def upgrade(self):
if self.applied():
print "Migration already applied".rjust(12)
return True
org_store = CQDEOrganizationStore.instance()
user = User()
organization_ids = org_store.get_organization_keys(user, LOCAL)
if not organization_ids or len(organization_ids) > 1:
print "Local organization was not found!"
return False
local_organization_id = organization_ids[0]
queries = [
"""
INSERT INTO user_organization (user_key, organization_key)
SELECT user_id, {organization_id}
FROM user WHERE user_id NOT IN (SELECT user_key FROM user_organization)
AND authentication_key IN (SELECT id FROM authentication
WHERE method = '{method}')
""".format(organization_id=local_organization_id, method=LOCAL)
]
return self.manager.db_upgrade(queries)
def __init__(self):
self.org_store = CQDEOrganizationStore.instance()
self.auth_store = CQDEAuthenticationStore.instance()
self.ldap_authentication_key = self.auth_store.get_authentication_id(self.LDAP)
if not self.ldap_authentication_key:
self.auth_store.create_authentication(self.LDAP)
self.ldap_authentication_key = self.auth_store.get_authentication_id(self.LDAP)
if not self.ldap_authentication_key:
# This should not happen
raise Exception('LdapAuthentication: Could not get authentication id for LDAP')
def __init__(self):
self.org_store = CQDEOrganizationStore.instance()
self.auth_store = CQDEAuthenticationStore.instance()
self.ldap_authentication_key = self.auth_store.get_authentication_id(
self.LDAP)
if not self.ldap_authentication_key:
self.auth_store.create_authentication(self.LDAP)
self.ldap_authentication_key = self.auth_store.get_authentication_id(
self.LDAP)
if not self.ldap_authentication_key:
# This should not happen
raise Exception(
'LdapAuthentication: Could not get authentication id for LDAP')
def upgrade(self):
if self.applied():
print "Migration already applied".rjust(12)
return True
org_store = CQDEOrganizationStore.instance()
user = User()
organization_ids = org_store.get_organization_keys(user, LOCAL)
if not organization_ids or len(organization_ids) > 1:
print "Local organization was not found!"
return False
local_organization_id = organization_ids[0]
queries = ["""
INSERT INTO user_organization (user_key, organization_key)
SELECT user_id, {organization_id}
FROM user WHERE user_id NOT IN (SELECT user_key FROM user_organization)
AND authentication_key IN (SELECT id FROM authentication
WHERE method = '{method}')
""".format(organization_id=local_organization_id, method=LOCAL)]
return self.manager.db_upgrade(queries)
def render_admin_panel(self, req, cat, page, path_info):
""" Renders admin panel and handles new user creation request
"""
req.perm.require('USER_CREATE')
now = datetime.utcnow()
expires = now + timedelta(days=90)
data = {
'dateformats': DATEFORMATS,
'now': now,
'expires': expires,
}
# Helper class
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_user_create.js')
# Get and set option goto address
if 'goto' in req.args:
req.session['goto'] = conf.safe_address(req.args.get('goto', ''))
req.session.save()
# Create new user to local database
if req.method.upper() == 'GET':
return 'admin_user_create.html', data
elif req.method.upper() == 'POST':
userstore = get_userstore()
user = self._get_user(req)
author = userstore.getUser(req.authname)
# Update data for pre-filled form
data['username'] = user.username
data['first'] = user.givenName
data['last'] = user.lastName
data['mail'] = user.mail
data['mobile'] = user.mobile
# Validate and set author
if not req.perm.has_permission('USER_AUTHOR') or not author:
chrome.add_warning(
req,
_("User needs to have author with USER_AUTHOR permission"))
return 'admin_user_create.html', data
user.author_id = author.id
user.expires = expires
org_store = CQDEOrganizationStore.instance()
auth_store = CQDEAuthenticationStore.instance()
user.authentication_key = auth_store.get_authentication_id(
LocalAuthentication.LOCAL)
user.organization_keys = org_store.get_organization_keys(
user, LocalAuthentication.LOCAL) or None
# Validate user object
error_msg = self.validate_user(req, user)
if error_msg:
chrome.add_warning(req, error_msg)
return 'admin_user_create.html', data
# Try to store user
if userstore.storeUser(user):
userlink = tag.a(user.username,
href=req.href('admin/users/manage',
