1253
        self.resource_policies = resource_policies
1254

    
1255
    def _get_project(self):
1256
        precursor = self
1257
        while precursor:
1258
            try:
1259
                objects = Project.objects.select_for_update()
1260
                project = objects.get(application=precursor)
1261
                return project
1262
            except Project.DoesNotExist:
1263
                pass
1264
            precursor = precursor.precursor_application
1265

    
1266
        return None
1267

    
1268
    def approve(self, approval_user=None):
1269
        """
1270
        If approval_user then during owner membership acceptance
1271
        it is checked whether the request_user is eligible.
1272

1273
        Raises:
1274
            PermissionDenied
1275
        """
1276

    
1277
        if not transaction.is_managed():
1278
            raise AssertionError("NOPE")
1279

    
1280
        new_project_name = self.name
1281
        if self.state != self.PENDING:
1282
            m = _("cannot approve: project '%s' in state '%s'") % (
1283
                    new_project_name, self.state)
1284
            raise PermissionDenied(m) # invalid argument
1285

    
1286
        now = datetime.now()
1287
        project = self._get_project()
1288

    
1289
        try:
1290
            # needs SERIALIZABLE
1291
            conflicting_project = Project.objects.get(name=new_project_name)
1292
            if (conflicting_project.is_alive and
1293
                conflicting_project != project):
1294
                m = (_("cannot approve: project with name '%s' "
1295
                       "already exists (serial: %s)") % (
1296
                        new_project_name, conflicting_project.id))
1297
                raise PermissionDenied(m) # invalid argument
1298
        except Project.DoesNotExist:
1299
            pass
1300

    
1301
        new_project = False
1302
        if project is None:
1303
            new_project = True
1304
            project = Project(creation_date=now)
1305

    
1306
        project.name = new_project_name
1307
        project.application = self
1308
        project.last_approval_date = now
1309
        project.save()
1310

    
1311
        if new_project:
1312
            project.add_member(self.owner)
1313

    
1314
        # This will block while syncing,
1315
        # but unblock before setting the membership state.
1316
        # See ProjectMembership.set_sync()
1317
        project.set_membership_pending_sync()
1318

    
1319
        precursor = self.precursor_application
1320
        while precursor:
1321
            precursor.state = self.REPLACED
1322
            precursor.save()
1323
            precursor = precursor.precursor_application
1324

    
1325
        self.state = self.APPROVED
1326
        self.save()
1327

    
1328

    
1329
class ProjectResourceGrant(models.Model):
1330

    
1331
    resource                =   models.ForeignKey(Resource)
1332
    project_application     =   models.ForeignKey(ProjectApplication,
1333
                                                  null=True)
1334
    project_capacity        =   models.BigIntegerField(null=True)
1335
    project_import_limit    =   models.BigIntegerField(null=True)
1336
    project_export_limit    =   models.BigIntegerField(null=True)
1337
    member_capacity         =   models.BigIntegerField(null=True)
1338
    member_import_limit     =   models.BigIntegerField(null=True)
1339
    member_export_limit     =   models.BigIntegerField(null=True)
1340

    
1341
    objects = ExtendedManager()
1342

    
1343
    class Meta:
1344
        unique_together = ("resource", "project_application")
1345

    
1346

    
1347
class Project(models.Model):
1348

    
1349
    application                 =   models.OneToOneField(
1350
                                            ProjectApplication,
1351
                                            related_name='project')
1352
    last_approval_date          =   models.DateTimeField(null=True)
1353

    
1354
    members                     =   models.ManyToManyField(
1355
                                            AstakosUser,
1356
                                            through='ProjectMembership')
1357

    
1358
    deactivation_reason         =   models.CharField(max_length=255, null=True)
1359
    deactivation_start_date     =   models.DateTimeField(null=True)
1360
    deactivation_date           =   models.DateTimeField(null=True)
1361

