def remove_user_from_group(self, user_name, group_name):
"""
Removes user from group.
:param str user_name: User name
:param str group_name: Group name
:raises InvalidPermissionState: User cannot be removed
:raises DatabaseError: Query failure
:raises ValueError: User not found
"""
userstore = get_userstore()
user = userstore.getUser(user_name)
if not user:
raise InvalidPermissionsState('Unknown user %s' % user_name)
# Get the group
group_name = group_name.encode('utf-8')
group_id = self.get_group_id(group_name)
if group_id is None:
conf.log.exception("Group %s doesn't exists'" % group_name)
self._cache.clear_user_groups(self.trac_environment_key)
with admin_query() as cursor:
cursor.callproc("remove_user_from_group", [user.id, group_id])
def expand_macro(self, formatter, name, content, args=None):
"""
Returns the outcome from macro.
Supported arguments:
- count: Number of entries to show
"""
req = formatter.req
papi = Projects()
userstore = get_userstore()
# Parse optional arguments
if args is None:
args = parse_args(content)
if len(args) > 1:
args = args[1]
featured_projects = papi.get_projects_for_rss('FEATURED',
limit_count=args.get(
'count', 5))
data = {'featured_projects': featured_projects}
return Chrome(self.env).render_template(req,
'multiproject_featured.html',
data,
fragment=True)
def render_preference_panel(self, req, panel):
""" Renders preference panel and handles information change on POST
"""
if req.authname == 'anonymous':
raise TracError("User is not authenticated", "No access")
data = {}
key_store = CQDESshKeyStore.instance()
user = get_userstore().getUser(req.authname)
if req.method == 'POST':
ssh_key = req.args.get('ssh_key')
delete_key = req.args.get('deletelist')
if ssh_key:
user = self._do_save(req, user)
elif delete_key:
user = self._do_deletes(req, user)
else:
add_warning(req, _('Please provide data'))
keys = key_store.get_ssh_keys_by_user_id(user.id)
data['keys'] = keys if keys else None
# This is to prevent adding of more than one ssh password.
# Remove this if we support more in the future.
if keys:
data['hide_add_dialog'] = False
data['domain'] = conf.domain_name
data['user'] = user
return 'multiproject_user_prefs_ssh_keys.html', data
def _list_notifications(self, req):
"""
Returns the list of missed notification and optionally reset them
"""
chname = None
initiator = req.args.get('initiator', '')
reset = req.args.get('reset', 'false').lower() in ('yes', 'true', 'on', '1')
ntype = req.args.get('type', '')
# Check permissions
if req.authname == 'anonymous':
return send_json(req, {'result': 'Permission denied'}, status=403)
userstore = get_userstore()
user = userstore.getUser(req.authname)
ns = self.env[NotificationSystem]
if not ns:
return send_json(req, [])
# Fetch notifications sent to user
chname = ns.generate_channel_name(user_id=user.id)
# Get notifications
try:
notifications = ns.get_notifications(chname)
except TracError, e:
self.log.error('Failed to retrieve notifications')
return send_json(req, {'result': e.message}, status=500)
def process_request(self, req):
""" Render welcome page
"""
# Prepare data for template
prjs = Projects()
data = {}
data['baseurl'] = conf.url_projects_path
if req.authname == 'anonymous':
conf.redirect(req)
# Get project count
data['project_count'] = prjs.project_count()
user = get_userstore().getUser(req.authname)
global_timeline = GlobalTimeline()
data['show_explore'] = self.env[FindProjectsModule].has_explore_perm(req)
data['latest_events'] = global_timeline.get_latest_events(req.authname, 5)
# Check if user is allowed to create project
data['can_create_project'] = user.can_create_project()
# Configuration values the welcome page wants
data['site_name'] = conf.site_name
data['site_title_text'] = conf.site_title_text
data['site_punch_line'] = conf.punch_line
data['site_theme_path'] = conf.getThemePath()
wiki_welcome = self._get_welcome_page(req)
if wiki_welcome:
data['wiki_welcome'] = wiki_welcome
return "welcome.html", data, None
def changePassword(self, req):
userstore = get_userstore()
user = userstore.getUser(req.authname)
oldpw = req.args.get('oldpassword')
newpw = req.args.get('newpassword')
if not oldpw or not userstore.userExists(req.authname, oldpw):
add_warning(req, _('Old password is invalid'))
return user
if not newpw or len(newpw) < 7:
add_warning(req,
_('New password should be at least 7 characters long'))
return user
if newpw != req.args.get('confirmpw'):
add_warning(req, _('Passwords do not match'))
return user
if not userstore.updatePassword(user, newpw):
add_warning(req, _('Failed to change the password'))
return user
add_notice(req, _('Password changed'))
return user
def changePassword(self, req):
userstore = get_userstore()
user = userstore.getUser(req.authname)
oldpw = req.args.get('oldpassword')
newpw = req.args.get('newpassword')
if not oldpw or not userstore.userExists(req.authname, oldpw):
add_warning(req, _('Old password is invalid'))
return user
if not newpw or len(newpw) < 7:
add_warning(req, _('New password should be at least 7 characters long'))
return user
if newpw != req.args.get('confirmpw'):
add_warning(req, _('Passwords do not match'))
return user
if not userstore.updatePassword(user, newpw):
add_warning(req, _('Failed to change the password'))
return user
add_notice(req, _('Password changed'))
return user
def _do_save(self, req, user):
""" Update user information into database
"""
userstore = get_userstore()
if not req.args.get('mail'):
add_warning(req, _('User should have an e-mail address'))
return user
user.mail = req.args.get('mail')
if not req.args.get('lastName'):
add_warning(req, _('Last name required'))
return user
# NOTE: Values are escaped in userstore update
user.lastName = req.args.get('lastName')
user.givenName = req.args.get('givenName')
user.mobile = req.args.get('mobile')
if userstore.updateUser(user):
user = userstore.getUser(user.username)
add_notice(req, _('Updated user settings'))
if req.args.get('approve') == 'on' and user.status == user.STATUS_INACTIVE:
user.activate()
add_notice(req, _("Your account is now activated."))
