def edit(self, targetname=None):
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
admin = is_admin(person)
configs = get_configs(Configs.query.filter_by(person_id=target.id, application='yubikey').all())
return dict(admin=admin, person=person, configs=configs,target=target)
def edit(self, targetname=None):
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
admin = is_admin(person)
configs = get_configs(Configs.query.filter_by(person_id=target.id, application='yubikey').all())
return dict(admin=admin, person=person, configs=configs,target=target)
def save(self, targetname, asterisk_enabled, asterisk_pass):
person = People.by_username(turbogears.identity.current.user_name)
target = People.by_username(targetname)
if not cla_done(target):
turbogears.flash(_('You must sign the CLA to have access to this service.'))
turbogears.redirect('/user/view/%s' % target.username)
return dict()
if not can_edit_user(person, target):
turbogears.flash(_("You do not have permission to edit '%s'") % target.username)
turbogears.redirect('/asterisk')
return dict()
new_configs = {'enabled': asterisk_enabled, 'pass': asterisk_pass}
cur_configs = Configs.query.filter_by(person_id=target.id, application='asterisk').all()
for config in cur_configs:
for new_config in new_configs.keys():
if config.attribute == new_config:
config.value = new_configs[new_config]
del(new_configs[new_config])
for config in new_configs:
c = Configs(application='asterisk', attribute=config, value=new_configs[config])
target.configs.append(c)
turbogears.flash(_("Changes saved. Please allow up to 1 hour for changes to be realized."))
turbogears.redirect('/asterisk/')
return dict()
def save(self, targetname, yubikey_enabled, yubikey_prefix):
person = People.by_username(turbogears.identity.current.user_name)
target = People.by_username(targetname)
if not can_edit_user(person, target):
turbogears.flash(
_("You do not have permission to edit '%s'") % target.username)
turbogears.redirect('/yubikey')
return dict()
new_configs = {'enabled': yubikey_enabled, 'prefix': yubikey_prefix}
cur_configs = Configs.query.filter_by(person_id=target.id,
application='yubikey').all()
for config in cur_configs:
for new_config in new_configs.keys():
if config.attribute == new_config:
config.value = new_configs[new_config]
del (new_configs[new_config])
for config in new_configs:
c = Configs(application='yubikey',
attribute=config,
value=new_configs[config])
target.configs.append(c)
mail_subject = _('Fedora Yubikey changed for %s' % target)
mail_text = _('''
You have changed your Yubikey on your Fedora account %s. If you did not make
this change, please contact [email protected]''' % target)
email = '*****@*****.**' % target
send_mail(email, mail_subject, mail_text)
turbogears.flash(
_("Changes saved. Please allow up to 1 hour for changes to be realized."
))
turbogears.redirect('/yubikey/')
return dict()
def application_screen(self, groupname, targetname=None):
username = turbogears.identity.current.user_name
person = People.by_username(username)
if not targetname:
targetname = username
target = person
else:
target = People.by_username(targetname)
group = Groups.by_name(groupname)
if username != targetname or group.apply_rules is None or len(
group.apply_rules) < 1:
turbogears.redirect('/group/apply/%s/%s' %
(group.name, target.username))
if group in target.memberships:
turbogears.flash('You are already a member of %s!' % group.name)
turbogears.redirect('/group/view/%s' % group.name)
if not can_apply_group(person, group, target):
turbogears.flash(_('%(user)s can not apply to %(group)s.') % \
{'user': target.username, 'group': group.name })
turbogears.redirect('/group/view/%s' % group.name)
return dict()
else:
return dict(group=group)
def index(self):
username = turbogears.identity.current.user_name
person = People.by_username(username)
if turbogears.identity.current.user_name == username:
personal = True
else:
personal = False
# TODO: We can do this without a db lookup by using something like
# if groupname in identity.groups: pass
# We may want to do that in is_admin() though. -Toshio
user = People.by_username(turbogears.identity.current.user_name)
if is_admin(user):
admin = True
else:
admin = False
if turbogears.identity.current.user_name == username:
personal = True
else:
personal = False
configs = get_configs(
Configs.query.filter_by(person_id=person.id,
application='yubikey').all())
return dict(admin=admin,
person=person,
personal=personal,
configs=configs)
def save(self, targetname, bugzilla_email):
person = People.by_username(turbogears.identity.current.user_name)
target = People.by_username(targetname)
if not can_edit_user(person, target):
turbogears.flash(_("You do not have permission to edit '%s'") % target.username)
turbogears.redirect('/bugzilla')
return dict()
new_configs = {'bugzilla_email': bugzilla_email}
cur_configs = Configs.query.filter_by(person_id=target.id, application='bugzilla').all()
if bugzilla_email == None:
session.delete(cur_configs[0])
turbogears.flash(_("Bugzilla specific email removed! This means your bugzilla email must be set to: %s" % target.email))
turbogears.redirect('/bugzilla/')
for config in cur_configs:
for new_config in new_configs.keys():
if config.attribute == new_config:
config.value = new_configs[new_config]
del(new_configs[new_config])
for config in new_configs:
c = Configs(application='bugzilla', attribute=config, value=new_configs[config])
target.configs.append(c)
turbogears.flash(_("Changes saved. Please allow up to 1 hour for changes to be realized."))
turbogears.redirect('/bugzilla/')
return dict()
def reject(self, person_name):
'''Reject a user's CLA.
This method will remove a user from the CLA group and any other groups
that they are in that require the CLA. It is used when a person has
to fulfill some more legal requirements before having a valid CLA.
Arguments
:person_name: Name of the person to reject.
