def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.POST and c.form.validate():
username = user.username
user_id = unicode(user.id)
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
if userid == user_id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def add(self, orgid=None):
"Add a domain"
c.form = AddDomainForm(request.POST, csrf_context=session)
c.form.organizations.query = self._get_organizations(orgid)
if request.POST and c.form.validate():
try:
domain = Domain()
for field in c.form:
if field.name != 'csrf_token':
setattr(domain, field.name, field.data)
Session.add(domain)
Session.commit()
update_serial.delay()
info = ADDDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(
_('The domain: %(dom)s has been created') %
dict(dom=domain.name))
redirect(url(controller='domains'))
except IntegrityError:
Session.rollback()
flash_alert(
_('The domain name %(dom)s already exists') %
dict(dom=domain.name))
return render('/domains/new.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
username = user.username
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
if userid == c.user.id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(
_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def add(self, orgid=None):
"Add a domain"
c.form = AddDomainForm(request.POST, csrf_context=session)
c.form.organizations.query = self._get_organizations(orgid)
if request.POST and c.form.validate():
try:
domain = Domain()
for field in c.form:
if field.name != 'csrf_token':
setattr(domain, field.name, field.data)
Session.add(domain)
Session.commit()
update_serial.delay()
info = ADDDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr, now())
flash(_('The domain: %(dom)s has been created') %
dict(dom=domain.name))
redirect(url(controller='domains'))
except IntegrityError:
Session.rollback()
flash_alert(_('The domain name %(dom)s already exists') %
dict(dom=domain.name))
return render('/domains/new.html')
def editalias(self, aliasid):
"Edit alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = EditDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain).filter(Domain.id == alias.domain_id)
if request.POST and c.form.validate():
updated = False
for field in c.form:
if field.name != "csrf_token" and field.data != getattr(alias, field.name):
setattr(alias, field.name, field.data)
updated = True
if updated:
try:
Session.add(alias)
Session.commit()
update_serial.delay()
info = UPDATEDOMALIAS_MSG % dict(d=alias.name)
audit_log(c.user.username, 2, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain alias: %s has been updated") % alias.name)
redirect(url("domain-detail", domainid=alias.domain_id))
except IntegrityError:
Session.rollback()
flash_alert(_("The update failed"))
else:
flash_info(_("No changes were made to the domain alias"))
redirect(url("domain-detail", domainid=alias.domain_id))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render("/domains/editalias.html")
def edit_server(self, serverid):
"Edit scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
if (server.hostname != c.form.hostname.data
or server.enabled != c.form.enabled.data):
try:
server.hostname = c.form.hostname.data
server.enabled = c.form.enabled.data
Session.add(server)
Session.commit()
update_serial.delay()
info = HOSTUPDATE_MSG % dict(n=server.hostname)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(_('The scanning server has been updated'))
except IntegrityError:
Session.rollback()
flash(_('Update of server failed'))
else:
flash_info(_('No changes were made to the server'))
redirect(url(controller='settings'))
return render('/settings/editserver.html')
def edit_server(self, serverid):
"Edit scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
if (server.hostname != c.form.hostname.data or
server.enabled != c.form.enabled.data):
try:
server.hostname = c.form.hostname.data
server.enabled = c.form.enabled.data
Session.add(server)
Session.commit()
update_serial.delay()
info = HOSTUPDATE_MSG % dict(n=server.hostname)
audit_log(c.user.username,
2, info, request.host,
request.remote_addr, datetime.now())
flash(_('The scanning server has been updated'))
except IntegrityError:
Session.rollback()
flash(_('Update of server failed'))
else:
flash_info(_('No changes were made to the server'))
redirect(url(controller='settings'))
return render('/settings/editserver.html')
def addalias(self, domainid):
"Add alias domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainAlias(request.POST, csrf_context=session)
c.form.domain.query = Session.query(Domain).filter(Domain.id == domainid)
if request.POST and c.form.validate():