return user
add_warning(req, _('Failed to update user'))
return user
def _select_login_action(self, req, remote_user):
"""
Select login action based on user status.
- If user is expired, error msg is shown
- If user is active, user will be logged in
- If user is inactive, legal process is started
- Otherwise user has no way of logging in (is banned or disabled)
"""
user_store = get_userstore()
user = user_store.getUser(remote_user)
if not user:
# This may happen if authentication method is case-insensitive
add_notice(req, _("Incorrect username or password - please try again"))
return self._show_login(req)
# Check if expired
if user.expires and user.expires <= datetime.utcnow():
author = user_store.get_user_author(user)
if author:
add_warning(req, _('Account expired. Contact {0} for extension'.format(author.getDisplayName())))
else:
add_warning(req, _('Account expired. Contact service support for extension'))
return self._show_login(req)
# User is authentic but can not log in before knowing he is not banned or disabled or activation required
if user.status == user.STATUS_INACTIVE and self.env.config.getbool('multiproject', 'login_requires_agreed_terms'):
return self._request_legal_approval(req, remote_user)
if user.status in (user.STATUS_ACTIVE, user.STATUS_INACTIVE):
return self._login_success(req, remote_user)
add_warning(req, _("User status is '%s'. Can not log in." % user_store.USER_STATUS_LABELS[user.status]))
return self._show_login(req)
def _create_user(self, username):
"""
Create new user using data available in LDAP service
This method is used in two cases:
- when the user is authenticated for the first time (by self.authenticate)
- when the user, which doesn't yet exist in the local DB, is added to project group
(by self.store_user_if_necessary)
:param str username: Name of the user in LDAP
:returns: username on success, otherwise None
"""
users = get_userstore()
ldap_store = get_authstore()
# If user does not exists in LDAP, do not continue
if not ldap_store.userExists(username):
conf.log.debug('Cannot find user %s from LDAP' % username)
return None
# Create user using LDAP store
user = ldap_store.getUser(username)
user.authentication_key = self.ldap_authentication_key
user.organization_keys = self.org_store.get_organization_keys(user, self.LDAP) or None
# Store user in user store
conf.log.info('Created new user from LDAP: %s' % user.username)
users.storeUser(user)
users.invalidate_user_password(user)
return user.username
def render_admin_panel(self, req, category, page, path_info):
"""
Process a request for an admin panel.
:Returns: A tuple of the form `(template, data)`,
"""
# Ensure the user has project admin permissions
req.perm.assert_permission('TRAC_ADMIN')
backups = []
backup_href = Href('%s/admin/general/backup' % req.base_path)
# Load the user based on authname
user = get_userstore().getUser(req.authname)
# Get the current environment name
env_name = conf.resolveProjectName(self.env)
# Initiate ProjectBackup, containing the backup/restore implementation
prj = Project.get(env_name=env_name)
pb = ProjectBackup(prj)
backups = pb.get_backups()
# Do the backup
if req.path_info.endswith('backup/backup') and req.method == 'POST':
try:
pb.backup(user_id=user.id, description=req.args.get('description'))
add_notice(req, _('Backup created'))
except TracError, e:
add_warning(req, _('Backup failed: %s' % e))
# Return back to default backup page
return req.redirect(backup_href())
def render_preference_panel(self, req, panel):
""" Renders preference panel and handles information change on POST
"""
if req.authname == 'anonymous':
raise TracError("User is not authenticated", "No access")
data = {}
key_store = CQDESshKeyStore.instance()
user = get_userstore().getUser(req.authname)
if req.method == 'POST':
ssh_key = req.args.get('ssh_key')
delete_key = req.args.get('deletelist')
if ssh_key:
user = self._do_save(req, user)
elif delete_key:
user = self._do_deletes(req, user)
else:
add_warning(req, _('Please provide data'))
keys = key_store.get_ssh_keys_by_user_id(user.id)
data['keys'] = keys if keys else None
# This is to prevent adding of more than one ssh password.
# Remove this if we support more in the future.
if keys:
data['hide_add_dialog'] = False
data['domain'] = conf.domain_name
data['user'] = user
return 'multiproject_user_prefs_ssh_keys.html', data
def process_request(self, req):
req.perm.assert_permission('MESSAGE_VIEW')
msgsrv = self.env[MessageService]
userstore = get_userstore()
user = userstore.getUser(req.authname)
message_groups = msgsrv.get_latest_message_groups(user.id, limit=15)
# Fetch and set notifications if component is enabled
# TODO: Move into MessageService?
if self.env.is_component_enabled('multiproject.common.notifications.push.NotificationSystem'):
from multiproject.common.notifications.push import NotificationSystem
ns = self.env[NotificationSystem]
chname = ns.generate_channel_name(user)
try:
# Update message objects to have notification count
for message_group in message_groups:
message_keys = ['message-%s' % message.id for message in message_group.get_messages()]
message_group.notifications = ns.get_notifications(chname, message_keys)
except TracError, e:
self.log.error('Failed to retrieve notifications')
def expand_macro(self, formatter, name, content, args=None):
"""
Returns the outcome from macro.