'''
show = {}
show['show_postal_address'] = config.get('show_postal_address')
exc = None
user = People.by_username(turbogears.identity.current.user_name)
if not is_admin(user):
# Only admins can use this
turbogears.flash(_('You are not allowed to reject CLAs.'))
exc = 'NotAuthorized'
else:
# Unapprove the cla and all dependent groups
person = People.by_username(person_name)
for role in person.roles:
if self._cla_dependent(role.group):
role.role_status = 'unapproved'
try:
session.flush()
except SQLError, error:
turbogears.flash(_('Error removing cla and dependent groups' \
' for %(person)s\n Error was: %(error)s') %
{'person': person_name, 'error': str(error)})
exc = 'sqlalchemy.SQLError'
def reject(self, person_name):
'''Reject a user's FPCA.
This method will remove a user from the FPCA group and any other groups
that they are in that require the FPCA. It is used when a person has
to fulfill some more legal requirements before having a valid FPCA.
Arguments
:person_name: Name of the person to reject.
'''
show = {}
show['show_postal_address'] = config.get('show_postal_address')
exc = None
user = People.by_username(turbogears.identity.current.user_name)
if not is_admin(user):
# Only admins can use this
turbogears.flash(_('You are not allowed to reject FPCAs.'))
exc = 'NotAuthorized'
else:
# Unapprove the cla and all dependent groups
person = People.by_username(person_name)
for role in person.roles:
if self._cla_dependent(role.group):
role.role_status = 'unapproved'
try:
session.flush()
except SQLError, error:
turbogears.flash(_('Error removing cla and dependent groups' \
' for %(person)s\n Error was: %(error)s') %
{'person': person_name, 'error': str(error)})
exc = 'sqlalchemy.SQLError'
def save(self, targetname, yubikey_enabled, yubikey_prefix):
person = People.by_username(turbogears.identity.current.user_name)
target = People.by_username(targetname)
if not can_edit_user(person, target):
ff.error(_("You do not have permission to edit '%s'") % target.username)
turbogears.redirect('/yubikey')
return dict()
new_configs = {'enabled': yubikey_enabled, 'prefix': yubikey_prefix}
cur_configs = Configs.query.filter_by(person_id=target.id, application='yubikey').all()
for config in cur_configs:
for new_config in new_configs.keys():
if config.attribute == new_config:
config.value = new_configs[new_config]
del(new_configs[new_config])
for config in new_configs:
c = Configs(application='yubikey', attribute=config, value=new_configs[config])
target.configs.append(c)
mail_subject=_('Fedora Yubikey changed for %s' % target)
mail_text=_('''
You have changed your Yubikey on your Fedora account %s. If you did not make
this change, please contact [email protected]''' % target)
email='*****@*****.**' % target
send_mail(email, mail_subject, mail_text)
turbogears.flash(_("Changes saved. Please allow up to 1 hour for changes to be realized."))
turbogears.redirect('/yubikey/')
return dict()
def reject(self, person_name):
"""Reject a user's FPCA.
This method will remove a user from the FPCA group and any other groups
that they are in that require the FPCA. It is used when a person has
to fulfill some more legal requirements before having a valid FPCA.
Arguments
:person_name: Name of the person to reject.
"""
show = {}
show["show_postal_address"] = config.get("show_postal_address")
exc = None
user = People.by_username(turbogears.identity.current.user_name)
if not is_admin(user):
# Only admins can use this
turbogears.flash(_("You are not allowed to reject FPCAs."))
exc = "NotAuthorized"
else:
# Unapprove the cla and all dependent groups
person = People.by_username(person_name)
for role in person.roles:
if self._cla_dependent(role.group):
role.role_status = "unapproved"
try:
session.flush()
except DBAPIError, error:
turbogears.flash(
_("Error removing cla and dependent groups" " for %(person)s\n Error was: %(error)s")
% {"person": person_name, "error": str(error)}
)
exc = "DBAPIError"
def save(self,
groupname,
display_name,
owner,
group_type,
needs_sponsor=0,
user_can_remove=1,
prerequisite='',
url='',
mailing_list='',
mailing_list_url='',
invite_only=0,
irc_channel='',
irc_network='',
joinmsg='',
apply_rules="None"):
'''Edit a group'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_edit_group(person, group):
turbogears.flash(_("You cannot edit '%s'.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
else:
try:
owner = People.by_username(owner)
group.display_name = display_name
group.owner = owner
group.group_type = group_type
group.needs_sponsor = bool(needs_sponsor)
group.user_can_remove = bool(user_can_remove)
if prerequisite:
prerequisite = Groups.by_name(prerequisite)
group.prerequisite = prerequisite
else:
group.prerequisite = None
group.url = url
group.mailing_list = mailing_list
group.mailing_list_url = mailing_list_url
group.invite_only = invite_only
group.irc_channel = irc_channel
group.irc_network = irc_network
group.joinmsg = joinmsg
group.apply_rules = apply_rules
# Log here
session.flush()
except:
turbogears.flash(_('The group details could not be saved.'))
else:
Log(author_id=person.id,
description='%s edited group %s' %
(person.username, group.name))
turbogears.flash(_('The group details have been saved.'))
turbogears.redirect('/group/view/%s' % group.name)
return dict(group=group)
def create(self, name, display_name, owner, group_type, invite_only=0,
needs_sponsor=0, user_can_remove=1, prerequisite='',
joinmsg='', apply_rules='None'):
'''Create a group'''
groupname = name
person = People.by_username(turbogears.identity.current.user_name)
person_owner = People.by_username(owner)
if not can_create_group(person):
turbogears.flash(_('Only FAS administrators can create groups.'))
