def remove_members(self, REQUEST):
""" view """
org_id = REQUEST.form['id']
user_id_list = REQUEST.form['user_id']
assert type(user_id_list) is list
for user_id in user_id_list:
assert type(user_id) is str
agent = self._get_ldap_agent(bind=True)
try:
with agent.new_action():
agent.remove_from_org(org_id, user_id_list)
_set_session_message(
REQUEST, 'info', 'Removed %d members from organisation "%s".' %
(len(user_id_list), org_id))
log.info("%s REMOVED MEMBERS %s FROM ORGANISATION %s",
logged_in_user(REQUEST), user_id_list, org_id)
except (NO_SUCH_OBJECT, INVALID_DN_SYNTAX, UserNotFound):
_set_session_message(
REQUEST, 'error',
("Deleted users cannot be removed from orgsnisations yet "
"(will be implemented)"))
REQUEST.RESPONSE.redirect(self.absolute_url() + '/members_html?id=' +
org_id)
def add_members(self, REQUEST):
""" view """
org_id = REQUEST.form['id']
user_id_list = REQUEST.form['user_id']
assert type(user_id_list) is list
for user_id in user_id_list:
assert type(user_id) is str
agent = self._get_ldap_agent(bind=True)
with agent.new_action():
for user_id in user_id_list:
old_info = agent.user_info(user_id)
self._remove_from_all_orgs(agent, user_id)
old_info['organisation'] = org_id
agent.set_user_info(user_id, old_info)
agent.add_to_org(org_id, user_id_list)
_set_session_message(
REQUEST, 'info', 'Added %d members to organisation "%s".' %
(len(user_id_list), org_id))
log.info("%s ADDED MEMBERS %s TO ORGANISATION %s",
logged_in_user(REQUEST), user_id_list, org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/members_html?id=' +
org_id)
def profile_picture(self, REQUEST):
""" view """
if not _is_logged_in(REQUEST):
return REQUEST.RESPONSE.redirect(self.absolute_url() + '/')
image_file = REQUEST.form.get('image_file', None)
if image_file:
picture_data = image_file.read()
user_id = logged_in_user(REQUEST)
agent = self._get_ldap_agent(bind=True, write=True)
try:
password = _get_user_password(REQUEST)
agent.bind_user(user_id, password)
color = (255, 255, 255)
picture_data = scale_to(picture_data, WIDTH, HEIGHT, color)
success = agent.set_user_picture(user_id, picture_data)
except ValueError:
_set_session_message(REQUEST, 'error',
"Error updating picture")
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/profile_picture_html')
if success:
success_text = "That's a beautiful picture."
_set_session_message(REQUEST, 'message', success_text)
else:
_set_session_message(REQUEST, 'error',
"Error updating picture.")
else:
_set_session_message(REQUEST, 'error',
"You must provide a JPG file.")
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/profile_picture_html')
def edit_organisation(self, REQUEST):
""" Save modifications in the organisation data """
org_id = REQUEST.form['id']
org_info = {}
for name in editable_org_fields:
org_info[name] = REQUEST.form.get(name)
errors = validate_org_info(org_id, org_info)
if errors:
msg = "Organisation not modified. Please correct the errors below."