username=user.username))
chrome.add_notice(req,
tag(_('Created new local user: '******'Created new local user "%s" by "%s"' %
(user.username, req.authname))
# Try to send email notification also
try:
self._send_notification(user, req.server_name)
except TracError:
# Notification sending failed
self.log.exception("Notification sending failed")
chrome.add_warning(req,
_('Failed to send email notification'))
# Handle optional goto argument
if 'goto' in req.session:
goto = req.session['goto']
del req.session['goto']
# NOTE: Show redirect address as a system message instead of direct redirection
# This is because after moving to another project, the system messages are not shown due the separate
# sessions per project
chrome.add_notice(
req,
Markup('Go back to: <a href="%s">%s</a>' %
(goto, goto)))
# Redirect to the page so that we're not showing the created user form with prefilled
return req.redirect(req.href('admin/users/create_local'))
return 'admin_user_create.html', data
def render_admin_panel(self, req, cat, page, path_info):
""" Renders admin panel and handles new user creation request
"""
req.perm.require('USER_CREATE')
now = datetime.utcnow()
expires = now + timedelta(days=90)
data = {
'dateformats':DATEFORMATS,
'now':now,
'expires':expires,
}
# Helper class
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_user_create.js')
# Get and set option goto address
if 'goto' in req.args:
req.session['goto'] = conf.safe_address(req.args.get('goto', ''))
req.session.save()
# Create new user to local database
if req.method.upper() == 'GET':
return 'admin_user_create.html', data
elif req.method.upper() == 'POST':
userstore = get_userstore()
user = self._get_user(req)
author = userstore.getUser(req.authname)
# Update data for pre-filled form
data['username'] = user.username
data['first'] = user.givenName
data['last'] = user.lastName
data['mail'] = user.mail
data['mobile'] = user.mobile
# Validate and set author
if not req.perm.has_permission('USER_AUTHOR') or not author:
chrome.add_warning(req, _("User needs to have author with USER_AUTHOR permission"))
return 'admin_user_create.html', data
user.author_id = author.id
user.expires = expires
org_store = CQDEOrganizationStore.instance()
auth_store = CQDEAuthenticationStore.instance()
user.authentication_key = auth_store.get_authentication_id(LocalAuthentication.LOCAL)
user.organization_keys = org_store.get_organization_keys(user, LocalAuthentication.LOCAL) or None
# Validate user object
error_msg = self.validate_user(req, user)
if error_msg:
chrome.add_warning(req, error_msg)
return 'admin_user_create.html', data
# Try to store user
if userstore.storeUser(user):
userlink = tag.a(user.username, href=req.href('admin/users/manage', username=user.username))
chrome.add_notice(req, tag(_('Created new local user: '******'Created new local user "%s" by "%s"' % (user.username, req.authname))
# Try to send email notification also
try:
self._send_notification(user)
except TracError:
# Notification sending failed
self.log.exception("Notification sending failed")
chrome.add_warning(req, _('Failed to send email notification'))
# Handle optional goto argument
if 'goto' in req.session:
goto = req.session['goto']
del req.session['goto']
# NOTE: Show redirect address as a system message instead of direct redirection
# This is because after moving to another project, the system messages are not shown due the separate
# sessions per project
chrome.add_notice(req, Markup('Go back to: <a href="%s">%s</a>' % (goto, goto)))
# Redirect to the page so that we're not showing the created user form with prefilled
return req.redirect(req.href('admin/users/create_local'))
return 'admin_user_create.html', data
def edit_user(self, req):
"""
Handle user edit: view & save
"""
changes = {}
username = req.args.get('username')
if not username:
add_warning(req, _('Invalid username'))
return self.list_users(req)
# Load user being edited
userstore = get_userstore()
user = userstore.getUser(username)
if not user:
add_warning(req, _('Invalid username (or connection error)'))
return self.list_users(req)
# Load user who's doing the edit
changed_by = userstore.getUser(req.authname)
papi = Projects()
# Check permissions and redirect to user listing (handy after editing the user)
req.perm.require('USER_AUTHOR', Resource('user', id=user.id))
