def accessControl(self):
login = StringToBool(self.getField('login'))
logout = StringToBool(self.getField('logout'))
if logout:
# invalidate session
self.getSession().invalidate()
# destroy remember cookies
self.clearRemember(self.getBasepath())
login = False
from controllers import MASTER_ACCESS, PRELOGIN, LOGGED, DEV_ACCESS
# force default accessLevel to PRELOGIN if not set and hasStatmonACL
if model.hasStatmonACL():
if not self.getSessionValue('logged',default=False,init=True):
self.setSessionValue('accessLevel',PRELOGIN)
else:
# else set accessLevel to MASTER_ACCESS (omitting ACL_EDIT_ACCESS)
# force regardless of exiting value
self.setSessionValue('accessLevel',MASTER_ACCESS)
login = False
# validate if login params are supplied
remember = self.getCookie('rememberUser',False)
if login or (remember and not logout):
user = self.getField('user','')
password = self.getField('pass','')
onepass = self.getField('opass','')
statmonUser = None
if (user and onepass):
oneTimeUser = model.getStatmonUser(user)
if onepass in self.oneTimePass(oneTimeUser,forValidation=True):
statmonUser = oneTimeUser
if (user and password) or remember or statmonUser:
refreshRemember = False
# attempt cookie validation
if remember and not statmonUser:
rememberUser = model.getStatmonUser(remember)
if rememberUser and self.getCookie('rememberCert',secret=rememberUser.password) == rememberUser.user:
model.validateStatmonUser(rememberUser.user) # touch last login timestamp
statmonUser = rememberUser
refreshRemember = True
else:
self.clearRemember(self.getBasepath())
# attempt normal validation
if model.validateStatmonUser(user,password):
statmonUser = model.getStatmonUser(user,password)
if statmonUser:
self.setSessionValue('logged',True)
self.setSessionValue('user',statmonUser.user)
accessLevel = statmonUser.access|LOGGED
self.setSessionValue('accessLevel',accessLevel)
# refresh or set remember cookies
if (self.getField('remember',False) or refreshRemember) and statmonUser.password and not onepass:
self.setRemember(self.getBasepath(),statmonUser.user,statmonUser.password)
# force login if not logged in and (page requires login or user requests login)
if (model.hasStatmonACL() and
not self.getSessionValue('logged',False,True) and
(self.getControllerByURI(notFound=False,overrideFound=False,forbidden=True)
or login)):
redirectURL = ''
for item in self.getNavItems(ignoreAccess=True):
if item.navTitle == 'Logout':
if item.getURI()[0:2] == '..':
redirectURL = item.getLink(self)
break
if redirectURL:
from mod_python.util import redirect
redirect(self.req,redirectURL)
else:
from settingsControllers import LoginController
self.overrideContent = LoginController
self._highlightController = LoginController
global _serverName
if not _serverName:
try:
_serverName = model.getStatus()[0].server_name
except: _serverName = None
if model.hasStatmonACL():
if self.getSessionValue('user'):
if _serverName:
self.setStatus(self.getSessionValue('user')+'@'+_serverName)
else:
self.setStatus(self.getSessionValue('user'))
if self.getAccessLevel()&DEV_ACCESS:
self.debugAlerts = True
def processInputs(self,allowBlankUser=True):
update = StringToBool(self.getField('update'))
addUser = InputController(self.req,'Add/Update User',applyButton='Add/Update User',defaultButton=None,parent=self)
user = addUser.processInput(II('user','Username',II.TEXT,allowBlank=True))
pass1 = addUser.processInput(II('pass1','Password',II.PASS,allowBlank=True))
pass2 = addUser.processInput(II('pass2','Retype Password',II.PASS,allowBlank=True))
originalUser = None
if user:
originalUser = model.getStatmonUser(user)
accessOpt = self.USER_TYPE
if not update:
if originalUser and originalUser.access:
accessOpt = originalUser.access
options=((self.MASTER_TYPE,'Master'),(self.ADMIN_TYPE,'Admin'),(self.USER_TYPE,'User'))
if self.getAccessLevel()&self.DEBUG_TYPE:
for option in options:
options += ((option[0]|self.DEBUG_TYPE,option[1]+' (debug)'),)
access = addUser.processInput(II('access','Access Type',II.DROPDOWN,allowBlank=False,options=options,default=accessOpt))
try: access = int(access)
except: access = 0
badval = False
password = None
passany = (pass1 or pass2)
if passany:
if pass1 == pass2:
password = pass1
else:
addUser.updateInput('pass1',badval=True)
addUser.updateInput('pass2',badval=True)
badval = True
self.addAlert(user and passany and not password,'E','Passwords do not match! Changes not applied.')
if user:
if not badval and update:
if originalUser and not self.getAccessLevel()&self.DEBUG_TYPE:
# only another debug user can remove debug
access |= originalUser.access&self.DEBUG_TYPE
model.updateStatmonUser(user,password,access)
if originalUser:
self.addMessage('User <span class="condition">%s</span> updated.' % self.escape(user))
else:
self.addMessage('User <span class="condition">%s</span> added.' % self.escape(user))
if not password:
if not originalUser or not originalUser.password:
self.addAlert(True,'W','No password set! User <span class="condition">%s</span> will not be able to login until it has been set.' %user)
else:
self.addMessage('Old password was left unchanged.')
if originalUser and originalUser.access != access:
oldType = self.getAccessType(originalUser.access)
newType = self.getAccessType(access)
self.addMessage('Access Type change from <span class="condition">%s</span> to <span class="condition">%s</span>.' % (oldType,newType) )
if not user and (passany or not allowBlankUser):
addUser.updateInput('user',badval=True)
self.addAlert(update and not user,'E','Bad Username! Changes not applied.')
self.addAlert(not update and not user and not allowBlankUser,'W','Enter valid username before applying!')
self.addUser = addUser.getContent()
return (update and not badval), user
