Beispiel #1
0
def new_user_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Update the database
    fields = []
    values = []
    for key in ['username','forename', 'surname1', 'surname2', 'email']:
        if key in CTK.post:
            fields.append (key)
            values.append ("'%s'"%(CTK.post[key]))

    if 'password' in CTK.post:
        fields.append ('password')
        values.append ("'%s'"%(md5(CTK.post['password']).hexdigest()))

    for key in ['profile_id']:
        if key in CTK.post:
            fields.append (key)
            values.append ("%s" %(CTK.post[key]))

    q = "INSERT INTO users (%s) VALUES (%s);" %(", ".join(fields), ", ".join(values))
    if not query_check_success (q):
        return {'ret': "error"}

    return {'ret':      "ok",
            'redirect': "/admin/user"}
Beispiel #2
0
def del_type():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Target asset_type
    asset_type_id = CTK.request.url.split('/')[-1]

    # Check whether it can be deleted
    q = "SELECT COUNT(*) as total FROM assets WHERE asset_types_id = %(asset_type_id)s;" %(locals())
    re = Query(q)

    usage = re['total'][0]
    if usage != 0:
        subs = Util.get_es_substitutions (usage)
        msg  = ("No se puede eliminar. "
                "Existe%(n)s %(num)d activo%(s)s de este tipo." % subs)
        return default (msg)

    # Delete
    q = "DELETE FROM asset_types WHERE id = %(asset_type_id)s;" %(locals())
    ok = query_check_success (q)

    if not ok:
        return default ('No se pudo realizar la eliminación.')

    return CTK.HTTP_Redir(LOCATION)
Beispiel #3
0
def del_license():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Target license
    license_id = CTK.request.url.split('/')[-1]

    # Check whether it can be deleted
    q = "SELECT COUNT(*) as total FROM assets WHERE licenses_id = %(license_id)s;" % (
        locals())
    re = Query(q)

    usage = re['total'][0]
    if usage != 0:
        subs = Util.get_es_substitutions(usage)
        msg = ("Imposible realizar la operación. La licencia está "
               "siendo usada por %(num)d activo%(s)s" % subs)
        return default(msg)

    # Delete
    q = "DELETE FROM licenses WHERE id = %(license_id)s;" % (locals())
    ok = query_check_success(q)
    if not ok:
        return default('No se pudo eliminar la licencia.')
    return default()
Beispiel #4
0
def add_bookmark(bookmark):
    asset_id, user_id = bookmark
    sql = "INSERT INTO bookmarks VALUES (%s,%s);" % \
          (str(asset_id), str(user_id))
    if query_check_success(sql):
        return True
    return False
Beispiel #5
0
def new_user_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Update the database
    fields = []
    values = []
    for key in ['username', 'forename', 'surname1', 'surname2', 'email']:
        if key in CTK.post:
            fields.append(key)
            values.append("'%s'" % (CTK.post[key]))

    if 'password' in CTK.post:
        fields.append('password')
        values.append("'%s'" % (md5(CTK.post['password']).hexdigest()))

    for key in ['profile_id']:
        if key in CTK.post:
            fields.append(key)
            values.append("%s" % (CTK.post[key]))

    q = "INSERT INTO users (%s) VALUES (%s);" % (", ".join(fields),
                                                 ", ".join(values))
    if not query_check_success(q):
        return {'ret': "error"}

    return {'ret': "ok", 'redirect': "/admin/user"}
Beispiel #6
0
def del_type():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Target asset_type
    asset_type_id = CTK.request.url.split('/')[-1]

    # Check whether it can be deleted
    q = "SELECT COUNT(*) as total FROM assets WHERE asset_types_id = %(asset_type_id)s;" % (
        locals())
    re = Query(q)

    usage = re['total'][0]
    if usage != 0:
        subs = Util.get_es_substitutions(usage)
        msg = ("No se puede eliminar. "
               "Existe%(n)s %(num)d activo%(s)s de este tipo." % subs)
        return default(msg)

    # Delete
    q = "DELETE FROM asset_types WHERE id = %(asset_type_id)s;" % (locals())
    ok = query_check_success(q)

    if not ok:
        return default('No se pudo realizar la eliminación.')