_set_session_message(REQUEST, 'error', msg)
for msg in itertools.chain(*errors.values()):
_set_session_message(REQUEST, 'error', msg)
REQUEST.SESSION[SESSION_FORM_DATA] = dict(org_info, id=org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/edit_organisation_html?id=' + org_id)
return
agent = self._get_ldap_agent(bind=True)
with agent.new_action():
agent.set_org_info(org_id, org_info)
when = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
_set_session_message(REQUEST, 'info', "Organisation saved (%s)" % when)
log.info("%s EDITED ORGANISATION %s", logged_in_user(REQUEST), org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/organisation?id=' +
org_id)
def edit_account_html(self, REQUEST):
""" view """
if not _is_logged_in(REQUEST):
return REQUEST.RESPONSE.redirect(self.absolute_url() + '/')
agent = self._get_ldap_agent()
'''
orgs = agent.all_organisations()
orgs = [{'id': k, 'text': v['name'], 'text_native': v['name_native'],
'ldap': True} for k, v in orgs.items()]
'''
agent = self._get_ldap_agent(bind=True)
user_id = logged_in_user(REQUEST)
errors = _session_pop(REQUEST, SESSION_FORM_ERRORS, {})
form_data = _session_pop(REQUEST, SESSION_FORM_DATA, None)
if form_data is None:
form_data = agent.user_info(user_id)
'''
user_orgs = list(agent.user_organisations(user_id))
if not user_orgs:
org = form_data.get('organisation')
if org:
orgs.append({'id': org, 'text': org, 'text_native': '',
'ldap': False})
else:
org = user_orgs[0]
org_id = agent._org_id(org)
form_data['organisation'] = org_id
orgs.sort(lambda x, y: cmp(x['text'], y['text']))
'''
choices = [('-', '-')]
'''
for org in orgs:
if org['ldap']:
if org['text_native']:
label = u"%s (%s, %s)" % (org['text'], org['text_native'],
org['id'])
else:
label = u"%s (%s)" % (org['text'], org['id'])
else:
label = org['text']
choices.append((org['id'], label))
'''
schema = user_info_schema.clone()
widget = deform.widget.SelectWidget(values=choices)
schema['organisation'].widget = widget
options = {
'base_url': self.absolute_url(),
'form_data': form_data,
'errors': errors,
'schema': schema,
}
options.update(_get_session_messages(REQUEST))
return self._render_template('zpt/edit_account.zpt', **options)
def profile_picture_html(self, REQUEST):
""" view """
if not _is_logged_in(REQUEST):
return REQUEST.RESPONSE.redirect(self.absolute_url() + '/')
user_id = logged_in_user(REQUEST)
agent = self._get_ldap_agent(bind=True)
if agent.get_profile_picture(user_id):
has_image = True
else:
has_image = False
return self._render_template('zpt/profile_picture.zpt',
user_id=logged_in_user(REQUEST),
base_url=self.absolute_url(),
has_current_image=has_image,
here=self,
**_get_session_messages(REQUEST))
def change_password_html(self, REQUEST):
""" view """
if not _is_logged_in(REQUEST):
return REQUEST.RESPONSE.redirect(self.absolute_url() + '/')
return self._render_template('zpt/change_password.zpt',
user_id=logged_in_user(REQUEST),
base_url=self.absolute_url(),
**_get_session_messages(REQUEST))
def edit_member_action(self, REQUEST):
""" view """
agent = self._get_ldap_agent()
org_id = REQUEST.form['org_id']
user_id = REQUEST.form['user_id']
user = REQUEST.AUTHENTICATED_USER
if not self.can_edit_members(user, org_id, user_id):
_set_session_message(
REQUEST, 'error',
"You are not allowed to edit user %s" % user_id)
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/members_html?id=' + org_id)
return None
user_form = deform.Form(user_info_edit_schema)
try:
new_info = user_form.validate(REQUEST.form.items())
except deform.ValidationFailure as e:
session = REQUEST.SESSION
errors = {}
for field_error in e.error.children:
errors[field_error.node.name] = field_error.msg
session[SESSION_FORM_ERRORS] = errors
session[SESSION_FORM_DATA] = dict(REQUEST.form)
msg = u"Please correct the errors below and try again."
_set_session_message(REQUEST, 'error', msg)
else:
agent = self._get_ldap_agent(bind=True, secondary=True)
old_info = agent.user_info(user_id)
new_info.update(first_name=old_info['first_name'],
last_name=old_info['last_name'])
new_org_id = new_info['organisation']
old_org_id = old_info['organisation']
new_org_id_valid = agent.org_exists(new_org_id)
# make a check if user is changing the organisation
with agent.new_action():
if new_org_id != old_org_id:
self._remove_from_all_orgs(agent, user_id)
if new_org_id_valid:
self._add_to_org(agent, new_org_id, user_id)
agent.set_user_info(user_id, new_info)
when = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
_set_session_message(REQUEST, 'message',
"Profile saved (%s)" % when)
log.info("%s EDITED USER %s as member of %s",
logged_in_user(REQUEST), user_id, new_org_id)
REQUEST.RESPONSE.redirect('%s/edit_member?user_id=%s&org_id=%s' %
(self.absolute_url(), user_id, org_id))
def _get_ldap_agent(context, bind=False, secondary=False):
''' get the ldap agent '''
agent = ldap_agent_with_config(context._config, bind, secondary=secondary)
try:
agent._author = logged_in_user(context.REQUEST)
except AttributeError:
agent._author = "System user"
return agent
def profile_picture_jpg(self, REQUEST):
"""
Returns jpeg picture data for logged-in user.
