def edit_profile(): here = url_for('edit_profile') next_url = request.args.get('next_url', here) # This is circular user = flask.g.user Audit(flask.g, '', '/user/profile', '', result='').write() form = dict() form['password'] = '' form['password2'] = '' if request.method == 'POST': valid = True if request.form['name']: user.name = request.form['name'] else: valid = False flash('Error: you have to provide a contact name', 'error') if request.form['email']: user.email = request.form['email'] else: valid = False flash('Error: you have to provide a contact email', 'error') if request.form['company']: user.set_data('company', request.form['company']) else: flash('Please provide a company name', 'warning') if request.form['phone']: user.set_data('phone', request.form['phone']) else: flash('Please provide a phone number', 'warning') if request.form['mobile']: user.set_data('mobile', request.form['mobile']) # Optional if valid: User.commit() if next_url == here: # only flash if we're coming back here... Audit(flask.g, '', '/user/profile', '', result='Update Success').write() flash('Profile successfully updated', 'success') return redirect(next_url) form['name'] = user.name form['email'] = user.email form['company'] = user.get_data('company', '') form['phone'] = user.get_data('phone', '') form['mobile'] = user.get_data('mobile', '') return render_template('user.profile.haml', form=form)
def edit_profile(): here = url_for('edit_profile') next_url = request.args.get('next_url', here) # This is circular user = flask.g.user Audit(flask.g, '', '/user/profile', '', result='').write() form=dict() form['password']='' form['password2']='' if request.method == 'POST': valid = True if request.form['name']: user.name = request.form['name'] else: valid = False flash(u'Error: you have to provide a contact name', 'error') if request.form['email']: user.email = request.form['email'] else: valid = False flash(u'Error: you have to provide a contact email', 'error') if request.form['company']: user.set_data('company', request.form['company']) else: flash(u'Please provide a company name', 'warning') if request.form['phone']: user.set_data('phone', request.form['phone']) else: flash(u'Please provide a phone number', 'warning') if request.form['mobile']: user.set_data('mobile', request.form['mobile']) # Optional if valid: User.commit() if next_url == here: # only flash if we're coming back here... Audit(flask.g, '', '/user/profile', '', result='Update Success').write() flash(u'Profile successfully updated', 'success') return redirect(next_url) form['name']=user.name form['email']=user.email form['company']=user.get_data('company', '') form['phone'] =user.get_data('phone', '') form['mobile'] =user.get_data('mobile', '') return render_template('user.profile.haml', form=form)
def admin_room_add(): Audit(flask.g, None, '/admin/room', '*ADD*').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, None, '/admin/room', '*ADD*', result='NOT AUTHORIZED').write() return home_page() # TODO : Charge more?? #print "adding a room" form = dict() form['name'] = '' if request.method == 'POST': site = flask.g.site proj_new = request.form['name'].strip() form['name'] = proj_new if len(proj_new) == 0: flash('Error: you have to provide a project room name', 'section_create') elif proj_new == '..': flash('Error: invalid project room name', 'section_create') else: valid = True for c in '\\/*?#\'\"': if c in proj_new: valid = False flash( 'Error: project room name contains invalid character " %s "' % (c, ), 'section_create') if valid: # Check whether this exists already if proj_new in flask.g.user.list_projects(): valid = False flash('Error: project room already exists', 'section_create') if valid: # Create entries for this 'siteadmin' user for the new project user = flask.g.user user.grant_permission(proj_new, 'access') user.grant_permission(proj_new, 'invite') user.grant_permission(proj_new, 'files') user.grant_permission(proj_new, 'admin') # Create entries in site for the new project site = flask.g.site site.set_data(proj_new, 'name', proj_new) site.set_data(proj_new, 'summary', '') site.set_data(proj_new, 'watermark', '$date : $email @ $ip') site.set_data(proj_new, 'invite_subject', 'Invitation to access a DataRoom') site.set_data( proj_new, 'invite_body', """ $name: Please use the following link to become a user of the DataRoom service : $link If you would like assistance, please do not hesitate to contact the administrator listed at the top of the website. """.strip()) # and a directory on disk... DataRoom(user, proj_new).ensure_path() User.commit() Site.commit() return redirect(url_for('admin_room_edit', proj=proj_new)) return render_template('admin.room.haml', create_proj=True, form=form)
