def _is_admin(): is_admin = False user_db = UserDB() if current_user.is_authenticated() and current_user.is_active(): admin_group = user_db.get_group(mainApp.config['ADMIN_GROUP']) is_admin = user_db.in_group(current_user, admin_group) return is_admin
def is_admin(): """ Test to determine if the user is an admin or not """ is_a = False user_db = UserDB() if current_user.is_authenticated() and current_user.is_active(): admin_group = user_db.get_group(mainApp.config['ADMIN_GROUP']) is_a = user_db.in_group(current_user, admin_group) return is_a
def get_rolemapping(self, user, group, role): """ Given a user, group and role, will return the rolemap of the three, if it exists. Otherwise will return None. FIXME - Docstring """ r = self.get_role(role) user_db = UserDB() u = user_db.get_user(user) g = user_db.get_group(group) return RoleMapping.query.filter_by(user=u).filter_by(group=g).filter_by(role=r).first()
def admin_new_group(): """ Renders the new group page """ user_db = UserDB() role_db = RoleDB() if current_user.is_authenticated() and current_user.is_active(): all_activities = set() for m in role_db.get_roles(current_user): acts = role_db.get_activities(m.role_id) for act in acts: if acts[act]: all_activities.add(act) if 'new_group' in all_activities: group = user_db.create_temp_empty_group() if 'cancel' in request.form: return redirect(url_for('admin_group.admin_group_page')) elif 'submit' in request.form: gname = request.form.get('group_name', None) group.name = gname group.description = request.form.get('description', None) if gname is not None and gname != '': g = user_db.get_group(gname) if g is None: try: group = user_db.add_group(group.name, group.description) flash(_('Group "{0}" added.'.format(gname))) return redirect(url_for( 'admin_group.admin_group_page')) except DuplicateGroup: flash(_( 'Group name "{0}" is already in use!'.format( gname)), 'error') else: flash(_("Group name cannot be empty!"), 'error') return render_template('admin_group.html', group=group, state=get_state(), title=_('Edit Group'), cancel_button=_('Cancel'), submit_button=_('Submit'), can_edit_groups=True) else: return _not_auth() else: return _not_auth()
def get_roles(self, user, group=None): """ Get the roles a given user has. Optionally, limit by group. @param user: The user. Can be user object, uid, or string name. @param group: Group to limit by. Can be group object, gid, or string name. @return A list of role mappings. """ userDB = UserDB() u = userDB.get_user(user) rm = RoleMapping.query.filter_by(user=u) if group is not None: g = userDB.get_group(group) rm = rm.filter_by(group=g) return rm.all()
def revoke_role(self, user, group, role): """ Given a user, group and role, revoke the user's rights to that role when part of the group. @param user: The user. Can be a user object, uid, or string name of the user. @param group: The group. Can be a group object, gid, or string name. @param role: The role. Can be role object, rid, or string name. """ user_db = UserDB() u = user_db.get_user(user) g = user_db.get_group(group) r = self.get_role(role) rmaps = RoleMapping.query.filter_by(user=u).filter_by(group=g).filter_by(role=r).all() for rm in rmaps: mainDB.session.delete(rm) mainDB.session.commit()
def assign_role(self, user, group, role): """ Given a user, group and role, assign the user as the role when part of the group. @param user: The user. Can be user object, uid, or string name of the user. @param group: The group. Can be group object, gid, or string name. @param role: The role. Can be role object, rid, or string name. """ userDB = UserDB() u = userDB.get_user(user) g = userDB.get_group(group) r = self.get_role(role) exist = RoleMapping.query.filter_by(user=u).filter_by(group=g).filter_by(role=r).all() if exist == []: rm = RoleMapping(r, u, g) mainDB.session.add(rm) mainDB.session.commit()
def process_entry_object(parent): ''' Return an entry object. Does not add to db ''' user_db = UserDB() entry_db = EntryDB() group_used = user_db.get_group(request.form.get('group', None)) purl = request.form.get('url', None) if purl is not None: t = entry_db.find_by_URL(purl) if len(t) > 0: flash(_("'{0}' URL is already in use!".format(purl))) purl = None return entry_db.create_temp_entry( request.form.get('title', ''), request.form.get('entry', ''), current_user, group_used, int(request.form.get('weight', 0)), purl, bool(request.form.get('html', False)), parent, bool(request.form.get('static', False)))