Supported arguments:
- count: Number of entries to show
"""
req = formatter.req
papi = Projects()
userstore = get_userstore()
projects = []
# Parse optional arguments
if args is None:
args = parse_args(content)
if len(args) > 1:
args = args[1]
projects = papi.get_projects_for_rss('MOSTACTIVE',
limit_count=args.get('count', 5),
limit_activity=self.min_activity)
return Chrome(self.env).render_template(req,
'multiproject_active.html',
{'active_projects': projects},
fragment=True)
def expand_macro(self, formatter, name, content, args=None):
"""
Returns the outcome from macro.
"""
req = formatter.req
userstore = get_userstore()
user = userstore.getUser(req.authname)
msgsrv = self.env[MessageService]
# Parse optional arguments
if args is None:
args = parse_args(content)
if len(args) > 1:
args = args[1]
data = {
'groups': msgsrv.get_messages_grouped_by(user.id)
}
# FIXME: Temporary fix for IE8 + jQuery 1.4.4 + Transparency combination
agent = req.get_header('user-agent')
if agent and 'MSIE 8.0' not in agent:
add_script(req, 'multiproject/js/transparency.js')
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/messages_group_macro.js')
chrome = Chrome(self.env)
return chrome.render_template(req, 'multiproject_messages_group_macro.html', data, fragment=True)
def _chrome_format_author_replacement(self, req, author):
"""
Audit Chrome.format_author method so that we get link to user profile
Downside: This is a hack that interfere with the way trac renders usernames.
Will have some unwanted behaviour.
One such known unwanted behaviour is in the ticket view where owner and
reporter links are changed
"""
if not author:
return ""
unwanted_users = [
'trac', 'tracadmin', 'anonymous', 'authenticated', 'somebody'
]
not_ticket = req.path_info.rsplit('/', 2)[1] != 'ticket'
contain_email = bool(re.search('<.+>', author))
ok_user = author not in unwanted_users
username = author
if not contain_email:
user = get_userstore().getUser(author)
if user:
author = user.getDisplayName()
elif not Chrome(self.env).show_email_addresses:
author = obfuscate_email_address(author)
# Create a link to profile page or return author in plain
if ok_user and not_ticket and not contain_email and conf.public_user_page_url:
return tag.a(
author, **{
'href': conf.public_user_page_url + username,
'class': 'author'
})
else:
return author
def get_preference_panels(self, req):
""" Give name of the panel
"""
user = get_userstore().getUser(req.authname)
has_external_avatar = Authentication().has_external_profile(user)
if req.authname != 'anonymous' and not has_external_avatar:
yield ('image', 'Face image')
def authenticate(self, username, password):
""" Check username and password - either from local database, LDAP,
or some other external authentication server.
Return username on success, None on failure.
"""
if not username or not password:
return None
# old user
user = get_userstore().getUser(username)
if user:
authentication_name = self.auth_store.get_authentication_method(
user.authentication_key)
auth_module = self._get_auth_module(authentication_name)
if auth_module:
auth_username = auth_module.authenticate(username, password)
if auth_username:
User.update_last_login(auth_username)
return auth_username
return None
# new user
for x in conf.authentication_order:
auth_module = self._get_auth_module(x)
if auth_module:
auth_username = auth_module.authenticate(username, password)
if auth_username:
User.update_last_login(auth_username)
return auth_username
return None
def _create_user(self, username):
"""
Create new user using data available in LDAP service
This method is used in two cases:
- when the user is authenticated for the first time (by self.authenticate)
- when the user, which doesn't yet exist in the local DB, is added to project group
(by self.store_user_if_necessary)
:param str username: Name of the user in LDAP
:returns: username on success, otherwise None
"""
users = get_userstore()
ldap_store = get_authstore()
# If user does not exists in LDAP, do not continue
if not ldap_store.userExists(username):
conf.log.debug('Cannot find user %s from LDAP' % username)
return None
# Create user using LDAP store
user = ldap_store.getUser(username)
user.authentication_key = self.ldap_authentication_key
user.organization_keys = self.org_store.get_organization_keys(
user, self.LDAP) or None
# Store user in user store
conf.log.info('Created new user from LDAP: %s' % user.username)
users.storeUser(user)
users.invalidate_user_password(user)
return user.username
def authenticate(self, username, password):
""" Check username and password - either from local database, LDAP,
or some other external authentication server.
Return username on success, None on failure.