def admin_invite(proj): Audit(flask.g, proj, '/admin/invite', '').write() if not flask.g.user.has_permission(proj, 'invite'): Audit(flask.g, proj, '/admin/invite', '', result='NOT AUTHORIZED').write() return home_page() form = dict() form['mode'] = 'form' form['invite_name'] = '' form['invite_email'] = '' form['invite_subject'] = flask.g.site.get_data(proj, 'invite_subject', '') form['invite_body'] = flask.g.site.get_data(proj, 'invite_body', '') #print flask.g.site.bundle if request.method == 'POST': valid = True form['invite_email'] = request.form['invite_email'].lower().strip() if len(form['invite_email']) == 0: flash('Error: you have to provide an email address', 'section_invite') valid = False form['invite_name'] = request.form['invite_name'].strip() if len(form['invite_name']) == 0: flash('Error: you have to provide the user\'s name', 'section_invite') valid = False form['invite_subject'] = request.form['invite_subject'] if len(form['invite_subject']) == 0: flash('Error: you have to provide text for the email subject line', 'section_invite') valid = False form['invite_body'] = request.form['invite_body'] if len(form['invite_body']) == 0: flash('Error: you have to provide text for the email body', 'section_invite') valid = False if valid: email_to = '"%s" <%s>' % ( form['invite_name'], form['invite_email'], ) email_from = '"%s" <%s>' % ( flask.g.site.chrome('admin_name'), flask.g.site.chrome('admin_email'), ) if request.form['mode'] == 'check': #print "FORM BUTTON : %s" % (request.form['check_button'],) if request.form['check_button'] == 'send': user = User(flask.g.site.tag, form['invite_email'], form['invite_name']) user.grant_permission(proj, 'access') #user.set_password('') # No password : user will be prompted (all attempts will fail) User.add(user) User.commit() # This sets up the user_id invite_link = url_for('user_invite_with_token', _external=True, user_id=user.id, token=user.invitation_token()) for s in ['invite_subject', 'invite_body']: #form[s+'_actual'] = Site.string.Template(request.form[s]).safe_substitute( form[s + '_actual'] = Site.substitute_dollar_strings( request.form[s], flask.g, link=invite_link, name=form['invite_name'], email=form['invite_email'], ) sent = flask.g.site.send_email( flask.g.site.chrome('admin_name'), flask.g.site.chrome('admin_email'), form['invite_name'], form['invite_email'], form['invite_subject_actual'], form['invite_body_actual'], ) Audit(flask.g, proj, '/admin/invite', email_to, result='sent').write() if sent: flash('Email sent to %s !' % (email_to, ), 'section_sent') else: flash('Email NOT sent to %s !' % (email_to, ), 'section_invite') # Looks like an error # Blank out the name and email addresses form['invite_name'] = '' form['invite_email'] = '' else: # This will default to going back to the entry form Audit(flask.g, proj, '/admin/invite', email_to, result='re-entry').write() pass else: # if valid form entries, go into check mode for email form['mode'] = 'check' form['email_to'] = email_to form['email_from'] = email_from for s in ['invite_subject', 'invite_body']: #form[s+'_actual'] = string.Template(request.form[s]).safe_substitute( form[s + '_actual'] = Site.substitute_dollar_strings( request.form[s], flask.g, #link = 'http://THIS-SITE/user/new/0/123456789', link=url_for('user_invite_with_token', _external=True, user_id=0, token='SAMPLE-ONLY'), name=form['invite_name'], email=form['invite_email'], ) Audit(flask.g, proj, '/admin/invite', email_to, result='checking').write() else: # Form was invalid, redo pass return render_template( 'admin.invite.haml', form=form, proj=proj) # proj is there to generate menu entry...