Assumes picture is available in LDAP.
"""
user_id = logged_in_user(REQUEST)
agent = self._get_ldap_agent(bind=True)
photo = agent.get_profile_picture(user_id)
REQUEST.RESPONSE.setHeader('Content-Type', 'image/jpeg')
return photo
def delete_organisation(self, REQUEST):
""" Delete organisation """
org_id = REQUEST.form['id']
agent = self._get_ldap_agent(bind=True)
with agent.new_action():
agent.delete_org(org_id)
_set_session_message(REQUEST, 'info',
'Organisation "%s" has been deleted.' % org_id)
log.info("%s DELETED ORGANISATION %s", logged_in_user(REQUEST), org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/')
def index_html(self, REQUEST):
""" view """
options = {
'base_url': self.absolute_url(),
}
if _is_logged_in(REQUEST):
agent = self._get_ldap_agent(bind=True)
user_id = logged_in_user(REQUEST)
options['user_info'] = agent.user_info(user_id)
else:
options['user_info'] = None
options.update(_get_session_messages(REQUEST))
return self._render_template('zpt/index.zpt', **options)
def remove_picture(self, REQUEST):
""" Removes existing profile picture for loggedin user """
user_id = logged_in_user(REQUEST)
agent = self._get_ldap_agent(bind=True, write=True)
try:
password = _get_user_password(REQUEST)
agent.bind_user(user_id, password)
agent.set_user_picture(user_id, None)
except Exception:
_set_session_message(REQUEST, 'error', "Something went wrong.")
else:
_set_session_message(REQUEST, 'message', "No image for you.")
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/profile_picture_html')
def rename_organisation(self, REQUEST):
""" Save modifications in the organisation id """
org_id = REQUEST.form['id']
new_org_id = REQUEST.form['new_id']
if not re.match('^[a-z_]+$', new_org_id):
_set_session_message(REQUEST, 'error', (VALIDATION_ERRORS['id']))
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/organisation?id=' + org_id)
if org_id == new_org_id:
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/organisation?id=' + org_id)
return
agent = self._get_ldap_agent(bind=True)
try:
with agent.new_action():
agent.rename_org(org_id, new_org_id)
except NameAlreadyExists:
msg = ('Organisation "%s" could not be renamed because "%s" '
'already exists.' % (org_id, new_org_id))
_set_session_message(REQUEST, 'error', msg)
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/organisation?id=' + org_id)
return
except OrgRenameError:
msg = ('Renaming of "%s" failed mid-way. Some data may be '
'inconsistent. Please inform a system administrator.' %
org_id)
_set_session_message(REQUEST, 'error', msg)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/')
return
msg = ('Organisation "%s" renamed to "%s".' % (org_id, new_org_id))
_set_session_message(REQUEST, 'info', msg)
log.info("%s RENAMED ORGANISATION %s TO %s", logged_in_user(REQUEST),
org_id, new_org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/organisation?id=' +
new_org_id)
def edit_account(self, REQUEST):
""" view """
user_id = logged_in_user(REQUEST)
user_form = deform.Form(user_info_schema)
try:
new_info = user_form.validate(REQUEST.form.items())
except deform.ValidationFailure as e:
session = REQUEST.SESSION
errors = {}
for field_error in e.error.children:
errors[field_error.node.name] = field_error.msg
session[SESSION_FORM_ERRORS] = errors
session[SESSION_FORM_DATA] = dict(REQUEST.form)
msg = u"Please correct the errors below and try again."
