new profiles implementation

9 files changed, 69 insertions, 177 deletions

diff --git a/coip/apps/auth/views.py b/coip/apps/auth/views.py
index 6dd311d..bab6bf8 100644
--- a/coip/apps/auth/views.py
+++ b/coip/apps/auth/views.py
@@ -4,71 +4,15 @@ Created on Jul 5, 2010
 @author: leifj
 '''
 from django.http import HttpResponseRedirect
-from coip.apps.userprofile.models import UserProfile
-from django.contrib.auth.models import User
-from coip.apps.auth.utils import anonid
+from coip.apps.userprofile.models import UserProfile, user_profile
 from coip.apps.name.models import lookup
-import datetime
 from django.views.decorators.cache import never_cache
-import logging
+from coip.apps.membership.models import add_member
 
-def meta(request,attr):
-    v = request.META.get(attr)
-    if not v:
-        return None
-    values = filter(lambda x: x != "(null)",v.split(";"))
-    return values;
-
-def meta1(request,attr):
-    v = meta(request,attr)
-    if v:
-        return v[0]
-    else:
-        return None
 
 def accounts_login_federated(request):
     if request.user.is_authenticated():
-        profile,created = UserProfile.objects.get_or_create(identifier=request.user.username)
-        if created:
-            profile.identifier = request.user.username
-            profile.user = request.user
-            profile.save()
-            
-        
-        update = False
-        cn = meta1(request,'cn')
-        if not cn:
-            cn = meta1(request,'displayName')
-        logging.warn(cn)
-        if not cn:
-            fn = meta1(request,'givenName')
-            ln = meta1(request,'sn')
-            if fn and ln:
-                cn = "%s %s" % (fn,ln)
-        if not cn:
-            cn = profile.identifier
-            
-        mail = meta1(request,'mail')
-        
-        idp = meta1(request,'Shib-Identity-Provider')
-        
-        for attrib_name, meta_value in (('display_name',cn),('email',mail),('idp',idp)):
-            attrib_value = getattr(profile, attrib_name)
-            if meta_value and not attrib_value:
-                setattr(profile,attrib_name,meta_value)
-                update = True
-                
-        if request.user.password == "":
-            request.user.password = "(not used for federated logins)"
-            update = True
-            
-        if update:
-            request.user.save()
-        
-        # Allow auto_now to kick in for the lastupdated field
-        #profile.lastupdated = datetime.datetime.now()    
-        profile.save()
-            
+        #profile,created = UserProfile.objects.get_or_create(user=request.user)
         next = request.session.get("after_login_redirect", None)
         if next is not None:
             return HttpResponseRedirect(next)
diff --git a/coip/apps/invitation/models.py b/coip/apps/invitation/models.py
index e6b7df4..64c3d5d 100644
--- a/coip/apps/invitation/models.py
+++ b/coip/apps/invitation/models.py
@@ -6,11 +6,7 @@ Created on Jun 23, 2010
 from django.db import models
 from django.contrib.auth.models import User
 from coip.apps.name.models import Name
-import datetime
-from pprint import pformat
 from django.core.mail import send_mail
-from coip.apps.userprofile.models import last_used_profile
-import logging
 from coip.settings import PREFIX_URL, NOREPLY
 
 class Invitation(models.Model):
@@ -29,8 +25,7 @@ class Invitation(models.Model):
     def __unicode__(self):
         return "%s invited to %s by %s" % (self.email,self.name,self.inviter)
         
-    def send_email(self):
-        pinviter = last_used_profile(self.inviter)
+    def send_email(self,user):
         send_mail('Invitation to join \'%s\'' % (self.name.shortname()),
                   '''
 %s (%s) has invited you to join \'%s\':
@@ -45,7 +40,7 @@ If you want to accept the invitation open this link in your browser:
 To view information about \'%s\' open this link in your browser:
 %s
 
