def settings_organization_club_edit(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_club = {
            'name':'',
            'short_name':'',
            'leader_id':'',
            'subunit_id':0,
            'club_code':'',
        }

        club_id = self.request.matchdict['club_id']

        club = DBSession.query(Club).filter(Club.id==club_id).first()

        if club.id:
            tmp_club = {
                'name':club.name,
                'short_name':club.short_name,
                'leader_id':club.leader_id,
                'subunit_id':club.subunit_id,
                'club_code':club.club_code
            }

        if self.request.method == 'POST':
            tmp_club['name'] = self.request.POST.get('name').strip()
            tmp_club['short_name'] = self.request.POST.get('short_name').strip()
            #tmp_club['leader_id'] = self.request.POST.get('leader_id').strip()
            tmp_club['leader_id'] = 0
            tmp_club['subunit_id'] = self.request.POST.get('subunit_id').strip()
            tmp_club['club_code'] = self.request.POST.get('club_code').strip()
            if tmp_club['name']:
                club.name = tmp_club['name']
                club.short_name = tmp_club['short_name']
                club.leader_id = tmp_club['leader_id']
                club.subunit_id = tmp_club['subunit_id']
                club.club_code = tmp_club['club_code']
                DBSession.add(club)
                DBSession.flush()
                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'Club'
                userAudit.model_id = club.id
                userAudit.action = 'Update'
                userAudit.revision = club.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Club saved."), 'success')
                return HTTPFound(location='/settings/organization/')
            else:
                self.request.session.flash(_(u"Please provide club name."), 'error')

        subunits = DBSession.query(SubUnit).all()
        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
        self.request.bread.append({'url':'/settings/organization/club_edit/'+club_id+'/', 'text':_('Edit club')})
        return {'club':tmp_club, 'subunits':subunits}
Ejemplo n.º 2
0
    def settings_users_deactivate(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        user_id = self.request.matchdict['user_id']
        if user_id != 1:
            user = DBSession.query(User).get(user_id)
            user.active = 0
            user.metadata_modified = datetime.now()
            DBSession.add(user)
            DBSession.flush()

            userAudit = UserAudit(self.request.user.id)
            userAudit.model = 'User'
            userAudit.model_id = user.id
            userAudit.action = 'Deactivated'
            userAudit.revision = user.metadata_revision
            DBSession.add(userAudit)
            DBSession.flush()

            self.request.session.flash(_(u"User deactivated."), 'success')

        return HTTPFound(location='/settings/users/')
Ejemplo n.º 3
0
    def security_shifts_new(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location="/forbidden/")
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location="/settings/me/edit/")
        _ = self.request.translate
        shift = SecurityShift()

        if self.request.method == "POST":
            shift.starts = helpers.parseFinnishDateFromString(self.request.POST.get("starts").strip())
            shift.ends = helpers.parseFinnishDateFromString(self.request.POST.get("ends").strip())
            # shift.leader_id = helpers.decodeString(self.request.POST.get('leader_id').strip())
            shift.notes = helpers.decodeString(self.request.POST.get("notes").strip())
            if type(shift.starts) is datetime and type(shift.ends) is datetime and shift.starts < shift.ends:
                DBSession.add(shift)
                DBSession.flush()
                userAudit = UserAudit(self.request.user.id)
                userAudit.model = "SecurityShift"
                userAudit.model_id = shift.id
                userAudit.action = "Create"
                userAudit.revision = shift.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Shift created."), "success")
                return HTTPFound(location="/security/shifts/view/" + str(shift.id) + "/")
            else:
                self.request.session.flash(_(u"Error creating shift. Shift ends before it begins."), "error")

        self.request.bread.append({"url": "/security/", "text": _("Security")})
        self.request.bread.append({"url": "/security/shifts/", "text": _("Shifts")})
        self.request.bread.append({"url": "/security/shifts/new/", "text": _("Create")})
        return {"shift": shift}
Ejemplo n.º 4
0
    def security_shifts_logitem_delete(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location="/forbidden/")
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location="/settings/me/edit/")
        _ = self.request.translate

        logitem_id = self.request.matchdict["logitem_id"]

        logitem = DBSession.query(SecurityLogItem).filter(SecurityLogItem.id == logitem_id).first()