"""
if not username or not password:
return None
# old user
user = get_userstore().getUser(username)
if user:
authentication_name = self.auth_store.get_authentication_method(user.authentication_key)
auth_module = self._get_auth_module(authentication_name)
if auth_module:
auth_username = auth_module.authenticate(username, password)
if auth_username:
User.update_last_login(auth_username)
return auth_username
return None
# new user
for x in conf.authentication_order:
auth_module = self._get_auth_module(x)
if auth_module:
auth_username = auth_module.authenticate(username, password)
if auth_username:
User.update_last_login(auth_username)
return auth_username
return None
def remove_user_from_group(self, user_name, group_name):
"""
Removes user from group.
Updates the published time of the project accordingly.
:param str user_name: User name
:param str group_name: Group name
:raises InvalidPermissionState: User cannot be removed
:raises DatabaseError: Query failure
:raises ValueError: User not found
"""
user = get_userstore().getUser(user_name)
if not user:
raise ValueError('User not found')
# TODO: just check that there's TRAC_ADMIN left?
# Checks that it is ok to remove user from group
ug = self.get_all_user_groups()
ug = [(user, group) for user, group in ug if not (user == user_name and group == group_name)]
self.is_valid_group_members(user_groups=ug)
group_name = group_name.encode('utf-8')
group_id = self.get_group_id(group_name)
self._cache.clear_user_groups(self.trac_environment_key)
with admin_query() as cursor:
cursor.callproc("remove_user_from_group", [user.id, group_id])
self._update_published_time()
def list_users(self, req):
"""
Handle user listing
"""
req.perm.require('USER_AUTHOR')
data = {}
userstore = get_userstore()
# State
data['states'] = userstore.USER_STATUS_LABELS
# Available backend organizations
# TODO: Add support for listing users based on organization in user REST API
orgman = self.env[OrganizationManager]
data['organizations'] = [org for org in orgman.get_organizations() if org['type'] == 'backend']
# Add jquery ui for autocomplete
add_script(req, 'multiproject/js/jquery-ui.js')
add_script(req, 'multiproject/js/transparency.js')
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_user_list.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
return 'admin_user_list.html', data
def render_preference_panel(self, req, panel):
""" Renders preference panel and handles image change on POST
"""
if req.authname == 'anonymous':
raise TracError("User is not authenticated", "No access")
userstore = get_userstore()
user = userstore.getUser(req.authname)
if req.method == 'POST':
if 'removeicon' in req.args:
user.icon = None
userstore.updateUser(user)
elif 'icon' in req.args:
user.createIcon(req.args['icon'])
if user.icon:
userstore.updateUser(user)
data = {'user':user, 'base_path':req.base_path}
if 'limitexceeded' in req.args:
add_warning(req, 'Picture you tried to upload was too big. Try a smaller one.')
return 'multiproject_user_prefs_image.html', data
def list_users(self, req):
"""
Handle user listing
"""
req.perm.require('USER_AUTHOR')
data = {}
userstore = get_userstore()
# State
data['states'] = userstore.USER_STATUS_LABELS
# Available backend organizations
# TODO: Add support for listing users based on organization in user REST API
orgman = self.env[OrganizationManager]
data['organizations'] = [org for org in orgman.get_organizations() if org['type'] == 'backend']
# Add jquery ui for autocomplete
add_script(req, 'multiproject/js/jquery-ui.js')
add_script(req, 'multiproject/js/transparency.js')
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_user_list.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
return 'admin_user_list.html', data
def _chrome_format_author_replacement(self, req, author):
"""
Audit Chrome.format_author method so that we get link to user profile
Downside: This is a hack that interfere with the way trac renders usernames.
Will have some unwanted behaviour.
One such known unwanted behaviour is in the ticket view where owner and
reporter links are changed
"""
if not author:
return ""
unwanted_users = ['trac', 'tracadmin', 'anonymous', 'authenticated', 'somebody']
not_ticket = req.path_info.rsplit('/', 2)[1] != 'ticket'
contain_email = bool(re.search('<.+>', author))
ok_user = author not in unwanted_users
username = author
if not contain_email:
user = get_userstore().getUser(author)
if user:
author = user.getDisplayName()
elif not Chrome(self.env).show_email_addresses:
author = obfuscate_email_address(author)
# Create a link to profile page or return author in plain
if ok_user and not_ticket and not contain_email and conf.public_user_page_url:
return tag.a(author, **{'href':conf.public_user_page_url + username, 'class':'author'})
else:
return author
def _list_message_groups(self, req):
"""
Returns list of message groups: messages grouped by the sender
"""
# Check permission from home env
home_env = HomeProject().get_env()
perm = PermissionCache(home_env, req.authname)
query = req.args.get('q') or None # If empty, return latest
limit = req.args.get('limit', 5)
# Convert types
try:
limit = int(limit)
except ValueError:
return send_json(req, {'result': 'Invalid request'}, status=403)
# Check permission
if 'MESSAGE_VIEW' not in perm:
return send_json(req, {'result': 'Permission denied'}, status=403)
msgsrv = self.env[MessageService]
userstore = get_userstore()
user = userstore.getUser(req.authname)
# TODO: Permission checks?
return send_json(req, msgsrv.get_messages_grouped_by(user.id, query=query, limit=limit))
def get_preference_panels(self, req):
""" Give name of the panel
"""
user = get_userstore().getUser(req.authname)
has_external_avatar = Authentication().has_external_profile(user)
if req.authname != 'anonymous' and not has_external_avatar:
yield ('image', 'Face image')
def get_projects_with_rights(self, username, action):
"""
:returns: a list of projects where user have right for "action".
