def security_save(self):
context = self.context.get_instance()
for acl in context.acl:
DBSession.delete(acl)
for checkbox_name in self.request.POST:
role_id, permission_name = checkbox_name.split('.')
acl = ApplicationACL(application_id=context.id,
role_id=role_id,
permission_name=permission_name)
DBSession.add(acl)
request = self.request
return HTTPFound(location=request.fa_url(request.model_name, request.model_id, 'security'))
def save_query(context, request):
current_uid = request.authenticated_user.id
query_meta = cgi.parse_qs(request.POST['query_meta'])
if not 'query_name' in query_meta:
return Response(u"Please specify a query name.", status=409)
query_name = query_meta['query_name'][0]
taken = DBSession.query(SavedQuery).filter(SavedQuery.author_id==current_uid).filter(SavedQuery.query_name==query_name).count()
submit_type = request.POST['submit_type']
if submit_type == 'submit_edit':
if taken:
return Response(u"Name already in use: '%s'." % query_name, status=409)
sq_id = query_meta['sq_id'][0]
qry = DBSession.query(SavedQuery)
qry = qry.filter(SavedQuery.author_id==current_uid)
qry = qry.filter(SavedQuery.id==sq_id)
sq = qry.one()
sq.query_name = query_name
return Response(u"The query has been renamed as '%s'." % query_name)
elif submit_type == 'submit_delete':
sq_id = query_meta['sq_id'][0]
qry = DBSession.query(SavedQuery)
qry = qry.filter(SavedQuery.author_id==current_uid)
qry = qry.filter(SavedQuery.id==sq_id)
sq = qry.one()
DBSession.delete(sq)
return Response(u"The saved query has been deleted.")
elif submit_type == 'submit_add':
if taken:
return Response(u"Name already in use: '%s'." % query_name, status=409)
# add
sq = SavedQuery(query_name=query_name,
report_name=query_meta['report_name'][0],
query_string=request.POST['query_string'],
author_id = current_uid)
DBSession.add(sq)
return Response(u"The query has been saved as '%s'." % query_name)
def change_password(request):
session = DBSession()
token = request.params.get('token')
ptoken = session.query(PasswordResetToken).filter_by(token=token).first()
password = request.params.get('password')
repeat = request.params.get('password_repeat')
if not ptoken:
request.add_message(_(u'Token doesn\'t exist.'), type='danger')
elif password != repeat:
request.add_message(_(u'Passwords missmatch.'), type='danger')
elif not password or not repeat:
request.add_message(_(u'Missing password.'), type='danger')
elif len(password)<6:
request.add_message(_(u'Password too short. It needs to be at least 6 characters long.'), type='danger')
else:
ptoken.user.set_password(password)
session.delete(ptoken)
request.add_message(_(u'Password changed.'), type='success')
return HTTPFound(location='/login_form')
return {'request': request, 'token': token}