-''' % (pinviter.display_name,pinviter.identifier,self.name.shortname(),self.message,PREFIX_URL,self.nonce,self.name.shortname(),self.name.url()),
+''' % (user.get_full_name,user.identifier.value,self.name.shortname(),self.message,PREFIX_URL,self.nonce,self.name.shortname(),self.name.url()),
                   NOREPLY,
                   [self.email], 
                   fail_silently=False)
diff --git a/coip/apps/invitation/views.py b/coip/apps/invitation/views.py
index 542728b..b0b1fb9 100644
--- a/coip/apps/invitation/views.py
+++ b/coip/apps/invitation/views.py
@@ -27,7 +27,7 @@ def invite(request,id):
         form = InvitationForm(request.POST,instance=invitation)
         if form.is_valid():
             invitation = form.save()
-            invitation.send_email()
+            invitation.send_email(user)
             return HttpResponseRedirect("/name/id/%d" % (name.id))
     else:
         exp = datetime.datetime.now()+datetime.timedelta(days=1)
diff --git a/coip/apps/name/views.py b/coip/apps/name/views.py
index b50526c..31efbc8 100644
--- a/coip/apps/name/views.py
+++ b/coip/apps/name/views.py
@@ -5,11 +5,10 @@ Created on Jul 6, 2010
 '''
 from coip.apps.name.models import Name, lookup, traverse, NameLink
 from django.core.exceptions import ObjectDoesNotExist
-from django.http import HttpResponseNotFound, HttpResponseForbidden,\
-    HttpResponseRedirect, Http404
+from django.http import HttpResponseNotFound,HttpResponseRedirect, Http404
 from django.contrib.auth.decorators import login_required
 from coip.multiresponse import respond_to, json_response, render403
-from pprint import pformat, pprint
+from pprint import pformat
 import logging
 from coip.apps.name.forms import NameEditForm, NewNameForm, NameDeleteForm,\
     PermissionForm
@@ -29,7 +28,7 @@ def delete(request,id):
         if form.is_valid():
             parent = name.parent
             if not form.cleaned_data['recursive'] and name.children.count() > 0:
-                return HttpResponseForbidden("Will not delete non-empty node")
+                return render403(request,"Will not delete non-empty node")
             
             for link in name.links.all():
                 link.delete()
@@ -54,10 +53,10 @@ def add(request,id):
         
     if id:
         if not parent.has_permission(request.user,'w'):
-            return HttpResponseForbidden('You are not allowed to create names under '+parent)
+            return render403(request,'You are not allowed to create names under %s' % parent)
     else:
         if not request.user.admin:
-            return HttpResponseForbidden('You are not allowed to create names in the root')
+            return render403(request,'You are not allowed to create names in the root context')
     
     if request.method == 'POST':
         name = Name(parent=parent,creator=request.user)
@@ -76,7 +75,7 @@ def edit(request,id):
     name = get_object_or_404(Name,pk=id)
     
     if not name.has_permission(request.user,'w'):
-        return HttpResponseForbidden()
+        return render403(request,"You do not have write-permission here")
         
     if request.method == 'POST':
         form = NameEditForm(request.POST,instance=name)
diff --git a/coip/apps/opensocial/people.py b/coip/apps/opensocial/people.py
index 4572829..e51949c 100644
--- a/coip/apps/opensocial/people.py
+++ b/coip/apps/opensocial/people.py
@@ -4,7 +4,6 @@ Created on Jun 19, 2011
 @author: leifj
 '''
 from tastypie.resources import ModelResource
-from coip.apps.userprofile.models import UserProfile, last_used_profile
 from django.contrib.auth.models import User
 from coip.apps.opensocial.serializer import OpenSocialSerializer
 from django.conf.urls.defaults import url
@@ -19,6 +18,7 @@ from django.shortcuts import get_object_or_404
 import logging
 from pprint import pformat
 from tastypie.bundle import Bundle
+from coip.apps.userprofile.models import Identifier
 
 _rekey = {
           'objects': 'entry'
@@ -122,8 +122,8 @@ class PersonResource(OpenSocialResource):
     #memberships = ToManyField(MembershipResource,'memberships',full=True)
     
     class Meta:
-        queryset = User.objects.all()
-        fields = ['username']
+        queryset = Identifier.objects.filter(type=Identifier.FEDERATION)
+        fields = ['value']
         resource_name = 'people'
         serializer = OpenSocialSerializer()
         