    return CTK.HTTP_Redir(LOCATION)
Beispiel #7
0
def del_license():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Target license
    license_id = CTK.request.url.split('/')[-1]

    # Check whether it can be deleted
    q = "SELECT COUNT(*) as total FROM assets WHERE licenses_id = %(license_id)s;" %(locals())
    re = Query(q)

    usage = re['total'][0]
    if usage != 0:
        subs = Util.get_es_substitutions (usage)
        msg  = ("Imposible realizar la operación. La licencia está "
                "siendo usada por %(num)d activo%(s)s" % subs)
        return default (msg)

    # Delete
    q = "DELETE FROM licenses WHERE id = %(license_id)s;" %(locals())
    ok = query_check_success (q)
    if not ok:
        return default ('No se pudo eliminar la licencia.')
    return default ()
Beispiel #8
0
def add_bookmark (bookmark):
    asset_id, user_id = bookmark
    sql = "INSERT INTO bookmarks VALUES (%s,%s);" % \
          (str(asset_id), str(user_id))
    if query_check_success(sql):
        return True
    return False
Beispiel #9
0
def del_bookmark(bookmark):
    asset_id, user_id = bookmark
    sql = "DELETE FROM bookmarks " \
          "WHERE assets_id='%s' AND users_id='%s';" % \
          (str(asset_id), str(user_id))
    if query_check_success(sql):
        return True
    return False
Beispiel #10
0
def del_bookmark (bookmark):
    asset_id, user_id = bookmark
    sql = "DELETE FROM bookmarks " \
          "WHERE assets_id='%s' AND users_id='%s';" % \
          (str(asset_id), str(user_id))
    if query_check_success(sql):
        return True
    return False
Beispiel #11
0
def edit_profile_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    profile_id = CTK.post.pop('profile_id')
    if not profile_id:
        return CTK.HTTP_Error(406)

    # Update: profiles
    sql_values = []
    for key in ['name', 'description']:
        if key in CTK.post:
            sql_values.append("%s='%s'" % (key, CTK.post[key]))

    if sql_values:
        q = "UPDATE profiles SET %s WHERE id = %s;" % (','.join(sql_values),
                                                       profile_id)
        if not query_check_success(q):
            return {'ret': "error"}

    # Update: profiles has roles
    q = ''
    for key in CTK.post:
        if not key.startswith('role_'):
            continue

        role_id = key[len('role_'):]

        if bool(int(CTK.post[key])):
            q += ("INSERT INTO profiles_has_roles " +
                  "   VALUES (%(profile_id)s, %(role_id)s);") % (locals())
        else:
            q += (
                "DELETE FROM profiles_has_roles " +
                "   WHERE profiles_id = %(profile_id)s AND roles_id = %(role_id)s;"
            ) % (locals())
    if q:
        if not query_check_success(q):
            return {'ret': "error"}

    return {'ret': "ok"}
Beispiel #12
0
def new_type_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Update the database
    if 'type' in CTK.post:
        q = "INSERT INTO asset_types (type) VALUES ('%s');" % (
            CTK.post['type'])
        if not query_check_success(q):
            return {'ret': "error"}

    return {'ret': "ok", 'redirect': LOCATION}
Beispiel #13
0
def new_profile_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    name = CTK.post['name']
    desc = CTK.post['description']

    q = ("INSERT INTO profiles (name, description) VALUES ('%s', '%s');") %(name, desc)
    query_check_success (q)

    q = "SELECT id FROM profiles WHERE name = '%s';" %(name)
    re = Query(q)
    new_id = re['id'][0]
    if not new_id:
        return {'ret': "error"}

    q = ("INSERT INTO profiles_has_roles VALUES (%s, %d);") %(new_id, Role.ROLE_CONSUMER)
    query_check_success (q)

    return {'ret':      "ok",
            'redirect': "/admin/profile/%s" %(new_id)}
Beispiel #14
0
def new_type_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Update the database
    if 'type' in CTK.post:
        q = "INSERT INTO asset_types (type) VALUES ('%s');"%(CTK.post['type'])
        if not query_check_success (q):
            return {'ret': "error"}

    return {'ret':      "ok",
            'redirect': LOCATION}
Beispiel #15
0
def edit_profile_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    profile_id = CTK.post.pop('profile_id')
    if not profile_id:
        return CTK.HTTP_Error(406)