        if logitem != None:
            logitem.deleted = True
            DBSession.add(logitem)
            DBSession.flush()
            userAudit = UserAudit(self.request.user.id)
            userAudit.model = "SecurityLogItem"
            userAudit.model_id = logitem.id
            userAudit.action = "Deleted"
            userAudit.revision = logitem.metadata_revision
            DBSession.add(userAudit)
            DBSession.flush()
            self.request.session.flash(_(u"Log item deleted."), "success")
            return HTTPFound(location="/security/shifts/view/" + str(logitem.shift_id) + "/")

        self.request.session.flash(_(u"Error finding logitem to delete."), "Error")
        return HTTPFound(location="/security/shifts/view/" + str(logitem.shift_id) + "/")
Ejemplo n.º 5
0
    def settings_new(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location="/forbidden/")
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location="/settings/me/edit/")
        _ = self.request.translate
        # TODO: Errors
        errors = {}
        tmp_setting = {"setting_key": "", "setting_value": ""}

        if self.request.method == "POST":
            tmp_setting["setting_key"] = self.request.POST.get("setting_key").strip()
            tmp_setting["setting_value"] = self.request.POST.get("setting_value")
            if tmp_setting["setting_key"] and tmp_setting["setting_key"] != "":
                if not self.checkIfSettignKeyExists(tmp_setting["setting_key"]):
                    setting = Setting(tmp_setting["setting_key"], tmp_setting["setting_value"])
                    DBSession.add(setting)
                    DBSession.flush()
                    userAudit = UserAudit(self.request.user.id)
                    userAudit.model = "Setting"
                    userAudit.model_id = setting.id
                    userAudit.action = "Create"
                    userAudit.revision = setting.metadata_revision
                    DBSession.add(userAudit)
                    DBSession.flush()
                    self.request.session.flash(_(u"Setting created."), "success")
                    return HTTPFound(location="/settings/list/")
                else:
                    self.request.session.flash(_(u"Setting with same key exists allready."), "error")
            else:
                self.request.session.flash(_(u"Please provide key."), "error")
        self.request.bread.append({"url": "/settings/", "text": _("Settings")})
        self.request.bread.append({"url": "/settings/list/", "text": _("List")})
        self.request.bread.append({"url": "/settings/new/", "text": _("New")})
        return {"setting": tmp_setting}
    def settings_organization_village_edit(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_village = {
            'name':'',
            'short_name':'',
            'leader_id':'',
            'subcamp_id':0,
        }

        village_id = self.request.matchdict['village_id']

        village = DBSession.query(Village).filter(Village.id==village_id).first()

        subcamps = DBSession.query(Subcamp).all()

        if village.id:
            tmp_village = {
                'name':village.name,
                'short_name':village.short_name,
                'leader_id':village.leader_id,
                'subcamp_id':village.subcamp_id,
            }

        if self.request.method == 'POST':
            tmp_village['name'] = self.request.POST.get('name').strip()
            tmp_village['short_name'] = self.request.POST.get('short_name').strip()
            #tmp_village['leader_id'] = self.request.POST.get('leader_id').strip()
            tmp_village['leader_id'] = 0
            tmp_village['subcamp_id'] = self.request.POST.get('subcamp_id').strip()
            if tmp_village['name']:
                village.name = tmp_village['name']
                village.short_name = tmp_village['short_name']
                village.leader_id = tmp_village['leader_id']
                village.subcamp_id = tmp_village['subcamp_id']
                DBSession.add(village)
                DBSession.flush()
                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'Village'
                userAudit.model_id = village.id
                userAudit.action = 'Update'
                userAudit.revision = village.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Village saved."), 'success')
                return HTTPFound(location='/settings/organization/')
            else:
                self.request.session.flash(_(u"Please provide village name."), 'error')