def _edit_post(eid=None): """ Edit a post """ # FIXME - This method has kind of gotten monsterous. Refactor. user_db = UserDB() role_db = RoleDB() entry_db = EntryDB() if current_user.is_authenticated() and current_user.is_active(): all_groups = set(user_db.get_users_groups(current_user)) all_roles = role_db.get_roles(current_user) role_groups = set(m.group for m in all_roles) role_by_groups = dict(((m.group, role_db.get_activities(m.role)) for m in all_roles)) # The available groups are ones which they are both a part of AND which # they have a role in! avail_groups = all_groups & role_groups groups = [] if current_user.primary_group in avail_groups: # Make sure primary group is first in the list, if it's there #avail_groups.remove(current_user.primary_group) groups.append(current_user.primary_group) groups.extend(avail_groups) parent_group = None parent = None if 'parent' in request.values: parent = entry_db.find_by_id(request.values['parent']) parent_group = parent.group # If everything else fails, we default to the top level if parent_group is None: parent_group = user_db.get_group(mainApp.config['TOP_LEVEL_GROUP']) if parent_group in avail_groups and parent_group in role_by_groups: if role_by_groups[parent_group].get('new_post', False): entry = None tags = [] if eid is None: if request.method == "POST": entry = process_entry_object(parent) if "tags" in request.form: tags = [x.strip() for x in request.form['tags'].split(',') if x != ''] if "submit" in request.form: entry_db.add_entry_object(entry) if len(tags) > 0: entry_db.add_tag(tags, entry) return redirect(url_for('node.show_node', num=entry.id)) else: entry = entry_db.find_by_id(eid) if entry is None: return render_template('noink_message.html', state=get_state(), title=_('Entry not found!'), message=_( 'The entry "{0}" was not found!'.format(eid))) if request.method == "POST": entry = update_entry_object(entry) if "tags" in request.form: tags = [x.strip() for x in request.form['tags'].split(',') if x != ''] if "submit" in request.form: entry_db.update_entry(entry) entry_db.update_editor(current_user, entry) if len(tags) > 0: entry_db.add_tag(tags, entry) return redirect(url_for('node.show_node', num=entry.id)) else: for tm in entry.tagmap: tags.append(tm.tag.tag) return render_template('new_post.html', state=get_state(), groups=groups, entry=entry, tags=tags, is_edit=True, title=_('New Post'), submit_button=_('Submit'), preview_button=_('Preview')) else: return not_authorized() else: return not_authorized() return render_template('noink_message.html', state=get_state(), title=_('Not authorized'), message=_('You must be logged in as a user to access this page!'))
def new_user(): """ Dialog for new user. """ user_db = UserDB() role_db = RoleDB() if current_user.is_authenticated() and current_user.is_active(): is_admin = user_db.in_group(current_user, mainApp.config["ADMIN_GROUP"]) all_activities = set() for m in role_db.get_roles(current_user): acts = role_db.get_activities(m.role_id) for act in acts: if acts[act]: all_activities.add(act) if "new_user" in all_activities: user = user_db.create_temp_empty_user() groups = user_db.get_all_groups() if "cancel" in request.form: return redirect(request.args.get("next") or url_for("admin.admin_page")) elif "update" in request.form: password = _check_password(request.form.get("password", None), request.form.get("pcheck", None)) user.name = _check_username(request.form.get("name", None)) user.fullname = request.form.get("fullname", None) user.bio = request.form.get("bio", None) g = user_db.get_group(request.form.get("primary_group", None)) user.primary_group_id = g.id user.active = request.form.get("active", None) == "on" # Validation if user.name is not None: if password is not None: if g is not None: u = user_db.add(user.name, password, user.fullname, user.bio, g, user.active) flash(_('User "{0}" added.'.format(u.name))) return redirect(url_for("admin_user.admin_user_page", uid=u.id)) else: flash(_("Invalid group")) else: flash(_("Passwords do not match!")) else: flash(_("Username invalid")) return render_template( "admin_new_user.html", state=get_state(), user=user, groups=groups, title=_("Add new user"), can_edit_users=True, is_admin=is_admin, submit_button=_("Add"), cancel_button=_("Cancel"), ) else: return _not_auth() return _not_auth()
