class AccountController(BaseController):
def login(self):
"""
This is where the login form should be rendered.
Without the login counter, we won't be able to tell if the user has
tried to log in with wrong credentials
"""
identity = request.environ.get('repoze.who.identity')
came_from = str(request.GET.get('came_from', '')) or \
url(controller='account', action='welcome')
if identity:
redirect(url(came_from))
else:
c.came_from = came_from
c.login_counter = request.environ['repoze.who.logins'] + 1
return render('/derived/account/login.html')
@ActionProtector(not_anonymous())
def welcome(self):
"""
Greet the user if she logged in successfully or redirect back
to the login form otherwise(using ActionProtector decorator).
"""
identity = request.environ.get('repoze.who.identity')
return 'Welcome back %s' % identity['repoze.who.userid']
@ActionProtector(not_anonymous())
def test_user_access(self):
return 'You are inside user section'
@ActionProtector(has_permission('admin'))
def test_admin_access(self):
return 'You are inside admin section'
class StaticPagesController(BaseController):
@ActionProtector(not_anonymous())
def help(self):
c.root_path = url('/', qualified=True)
return render("/static_pages/help.mako")
@ActionProtector(not_anonymous())
def citing(self):
c.root_path = url('/', qualified=True)
return render("/static_pages/citing.mako")
class BasicPylonsController(WSGIController):
"""Mock Pylons controller"""
sub1 = SubController1()
panel = SecurePanel()
def index(self, **kwargs):
return 'hello world'
@ActionProtector(in_group('admins'))
def admin(self, *args, **kwargs):
return 'got to admin'
def troll_detected(reason):
# Let's ignore the reason
return 'Trolls are banned'
@ActionProtector(All(not_anonymous(), Not(is_user('sballmer'))),
denial_handler=troll_detected)
def leave_comment(self):
return 'Comment accepted'
@special_require(not_anonymous())
def logout(self):
return 'You have been logged out'
@special_require(All(not_anonymous(), Not(is_user('sballmer'))),
denial_handler=troll_detected)
def start_thread(self):
return 'You have started a thread'
@ActionProtector(Not(not_anonymous()))
def get_parameter(self, something):
# Checking that parameters are received
return 'Parameter received: %s' % something
def boolean_predicate(self):
p = not_anonymous()
return 'The predicate is %s' % bool(p)
def is_met_util(self):
if is_met(not_anonymous()):
return 'You are not anonymous'
return 'You are anonymous'
def not_met_util(self):
if not_met(not_anonymous()):
return 'You are anonymous'
return 'You are not anonymous'
def post_login(self):
""" Handle logic post a user's login
I want to create a login_handler that's redirected to after login. This
would check
- if user was logged in, if not then send back to login
- if user is admin, go to job list
- if user can add joblist then go to *
- if user is read only go to job list that's trimmed down a bit
On the post login page adjust the max age on the existing cookie to XX
remember me timeframe
"""
if auth.check(not_anonymous()):
log.debug('checked auth')
else:
# login failed, redirect back to login
log.debug('failed auth')
redirect(url(controller="accounts",
action="login",
login_failed=True)
)
# expire this cookie into the future
ck = request.cookies['authtkt']
response.set_cookie('authtkt', ck,
max_age=60 * 60 * 24 * 7,
path='/'
)
redirect(url('/page/test'))
def login(self):
"""This is where the login form should be rendered."""
if auth.check(not_anonymous()):
# if we're not anonymous then we're logged in and need to be
# redirected
log.debug('already logged in')
redirect(url('/page/test'))
# Without the login counter, we won't be able to tell if the user has
# tried to log in with the wrong credentials
if 'repoze.who.logins' in request.environ:
login_counter = request.environ['repoze.who.logins']
else:
login_counter = 0
if login_counter > 0:
log.debug('Wrong Login credentials')
#flash('Wrong credentials')
tpl.login_counter = login_counter
tpl.came_from = request.params.get('came_from') or url('/')
if 'login_failed' in request.params:
tpl.login_failed = True
else:
tpl.login_failed = False
return render('/login.mako')
def post_login(self):
""" Handle logic post a user's login
I want to create a login_handler that's redirected to after login. This
would check
- if user was logged in, if not then send back to login
- if user is admin, go to job list
- if user can add joblist then go to *
- if user is read only go to job list that's trimmed down a bit
On the post login page adjust the max age on the existing cookie to XX
remember me timeframe
"""
if auth.check(not_anonymous()):
log.debug('checked auth')
else:
# login failed, redirect back to login
log.debug('failed auth')
redirect(
url(controller="accounts", action="login", login_failed=True))
# expire this cookie into the future
ck = request.cookies['authtkt']
response.set_cookie('authtkt', ck, max_age=60 * 60 * 24 * 7, path='/')
redirect(url('/page/test'))
def login(self):
"""This is where the login form should be rendered."""
if auth.check(not_anonymous()):
# if we're not anonymous then we're logged in and need to be
# redirected
log.debug('already logged in')
redirect(url('/page/test'))
# Without the login counter, we won't be able to tell if the user has
# tried to log in with the wrong credentials
if 'repoze.who.logins' in request.environ:
login_counter = request.environ['repoze.who.logins']
else:
login_counter = 0
if login_counter > 0:
log.debug('Wrong Login credentials')
#flash('Wrong credentials')
tpl.login_counter = login_counter
tpl.came_from = request.params.get('came_from') or url('/')
if 'login_failed' in request.params:
tpl.login_failed = True
else:
tpl.login_failed = False
return render('/login.mako')
def get_failures(self):
"""
Retourne la liste (au format JSON) des collecteurs Vigilo en panne.
Déclenche un appel à la méthode flash si cette liste est non vide.
"""
# On vérifie que l'utilisateurs dispose des permissions appropriées
All(
not_anonymous(msg=_("You need to be authenticated")),
Any(
config.is_manager,
has_permission('%s-access' % config.app_name.lower()),
msg=_("You don't have access to %s") % config.app_name
)
).check_authorization(request.environ)
# On récupère la liste des connecteurs en panne
failures = self.check_connectors_freshness()
# Si cette liste n'est pas vide, on affiche un message à l'utilisateur
if failures:
flash(_(
'Vigilo has detected a breakdown on the following '
'collector(s): %(list)s'
) % {'list': ', '.join(failures)},
'error'
)
# Dans les 2 cas (liste vide ou non), on la retourne au format JSON
return dict(failures=failures)
class NotifyServerController(ServiceController):
service_type = "notify"
@expose(content_type='text/xml')
def index(self, **kw):
descr = etree.Element('resource', uri=self.uri)
entry = etree.SubElement(descr,
'method',
name='/notify/email',
value="Send an email from user")
etree.SubElement(entry, 'arguments', value='recipient,subject')
etree.SubElement(entry, 'verb', value='POST')
etree.SubElement(entry, 'body', value='required')
return etree.tostring(descr)
@expose(content_type='text/xml')
@require(predicates.not_anonymous())
def email(self, recipients=None, subject=None, body=None): #pylint: disable=no-self-use
"""Send an email for logged in users
POST application/text ?subject=required&recipient=required[,required][&body]
TEXT BODY
POST applcation/xml ?subject=required&recipient=required[,required][&body]
<message>
<subject>.. </subject>
<recipient> .. </recipient>
<body> .. </body>
</message>
"""
#sender = identity.get_current_user().resource_value
sender = config.get('bisque.admin_email')
if request.content_type == 'application/xml':
message = etree.XML(request.body)
node = message.find('subject')
if subject is None and node is not None:
subject = node.text
node = message.find('recipient')
if recipients is None and node is not None:
recipients = node.text
node = message.find('body')
if body is None and node is not None:
body = node.text
else: # if request.content_type == 'application/text':
if body is None:
body = request.body
if not subject:
return "<failure msg='no subject' />"
if not body:
return "<failure msg='no body' />"
if not recipients:
return "<failure msg='no recipients' />"
if send_mail(sender, recipients, subject, body):
return "<success/>"
else:
return "<failure msg='send failed' />"
def index(self):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
arches = DBSession.query(Arch).order_by('name')
return dict(arches=arches, num_items=arches.count(),
admin=admin)
def index(self):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
kernels = DBSession.query(Kernel).order_by('name')
return dict(kernels=kernels, num_items=kernels.count(),
admin=admin)
def index(self):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
osfamilies = DBSession.query(OSFamily).order_by('name')
return dict(osfamilies=osfamilies, num_items=osfamilies.count(),
admin=admin)
def logout(request):
"""Log out the user."""
get_log().info("logout")
check_predicate(request, predicates.not_anonymous(msg='Must be logged in'))
cookie = request.environ['repoze.who.plugins']['cookie']
headers = cookie.forget(request.environ, None)
# TODO: read logout URL from config?
raise pyramid.httpexceptions.HTTPFound("/", headers=headers)
def logout(request):
"""Log out the user."""