    # Update: profiles
    sql_values = []
    for key in ['name', 'description']:
        if key in CTK.post:
            sql_values.append ("%s='%s'" %(key, CTK.post[key]))

    if sql_values:
        q = "UPDATE profiles SET %s WHERE id = %s;" %(','.join(sql_values), profile_id)
        if not query_check_success (q):
            return {'ret': "error"}

    # Update: profiles has roles
    q = ''
    for key in CTK.post:
        if not key.startswith('role_'):
            continue

        role_id = key[len('role_'):]

        if bool(int(CTK.post[key])):
            q += ("INSERT INTO profiles_has_roles " +
                  "   VALUES (%(profile_id)s, %(role_id)s);") %(locals())
        else:
            q += ("DELETE FROM profiles_has_roles " +
                  "   WHERE profiles_id = %(profile_id)s AND roles_id = %(role_id)s;") %(locals())
    if q:
        if not query_check_success (q):
            return {'ret': "error"}

    return {'ret': "ok"}
Beispiel #16
0
def new_profile_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    name = CTK.post['name']
    desc = CTK.post['description']

    q = ("INSERT INTO profiles (name, description) VALUES ('%s', '%s');") % (
        name, desc)
    query_check_success(q)

    q = "SELECT id FROM profiles WHERE name = '%s';" % (name)
    re = Query(q)
    new_id = re['id'][0]
    if not new_id:
        return {'ret': "error"}

    q = ("INSERT INTO profiles_has_roles VALUES (%s, %d);") % (
        new_id, Role.ROLE_CONSUMER)
    query_check_success(q)

    return {'ret': "ok", 'redirect': "/admin/profile/%s" % (new_id)}
Beispiel #17
0
def edit_type_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    asset_type_id = CTK.post.pop('asset_typeid')
    if not asset_type_id:
        return CTK.HTTP_Error(406)

    # Update the database
    if 'type' in CTK.post:
        q = "UPDATE asset_types SET type='%s' WHERE id = %s;"%(CTK.post['type'], asset_type_id)
        if not query_check_success (q):
            return {'ret': "error"}

    return {'ret': "ok"}
Beispiel #18
0
def edit_type_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    asset_type_id = CTK.post.pop('asset_typeid')
    if not asset_type_id:
        return CTK.HTTP_Error(406)

    # Update the database
    if 'type' in CTK.post:
        q = "UPDATE asset_types SET type='%s' WHERE id = %s;" % (
            CTK.post['type'], asset_type_id)
        if not query_check_success(q):
            return {'ret': "error"}

    return {'ret': "ok"}
Beispiel #19
0
def del_user():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Target user
    user_id = CTK.request.url.split('/')[4]

    # Delete
    q = "DELETE FROM users WHERE id = %(user_id)s;" % (locals())
    ok = query_check_success(q)

    if ok:
        msg = None
    else:
        msg = ('Este usuario no puede ser eliminado ya que posee '
               'activos en el sistema.')

    return default(msg)
Beispiel #20
0
def new_license_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Update the database
    fields = []
    values = []
    for key in ['name', 'description']:
        if key in CTK.post:
            fields.append(key)
            values.append("'%s'" % (CTK.post[key]))

    q = "INSERT INTO licenses (%s) VALUES (%s);" % (", ".join(fields),
                                                    ", ".join(values))
    if not query_check_success(q):
        return {'ret': "error"}

    return {'ret': "ok", 'redirect': LOCATION}
Beispiel #21
0
    def delete(self):
        """Delete the collection and all its assets (or their
        attachments if deletion is not possible."""