turbogears.redirect('/')
try:
owner = People.by_username(owner)
group = Groups()
group.name = name
group.display_name = display_name
group.owner_id = person_owner.id
group.group_type = group_type
group.needs_sponsor = bool(needs_sponsor)
if invite_only:
group.invite_only = True
else:
group.invite_only = False
group.user_can_remove = bool(user_can_remove)
if prerequisite:
prerequisite = Groups.by_name(prerequisite)
group.prerequisite = prerequisite
group.joinmsg = joinmsg
group.apply_rules = apply_rules
# Log group creation
Log(author_id=person.id, description='%s created group %s' %
(person.username, group.name))
session.flush()
except TypeError:
turbogears.flash(_("The group: '%s' could not be created.") % groupname)
return dict()
else:
try:
owner.apply(group, person) # Apply...
session.flush()
owner.sponsor(group, person)
owner.upgrade(group, person)
owner.upgrade(group, person)
except KeyError:
turbogears.flash(_("The group: '%(group)s' has been created, but '%(user)s' could not be added as a group administrator.") % {'group': group.name, 'user': owner.username})
else:
fas.fedmsgshim.send_message(topic="group.create", msg={
'agent': { 'username': person.username, },
'group': { 'name': group.name, },
})
turbogears.flash(_("The group: '%s' has been created.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
return dict()
def edit(self, targetname=None):
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
if not cla_done(target):
turbogears.flash(_('You must sign the CLA to have access to this service.'))
turbogears.redirect('/user/view/%s' % target.username)
return dict()
admin = is_admin(person)
configs = get_configs(Configs.query.filter_by(person_id=target.id, application='asterisk').all())
return dict(admin=admin, person=person, configs=configs,target=target)
def create(self, name, display_name, owner, group_type, invite_only=0,
needs_sponsor=0, user_can_remove=1, prerequisite='',
joinmsg='', apply_rules='None'):
'''Create a group'''
groupname = name
person = People.by_username(turbogears.identity.current.user_name)
person_owner = People.by_username(owner)
if not can_create_group(person):
turbogears.flash(_('Only FAS administrators can create groups.'))
turbogears.redirect('/')
try:
owner = People.by_username(owner)
group = Groups()
group.name = name
group.display_name = display_name
group.owner_id = person_owner.id
group.group_type = group_type
group.needs_sponsor = bool(needs_sponsor)
if invite_only:
group.invite_only = True
else:
group.invite_only = False
group.user_can_remove = bool(user_can_remove)
if prerequisite:
prerequisite = Groups.by_name(prerequisite)
group.prerequisite = prerequisite
group.joinmsg = joinmsg
group.apply_rules = apply_rules
# Log group creation
Log(author_id=person.id, description='%s created group %s' %
(person.username, group.name))
session.flush()
except TypeError:
turbogears.flash(_("The group: '%s' could not be created.") % groupname)
return dict()
else:
try:
owner.apply(group, person) # Apply...
session.flush()
owner.sponsor(group, person)
owner.upgrade(group, person)
owner.upgrade(group, person)
except KeyError:
turbogears.flash(_("The group: '%(group)s' has been created, but '%(user)s' could not be added as a group administrator.") % {'group': group.name, 'user': owner.username})
else:
fas.fedmsgshim.send_message(topic="group.create", msg={
'agent': person.username,
'group': group.name,
})
turbogears.flash(_("The group: '%s' has been created.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
return dict()
def edit(self, targetname=None):
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
admin = is_admin(person)
configs = get_configs(Configs.query.filter_by(person_id=person.id, application='bugzilla').all())
if 'bugzilla_email' in configs:
email = configs['bugzilla_email']
else:
email = target.email
return dict(admin=admin, person=person, email=email, target=target)
def dump(self):
dump_list = []
person = People.by_username(identity.current.user_name)
if identity.in_group(admin_group) or \
identity.in_group(system_group):
yubikey_attrs = {}
for attr in Configs.query.filter_by(application='yubikey').all():
if attr.person_id not in yubikey_attrs:
yubikey_attrs[attr.person_id] = {}
yubikey_attrs[attr.person_id][attr.attribute] = attr.value
for user_id in yubikey_attrs:
if yubikey_attrs[user_id]['enabled'] == u'1':
dump_list.append('%s:%s' % (People.by_id(user_id).username, yubikey_attrs[user_id]['prefix']))
return '\n'.join(dump_list)
return '# Sorry, must be in an admin group to get these'
def dump(self):
dump_list = []
person = People.by_username(identity.current.user_name)
if identity.in_group(admin_group) or \
identity.in_group(system_group):
yubikey_attrs = {}
for attr in Configs.query.filter_by(application='yubikey').all():
if attr.person_id not in yubikey_attrs:
yubikey_attrs[attr.person_id] = {}
yubikey_attrs[attr.person_id][attr.attribute] = attr.value
for user_id in yubikey_attrs:
if yubikey_attrs[user_id]['enabled'] == u'1':
dump_list.append('%s:%s' % (People.by_id(user_id).username, yubikey_attrs[user_id]['prefix']))
return '\n'.join(dump_list)
return '# Sorry, must be in an admin group to get these'
def genkey(self):
username = turbogears.identity.current.user_name
person = People.by_username(username)
created = time.strftime("%Y-%m-%dT%H:%M:%S")
hexctr = "%012x" % person.id
publicname = hex2modhex(hexctr)
internalname = gethexrand(12)
aeskey = gethexrand(32)
lockcode = gethexrand(12)
try:
new_ykksm = Ykksm(serialnr=person.id, publicname=publicname, created=created, internalname=internalname, aeskey=aeskey, lockcode=lockcode, creator=username)
session.add(new_ykksm)
session.flush()
except IntegrityError:
session.rollback()
old_ykksm = session.query(Ykksm).filter_by(serialnr=person.id).all()[0]
session.delete(old_ykksm)
new_ykksm = Ykksm(serialnr=person.id, publicname=publicname, created=created, internalname=internalname, aeskey=aeskey, lockcode=lockcode, creator=username)
old_ykksm = new_ykksm
session.flush()
try:
old_ykval = session.query(Ykval).filter_by(yk_publicname=publicname).all()[0]
session.delete(old_ykval)
session.flush()
except IndexError:
# No old record? Maybe they never used their key
pass
string = "%s %s %s" % (publicname, internalname, aeskey)
return dict(key=string)
def invite(self, groupname, language):
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
person = person.filter_private()
subject = _('Invitation to join the Fedora Team!', language)
text = _('''
%(fullname)s <%(user)s@%(hostname)s> has invited you to join the Fedora
Project! We are a community of users and developers who produce a
complete operating system from entirely free and open source software
(FOSS). %(fullname)s thinks that you have knowledge and skills
that make you a great fit for the Fedora community, and that you might
be interested in contributing.