    
1362
    creation_date               =   models.DateTimeField()
1363
    name                        =   models.CharField(
1364
                                            max_length=80,
1365
                                            db_index=True,
1366
                                            unique=True)
1367

    
1368
    TERMINATED  =   'TERMINATED'
1369
    SUSPENDED   =   'SUSPENDED'
1370

    
1371
    objects     =   ForUpdateManager()
1372

    
1373
    def __str__(self):
1374
        return _("<project %s '%s'>") % (self.id, self.application.name)
1375

    
1376
    __repr__ = __str__
1377

    
1378
    def is_deactivating(self):
1379
        return bool(self.deactivation_start_date)
1380

    
1381
    def is_deactivated_synced(self):
1382
        return bool(self.deactivation_date)
1383

    
1384
    def is_deactivated(self):
1385
        return self.is_deactivated_synced() or self.is_deactivating()
1386

    
1387
    def is_still_approved(self):
1388
        return bool(self.last_approval_date)
1389

    
1390
    def is_active(self):
1391
        return not(self.is_deactivated())
1392

    
1393
    def is_inconsistent(self):
1394
        now = datetime.now()
1395
        dates = [self.creation_date,
1396
                 self.last_approval_date,
1397
                 self.deactivation_start_date,
1398
                 self.deactivation_date]
1399
        return any([date > now for date in dates])
1400

    
1401
    def set_deactivation_start_date(self):
1402
        self.deactivation_start_date = datetime.now()
1403

    
1404
    def set_deactivation_date(self):
1405
        self.deactivation_start_date = None
1406
        self.deactivation_date = datetime.now()
1407

    
1408
    def violates_resource_grants(self):
1409
        return False
1410

    
1411
    def violates_members_limit(self, adding=0):
1412
        application = self.application
1413
        return (len(self.approved_members) + adding >
1414
                application.limit_on_members_number)
1415

    
1416
    @property
1417
    def is_alive(self):
1418
        return self.is_active()
1419

    
1420
    @property
1421
    def approved_memberships(self):
1422
        query = ProjectMembership.query_approved()
1423
        return self.projectmembership_set.filter(query)
1424

    
1425
    @property
1426
    def approved_members(self):
1427
        return [m.person for m in self.approved_memberships]
1428

    
1429
    def set_membership_pending_sync(self):
1430
        query = ProjectMembership.query_approved()
1431
        sfu = self.projectmembership_set.select_for_update()
1432
        members = sfu.filter(query)
1433

    
1434
        for member in members:
1435
            member.state = member.PENDING
1436
            member.save()
1437

    
1438
    def add_member(self, user):
1439
        """
1440
        Raises:
1441
            django.exceptions.PermissionDenied
1442
            astakos.im.models.AstakosUser.DoesNotExist
1443
        """
1444
        if isinstance(user, int):
1445
            user = AstakosUser.objects.get(user=user)
1446

    
1447
        m, created = ProjectMembership.objects.get_or_create(
1448
            person=user, project=self
1449
        )
1450
        m.accept()
1451

    
1452
    def remove_member(self, user):
1453
        """
1454
        Raises:
1455
            django.exceptions.PermissionDenied
1456
            astakos.im.models.AstakosUser.DoesNotExist
1457
            astakos.im.models.ProjectMembership.DoesNotExist
1458
        """
1459
        if isinstance(user, int):
1460
            user = AstakosUser.objects.get(user=user)
1461

    
1462
        m = ProjectMembership.objects.get(person=user, project=self)
1463
        m.remove()
1464

    
1465
    def terminate(self):
1466
        self.set_deactivation_start_date()
1467
        self.deactivation_reason = self.TERMINATED
1468
        self.save()
1469

    
1470
    @property
1471
    def is_terminated(self):
1472
        return (self.is_deactivated() and
1473
                self.deactivation_reason == self.TERMINATED)
1474

    
1475
    @property
1476
    def is_suspended(self):
1477
        return False
1478