alias = DomainAlias()
for field in c.form:
if field.data and field.name != "csrf_token":
setattr(alias, field.name, field.data)
try:
domain.aliases.append(alias)
Session.add(alias)
Session.add(domain)
Session.commit()
update_serial.delay()
info = ADDDOMALIAS_MSG % dict(d=alias.name)
audit_log(c.user.username, 3, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain alias: %s has been created") % alias.name)
redirect(url(controller="domains", action="detail", domainid=domain.id))
except IntegrityError:
Session.rollback()
flash_alert(_("The domain alias: %s already exists") % alias.name)
c.domainid = domain.id
c.domainname = domain.name
return render("/domains/addalias.html")
def deletealias(self, aliasid):
"Delete alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = AddDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id==alias.domain_id)
if request.POST and c.form.validate():
domainid = alias.domain_id
aliasname = alias.name
Session.delete(alias)
Session.commit()
update_serial.delay()
info = DELETEDOMALIAS_MSG % dict(d=aliasname)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The domain alias: %s has been deleted') % aliasname)
redirect(url('domain-detail', domainid=domainid))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render('/domains/deletealias.html')
def deletealias(self, aliasid):
"Delete alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = DelDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id==alias.domain_id)
if request.POST and c.form.validate():
domainid = alias.domain_id
aliasname = alias.name
Session.delete(alias)
Session.commit()
update_serial.delay()
info = DELETEDOMALIAS_MSG % dict(d=aliasname)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
flash(_('The domain alias: %s has been deleted') % aliasname)
redirect(url('domain-detail', domainid=domainid))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render('/domains/deletealias.html')
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if c.user.is_domain_admin:
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if user.account_type != 3 or c.user.is_peleb:
del c.form.domains
if c.user.is_peleb:
del c.form.username
del c.form.email
del c.form.active
if request.POST and c.form.validate():
update = False
kwd = dict(userid=userid)
for attr in FORM_FIELDS:
field = getattr(c.form, attr)
if field and field.data != getattr(user, attr):
setattr(user, attr, field.data)
update = True
if update:
try:
Session.add(user)
Session.commit()
update_serial.delay()
flash(_('The account has been updated'))
kwd['uc'] = 1
info = UPDATEACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active and
c.form.active.data == False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail',
**kwd))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/edit.html')
def import_status(self, taskid):
"import domains status"
result = AsyncResult(taskid)
if result is None or taskid not in session['taskids']:
msg = _('The task status requested has expired or does not exist')
flash(msg)
log.info(msg)
redirect(url(controller='organizations', action='index'))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
msg = _('Error occured in processing %s') % result.result
if c.user.is_superadmin:
flash_alert(msg)
log.info(msg)
else:
flash_alert(_('Backend error occured during processing.'))
log.info(msg)
redirect(url(controller='organizations'))
update_serial.delay()
info = auditmsgs.IMPORTORG_MSG % dict(o='-')
audit_log(c.user.username, 3, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
session['dimport-counter'] += 1
session.save()
if (session['dimport-counter'] >= 10
and result.state in ['PENDING', 'RETRY', 'FAILURE']):
result.revoke()
try:
os.unlink(session['dimport-file'])
except OSError:
pass
del session['dimport-file']
del session['dimport-counter']
session.save()
flash_alert(
_('The import could not be processed,'
' try again later'))
redirect(url(controller='organizations'))
finished = False
c.finished = finished
c.results = result.result
c.success = result.successful()
return self.render('/organizations/importstatus.html')
def import_status(self, taskid):
"import domains status"
result = AsyncResult(taskid)
if result is None or taskid not in session['taskids']:
msg = _('The task status requested has expired or does not exist')
flash(msg)
log.info(msg)
redirect(url(controller='organizations', action='index'))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
msg = _('Error occured in processing %s') % result.result
if c.user.is_superadmin:
flash_alert(msg)
log.info(msg)
else:
flash_alert(_('Backend error occured during processing.'))