How could you team up with the Fedora community to use and develop your
skills? Check out http://fedoraproject.org/join-fedora for some ideas.
Our community is more than just software developers -- we also have a
place for you whether you're an artist, a web site builder, a writer, or
a people person. You'll grow and learn as you work on a team with other
very smart and talented people.
Fedora and FOSS are changing the world -- come be a part of it!'''
% {'fullname': person.human_name,
'user': person.username,
'hostname': config.get('email_host')}, language)
return dict(person=person, group=group, invite_subject=subject,
invite_text=text, selected_language=language)
def list(self, search='*', with_members=True):
username = turbogears.identity.current.user_name
person = People.by_username(username)
memberships = {}
groups = []
re_search = re.sub(r'\*', r'%', search).lower()
results = Groups.query.filter(Groups.name.like(re_search)).order_by('name').all()
if self.jsonRequest():
if with_members:
membersql = sqlalchemy.select([PersonRoles.person_id, PersonRoles.group_id, PersonRoles.role_type], PersonRoles.role_status=='approved').order_by(PersonRoles.group_id)
members = membersql.execute()
for member in members:
try:
memberships[member[1]].append({'person_id': member[0], 'role_type': member[2]})
except KeyError:
memberships[member[1]]=[{'person_id': member[0], 'role_type': member[2]}]
else:
memberships = []
if len(results) == 1 and results[0].name == search and can_view_group(person, results[0]):
turbogears.redirect('/group/view/%s' % (results[0].name))
return dict()
for group in results:
if can_view_group(person, group):
groups.append(group)
if not len(groups):
turbogears.flash(_("No Groups found matching '%s'") % search)
return dict(groups=groups, search=search, memberships=memberships)
def index(self):
"""Display the FPCAs (and accept/do not accept buttons)"""
show = {}
show["show_postal_address"] = config.get("show_postal_address")
username = turbogears.identity.current.user_name
person = People.by_username(username)
try:
code_len = len(person.country_code)
except TypeError:
code_len = 0
if show["show_postal_address"]:
contactInfo = person.telephone or person.postal_address
if person.country_code == "O1" and not person.telephone:
turbogears.flash(_("A telephone number is required to " + "complete the FPCA. Please fill out below."))
elif not person.country_code or not person.human_name or not contactInfo:
turbogears.flash(
_(
"A valid country and telephone number "
+ "or postal address is required to complete the FPCA. "
+ "Please fill them out below."
)
)
else:
if not person.telephone or code_len != 2 or person.country_code == " ":
turbogears.flash(
_(
"A valid country and telephone number are"
+ " required to complete the FPCA. Please fill them "
+ "out below."
)
)
(cla, undeprecated_cla) = undeprecated_cla_done(person)
person = person.filter_private()
return dict(cla=undeprecated_cla, person=person, date=datetime.utcnow().ctime(), show=show)
def invite(self, groupname, language):
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
person = person.filter_private()
subject = _('Invitation to join the Fedora Team!', language)
text = _('''
%(fullname)s <%(user)s@%(hostname)s> has invited you to join the Fedora
Project! We are a community of users and developers who produce a
complete operating system from entirely free and open source software
(FOSS). %(fullname)s thinks that you have knowledge and skills
that make you a great fit for the Fedora community, and that you might
be interested in contributing.
How could you team up with the Fedora community to use and develop your
skills? Check out http://fedoraproject.org/join-fedora for some ideas.
Our community is more than just software developers -- we also have a
place for you whether you're an artist, a web site builder, a writer, or
a people person. You'll grow and learn as you work on a team with other
very smart and talented people.
Fedora and FOSS are changing the world -- come be a part of it!'''