get_log().info("logout")
check_predicate(request, predicates.not_anonymous(msg='Must be logged in'))
cookie = request.environ['repoze.who.plugins']['cookie']
headers = cookie.forget(request.environ, None)
# TODO: read logout URL from config?
raise pyramid.httpexceptions.HTTPFound("/", headers=headers)
def index(self):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
drivers = DBSession.query(Driver).order_by('name')
return dict(drivers=drivers, num_items=drivers.count(),
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
kernel_name = args[0]
kernel = Kernel.by_kernel_name(kernel_name)
return dict(kernel=kernel,
admin=admin)
def __call__(self, environ, start_response):
# need to check path_info to avoid infinite loop
if not_anonymous().is_met(environ) or environ['PATH_INFO'] == self._signin_url:
return self._app(environ, start_response)
else:
status = "301 Redirect"
headers = [("Location", self._signin_url),]
start_response(status, headers)
return ["Not logged in",]
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
arch_name = args[0]
arch = Arch.by_arch_name(arch_name)
return dict(arch=arch,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
drivertype_name = args[0]
drivertype = DriverType.by_drivertype_name(drivertype_name)
return dict(drivertype=drivertype,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
license_name = args[0]
license = License.by_license_name(license_name)
return dict(license=license,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
osfamily_name = args[0]
osfamily = OSFamily.by_osfamily_name(osfamily_name)
osreleases = osfamily.osreleases
return dict(osfamily=osfamily, osreleases=osreleases,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
systemfamily_name = args[0]
systemfamily = SystemFamily.by_systemfamily_name(systemfamily_name)
systems = systemfamily.systems
return dict(systemfamily=systemfamily, systems=systems,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
vendor_name = args[0]
vendor = Vendor.by_vendor_name(vendor_name)
names = vendor.other_names
return dict(vendor=vendor, names=names,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
system_name = args[0]
system = System.by_system_name(system_name)
devices = system.devices
return dict(system=system, devices=devices,
admin=admin)
class ShortcutsController(BaseController):
allow_only = authorize.not_anonymous()
@expose('sapns/shortcuts/edit.html')
@require(predicates.not_anonymous())
def edit(self, id=None, **params):
came_from = params.get('came_from', '/')
page = _('Shorcuts editing')
return dict(page=page, came_from=came_from)
@expose()
@require(predicates.not_anonymous())
def save(self, id=None, **params):
came_from = params.get('came_from', '/')
redirect(url(came_from))
@expose('json')
@require(predicates.not_anonymous())
def delete(self, id_shortcut, **params):
logger = logging.getLogger(__name__ + '/delete')
try:
logger.info('Deleting shortcut [%s]' % id_shortcut)
# the shortcut to be deleted
sc = dbs.query(SapnsShortcut).get(id_shortcut)
dbs.query(SapnsShortcut).\
filter(SapnsShortcut.shortcut_id == id_shortcut).\
delete()
dbs.flush()
_key = '%d_%d' % (sc.user_id, sc.parent_id)
cache.get_cache('user_get_shortcuts').remove_value(key=_key)
return dict(status=True)
except Exception, e:
logger.error(e)
return dict(status=False)
class SubmissionsController(TGController):
allow_only = not_anonymous(msg=u'Only logged in users may see submissions')
def __init__(self):
pass
def _before(self, *args, **kwargs):
'''Prepare tmpl_context with navigation menus'''
pass
@expose('sauce.templates.submissions')
def index(self, page=1, *args, **kwargs):
'''Submission listing page'''
c.table = SubmissionTable(DBSession)
#TODO: Ugly and stolen from controllers.user
# teammates = set()
# for team in request.user.teams:
# teammates |= set(team.students)
# teammates.discard(request.user)
values = SubmissionTableFiller(DBSession).get_value(user_id=request.user.id)
# for teammate in teammates:
# values.extend(SubmissionTableFiller(DBSession).get_value(user_id=teammate.id))
return dict(page='submissions', view=None, user=request.user, values=values)
@expose()
def _lookup(self, submission_id, *args):
'''Return SubmissionController for specified submission_id'''
try:
submission_id = int(submission_id)
submission = Submission.query.filter_by(id=submission_id).one()
except ValueError:
flash('Invalid Submission id: %s' % submission_id, 'error')
abort(400)
except NoResultFound:
flash('Submission %d not found' % submission_id, 'error')
abort(404)
except MultipleResultsFound: # pragma: no cover
log.error('Database inconsistency: Submission %d', submission_id, exc_info=True)
flash('An error occurred while accessing Submission %d' % submission_id, 'error')
abort(500)
controller = SubmissionController(submission)
return controller, args
def _fn(context, request):
try:
log.info("checking / requiring login")
p = predicates.not_anonymous(msg='Must be logged in')
p.check_authorization(request.environ)
except predicates.NotAuthorizedError:
log.debug("login required.")
redirect('/login?came_from={}'.format(request.path))
else:
log.debug("logged in.")
return request_handler(request)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
driver_name = args[0]
driver = Driver.by_driver_name(driver_name)
devices = driver.devices
descriptions = driver.descriptions
builds = driver.driverbuilds
tmpl_context.devices_form = DriverDeviceForm("new_driver_device_form", action='adddevice',
)
tmpl_context.meta_form = DriverBuildMetaForm("new_driver_build_meta_form", action='addmeta',
)
return dict(driver=driver, devices=devices, descriptions=descriptions,
builds=builds,
admin=admin)
def default(self, *args):
admin=False
if predicates.not_anonymous():
if predicates.has_permission('admin'):
admin=True
device_name = args[0]
device = Device.by_device_name(device_name)
drivers = device.drivers
aliases = device.devicealiases
systems = device.systems
tmpl_context.systems_form = DeviceSystemForm("new_device_system_form", action='addsystem',
)
tmpl_context.alias_form = DeviceAliasForm("new_device_alias_form", action='addalias',
)
return dict(device=device, drivers=drivers, aliases=aliases, systems=systems,
admin=admin)
class UserController(CrudRestController):
allow_only = has_permission(constants.permission_admin_name)
model = User
table = user_table
table_filler = user_table_filler
edit_form = user_edit_form
new_form = user_new_form
edit_filler = user_edit_filler
@with_trailing_slash
@expose('tgext.crud.templates.get_all')
@expose('json')
@paginate('value_list', items_per_page=7)
def get_all(self, *args, **kw):
return CrudRestController.get_all(self, *args, **kw)
@expose('genshi:tgext.crud.templates.post_delete')
def post_delete(self, *args, **kw):
flash("You haven't the right to delete any users")
redirect('/users')
@expose('tgext.crud.templates.edit')
def edit(self, *args, **kw):
flash("You haven't the right to edit any users")
redirect('/users')
@require(not_anonymous())
@expose('genshi:tgext.crud.templates.new')
def new(self, *args, **kw):
flash(
"You haven't the right to add any users, this is the job of Tequila system"
)
redirect('/users')
@expose()
@registered_validate(error_handler=new)
def post(self, *args, **kw):
pass
@expose()
@registered_validate(error_handler=edit)
def put(self, *args, **kw):
pass
def post_login(self):
identity = request.environ.get('repoze.who.identity')
if not identity:
session['failedlogin'] +=1
session.save()
#h.flash(_("Incorrect User name or Password"))
if session['failedlogin']>3:
session['failedlogin'] = 0
session.save()
#return "To many login atempts!"
return HTTPForbidden(request=request,body="Incorrect User name or Password")
if identity['user'].pending:
session['failedlogin'] = 0
session.save()
h.flash(_('Your account is still pending. Check your email for activation link'))
#return redirect logout
return redirect(url(controller="account",action="logout"))
#return render(path.join(get_lang()[0],'derived/account/login.mako'))
if identity['user'].deleted:
session['failedlogin'] = 0
session.save()
h.flash(_('Your account has been deleted!'))