@@ -138,8 +138,8 @@ class PersonResource(OpenSocialResource):
     def list_memberships(self, request, **kwargs):
         logging.debug(pformat(kwargs))
         try:
-            user = self.cached_obj_get(request=request, username=kwargs['username'])
-            logging.debug(pformat(user))
+            id = self.cached_obj_get(request=request, value=kwargs['username'])
+            logging.debug(pformat(id))
         except ObjectDoesNotExist:
             return HttpGone()
         except MultipleObjectsReturned:
@@ -157,8 +157,8 @@ class PersonResource(OpenSocialResource):
         
     def dehydrate(self,bundle):
         bundle = super(PersonResource,self).dehydrate(bundle)
-        bundle.data['id'] = bundle.data['username']
-        bundle.data['displayName'] = last_used_profile(bundle.obj).display_name
+        bundle.data['id'] = bundle.data['value']
+        bundle.data['displayName'] = bundle.data['display_name']
         del bundle.data['resource_uri']
-        del bundle.data['username']
+        del bundle.data['value']
         return bundle
\ No newline at end of file
diff --git a/coip/apps/userprofile/admin.py b/coip/apps/userprofile/admin.py
index 32c1ad8..1e5c7a0 100644
--- a/coip/apps/userprofile/admin.py
+++ b/coip/apps/userprofile/admin.py
@@ -1,4 +1,5 @@
 from django.contrib import admin
-from coip.apps.userprofile.models import UserProfile
+from coip.apps.userprofile.models import UserProfile, Identifier
 
-admin.site.register(UserProfile)
\ No newline at end of file
+admin.site.register(UserProfile)
+admin.site.register(Identifier)
\ No newline at end of file
diff --git a/coip/apps/userprofile/models.py b/coip/apps/userprofile/models.py
index 40751fb..e780d81 100644
--- a/coip/apps/userprofile/models.py
+++ b/coip/apps/userprofile/models.py
@@ -5,39 +5,57 @@ Created on Jul 5, 2010
 '''
 from django.db import models
 from django.contrib.auth.models import User
-from coip.apps.name.models import Name
+from coip.apps.name.models import Name, lookup
+from coip.apps.membership.models import add_member
 
 class UserProfile(models.Model):
-    user = models.ForeignKey(User,blank=True,null=True,related_name='profiles')
-    display_name = models.CharField(max_length=255,blank=True,null=True)
-    primary = models.BooleanField()
-    email = models.EmailField(blank=True,null=True)
-    idp = models.CharField(max_length=255,blank=True,null=True)
-    identifier = models.CharField(max_length=1023,unique=True)
+    user = models.ForeignKey(User)
+    home = models.ForeignKey(Name,blank=True,null=True,editable=False)
     timecreated = models.DateTimeField(auto_now_add=True)
     lastupdated = models.DateTimeField(auto_now=True)
-    home = models.ForeignKey(Name,blank=True,null=True,editable=False)
     
     def __unicode__(self):
-        return "%s [%s] - %s" % (self.identifier,self.user.username,self.display_name)
-
-    def make_primary(self):
-        for p in UserProfile.objects.filter(user=self.user).all:
-            p.primary = False
-        self.primary = True
-
-def last_used_profile(user):
-    return UserProfile.objects.filter(user=user).order_by('lastupdated')[0]
+        return "%s" % (self.user.__unicode__())
+    
 
-def primary_profile(user):
-    return UserProfile.objects.filter(user=user,primary=True)[0]
+def user_profile(user):
+    profile,created = UserProfile.objects.get_or_create(user=user)
+    if created:
+        urn = lookup("urn",True)
+        anyuser = lookup("system:anyuser",True)
+        urn.setacl(anyuser,'rl')
+        home = lookup('user:'+user.username,autocreate=True)
+        home.short = user.get_full_name()
+        profile.home = home
+        profile.save()
+        home.save()
+        add_member(home,profile.user,hidden=True)
+        home.setpacl(home, "rwlida")
+        home.setacl(home,"rwla") #don't allow users to delete or reset acls on their home, nor invite members - that would be confusing as hell
+    
+    return profile
 
+class Identifier(models.Model):
+    
+    FEDERATION=0
+    EMAIL=1
+    SSHKEY=2
+    GRIDCERT=3
+    INTERNAL=4
     
-class PKey(models.Model):
-    user_profile = models.ForeignKey(UserProfile,related_name='keys')
-    key = models.CharField(max_length=1023,unique=True)
     timecreated = models.DateTimeField(auto_now_add=True)
     lastupdated = models.DateTimeField(auto_now=True)
     