        changes = []
        for asset_id in self._collection['assets']:
            a = Asset.Asset(asset_id)
            oa = OpAsset.OpAsset(a)
            ret = oa.delete()
            if ret['type'] == 'partial' and ret['ret'] == True:
                changes.append((asset_id, None))
            if ret['ret'] == False:
                self.__update_assets(changes)
                return False

        q = "DELETE FROM collections WHERE id = '%s';" % self._collection['id']
        if not query_check_success(q):
            return False
        return True
Beispiel #22
0
def del_user():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Target user
    user_id = CTK.request.url.split('/')[4]

    # Delete
    q = "DELETE FROM users WHERE id = %(user_id)s;" %(locals())
    ok = query_check_success (q)

    if ok:
        msg = None
    else:
        msg = ('Este usuario no puede ser eliminado ya que posee '
               'activos en el sistema.')

    return default (msg)
Beispiel #23
0
def new_license_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Update the database
    fields = []
    values = []
    for key in ['name', 'description']:
        if key in CTK.post:
            fields.append (key)
            values.append ("'%s'"%(CTK.post[key]))

    q = "INSERT INTO licenses (%s) VALUES (%s);" %(", ".join(fields), ", ".join(values))
    if not query_check_success (q):
        return {'ret': "error"}

    return {'ret':      "ok",
            'redirect': LOCATION}
Beispiel #24
0
    def delete (self):
        """Delete the collection and all its assets (or their
        attachments if deletion is not possible."""

        changes = []
        for asset_id in self._collection['assets']:
            a   = Asset.Asset (asset_id)
            oa  = OpAsset.OpAsset(a)
            ret = oa.delete()
            if ret['type'] == 'partial' and ret['ret'] == True:
                changes.append((asset_id, None))
            if ret['ret'] == False:
                self.__update_assets (changes)
                return False

        q  = "DELETE FROM collections WHERE id = '%s';" % self._collection['id']
        if not query_check_success (q):
            return False
        return True
Beispiel #25
0
def edit_license_apply():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    license_id = CTK.post.pop('licenseid')
    if not license_id:
        return CTK.HTTP_Error(406)

    # Update the database
    sql_values = []
    for key in ['name', 'description']:
        if key in CTK.post:
            sql_values.append ("%s='%s'" %(key, CTK.post[key]))

    q = "UPDATE licenses SET %s WHERE id = %s;" %(','.join(sql_values), license_id)
    if not query_check_success (q):
        return {'ret': "error"}

    return {'ret': "ok"}
Beispiel #26
0
def edit_license_apply():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    license_id = CTK.post.pop('licenseid')
    if not license_id:
        return CTK.HTTP_Error(406)

    # Update the database
    sql_values = []
    for key in ['name', 'description']:
        if key in CTK.post:
            sql_values.append("%s='%s'" % (key, CTK.post[key]))

    q = "UPDATE licenses SET %s WHERE id = %s;" % (','.join(sql_values),
                                                   license_id)
    if not query_check_success(q):
        return {'ret': "error"}

    return {'ret': "ok"}
Beispiel #27
0
def del_profile():
    # Authentication
    fail = Auth.assert_is_role (Role.ROLE_ADMIN)
    if fail: return fail

    # Target profile
    profile_id = CTK.request.url.split('/')[4]

    # Check whether it can be deleted
    q = "SELECT COUNT(*) FROM users WHERE profile_id = %(profile_id)s;" %(locals())
    re = Query(q)

    usage = re['COUNT(*)'][0]
    if usage != 0:
        return default ("El perfil está en uso por %d usuarios"%(usage))

    # Delete it
    q  = "DELETE FROM profiles_has_roles WHERE profiles_id = %(profile_id)s;" %(locals())
    q += "DELETE FROM profiles WHERE id = %(profile_id)s;" %(locals())
    ok = query_check_success (q)

    return CTK.HTTP_Redir('/admin/profile/')
Beispiel #28
0
    def update(self):
        """Update a collection"""

        col_id = self._collection['id']

        q = "UPDATE collections SET name = '%s' "\
            "WHERE id = %s;" % (self._collection['name'], col_id)

        if not query_check_success(q):
            return False

        old_assets = Collection.Collection(col_id)['assets']
        new_assets = self._collection['assets']
        mod_assets = [x for x in old_assets if x not in new_assets]

        changes = [(x, col_id) for x in new_assets]
        changes += [(x, None) for x in mod_assets]

        ok = self.__update_assets(changes)
        if not ok:
            return False
        return True
Beispiel #29
0
def edit_user_apply():
    # Authentication
    is_admin   = Role.user_has_role (Role.ROLE_ADMIN)

    user_id    = CTK.post['userid']
    current_id = Auth.get_user_id()
    try:
        is_self = (int(user_id) == current_id)
    except:
        is_self = False

    if not is_admin and not is_self:
        return CTK.HTTP_Error(403)

    if not user_id:
        return CTK.HTTP_Error(406)