return redirect(url(controller="account",action="logout"))
#return render(path.join(get_lang()[0],'derived/account/login.mako'))
session['user'] = identity['user'].id
if is_met(not_anonymous()):
session['failedlogin'] = 0
session['user_selection']={}
session['product_selection']={}
session['invoice_selection']={}
session.save()
if 'came_from' in session:
came_from = session['came_from']
del session['came_from']
session.save()
return redirect(came_from)
return render(path.join(get_lang()[0],'derived/account/login.mako'))
def _check_security(self):
predicate = getattr(self, 'allow_only', None)
if predicate is None:
return True
try:
predicate.check_authorization(pylons.request.environ)
except WhatNotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircut the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def test_uploaded(self, **kw):
''' XDMA upload request using HTTP uploads
this function is only created temporaly to provide backward compatibility
for DN provide http uploads, where directory is not specified by DN
but is known by the server and thus should be ignored here
'''
#log.debug( 'dn_test_uploaded - username ' + str(identity.current.user_name) )
# check the user identity here and return 401 if fails
if not not_anonymous():
response.status_int = 401
return "Access denied"
log.debug('dn_test_uploaded ' + str(kw))
hashes_str = kw.pop('hashes', [])
all_hashes = []
for fhash in hashes_str.split(','):
all_hashes.append(fhash)
found_hashes = image_service.files_exist(all_hashes)
found_html = ",".join([str(h) for h in found_hashes])
return "Found: " + found_html
def _check_security(self):
predicate = getattr(self, 'allow_only', None)
if predicate is None:
return True
try:
predicate.check_authorization(pylons.request.environ)
except WhatNotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircut the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
def _check_security(self):
if not hasattr(self, "allow_only") or self.allow_only is None:
log.debug('No controller-wide authorization at %s', request.path)
return True
try:
predicate = self.allow_only
predicate.check_authorization(request.environ)
except NotAuthorizedError, e:
reason = unicode(e)
if hasattr(self, '_failed_authorization'):
# Should shortcircut the rest, but if not we will still
# deny authorization
self._failed_authorization(reason)
if not_anonymous().is_met(request.environ):
# The user is authenticated but not allowed.
code = 403
status = 'error'
else:
# The user has not been not authenticated.
code = 401
status = 'warning'
pylons.response.status = code
flash(reason, status=status)
abort(code, comment=reason)
class AtributosPorTipoItemController(CrudRestController):
"""Controlador de roles"""
#{ Variables
title = u"Atributos de: %s"
action = "./"
#{ Plantillas
# No permitir rols anonimos (?)
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{ Modificadores
model = AtributosPorTipoItem
table = atributos_por_tipo_item_table
table_filler = atributos_por_tipo_item_table_filler
new_form = atributos_por_tipo_item_add_form
edit_form = atributos_por_tipo_item_edit_form
edit_filler = atributos_por_tipo_item_edit_filler
opciones = dict(nombre=u'Nombre', tipo=u"Tipo")
columnas = dict(nombre=u'texto', tipo=u"combobox")
comboboxes = dict(tipo=AtributosPorTipoItem._tipos_permitidos)
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.tipoitem.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
id_tipo_item = UrlParser.parse_id(request.url, "tipositems")
puede_crear = PoseePermiso('redefinir tipo item',
id_tipo_item=id_tipo_item).is_met(
request.environ)
tipo = TipoItem.por_id(id_tipo_item)
titulo = self.title % tipo.nombre
atributos = self.table_filler.get_value(id_tipo_item=id_tipo_item,
**kw)
tmpl_context.widget = self.table
url_action = self.action
atras = "../"
return dict(lista_elementos=atributos,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
comboboxes=self.comboboxes,
url_action=url_action,
puede_crear=puede_crear,
atras=atras)
@without_trailing_slash
@expose('lpm.templates.atributotipoitem.edit')
def edit(self, *args, **kw):
"""Despliega una pagina para modificar el atributo"""
id_tipo_item = UrlParser.parse_id(request.url, "tipositems")
url_action = "../"
pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(url_action)
tmpl_context.widget = self.edit_form
value = self.edit_filler.get_value( \
values={'id_atributos_por_tipo_item': int(args[0])})
value['_method'] = 'PUT'
page = "Atributo {nombre}".format(nombre=value["nombre"])
return dict(value=value, page=page, atras=url_action)
@without_trailing_slash
@expose('lpm.templates.atributotipoitem.new')
def new(self, *args, **kw):
"""Despliega una pagina para crear un tipo_item"""
id_tipo_item = UrlParser.parse_id(request.url, "tipositems")
url_action = "./"
pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(atras)
tmpl_context.widget = self.new_form
return dict(value=kw,
page=u"Nuevo Atributo",
action=url_action,
atras=url_action)
@validate(atributos_por_tipo_item_add_form, error_handler=new)
@expose()
def post(self, *args, **kw):
"""create a new record"""
id_tipo_item = UrlParser.parse_id(request.url, "tipositems")
url_action = "./"
pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(url_action)
if kw.has_key("sprox_id"):
del kw["sprox_id"]
tipo = TipoItem.por_id(id_tipo_item)
try:
tipo.agregar_atributo(**kw)
except NombreDeAtributoError, err:
flash(unicode(err), "warning")
redirect(url_action)
from baruwa.model.meta import Session
from baruwa.model.auth import LDAPSettings, RadiusSettings
from baruwa.model.accounts import Group, domain_owners
from baruwa.model.accounts import organizations_admins as oa
from baruwa.model.domains import DomainAlias
from baruwa.model.domains import Domain, DeliveryServer, AuthServer
from baruwa.forms.domains import BulkDelDomains, AddLDAPSettingsForm
from baruwa.forms.domains import AddDomainForm, AddDeliveryServerForm
from baruwa.forms.domains import AddAuthForm, AUTH_PROTOCOLS, EditDomainAlias
from baruwa.forms.domains import AddDomainAlias, AddRadiusSettingsForm
from baruwa.lib.audit.msgs.domains import *
log = logging.getLogger(__name__)
@ControllerProtector(All(not_anonymous(), OnlyAdminUsers()))
class DomainsController(BaseController):
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity["user"]
else:
c.user = None
c.selectedtab = "domains"
def _get_server(self, destinationid):
"utility"
try:
cachekey = u"deliveryserver-%s" % destinationid
q = (
def boolean_predicate(self):
p = not_anonymous()
return 'The predicate is %s' % bool(p)
c.paginator = paginate.Page(users, page=int(request.params.get("page", page)), items_per_page=10)
return render(path.join(get_lang()[0], "/derived/user/staff/index.mako"))
def customer(self):
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
if is_met(in_group("customer")) or is_met(in_group("admin")):
user = request.environ.get("repoze.who.identity")["user"]
values = create_dict(user)
return render_customer_form(self.menu_items, user.id, values)
@checkframe(url(controller="user", action="index"))
def index(self, page=1):
c.contents = h.readContents(session[_("pages.dat")][_("Customers")])[0]
return render(path.join(get_lang()[0], "derived/user/index.mako"))
@ActionProtector(not_anonymous())
def edit(self, id):
user = Session.query(User).filter_by(id=id).one()
identity = request.environ.get("repoze.who.identity")
if is_met(has_permission("edit_user")):
c.menu_items = h.top_menu(self.menu_items, _("Customers"))
values = create_dict(user)
return render_form(self.menu_items, values, action="update", id=user.id)
elif identity["user"] == user:
values = create_dict(user)
return render_customer_form(self.menu_items, user.id, values)
else:
h.flash("You are not authorized to edit this user data!")
came_from = str(request.GET.get("came_from", "")) or url(controller="user", action="index")
return redirect(h.url(came_from))
from repoze.what.predicates import not_anonymous # pylint: disable-msg=E0611
# pylint: disable-msg=E0611
from repoze.what.plugins.pylonshq import ControllerProtector
from baruwa.lib.base import BaseController
from baruwa.model.meta import Session
from baruwa.lib.mq import FANOUT_XCHG
from baruwa.model.settings import DomSigImg, UserSigImg
from baruwa.forms.misc import Fmgr
from baruwa.tasks.settings import delete_sig
from baruwa.lib.auth.predicates import check_domain_ownership, check_dom_access
log = logging.getLogger(__name__)
@ControllerProtector(not_anonymous())
class FilemanagerController(BaseController):
"FM controller"
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
# pylint: disable-msg=R0912,R0915,R0914,W0142,W0622
def index(self, domainid=None, userid=None):
"Index"
action = request.GET.get('action', None)
if not action:
class HistorialItemController(CrudRestController):
"""Controlador de Historial de un Ítem"""
#{ Variables
title = u"Historial del Ítem %s"
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{plantillas
tmp_action = "./"
#{ Modificadores
model = HistorialItems
table = historial_item_table
table_filler = historial_item_filler
opciones = dict(
tipo_modificacion=u'Tipo de Modificacion',
fecha_modificacion=u'Fecha de Mofificacion',
nombre_usuario=u'Nombre de Usuario',
)
columnas = dict(tipo_modificacion=u'texto',
fecha_modificacion=u'fecha',
nombre_usuario=u'texto')
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.historialitem.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
titulo = self.title
id_p_item = UrlParser.parse_id(request.url, "versiones")
if id_p_item:
p_item = PropiedadItem.por_id(id_p_item)
titulo = u"Cambios en versión: %d" % p_item.version
tmpl_context.widget = self.table
items = self.table_filler.get_value(id_p_item=id_p_item, **kw)
return dict(lista_elementos=items,
page=titulo,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action=self.tmp_action,
atras="../../")
# @without_trailing_slash
# @paginate('lista_elementos', items_per_page=5)
# @expose('lpm.templates.historialitem.get_all')
# @expose('json')
@expose()
def post_buscar(self, *args, **kw):
"""
Controlador que recibe los parámetros de búsqueda para
devolver el resultado esperado.
