def view_init(request, session, tab): """Common init for all 'view'. Args: request: (Request) session: (DBSession) tab: (str) current tab in view Returns: (User, dict of (str: any)): user, view_params """ uid = request.matchdict['uid'] user = User.get(session, uid) if user is None: request.session.flash("User %s does not exists" % uid, 'warning') raise HTTPFound(location=request.route_url('home')) current_uid = request.unauthenticated_userid view_params = {"user": user, "tabs": tabs, "tab": tab, "allow_edit": (uid == current_uid), "sections": []} return user, view_params
def edit_init(request, session, tab): """Common init for all 'edit' views. Args: request: (Request) session: (DBSession) tab: (str) current tab in view Returns: (ResearchObject, dict of (str: any)): ro, view_params """ ro, view_params = view_init(request, session, tab) warn_links = [link for link in ro.out_links if link.type == 'produce'] error_links = [link for link in ro.in_links if link.type != 'contains'] view_params["warn_links"] = warn_links view_params["error_links"] = error_links if not view_params["allow_edit"]: msg = "Access to %s edition not granted for you" % ro.id request.session.flash(msg, 'warning') raise HTTPFound(location=request.route_url('home')) if 'back' in request.params: # request.session.flash("Edition stopped", 'success') loc = request.route_url('ro_view_%s' % tab, uid=ro.id) raise HTTPFound(location=loc) if 'update' in request.params: # edit project visibility public = 'visibility' in request.params ro.public = public if 'confirm_transfer' in request.params: if request.unauthenticated_userid != ro.owner: request.session.flash("Action non authorized for you", 'warning') raise HTTPFound(location=request.route_url('home')) user = User.get(session, request.params["new_owner"]) if user is None: msg = "User '%s' is unknown" % request.params["new_owner"] request.session.flash(msg, 'warning') raise HTTPFound(location=request.current_route_url()) ro.change_owner(session, user) loc = request.route_url("ro_view_home", uid=ro.id) transaction.commit() raise HTTPFound(location=loc) delete_recursive = "confirm_delete_recursive" in request.params if "confirm_delete" in request.params or delete_recursive: if ResearchObject.remove(session, ro, delete_recursive): transaction.commit() request.session.flash("RO '%s' deleted" % ro.id, 'success') else: request.session.flash("Failed to delete '%s'" % ro.id, 'warning') raise HTTPFound(location=request.route_url('home')) return ro, view_params
def view(request): if request.unauthenticated_userid is not None: request.session.flash("Already logged in, log out first", 'warning') return HTTPFound(location=request.route_url('home')) if "ok" in request.params: session = DBSession() view_params = {} for field_name in ("user_id", "user_name", "user_email"): if field_name in request.params: view_params[field_name] = request.params[field_name] # check all fields are correct uid = request.params["user_id"] if len(uid) == 0 or not is_good_id(uid): request.session.flash("User id is not a valid id", 'warning') return view_params name = request.params["user_name"] if len(name) == 0 or not is_good_name(name): request.session.flash("Name given is not valid", 'warning') return view_params email = request.params["user_email"] if len(email) == 0 or not is_good_email(email): request.session.flash("Email given is not valid", 'warning') return view_params # check user does not exist already # as a user user = User.get(session, uid) if user is not None: request.session.flash("User %s already exists" % uid, 'warning') return view_params # as a team team = Team.get(session, uid) if team is not None: msg = "User %s already exists as a team name" % uid request.session.flash(msg, 'warning') return view_params # register new user User.create(session, uid, name, email) return log_user_in(request, uid, True) else: return {}
def register_new_user(request, session, team, new_uid): """Register a new user according to info in form Args: request: (Request) session: (DBSession) team: (Team) new_uid: (str) id of user to add to team auth Returns: (bool): whether team has changed and need to be reloaded """ if new_uid == team.id: msg = "Cannot be a member of itself" request.session.flash(msg, 'warning') return False role = Role.from_str(request.params.get("role_new", "denied")) member = User.get(session, new_uid) if member is not None: if new_uid in (pol.actor for pol in team.auth): msg = "%s already a direct member" % member.id request.session.flash(msg, 'warning') return False team.add_policy(session, member, role) request.session.flash("New member %s added" % member.id, 'success') return True member = Team.get(session, new_uid) if member is not None: if team.has_member(session, new_uid): request.session.flash("%s already a member" % member.id, 'warning') return False if member.has_member(session, team.id): msg = "Circular reference %s is a member of %s" % (team.id, member.id) request.session.flash(msg, 'warning') return False team.add_policy(session, member, role) request.session.flash("New member %s added" % member.id, 'success') return True request.session.flash("User %s does not exists" % new_uid, 'warning') return False
def view(request): if request.unauthenticated_userid is not None: request.session.flash("Already logged in, log out first", 'warning') return HTTPFound(location=request.route_url('home')) if "ok" in request.params: session = DBSession() uid = request.params["user_id"] user = User.get(session, uid) if user is None: msg = "No such user! <a href='%s'>Register?</a>" % request.route_url('user_register') request.session.flash(Markup(msg), 'warning') return HTTPFound(location=request.current_route_url()) pwd = request.params["password"] # check password if check_password(session, user, pwd): return log_user_in(request, uid) else: request.session.flash("Invalid password", 'warning') return HTTPFound(location=request.current_route_url()) else: return {}