def user_roles_update(user_id):
api = system_util.pillar_api()
group_subscriber = Group.find_one({'where': "name=='subscriber'"}, api=api)
external_subscriptions_server = app.config['EXTERNAL_SUBSCRIPTIONS_MANAGEMENT_SERVER']
# Fetch the user once outside the loop, because we only need to get the
# subscription status once.
user = User.me(api=api)
r = requests.get(external_subscriptions_server, params={'blenderid': user.email})
if r.status_code != 200:
log.warning("Error communicating with %s, code=%i, unable to check "
"subscription status of user %s",
external_subscriptions_server, r.status_code, user_id)
return
store_user = r.json()
max_retry = 5
for retry_count in range(max_retry):
# Update the user's role & groups for their subscription status.
roles = set(user.roles or [])
groups = set(user.groups or [])
if store_user['cloud_access'] == 1:
roles.add(u'subscriber')
groups.add(group_subscriber._id)
elif u'admin' not in roles:
roles.discard(u'subscriber')
groups.discard(group_subscriber._id)
# Only send an API request when the user has actually changed
if set(user.roles or []) == roles and set(user.groups or []) == groups:
break
user.roles = list(roles)
user.groups = list(groups)
try:
user.update(api=api)
except sdk_exceptions.PreconditionFailed:
log.warning('User etag changed while updating roles, retrying.')
else:
# Successful update, so we can stop the loop.
break
# Fetch the user for the next iteration.
if retry_count < max_retry - 1:
user = User.me(api=api)
else:
log.warning('Tried %i times to update user %s, and failed each time. Giving up.',
max_retry, user_id)
def settings_emails():
"""Main email settings.
"""
if current_user.has_role('protected'):
return abort(404) # TODO: make this 403, handle template properly
api = system_util.pillar_api()
user = User.find(current_user.objectid, api=api)
# Force creation of settings for the user (safely remove this code once
# implemented on account creation level, and after adding settings to all
# existing users)
if not user.settings:
user.settings = dict(email_communications=1)
user.update(api=api)
if user.settings.email_communications is None:
user.settings.email_communications = 1
user.update(api=api)
# Generate form
form = UserSettingsEmailsForm(
email_communications=user.settings.email_communications)
if form.validate_on_submit():
try:
user.settings.email_communications = form.email_communications.data
user.update(api=api)
flash("Profile updated", 'success')
except sdk_exceptions.ResourceInvalid as e:
message = json.loads(e.content)
flash(message)
return render_template('users/settings/emails.html', form=form, title='emails')
def load_user(userid):
api = Api(
endpoint=SystemUtility.attract_server_endpoint(),
username=None,
password=None,
token=userid
)
params = {'where': 'token=="{0}"'.format(userid)}
token = Token.all(params, api=api)
if token:
user_id = token['_items'][0]['user']
user = User.find(user_id, api=api)
if token and user:
login_user = userClass(userid)
login_user.email = user.email
login_user.objectid = user._id
login_user.username = user.username
#login_user.permissions = user['computed_permissions']
login_user.gravatar = gravatar(user.email)
try:
login_user.full_name = user.full_name
except KeyError:
pass
else:
login_user = None
return login_user
def __init__(self, name):
self.api = SystemUtility.attract_api()
# Check if organization exists
user = Organization.find_first({
'where': '{"url" : "%s"}' % (name),
},
api=self.api)
if user:
self.is_organization = True
self.name = user.name
self.url = user.url
self.description = user.description
self.gravatar = gravatar(user.email)
else:
# Check if user exists
user = User.find_first({
'where': '{"username" : "%s"}' % (name),
},
api=self.api)
if user:
self.is_organization = False
self.name = user.first_name
self.url = user.username
else:
return abort(404)
self._id = user._id
def load_user(userid):
api = Api(endpoint=SystemUtility.attract_server_endpoint(),
username=None,
password=None,
token=userid)
params = {'where': 'token=="{0}"'.format(userid)}
token = Token.all(params, api=api)
if token:
user_id = token['_items'][0]['user']
user = User.find(user_id, api=api)
if token and user:
login_user = userClass(userid)
login_user.email = user.email
login_user.objectid = user._id
login_user.username = user.username
#login_user.permissions = user['computed_permissions']
login_user.gravatar = gravatar(user.email)
try:
login_user.full_name = user.full_name
except KeyError:
pass
else:
login_user = None
return login_user
def load_user(userid):
from application import system_util
api = system_util.pillar_api(token=userid)
try:
user = User.me(api=api)
except sdk_exceptions.ForbiddenAccess:
return None
if not user:
return None
login_user = UserClass(userid)
login_user.email = user.email
login_user.objectid = user._id
login_user.username = user.username
login_user.gravatar = gravatar(user.email)
login_user.roles = user.roles
login_user.groups = user.groups
try:
login_user.full_name = user.full_name
except KeyError:
pass
return login_user
def validate(self):
rv = Form.validate(self)
if not rv:
return False
api = system_util.pillar_api()
user = User.find(current_user.objectid, api=api)
if user.username != self.username.data:
username = User.find_first({'where': '{"username": "******"}' % (self.username.data)},
api=api)
if username:
self.username.errors.append('Sorry, username already exists!')
return False
self.user = user
return True
def validate(self):
rv = Form.validate(self)
if not rv:
return False
api = system_util.pillar_api()
user = User.find(current_user.objectid, api=api)
if user.username != self.username.data:
username = User.find_first(
{'where': '{"username": "******"}' % (self.username.data)},
api=api)
if username:
self.username.errors.append('Sorry, username already exists!')
return False
self.user = user
return True
def validate(self):
rv = super().validate()
if not rv:
return False
api = system_util.pillar_api()
user = User.find(current_user.objectid, api=api)
if user.username != self.username.data:
username = User.find_first(
{'where': {"username": self.username.data}},
api=api)
if username:
self.username.errors.append('Sorry, this username is already taken.')
return False
self.user = user
return True
def profile():
"""Profile view and edit page. This is a temporary implementation.