"""
titulo = self.title
id_p_item = UrlParser.parse_id(request.url, "versiones")
if id_p_item:
p_item = PropiedadItem.por_id(id_p_item)
titulo = u"Cambios en versión: %d" % p_item.version
tmpl_context.widget = self.table
buscar_table_filler = HistorialItemTableFiller(DBSession)
buscar_table_filler.filtros = kw
items = buscar_table_filler.get_value(id_usuario=id_usuario, **kw)
return dict(lista_elementos=items,
page=titulo,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action=self.tmp_action,
atras="../../../")
@expose()
def get_one(self, *args, **kw):
pass
@expose()
def new(self, *args, **kw):
pass
@expose()
def post_delete(self, id):
pass
@expose()
def post(self, *args, **kw):
pass
@expose()
def edit(self, *args, **kw):
pass
@expose()
def put(self, *args, **kw):
pass
@expose()
def revertir(self, *args, **kw):
pass
class ProyectoController(CrudRestController):
"""Controlador de Proyectos"""
#{ Variables
title = u"Administrar Proyectos"
#{ Plantillas
tmp_action = "/proyectos/buscar"
# No permitir usuarios anonimos (?)
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{ Sub Controlador
fases = FaseController(DBSession)
tipositems = ProyectoTipoItemController(DBSession)
miembros = MiembrosProyectoController()
nomiembros = NoMiembrosProyectoController()
rolesproyecto = RolesProyectoController(DBSession)
#{ Modificadores
model = Proyecto
table = proyecto_table
table_filler = proyecto_table_filler
new_form = proyecto_add_form
edit_form = proyecto_edit_form
edit_filler = proyecto_edit_filler
#para el form de busqueda
opciones = dict(nombre=u"Nombre de Proyecto",
codigo=u"Código",
estado=u"Estado",
complejidad_total=u"Complejidad Total",
numero_fases=u"Número de Fases",
fecha_creacion=u"Fecha de Creación")
#el diccionario opciones de tiene lo que se muestra en
#el combobox de selección de filtros,
#tiene que tener la misma clave que los valores de columnas
columnas = dict(
nombre="texto",
codigo="texto", #lider="text",
estado="combobox",
complejidad_total="entero",
numero_fases="entero",
fecha_creacion="fecha")
comboboxes = dict(estado=Proyecto.estados_posibles)
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.proyecto.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
puede_crear = PoseePermiso("crear proyecto").is_met(request.environ)
if pylons.request.response_type == 'application/json':
return dict(lista=self.table_filler.get_value(**kw))
if not getattr(self.table.__class__, ' ', False):
proyectos = self.table_filler.get_value(**kw)
else:
proyectos = []
tmpl_context.widget = self.table
atras = '/'
return dict(lista_elementos=proyectos,
page=self.title,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action="/proyectos/",
puede_crear=puede_crear,
comboboxes=self.comboboxes,
atras=atras)
@expose()
def iniciar(self, id_proyecto):
"""Inicia un proyecto"""
if (not PoseePermiso('iniciar proyecto',
id_proyecto=id_proyecto).is_met(request.environ)):
flash("No puedes iniciar el proyecto", "warning")
proy = Proyecto.por_id(id_proyecto)
if not proy.obtener_lider():
msg = "No puedes iniciar el proyecto. Debes primero asignarle "
msg += "un lider"
flash(msg, "warning")
redirect("/proyectos/")
proy.iniciar_proyecto()
flash("El proyecto se ha iniciado correctamente")
redirect("/proyectos/")
@without_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.proyecto.get_all')
@expose('json')
def post_buscar(self, *args, **kw):
"""
Controlador que recibe los parámetros de búsqueda para
devolver el resultado esperado.
"""
puede_crear = PoseePermiso("crear proyecto").is_met(request.environ)
pp = PoseePermiso('consultar proyecto')
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect("/proyectos/")
tmpl_context.widget = self.table
buscar_table_filler = ProyectoTableFiller(DBSession)
buscar_table_filler.filtros = kw
proyectos = buscar_table_filler.get_value()
atras = '/proyectos/'
return dict(lista_elementos=proyectos,
page=self.title,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
url_action="/proyectos/",
puede_crear=puede_crear,
comboboxes=self.comboboxes,
opciones=self.opciones,
atras=atras)
@without_trailing_slash
@expose('lpm.templates.proyecto.new')
def new(self, *args, **kw):
"""Display a page to show a new record."""
tmpl_context.widget = self.new_form
atras = "/proyectos/"
return dict(value=kw, page="Nuevo Proyecto", atras=atras)
@validate(proyecto_add_form, error_handler=new)
@expose()
def post(self, *args, **kw):
if "sprox_id" in kw:
del kw["sprox_id"]
proy = Proyecto(**kw)
DBSession.add(proy)
DBSession.flush()
proy.codigo = Proyecto.generar_codigo(proy)
#Creamos el rol miembro y lider de proyecto para este proyecto.
plant_l = Rol.obtener_rol_plantilla(nombre_rol=u"Lider de Proyecto")
rol_l = Rol.nuevo_rol_desde_plantilla(plantilla=plant_l,
id=proy.id_proyecto)
flash("Se ha creado un nuevo proyecto")
redirect("/proyectos/")
@expose('lpm.templates.proyecto.edit')
def edit(self, id_proyecto, *args, **kw):
"""Despliega una pagina para admistrar un proyecto"""
pp = PoseePermiso('modificar proyecto', id_proyecto=id_proyecto)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect("/proyectos")
proyecto = Proyecto.por_id(id_proyecto)
tmpl_context.widget = self.edit_form
value = self.edit_filler.get_value(values={'id_proyecto': id_proyecto})
value['_method'] = 'PUT'
atras = "/proyectos/"
return dict(value=value,
page="Modificar Proyecto %s" % proyecto.nombre,
atras=atras)
@validate(proyecto_edit_form, error_handler=edit)
@expose()
def put(self, *args, **kw):
"""Registra los cambios en la edición de un
proyecto.
