def update( self, **keyargs ):
super().update( **keyargs )
c = self.app.db.cursor()
if "email" in keyargs:
email = keyargs["email"]
User.check_email( email )
c.execute( """update users set email=? where object_id=?""", [email, self.id] )
if "new_password" in keyargs:
new_password = keyargs["new_password"]
User.check_password( new_password )
encrypted_new_password = password.encrypt( new_password )
if self.app.user.id==self.id:
# normal users have to authorize the change with their old password
if not "old_password" in keyargs:
raise errors.PrivilegeError( "You need to authorize the change request with your old password" )
old_password = keyargs["old_password"]
encrypted_old_password = c.execute( """select password from users where object_id=?""", [self.id] ).fetchone()[0]
if not password.check( old_password, encrypted_old_password ):
raise errors.PrivilegeError( "Invalid old password" )
c.execute( """update users set password=? where object_id=?""", [encrypted_new_password, self.id] )
if "avatar_id" in keyargs:
avatar_id = int( keyargs["avatar_id"] )
if self.app.user.can_read( avatar_id ):
obj = db_object.DBObject( self.app, object_id=avatar_id )
if files.File.supports(self.app, obj.media_type) and obj.media_type.startswith("image/"):
file_obj = files.File( self.app, object_id=obj.id )
size_limit = 100*2**10
if file_obj.get_size() <= size_limit:
c.execute( """update users set avatar_id=? where object_id=?""", [avatar_id, self.id] )
else:
raise errors.ParameterError( "Avatar object exeeds size limit of %d bytes" % (size_limit) )
else:
raise errors.ParameterError( "Unsupported media type for user avatars" )
else:
raise errors.PrivilegeError()
def __init__( self, app, user_id=None, nick=None, plain_password=None, email=None, parent_id=None ): if( user_id!=None ): super().__init__( app, object_id=user_id ) else: self.check( app, nick, plain_password, email ) super().__init__( app, media_type=self.media_type, parent_id=parent_id ) encrypted_password = password.encrypt( plain_password ) try: c = self.app.db.cursor() c.execute( """insert into users (object_id,nick,password,email) values (?,?,?,?)""", [self.id, nick, encrypted_password, email] ) self.index( data=nick, source="nick", rank=2 ) except sqlite3.IntegrityError as e: raise Exception( "Nick already in use" )