% {'fullname': person.human_name,
'user': person.username,
'hostname': config.get('email_host')}, language)
return dict(person=person, group=group, invite_subject=subject,
invite_text=text, selected_language=language)
def genkey(self):
username = turbogears.identity.current.user_name
person = People.by_username(username)
created = time.strftime("%Y-%m-%dT%H:%M:%S")
hexctr = "%012x" % person.id
publicname = hex2modhex(hexctr)
internalname = gethexrand(12)
aeskey = gethexrand(32)
lockcode = gethexrand(12)
try:
new_ykksm = Ykksm(serialnr=person.id, publicname=publicname, created=created, internalname=internalname, aeskey=aeskey, lockcode=lockcode, creator=username)
session.add(new_ykksm)
session.flush()
except IntegrityError:
session.rollback()
old_ykksm = session.query(Ykksm).filter_by(serialnr=person.id).all()[0]
session.delete(old_ykksm)
new_ykksm = Ykksm(serialnr=person.id, publicname=publicname, created=created, internalname=internalname, aeskey=aeskey, lockcode=lockcode, creator=username)
old_ykksm = new_ykksm
session.flush()
try:
old_ykval = session.query(Ykval).filter_by(yk_publicname=publicname).all()[0]
session.delete(old_ykval)
session.flush()
except IndexError:
# No old record? Maybe they never used their key
pass
string = "%s %s %s" % (publicname, internalname, aeskey)
return dict(key=string)
def otp_validate(user_name, otp):
'''
Check supplied otp key and username against existing credentials
:arg user_name: User login
:arg otp: Given OTP key
:returns: True if given args match from OTP provider
'''
client_id = '1'
target = People.by_username(user_name)
configs = get_configs(Configs.query.filter_by(person_id=target.id, application='yubikey').all())
if not otp.startswith(configs['prefix']):
return False
server_prefix = config.get('yubi_server_prefix', 'http://localhost/yk-val/verify?id=')
auth_regex = re.compile('^status=(?P<rc>\w{2})')
server_url = server_prefix + client_id + "&otp=" + otp
fh = urllib2.urlopen(server_url)
for line in fh:
match = auth_regex.search(line.strip('\n'))
if match:
if match.group('rc') == 'OK':
return True
else:
return False
break
return False
def view(self, groupname, order_by='username'):
'''View group'''
sort_map = {
'username': '******',
'creation': 'person_roles_creation',
'approval': 'person_roles_approval',
'role_status': 'person_roles_role_status',
'role_type': 'person_roles_role_type',
'sponsor': 'people_2.username',
}
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_view_group(person, group):
turbogears.flash(_("You cannot view '%s'") % group.name)
turbogears.redirect('/group/list')
return dict()
# Also return information on who is not sponsored
unsponsored = PersonRoles.query.join('group').join(
'member', aliased=True).outerjoin('sponsor', aliased=True).filter(
and_(Groups.name == groupname,
PersonRoles.role_status == 'unapproved')).order_by(
sort_map[order_by])
unsponsored.json_props = {'PersonRoles': ['member']}
return dict(group=group, sponsor_queue=unsponsored)
def otp_validate(user_name, otp):
client_id = '1'
target = People.by_username(user_name)
configs = get_configs(Configs.query.filter_by(person_id=target.id, application='yubikey').all())
if not otp.startswith(configs['prefix']):
return False
server_prefix = config.get('yubi_server_prefix', 'http://localhost/yk-val/verify?id=')
auth_regex = re.compile('^status=(?P<rc>\w{2})')
server_url = server_prefix + client_id + "&otp=" + otp
fh = urllib2.urlopen(server_url)
for line in fh:
match = auth_regex.search(line.strip('\n'))
if match:
if match.group('rc') == 'OK':
return True
else:
return False
break
return False
def otp_verify(uid, otp):
import sys, os, re
import urllib2
target = People.by_id(uid)
configs = get_configs(
Configs.query.filter_by(person_id=target.id,
application='yubikey').all())
if not otp.startswith(configs['prefix']):
raise AuthException('Unauthorized/Invalid OTP')
server_prefix = 'http://localhost/yk-val/verify?id='
auth_regex = re.compile('^status=(?P<rc>\w{2})')
server_url = server_prefix + client_id + "&otp=" + otp
fh = urllib2.urlopen(server_url)
for line in fh:
match = auth_regex.search(line.strip('\n'))
if match:
if match.group('rc') == 'OK':
return
else:
raise AuthException(line.split('=')[1])
break
turbogears.redirect('/yubikey/')
return dict()
def list(self, search='*', with_members=True):
username = turbogears.identity.current.user_name
person = People.by_username(username)
memberships = {}
groups = []
re_search = re.sub(r'\*', r'%', search).lower()
results = Groups.query.filter(Groups.name.like(re_search)).order_by('name').all()
if self.jsonRequest():
if with_members:
membersql = sqlalchemy.select([PersonRoles.person_id, PersonRoles.group_id, PersonRoles.role_type], PersonRoles.role_status=='approved').order_by(PersonRoles.group_id)
members = membersql.execute()
for member in members:
try:
memberships[member[1]].append({'person_id': member[0], 'role_type': member[2]})
except KeyError:
memberships[member[1]]=[{'person_id': member[0], 'role_type': member[2]}]
else:
memberships = []
for group in results:
if can_view_group(person, group):
groups.append(group)
if not len(groups):
turbogears.flash(_("No Groups found matching '%s'") % search)
return dict(groups=groups, search=search, memberships=memberships)
def invite(self, groupname):
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
person = person.filter_private()
return dict(person=person, group=group)
def sendinvite(self, groupname, target):
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if is_approved(person, group):
invite_subject = _('Come join The Fedora Project!')
invite_text = _('''
%(user)s <%(email)s> has invited you to join the Fedora
Project! We are a community of users and developers who produce a
complete operating system from entirely free and open source software
(FOSS). %(user)s thinks that you have knowledge and skills
that make you a great fit for the Fedora community, and that you might
be interested in contributing.
How could you team up with the Fedora community to use and develop your
skills? Check out http://fedoraproject.org/join-fedora for some ideas.
Our community is more than just software developers -- we also have a
place for you whether you're an artist, a web site builder, a writer, or
a people person. You'll grow and learn as you work on a team with other
very smart and talented people.