def admin_users(user_id=0): Audit(flask.g, None, '/admin/users', '').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, None, '/admin/users', '', result='NOT AUTHORIZED').write() return home_page() form = dict() if user_id == 0: user = None else: user = User.get(user_id) print("Email='%s' :: perms='%s'" % ( user.email, user.bundle['perms'], )) rights = ['access', 'invite', 'files', 'admin'] projects = [] for i, proj in enumerate(sorted(flask.g.user.list_projects('access'))): d = { 'i': i, 'name': proj, 'disabled': '', } for r in rights: d[r] = '' projects.append(d) if user and user.site_tag == flask.g.site.tag: # Check that a user is selected and we can edit them Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id, ), result='accessing').write() if request.method == 'POST': valid = True if request.form['email']: if user.email != request.form['email']: user.email = request.form['email'] flash('Email address updated', 'section_success') else: valid = False flash('Error: you have to provide an email address', 'section_edit') if request.form['name']: if user.name != request.form['name']: user.name = request.form['name'] flash('User name updated', 'section_success') else: valid = False flash('Error: you have to provide the user\'s name', 'section_edit') if user.id != flask.g.user.id: # Don't alter your own permissions! update = False for p in projects: for r in rights: if 'proj%d_%s' % ( p['i'], r ) in request.form: # http://nesv.blogspot.com/2011/10/flask-gotcha-with-html-forms-checkboxes.html #print "project[%s] %s checked" % (p['name'], r, ) if user.grant_permission(p['name'], r): update = True else: #print "project[%s] %s unchecked" % (p['name'], r, ) if user.revoke_permission(p['name'], r): update = True if update: flash('Access Rights updated', 'section_success') if valid: User.commit() Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id, ), result='updated').write() else: Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id, ), result='FAILURE').write() if 'password_reset' in request.form: User.commit() # In case the email address was updated send_reset_link(user) flash('Password Reset Email : Sent', 'section_success') form['user_id'] = user.id form['name'] = user.name form['email'] = user.email for p in projects: for r in rights: if user.has_permission(p['name'], r): p[r] = 'checked' if user.id == flask.g.user.id: # Don't alter your own permissions! p['disabled'] = 'disabled' else: form[ 'user_id'] = 0 # Zero is unassigned - and removes a lot of the RHS for i in ['name', 'email']: form[i] = '' # Build a list of users for this site_tag - for showing on the LHS users = [] for u in flask.g.site.list_users(): users.append({ # Flatten out the data (?WHY?) 'id':u.id, 'email':u.email, 'name':u.name, }) return render_template('admin.users.haml', form=form, users=users, projects=projects, rights=rights)
def create_password_form(user_id, token, is_new=True): next_url = request.args.get('next_url', '/') url_here = '/user/new' if is_new else '/user/reset' Audit(flask.g, '', url_here, '', result='Invite start').write() # Sign the user out (just to make sure) session.pop('userid', None) form = dict(email='', password='', password2='') valid = False if is_new: msg = "Error : Your invitation is invalid - please ask for a new one" else: msg = "Error : This is not a valid password reset link" user = User.get(user_id) if user: token_target = user.invitation_token() if token_target.lower() == token.lower(): form['email'] = user.email valid = True Audit(flask.g, '', url_here, user.email, result='Arrived').write() if is_new: if not user.password_unset( ): # This invitation has already been consumed... Audit(flask.g, '', url_here, '', result='Invitation already used up').write() valid = False msg = "Your invitation has already been used once - please use the Login tab above" else: user.password = None Audit(flask.g, '', url_here, '', result='Resetting Password').write() User.commit() if valid: if request.method == 'POST': # user has good data in it form['password'] = request.form['password'].strip() valid = check_password_acceptable(url_here, user, form['password'], request.form['password2']) if 'ts_and_cs' in request.form: Audit(flask.g, '', url_here, user.email, result='Accepted Ts and Cs').write() else: valid = False Audit(flask.g, '', url_here, user.email, result='Did not accept Ts and Cs').write() flash("The Terms and Conditions must be accepted to continue", 'error') if valid: # HUGE success user.set_password(form['password']) User.commit() # Now log this user in too flask.g.user = user # Fix up g, so that Audit works Audit(flask.g, '', url_here, user.email, result='Set password').write() session['userid'] = user.id return redirect(url_for('edit_profile', next_url=next_url)) else: Audit(flask.g, '', url_here, "%d/%s" % ( user_id, token, ), result='Failure').write() flash(msg, 'error') return render_template('user.create-password.haml', form=form, next_url=next_url, is_new=is_new)