        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
        self.request.bread.append({'url':'/settings/organization/village_edit/'+village_id+'/', 'text':_('Edit village')})
        return {'village':tmp_village, 'subcamps':subcamps}
Ejemplo n.º 7
0
    def settings_edit(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location="/forbidden/")
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location="/settings/me/edit/")
        _ = self.request.translate
        # TODO: Errors
        errors = {}
        tmp_setting = {"setting_key": "", "setting_value": "", "locked_key": False}

        setting_id = self.request.matchdict["setting_id"]

        setting = DBSession.query(Setting).filter(Setting.id == setting_id).first()

        if setting.id:
            tmp_setting = {
                "setting_key": setting.setting_key,
                "setting_value": setting.setting_value,
                "locked_key": setting.locked_key,
            }

        if self.request.method == "POST":
            if not setting.locked_key:
                tmp_setting["setting_key"] = self.request.POST.get("setting_key").strip()
            else:
                tmp_setting["setting_key"] = setting.setting_key

            tmp_setting["setting_value"] = self.request.POST.get("setting_value")

            if tmp_setting["setting_key"] and tmp_setting["setting_key"] != "":
                if not self.checkIfSettignKeyExists(tmp_setting["setting_key"], setting.id):
                    setting.setting_key = tmp_setting["setting_key"]
                    setting.setting_value = tmp_setting["setting_value"]
                    DBSession.add(setting)
                    DBSession.flush()
                    userAudit = UserAudit(self.request.user.id)
                    userAudit.model = "Setting"
                    userAudit.model_id = setting.id
                    userAudit.action = "Update"
                    userAudit.revision = setting.metadata_revision
                    DBSession.add(userAudit)
                    DBSession.flush()
                    self.request.session.flash(_(u"Setting saved."), "success")
                    return HTTPFound(location="/settings/list/")
                else:
                    self.request.session.flash(_(u"Setting with same key exists allready."), "error")
            else:
                self.request.session.flash(_(u"Please provide key."), "error")

        self.request.bread.append({"url": "/settings/", "text": _("Settings")})
        self.request.bread.append({"url": "/settings/list/", "text": _("List")})
        self.request.bread.append(
            {"url": "/settings/edit/" + setting_id + "/", "text": _("Edit") + " " + setting.setting_key}
        )
        return {"setting": tmp_setting}
    def settings_organization_subcamp_edit(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_subcamp = {
            'name':'',
            'short_name':'',
            'leader_id':'',
        }

        subcamp_id = self.request.matchdict['subcamp_id']

        subcamp = DBSession.query(Subcamp).filter(Subcamp.id==subcamp_id).first()

        if subcamp.id:
            tmp_subcamp = {
                'name':subcamp.name,
                'short_name':subcamp.short_name,
                'leader_id':subcamp.leader_id,
            }

        if self.request.method == 'POST':
            tmp_subcamp['name'] = self.request.POST.get('name').strip()
            tmp_subcamp['short_name'] = self.request.POST.get('short_name').strip()
            #tmp_subcamp['leader_id'] = self.request.POST.get('leader_id').strip()
            tmp_subcamp['leader_id'] = 0
            if tmp_subcamp['name']:
                subcamp.name = tmp_subcamp['name']
                subcamp.short_name = tmp_subcamp['short_name']
                subcamp.leader_id = int(tmp_subcamp['leader_id'])
                DBSession.add(subcamp)
                DBSession.flush()
                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'Subcamp'
                userAudit.model_id = subcamp.id
                userAudit.action = 'Update'
                userAudit.revision = subcamp.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Subcamp saved."), 'success')
                return HTTPFound(location='/settings/organization/')
            else:
                self.request.session.flash(_(u"Please provide subcamp name."), 'error')
        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
        self.request.bread.append({'url':'/settings/organization/subcamp_edit/'+subcamp_id+'/', 'text':_('Edit subcamp')})
        return {'subcamp':tmp_subcamp}
    def settings_organization_village_kitchen_new(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_village_kitchen = {
            'name':'',
            'short_name':'',
            'leader_id':'',
            'subcamp_id':0,
            'village_ids':[]
        }

        subcamps = DBSession.query(Subcamp).all()
        villages = DBSession.query(Village).all()