"""
if "sprox_id" in kw:
del kw["sprox_id"]
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
proy = Proyecto.por_id(id_proyecto)
proy.nombre = unicode(kw["nombre"])
proy.descripcion = unicode(kw["descripcion"])
redirect("/proyectos/")
@expose()
def post_delete(self, id_proyecto):
proy = Proyecto.por_id(int(id_proyecto))
p_items = DBSession.query(PropiedadItem).filter(and_(PropiedadItem.id_item_actual ==\
Item.id_item, Item.id_fase == \
Fase.id_fase, Fase.id_proyecto ==
id_proyecto)).all()
for pi in p_items:
DBSession.delete(pi)
DBSession.delete(proy)
flash("Proyecto Eliminado")
redirect("/proyectos/")
@expose('lpm.templates.index')
def _default(self, *args, **kw):
"""Maneja las urls no encontradas"""
flash(_('Recurso no encontrado'), 'warning')
redirect('/')
return dict(page='index')
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.proyecto.get_all')
@expose('json')
def get_one(self, *args, **kw):
id_proyecto = int(args[0])
puede_crear = PoseePermiso("crear proyecto").is_met(request.environ)
if pylons.request.response_type == 'application/json':
return dict(lista=self.table_filler.get_value(
id_proyecto=id_proyecto, **kw))
if not getattr(self.table.__class__, ' ', False):
proyecto = self.table_filler.get_value(id_proyecto=id_proyecto,
**kw)
else:
proyecto = []
tmpl_context.widget = self.table
atras = '../'
return dict(lista_elementos=proyecto,
page=self.title,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action="/proyectos/",
puede_crear=puede_crear,
comboboxes=self.comboboxes,
atras=atras)
from baruwa.lib.auth.predicates import OnlySuperUsers
from baruwa.tasks.settings import update_serial
from baruwa.model.accounts import Group
from baruwa.forms.organizations import RelayForm, RelayEditForm
from baruwa.forms.organizations import ImportCSVForm
from baruwa.tasks import importdomains
from baruwa.lib.audit.msgs import organizations as auditmsgs
from baruwa.lib.api import org_add_form, create_org, edit_org, delete_org, \
update_if_changed, org_delete_form, relay_update_if_changed, add_relay, \
edit_relay, delete_relay, get_org, get_relay
log = logging.getLogger(__name__)
@ControllerProtector(All(not_anonymous(), OnlySuperUsers()))
class OrganizationsController(BaseController):
"Organizations controller"
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
c.selectedtab = 'organizations'
def index(self, page=1, format=None):
"index page"
total_found = 0
search_time = 0
class EventController(TGController):
def __init__(self, event):
self.event = event
self.sheets = SheetsController(event=self.event)
self.lessons = LessonsController(event=self.event)
self.admin = EventAdminController(event=self.event)
self.submissions = SubmissionsController(event=self.event)
c.event = self.event
self.allow_only = Any(
is_public(self.event),
user_is_in('teachers', self.event),
has_permission('manage'),
msg=u'This Event is not public'
)
c.sub_menu = menu(self.event, True)
def _before(self, *args, **kwargs):
'''Prepare tmpl_context with navigation menus'''
#c.side_menu = entity_menu(self.event, 'Sheets', self.event.sheets)
c.sub_menu = menu(self.event)
@expose('sauce.templates.event')
def index(self, *args, **kwargs):
'''Event details page'''
return dict(page='events', event=self.event)
@expose('sauce.templates.form')
@require(not_anonymous(msg=u'Only logged in users can enroll for events'))
def enroll(self, password=None, lesson=None, team=None, *args, **kwargs):
'''Event enrolling page'''
params = {}
if not self.event.enroll:
flash('Enroll not allowed', 'error')
return HTTPForbidden()
if self.event.password and password != self.event.password:
if password:
flash('Wrong password', 'error')
c.text = u'Please enter the password to enroll for this event:'
c.form = PasswordEnrollForm
else:
if password:
params['password'] = password
if self.event.enroll == 'event':
try:
self.event._members.append(request.user)
DBSession.flush()
except SQLAlchemyError:
log.warn('Error while enrolling user %r for event %r:', request.user, self.event, exc_info=True)
flash('An error occured', 'error')
else:
flash('Enrolled for Event "%s"' % self.event.name,
'ok')
redirect(self.event.url)
if self.event.enroll in ('lesson_team', 'team', 'team_new') and team:
if self.event.enroll == 'team_new' and team == '__new__':
try:
lesson = Lesson.query.get(int(lesson))
except ValueError:
lesson = team = None
else:
# Get unique team name
q = Team.query.filter_by(lesson=lesson)
i = q.count() + 1
while True:
name = 'New Team %d' % i
t = q.filter_by(name=name).first()
if not t:
break
i = i + 1
team = Team(lesson=lesson, name=name)
DBSession.add(team)
else:
try:
team = Team.query.get(int(team))
except ValueError:
team = None
if team:
try:
team.members.append(request.user)
DBSession.flush()
except SQLAlchemyError:
log.warn('Error while enrolling user %r for team %r:', request.user, team, exc_info=True)
flash('An error occured', 'error')
lesson = lesson.id
else:
flash('Enrolled for Team "%s" in Lesson "%s" in Event "%s"'
% (team.name, team.lesson.name, self.event.name),
'ok')
redirect(self.event.url)
else:
flash('Selected Team does not exist', 'error')
if self.event.enroll in ('lesson', 'lesson_team', 'team', 'team_new') and not lesson:
c.text = u'Please select the lesson you would like to attend:'
c.form = LessonSelectionForm(event=self.event, action=url('', params))
if self.event.enroll == 'lesson' and lesson:
try:
lesson = Lesson.query.get(int(lesson))
except ValueError:
lesson = None
if lesson:
try:
lesson._members.append(request.user)
DBSession.flush()
except SQLAlchemyError:
log.warn('Error while enrolling user %r for lesson %r:', request.user, lesson, exc_info=True)
flash('An error occured', 'error')
else:
flash('Enrolled for Lesson "%s" in Event "%s"'
% (lesson.name, self.event.name),
'ok')
redirect(self.event.url)
else:
flash('Selected Lesson does not exist',
'error')
if self.event.enroll in ('lesson_team', 'team', 'team_new') and lesson:
try:
lesson = Lesson.query.get(int(lesson))
except ValueError:
lesson = None
else:
params['lesson'] = lesson.id
c.text = u'Please select the team in which you would like to work:'
c.form = TeamSelectionForm(
lesson=lesson,
new=bool(self.event.enroll == 'team_new'),
action=url('', params),
)
return dict(page='events', heading=u'Enroll for %s' % self.event.name)
def index(self):
debug = not_anonymous(msg='log in!')\
.is_met(cherrypy.request.wsgi_environ)
gatherings = Session.query(Gathering).all()
return {'gatherings': gatherings, 'debug': debug}
filter(SapnsShortcut.shortcut_id == id_shortcut).\
delete()
dbs.flush()
_key = '%d_%d' % (sc.user_id, sc.parent_id)
cache.get_cache('user_get_shortcuts').remove_value(key=_key)
return dict(status=True)
except Exception, e:
logger.error(e)
return dict(status=False)
@expose('json')
@require(predicates.not_anonymous())
def bookmark(self, id_shortcut, **params):
logger = logging.getLogger(__name__ + '/bookmark')
try:
logger.info('Bookmarking shortcut [%s]' % id_shortcut)
user = dbs.query(SapnsUser).get(request.identity['user'].user_id)
dboard = user.get_dashboard()
dboard.add_child(id_shortcut)
_key = '%d_%d' % (user.user_id, dboard.shortcut_id)
cache.get_cache('user_get_shortcuts').remove_value(key=_key)
return dict(status=True)
except Exception, e:
class RolController(CrudRestController):
"""Controlador de roles"""
#{ Variables
title = u"Administrar Roles"
action = "/roles/"
rol_tipo = u"Sistema" #indica que el tipo no hay que averiguar.
#{ Plantillas
# No permitir usuarios anonimos (?)
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{ Modificadores
model = Rol
table = rol_table
table_filler = rol_table_filler
new_form = rol_add_form
edit_form = rol_edit_form
edit_filler = rol_edit_filler
#para el form de busqueda
opciones = dict(codigo=u'Código', nombre_rol=u'Nombre', tipo=u'Tipo')
columnas = dict(codigo='texto', nombre_rol='texto', tipo='combobox')
comboboxes = dict(tipo=Rol.tipos_posibles)
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.rol.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
puede_crear = PoseePermiso("crear rol").is_met(request.environ)
if request.response_type == 'application/json':
return self.table_filler.get_value(**kw)
if not getattr(self.table.__class__, '__retrieves_own_value__', False):
roles = self.table_filler.get_value(**kw)
else:
roles = []
tmpl_context.widget = self.table
atras = "/"
return dict(lista_elementos=roles,
page=self.title,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
comboboxes=self.comboboxes,
url_action=self.action,
puede_crear=puede_crear,
atras=atras)
@expose('lpm.templates.rol.edit')
def edit(self, *args, **kw):
"""Despliega una pagina para modificar rol"""
pp = PoseePermiso('modificar rol')
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(self.action)
tmpl_context.widget = self.edit_form
value = self.edit_filler.get_value(values={'id_rol': int(args[0])})
page = "Rol {nombre}".format(nombre=value["nombre_rol"])
atras = self.action
return dict(value=value, page=page, atras=atras)
@expose('lpm.templates.rol.get_one')
def get_one(self, id_rol):
"""Despliega una página para visualizar el rol"""
class select(MultipleSelectDojo):
def _my_update_params(self, d, nullable=False):
options = []
pks = []
for i, v in enumerate(d["value"]):
pks.append(int(v))
permisos = DBSession.query(Permiso) \
.filter(Permiso.id_permiso.in_(pks)).all()
for p in permisos:
options.append((p.id_permiso, '%s' % p.nombre_permiso))
d['options'] = options
return d
class selector(WidgetSelectorDojo):
default_multiple_select_field_widget_type = select
class RolVerEditForm(RolEditForm):
__model__ = Rol
__hide_fields__ = ['id_rol']
__omit_fields__ = [
'usuarios', 'codigo', 'creado', 'id_proyecto', 'id_fase',
'id_tipo_item'
]
__field_order__ = ['nombre_rol', 'tipo', 'descripcion', 'permisos']
__widget_selector_type__ = selector
descripcion = TextArea
tmpl_context.widget = RolVerEditForm(DBSession)
value = self.edit_filler.get_value(values={'id_rol': int(id_rol)})
page = "Rol {nombre}".format(nombre=value["nombre_rol"])
atras = self.action
return dict(value=value, page=page, atras=atras)
@without_trailing_slash
@expose('lpm.templates.rol.new')
def new(self, *args, **kw):
"""Despliega una pagina para crear un rol"""
pp = PoseePermiso('crear rol')
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(self.action)
tmpl_context.widget = self.new_form
if request.environ.get(
'HTTP_REFERER') == "http://" + request.environ.get(
'HTTP_HOST', ) + "/":
atras = "../"
else:
atras = "/roles"
return dict(value=kw,
page="Nuevo Rol",
action=self.action,
atras=atras)
#@validate(rol_add_form, error_handler=new)
@expose()
def post(self, *args, **kw):
"""create a new record"""
pp = PoseePermiso('crear rol')
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(self.action)
if (not kw.has_key('tipo')):
kw["tipo"] = self.rol_tipo
Rol.crear_rol(**kw)
redirect(self.action)
#@validate(rol_edit_form, error_handler=edit)
@expose()
def put(self, *args, **kw):
"""update a record"""
pp = PoseePermiso('modificar rol')
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(self.action)
Rol.actualizar_rol(**kw)
redirect(self.action)
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.rol.get_all')
@expose('json')
def post_buscar(self, *args, **kw):
puede_crear = PoseePermiso("crear rol").is_met(request.environ)
tmpl_context.widget = self.table
buscar_table_filler = self.table_filler.__class__(DBSession)
buscar_table_filler.filtros = kw
roles = buscar_table_filler.get_value()
atras = self.action
return dict(lista_elementos=roles,
page=self.title,
titulo=self.title,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
comboboxes=self.comboboxes,
url_action=self.action,
puede_crear=puede_crear,
atras=atras)
log = logging.getLogger(__name__)
CONFIG_SECTIONS = {
1: 'General Settings',
2: 'Message Processing Settings',
3: 'Virus checks Settings',
4: 'Content checks Settings',
5: 'Reporting Settings',
6: 'Notice Settings',
7: 'Spam checks Settings',
8: 'Logging Settings'
}
@ControllerProtector(not_anonymous())
class SettingsController(BaseController):
#@ActionProtector(not_anonymous())
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
c.selectedtab = 'settings'
def _get_server(self, serverid):
"returns server object"
try:
server = Session.query(Server).get(serverid)
class RootController(BaseController):
""" The root controller for the fedora-tagger application. """
error = ErrorController()
@expose('json')
def dump(self):
""" A http interface to the dump2json method.