_set_session_message(REQUEST, 'error', msg)
else:
agent = self._get_ldap_agent(bind=True)
with agent.new_action():
# make a check if user is changing the organisation
old_info = agent.user_info(user_id)
new_org_id = new_info['organisation']
old_org_id = old_info['organisation']
new_org_id_valid = agent.org_exists(new_org_id)
if new_org_id != old_org_id:
self._remove_from_all_orgs(agent, user_id)
if new_org_id_valid:
self._add_to_org(agent, new_org_id, user_id)
agent.set_user_info(user_id, new_info)
when = datetime.now().strftime("%Y-%m-%d %H:%M:%S")
_set_session_message(REQUEST, 'message',
"Profile saved (%s)" % when)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/edit_account_html')
def create_organisation(self, REQUEST):
""" Create organisation """
org_id = REQUEST.form['id']
org_info = {}
for name in editable_org_fields:
org_info[name] = REQUEST.form.get(name)
errors = validate_org_info(org_id, org_info, create_mode=True)
if errors:
msg = "Organisation not created. Please correct the errors below."
_set_session_message(REQUEST, 'error', msg)
for msg in itertools.chain(*errors.values()):
_set_session_message(REQUEST, 'error', msg)
REQUEST.SESSION[SESSION_FORM_DATA] = dict(org_info, id=org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/create_organisation_html')
return
org_id = str(org_id)
agent = self._get_ldap_agent(bind=True)
try:
with agent.new_action():
agent.create_org(org_id, org_info)
except ldap.ALREADY_EXISTS:
msg = "Organisation not created. Please correct the errors below."
_set_session_message(REQUEST, 'error', msg)
_set_session_message(REQUEST, 'error',
'Organisation ID exists already')
REQUEST.SESSION[SESSION_FORM_DATA] = dict(org_info, id=org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/create_organisation_html')
return
msg = 'Organisation "%s" created successfully.' % org_id
_set_session_message(REQUEST, 'info', msg)
log.info("%s CREATED ORGANISATION %s", logged_in_user(REQUEST), org_id)
REQUEST.RESPONSE.redirect(self.absolute_url() + '/organisation?id=' +
org_id)
def change_password(self, REQUEST):
""" view """
form = REQUEST.form
user_id = logged_in_user(REQUEST)
agent = self._get_ldap_agent(bind=True, write=True)
user_info = agent.user_info(user_id)
if form['new_password'] != form['new_password_confirm']:
_set_session_message(REQUEST, 'error',
"New passwords do not match")
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/change_password_html')
try:
agent.bind_user(user_id, form['old_password'])
agent.set_user_password(user_id, form['old_password'],
form['new_password'])
options = {
'first_name': user_info['first_name'],
'password': form['new_password'],
'network_name': NETWORK_NAME,
}
email_template = load_template('zpt/email_change_password.zpt')
email_password_body = email_template.pt_render(options)
addr_to = user_info['email']
message = MIMEText(email_password_body)
message['From'] = ADDR_FROM
message['To'] = addr_to
message['Subject'] = "%s Account - New password" % NETWORK_NAME
try:
mailer = getUtility(IMailDelivery, name="Mail")
mailer.send(ADDR_FROM, [addr_to], message.as_string())
except ComponentLookupError:
mailer = getUtility(IMailDelivery, name="naaya-mail-delivery")
mailer.send(ADDR_FROM, [addr_to], message)
except ValueError:
_set_session_message(REQUEST, 'error', "Old password is wrong")
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/change_password_html')
except CONSTRAINT_VIOLATION as e:
if e.message['info'] in ['Password fails quality checking policy']:
try:
defaultppolicy = agent.conn.search_s(
'cn=defaultppolicy,ou=pwpolicies,o=EIONET,'
'l=Europe', SCOPE_BASE)
p_length = defaultppolicy[0][1]['pwdMinLength'][0]
message = '%s (min. %s characters)' % (e.message['info'],
p_length)
except NO_SUCH_OBJECT:
message = e.message['info']
else:
message = e.message['info']
_set_session_message(REQUEST, 'error', message)
return REQUEST.RESPONSE.redirect(self.absolute_url() +
'/change_password_html')
REQUEST.RESPONSE.redirect(self.absolute_url() +
'/password_changed_html')
def _is_logged_in(request):
if logged_in_user(request) is None:
return False
else:
return True
def user_id(self):
return logged_in_user(self._get_request())