data = req.args
data['user'] = user
data['author'] = userstore.getUserWhereId(user.author_id) if user.author_id else None
data['base_path'] = req.base_path
data['dateformats'] = DATEFORMATS
data['is_local'] = userstore.is_local(user)
data['now'] = datetime.utcnow()
data['expired'] = user.expires and ((user.expires - datetime.utcnow()).days < 0)
data['states'] = userstore.USER_STATUS_LABELS
data['projects'] = papi.get_authored_projects(user)
# Add javascript libraries for datepicker and autocomplete
add_script(req, 'multiproject/js/jquery-ui.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_user_edit.js')
# If get request show edit
if req.method.upper() == 'GET':
return 'admin_user_edit.html', data
# Close pressed: get back to user listing
if req.args.get('close'):
return req.redirect(req.href('admin/users/manage'))
# Handle save
if 'limitexceeded' in req.args:
add_warning(req, _('Picture you tried to upload was too big. Try a smaller one'))
# Update author if changed
author_id = req.args.get('author_id', None)
# If id field is empty but name is not: manual input
if not author_id and req.args.get('author_text'):
add_warning(req, _('Author cannot be found'))
return 'admin_user_edit.html', data
# Check set reset the author
if author_id:
author = userstore.getUserWhereId(int(author_id))
if not author:
add_warning(req, _('Author cannot be found'))
return 'admin_user_edit.html', data
# Check if author is valid: has permission to author?
perm = PermissionCache(self.env, author.username)
if 'USER_AUTHOR' not in perm:
add_warning(req, _('User %s cannot work as an author (does not have USER_AUTHOR permissions)' % author))
return self.back(req)
user.author_id = author.id
changes['author'] = author
else:
user.author_id = None
user.lastName = req.args.get('last')
if not user.lastName:
add_warning(req, _('Last name required'))
return self.back(req)
old_mail = user.mail
user.mail = req.args.get('email')
if not user.mail:
add_warning(req, _('Email address required'))
return self.back(req)
if old_mail != user.mail:
changes['email'] = user.mail
org_store = CQDEOrganizationStore.instance()
# TODO: is this correct?
# When changing email, reset organizations to which the user belongs in
user.organization_keys = org_store.get_organization_keys(user) or None
# Update password if changed
password = req.args.get('password')
if password:
if not userstore.is_local(user):
add_warning(req, _("Can't change password for user that uses external authentication method"))
return self.back(req)
if len(password) < 7:
add_warning(req, _("Password must be at least 7 characters long - please provide longer password"))
return self.back(req)
if password != req.args.get('confirmpw'):
add_warning(req, _("Password do not match - please check"))
return self.back(req)
user.givenName = req.args.get('first')
user.mobile = req.args.get('mobile')
# Set or reset account expiration date
expiration_str = req.args.get('expires', '')
if expiration_str:
try:
# Parse date and set expiration time in the end of the day
expires = datetime.strptime(expiration_str, DATEFORMATS['py'])
expires += timedelta(hours=23, minutes=59, seconds=59)
# If changed
if expires != user.expires:
user.expires = expires
changes['expiration_date'] = user.expires.strftime(DATEFORMATS['py'])
except Exception:
self.log.exception('Date formatting failed')
add_warning(req, _('Non-recognized expiration format'))
pass
# Remove expiration date
elif user.expires:
changes['expiration_date'] = 'Never expires'
user.expires = None
# Update status if set
status = int(req.args.get('status', 0))
if status and status in userstore.USER_STATUS_LABELS.keys() and user.status != status:
changes['status'] = userstore.USER_STATUS_LABELS[status]
user.status = status
if req.args.get('removeicon'):
user.icon = None
else:
icon = req.args.get('icon')
if not isinstance(icon, unicode) and icon.filename:
user.createIcon(req.args.get('icon'))
self.log.info('Saving changes to user: %s' % user)
ok = userstore.updateUser(user)
if ok and password:
changes['password'] = password
ok = userstore.updatePassword(user, password)
if not ok:
add_warning(req, _("Could not save changes"))
add_notice(req, _("User %s updated" % username))