        if self.request.method == 'POST':
            tmp_village_kitchen['name'] = self.request.POST.get('name').strip()
            tmp_village_kitchen['short_name'] = self.request.POST.get('short_name').strip()
            #tmp_village_kitchen['leader_id'] = self.request.POST.get('leader_id').strip()
            tmp_village_kitchen['leader_id'] = 0
            tmp_village_kitchen['subcamp_id'] = self.request.POST.get('subcamp_id').strip()
            if tmp_village_kitchen['name']:
                village_kitchen = VillageKitchen()
                village_kitchen.name = tmp_village_kitchen['name']
                village_kitchen.short_name = tmp_village_kitchen['short_name']
                village_kitchen.leader_id = tmp_village_kitchen['leader_id']
                village_kitchen.subcamp_id = tmp_village_kitchen['subcamp_id']
                village_kitchen.villages = DBSession.query(Village).filter(Village.id.in_(self.request.POST.getall('villages'))).all()
                DBSession.add(village_kitchen)
                DBSession.flush()
                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'VillageKitchen'
                userAudit.model_id = village_kitchen.id
                userAudit.action = 'Create'
                userAudit.revision = village_kitchen.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Village kitchen created."), 'success')
                return HTTPFound(location='/settings/organization/')
            else:
                self.request.session.flash(_(u"Please provide village_kitchen name."), 'error')

        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
        self.request.bread.append({'url':'/settings/organization/village_kitchen_new/', 'text':_('New village_kitchen')})
        return {'village_kitchen':tmp_village_kitchen, 'subcamps':subcamps, 'villages':villages}
Ejemplo n.º 10
0
    def security_shifts_view(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location="/forbidden/")
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location="/settings/me/edit/")
        _ = self.request.translate

        shift_id = self.request.matchdict["shift_id"]

        shift = DBSession.query(SecurityShift).filter(SecurityShift.id == shift_id).first()

        if self.request.method == "POST":
            logitem = SecurityLogItem()
            logitem.event_type = self.request.POST.get("event_type")
            logitem.shift_id = shift_id
            logitem.notified_by = self.request.POST.get("notified_by")
            logitem.task = self.request.POST.get("task")
            logitem.content = self.request.POST.get("content")
            logitem.deleted = False
            logitem.people_present = self.request.POST.get("people_present")
            logitem.started = helpers.parseFinnishDateFromString(self.request.POST.get("started"), default_now=True)
            logitem.ended = helpers.parseFinnishDateFromString(self.request.POST.get("ended"))

            DBSession.add(logitem)
            DBSession.flush()

            userAudit = UserAudit(self.request.user.id)
            userAudit.model = "SecurityLogItem"
            userAudit.model_id = logitem.id
            userAudit.action = "Create"
            userAudit.revision = logitem.metadata_revision
            DBSession.add(userAudit)
            DBSession.flush()
            self.request.session.flash(_(u"Log item created."), "success")
            return HTTPFound(location="/security/shifts/view/" + shift_id + "/")

        logitems = (
            DBSession.query(SecurityLogItem)
            .filter(SecurityLogItem.shift_id == shift_id, SecurityLogItem.deleted == False)
            .order_by(SecurityLogItem.started.desc())
            .all()
        )
        self.request.bread.append({"url": "/security/", "text": _("Security")})
        self.request.bread.append({"url": "/security/shifts/", "text": _("Shifts")})
        self.request.bread.append({"url": "/security/shifts/view/" + shift_id + "/", "text": _("View")})
        return {"shift": shift, "logitems": logitems}
Ejemplo n.º 11
0
    def settings_groups_new(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_group = {
            'name':'',
            'leader_id':'',
            'privileges':'',
        }

        if self.request.method == 'POST':
            tmp_group['name'] = self.request.POST.get('name').strip()
    #        tmp_group['leader_id'] = self.request.POST.get('leader_id').strip()
            if not self.checkIfGroupnameExists(tmp_group['name']):
                group = Group(tmp_group['name'])
                if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
                    privileges_list = ''
                    if len(self.request.POST.getall('privileges')) > 0:
                        for privilege in DBSession.query(Privilege).filter(Privilege.id.in_(self.request.POST.getall('privileges'))).all():
                            privileges_list += '|'+privilege.name + '|'
                    group.privileges = privileges_list
                DBSession.add(group)
                DBSession.flush()