def admin_room_add(): Audit(flask.g, None, '/admin/room', '*ADD*').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, None, '/admin/room', '*ADD*', result='NOT AUTHORIZED').write() return home_page() # TODO : Charge more?? #print "adding a room" form=dict() form['name']='' if request.method == 'POST': site = flask.g.site proj_new = request.form['name'].strip() form['name']=proj_new if len(proj_new)==0: flash(u'Error: you have to provide a project room name', 'section_create') elif proj_new == '..': flash(u'Error: invalid project room name', 'section_create') else: valid=True for c in '\\/*?#\'\"': if c in proj_new: valid=False flash(u'Error: project room name contains invalid character " %s "' % (c,), 'section_create') if valid: # Check whether this exists already if proj_new in flask.g.user.list_projects(): valid=False flash(u'Error: project room already exists', 'section_create') if valid: # Create entries for this 'siteadmin' user for the new project user = flask.g.user user.grant_permission(proj_new, 'access') user.grant_permission(proj_new, 'invite') user.grant_permission(proj_new, 'files') user.grant_permission(proj_new, 'admin') # Create entries in site for the new project site = flask.g.site site.set_data(proj_new, 'name', proj_new) site.set_data(proj_new, 'summary', '') site.set_data(proj_new, 'watermark', '$date : $email @ $ip') site.set_data(proj_new, 'invite_subject', 'Invitation to access a DataRoom') site.set_data(proj_new, 'invite_body', """ $name: Please use the following link to become a user of the DataRoom service : $link If you would like assistance, please do not hesitate to contact the administrator listed at the top of the website. """.strip()) # and a directory on disk... DataRoom(user, proj_new).ensure_path() User.commit() Site.commit() return redirect(url_for('admin_room_edit', proj=proj_new)) return render_template('admin.room.haml', create_proj=True, form=form)
def admin_invite(proj): Audit(flask.g, proj, '/admin/invite', '').write() if not flask.g.user.has_permission(proj, 'invite'): Audit(flask.g, proj, '/admin/invite', '', result='NOT AUTHORIZED').write() return home_page() form=dict() form['mode']='form' form['invite_name']='' form['invite_email']='' form['invite_subject']=flask.g.site.get_data(proj, 'invite_subject', '') form['invite_body'] =flask.g.site.get_data(proj, 'invite_body', '') #print flask.g.site.bundle if request.method == 'POST': valid=True form['invite_email'] = request.form['invite_email'].lower().strip() if len(form['invite_email'])==0: flash(u'Error: you have to provide an email address', 'section_invite') valid=False form['invite_name'] = request.form['invite_name'].strip() if len(form['invite_name'])==0: flash(u'Error: you have to provide the user\'s name', 'section_invite') valid=False form['invite_subject'] = request.form['invite_subject'] if len(form['invite_subject'])==0: flash(u'Error: you have to provide text for the email subject line', 'section_invite') valid=False form['invite_body'] = request.form['invite_body'] if len(form['invite_body'])==0: flash(u'Error: you have to provide text for the email body', 'section_invite') valid=False if valid : email_to = '"%s" <%s>' % (form['invite_name'], form['invite_email'], ) email_from = '"%s" <%s>' % (flask.g.site.chrome('admin_name'), flask.g.site.chrome('admin_email'), ) if request.form['mode']=='check': #print "FORM BUTTON : %s" % (request.form['check_button'],) if request.form['check_button']=='send': user = User(flask.g.site.tag, form['invite_email'], form['invite_name']) user.grant_permission(proj, 'access') #user.set_password('') # No password : user will be prompted (all attempts will fail) User.add(user) User.commit() # This sets up the user_id invite_link = url_for('user_invite_with_token', _external=True, user_id=user.id, token=user.invitation_token()) for s in ['invite_subject', 'invite_body']: #form[s+'_actual'] = Site.string.Template(request.form[s]).safe_substitute( form[s+'_actual'] = Site.substitute_dollar_strings(request.form[s], flask.g, link = invite_link, name = form['invite_name'], email = form['invite_email'], ) sent = flask.g.site.send_email( flask.g.site.chrome('admin_name'), flask.g.site.chrome('admin_email'), form['invite_name'], form['invite_email'], form['invite_subject_actual'], form['invite_body_actual'], ) Audit(flask.g, proj, '/admin/invite', email_to, result='sent').write() if sent : flash(u'Email sent to %s !' % (email_to,), 'section_sent') else: flash(u'Email NOT sent to %s !' % (email_to,), 'section_invite') # Looks like an error # Blank out the name and email addresses form['invite_name']='' form['invite_email']='' else: # This will default to going back to the entry form Audit(flask.g, proj, '/admin/invite', email_to, result='re-entry').write() pass else: # if valid form entries, go into check mode for email form['mode']='check' form['email_to']=email_to form['email_from']=email_from for s in ['invite_subject', 'invite_body']: #form[s+'_actual'] = string.Template(request.form[s]).safe_substitute( form[s+'_actual'] = Site.substitute_dollar_strings(request.form[s], flask.g, #link = 'http://THIS-SITE/user/new/0/123456789', link = url_for('user_invite_with_token', _external=True, user_id=0, token='SAMPLE-ONLY'), name = form['invite_name'], email = form['invite_email'], ) Audit(flask.g, proj, '/admin/invite', email_to, result='checking').write() else: # Form was invalid, redo pass return render_template('admin.invite.haml', form=form, proj=proj) # proj is there to generate menu entry...