.. note::
Permissions coming via LDAP groups are not included in the results
"""
user = get_userstore().getUser(username)
# Get subjects
subjects = set([username])
subjects.update(get_special_users(username))
# Surround string elements with ' and join them with comma
actions_str = ','.join("'%s'" % safe_string(p) for p in [action, 'TRAC_ADMIN'])
subjects_str = ','.join(["'{0}'".format(safe_string(subject)) for subject in subjects])
organizations_str = ','.join(["{0}".format(safe_int(org_key)) for org_key in user.organization_keys])
query = ("SELECT DISTINCT projects.* FROM projects "
"INNER JOIN `group` ON group.trac_environment_key = projects.trac_environment_key "
"INNER JOIN group_permission ON group_permission.group_key = group.group_id "
"INNER JOIN action ON group_permission.permission_key = action.action_id "
"LEFT JOIN user_group ON user_group.group_key = group.group_id "
"LEFT JOIN user ON user.user_id = user_group.user_key "
"LEFT JOIN organization_group ON organization_group.group_key = group.group_id "
"WHERE (user.username IN(%s) "
"OR organization_group.organization_key IN(%s)) "
"AND action.action_string IN(%s) "
"ORDER BY projects.project_name" % (subjects_str, organizations_str, actions_str))
return self.queryProjectObjects(query)
def get_participated_public_projects(self, username):
""" Get public projects username has participated in
"""
store = get_userstore()
user = store.getUser(username)
if not user:
return []
anon = store.getUser('anonymous')
order = " ORDER BY projects.project_name"
# We need projects where _both_ anonymous and the specified user exist
query = """
SELECT projects.environment_name AS name, projects.description AS description, projects.created AS date,
'%(user_name)s' AS author, projects.project_name, projects.icon_name
FROM projects
INNER JOIN `group` ON group.trac_environment_key = projects.trac_environment_key
INNER JOIN user_group ON user_group.group_key = group.group_id
INNER JOIN `user` ON user_group.user_key = user.user_id
WHERE user_group.user_key = %(user_id)d AND EXISTS
(SELECT * FROM projects P
INNER JOIN `group` ON `group`.trac_environment_key = P.trac_environment_key
INNER JOIN user_group ON user_group.group_key = group.group_id
WHERE user_group.user_key = %(anon_id)d AND projects.project_id = P.project_id)
""" % {"user_name": safe_string(user.getDisplayName().encode('utf-8')),
"user_id": safe_int(user.id), "anon_id": safe_int(anon.id)}
query += order
return self.__queryProjectsWithDescr(query)
def public_project_count(self):
""" Number of public projects
"""
# Chances are that we get these from the cache
anon = get_userstore().getUser('anonymous')
auth = None #users.getUser('authenticated')
users_in = []
if anon:
users_in.append(str(safe_int(anon.id)))
if auth:
users_in.append(str(safe_int(auth.id)))
users_in_str = ','.join(users_in)
query = ("SELECT count(DISTINCT project_id) FROM projects "
"INNER JOIN `group` ON `group`.trac_environment_key = projects.trac_environment_key "
"INNER JOIN user_group ON user_group.group_key = `group`.group_id "
"WHERE user_group.user_key IN(%s)" % users_in_str)
count = 0
with admin_query() as cursor:
cursor.execute(query)
row = cursor.fetchone()
count = row[0]
return count
def render_preference_panel(self, req, panel):
""" Renders preference panel and handles image change on POST
"""
if req.authname == 'anonymous':
raise TracError("User is not authenticated", "No access")
userstore = get_userstore()
user = userstore.getUser(req.authname)
if req.method == 'POST':
if 'removeicon' in req.args:
user.icon = None
userstore.updateUser(user)
elif 'icon' in req.args:
user.createIcon(req.args['icon'])
if user.icon:
userstore.updateUser(user)
data = {'user': user, 'base_path': req.base_path}
if 'limitexceeded' in req.args:
add_warning(
req,
'Picture you tried to upload was too big. Try a smaller one.')
return 'multiproject_user_prefs_image.html', data
def _do_save(self, req, user):
""" Update user information into database
"""
userstore = get_userstore()
if not req.args.get('mail'):
add_warning(req, _('User should have an e-mail address'))
return user
user.mail = req.args.get('mail')
if not req.args.get('lastName'):
add_warning(req, _('Last name required'))
return user
# NOTE: Values are escaped in userstore update
user.lastName = req.args.get('lastName')
user.givenName = req.args.get('givenName')
user.mobile = req.args.get('mobile')
if userstore.updateUser(user):
user = userstore.getUser(user.username)
add_notice(req, _('Updated user settings'))
if req.args.get(
'approve') == 'on' and user.status == user.STATUS_INACTIVE:
user.activate()
add_notice(req, _("Your account is now activated."))