Fedora and FOSS are changing the world -- come be a part of it!''') % \
{'user': person.username, 'email': person.email}
send_mail(target, invite_subject, invite_text)
turbogears.flash(_('Message sent to: %s') % target)
turbogears.redirect('/group/view/%s' % group.name)
else:
turbogears.flash(_("You are not in the '%s' group.") % group.name)
person = person.filter_private()
return dict(target=target, person=person, group=group)
def home(self):
user_name = turbogears.identity.current.user_name
person = People.by_username(user_name)
(cla_done, undeprecated_cla) = undeprecated_cla_done(person)
person = person.filter_private()
return dict(person=person, memberships=person['memberships'], cla=undeprecated_cla)
def otp_verify(uid, otp):
import sys, os, re
import urllib2
target = People.by_id(uid)
configs = get_configs(Configs.query.filter_by(person_id=target.id, application='yubikey').all())
if not otp.startswith(configs['prefix']):
raise AuthException('Unauthorized/Invalid OTP')
server_prefix = 'http://localhost/yk-val/verify?id='
auth_regex = re.compile('^status=(?P<rc>\w{2})')
server_url = server_prefix + client_id + "&otp=" + otp
fh = urllib2.urlopen(server_url)
for line in fh:
match = auth_regex.search(line.strip('\n'))
if match:
if match.group('rc') == 'OK':
return
else:
raise AuthException(line.split('=')[1])
break
turbogears.redirect('/yubikey/')
return dict()
def members(self, groupname, search=u'a*', role_type=None,
order_by='username'):
'''View group'''
sort_map = { 'username': '******',
'creation': 'person_roles_creation',
'approval': 'person_roles_approval',
'role_status': 'person_roles_role_status',
'role_type': 'person_roles_role_type',
'sponsor': 'people_2.username',
}
if not isinstance(search, unicode) and isinstance(search, basestring):
search = unicode(search, 'utf-8', 'replace')
re_search = search.translate({ord(u'*'): ur'%'}).lower()
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_view_group(person, group):
turbogears.flash(_("You cannot view '%s'") % group.name)
turbogears.redirect('/group/list')
return dict()
# return all members of this group that fit the search criteria
members = PersonRoles.query.join('group').join('member', aliased=True).filter(
People.username.like(re_search)
).outerjoin('sponsor', aliased=True).filter(
Groups.name==groupname,
).order_by(sort_map[order_by])
if role_type:
members = members.filter(PersonRoles.role_type==role_type)
group.json_props = {'PersonRoles': ['member']}
return dict(group=group, members=members, search=search)
def members(self, groupname, search=u'a*', role_type=None,
order_by='username'):
'''View group'''
sort_map = { 'username': '******',
'creation': 'person_roles_creation',
'approval': 'person_roles_approval',
'role_status': 'person_roles_role_status',
'role_type': 'person_roles_role_type',
'sponsor': 'people_2.username',
}
if not isinstance(search, unicode) and isinstance(search, basestring):
search = unicode(search, 'utf-8', 'replace')
re_search = search.translate({ord(u'*'): ur'%'}).lower()
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_view_group(person, group):
turbogears.flash(_("You cannot view '%s'") % group.name)
turbogears.redirect('/group/list')
return dict()
# return all members of this group that fit the search criteria
members = PersonRoles.query.join('group').join('member', aliased=True).filter(
People.username.like(re_search)
).outerjoin('sponsor', aliased=True).filter(
Groups.name==groupname,
).order_by(sort_map[order_by])
if role_type:
members = members.filter(PersonRoles.role_type==role_type)
group.json_props = {'PersonRoles': ['member']}
return dict(group=group, members=members, search=search)
def view(self, groupname, order_by='username'):
'''View group'''
sort_map = { 'username': '******',
'creation': 'person_roles_creation',
'approval': 'person_roles_approval',
'role_status': 'person_roles_role_status',
'role_type': 'person_roles_role_type',
'sponsor': 'people_2.username',
}
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_view_group(person, group):
turbogears.flash(_("You cannot view '%s'") % group.name)
turbogears.redirect('/group/list')
return dict()
# Also return information on who is not sponsored
unsponsored = PersonRoles.query.join('group').join('member',
aliased=True).outerjoin('sponsor', aliased=True).filter(
and_(Groups.name==groupname,
PersonRoles.role_status=='unapproved')).order_by(sort_map[order_by])
unsponsored.json_props = {'PersonRoles': ['member']}
members = PersonRoles.query.join('group').join('member', aliased=True).filter(
People.username.like('%')
).outerjoin('sponsor', aliased=True).filter(
Groups.name==groupname,
).order_by(sort_map[order_by])
return dict(group=group, sponsor_queue=unsponsored,
members=list(members))
def home(self):
user_name = turbogears.identity.current.user_name
person = People.by_username(user_name)
(cla_done, undeprecated_cla) = undeprecated_cla_done(person)
person = person.filter_private()
return dict(person=person, memberships=person['memberships'], cla=undeprecated_cla)
def sendinvite(self, groupname, target):
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if is_approved(person, group):
invite_subject = _('Come join The Fedora Project!')
invite_text = _('''
%(user)s <%(email)s> has invited you to join the Fedora
Project! We are a community of users and developers who produce a
complete operating system from entirely free and open source software
(FOSS). %(user)s thinks that you have knowledge and skills
that make you a great fit for the Fedora community, and that you might
be interested in contributing.
How could you team up with the Fedora community to use and develop your
skills? Check out http://fedoraproject.org/join-fedora for some ideas.