"""
api = SystemUtility.attract_api()
user = User.find(current_user.objectid, api=api)
form = UserProfileForm(first_name=user.first_name, last_name=user.last_name)
if form.validate_on_submit():
user.first_name = form.first_name.data
user.last_name = form.last_name.data
user.update(api=api)
flash("Profile updated")
return render_template("users/profile.html", form=form)
def profile():
"""Profile view and edit page. This is a temporary implementation.
"""
api = SystemUtility.attract_api()
user = User.find(current_user.objectid, api=api)
form = UserProfileForm(first_name=user.first_name,
last_name=user.last_name)
if form.validate_on_submit():
user.first_name = form.first_name.data
user.last_name = form.last_name.data
user.update(api=api)
flash("Profile updated")
return render_template('users/profile.html', form=form)
def settings_billing():
"""View the subscription status of a user
"""
if current_user.has_role('protected'):
return abort(404) # TODO: make this 403, handle template properly
api = system_util.pillar_api()
user = User.find(current_user.objectid, api=api)
groups = []
if user.groups:
for group_id in user.groups:
group = Group.find(group_id, api=api)
groups.append(group.name)
external_subscriptions_server = app.config['EXTERNAL_SUBSCRIPTIONS_MANAGEMENT_SERVER']
r = requests.get(external_subscriptions_server, params={'blenderid': user.email})
store_user = r.json()
return render_template('users/settings/billing.html',
store_user=store_user, groups=groups, title='billing')
def users_edit(user_id):
if not current_user.has_role('admin'):
return abort(403)
api = system_util.pillar_api()
user = User.find(user_id, api=api)
form = UserEditForm()
if form.validate_on_submit():
def get_groups(roles):
"""Return a set of role ids matching the group names provided"""
groups_set = set()
for system_role in roles:
group = Group.find_one({'where': "name=='%s'" % system_role}, api=api)
groups_set.add(group._id)
return groups_set
# Remove any of the default roles
system_roles = set([role[0] for role in form.roles.choices])
system_groups = get_groups(system_roles)
# Current user roles
user_roles_list = user.roles if user.roles else []
user_roles = set(user_roles_list)
user_groups = get_groups(user_roles_list)
# Remove all form roles from current roles
user_roles = list(user_roles.difference(system_roles))
user_groups = list(user_groups.difference(system_groups))
# Get the assigned roles
system_roles_assigned = form.roles.data
system_groups_assigned = get_groups(system_roles_assigned)
# Reassign roles based on form.roles.data by adding them to existing roles
user_roles += system_roles_assigned
user_groups += list(get_groups(user_roles))
# Fetch the group for the assigned system roles
user.roles = user_roles
user.groups = user_groups
user.update(api=api)
else:
form.roles.data = user.roles
return render_template('users/edit_embed.html',
user=user,
form=form)
def users_edit(user_id):
from pillar.auth import UserClass
if not current_user.has_cap('admin'):
return abort(403)
api = system_util.pillar_api()
try:
user = User.find(user_id, api=api)
except sdk_exceptions.ResourceNotFound:
log.warning('Non-existing user %r requested.', user_id)
raise wz_exceptions.NotFound('Non-existing user %r requested.' % user_id)
form = forms.UserEditForm()
if form.validate_on_submit():
_users_edit(form, user, api)
else:
form.roles.data = user.roles
form.email.data = user.email
user_ob = UserClass.construct('', db_user=user.to_dict())
return render_template('users/edit_embed.html', user=user_ob, form=form)
def settings_profile():
"""Profile view and edit page. This is a temporary implementation.
"""
if current_user.has_role('protected'):
return abort(404) # TODO: make this 403, handle template properly
api = system_util.pillar_api()
user = User.find(current_user.objectid, api=api)
form = UserProfileForm(
full_name=user.full_name,
username=user.username)
if form.validate_on_submit():
try:
user.full_name = form.full_name.data
user.username = form.username.data
user.update(api=api)
flash("Profile updated", 'success')
except sdk_exceptions.ResourceInvalid as e:
message = json.loads(e.content)
flash(message)
return render_template('users/settings/profile.html', form=form, title='profile')
def __init__(self, name):
self.api = system_util.pillar_api()
# Check if organization exists
user = Organization.find_first({
'where': '{"url" : "%s"}' % (name),
}, api=self.api)
if user:
self.is_organization = True
self.name = user.name
self.url = user.url
self.description = user.description
self.gravatar = gravatar(user.email)
else:
# Check if user exists
user = User.find_first({
'where': '{"username" : "%s"}' % (name),
}, api=self.api)
if user:
self.is_organization = False
self.name = user.first_name
self.url = user.username
else: return abort(404)
self._id = user._id