    
1479
class ProjectMembership(models.Model):
1480

    
1481
    person              =   models.ForeignKey(AstakosUser)
1482
    request_date        =   models.DateField(default=datetime.now())
1483
    project             =   models.ForeignKey(Project)
1484

    
1485
    state               =   models.IntegerField(default=0)
1486
    application         =   models.ForeignKey(
1487
                                ProjectApplication,
1488
                                null=True,
1489
                                related_name='memberships')
1490
    pending_application =   models.ForeignKey(
1491
                                ProjectApplication,
1492
                                null=True,
1493
                                related_name='pending_memebrships')
1494
    pending_serial      =   models.BigIntegerField(null=True, db_index=True)
1495

    
1496
    acceptance_date     =   models.DateField(null=True, db_index=True)
1497
    leave_request_date  =   models.DateField(null=True)
1498

    
1499
    objects     =   ForUpdateManager()
1500

    
1501
    REQUESTED   =   0
1502
    PENDING     =   1
1503
    ACCEPTED    =   2
1504
    REMOVING    =   3
1505
    REMOVED     =   4
1506
    INACTIVE    =   5
1507

    
1508
    APPROVED_SET    =   [PENDING, ACCEPTED, INACTIVE]
1509

    
1510
    @classmethod
1511
    def query_approved(cls):
1512
        return (Q(state=cls.PENDING) |
1513
                Q(state=cls.ACCEPTED) |
1514
                Q(state=cls.INACTIVE))
1515

    
1516
    class Meta:
1517
        unique_together = ("person", "project")
1518
        #index_together = [["project", "state"]]
1519

    
1520
    def __str__(self):
1521
        return _("<'%s' membership in '%s'>") % (
1522
                self.person.username, self.project)
1523

    
1524
    __repr__ = __str__
1525

    
1526
    def __init__(self, *args, **kwargs):
1527
        self.state = self.REQUESTED
1528
        super(ProjectMembership, self).__init__(*args, **kwargs)
1529

    
1530
    def _set_history_item(self, reason, date=None):
1531
        if isinstance(reason, basestring):
1532
            reason = ProjectMembershipHistory.reasons.get(reason, -1)
1533

    
1534
        history_item = ProjectMembershipHistory(
1535
                            serial=self.id,
1536
                            person=self.person.uuid,
1537
                            project=self.project_id,
1538
                            date=date or datetime.now(),
1539
                            reason=reason)
1540
        history_item.save()
1541
        serial = history_item.id
1542

    
1543
    def accept(self):
1544
        state = self.state
1545
        if state != self.REQUESTED:
1546
            m = _("%s: attempt to accept in state '%s'") % (self, state)
1547
            raise AssertionError(m)
1548

    
1549
        now = datetime.now()
1550
        self.acceptance_date = now
1551
        self._set_history_item(reason='ACCEPT', date=now)
1552
        self.state = (self.PENDING if self.project.is_active()
1553
                      else self.INACTIVE)
1554
        self.save()
1555

    
1556
    def remove(self):
1557
        state = self.state
1558
        if state not in [self.ACCEPTED, self.INACTIVE]:
1559
            m = _("%s: attempt to remove in state '%s'") % (self, state)
1560
            raise AssertionError(m)
1561

    
1562
        self._set_history_item(reason='REMOVE')
1563
        self.state = self.REMOVING
1564
        self.save()
1565

    
1566
    def reject(self):
1567
        state = self.state
1568
        if state != self.REQUESTED:
1569
            m = _("%s: attempt to reject in state '%s'") % (self, state)
1570
            raise AssertionError(m)
1571

    
1572
        # rejected requests don't need sync,
1573
        # because they were never effected
1574
        self._set_history_item(reason='REJECT')
1575
        self.delete()
1576

    
1577
    def get_diff_quotas(self, sub_list=None, add_list=None, remove=False):
1578
        if sub_list is None:
1579
            sub_list = []
1580