Our community is more than just software developers -- we also have a
place for you whether you're an artist, a web site builder, a writer, or
a people person. You'll grow and learn as you work on a team with other
very smart and talented people.
Fedora and FOSS are changing the world -- come be a part of it!''') % \
{'user': person.username, 'email': person.email}
send_mail(target, invite_subject, invite_text)
turbogears.flash(_('Message sent to: %s') % target)
turbogears.redirect('/group/view/%s' % group.name)
else:
turbogears.flash(_("You are not in the '%s' group.") % group.name)
person = person.filter_private()
return dict(target=target, person=person, group=group)
def index(self):
'''Display the FPCAs (and accept/do not accept buttons)'''
show = {}
show['show_postal_address'] = config.get('show_postal_address')
username = turbogears.identity.current.user_name
person = People.by_username(username)
try:
code_len = len(person.country_code)
except TypeError:
code_len = 0
if show['show_postal_address']:
contactInfo = person.telephone or person.postal_address
if person.country_code == 'O1' and not person.telephone:
turbogears.flash(_('A telephone number is required to ' + \
'complete the FPCA. Please fill out below.'))
elif not person.country_code or not person.human_name \
or not contactInfo:
turbogears.flash(_('A valid country and telephone number ' + \
'or postal address is required to complete the FPCA. ' + \
'Please fill them out below.'))
else:
if not person.telephone or code_len != 2 or \
person.country_code == ' ':
turbogears.flash(_('A valid country and telephone number are' +
' required to complete the FPCA. Please fill them ' +
'out below.'))
(cla, undeprecated_cla) = undeprecated_cla_done(person)
person = person.filter_private()
return dict(cla=undeprecated_cla, person=person, date=datetime.utcnow().ctime(),
show=show)
def index(self):
'''Display the CLAs (and accept/do not accept buttons)'''
show = {}
show['show_postal_address'] = config.get('show_postal_address')
username = turbogears.identity.current.user_name
person = People.by_username(username)
try:
code_len = len(person.country_code)
except TypeError:
code_len = 0
if show['show_postal_address']:
contactInfo = person.telephone or person.postal_address
if person.country_code == 'O1' and not person.telephone:
turbogears.flash(_('A telephone number is required to ' + \
'complete the CLA. Please fill out below.'))
elif not person.country_code or not person.human_name \
or not contactInfo:
turbogears.flash(_('A valid country and telephone number ' + \
'or postal address is required to complete the CLA. ' + \
'Please fill them out below.'))
else:
if not person.telephone or code_len != 2 or \
person.country_code == ' ':
turbogears.flash(
_('A valid country and telephone number are' +
' required to complete the CLA. Please fill them ' +
'out below.'))
cla = cla_done(person)
person = person.filter_private()
return dict(cla=cla,
person=person,
date=datetime.utcnow().ctime(),
show=show)
def invite(self, groupname):
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
person = person.filter_private()
return dict(person=person, group=group)
def save(self, groupname, display_name, owner, group_type,
needs_sponsor=0, user_can_remove=1, prerequisite='',
url='', mailing_list='', mailing_list_url='', invite_only=0,
irc_channel='', irc_network='', joinmsg='', apply_rules="None"):
'''Edit a group'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
changed = []
#TODO: check any mandatory fields
if not group_type:
turbogears.flash(_("Group type cannot by empty!"))
turbogears.redirect('/group/edit/%s' % group.name)
if not can_edit_group(person, group):
turbogears.flash(_("You cannot edit '%s'.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
else:
owner = People.by_username(owner)
if prerequisite:
prerequisite = Groups.by_name(prerequisite)
try:
for field, _validator in GroupSave().fields.items():
if field in ['groupname']:
continue
if getattr(group, field) != locals()[field]:
setattr(group, field, locals()[field])
changed.append(field)
session.flush()
except:
turbogears.flash(_('The group details could not be saved.'))
else:
Log(author_id=person.id, description='%s edited group %s' %
(person.username, group.name))
fas.fedmsgshim.send_message(topic="group.update", msg={
'agent': person.username,
'group': group.name,
'fields': changed,
})
turbogears.flash(_('The group details have been saved.'))
turbogears.redirect('/group/view/%s' % group.name)
return dict(group=group)
def save(self, groupname, display_name, owner, group_type,
needs_sponsor=0, user_can_remove=1, prerequisite='',
url='', mailing_list='', mailing_list_url='', invite_only=0,
irc_channel='', irc_network='', joinmsg='', apply_rules="None"):
'''Edit a group'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
changed = []
#TODO: check any mandatory fields
if not group_type:
turbogears.flash(_("Group type cannot by empty!"))
turbogears.redirect('/group/edit/%s' % group.name)
if not can_edit_group(person, group):
turbogears.flash(_("You cannot edit '%s'.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
else:
owner = People.by_username(owner)
if prerequisite:
prerequisite = Groups.by_name(prerequisite)
try:
for field, _validator in GroupSave().fields.items():
if field in ['groupname']:
continue
if getattr(group, field) != locals()[field]:
setattr(group, field, locals()[field])
changed.append(field)
session.flush()
except:
turbogears.flash(_('The group details could not be saved.'))
else:
Log(author_id=person.id, description='%s edited group %s' %
(person.username, group.name))
fas.fedmsgshim.send_message(topic="group.update", msg={
'agent': person.username,
'group': group.name,
'fields': changed,
})
turbogears.flash(_('The group details have been saved.'))