# Notify user about changes via email?
if req.args.get('notify'):
data = {
'user':user,
'changed_by':changed_by,
'changes':changes
}
try:
enotify = EmailNotifier(self.env, "Account updated", data)
enotify.template_name = 'account_edited.txt'
enotify.notify(user.mail)
add_notice(req, _("Notified user about the changes"))
except TracError:
add_warning(req, _("Failed to send email notification - user changed anyway"))
# Check if user has still (after modification) permission to modify user
# NOTE: req.perm cannot be used here because it is not updated yet
resource = Resource('user', id=user.id)
perm = PermissionCache(self.env, username=req.authname)
if perm.has_permission('USER_AUTHOR', resource):
return self.back(req)
add_notice(req, _('You have no longer permission to modify the account: %s' % user.username))
return req.redirect(req.href('admin/users/manage'))
def render_admin_panel(self, req, cat, page, path_info):
add_script(req, "multiproject/js/jquery-ui.js")
add_script(req, "multiproject/js/permissions.js")
add_stylesheet(req, "multiproject/css/jquery-ui.css")
add_stylesheet(req, "multiproject/css/permissions.css")
is_normal_project = self.env.project_identifier != self.env.config.get("multiproject", "sys_home_project_name")
# API instances
perm_sys = PermissionSystem(self.env)
group_store = CQDEUserGroupStore(env=self.env)
org_store = CQDEOrganizationStore.instance()
if is_normal_project:
membership = MembershipApi(self.env, Project.get(self.env))
else:
membership = None
if req.method == "POST":
action = req.args.get("action")
if action == "remove_member":
self._remove_member(req, group_store)
elif action == "add_member":
add_type = req.args.get("add_type")
if add_type == "user":
self._add_user(req, group_store, membership)
elif add_type == "organization":
self._add_organization(req, group_store)
elif add_type == "ldap_group":
self._add_ldap_group(req, group_store)
elif add_type == "login_status":
login_status = req.args.get("login_status")
if login_status not in ("authenticated", "anonymous"):
raise TracError("Invalid arguments")
self._add_user(req, group_store, membership, username=login_status)
else:
raise TracError("Invalid add_type")
elif action == "add_permission":
self._add_perm_to_group(req, group_store, perm_sys)
elif action == "remove_permission":
self._remove_permission(req, group_store, perm_sys)
elif action == "create_group":
self._create_group(req, group_store, perm_sys)
elif action == "remove_group":
self._remove_group(req, group_store)
elif action == "add_organization":
self._add_organization(req, group_store)
elif action == "decline_membership":
self._decline_membership(req, membership)
else:
raise TracError("Unknown action %s" % action)
# get membership request list after form posts have been processed
if is_normal_project:
membership_requests = set(membership.get_membership_requests())
else:
membership_requests = set()
permissions = set(perm_sys.get_actions())
# check if project if current configuration and permission state is in such state that
# permission editions are likely fail
invalid_state = None
try:
group_store.is_valid_group_members()
except InvalidPermissionsState, e:
add_warning(
req,
_(
"Application permission configuration conflicts with project permissions. "
"Before you can fully edit permissions or users you will need to either remove "
"offending permissions or set correct application configuration. Page reload"
"is required to update this warning."