    
1581
        if add_list is None:
1582
            add_list = []
1583

    
1584
        sub_append = sub_list.append
1585
        add_append = add_list.append
1586
        holder = self.person.uuid
1587

    
1588
        synced_application = self.application
1589
        if synced_application is not None:
1590
            cur_grants = synced_application.projectresourcegrant_set.all()
1591
            for grant in cur_grants:
1592
                sub_append(QuotaLimits(
1593
                               holder       = holder,
1594
                               resource     = str(grant.resource),
1595
                               capacity     = grant.member_capacity,
1596
                               import_limit = grant.member_import_limit,
1597
                               export_limit = grant.member_export_limit))
1598

    
1599
        if not remove:
1600
            new_grants = self.pending_application.projectresourcegrant_set.all()
1601
            for new_grant in new_grants:
1602
                add_append(QuotaLimits(
1603
                               holder       = holder,
1604
                               resource     = str(new_grant.resource),
1605
                               capacity     = new_grant.member_capacity,
1606
                               import_limit = new_grant.member_import_limit,
1607
                               export_limit = new_grant.member_export_limit))
1608

    
1609
        return (sub_list, add_list)
1610

    
1611
    def set_sync(self):
1612
        state = self.state
1613
        if state == self.PENDING:
1614
            pending_application = self.pending_application
1615
            if pending_application is None:
1616
                m = _("%s: attempt to sync an empty pending application") % (
1617
                    self,)
1618
                raise AssertionError(m)
1619
            self.application = pending_application
1620
            self.pending_application = None
1621
            self.pending_serial = None
1622

    
1623
            # project.application may have changed in the meantime,
1624
            # in which case we stay PENDING;
1625
            # we are safe to check due to select_for_update
1626
            if self.application == self.project.application:
1627
                self.state = self.ACCEPTED
1628
            self.save()
1629
        elif state == self.ACCEPTED:
1630
            if self.pending_application:
1631
                m = _("%s: attempt to sync in state '%s' "
1632
                      "with a pending application") % (self, state)
1633
                raise AssertionError(m)
1634
            self.application = None
1635
            self.pending_serial = None
1636
            self.state = self.INACTIVE
1637
            self.save()
1638
        elif state == self.REMOVING:
1639
            self.delete()
1640
        else:
1641
            m = _("%s: attempt to sync in state '%s'") % (self, state)
1642
            raise AssertionError(m)
1643

    
1644
    def reset_sync(self):
1645
        state = self.state
1646
        if state in [self.PENDING, self.ACCEPTED, self.REMOVING]:
1647
            self.pending_application = None
1648
            self.pending_serial = None
1649
            self.save()
1650
        else:
1651
            m = _("%s: attempt to reset sync in state '%s'") % (self, state)
1652
            raise AssertionError(m)
1653

    
1654
class Serial(models.Model):
1655
    serial  =   models.AutoField(primary_key=True)
1656

    
1657
def new_serial():
1658
    s = Serial.objects.create()
1659
    serial = s.serial
1660
    s.delete()
1661
    return serial
1662

    
1663
def sync_finish_serials(serials_to_ack=None):
1664
    if serials_to_ack is None:
1665
        serials_to_ack = qh_query_serials([])
1666

    
1667
    serials_to_ack = set(serials_to_ack)
1668
    sfu = ProjectMembership.objects.select_for_update()
1669
    memberships = list(sfu.filter(pending_serial__isnull=False))
1670

    
1671
    if memberships:
1672
        for membership in memberships:
1673
            serial = membership.pending_serial
1674
            if serial in serials_to_ack:
1675
                membership.set_sync()
1676
            else:
1677
                membership.reset_sync()
1678

    
1679
        transaction.commit()
1680

    
1681
    qh_ack_serials(list(serials_to_ack))
1682
    return len(memberships)
1683

    
1684
def sync_all_projects():
1685
    sync_finish_serials()
1686

    
1687
    PENDING = ProjectMembership.PENDING
1688
    REMOVING = ProjectMembership.REMOVING
1689
    objects = ProjectMembership.objects.select_for_update()
1690

