def _has_access(self):
                # If no user, let the authenticated decorator take over
                if self.current_user is None:
                    return

                # verify the user exists
                # WARNING: this is a list lookup. As the number of users is
                # anticipated to be small for labadmin, this is probably okay.
                if self.current_user not in db.get_users():
                    raise HTTPError(
                        403, 'User %s does not have access level '
                        '%s' %
                        (self.current_user, ', '.join(self._access_levels)))

                # Base level access is given to everyone assuming the user
                # is valid
                if self._access_levels[0] == 'Base':
                    return

                # verify access
                if not db.has_access(self.current_user, self._access_levels):
                    raise HTTPError(
                        403, 'User %s does not have access level '
                        '%s' %
                        (self.current_user, ', '.join(self._access_levels)))
Example #2
0
    def get(self):
        user = self.get_argument("user", None)
        all_levels = []
        user_levels = []
        if user is not None:
            all_levels = db.get_access_levels()
            user_levels = db.get_access_levels_user(user)
        users = db.get_users()

        self.render("edit_user.html", all_levels=all_levels, user_levels=user_levels, users=users, user=user, msg="")
Example #3
0
    def get(self):
        user = self.get_argument('user', None)
        all_levels = []
        user_levels = []
        if user is not None:
            all_levels = db.get_access_levels()
            user_levels = db.get_access_levels_user(user)
        users = db.get_users()

        self.render('edit_user.html', all_levels=all_levels,
                    user_levels=user_levels, users=users, user=user,  msg='')
Example #4
0
    def post(self):
        msg = "Access levels updated"
        access_levels = [int(x) for x in self.get_arguments("levels")]
        user = self.get_argument("user")
        try:
            db.alter_access_levels(user, access_levels)
        except Exception as e:
            msg = "ERROR: %s" % str(e)

        all_levels = db.get_access_levels()
        user_levels = db.get_access_levels_user(user)
        users = db.get_users()
        self.render("edit_user.html", all_levels=all_levels, user_levels=user_levels, users=users, user=user, msg=msg)
Example #5
0
    def post(self):
        msg = 'Access levels updated'
        access_levels = [int(x) for x in self.get_arguments('levels')]
        user = self.get_argument('user')
        try:
            db.alter_access_levels(user, access_levels)
        except Exception as e:
            msg = 'ERROR: %s' % str(e)

        all_levels = db.get_access_levels()
        user_levels = db.get_access_levels_user(user)
        users = db.get_users()
        self.render('edit_user.html', all_levels=all_levels,
                    user_levels=user_levels, users=users, user=user,
                    msg=msg)
Example #6
0
            def _has_access(self):
                # If no user, let the authenticated decorator take over
                if self.current_user is None:
                    return

                # verify the user exists
                # WARNING: this is a list lookup. As the number of users is
                # anticipated to be small for labadmin, this is probably okay.
                if self.current_user not in db.get_users():
                    raise HTTPError(403, 'User %s does not have access level '
                                    '%s' % (self.current_user,
                                            ', '.join(self._access_levels)))

                # Base level access is given to everyone assuming the user
                # is valid
                if self._access_levels[0] == 'Base':
                    return

                # verify access
                if not db.has_access(self.current_user, self._access_levels):
                    raise HTTPError(403, 'User %s does not have access level '
                                    '%s' % (self.current_user,
                                            ', '.join(self._access_levels)))
Example #7
0
 def test_get_users(self):
     obs = db.get_users()
     exp = 'test'
     self.assertIn(exp, obs)
Example #8
0
 def test_get_users(self):
     obs = db.get_users()
     exp = ["test"]
     self.assertEqual(obs, exp)
Example #9
0
 def test_get_users(self):
     obs = db.get_users()
     exp = ['test']
     self.assertEqual(obs, exp)
Example #10
0
 def test_get_users(self):
     obs = db.get_users()
     exp = 'test'
     self.assertIn(exp, obs)