return user
add_warning(req, _('Failed to update user'))
return user
def get_anonymous_user_id(self):
anon = get_userstore().getUser('anonymous')
if anon:
anon_id = safe_int(anon.id)
else:
anon_id = None
return anon_id
def get_anonymous_user_id(self):
anon = get_userstore().getUser('anonymous')
if anon:
anon_id = safe_int(anon.id)
else:
anon_id = None
return anon_id
def _list_expired(self, when=None):
# Parse optional date argument
when = when if when is None else datetime.strptime(when, '%Y-%m-%d')
userstore = get_userstore()
users = [(user.username, user.expires) for user in userstore.get_expired_users(when=when)]
print_table(users, ('User', 'Expires'))
def _init_session(self, req, remote_user):
# Some modules uses name and email data from session, so lets put them there
userstore = get_userstore()
user = userstore.getUser(remote_user)
req.session['name'] = user.getDisplayName()
req.session['email'] = user.mail
req.session['displayname'] = user.getDisplayName()
req.session.save()
def notify_now(self, notification_frequency):
"""
Send notification email to project watchers.
:param str notification_frequency: The notification frequency, used to fetch
users which have something on that watchlist.
"""
store = CQDEWatchlistStore()
watches = store.get_by_notification(notification_frequency)
notifylist = {}
for w in watches:
if notifylist.get(w.project_id) is None:
notifylist[w.project_id] = []
notifylist[w.project_id].append(w.user_id)
userstore = get_userstore()
counter = 0
for project_id in notifylist.keys():
project = Project.get(id=project_id)
# Get all events for this project
events = self._get_project_events(project, notification_frequency)
# Send one email per user, because everyone may have a different
# set of permissions (i.e. which events he/she has permission to see)
for user_id in notifylist[project_id]:
user = userstore.getUserWhereId(user_id)
if user:
# filter eventlist by user's permissions
filtered_events = WatchlistEvents(self.env).filter_events(
events, user, project)
if filtered_events:
addresses = [user.mail]
message = self._format_message(user, project,
filtered_events)
title = "Project updated: %s" % project.env_name
mail = EmailNotifier(self.env,
subject=title,
data={'body': message})
mail.notify_emails(addresses)
self.env.log.debug('Sent email notification to: %s' %
user)
counter += 1
else:
if notification_frequency != 'immediate':
self.env.log.debug(
'No events to sent to %s about %s' %
(user, project))
else:
self.env.log.warning(
'User %d in notification list was not found in userstore'
% user_id)
# Log the results
self.env.log.info('Sent %s watchlist notifications (%s)' %
(counter, notification_frequency))
def creator(self):
"""
Returns the creator user if set
:return: User
"""
if not self.creator_id:
raise Exception('MessageGroup has no creator')
return get_userstore().getUserWhereId(self.creator_id)
def update_user_data(self, req):
""" Updates all user data into session
"""
user = get_userstore().getUser(req.authname)
req.session['email'] = user.mail
req.session['name'] = user.getDisplayName()
req.session['displayname'] = user.getDisplayName()
req.session.save()
def get_user_project_groups(self, audit_username):
user = get_userstore().getUser(audit_username)
user_groups = self._store.get_all_user_groups()
groups = []
for username, group in user_groups:
if username == user.username:
groups.append(group)
return groups
def _apply_changes(self, req, project):
"""
Saves changes into database and project configuration file
"""
try:
# Save information into database
project.project_name = req.args.get('name')
project.description = req.args.get('descr')
# Update author if needed
author_id = req.args.get('author_id')
if author_id and project.author_id != int(author_id):
userstore = get_userstore()
author = userstore.getUserWhereId(author_id)
project.author = author
# Check if author has admin permission to project: put in project if not
authorperm = PermissionCache(self.env, author.username)
if 'TRAC_ADMIN' not in authorperm:
admin_rights = False
groupstore = CQDEUserGroupStore(
project.trac_environment_key)
# Iterate existing project groups and put user into group with TRAC_ADMIN rights
for gname, pname in groupstore.get_all_group_permissions():
if pname == 'TRAC_ADMIN':
groupstore.add_user_to_group(
author.username, gname)
admin_rights = True
add_notice(
req,
_('Added TRAC_ADMIN permissions to user: {0}'.