                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'Group'
                userAudit.model_id = group.id
                userAudit.action = 'Create'
                userAudit.revision = group.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Group created."), 'success')
                if group.id != '' and group.id != 0:
                    return HTTPFound(location='/settings/groups/view/'+str(group.id))
            else:
                self.request.session.flash(_(u"Group with that name allready exists."), 'error')

        privileges = DBSession.query(Privilege).all()
        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/groups/', 'text':_('Groups')})
        self.request.bread.append({'url':'/settings/groups/new/', 'text':_('New')})
        return {'group':tmp_group, 'privileges':privileges}
    def settings_organization_subunit_new(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_subunit = {
            'name':'',
            'short_name':'',
            'leader_id':'',
            'village_id':0,
        }

        if self.request.method == 'POST':
            tmp_subunit['name'] = self.request.POST.get('name').strip()
            tmp_subunit['short_name'] = self.request.POST.get('short_name').strip()
            #tmp_subunit['leader_id'] = self.request.POST.get('leader_id').strip()
            tmp_subunit['leader_id'] = 0
            tmp_subunit['village_id'] = self.request.POST.get('village_id').strip()
            if tmp_subunit['name']:
                subunit = SubUnit()
                subunit.name = tmp_subunit['name']
                subunit.short_name = tmp_subunit['short_name']
                subunit.leader_id = tmp_subunit['leader_id']
                subunit.village_id = tmp_subunit['village_id']
                DBSession.add(subunit)
                DBSession.flush()
                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'SubUnit'
                userAudit.model_id = subunit.id
                userAudit.action = 'Create'
                userAudit.revision = subunit.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                self.request.session.flash(_(u"Subunit created."), 'success')
                return HTTPFound(location='/settings/organization/')
            else:
                self.request.session.flash(_(u"Please provide subunit name."), 'error')

        villages = DBSession.query(Village).all()
        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/organization/', 'text':_('Organization')})
        self.request.bread.append({'url':'/settings/organization/subunit_new/', 'text':_('New subunit')})
        return {'subunit':tmp_subunit, 'villages':villages}
Ejemplo n.º 13
0
    def settings_users_new(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate
        
        use_mailer = self.request.registry.settings['leirirekkari.use_mailer']

        tmp_user = {
            'firstname':'',
            'lastname':'',
            'email':'',
            'title':'',
            'login':'',
            'language':'',
            'groups':'',
            'privileges':'',
        }
        
        if security.has_permission("settings_users_modify_groups", self.request.context, self.request):
            groups = DBSession.query(Group).all()
        else:
            groups = {}
        if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
            privileges = DBSession.query(Privilege).all()
        else:
            privileges = {}

        if self.request.method == 'POST':
            tmp_user['firstname'] = self.request.POST.get('firstname').strip()
            tmp_user['lastname'] = self.request.POST.get('lastname').strip()
            tmp_user['email'] = self.request.POST.get('email').strip()
            tmp_user['login'] = self.request.POST.get('account_login').strip()
            tmp_user['language'] = self.request.POST.get('language').strip()
            tmp_user['title'] = self.request.POST.get('title').strip()
            if tmp_user['login'] and tmp_user['email']:
                login = tmp_user['login']
                if self.request.POST.get('account_password') != None:
                    password1 = self.request.POST.get('account_password').strip()
                else:
                    password1 = ''
                if self.request.POST.get('account_password_again') != None:
                    password2 = self.request.POST.get('account_password_again').strip()
                else:
                    password2 = ''

                if not self.checkIfUsernameExists(login):
                    if password1 == '':
                        password1 = self.nicepass(8,4)
                    elif len(password1) < 12:
                        self.request.session.flash(_(u"Passwords too short, must be at least 12 characters long."), 'error')
                        return {'user':tmp_user, 'groups':groups, 'privileges':privileges, 'use_mailer':use_mailer}
                    elif not self.checkIfPasswordsMatch(password1, password2):
                        self.request.session.flash(_(u"Passwords didn't match."), 'error')
                        return {'user':tmp_user, 'groups':groups, 'privileges':privileges, 'use_mailer':use_mailer}

