def delete(self, group_id):
group = DBSession.query(Group).get(group_id)
self.can_modify(group)
group.deleted = datetime.now()
DBSession.flush()
self.set(success=True, message="Deleted group: %s" % group.name)
def send_email(self, group_id):
# group = DBSession.query(Group).get(group_id)
params = self.request.POST
from_user = DBSession.query(User).get(params['from_user'])
to_users = DBSession.query(User).filter(User.id.in_(params['to_users']))
ses_conn = boto.connect_ses()
ses_conn.send_email(from_user, params['subject'], params['body'], [to_user.full_email for to_user in to_users])
def user(self):
ticket = self.request.cookies.get('ticket')
cache_key = 'ticket_user_id.%s' % ticket
user_id = redis.get(cache_key)
if user_id:
return DBSession.query(User).get(user_id)
user_session = DBSession.query(UserSession).filter(UserSession.ticket == ticket).first()
if user_session:
redis.set(cache_key, user_session.user.id)
return user_session.user
return_url = urllib.quote_plus(self.request.path)
raise HTTPFound(location='/user_sessions/new?flash=Please+sign+in+first.&url=%s' % return_url)
def update(self, user_id):
user = DBSession.query(User).get(user_id)
self.can_modify(user)
params = parse_request(self.request)
print params.items()
for key, value in params.items():
setattr(user, key, value)
DBSession.add(user)
DBSession.flush()
self.ctx.success = True
self.ctx.message = 'Updated user.'
def create(self):
email = self.request.json_body.get('email')
password = self.request.json_body.get('password', '')
password_hash = User.hash_password(email, password)
user = DBSession.query(User).filter(User.email==email).filter(User.password==password_hash).first()
if user:
ticket = random_ticket()
user_session = UserSession(user_id=user.id, ticket=ticket)
DBSession.add(user_session)
self.set(success=True, message='Logged in.', ticket=ticket)
else:
self.set(success=False, message='Authentication failed, please try again.')
def modifiable_by(self, user):
# try whether the file is directly owned, first
file_user = (
DBSession.query(FileUser).filter(FileUser.file_id == self.id).filter(FileUser.user_id == user.id).first()
)
if file_user:
return True
else:
# then whether its owned by a group, by proxy
file_group = (
DBSession.query(FileGroup)
.filter(FileGroup.file_id == self.id)
.join(GroupUser, FileGroup.group_id == GroupUser.group_id)
.filter(GroupUser.user_id == user.id)
.first()
)
if file_group:
return True
return False
def edit(self, user_id):
self.ctx.user = DBSession.query(User).get(user_id)
def create(self):
params = parse_request(self.request)
tag_csv = ','.join(params['tags'])
group = DBSession.query(Group).filter(Group.id.in_(params['groups'])).first()
for user_dict in params['users']:
new_user = User(**user_dict)
if tag_csv:
new_user.tags = tag_csv
if group:
new_user.group_id = group.id
try:
DBSession.begin_nested()
DBSession.add(new_user)
DBSession.flush()
# print 'Adding user', user_dict['email']
except sqlalchemy.exc.IntegrityError, exc:
DBSession.rollback()
self.flash(str(exc), success=False)
user = DBSession.query(User).filter(User.email==user_dict['email']).first()
user.merge(new_user)
DBSession.flush()
def index(self):
users = DBSession.query(User).all()
self.ctx.users = users
def index(self):
if self.user.root:
self.ctx.groups = DBSession.query(Group).filter(Group.deleted==None).all()
else:
self.ctx.groups = self.user.groups
def compose_email(self, group_id):
self.ctx.from_users = DBSession.query(User).filter(User.email=='*****@*****.**').first()
self.ctx.group = DBSession.query(Group).get(group_id)
self.ctx.group_users = DBSession.query(GroupUser).filter(GroupUser.group_id==group_id)
def update(self, group_id):
group = DBSession.query(Group).get(group_id)
self.ctx.group = group
def create(self):
group = Group(**self.request.POST)
DBSession.add(group)
DBSession.flush()
self.set(success=True, message='Group added: %s' % group.name)
def modifiable_by(self, user):
group_user = DBSession.query(GroupUser).\
filter(GroupUser.user_id==user.id).\
filter(GroupUser.owner==True).first()
if group_user:
return True
def groups(self):
return DBSession.query(Group).\
join(GroupUser, GroupUser.group_id==Group.id).\
filter(GroupUser.user_id==self.user.id).\
filter(Group.deleted==False).all()