Returns a json dump of the database (nearly) in full.
"""
return dump2json()
def _search_query(self, term):
""" Produce a query searching over packages for ``term`` """
query = model.Package.query.filter_by(name=term)
if query.count() != 1:
# Broaden the search
query = model.Package.query.filter(
model.Package.name.like("%%%s%%" % term))
return query
@expose('json')
@require(not_anonymous(msg="Login with your FAS credentials."))
def search(self, term):
""" Handles /search URL.
Returns a JSON object including how many items were found, and a (few)
samples.
"""
query = self._search_query(term)
return dict(count=query.count(),
term=term,
samples=[p.name for p in query.all()[:3]])
@expose('json')
@require(not_anonymous(msg="Login with your FAS credentials."))
def add(self, label, package):
""" Handles /add URL.
Returns a JSON object indicating success or failure.
- If the package does not exist. Fail.
- If the label does not exist, create it.
- If the label is not associated with the package, associate it.
- Log a 'vote' for the current user on the new tag.
"""
json = dict(tag=label, package=package)
query = model.TagLabel.query.filter_by(label=label)
if query.count() == 0:
model.DBSession.add(model.TagLabel(label=label))
label = query.one()
query = model.Package.query.filter_by(name=package)
if query.count() == 0:
json['msg'] = "No such package '%s'" % package
return json
package = query.one()
query = model.Tag.query.filter_by(label=label, package=package)
if query.count() != 0:
json['msg'] = "%s already tagged '%s'" % (package.name,
label.label)
return json
tag = model.Tag(label=label, package=package)
model.DBSession.add(tag)
vote = model.Vote(like=True)
vote.user = model.get_user()
vote.tag = tag
model.DBSession.add(vote)
json['msg'] = "Success. '%s' added to package '%s'" % (label.label,
package.name)
return json
@expose('fedoratagger.templates.tagger')
@require(not_anonymous(msg="Login with your FAS credentials."))
def tagger(self):
""" Really, the main index.
Returns a list of (the first three) card widgets for the
template to render. The rest are acquired as needed via ajax calls to
the /card path.
"""
cards = [CardWidget(package=None) for i in range(3)]
cards[1].css_class = 'card center'
return dict(cards=cards)
index = tagger
@expose()
@require(not_anonymous(msg="Login with your FAS credentials."))
def leaderboard(self, N=10):
""" Handles the /leaderboard path.
Returns an HTML table of the top N users.
"""
users = model.FASUser.query.all()
users.sort(lambda x, y: cmp(len(x.votes), len(y.votes)), reverse=True)
users = users[:N]
keys = ['rank', 'gravatar_sm', 'username', 'total_votes']
row = "<tr>" + ''.join(["<td>{%s}</td>" % k for k in keys]) + "</tr>"
rows = [
row.format(**dict([(k, getattr(u, k)) for k in keys]))
for u in users
]
template = """
<table class="leaderboard">
<tr>
<th>Rank</th>
<th colspan="2">User</th>
<th>Votes</th>
</tr>
{rows}
</table>"""
return template.format(rows="".join(rows))
@expose()
@require(not_anonymous(msg="Login with your FAS credentials."))
def details(self, name=None):
""" Handles the /details path.
Return a list of details for a package.
"""
icon_template = "https://admin.fedoraproject.org/community/images/16_{serv}.png"
item_template = "<li><img src='{icon}'/><a href='{url}' target='_blank'>{text}</a></li>"
services = [
('pkgdb', 'Downloads',
"https://admin.fedoraproject.org/community/?package={name}#package_maintenance/details/downloads"
),
('koji', 'Builds',
"http://koji.fedoraproject.org/koji/search?terms={name}&type=package&match=exact"
),
('bodhi', 'Updates',
"https://admin.fedoraproject.org/updates/{name}"),
('bugs', 'Bugs',
"https://admin.fedoraproject.org/pkgdb/acls/bugs/{name}"),
('sources', 'Source',
"http://pkgs.fedoraproject.org/gitweb/?p={name}.git"),
]
items = [
item_template.format(icon=icon_template.format(serv=serv),
url=url.format(name=name),
text=text) for serv, text, url in services
]
return "<ul>" + "\n".join(items) + "</ul>"
@expose()
@require(not_anonymous(msg="Login with your FAS credentials."))
def card(self, name=None):
""" Handles the /card path. Return a rendered CardWidget in HTML.
If no name is specified, produce a widget for a package selected at
random.
If a name is specified, try to search for that package and render the
associated CardWidget.
"""
package = None
if name and name != "undefined":
query = self._search_query(name)
package = query.first()
w = CardWidget(package=package)
return w.display()
@expose('json')
@require(not_anonymous(msg="Login with your FAS credentials."))
def vote(self, id, like):
""" Handles the /vote path. Return JSON indicating results and stats.
If the user has voted on this tag before, only allow a 'change' of
votes; no "double-voting".
If they have not, then register their new vote.
"""
like = asbool(like)
tag = model.Tag.query.filter_by(id=id).one()
user = model.get_user()
# See if they've voted on this before.
query = model.Vote.query.filter_by(user=user, tag=tag)
if query.count() == 0:
# They haven't. So register a new vote.
if like:
tag.like += 1
else:
tag.dislike += 1
vote = model.Vote(like=like)
vote.user = user
vote.tag = tag
model.DBSession.add(vote)
else:
# Otherwise, they've voted on this before. See if they're changing
# their vote.
vote = query.one()
if vote.like == like:
# They're casting the same vote, the same way. Ignore them.
pass
else:
# Okay. Let them change their vote.
if like:
tag.like += 1
tag.dislike -= 1
else:
tag.like -= 1
tag.dislike += 1
vote.like = like
# Done changing vote.
json = tag.__json__()
json['user'] = {
'votes': user.total_votes,
'rank': user.rank,
}
return json
@expose('fedoratagger.templates.login')
def login(self, came_from=url('/')):
"""Start the user login."""
login_counter = request.environ['repoze.who.logins']
if login_counter > 0:
flash(_('Wrong credentials'), 'warning')
return dict(page='login',
login_counter=str(login_counter),
came_from=came_from)
@expose()
def post_login(self, came_from=url('/')):
"""
Redirect the user to the initially requested page on successful
authentication or redirect her back to the login page if login failed.
"""
if not request.identity:
login_counter = request.environ['repoze.who.logins'] + 1
redirect('/login',
params=dict(came_from=came_from, __logins=login_counter))
userid = request.identity['repoze.who.userid']
flash(_('Welcome back, %s!' % userid))
redirect(came_from)
@expose()
def post_logout(self, came_from=url('/')):
"""
Redirect the user to the initially requested page on logout and say
goodbye as well.