                    user = User(login, tmp_user['email'])
                    user.set_password(password1)
                    user.active = 1
                    user.firstname = tmp_user['firstname']
                    user.lastname = tmp_user['lastname']
                    user.title = tmp_user['title']
                    user.language = tmp_user['language']
                    if security.has_permission("settings_users_modify_groups", self.request.context, self.request):
                        if len(self.request.POST.getall('groups'))>0:
                            user.groups = DBSession.query(Group).filter(Group.id.in_(self.request.POST.getall('groups'))).all()
                        else:
                            user.groups = []
                    if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
                        privileges_list = ''
                        if len(self.request.POST.getall('privileges')) > 0:
                            for privilege in DBSession.query(Privilege).filter(Privilege.id.in_(self.request.POST.getall('privileges'))).all():
                                privileges_list += '|'+privilege.name + '|'
                        else:
                            privileges_list = ''
                        user.privileges = privileges_list
                    user.metadata_modified = datetime.now()
                    if self.request.POST.get('send_login_details') != None and self.request.POST.get('send_login_details').strip() == '1':
                        user.needs_password_change = 1
                    elif self.request.POST.get('require_password_change') != None and self.request.POST.get('require_password_change').strip() == '1':
                        user.needs_password_change = 1
                    else:
                        user.needs_password_change = 0
                    
                    DBSession.add(user)
                    DBSession.flush()
                    self.request.session.flash(_(u"User created."), 'success')
                    userAudit = UserAudit(self.request.user.id)
                    userAudit.model = 'User'
                    userAudit.model_id = user.id
                    userAudit.action = 'Create'
                    userAudit.revision = user.metadata_revision
                    DBSession.add(userAudit)
                    DBSession.flush()
                
                    if user.id != '' and user.id != 0:
                        if self.request.registry.settings['leirirekkari.use_mailer'] == 'true':
                            if self.request.POST.get('send_login_details') != None and self.request.POST.get('send_login_details').strip() == '1':
                                mailer = get_mailer(self.request)

                            
                                setting_site_name = DBSession.query(Setting).filter(Setting.setting_key == 'site_name').first()
                                setting_mail_sent_from = DBSession.query(Setting).filter(Setting.setting_key == 'mail_sent_from').first()
                                setting_site_url = DBSession.query(Setting).filter(Setting.setting_key == 'site_url').first()
                            
                                message_subject = _(u"User account information for") + ' ' + setting_site_name.setting_value
                                message_body = _(u"Hi\n\nHere are your account details for ${site_name}.\n\nUsername: ${username}\n\nPassword: ${password}\n\nYou can login at ${site_url}\n\nRemember to behave and that all the personal data is classified and should be used and distributed carefully.", 
                                    mapping={'site_name':setting_site_name.setting_value, 'username':tmp_user['login'], 'password':password1, 'site_url':setting_site_url.setting_value})
                            
                                message = Message(subject=message_subject,
                                    sender=setting_mail_sent_from.setting_value,
                                    recipients=[tmp_user['email']],
                                    body=message_body)
                                mailer.send(message)
                            
                                              
                            
                        return HTTPFound(location='/settings/users/view/'+str(user.id))
                else:
                    self.request.session.flash(_(u"User with that username allready exists. Please choose another one."), 'error')
                    

        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/users/', 'text':_('Users')})
        self.request.bread.append({'url':'/settings/users/new/', 'text':_('New')})

        return {'user':tmp_user, 'groups':groups, 'privileges':privileges, 'use_mailer':use_mailer}
Ejemplo n.º 14
0
    def settings_me_edit(self):
        _ = self.request.translate

        tmp_user = {
            'id':0,
            'firstname':'',
            'lastname':'',
            'email':'',
            'title':'',
            'login':'',
            'language':'',
            'groups':'',
        }
        user = self.request.user

        if user.id:
            tmp_user = {
                'id':user.id,
                'firstname':user.firstname,
                'lastname':user.lastname,
                'email':user.email,
                'title':user.title,
                'language':user.language,
            }


        if self.request.method == 'POST':
            tmp_user['firstname'] = self.request.POST.get('firstname').strip()
            tmp_user['lastname'] = self.request.POST.get('lastname').strip()
            tmp_user['email'] = self.request.POST.get('email').strip()
            tmp_user['language'] = self.request.POST.get('language').strip()
            tmp_user['title'] = self.request.POST.get('title').strip()
            if tmp_user['email']:
                if self.request.POST.get('account_password') != None:
                    password1 = self.request.POST.get('account_password').strip()
                else:
                    password1 = ''
                if self.request.POST.get('account_password_again') != None:
                    password2 = self.request.POST.get('account_password_again').strip()
                else:
                    password2 = ''
                