+    user = models.ForeignKey(User,related_name='identifiers')
+    display_name = models.CharField(max_length=255,blank=True,null=True)
+    type = models.SmallIntegerField(default=0,choices=((0,'Federation Identifier'),(1,'Email Address'),(2,'SSH Key'),(3,'eScience Certificate'),(4,'Internal User')))
+    idp = models.CharField(max_length=255,blank=True,null=True)
+    verified = models.BooleanField()
+    value = models.CharField(max_length=1023)
+    verification_code = models.CharField(max_length=1023,blank=True,null=True)
+    
+    #class Meta:
+    #    unique_together = ('value','idp')
+        
     def __unicode__(self):
-        return "A merge-key for "+self.user_profile
+        return "%s [%s]" % (self.value,self.display_name)
diff --git a/coip/apps/userprofile/utils.py b/coip/apps/userprofile/utils.py
deleted file mode 100644
index d3854f6..0000000
--- a/coip/apps/userprofile/utils.py
+++ /dev/null
@@ -1,32 +0,0 @@
-'''
-Created on Jul 6, 2010
-
-@author: leifj
-'''
-from coip.apps.userprofile.models import UserProfile, PKey
-from django.core.exceptions import ObjectDoesNotExist
-import logging
-from pprint import pformat
-
-def request_profile(request):
-    if request.user.is_authenticated():
-        logging.warn(pformat(request.META))
-        if request.META.has_key('REMOTE_USER'):
-            return UserProfile.objects.get(identifier=request.META['REMOTE_USER'])
-        else:
-            return UserProfile.objects.get(user=request.user)
-    else:
-        return None 
-
-def user_profile(request,key=None):
-    if key:
-        try:
-            k = PKey.objects.get(key=key)
-            return k.profile,k
-        except ObjectDoesNotExist:
-            return None
-    else:
-        return request_profile(request)
-        #if not request.session.has_key('_profile'):
-        #    request.session['_profile'] = request_profile(request)
-        #return request.session['_profile']
\ No newline at end of file
diff --git a/coip/apps/userprofile/views.py b/coip/apps/userprofile/views.py
index 7ce8f74..50fe184 100644
--- a/coip/apps/userprofile/views.py
+++ b/coip/apps/userprofile/views.py
@@ -4,34 +4,14 @@ Created on Jul 6, 2010
 @author: leifj
 '''
 from django.contrib.auth.decorators import login_required
-from coip.apps.userprofile.models import PKey
-from django.http import HttpResponseRedirect
 from coip.multiresponse import respond_to, json_response
-from coip.apps.membership.models import Membership, add_member
-from coip.apps.userprofile.utils import user_profile
+from coip.apps.membership.models import Membership
 from django.core.exceptions import ObjectDoesNotExist
-from pprint import pformat
-from coip.apps.auth.utils import nonce
-from coip.apps.name.models import Name, NameLink, lookup
+from coip.apps.name.models import NameLink
 from django.contrib.auth.models import User
 from django.shortcuts import get_object_or_404
+from coip.apps.userprofile.models import Identifier
 
-@login_required
-def merge(request,pkey=None):
-    if pkey:
-        profile = user_profile(request)
-        merge_profile,pkey = profile(request,pkey)
-        if merge_profile:  
-            merge_profile.user.delete()
-            merge_profile.user = request.user
-            merge_profile.save()
-            pkey.delete()
-        return HttpResponseRedirect("/user/home")
-    else:
-        profile = profile(request)
-        k = PKey(profile=profile,key=nonce())
-        k.save()
-        return HttpResponseRedirect("/accounts/login?next=/user/merge/"+k.key)
     
 @login_required
 def home(request):
@@ -41,22 +21,9 @@ def home(request):
     except ObjectDoesNotExist:
         pass
     
-    urn = lookup("urn",True)
-    anyuser = lookup("system:anyuser",True)
-    urn.setacl(anyuser,'rl')
-    
-    profile = user_profile(request)
-    home = lookup('user:'+request.user.username,autocreate=True)
-    home.short = "%s (%s)" % (profile.display_name,profile.identifier)
-    profile.home = home
-    home.save()
-    add_member(home,profile.user,hidden=True)
-    home.setpacl(home, "rwlida")
-    home.setacl(home,"rwla") #don't allow users to delete or reset acls on their home, nor invite members - that would be confusing as hell
-    
     names = [(link.src,link.data) for link in NameLink.objects.filter(dst__memberships__user=request.user,type=NameLink.access_control,data__contains='i').all()]
-    
-    return respond_to(request, {'text/html': 'apps/userprofile/home.html'},{'memberships': memberships,'names': names, 'name': home})
+    identifiers = Identifier.objects.filter(user=request.user)
+    return respond_to(request, {'text/html': 'apps/userprofile/home.html'},{'memberships': memberships,'names': names,'identifiers': identifiers})
 
 @login_required
 def search(request):