"""
flash(_('We hope to see you soon!'))
redirect(came_from)
filter(SapnsShortcut.shortcut_id == id_shortcut).\
delete()
dbs.flush()
_key = '%d_%d' % (sc.user_id, sc.parent_id)
cache.get_cache('user_get_shortcuts').remove_value(key=_key)
return dict(status=True)
except Exception, e:
logger.error(e)
return dict(status=False)
@expose('json')
@require(predicates.not_anonymous())
def bookmark(self, id_shortcut, **params):
logger = logging.getLogger(__name__ + '/bookmark')
try:
logger.info('Bookmarking shortcut [%s]' % id_shortcut)
user = dbs.query(SapnsUser).get(request.identity['user'].user_id)
dboard = user.get_dashboard()
dboard.add_child(id_shortcut)
_key = '%d_%d' % (user.user_id, dboard.shortcut_id)
cache.get_cache('user_get_shortcuts').remove_value(key=_key)
return dict(status=True)
except Exception, e:
class TipoItemController(CrudRestController):
"""Controlador para tipos de item"""
#{ Variables
title = u"Tipos de Ítem de fase: %s"
action = "./"
subaction = "./atributostipoitem/"
#{subcontroller
miembrostipo = MiembrosTipoController()
nomiembrostipo = NoMiembrosTipoController()
atributostipoitem = AtributosPorTipoItemController(DBSession)
rolestipo = RolesTipoController(DBSession)
#{ Plantillas
# No permitir tipo_items anonimos (?)
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{ Modificadores
model = TipoItem
table = tipo_item_table
table_filler = tipo_item_table_filler
new_form = tipo_item_add_form
edit_form = tipo_item_edit_form
edit_filler = tipo_item_edit_filler
#para el form de busqueda
opciones = dict(codigo= u'Código',
nombre= u'Nombre'
)
columnas = dict(codigo='texto',
nombre='texto'
)
#comboboxes = dict()
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.tipoitem.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
id_fase = UrlParser.parse_id(request.url, "fases")
atras = "../"
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti")
id_fase = UrlParser.parse_id(request.url, "fases_ti")
atras = "../../"
proy = Proyecto.por_id(id_proyecto)
puede_crear = puede_crear = PoseePermiso("crear tipo item",
id_fase=id_fase).is_met(request.environ)
if proy.estado != "Iniciado":
puede_crear = False
fase = Fase.por_id(id_fase)
titulo = self.title % fase.nombre
tipo_items = self.table_filler.get_value(id_fase=id_fase, **kw)
tmpl_context.widget = self.table
url_action = self.action
if UrlParser.parse_nombre(request.url, "post_buscar"):
url_action = "../"
return dict(lista_elementos=tipo_items,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action=url_action,
puede_crear=puede_crear,
atras=atras
)
@expose('lpm.templates.tipoitem.edit')
def edit(self, *args, **kw):
"""Despliega una pagina para modificar tipo_item"""
id_tipo = UrlParser.parse_id(request.url, "tipositems")
id_fase = UrlParser.parse_id(request.url, "fases")
if not id_fase:
id_fase = UrlParser.parse_id(request.url, "fases_ti")
value = self.edit_filler.get_value(values={'id_tipo_item': id_tipo})
url_action = "./"
pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(url_action)
tmpl_context.widget = self.edit_form
value['_method'] = 'PUT'
page = "Tipo Item: {nombre}".format(nombre=value["nombre"])
return dict(value=value,
page=page,
atras=url_action,
url_action=url_action
)
@without_trailing_slash
@expose('lpm.templates.tipoitem.new')
def new(self, *args, **kw):
"""Despliega una pagina para crear un tipo_item"""
id_fase = UrlParser.parse_id(request.url, "fases")
if not id_fase:
id_fase = UrlParser.parse_id(request.url, "fases_ti")
pp = PoseePermiso('crear tipo item', id_fase=id_fase)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect("./")
atras = self.action
tmpl_context.widget = self.new_form
return dict(value=kw,
page=u"Nuevo Tipo de Ítem",
action=self.action,
atras=atras)
#@validate(tipo_item_add_form, error_handler=new)
@expose()
def post(self, *args, **kw):
"""create a new record"""
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
id_fase = UrlParser.parse_id(request.url, "fases")
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti")
id_fase = UrlParser.parse_id(request.url, "fases_ti")
pp = PoseePermiso('crear tipo item', id_fase=id_fase)
url_action = self.action
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(url_action)
if kw.has_key("sprox_id"):
del kw["sprox_id"]
id_padre = int(kw["id_padre"])
id_importado = kw["id_importado"]
if (kw["id_importado"]):
id_importado = int(kw["id_importado"])
mezclar = False
if kw.has_key("mezclar"):
mezclar = kw["mezclar"]
del kw["mezclar"]
del kw["id_padre"]
del kw["id_importado"]
proy = Proyecto.por_id(id_proyecto)
tipo = proy.definir_tipo_item(id_padre, id_importado, mezclar, **kw)
#Creamos el rol miembro de tipo de ítem
#plant_m = Rol.obtener_rol_plantilla(nombre_rol=u"Miembro de Tipo Item")
#rol_m = Rol.nuevo_rol_desde_plantilla(plantilla=plant_m,
# id=tipo.id_tipo_item)
flash(u"Creacion exitosa")
redirect(url_action)
@validate(tipo_item_edit_form, error_handler=edit)
@expose()
def put(self, *args, **kw):
"""update a record"""
url_action = url_action = "../../"
pp = PoseePermiso('redefinir tipo item',
id_tipo_item=kw["id_tipo_item"])
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect(url_action)
tipo = TipoItem.por_id(int(kw["id_tipo_item"]))
tipo.descripcion = unicode(kw["descripcion"])
flash("Actualizacion exitosa")
redirect("./")
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.tipoitem.get_all')
@expose('json')
def post_buscar(self, *args, **kw):
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
id_fase = UrlParser.parse_id(request.url, "fases")
atras = "../"
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti")
id_fase = UrlParser.parse_id(request.url, "fases_ti")
atras = "../../../"
proy = Proyecto.por_id(id_proyecto)
puede_crear = puede_crear = PoseePermiso("crear tipo item",
id_fase=id_fase).is_met(request.environ)
if proy.estado != "Iniciado":
puede_crear = False
fase = Fase.por_id(id_fase)
titulo = self.title % fase.nombre
tmpl_context.widget = self.table
buscar_table_filler = self.table_filler.__class__(DBSession)
buscar_table_filler.filtros = kw
tipos_items = buscar_table_filler.get_value(id_fase=id_fase)
return dict(lista_elementos=tipos_items,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action="../",
puede_crear=puede_crear,
atras=atras
)
@expose()
def post_delete(self, *args, **kw):
"""This is the code that actually deletes the record"""
atras = './'
id_tipo = int(args[0])
tipo = TipoItem.por_id(id_tipo)
DBSession.delete(tipo)
redirect(atras)
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.tipoitem.get_all')
@expose('json')
def get_one(self, *args, **kw):
id_tipo = int(args[0])
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
id_fase = UrlParser.parse_id(request.url, "fases")
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti")
id_fase = UrlParser.parse_id(request.url, "fases_ti")
proy = Proyecto.por_id(id_proyecto)
puede_crear = puede_crear = PoseePermiso("crear tipo item",
id_fase=id_fase).is_met(request.environ)
if proy.estado != "Iniciado":
puede_crear = False
ti = self.table_filler.get_value(id_tipo=id_tipo, **kw)
tmpl_context.widget = self.table
fase = Fase.por_id(id_fase)
titulo = self.title % fase.nombre
atras = '../'
return dict(lista_elementos=ti,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action=self.action,
puede_crear=puede_crear,
atras=atras
)
class ProyectoController(BaseController):
allow_only = not_anonymous(
msg='Solo usuarios registrados pueden acceder a los proyectos')
@expose()
def index(self, **named):
"""Handle the front-page."""