log.info(msg)
redirect(url(controller='organizations'))
update_serial.delay()
info = auditmsgs.IMPORTORG_MSG % dict(o='-')
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr, arrow.utcnow().datetime)
else:
session['dimport-counter'] += 1
session.save()
if (session['dimport-counter'] >= 10 and
result.state in ['PENDING', 'RETRY', 'FAILURE']):
result.revoke()
try:
os.unlink(session['dimport-file'])
except OSError:
pass
del session['dimport-file']
del session['dimport-counter']
session.save()
flash_alert(_('The import could not be processed,'
' try again later'))
redirect(url(controller='organizations'))
finished = False
c.finished = finished
c.results = result.result
c.success = result.successful()
return self.render('/organizations/importstatus.html')
def editaddress(self, addressid):
"Edit address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
try:
if (address.address != c.form.address.data
or address.enabled != c.form.enabled.data):
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
address.address = c.form.address.data
address.enabled = c.form.enabled.data
Session.add(address)
Session.commit()
update_serial.delay()
info = ADDRUPDATE_MSG % dict(a=address.address,
ac=address.user.username)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
flash_alert(
_('The address %(addr)s already exists') %
dict(addr=c.form.address.data))
except NoResultFound:
flash(
_('Domain: %(d)s does not belong to you') % dict(d=domain))
redirect(
url(controller='accounts',
action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/editaddress.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
if c.user.is_superadmin:
c.form.organizations.query_factory = self._get_organizations
else:
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
updated = False
kw = {'domainid': domain.id}
for field in c.form:
intfields = [
'spam_actions', 'highspam_actions', 'delivery_mode',
'report_every'
]
if (field.name in intfields
and int(field.data) == getattr(domain, field.name)):
continue
if (field.name != 'csrf_token'
and field.data != getattr(domain, field.name)):
setattr(domain, field.name, field.data)
updated = True
if updated:
try:
Session.add(domain)
Session.commit()
update_serial.delay()
info = UPDATEDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(
_('The domain: %(dom)s has been updated') %
dict(dom=domain.name))
kw['uc'] = 1
except IntegrityError:
Session.rollback()
flash(
_('The domain %(dom)s could not be updated') %
dict(dom=domain.name))
else:
flash_info(_('No changes were made to the domain'))
redirect(url('domain-detail', **kw))
return render('/domains/edit.html')
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if user.account_type != 3 or c.user.is_peleb:
del c.form.domains
if c.user.is_peleb:
del c.form.username
del c.form.email
del c.form.active
if request.POST and c.form.validate():
update = False
kwd = dict(userid=userid)
for attr in FORM_FIELDS:
field = getattr(c.form, attr)
if field and field.data != getattr(user, attr):
setattr(user, attr, field.data)
update = True
if update:
try:
Session.add(user)
Session.commit()
update_serial.delay()
flash(_('The account has been updated'))
kwd['uc'] = 1
info = UPDATEACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active
and c.form.active.data == False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail', **kwd))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/edit.html')
def editaddress(self, addressid):
"Edit address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
try:
if (address.address != c.form.address.data or
address.enabled != c.form.enabled.data):
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
address.address = c.form.address.data
address.enabled = c.form.enabled.data
Session.add(address)
Session.commit()
update_serial.delay()
info = ADDRUPDATE_MSG % dict(a=address.address,
ac=address.user.username)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
Session.rollback()
flash_alert(_('The address %(addr)s already exists') %
dict(addr=c.form.address.data))
except NoResultFound:
flash(_('Domain: %(d)s does not belong to you') %
dict(d=domain))
redirect(url(controller='accounts', action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/editaddress.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = EditDomainForm(request.POST, domain, csrf_context=session)
if c.user.is_superadmin:
c.form.organizations.query_factory = self._get_organizations
else:
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
updated = False
kw = {'domainid': domain.id}
for field in c.form:
intfields = ['spam_actions', 'highspam_actions',
'delivery_mode', 'report_every']
if (field.name in intfields and
int(field.data) == getattr(domain, field.name)):
continue
if (field.name != 'csrf_token' and
field.data != getattr(domain, field.name)):
setattr(domain, field.name, field.data)
updated = True
if updated:
try:
Session.add(domain)
Session.commit()
update_serial.delay()
info = UPDATEDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
flash(_('The domain: %(dom)s has been updated') %
dict(dom=domain.name))
kw['uc'] = 1
except IntegrityError:
Session.rollback()
flash(_('The domain %(dom)s could not be updated') %
dict(dom=domain.name))
else:
flash_info(_('No changes were made to the domain'))
redirect(url('domain-detail', **kw))
return render('/domains/edit.html')
def list_delete(self, listid):
"Delete a list item"
item = self._get_listitem(listid)
if not item:
abort(404)
if c.user.account_type != 1 and c.user.id != item.user_id:
abort(403)
c.form = list_forms[c.user.account_type](request.POST,
item,
csrf_context=session)
if not c.user.is_superadmin:
del c.form.add_to_alias
if c.user.is_domain_admin:
orgs = [group.id for group in c.user.organizations]
query = Session.query(Domain.name).join(domain_owners)\
.filter(domain_owners.c.organization_id.in_(orgs))
options = [(domain.name, domain.name) for domain in query]
c.form.to_domain.choices = options
if c.user.is_peleb:
query = self._user_addresses()
options = [(addr.email, addr.email) for addr in query]
c.form.to_address.choices = options
c.id = item.id
if request.POST and c.form.validate():
if item.list_type == 1:
listname = _('Approved senders')
else:
listname = _('Banned senders')
name = item.from_address
Session.delete(item)
Session.commit()
update_serial.delay()
info = LISTDEL_MSG % dict(s=name, l=listname)
audit_log(c.user.username,
4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The item has been deleted'))
if not request.is_xhr:
redirect(url(controller='lists'))
else:
c.delflag = True
return render('/lists/delete.html')
def addaddress(self, userid):
"Add address"
user = self._get_user(userid)
if not user:
abort(404)
c.form = AddressForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
try:
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
addr = Address(address=c.form.address.data)
addr.enabled = c.form.enabled.data
addr.user = user
Session.add(addr)
Session.commit()
update_serial.delay()
info = ADDRADD_MSG % dict(a=addr.address, ac=user.username)
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr, now())
flash(
_('The alias address %(address)s was successfully created.' %
dict(address=addr.address)))
except IntegrityError:
Session.rollback()
flash_alert(_('The address %(addr)s already exists') %
dict(addr=addr.address))
except NoResultFound:
flash(_('Domain: %(d)s does not belong to you') %
dict(d=domain))
redirect(url(controller='accounts', action='detail',
userid=userid))
c.id = userid
return render('/accounts/addaddress.html')
def delete_server(self, serverid):
"Delete a scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
hostname = server.hostname
Session.delete(server)
Session.commit()
update_serial.delay()
info = HOSTDELETE_MSG % dict(n=hostname)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The scanning server has been deleted'))
redirect(url(controller='settings'))
return render('/settings/deleteserver.html')
def addaddress(self, userid):
"Add address"
user = self._get_user(userid)
if not user:
abort(404)
c.form = AddressForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
try:
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
addr = Address(address=c.form.address.data)
addr.enabled = c.form.enabled.data
addr.user = user
Session.add(addr)
Session.commit()
update_serial.delay()
info = ADDRADD_MSG % dict(a=addr.address, ac=user.username)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(
_('The alias address %(address)s was successfully created.'
% dict(address=addr.address)))
except IntegrityError:
flash_alert(
_('The address %(addr)s already exists') %
dict(addr=addr.address))
except NoResultFound:
flash(
_('Domain: %(d)s does not belong to you') % dict(d=domain))
redirect(url(controller='accounts', action='detail',
userid=userid))
c.id = userid
return render('/accounts/addaddress.html')
def delete_server(self, serverid):
"Delete a scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
hostname = server.hostname
Session.delete(server)
Session.commit()
update_serial.delay()
info = HOSTDELETE_MSG % dict(n=hostname)
audit_log(c.user.username,
4, info, request.host,
request.remote_addr, datetime.now())
flash(_('The scanning server has been deleted'))
redirect(url(controller='settings'))
return render('/settings/deleteserver.html')
def add(self):
"""/accounts/new"""
c.form = AddUserForm(request.POST, csrf_context=session)
if c.user.is_domain_admin:
account_types = (('3', 'User'), )
c.form.account_type.choices = account_types
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
else:
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
try:
user = User(username=c.form.username.data,
email=c.form.email.data)
for attr in [
'firstname', 'lastname', 'email', 'active',
'account_type', 'send_report', 'spam_checks',
'low_score', 'high_score', 'timezone'
]:
setattr(user, attr, getattr(c.form, attr).data)
user.local = True
user.set_password(c.form.password1.data)
if int(user.account_type) == 3:
user.domains = c.form.domains.data
Session.add(user)
Session.commit()
update_serial.delay()
info = ADDACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(
_('The account: %(user)s was created successfully') %
{'user': c.form.username.data})
redirect(url('account-detail', userid=user.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('Either the username or email address already exist'))
return render('/accounts/new.html')
def import_status(self, taskid):
"import status"
result = AsyncResult(taskid)
if result is None or taskid not in session['taskids']:
flash(_('The task status requested has expired or does not exist'))
redirect(url(controller='accounts', action='index'))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
if c.user.is_superadmin:
flash_alert(_('Error occured in processing %s') %
result.result)
else:
flash_alert(_('Backend error occured during processing.'))