format(author.username)))
if not admin_rights:
permlink = tag.a(
'You way want to modify permissions',
href=req.href('admin/general/permissions'))
add_warning(
req,
tag(
_('User {0} does not have administrative rights to project. '
.format(author.username)), permlink))
# Save changes to database
project.save()
# Save information into config
for option in ('name', 'descr'):
self.config.set('project', option, req.args.get(option))
self.config.save()
except Exception, e:
self.log.exception('Failed to save project changes')
add_warning(req, _('Failed to save changes: {0}'.format(e)))
return req.redirect(req.href('admin/general/basics'))
def _mark_read(self, req):
"""
Marks message / messages within a group read
:param Request req:
Trac requst with following arguments:
- message_id: Message id
- group_id: Message group id
.. NOTE::
Either ``message_id`` or ``group_id`` needs to be provided
:return: JSON response with result: 'OK' or error
"""
# NOTE: Depends on NotificationSystem. Moving method in NotificationRestAPI does not make sense either
# because Notification system is generic and does not know about the MessageGroups
if not self.env.is_component_enabled('multiproject.common.notifications.push.NotificationSystem'):
return send_json(req, {'result': 'NotificationSystem is not enabled/available'}, status=500)
group_id = req.args.get('group_id', None)
message_id = req.args.get('message_id', None)
# Load NotificationSystem
from multiproject.common.notifications.push import NotificationSystem
ns = self.env[NotificationSystem]
# Load user (anon check already done at this point)
user = get_userstore().getUser(req.authname)
chname = ns.generate_channel_name(user_id=user.id)
# Load specified message group
if message_id:
msg = Message.get(message_id)
if not msg:
return send_json(req, {'result': 'Message was not found'}, status=404)
ns.reset_notification(chname, {'id': msg.id, 'type': 'message'})
# Reset all messages within a group
elif group_id:
mg = MessageGroup.get(group_id)
if not mg:
return send_json(req, {'result': 'Message group or user was not found'}, status=404)
# Generate notification keys based on group messages
notification_keys = ['message-%d' % msg.id for msg in mg.get_messages()]
ns.reset_notifications(chname, keys=notification_keys)
# Missing required arguments
else:
return send_json(req, {'result': 'Invalid request'}, status=400)
return send_json(req, {'result': 'OK'})
def remove_superuser(self, username):
""" Add user to superusers list
"""
userstore = get_userstore()
if not userstore.userExists(username):
return False
if _call_proc_with_success("remove_superuser", [username]):
self._cache.clear_superusers()
return True
return False
def render_preference_panel(self, req, panel):
userstore = get_userstore()
user = userstore.getUser(req.authname)
if req.authname == 'anonymous' or not userstore.is_local(user):
raise TracError("User is not authenticated or preferences are maintained separate service", "No preferences")
if req.method == 'POST':
self.changePassword(req)
return 'multiproject_user_prefs_password.html', {}
def _get_team_info(self, project):
"""
Reads team members and sorts them so that default groups
are first and other groups are last (in alphabetical order)
:param Project project: Project to retrieve team info from
:returns: tuple of data: teams, members
"""
ug = CQDEUserGroupStore(project.trac_environment_key)
team = sorted(ug.get_all_user_groups(), key=lambda tmp: tmp[1])
# TODO: Implement better
default_group_names = [tuple[0] for tuple in conf.default_groups]
default_group_names += [
conf.public_auth_group[0], conf.public_anon_group[0]
]
first = {}
last = {}
all_members = {}
# Create group => member hash
userstore = get_userstore()
for member, group in team:
all_members[member] = 1
account = userstore.getUser(username=member)
if group in default_group_names:
if group not in first:
first[group] = []
first[group].append(account)
else:
if group not in last:
last[group] = []
last[group].append(account)
# Create group, memberlist tuples from items and keep them sorted
# First read the default groups in to list of tuples in the order they are defined in conf
items = []
for group in default_group_names:
if first.has_key(group):
items += [(group, first[group])]
# Then append other groups in alphabetical order
items += sorted(last.items(), key=lambda tmp: tmp[0])
# Then join all the members as a one markup string with member links
teams = []
for group, members in items:
teams.append((group, members))
# Team members in (group, member_uri) type, and all member names
return teams, all_members.keys()
def get_team(self):
""" Returns a list of those users that have rights to project
"""
query = ("SELECT DISTINCT user.* FROM user "
"INNER JOIN user_group ON user.user_id = user_group.user_key "
"INNER JOIN `group` ON user_group.group_key = group.group_id "
"WHERE group.trac_environment_key = %d "
"AND user.username NOT IN('anonymous', 'authenticated')" %
safe_int(self.trac_environment_key))
userstore = get_userstore()
return userstore.query_users(query)
def render_admin_panel(self, req, cat, page, path_info):
""" Overrides BasicsAdminPanel rendering function.
Handle project info update (update global db) and then
delegate handling back to BasicsAdminPanel
"""
req.perm.require('TRAC_ADMIN')
userstore = get_userstore()
user = userstore.getUser(req.authname)
project = Project.get(self.env)
# Update database if form posted
if req.method == 'POST':
# Remove icon if requested
if 'reset' in req.args:
# NOTE: Icon is removed from filesystem already at this point
self._unset_icon(req, project)
project.icon_name = None
# Update icon if set
if not isinstance(req.args.get('icon', ''), basestring):
icon_name = self._set_icon(req, project)
if icon_name:
# If image is changed
if icon_name != project.icon_name:
self._unset_icon(req, project)
project.icon_name = icon_name
else:
add_warning(req, 'Failed to set the project icon')
# Save changes in database
if 'apply' in req.args:
self._apply_changes(req, project)
# Reload page
return req.redirect(req.href(req.path_info))
data = {
'user': user,
'icon_size': self.icon_size,
'mproject': project,
'allow_public_projects': conf.allow_public_projects
}
# Add javascript libraries for datepicker and autocomplete
add_script(req, 'multiproject/js/jquery-ui.js')
add_stylesheet(req, 'multiproject/css/jquery-ui.css')
add_script(req, 'multiproject/js/multiproject.js')
add_script(req, 'multiproject/js/admin_basics.js')
Chrome(self.env).add_textarea_grips(req)
return 'admin_basics_replacement.html', data
def author(self):
"""
Property for getting project author
:returns: User instance of the project author
"""
if self._author:
return self._author
userstore = get_userstore()
self._author = userstore.getUserWhereId(self.author_id)
return self._author
def render_preference_panel(self, req, panel):
userstore = get_userstore()
user = userstore.getUser(req.authname)
if req.authname == 'anonymous' or not userstore.is_local(user):
raise TracError(
"User is not authenticated or preferences are maintained separate service",
"No preferences")
if req.method == 'POST':
self.changePassword(req)
return 'multiproject_user_prefs_password.html', {}
def createProject(self, req, projectid, projectname, description, project_visibility, serviceslist):
""" Request to create a new project
"""
services = {}
if str(projectid).strip() == '':
e = exceptions.Exception
raise e("Incorrect project identification name")
if str(projectname).strip() == '':
e = exceptions.Exception
raise e("Incorrect project name")
users = get_userstore()
author = users.getUser(req.authname)
if not author.can_create_project():
raise Exception("You are not allowed to create projects")
public = False
published = None
if project_visibility == "on" or project_visibility == "true":
public = True
published = datetime.now()
# Create project class
project = Project(id=None,
env_name=unicode(projectid),
project_name=projectname,
description=description,
author_id=author.id,
created=None,
public=public,
published=published)
if project_visibility == "on" or project_visibility == "true":
services['project_visibility'] = 'on'
else:
services['project_visibility'] = 'off'
projects = Projects()
projects.getServices(services, serviceslist)
# Create project
try:
projects.create_project(project, services)
return self.get_scm_repository_url(project.env_name)
except ProjectValidationException as exc:
raise Exception(exc.value)
except:
raise Exception("Creating project failed. Try again later.")