def admin_user_page(uid): """ Renders the user admin page """ user_db = UserDB() role_db = RoleDB() if current_user.is_authenticated() and current_user.is_active(): # Gather permissions for currently logged in user # cur_all_groups = set(user_db.get_users_groups(current_user)) cur_rolemap = role_db.get_roles(current_user) admin_group = user_db.get_group(mainApp.config["ADMIN_GROUP"]) is_admin = user_db.in_group(current_user, admin_group) gs = set(user_db.get_all_groups()) avail_roles = role_db.get_all_roles() avail_roles_by_group = dict() for g in gs: avail_roles_by_group[g.id] = list(avail_roles) cur_roles_by_group = _get_roles_by_group(cur_rolemap, avail_roles_by_group) user = None group = [] if uid is None: uid = current_user.id # We do this because ptherwise we get a proxy to the object user = user_db.get_user(current_user.id) else: user = user_db.get_user(uid) if user is None: return render_template( "noink_message.html", state=get_state(), title=_("User not found!"), message=_('User with ID "{0}" was not found!'.format(uid)), ) else: group = user_db.get_users_groups(user) all_groups = set(user_db.get_users_groups(user)) rolemap = role_db.get_roles(user) avail_groups = list(gs - all_groups) user_roles = set() for m in rolemap: user_roles.add(m.role) roles_by_group = _get_roles_by_group(rolemap, avail_roles_by_group) # # DETERMINE PERMISSIONS MORE SPECIFICALLY # can_edit_users = False if admin_group.id in cur_roles_by_group: for rm in cur_roles_by_group[admin_group.id]: acts = role_db.get_activities(rm.role) can_edit_users = acts.get("edit_user") if is_admin or uid == current_user.id: if request.method == "POST": if "form_id" in request.form: if request.form["form_id"] == "general": # # PASSWORD UPDATE # if request.form.get("password", "") != "": password = _check_password( request.form.get("password", None), request.form.get("pcheck", None) ) if password != "" and password is not None: user_db.update_password(user, password) flash(_("Updated password")) else: flash(_("Passwords do not match!")) # # NAME UPDATE # if request.form.get("name", user.name) != user.name: new_name = _check_username(request.form.get("name", user.name)) if new_name != user.name and new_name is not None: user.name = new_name flash(_("User name updated")) else: flash(_('"{0}" user already exists!'.format(new_name)), "error") # # FULLNAME & BIO UPDATE # user.fullname = request.form.get("fullname", user.fullname) user.bio = request.form.get("bio", user.bio) # # PRIMARY GROUP # primary_group = request.form.get("primary_group", None) if primary_group is not None and primary_group != user.primary_group.name: if user_db.update_primary(user, primary_group): flash(_("Updated primary group")) else: flash(_("Failed to update primary group"), "error") # # ACTIVE # active = request.form.get("active", None) == "on" if isinstance(active, bool): if active != user.active: user.active = active flash(_("User active setting changed")) # # UPDATE DATABASE # user_db.update_user(user) elif request.form["form_id"] == "groups": # # UPDATE GROUP MEMBERSHIPS # if "delete" in request.form: rm_g = user_db.get_group(int(request.form["delete"])) if isinstance(rm_g, Group): if user_db.remove_from_group(user, rm_g): flash(_('User removed from group "{0}".'.format(rm_g.name))) group = user_db.get_users_groups(user) all_groups = set(group) avail_groups = list(gs - all_groups) else: print("HERE") flash( _( 'Unable to remove user "{0}" from' ' group "{1}".'.format(user.name, rm_g.name) ) ) else: flash( _( 'Unable to remove user "{0}" from' 'group "{1}".'.format(user.name, request.form["delete"]) ) ) elif "add" in request.form: add_g = user_db.get_group(request.form.get("add_group", None)) if isinstance(add_g, Group): user_db.add_to_group(user, add_g) group = user_db.get_users_groups(user) all_groups = set(group) avail_groups = list(gs - all_groups) if add_g in group: flash(_('Added user to group "{0}".'