redirect(url(controller='accounts'))
update_serial.delay()
audit_log(c.user.username,
3, unicode(ACCOUNTIMPORT_MSG), request.host,
request.remote_addr, now())
else:
session['acimport-count'] += 1
if (session['acimport-count'] >= 10 and
result.state in ['PENDING', 'RETRY', 'FAILURE']):
result.revoke()
try:
os.unlink(session['acimport-file'])
except OSError:
pass
del session['acimport-count']
session.save()
flash_alert(_('The import could not be processed,'
' try again later'))
redirect(url(controller='accounts'))
finished = False
c.finished = finished
c.results = result.result
c.success = result.successful()
return render('/accounts/importstatus.html')
def import_status(self, taskid):
"import status"
result = AsyncResult(taskid)
if result is None or taskid not in session['taskids']:
flash(_('The task status requested has expired or does not exist'))
redirect(url(controller='accounts', action='index'))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
if c.user.is_superadmin:
flash_alert(
_('Error occured in processing %s') % result.result)
else:
flash_alert(_('Backend error occured during processing.'))
redirect(url(controller='accounts'))
update_serial.delay()
audit_log(c.user.username, 3, ACCOUNTIMPORT_MSG, request.host,
request.remote_addr, now())
else:
session['acimport-count'] += 1
if (session['acimport-count'] >= 10
and result.state in ['PENDING', 'RETRY', 'FAILURE']):
result.revoke()
try:
os.unlink(session['acimport-file'])
except OSError:
pass
del session['acimport-count']
session.save()
flash_alert(
_('The import could not be processed,'
' try again later'))
redirect(url(controller='accounts'))
finished = False
c.finished = finished
c.results = result.result
c.success = result.successful()
return render('/accounts/importstatus.html')
def import_status(self, taskid):
"import domains status"
result = AsyncResult(taskid)
if result is None or taskid not in session["taskids"]:
flash(_("The task status requested has expired or does not exist"))
redirect(url(controller="organizations", action="index"))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
if c.user.is_superadmin:
flash_alert(_("Error occured in processing %s") % result.result)
else:
flash_alert(_("Backend error occured during processing."))
redirect(url(controller="organizations"))
update_serial.delay()
info = IMPORTORG_MSG % dict(o="-")
audit_log(c.user.username, 3, info, request.host, request.remote_addr, now())
else:
session["dimport-counter"] += 1
session.save()
if session["dimport-counter"] >= 10 and result.state in ["PENDING", "RETRY", "FAILURE"]:
result.revoke()
try:
os.unlink(session["dimport-file"])
except OSError:
pass
del session["dimport-file"]
del session["dimport-counter"]
session.save()
flash_alert(_("The import could not be processed," " try again later"))
redirect(url(controller="organizations"))
finished = False
c.finished = finished
c.results = result.result
c.success = result.successful()
return render("/organizations/importstatus.html")
def editalias(self, aliasid):
"Edit alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = EditDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id==alias.domain_id)
if request.POST and c.form.validate():
updated = False
for field in c.form:
if (field.name != 'csrf_token'
and field.data != getattr(alias, field.name)):
setattr(alias, field.name, field.data)
updated = True
if updated:
try:
Session.add(alias)
Session.commit()
update_serial.delay()
info = UPDATEDOMALIAS_MSG % dict(d=alias.name)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(
_('The domain alias: %s has been updated') %
alias.name)
redirect(url('domain-detail', domainid=alias.domain_id))
except IntegrityError:
Session.rollback()
flash_alert(_('The update failed'))
else:
flash_info(_('No changes were made to the domain alias'))
redirect(url('domain-detail', domainid=alias.domain_id))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render('/domains/editalias.html')
def add(self):
"""/accounts/new"""
c.form = AddUserForm(request.POST, csrf_context=session)
if c.user.is_domain_admin:
account_types = (('3', 'User'),)
c.form.account_type.choices = account_types
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
else:
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
try:
user = User(username=c.form.username.data,
email=c.form.email.data)
for attr in ['firstname', 'lastname', 'email', 'active',
'account_type', 'send_report', 'spam_checks',
'low_score', 'high_score', 'timezone']:
setattr(user, attr, getattr(c.form, attr).data)
user.local = True
user.set_password(c.form.password1.data)
if int(user.account_type) == 3:
user.domains = c.form.domains.data
Session.add(user)
Session.commit()
update_serial.delay()
info = ADDACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr, now())
flash(_('The account: %(user)s was created successfully') %
{'user': c.form.username.data})
redirect(url('account-detail', userid=user.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('Either the username or email address already exist'))
return render('/accounts/new.html')
def delete(self, domainid):
"Delete a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
name = domain.name
Session.delete(domain)
Session.commit()
update_serial.delay()
info = DELETEDOMAIN_MSG % dict(d=name)
audit_log(c.user.username, 4, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain has been deleted"))
redirect(url(controller="domains"))
else:
flash(
_("The domain: %(name)s and all associated data will" " be deleted, This action cannot be reversed.")
% dict(name=domain.name)
)
return render("/domains/delete.html")
def deleteaddress(self, addressid):
"Delete address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
user_id = address.user_id
addr = address.address
username = address.user.username
Session.delete(address)
Session.commit()
update_serial.delay()
info = ADDRDELETE_MSG % dict(a=addr, ac=username)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The address has been deleted'))
redirect(
url(controller='accounts', action='detail', userid=user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/deleteaddress.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
if c.user.is_superadmin:
c.form.organizations.query_factory = self._get_organizations
else:
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
updated = False
kw = {"domainid": domain.id}
for field in c.form:
intfields = ["spam_actions", "highspam_actions", "delivery_mode", "report_every"]
if field.name in intfields and int(field.data) == getattr(domain, field.name):
continue
if field.name != "csrf_token" and field.data != getattr(domain, field.name):
setattr(domain, field.name, field.data)
updated = True
if updated:
try:
Session.add(domain)
Session.commit()
update_serial.delay()
info = UPDATEDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username, 2, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain: %(dom)s has been updated") % dict(dom=domain.name))
kw["uc"] = 1
except IntegrityError:
Session.rollback()
flash(_("The domain %(dom)s could not be updated") % dict(dom=domain.name))
else:
flash_info(_("No changes were made to the domain"))
redirect(url("domain-detail", **kw))
return render("/domains/edit.html")
def addalias(self, domainid):
"Add alias domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainAlias(request.POST, csrf_context=session)
c.form.domain.query = Session.query(Domain).filter(
Domain.id == domainid)
if request.POST and c.form.validate():
alias = DomainAlias()
for field in c.form:
if field.data and field.name != 'csrf_token':
setattr(alias, field.name, field.data)
try:
domain.aliases.append(alias)
Session.add(alias)
Session.add(domain)
Session.commit()
update_serial.delay()
info = ADDDOMALIAS_MSG % dict(d=alias.name)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(_('The domain alias: %s has been created') % alias.name)
redirect(
url(controller='domains',
action='detail',
domainid=domain.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('The domain alias: %s already exists') % alias.name)
c.domainid = domain.id
c.domainname = domain.name
return render('/domains/addalias.html')
def delete(self, domainid):
"Delete a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
name = domain.name
Session.delete(domain)
Session.commit()
update_serial.delay()
info = DELETEDOMAIN_MSG % dict(d=name)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
flash(_('The domain has been deleted'))
redirect(url(controller='domains'))
else:
flash(
_('The domain: %(name)s and all associated data will'
' be deleted, This action cannot be reversed.') %
dict(name=domain.name))
return render('/domains/delete.html')
def deleteaddress(self, addressid):
"Delete address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
user_id = address.user_id
addr = address.address
username = address.user.username
Session.delete(address)
Session.commit()
update_serial.delay()
info = ADDRDELETE_MSG % dict(a=addr, ac=username)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