def admin_users(user_id=0): Audit(flask.g, None, '/admin/users', '').write() if not flask.g.user.can_siteadmin(): Audit(flask.g, None, '/admin/users', '', result='NOT AUTHORIZED').write() return home_page() form=dict() if user_id==0: user = None else: user = User.get(user_id) print "Email='%s' :: perms='%s'" % (user.email, user.bundle['perms'], ) rights = ['access', 'invite', 'files', 'admin'] projects=[] for i,proj in enumerate(sorted(flask.g.user.list_projects('access'))): d = { 'i':i, 'name':proj, 'disabled':'', } for r in rights: d[r]='' projects.append(d) if user and user.site_tag == flask.g.site.tag: # Check that a user is selected and we can edit them Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='accessing').write() if request.method == 'POST': valid = True if request.form['email']: if user.email != request.form['email']: user.email = request.form['email'] flash(u'Email address updated', 'section_success') else: valid = False flash(u'Error: you have to provide an email address', 'section_edit') if request.form['name']: if user.name != request.form['name']: user.name = request.form['name'] flash(u'User name updated', 'section_success') else: valid = False flash(u'Error: you have to provide the user\'s name', 'section_edit') if user.id != flask.g.user.id: # Don't alter your own permissions! update = False for p in projects: for r in rights: if 'proj%d_%s' % (p['i'],r) in request.form: # http://nesv.blogspot.com/2011/10/flask-gotcha-with-html-forms-checkboxes.html #print "project[%s] %s checked" % (p['name'], r, ) if user.grant_permission(p['name'], r): update = True else: #print "project[%s] %s unchecked" % (p['name'], r, ) if user.revoke_permission(p['name'], r): update = True if update: flash(u'Access Rights updated', 'section_success') if valid: User.commit() Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='updated').write() else: Audit(flask.g, None, '/admin/users', 'user_id=%d' % (user.id,), result='FAILURE').write() if 'password_reset' in request.form: User.commit() # In case the email address was updated send_reset_link(user) flash(u'Password Reset Email : Sent', 'section_success') form['user_id']=user.id form['name']=user.name form['email']=user.email for p in projects: for r in rights: if user.has_permission(p['name'], r): p[r]='checked' if user.id == flask.g.user.id: # Don't alter your own permissions! p['disabled']='disabled' else: form['user_id']=0 # Zero is unassigned - and removes a lot of the RHS for i in ['name', 'email']: form[i] = '' # Build a list of users for this site_tag - for showing on the LHS users = [] for u in flask.g.site.list_users(): users.append({ # Flatten out the data (?WHY?) 'id':u.id, 'email':u.email, 'name':u.name, }) return render_template('admin.users.haml', form=form, users=users, projects=projects, rights=rights)
def create_password_form(user_id, token, is_new=True): next_url = request.args.get('next_url', '/') url_here = '/user/new' if is_new else '/user/reset' Audit(flask.g, '', url_here, '', result='Invite start').write() # Sign the user out (just to make sure) session.pop('userid', None) form=dict(email='', password='', password2='') valid=False if is_new: msg = "Error : Your invitation is invalid - please ask for a new one" else: msg = "Error : This is not a valid password reset link" user = User.get(user_id) if user: token_target = user.invitation_token() if token_target.lower()==token.lower(): form['email']=user.email valid=True Audit(flask.g, '', url_here, user.email, result='Arrived').write() if is_new : if not user.password_unset(): # This invitation has already been consumed... Audit(flask.g, '', url_here, '', result='Invitation already used up').write() valid=False msg="Your invitation has already been used once - please use the Login tab above" else: user.password=None Audit(flask.g, '', url_here, '', result='Resetting Password').write() User.commit() if valid : if request.method == 'POST': # user has good data in it form['password']=request.form['password'].strip() valid=check_password_acceptable(url_here, user, form['password'], request.form['password2']) if 'ts_and_cs' in request.form: Audit(flask.g, '', url_here, user.email, result='Accepted Ts and Cs').write() else: valid=False Audit(flask.g, '', url_here, user.email, result='Did not accept Ts and Cs').write() flash("The Terms and Conditions must be accepted to continue", 'error') if valid: # HUGE success user.set_password(form['password']) User.commit() # Now log this user in too flask.g.user = user # Fix up g, so that Audit works Audit(flask.g, '', url_here, user.email, result='Set password').write() session['userid']=user.id return redirect(url_for('edit_profile', next_url=next_url)) else: Audit(flask.g, '', url_here, "%d/%s" % (user_id, token, ) , result='Failure').write() flash(msg, 'error') return render_template('user.create-password.haml', form=form, next_url=next_url, is_new=is_new)