turbogears.redirect('/group/view/%s' % group.name)
return dict(group=group)
def save(self, groupname, display_name, owner, group_type,
needs_sponsor=0, user_can_remove=1, prerequisite='',
url='', mailing_list='', mailing_list_url='', invite_only=0,
irc_channel='', irc_network='', joinmsg='', apply_rules="None"):
'''Edit a group'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_edit_group(person, group):
turbogears.flash(_("You cannot edit '%s'.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
else:
try:
owner = People.by_username(owner)
group.display_name = display_name
group.owner = owner
group.group_type = group_type
group.needs_sponsor = bool(needs_sponsor)
group.user_can_remove = bool(user_can_remove)
if prerequisite:
prerequisite = Groups.by_name(prerequisite)
group.prerequisite = prerequisite
else:
group.prerequisite = None
group.url = url
group.mailing_list = mailing_list
group.mailing_list_url = mailing_list_url
if invite_only:
group.invite_only = True
else:
group.invite_only = False
group.irc_channel = irc_channel
group.irc_network = irc_network
group.joinmsg = joinmsg
group.apply_rules = apply_rules
# Log here
session.flush()
except:
turbogears.flash(_('The group details could not be saved.'))
else:
Log(author_id=person.id, description='%s edited group %s' %
(person.username, group.name))
turbogears.flash(_('The group details have been saved.'))
turbogears.redirect('/group/view/%s' % group.name)
return dict(group=group)
def person_by_id(self, person_id):
try:
person = People.by_id(person_id)
person_data = person.filter_private()
person_data['approved_memberships'] = list(person.approved_memberships)
person_data['unapproved_memberships'] = list(person.unapproved_memberships)
return dict(success=True, person=person_data)
except InvalidRequestError:
return dict(success=False)
def validate_python(self, value, state):
# pylint: disable-msg=C0111
try:
# just prove that we can retrieve a person for the username
# pylint: disable-msg=W0612
people = People.by_username(value)
except InvalidRequestError:
raise validators.Invalid(self.message('no_user', state, user=value),
value, state)
def new(self):
'''Display create group form'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
if not can_create_group(person):
turbogears.flash(_('Only FAS administrators can create groups.'))
turbogears.redirect('/')
return dict()
def new(self):
'''Display create group form'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
if not can_create_group(person):
turbogears.flash(_('Only FAS administrators can create groups.'))
turbogears.redirect('/')
return dict()
def validate_python(self, value, state):
# pylint: disable-msg=C0111
try:
# just prove that we can retrieve a person for the username
# pylint: disable-msg=W0612
people = People.by_username(value)
except InvalidRequestError:
raise validators.Invalid(
self.message('no_user', state, user=value), value, state)
def edit(self, groupname):
'''Display edit group form'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
group = Groups.by_name(groupname)
if not can_admin_group(person, group):
turbogears.flash(_("You cannot edit '%s'.") % group.name)
turbogears.redirect('/group/view/%s' % group.name)
return dict(group=group)
def downgrade(self, groupname, targetname):
'''Upgrade user in group'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
group = Groups.by_name(groupname)
if not can_downgrade_user(person, group):
turbogears.flash(_("You cannot downgrade '%s'") % target.username)
turbogears.redirect(cherrypy.request.headerMap.get("Referer", "/"))
return dict()
else:
try:
target.downgrade(group, person)
except fas.DowngradeError, e:
turbogears.flash(_('%(name)s could not be downgraded in %(group)s: %(error)s') % \
{'name': target.username, 'group': group.name, 'error': e})
turbogears.redirect(cherrypy.request.headerMap.get("Referer", "/"))
else:
def downgrade(self, groupname, targetname):
'''Upgrade user in group'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
group = Groups.by_name(groupname)
if not can_downgrade_user(person, group):
turbogears.flash(_("You cannot downgrade '%s'") % target.username)
turbogears.redirect(cherrypy.request.headerMap.get("Referer", "/"))
return dict()
else:
try:
target.downgrade(group, person)
except fas.DowngradeError, e:
turbogears.flash(_('%(name)s could not be downgraded in %(group)s: %(error)s') % \
{'name': target.username, 'group': group.name, 'error': e})
turbogears.redirect(cherrypy.request.headerMap.get("Referer", "/"))
else:
def sponsor(self, groupname, targetname):
'''Sponsor user'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
group = Groups.by_name(groupname)
if not can_sponsor_user(person, group):
turbogears.flash(_("You cannot sponsor '%s'") % target.username)
turbogears.redirect('/group/view/%s' % group.name)
return dict()
else:
try:
target.sponsor(group, person)
except fas.SponsorError, e:
turbogears.flash(_("%(user)s could not be sponsored in %(group)s: %(error)s") % \
{'user': target.username, 'group': group.name, 'error': e})
turbogears.redirect('/group/view/%s' % group.name)
else:
def sponsor(self, groupname, targetname):
'''Sponsor user'''
username = turbogears.identity.current.user_name
person = People.by_username(username)
target = People.by_username(targetname)
group = Groups.by_name(groupname)
if not can_sponsor_user(person, group):
turbogears.flash(_("You cannot sponsor '%s'") % target.username)
turbogears.redirect('/group/view/%s' % group.name)
return dict()
else:
try:
target.sponsor(group, person)
except fas.SponsorError, e:
turbogears.flash(_("%(user)s could not be sponsored in %(group)s: %(error)s") % \
{'user': target.username, 'group': group.name, 'error': e})
turbogears.redirect('/group/view/%s' % group.name)
else:
def person_by_id(self, person_id):
try:
person = People.by_id(person_id)
person_data = person.filter_private()
person_data['approved_memberships'] = list(
person.approved_memberships)
person_data['unapproved_memberships'] = list(
person.unapproved_memberships)
return dict(success=True, person=person_data)
except InvalidRequestError:
return dict(success=False)