    
1691
    sub_quota, add_quota = [], []
1692

    
1693
    serial = new_serial()
1694

    
1695
    pending = objects.filter(state=PENDING)
1696
    for membership in pending:
1697

    
1698
        if membership.pending_application:
1699
            m = "%s: impossible: pending_application is not None (%s)" % (
1700
                membership, membership.pending_application)
1701
            raise AssertionError(m)
1702
        if membership.pending_serial:
1703
            m = "%s: impossible: pending_serial is not None (%s)" % (
1704
                membership, membership.pending_serial)
1705
            raise AssertionError(m)
1706

    
1707
        membership.pending_application = membership.project.application
1708
        membership.pending_serial = serial
1709
        membership.get_diff_quotas(sub_quota, add_quota)
1710
        membership.save()
1711

    
1712
    removing = objects.filter(state=REMOVING)
1713
    for membership in removing:
1714

    
1715
        if membership.pending_application:
1716
            m = ("%s: impossible: removing pending_application is not None (%s)"
1717
                % (membership, membership.pending_application))
1718
            raise AssertionError(m)
1719
        if membership.pending_serial:
1720
            m = "%s: impossible: pending_serial is not None (%s)" % (
1721
                membership, membership.pending_serial)
1722
            raise AssertionError(m)
1723

    
1724
        membership.pending_serial = serial
1725
        membership.get_diff_quotas(sub_quota, add_quota, remove=True)
1726
        membership.save()
1727

    
1728
    transaction.commit()
1729
    # ProjectApplication.approve() unblocks here
1730
    # and can set PENDING an already PENDING membership
1731
    # which has been scheduled to sync with the old project.application
1732
    # Need to check in ProjectMembership.set_sync()
1733

    
1734
    r = qh_add_quota(serial, sub_quota, add_quota)
1735
    if r:
1736
        m = "cannot sync serial: %d" % serial
1737
        raise RuntimeError(m)
1738

    
1739
    sync_finish_serials([serial])
1740

    
1741
def sync_deactivating_projects():
1742

    
1743
    ACCEPTED = ProjectMembership.ACCEPTED
1744
    PENDING = ProjectMembership.PENDING
1745
    REMOVING = ProjectMembership.REMOVING
1746

    
1747
    psfu = Project.objects.select_for_update()
1748
    projects = psfu.filter(deactivation_start_date__isnull=False)
1749

    
1750
    if not projects:
1751
        return
1752

    
1753
    sub_quota, add_quota = [], []
1754

    
1755
    serial = new_serial()
1756

    
1757
    for project in projects:
1758
        objects = project.projectmembership_set.select_for_update()
1759
        memberships = objects.filter(Q(state=ACCEPTED) |
1760
                                     Q(state=PENDING) | Q(state=REMOVING))
1761
        for membership in memberships:
1762
            if membership.state in (PENDING, REMOVING):
1763
                m = "cannot sync deactivating project '%s'" % project
1764
                raise RuntimeError(m)
1765

    
1766
            # state == ACCEPTED
1767
            if membership.pending_application:
1768
                m = "%s: impossible: pending_application is not None (%s)" % (
1769
                    membership, membership.pending_application)
1770
                raise AssertionError(m)
1771
            if membership.pending_serial:
1772
                m = "%s: impossible: pending_serial is not None (%s)" % (
1773
                    membership, membership.pending_serial)
1774
                raise AssertionError(m)
1775

    
1776
            membership.pending_serial = serial
1777
            membership.get_diff_quotas(sub_quota, add_quota, remove=True)
1778
            membership.save()
1779

    
1780
    transaction.commit()
1781

    
1782
    r = qh_add_quota(serial, sub_quota, add_quota)
1783
    if r:
1784
        m = "cannot sync serial: %d" % serial
1785
        raise RuntimeError(m)
1786