.format(add_g.name))) else: flash( _('Problem adding user "{0} to ' 'group "{1}"!'.format(user.name, add_g.name)), "error", ) else: flash(_('Unable to find group "{0}"!'.format(request.form["add"])), "error") elif request.form["form_id"] == "roles": # # UPDATE ROLE MEMBERSHIP # if "delete" in request.form: rm_r = role_db.get_role(int(request.form["delete"])) g = user_db.get_group(int(request.form.get("group", -1))) if isinstance(rm_r, Role) and isinstance(g, Group): rolemap = role_db.get_rolemapping(user, g, rm_r) if rolemap is not None: role_db.revoke_role(user, g, rm_r) roles_by_group[g.id].remove(rolemap) avail_roles_by_group[g.id].append(rm_r) flash(_('Role "{0}" revoked.'.format(rm_r.name))) else: flash(_("Role not assigned to user."), "error") else: flash(_("Problem finding role or group.", "error")) elif "add" in request.form: g = user_db.get_group(int(request.form.get("group", -1))) r = role_db.get_role(request.form.get("add_role", None)) if isinstance(r, Role) and isinstance(g, Group): role_db.assign_role(user, g, r) rolemap = role_db.get_rolemapping(user, g, r) if r in avail_roles_by_group[g.id]: avail_roles_by_group[g.id].remove(r) if g.id not in roles_by_group: roles_by_group[g.id] = [] if rolemap not in roles_by_group[g.id]: roles_by_group[g.id].append(rolemap) flash( _( 'Role "{0}" assigned for user "{1}"' ' with group "{2}".'.format(r.name, user.name, g.name) ) ) else: flash(_("Problem finding role or group.", "error")) else: return render_template( "noink_message.html", state=get_state(), title=_("Form error"), message=_( "There was a problem identifying form " "elements. If this problem persists, contact" " your site administrator" ), ) # render the admin user page for uid user return render_template( "admin_user.html", state=get_state(), user=user, groups=group, avail_groups=avail_groups, is_admin=is_admin, role_map=rolemap, avail_roles=avail_roles, roles_by_group=roles_by_group, title=_("User Account"), avail_roles_by_group=avail_roles_by_group, can_edit_users=can_edit_users, submit_button=_("Update"), ) return _not_auth()
def admin_group_page(gid): """ Renders the group page """ user_db = UserDB() role_db = RoleDB() if current_user.is_authenticated() and current_user.is_active(): is_admin = user_db.in_group(current_user, mainApp.config['ADMIN_GROUP']) all_activities = set() for m in role_db.get_roles(current_user): acts = role_db.get_activities(m.role_id) for act in acts: if acts[act]: all_activities.add(act) can_view_groups = 'view_groups' in all_activities can_edit_groups = 'edit_group' in all_activities if is_admin or can_view_groups: if gid is None: if request.method == "POST": if 'delete' in request.form: gids = request.form.getlist('select') for gid in gids: try: user_db.delete_group(int(gid)) flash(_('Group with ID "{0}" deleted.'.format( gid))) except GroupNotFound: flash(_('"{0}" group id not found!'.format( gid)), 'error') elif 'new' in request.form: return redirect(url_for('admin_group.admin_new_group')) groups = user_db.get_all_groups() return render_template('list_groups.html', groups=groups, state=get_state(), can_view_groups=can_view_groups, can_edit_groups=can_edit_groups, title=_('All Groups'), delete_button=_('Delete'), new_button=_('New'), cancel_button=_('Cancel'), del_title=_('Delete Group(s)'), del_warn=_('Deleting groups is a permanent action. '\ 'Are you sure?')) else: if request.method == "POST": if 'cancel' in request.form: return redirect(url_for('admin_group.admin_group_page')) elif 'submit' in request.form: group = user_db.get_group(gid) if group is not None: group.name = request.form.get('group_name', group.name) group.description = request.form.get('description', group.description) user_db.update_group(group) group = user_db.get_group(gid) if group is not None: return render_template('admin_group.html', group=group, state=get_state(), title=_('Edit Group'), cancel_button=_('Cancel'), submit_button=_('Submit'), can_edit_groups=can_edit_groups) else: flash(_('Group "{0}" not found!'.format(gid)), 'error') return redirect(url_for("admin_group.admin_group_page")) else: return _not_auth() else: return _not_auth()