Source code for openquake.server.utils
# -*- coding: utf-8 -*-
# vim: tabstop=4 shiftwidth=4 softtabstop=4
#
# Copyright (C) 2015-2023 GEM Foundation
#
# OpenQuake is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# OpenQuake is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with OpenQuake. If not, see <http://www.gnu.org/licenses/>.
import getpass
import requests
import logging
import django
from time import sleep
from django.conf import settings
from openquake.engine import __version__ as oqversion
if settings.LOCKDOWN:
django.setup()
from django.contrib.auth.models import User
[docs]def is_superuser(request):
"""
Without authentication (settings.LOCKDOW is false) every user is considered
a superuser, otherwise look at the attribute `request.user.is_superuser`.
"""
if not settings.LOCKDOWN:
return True
return request.user.is_superuser if hasattr(request, 'user') else False
[docs]def get_user(request):
"""
Returns the users from `request` if authentication is enabled, otherwise
returns the default user (from settings, or as reported by the OS).
"""
if settings.LOCKDOWN and hasattr(request, 'user'):
if request.user.is_authenticated:
user = request.user.username
else:
# This may happen with crafted requests
user = ''
else:
user = getattr(settings, 'DEFAULT_USER', getpass.getuser())
return user
[docs]def get_valid_users(request):
""""
Returns a list of `users` based on groups membership.
Returns a list made of a single user when it is not member of any group.
"""
users = [get_user(request)]
if settings.LOCKDOWN and hasattr(request, 'user'):
if request.user.is_authenticated:
groups = request.user.groups.all()
if groups:
users = list(User.objects.filter(groups__in=groups)
.values_list('username', flat=True))
else:
# This may happen with crafted requests
users = []
return users
[docs]def get_acl_on(request):
"""
Returns `True` if ACL should be honorated, returns otherwise `False`.
"""
acl_on = settings.ACL_ON
if is_superuser(request):
# ACL is always disabled for superusers
acl_on = False
return acl_on
[docs]def user_has_permission(request, owner):
"""
Returns `True` if user coming from the request has the permission
to view a resource, returns `false` otherwise.
"""
return owner in get_valid_users(request) or not get_acl_on(request)
[docs]def oq_server_context_processor(request):
"""
A custom context processor which allows injection of additional
context variables.
"""
context = {}
webui_host = request.get_host()
context['oq_engine_server_url'] = ('//' +
(webui_host if webui_host else
request.META.get('HTTP_HOST',
'localhost:8800'))
+ settings.WEBUI_PATHPREFIX)
# this context var is also evaluated by the STANDALONE_APPS to identify
# the running environment. Keep it as it is
context['oq_engine_version'] = oqversion
context['server_name'] = settings.SERVER_NAME
return context
[docs]def check_webserver_running(url="http://localhost:8800", max_retries=30):
"""
Returns True if a given URL is responding within a given timeout.
"""
retry = 0
response = ''
success = False
while response != requests.codes.ok and retry < max_retries:
try:
response = requests.head(url, allow_redirects=True).status_code
success = True
except Exception:
sleep(1)
retry += 1
if not success:
logging.warning('Unable to connect to %s within %s retries'
% (url, max_retries))
return success