    
1787
    sync_finish_serials([serial])
1788

    
1789
    # finalize deactivating projects
1790
    deactivating_projects = psfu.filter(deactivation_start_date__isnull=False)
1791
    for project in deactivating_projects:
1792
        objects = project.projectmembership_set.select_for_update()
1793
        memberships = list(objects.filter(Q(state=ACCEPTED) |
1794
                                          Q(state=PENDING) | Q(state=REMOVING)))
1795
        if not memberships:
1796
            project.set_deactivation_date()
1797
            project.save()
1798

    
1799
    transaction.commit()
1800

    
1801
def sync_projects():
1802
    sync_all_projects()
1803
    sync_deactivating_projects()
1804

    
1805
def trigger_sync(retries=3, retry_wait=1.0):
1806
    transaction.commit()
1807

    
1808
    cursor = connection.cursor()
1809
    locked = True
1810
    try:
1811
        while 1:
1812
            cursor.execute("SELECT pg_try_advisory_lock(1)")
1813
            r = cursor.fetchone()
1814
            if r is None:
1815
                m = "Impossible"
1816
                raise AssertionError(m)
1817
            locked = r[0]
1818
            if locked:
1819
                break
1820

    
1821
            retries -= 1
1822
            if retries <= 0:
1823
                return False
1824
            sleep(retry_wait)
1825

    
1826
        sync_projects()
1827
        return True
1828

    
1829
    finally:
1830
        if locked:
1831
            cursor.execute("SELECT pg_advisory_unlock(1)")
1832
            cursor.fetchall()
1833

    
1834

    
1835
class ProjectMembershipHistory(models.Model):
1836
    reasons_list    =   ['ACCEPT', 'REJECT', 'REMOVE']
1837
    reasons         =   dict((k, v) for v, k in enumerate(reasons_list))
1838

    
1839
    person  =   models.CharField(max_length=255)
1840
    project =   models.BigIntegerField()
1841
    date    =   models.DateField(default=datetime.now)
1842
    reason  =   models.IntegerField()
1843
    serial  =   models.BigIntegerField()
1844

    
1845
### SIGNALS ###
1846
################
1847

    
1848
def create_astakos_user(u):
1849
    try:
1850
        AstakosUser.objects.get(user_ptr=u.pk)
1851
    except AstakosUser.DoesNotExist:
1852
        extended_user = AstakosUser(user_ptr_id=u.pk)
1853
        extended_user.__dict__.update(u.__dict__)
1854
        extended_user.save()
1855
        if not extended_user.has_auth_provider('local'):
1856
            extended_user.add_auth_provider('local')
1857
    except BaseException, e:
1858
        logger.exception(e)
1859

    
1860

    
1861
def fix_superusers(sender, **kwargs):
1862
    # Associate superusers with AstakosUser
1863
    admins = User.objects.filter(is_superuser=True)
1864
    for u in admins:
1865
        create_astakos_user(u)
1866
post_syncdb.connect(fix_superusers)
1867

    
1868

    
1869
def user_post_save(sender, instance, created, **kwargs):
1870
    if not created:
1871
        return
1872
    create_astakos_user(instance)
1873
post_save.connect(user_post_save, sender=User)
1874

    
1875
def astakosuser_post_save(sender, instance, created, **kwargs):
1876
    if not created:
1877
        return
1878
    # TODO handle socket.error & IOError
1879
    register_users((instance,))
1880
post_save.connect(astakosuser_post_save, sender=AstakosUser)
1881

    
1882
def resource_post_save(sender, instance, created, **kwargs):
1883
    if not created:
1884
        return
1885
    register_resources((instance,))
1886
post_save.connect(resource_post_save, sender=Resource)
1887

    
1888
def renew_token(sender, instance, **kwargs):
1889
    if not instance.auth_token:
1890
        instance.renew_token()
1891
pre_save.connect(renew_token, sender=AstakosUser)
1892
pre_save.connect(renew_token, sender=Service)
1893