Source code for openquake.server.utils
# -*- coding: utf-8 -*-
# vim: tabstop=4 shiftwidth=4 softtabstop=4
#
# Copyright (C) 2015-2023 GEM Foundation
#
# OpenQuake is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# OpenQuake is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with OpenQuake. If not, see <http://www.gnu.org/licenses/>.
import os
import getpass
import requests
import logging
from time import sleep
from django.conf import settings
from django.apps import apps
from django.contrib.auth import get_user_model
from openquake.engine import __version__ as oqversion
from openquake.calculators.base import get_aelo_version
[docs]def is_superuser(request):
"""
Without authentication (settings.LOCKDOW is false) every user is considered
a superuser, otherwise look at the attribute `request.user.is_superuser`.
"""
if not settings.LOCKDOWN:
return True
return request.user.is_superuser if hasattr(request, 'user') else False
[docs]def get_user(request):
"""
Returns the users from `request` if authentication is enabled, otherwise
returns the default user (from settings, or as reported by the OS).
"""
if settings.LOCKDOWN and hasattr(request, 'user'):
if request.user.is_authenticated:
user = request.user.username
else:
# This may happen with crafted requests
user = ''
else:
user = getattr(settings, 'DEFAULT_USER', getpass.getuser())
return user
[docs]def get_valid_users(request):
""""
Returns a list of `users` based on groups membership.
Returns a list made of a single user when it is not member of any group.
"""
if settings.LOCKDOWN:
User = get_user_model()
users = [get_user(request)]
if settings.LOCKDOWN and hasattr(request, 'user'):
if request.user.is_authenticated:
groups = request.user.groups.all()
if groups:
users = list(User.objects.filter(groups__in=groups)
.values_list('username', flat=True))
else:
# This may happen with crafted requests
users = []
return users
[docs]def get_acl_on(request):
"""
Returns `True` if ACL should be honorated, returns otherwise `False`.
"""
acl_on = settings.ACL_ON
if is_superuser(request):
# ACL is always disabled for superusers
acl_on = False
return acl_on
[docs]def user_has_permission(request, owner, job_status):
"""
Returns `True` if user coming from the request has the permission
to view a job-related resource, returns `False` otherwise.
"""
if job_status == 'shared':
if settings.LOCKDOWN and hasattr(request, 'user'):
return request.user.is_authenticated
return True
else:
return owner in get_valid_users(request) or not get_acl_on(request)
[docs]def oq_server_context_processor(request):
"""
A custom context processor which allows injection of additional
context variables.
"""
# NOTE: defining env variable at runtime, instead of defining it when the
# engine imports variable from the server module
os.environ['OQ_APPLICATION_MODE'] = settings.APPLICATION_MODE
context = {}
try:
announcement_model = apps.get_model(app_label='announcements',
model_name='Announcement')
except LookupError:
announcements = None
else:
announcements = announcement_model.objects.filter(show=True)
webui_host = request.get_host()
context['oq_engine_server_url'] = (
'//' + (webui_host if webui_host else request.META.get(
'HTTP_HOST', 'localhost:8800')) + settings.WEBUI_PATHPREFIX)
# this context var is also evaluated by the STANDALONE_APPS to identify
# the running environment. Keep it as it is
context['oq_engine_version'] = oqversion
context['disable_version_warning'] = settings.DISABLE_VERSION_WARNING
context['server_name'] = settings.SERVER_NAME
context['external_tools'] = settings.EXTERNAL_TOOLS
context['application_mode'] = settings.APPLICATION_MODE
context['announcements'] = announcements
if settings.GOOGLE_ANALYTICS_TOKEN is not None:
context['google_analytics_token'] = settings.GOOGLE_ANALYTICS_TOKEN
if settings.APPLICATION_MODE == 'AELO':
context['aelo_version'] = get_aelo_version()
if settings.APPLICATION_MODE == 'ARISTOTLE':
# NOTE: it may be useful not only for ARISTOTLE
try:
context['user_level'] = request.user.level
except AttributeError: # e.g. AnonymousUser (not authenticated)
context['user_level'] = 0
return context
[docs]def check_webserver_running(url="http://localhost:8800", max_retries=30):
"""
Returns True if a given URL is responding within a given timeout.
"""
retry = 0
response = ''
success = False
while response != requests.codes.ok and retry < max_retries:
try:
response = requests.head(url, allow_redirects=True).status_code
success = True
except Exception:
sleep(1)
retry += 1
if not success:
logging.warning('Unable to connect to %s within %s retries'
% (url, max_retries))
return success