flash(_('The address has been deleted'))
redirect(url(controller='accounts', action='detail',
userid=user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/deleteaddress.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.method == 'POST':
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.method == 'POST' and c.form.validate():
for field in c.form:
if field.type == 'SelectMultipleField' or \
(field.data and not field.name == 'csrf_token'):
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if (field.type == 'SelectMultipleField' and
len(field.data) and field.data != field.default)\
or (field.type != 'SelectMultipleField' and
field.data != field.default):
check_field(field)
conf = ConfigSettings(
internal=internal,
external=external,
section=sectionid
)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = auditmsgs.HOSTSETTING_MSG % subs
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = auditmsgs.HOSTSETTING_MSG % subs
check_value = get_check_value(field.type, conf.value)
if check_value != field.data:
# stored value not equal to updated value
if (field.type == 'SelectMultipleField' and
len(field.data) and
field.data != field.default) or \
(field.type != 'SelectMultipleField' and
field.data != field.default):
# not a default, we can update
check_field(field)
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
# is the default lets delete the stored value
Session.delete(conf)
Session.commit()
updated = True
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
if updated:
flash(_('%(settings)s updated') % dict(
settings=CONFIG_SECTIONS[int(sectionid)]))
create_ms_settings.apply_async(exchange=FANOUT_XCHG)
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
# redirect(url('settings-scanner', serverid=serverid))
elif request.method == 'POST' and not c.form.validate():
msg = _("Error detected, check the settings below")
flash_alert(msg)
log.info(msg)
return self.render('/settings/section.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.POST:
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.POST and c.form.validate():
for field in c.form:
if field.data and not field.name == 'csrf_token':
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub('', field.label.text)
internal = field.name
else:
external = CONFIG_RE.sub('', field.label.text)
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if field.data != field.default:
conf = ConfigSettings(
internal=internal,
external=external,
section=sectionid
)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username,
3, info, request.host,
request.remote_addr, datetime.now())
else:
if conf.value != field.data:
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username,
2, info, request.host,
request.remote_addr, datetime.now())
if updated:
flash(_('%(settings)s updated') % dict(
settings=CONFIG_SECTIONS[int(sectionid)]))
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
#redirect(url('settings-scanner', serverid=serverid))
return render('/settings/section.html')
def confirm_delete(self):
"Confirm mass delete"
accountids = session.get('bulk_account_delete', [])
if not accountids:
redirect(url(controller='accounts', action='index'))
num_items = 10
if len(accountids) > num_items and len(accountids) <= 20:
num_items = 20
if len(accountids) > num_items and len(accountids) <= 50:
num_items = 50
if len(accountids) > num_items and len(accountids) <= 100:
num_items = 100
users = Session.query(User).filter(User.id.in_(accountids))
usrcount = Session.query(User.id)
if c.user.is_domain_admin and usrcount:
users = users.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id == oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
usrcount = usrcount.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if request.POST:
tasks = []
# try:
for account in users.all():
info = DELETEACCOUNT_MSG % dict(u=account.username)
Session.delete(account)
tasks.append([
c.user.username, 4, info, request.host,
request.remote_addr,
now()
])
Session.commit()
# except DataError:
# flash_alert(_('An error occured try again'))
# redirect(url(controller='accounts', action='index'))
del session['bulk_account_delete']
session.save()
update_serial.delay()
for task in tasks:
audit_log(*task)
flash(_('The accounts have been deleted'))
redirect(url(controller='accounts'))
else:
flash(
_('The following accounts are about to be deleted,'
' this action is not reversible, Do you wish to '
'continue ?'))