),
)
add_warning(req, e.message)
def render_admin_panel(self, req, cat, page, path_info):
add_script(req, 'multiproject/js/jquery-ui.js')
add_script(req, 'multiproject/js/permissions.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_stylesheet(req, 'multiproject/css/permissions.css')
project = Project.get(self.env) #
is_normal_project = self.env.project_identifier != \
self.env.config.get('multiproject', 'sys_home_project_name')
# API instances
perm_sys = PermissionSystem(self.env)
group_store = CQDEUserGroupStore(env=self.env)
org_store = CQDEOrganizationStore.instance()
if is_normal_project:
membership = MembershipApi(self.env, Project.get(self.env))
else:
membership = None
if req.method == 'POST':
action = req.args.get('action')
if action == 'remove_member':
self._remove_member(req, group_store)
elif action == 'add_member':
add_type = req.args.get('add_type')
if add_type == 'user':
self._add_user(req, group_store, membership)
elif add_type == 'organization':
self._add_organization(req, group_store)
elif add_type == 'ldap_group':
self._add_ldap_group(req, group_store)
elif add_type == 'login_status':
login_status = req.args.get('login_status')
if login_status not in ('authenticated', 'anonymous'):
raise TracError('Invalid arguments')
self._add_user(req, group_store, membership, username=login_status)
else:
raise TracError('Invalid add_type')
elif action == 'add_permission':
self._add_perm_to_group(req, group_store, perm_sys)
elif action == 'remove_permission':
self._remove_permission(req, group_store, perm_sys)
elif action == 'create_group':
self._create_group(req, group_store, perm_sys)
elif action == 'remove_group':
self._remove_group(req, group_store)
elif action == 'add_organization':
self._add_organization(req, group_store)
elif action == 'decline_membership':
self._decline_membership(req, membership)
elif 'makepublic' in req.args:
project_api = Projects()
if conf.allow_public_projects:
self._make_public(req, project)
project_api.add_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError("Public projects are disabled", "Error!")
elif 'makeprivate' in req.args:
project_api = Projects()
self._make_private(req, project)
project_api.remove_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError('Unknown action %s' % action)
# get membership request list after form posts have been processed
if is_normal_project:
membership_requests = set(membership.get_membership_requests())
else:
membership_requests = set()
permissions = set(perm_sys.get_actions())
# check if project if current configuration and permission state is in such state that
# permission editions are likely fail
invalid_state = None
if is_normal_project:
is_a_public = project.public
else:
is_a_public = ""
try:
group_store.is_valid_group_members()
except InvalidPermissionsState, e:
add_warning(req, _('Application permission configuration conflicts with project permissions. '
'Before you can fully edit permissions or users you will need to either remove '
'offending permissions or set correct application configuration. Page reload'
'is required to update this warning.'))
add_warning(req, e.message)
def edit_user(self, req):
"""
Handle user edit: view & save
"""
changes = {}
username = req.args.get('username')
if not username:
add_warning(req, _('Invalid username'))
return self.list_users(req)
# Load user being edited
userstore = get_userstore()
user = userstore.getUser(username)
if not user:
add_warning(req, _('Invalid username (or connection error)'))
return self.list_users(req)
# Load user who's doing the edit
changed_by = userstore.getUser(req.authname)
papi = Projects()
# Check permissions and redirect to user listing (handy after editing the user)
#req.perm.require('USER_AUTHOR', Resource('user', id=user.id))
if self.check_author_and_deputies(changed_by.id,
user.author_id, userstore.get_deputies(user.id), req, user.id) == False:
add_warning(req, _("You don't have rights to edit user"))
req.redirect(req.href("admin"))
data = req.args
data['user'] = user
data['author'] = userstore.getUserWhereId(user.author_id) if user.author_id else None
data['deputies'] = userstore.get_deputies(user.id)
data['base_path'] = req.base_path
data['dateformats'] = DATEFORMATS
data['is_local'] = userstore.is_local(user)
data['now'] = datetime.utcnow()
data['expired'] = user.expires and ((user.expires - datetime.utcnow()).days < 0)
data['states'] = userstore.USER_STATUS_LABELS
data['projects'] = papi.get_authored_projects(user)
# Add javascript libraries for datepicker and autocomplete
add_script(req, 'multiproject/js/jquery-ui.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_user_edit.js')
# If get request show edit
if req.method.upper() == 'GET' and req.args.get('remove_deputy'):
deputy = userstore.getUser(req.args.get('remove_deputy').strip())
remove_res = userstore.remove_deputy(user.id, deputy.id)
return req.send(remove_res, content_type='text/plain', status=200)
elif req.method.upper() == 'GET':
return 'admin_user_edit.html', data
# Close pressed: get back to user listing
if req.args.get('close'):
return req.redirect(req.href('admin/users/manage'))
if req.args.get('deputy_name'):
deputy = userstore.getUser(req.args.get('deputy_name').strip())
resource = Resource('user', id=deputy.id)
perm = PermissionCache(self.env, username=deputy.username)
if perm.has_permission('USER_AUTHOR', resource):
if(userstore.add_deputy(user.id, deputy.username)):
add_notice(req, _("Deputy "+deputy.username+" added."))
