def login(self, username=None, password=None): """The login POST endpoint.""" if cherrypy.request.method != "POST": raise cherrypy.HTTPError(404) if cherrypy.session.get('username'): flash("You have already logged in.") raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/") valid = User.validate_credentials(username, password) status = User.get_user(username)['member_type'] if not valid: flash("Invalid credentials.", 'error') raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/") if status == 'banned': flash("You can't login, you are banned!", 'error') raise cherrypy.HTTPRedirect('/') User.log_visit(username) cherrypy.session['username'] = username cherrypy.session.save() flash("Logged in successfully!", 'success') # redirect user back to the page where login was entered raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")
def delete(username, songname): """Attempts to delete a song.""" if not cherrypy.session.get('username'): raise cherrypy.HTTPError(401) if cherrypy.request.method != 'POST': raise cherrypy.HTTPError(404) current_user = cherrypy.session.get('username') user = User.get_user(current_user) if user['member_type'] != 'admin': if current_user != username: raise cherrypy.HTTPError(401) songid = Song.get_user_song(username, songname) Song.delete_song(songid) flash("Deleted '%s'" % (songname), 'success') raise cherrypy.HTTPRedirect("/users/" + username)
def render(self, view, **params): """Renders a template with some parameters pulled from the active session""" username=cherrypy.session.get('username') logged_in = username!=None if not 'error_message' in params: params['error_message'] = '' try: current_user = cherrypy.session.get('username') user = User.get_user(username) params['member_type'] = user['member_type'] except Exception as e: params['member_type'] = '' params['flash'] = flash=cherrypy.session.get('flash') params['username'] = username params['logged_in'] = logged_in return view.render(**params)
def users(self, who=None, **args): """User detail page handler.""" if not who: # TODO add user listing here? flash('Invalid user.', 'error') return self.render(error_view) person = User.get_user(who) if person == None: msg = "User '%s' not found!" % (str(who)) return self.render(error_view, error_message=msg) if 'ban' in args: self.set_user_type(who, 'banned') elif 'unban' in args: self.set_user_type(who, 'member') sanitized = User.sanitize_user(person) songs = User.get_user_songs_detailed(person["username"]) return self.render(user_view, user=sanitized, songs=songs)
def set_user_type(self, target, status): """ Attempts to set user member_type. Checks the credentials of the current session. """ if not cherrypy.session.get('username'): raise cherrypy.HTTPError(401) username=cherrypy.session.get('username') user = User.get_user(username) if user['member_type'] != 'admin': raise cherrypy.HTTPError(401) try: User.set_user_type(target, status) except: flash("Can't set user status!", 'error') else: flash("User status set to %s!" % status, 'success') raise cherrypy.HTTPRedirect("/users/%s" % target)