try:
c.page = paginate.Page(users,
page=1,
items_per_page=num_items,
item_count=usrcount.count())
except DataError:
flash_alert(_('An error occured try again'))
redirect(url(controller='accounts', action='index'))
return render('/accounts/confirmbulkdel.html')
def confirm_delete(self):
"Confirm mass delete"
accountids = session.get('bulk_account_delete', [])
if not accountids:
redirect(url(controller='accounts', action='index'))
num_items = 10
if len(accountids) > num_items and len(accountids) <= 20:
num_items = 20
if len(accountids) > num_items and len(accountids) <= 50:
num_items = 50
if len(accountids) > num_items and len(accountids) <= 100:
num_items = 100
users = Session.query(User).filter(User.id.in_(accountids))
usrcount = Session.query(User.id)
if c.user.is_domain_admin and usrcount:
users = users.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id == oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
usrcount = usrcount.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if request.method == 'POST':
tasks = []
# try:
for account in users.all():
info = DELETEACCOUNT_MSG % dict(u=account.username)
Session.delete(account)
tasks.append([c.user.username,
4,
unicode(info),
request.host,
request.remote_addr,
now()])
Session.commit()
# except DataError:
# flash_alert(_('An error occured try again'))
# redirect(url(controller='accounts', action='index'))
del session['bulk_account_delete']
session.save()
update_serial.delay()
for task in tasks:
audit_log(*task)
flash(_('The accounts have been deleted'))
redirect(url(controller='accounts'))
else:
flash(_('The following accounts are about to be deleted,'
' this action is not reversible, Do you wish to '
'continue ?'))
try:
c.page = paginate.Page(users, page=1,
items_per_page=num_items,
item_count=usrcount.count())
except DataError:
flash_alert(_('An error occured try again'))
redirect(url(controller='accounts', action='index'))
return render('/accounts/confirmbulkdel.html')
def new(self):
"Add a new list item"
c.form = list_forms[c.user.account_type](request.POST,
csrf_context=session)
if c.user.is_domain_admin:
orgs = [group.id for group in c.user.organizations]
query = Session.query(Domain.name).join(domain_owners)\
.filter(domain_owners.c.organization_id.in_(orgs))
options = [(domain.name, domain.name) for domain in query]
c.form.to_domain.choices = options
if c.user.is_peleb:
query = self._user_addresses()
options = [(item.email, item.email) for item in query]
c.form.to_address.choices = options
if request.POST and c.form.validate():
# item = List()
# item.user = c.user
# item.list_type = c.form.list_type.data
# item.from_address = c.form.from_address.data
item = make_item(c.form)
_set_type(item)
aliases = []
if c.user.is_superadmin or c.user.is_peleb:
if c.form.to_address.data != '':
item.to_address = c.form.to_address.data
if ('add_to_alias' in c.form and c.form.add_to_alias.data
and c.user.is_peleb):
for new_addr in options:
if new_addr[0] == item.to_address:
continue
newitem = make_item(c.form)
_set_type(newitem)
newitem.to_address = new_addr[0]
aliases.append(newitem)
else:
item.to_address = 'any'
if c.user.is_domain_admin:
if c.form.to_address.data in ['', 'any']:
item.to_address = c.form.to_domain.data
if c.form.add_to_alias.data:
for dom in options:
if dom[0] == item.to_address:
continue
newitem = make_item(c.form)
_set_type(newitem)
newitem.to_address = dom[0]
aliases.append(newitem)
else:
item.to_address = "%s@%s" % (c.form.to_address.data,
c.form.to_domain.data)
if c.form.add_to_alias.data:
for dom in options:
newitem = make_item(c.form)
_set_type(newitem)
newitem.to_address = "%s@%s" % \
(c.form.to_address.data, dom[0])
if newitem.to_address == item.to_address:
continue
aliases.append(newitem)
try:
Session.add(item)
Session.commit()
for alias in aliases:
try:
Session.add(alias)
Session.commit()
except IntegrityError:
pass
update_serial.delay()
if item.list_type == 1:
listname = _('Approved senders')
else:
listname = _('Banned senders')
info = LISTADD_MSG % dict(s=item.from_address, l=listname)
audit_log(c.user.username,
3, info, request.host,
request.remote_addr, datetime.now())
flash(_('The item has been added to the list'))
if not request.is_xhr:
redirect(url('lists-index',
list_type=c.form.list_type.data))
except IntegrityError:
Session.rollback()
flash_alert(_('The list item already exists'))
return render('/lists/add.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.POST:
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.POST and c.form.validate():
for field in c.form:
if field.data and not field.name == 'csrf_token':
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if field.data != field.default:
conf = ConfigSettings(internal=internal,
external=external,
section=sectionid)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
else:
if conf.value != field.data:
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
if updated:
flash(
_('%(settings)s updated') %
dict(settings=CONFIG_SECTIONS[int(sectionid)]))
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
#redirect(url('settings-scanner', serverid=serverid))
return render('/settings/section.html')