return_url = 'home/admin/users/manage?username='******'home/admin/users/manage?username='******'t have enough rights"))
return_url = 'home/admin/users/manage?username='******'limitexceeded' in req.args:
add_warning(req, _('Picture you tried to upload was too big. Try a smaller one'))
# Update author if changed
author_id = req.args.get('author_id', None)
# If id field is empty but name is not: manual input
if not author_id and req.args.get('author_text'):
add_warning(req, _('Author cannot be found'))
return 'admin_user_edit.html', data
# Check set reset the author
if author_id:
author = userstore.getUserWhereId(int(author_id))
if not author:
add_warning(req, _('Author cannot be found'))
return 'admin_user_edit.html', data
# Check if author is valid: has permission to author?
perm = PermissionCache(self.env, author.username)
if 'USER_AUTHOR' not in perm:
add_warning(req, _('User %s cannot work as an author (does not have USER_AUTHOR permissions)' % author))
return self.back(req)
user.author_id = author.id
changes['author'] = author
else:
user.author_id = None
user.lastName = req.args.get('last')
if not user.lastName:
add_warning(req, _('Last name required'))
return self.back(req)
old_mail = user.mail
user.mail = req.args.get('email')
if not user.mail:
add_warning(req, _('Email address required'))
return self.back(req)
if old_mail != user.mail:
changes['email'] = user.mail
org_store = CQDEOrganizationStore.instance()
# TODO: is this correct?
# When changing email, reset organizations to which the user belongs in
user.organization_keys = org_store.get_organization_keys(user) or None
# Update password if changed
password = req.args.get('password')
if password:
if not userstore.is_local(user):
add_warning(req, _("Can't change password for user that uses external authentication method"))
return self.back(req)
if len(password) < 7:
add_warning(req, _("Password must be at least 7 characters long - please provide longer password"))
return self.back(req)
if password != req.args.get('confirmpw'):
add_warning(req, _("Password do not match - please check"))
return self.back(req)
user.givenName = req.args.get('first')
user.mobile = req.args.get('mobile')
# Set or reset account expiration date
expiration_str = req.args.get('expires', '')
if expiration_str:
try:
# Parse date and set expiration time in the end of the day
expires = datetime.strptime(expiration_str, DATEFORMATS['py'])
expires += timedelta(hours=23, minutes=59, seconds=59)
# If changed
if expires != user.expires:
user.expires = expires
changes['expiration_date'] = user.expires.strftime(DATEFORMATS['py'])
except Exception:
self.log.exception('Date formatting failed')
add_warning(req, _('Non-recognized expiration format'))
pass
# Remove expiration date
elif user.expires:
changes['expiration_date'] = 'Never expires'
user.expires = None
# Update status if set
status = int(req.args.get('status', 0))
if status and status in userstore.USER_STATUS_LABELS.keys() and user.status != status:
changes['status'] = userstore.USER_STATUS_LABELS[status]
user.status = status
if req.args.get('removeicon'):
user.icon = None
else:
icon = req.args.get('icon')
if not isinstance(icon, unicode) and icon.filename:
user.createIcon(req.args.get('icon'))
self.log.info('Saving changes to user: %s' % user)
ok = userstore.updateUser(user)
if ok and password:
changes['password'] = password
ok = userstore.updatePassword(user, password)
if not ok:
add_warning(req, _("Could not save changes"))
add_notice(req, _("User %s updated" % username))