def modify_changeset_cntxtnav(self, req, data):
if not data:
self.log.error(
'modify_changeset_cntxtnav problem ocurres with path_info: %s args: %s'
% (req.path_info, req.args))
return
if data['changeset']:
data['owner'] = get_userstore().getUser(data['changeset'].author)
ctxtnavitems = req.chrome.pop('ctxtnav', [])
add_ctxtnav(req, _('All sources'), href=req.href.browser())
add_ctxtnav(req, _('Last change'))
add_ctxtnav(req, _('Revision log'), href=req.href.log())
add_ctxtnav(req, _('Diff changesets'), href=req.href.diff())
self.filter_navitems(ctxtnavitems, req, data)
def _user_name_or_mail_exists(self, req):
"""
Returns JSON representation for requested username or mail
"""
query = req.args.get('q', '')[:100]
if not query:
self.log.exception("query string not given. %s" % query)
return req.send('', status=404)
userstore = get_userstore()
recordExists = userstore.userNameOrMailExists(query)
return send_json(req, recordExists)
def validate_user(self, req, user):
if get_userstore().userExists(user.username):
return 'User name already reserved'
if not user.username:
return 'User should have a username'
if user.username.find(':') != -1 or user.username.find('%') != -1:
return 'User name cannot contain characters: : %'
if not user.mail:
return 'User should have an e-mail address'
if not user.lastName:
return 'Last name required'
def get_download_data(self):
platforms = {}
downloads = []
def download_from_sql_row(row):
return {
'id': row[0],
'file': row[1],
'description': row[2],
'time': row[3], # in timestamp, not in utimestamp
'count': row[4],
'author': row[5],
'platform': row[6], # Will be string instead
'featured': row[7]
}
try:
db = self.env.get_read_db()
cursor = db.cursor()
cursor.execute("SELECT id, name FROM platform")
for row in cursor:
platforms[row[0]] = row[1]
cursor.execute(
"SELECT id, file, description, time, count, author, platform, featured FROM download"
)
for row in cursor:
downloads.append(download_from_sql_row(row))
except Exception as e:
env_name = conf.resolveProjectName(self.env)
# this is the only way, since there are no common exceptions
if e.__class__.__name__ == 'ProgrammingError':
printout("{0}: Get download data failed: {1}".format(
env_name, e))
return None
else:
raise
userstore = get_userstore()
for download in downloads:
user = userstore.getUser(download['author'])
if user:
download['author_id'] = user.id
else:
download['author_id'] = None
if not download['platform']:
download['platform'] = ''
else:
download['platform'] = platforms[download['platform']]
return downloads
def get_user_permissions(self, subject):
"""
Returns the permissions of the specific subject (user or group)
.. NOTE::
Argument ``subject`` can be group or user, even though method name
would indicate only user being correct. This is how Trac
implements groups (at least in 0.12)
:returns: List of permission names
"""
user = get_userstore().getUser(subject)
if user is not None:
# construct list of groups where user belongs to
groups = []
for username, group in self._store.get_all_user_groups():
if username == user.username:
groups.append(group)
# add organization groups
org_store = CQDEOrganizationStore.instance()
for organization, group in self._store.get_all_organization_groups():
org_id = org_store.get_organization_id(organization)
if org_id in user.organization_keys:
groups.append(group)
# construct list of permissions based on group list
permissions = []
for group, perm in self._store.get_all_group_permissions():
if group in groups:
permissions.append(perm)
return permissions
else:
# no such user, asked with group name
group_store = CQDEUserGroupStore(self.trac_environment_key)
permissions = []
for name, permission in group_store.get_all_group_permissions():
if permission is None:
# TODO: this should NOT happen!
conf.log.warning('Group %s has permission None in trac_environment_key %s!' %
(subject, self.trac_environment_key))
continue
if name == subject:
permissions.append(permission)
return permissions