                if password1 != '' and len(password1) < 12:
                    self.request.session.flash(_(u"Passwords too short, must be at least 12 characters long."), 'error')
                    return {'user':tmp_user}
                elif password1 != '' and not self.checkIfPasswordsMatch(password1, password2):
                    self.request.session.flash(_(u"Passwords didn't match."), 'error')
                    return {'user':tmp_user}
                elif password1 != '':
                    user.set_password(password1)
                    user.needs_password_change = 0
                    self.request.session.flash(_(u"Password changed."), 'success')
                    
                    userAudit = UserAudit(self.request.user.id)
                    userAudit.model = 'User'
                    userAudit.model_id = user.id
                    userAudit.action = 'Password update'
                    userAudit.revision = user.metadata_revision
                    DBSession.add(userAudit)
                    DBSession.flush()

                user.firstname = tmp_user['firstname']
                user.lastname = tmp_user['lastname']
                user.title = tmp_user['title']
                user.language = tmp_user['language']
                DBSession.add(user)
                DBSession.flush()

                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'User'
                userAudit.model_id = user.id
                userAudit.action = 'Update'
                userAudit.revision = user.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                
                if user.id != '' and user.id != 0:
                    self.request.session.flash(_(u"User saved."), 'success')
                    return HTTPFound(location='/settings/me/')
                else:
                    return HTTPFound(location='/settings/me/edit/')
            else:
                self.request.session.flash(_(u"Please provide email address."), 'error')

        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/me/', 'text':_('Me')})
        self.request.bread.append({'url':'/settings/me/edit/', 'text':_('Edit')})
        return {'user':tmp_user}
Ejemplo n.º 15
0
    def settings_groups_edit(self):
        if self.request.redirect_forbidden:
            return HTTPFound(location='/forbidden/')
        elif userhelpers.checkUserPasswordChangeNeed(self.request):
            return HTTPFound(location='/settings/me/edit/')
        _ = self.request.translate

        tmp_group = {
            'id':'',
            'name':'',
            'leader_id':'',
            'privileges':'',
        }
        group_id = self.request.matchdict['group_id']

        group = DBSession.query(Group).filter(Group.id==group_id).first()

        if group.id:
            if group.id == 1:
                return HTTPFound(location='/settings/groups/')

#            privilege_ids = [privilege.id for privilege in group.privileges]
            tmp_group = {
                'id':group.id,
                'name':group.name,
                'leader_id':group.leader_id,
                'privileges':group.privileges
            }
            


        if self.request.method == 'POST':
            tmp_group['name'] = self.request.POST.get('name').strip()
            if not self.checkIfGroupnameExists(tmp_group['name'], tmp_group['id']):
                group.name = tmp_group['name']
                if security.has_permission("settings_users_modify_permissions", self.request.context, self.request):
                    privileges_list = ''
                    if len(self.request.POST.getall('privileges'))> 0:
                        for privilege in DBSession.query(Privilege).filter(Privilege.id.in_(self.request.POST.getall('privileges'))).all():
                            privileges_list += '|'+privilege.name + '|'
                    group.privileges = privileges_list
                DBSession.add(group)
                DBSession.flush()

                userAudit = UserAudit(self.request.user.id)
                userAudit.model = 'Group'
                userAudit.model_id = group.id
                userAudit.action = 'Update'
                userAudit.revision = group.metadata_revision
                DBSession.add(userAudit)
                DBSession.flush()
                
                self.request.session.flash(_(u"Group saved."), 'success')
                return HTTPFound(location='/settings/groups/view/'+str(group.id))
            else:
                self.request.session.flash(_(u"Group with that name allready exists."), 'error')

        privileges = DBSession.query(Privilege).all()
        self.request.bread.append({'url':'/settings/', 'text':_('Settings')})
        self.request.bread.append({'url':'/settings/groups/', 'text':_('Groups')})
        self.request.bread.append({'url':'/settings/groups/edit/'+str(group.id)+'/', 'text':_('Edit') + ' ' + helpers.decodeString(group.name)})
        return {'group':tmp_group, 'privileges':privileges}