# Notify user about changes via email?
if req.args.get('notify'):
data = {
'user':user,
'changed_by':changed_by,
'changes':changes
}
try:
enotify = EmailNotifier(self.env, "Account updated", data)
enotify.template_name = 'account_edited.txt'
enotify.notify(user.mail)
add_notice(req, _("Notified user about the changes"))
except TracError:
add_warning(req, _("Failed to send email notification - user changed anyway"))
# Check if user has still (after modification) permission to modify user
# NOTE: req.perm cannot be used here because it is not updated yet
#resource = Resource('user', id=user.id)
#perm = PermissionCache(self.env, username=req.authname)
#if perm.has_permission('USER_AUTHOR', resource):
# return self.back(req)
if self.check_author_and_deputies(changed_by.id,
user.author_id, userstore.get_deputies(user.id), req, user.id) == True:
return_url = 'home/admin/users/manage?username='******'You have no longer permission to modify the account: %s' % user.username))
return req.redirect(req.href('admin/users/manage'))
def render_admin_panel(self, req, cat, page, path_info):
add_script(req, 'multiproject/js/jquery-ui.js')
add_script(req, 'multiproject/js/permissions.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_stylesheet(req, 'multiproject/css/permissions.css')
project = Project.get(self.env) #
is_normal_project = self.env.project_identifier != \
self.env.config.get('multiproject', 'sys_home_project_name')
# API instances
perm_sys = PermissionSystem(self.env)
group_store = CQDEUserGroupStore(env=self.env)
org_store = CQDEOrganizationStore.instance()
if is_normal_project:
membership = MembershipApi(self.env, Project.get(self.env))
else:
membership = None
if req.method == 'POST':
action = req.args.get('action')
if action == 'remove_member':
self._remove_member(req, group_store)
elif action == 'add_member':
add_type = req.args.get('add_type')
if add_type == 'user':
self._add_user(req, group_store, membership)
elif add_type == 'organization':
self._add_organization(req, group_store)
elif add_type == 'ldap_group':
self._add_ldap_group(req, group_store)
elif add_type == 'login_status':
login_status = req.args.get('login_status')
if login_status not in ('authenticated', 'anonymous'):
raise TracError('Invalid arguments')
self._add_user(req,
group_store,
membership,
username=login_status)
else:
raise TracError('Invalid add_type')
elif action == 'add_permission':
self._add_perm_to_group(req, group_store, perm_sys)
elif action == 'remove_permission':
self._remove_permission(req, group_store, perm_sys)
elif action == 'create_group':
self._create_group(req, group_store, perm_sys)
elif action == 'remove_group':
self._remove_group(req, group_store)
elif action == 'add_organization':
self._add_organization(req, group_store)
elif action == 'decline_membership':
self._decline_membership(req, membership)
elif 'makepublic' in req.args:
project_api = Projects()
if conf.allow_public_projects:
self._make_public(req, project)
project_api.add_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError("Public projects are disabled", "Error!")
elif 'makeprivate' in req.args:
project_api = Projects()
self._make_private(req, project)
project_api.remove_public_project_visibility(project.id)
# Reload page
return req.redirect(req.href(req.path_info))
else:
raise TracError('Unknown action %s' % action)
# get membership request list after form posts have been processed
if is_normal_project:
membership_requests = set(membership.get_membership_requests())
else:
membership_requests = set()
permissions = set(perm_sys.get_actions())
# check if project if current configuration and permission state is in such state that
# permission editions are likely fail
invalid_state = None
if is_normal_project:
is_a_public = project.public
else:
is_a_public = ""
try:
group_store.is_valid_group_members()
except InvalidPermissionsState, e:
add_warning(
req,
_('Application permission configuration conflicts with project permissions. '
'Before you can fully edit permissions or users you will need to either remove '
'offending permissions or set correct application configuration. Page reload'
'is required to update this warning.'))
add_warning(req, e.message)