    # Update the database
    sql_values = []
    for key in ['username', 'forename', 'surname1', 'surname2', 'email']:
        if key in CTK.post:
            sql_values.append ("%s='%s'" %(key, CTK.post[key]))

    if 'password' in CTK.post:
        password        = CTK.post['password']
        hashed_password = md5(password).hexdigest()
        old_password    = CTK.post['old_password']
        if not password == old_password:
            sql_values.append ("password='******'"%(hashed_password))

    if is_admin:
        key = 'profile_id'
        if key in CTK.post:
            sql_values.append ("%s=%s" %(key, CTK.post[key]))

    q = "UPDATE users SET %s WHERE id = %s;" %(','.join(sql_values), user_id)
    if not query_check_success (q):
        return {'ret': "error"}
    return {'ret': "ok"}
Beispiel #30
0
def edit_user_apply():
    # Authentication
    is_admin = Role.user_has_role(Role.ROLE_ADMIN)

    user_id = CTK.post['userid']
    current_id = Auth.get_user_id()
    try:
        is_self = (int(user_id) == current_id)
    except:
        is_self = False

    if not is_admin and not is_self:
        return CTK.HTTP_Error(403)

    if not user_id:
        return CTK.HTTP_Error(406)

    # Update the database
    sql_values = []
    for key in ['username', 'forename', 'surname1', 'surname2', 'email']:
        if key in CTK.post:
            sql_values.append("%s='%s'" % (key, CTK.post[key]))

    if 'password' in CTK.post:
        password = CTK.post['password']
        hashed_password = md5(password).hexdigest()
        old_password = CTK.post['old_password']
        if not password == old_password:
            sql_values.append("password='******'" % (hashed_password))

    if is_admin:
        key = 'profile_id'
        if key in CTK.post:
            sql_values.append("%s=%s" % (key, CTK.post[key]))

    q = "UPDATE users SET %s WHERE id = %s;" % (','.join(sql_values), user_id)
    if not query_check_success(q):
        return {'ret': "error"}
    return {'ret': "ok"}
Beispiel #31
0
    def update (self):
        """Update a collection"""

        col_id = self._collection['id']

        q = "UPDATE collections SET name = '%s' "\
            "WHERE id = %s;" % (self._collection['name'], col_id)

        if not query_check_success (q):
            return False

        old_assets     = Collection.Collection(col_id)['assets']
        new_assets     = self._collection['assets']
        mod_assets     = [x for x in old_assets if x not in new_assets]

        changes  = [(x, col_id) for x in new_assets]
        changes += [(x, None) for x in mod_assets]

        ok = self.__update_assets (changes)
        if not ok:
            return False
        return True
Beispiel #32
0
def del_profile():
    # Authentication
    fail = Auth.assert_is_role(Role.ROLE_ADMIN)
    if fail: return fail

    # Target profile
    profile_id = CTK.request.url.split('/')[4]

    # Check whether it can be deleted
    q = "SELECT COUNT(*) FROM users WHERE profile_id = %(profile_id)s;" % (
        locals())
    re = Query(q)

    usage = re['COUNT(*)'][0]
    if usage != 0:
        return default("El perfil está en uso por %d usuarios" % (usage))

    # Delete it
    q = "DELETE FROM profiles_has_roles WHERE profiles_id = %(profile_id)s;" % (
        locals())
    q += "DELETE FROM profiles WHERE id = %(profile_id)s;" % (locals())
    ok = query_check_success(q)

    return CTK.HTTP_Redir('/admin/profile/')