redirect('/proyecto/lista')
@expose(template='gestionitem.templates.proyectoTmpl.lista')
def lista(self, **named):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
expresion = named.get('expresion')
orden = named.get('submit')
proyectos = []
id = identity['user']
for grupo in id.groups:
if (grupo.group_name == 'Administrador'):
if (orden == None or orden == 'Listar Todos'):
proyectos = DBSession.query(Proyecto).filter(
Proyecto.estado != 4).all()
muestraBoton = "false"
elif (orden == 'Buscar' and expresion != None):
proyectoxlider = DBSession.query(Proyecto).join(
(User, Proyecto.lider)).filter(
User.user_name.like('%' + expresion + '%')).filter(
Proyecto.estado != 4).all()
proyectoxdescripcion = DBSession.query(Proyecto).filter(
Proyecto.descripcion.like(
'%' + expresion +
'%')).filter(Proyecto.estado != 4).all()
proyectoxestado = DBSession.query(Proyecto).join(
(EstadoProyecto, Proyecto.estadoObj)).filter(
EstadoProyecto.descripcion.like(
'%' + expresion +
'%')).filter(Proyecto.estado != 4).all()
proyectos = proyectoxdescripcion + proyectoxlider + proyectoxestado
muestraBoton = "true"
if (grupo.group_name == 'LiderProyecto'):
if (orden == None or orden == 'Listar Todos'):
proyectosLider = DBSession.query(Proyecto).filter(
Proyecto.id_lider == id.user_id).filter(
Proyecto.estado != 4).all()
muestraBoton = "false"
elif (orden == 'Buscar' and expresion != None):
proyectoxlider = DBSession.query(Proyecto).join(
(User, Proyecto.lider)).filter(
User.user_name.like('%' + expresion + '%')).filter(
Proyecto.id_lider == id.user_id).filter(
Proyecto.estado != 4).all()
proyectoxdescripcion = DBSession.query(Proyecto).filter(
Proyecto.descripcion.like('%' + expresion + '%')
).filter(Proyecto.id_lider == id.user_id).filter(
Proyecto.estado != 4).all()
proyectoxestado = DBSession.query(Proyecto).join(
(EstadoProyecto, Proyecto.estadoObj)).filter(
EstadoProyecto.descripcion.like(
'%' + expresion + '%')).filter(
Proyecto.id_lider == id.user_id).filter(
Proyecto.estado != 4).all()
proyectosLider = proyectoxdescripcion + proyectoxlider + proyectoxestado
muestraBoton = "true"
elif (orden):
proyectosLider = DBSession.query(Proyecto).filter(
Proyecto.id_lider == id.user_id).filter(
Proyecto.estado != 4).all()
muestraBoton = "false"
for proyect in proyectosLider:
if (proyect in proyectos):
proyect.setDefinir()
proyect.setmostrarFases()
indice = proyectos.index(proyect)
proyectos[indice] = proyect
else:
proyect.setDefinir()
proyect.setmostrarFases()
proyectos.append(proyect)
if (grupo.group_name == 'Desarrollador'
or grupo.group_name == 'Aprobador'):
proyectosDesarrollador = []
ufrs = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.user_id == id.user_id).all()
if (orden == None or orden == 'Listar Todos'):
for ufr in ufrs:
try:
fase = DBSession.query(Fase).join(
(Proyecto, Fase.proyectoObj)).filter(
Fase.id == ufr.fase_id).filter(
Proyecto.estado != 4).one()
proyectosDesarrollador.append(fase.proyectoObj)
except:
pass
proyectosDesarrolladorset = set(proyectosDesarrollador)
proyectosDesarrollador = list(proyectosDesarrolladorset)
muestraBoton = "false"
elif (orden == 'Buscar' and expresion != None):
proyectoxlider = DBSession.query(Proyecto).join(
(User, Proyecto.lider)).filter(
User.user_name.like('%' + expresion + '%')).filter(
Proyecto.estado != 4).all()
proyectoxdescripcion = DBSession.query(Proyecto).filter(
Proyecto.descripcion.like(
'%' + expresion +
'%')).filter(Proyecto.estado != 4).all()
proyectoxestado = DBSession.query(Proyecto).join(
(EstadoProyecto, Proyecto.estadoObj)).filter(
EstadoProyecto.descripcion.like(
'%' + expresion +
'%')).filter(Proyecto.estado != 4).all()
proyectosaux = proyectoxlider + proyectoxdescripcion + proyectoxestado
proyectosauxset = set(proyectosaux)
proyectosaux = list(proyectosauxset)
for ufr in ufrs:
if ufr.fase.proyectoObj in proyectosaux:
proyectosDesarrollador.append(ufr.fase.proyectoObj)
proyectosDesarrolladorset = set(proyectosDesarrollador)
proyectosDesarrollador = list(proyectosDesarrolladorset)
muestraBoton = "true"
if proyectos.__len__() > 0:
for proyecto1 in proyectosDesarrollador:
if proyecto1 in proyectos:
proyecto1.setmostrarFases()
else:
proyecto1.setmostrarFases()
proyectos.append(proyecto1)
else:
proyectos = proyectosDesarrollador
for proyecto12 in proyectos:
proyecto12.setmostrarFases()
proset = set(proyectos)
proyectos = list(proset)
from webhelpers import paginate
count = proyectos.__len__()
page = int(named.get('page', '1'))
currentPage = paginate.Page(
proyectos,
page,
item_count=count,
items_per_page=5,
)
proyectos = currentPage.items
return dict(page='Lista de proyectos',
proyectos=proyectos,
subtitulo='Proyectos',
user=user,
muestraBoton=muestraBoton,
currentPage=currentPage)
@expose('gestionitem.templates.proyectoTmpl.nuevo')
@require(
All(in_group('Administrador'),
has_permission('crear proyecto'),
msg='Debe poseer Rol "Administrador" para crear nuevos proyectos'))
def nuevo(self):
"""Handle the front-page."""
identity = request.environ.get('repoze.who.identity')
user = identity['user']
lideres = DBSession.query(User).join(
(Rol,
User.groups)).filter(Rol.group_name == 'LiderProyecto').all()
nombreProyectos = []
proyectos = DBSession.query(Proyecto).all()
for proyecto in proyectos:
nombreProyectos.append(proyecto.descripcion)
nombreProyectos.append(",")
return dict(page='Nuevo Proyecto',
lideres=lideres,
nombreProyectos=nombreProyectos,
user=user)
@expose()
@require(
All(in_group('Administrador'),
has_permission('crear proyecto'),
msg='Debe poseer Rol "Administrador" para crear nuevos proyectos'))
def add_proyecto(self, descripcion, lider, **named):
"""Registra un proyecto nuevo """
new = Proyecto(
descripcion=descripcion,
id_lider=lider,
estado=1,
)
DBSession.add(new)
flash('''Proyecto Registrado: %s''' % (descripcion, ))
redirect('./index')
@expose(template="gestionitem.templates.proyectoTmpl.editar")
@require(
All(in_group('Administrador'),
has_permission('editar proyecto'),
msg='Debe poseer Rol "Administrador" editar proyectos'))
def editar(self, id):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
proyecto = DBSession.query(Proyecto).filter_by(id=id).one()
if proyecto.lider != None:
usuarios = DBSession.query(User).join((Rol, User.groups)).filter(
Rol.group_name == 'LiderProyecto').filter(
User.user_id != proyecto.lider.user_id).all()
else:
usuarios = DBSession.query(User).join(
(Rol, User.groups)).filter(Rol.group_name == 'LiderProyecto')
return dict(page='Editar Proyecto',
id=id,
proyecto=proyecto,
subtitulo='ABM-Proyecto',
user=user,
usuarios=usuarios)
@expose()
@require(
All(in_group('Administrador'),
has_permission('editar proyecto'),
msg='Debe poseer Rol "Administrador" editar proyectos'))
def actualizar(self, id, descripcion, id_user, submit):
"""Create a new movie record"""
proyecto = DBSession.query(Proyecto).filter_by(id=id).one()
proyecto.descripcion = descripcion
proyecto.id_lider = id_user
DBSession.flush()
redirect('/proyecto')
@expose()
@require(
in_group('Administrador',
msg='Debe poseer Rol "Administrador" eliminar proyectos'))
@require(
All(in_group('Administrador'),
has_permission('eliminar proyecto'),
msg='Debe poseer Rol "Administrador" eliminar proyectos'))
def eliminar(self, id):
proyecto = DBSession.query(Proyecto).filter_by(id=id).one()
proyecto.estado = 4
redirect('/proyecto')
@expose(template='gestionitem.templates.proyectoTmpl.avisoEliminarProyecto'
)
def avisoEliminarProyecto(self, id, **named):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
proyecto = DBSession.query(Proyecto).filter_by(id=id).one()
return dict(page='Aviso Editar Item',
user=user,
fases=proyecto.fases,
proyecto=proyecto,
subtitulo='Aviso')
@expose()
def cambiarEstado(self, id, estado, **named):
proyecto = DBSession.query(Proyecto).filter_by(id=id).one()
proyecto.estado = estado
DBSession.flush()
redirect('/proyecto')
@expose(template="gestionitem.templates.proyectoTmpl.proyectoDef")
@require(
All(in_group('LiderProyecto'),
has_permission('definir proyecto'),
msg='Debe poseer Rol "LiderProyecto" para definir proyectos'))
def proyectoDef(self, id, **named):
fases = DBSession.query(Fase).filter(Fase.proyecto_id == id)
proyecto_id = id
return dict(page='Definir Proyecto',
proyecto_id=proyecto_id,
subtitulo='Definir Proyecto')
@expose(template="gestionitem.templates.proyectoTmpl.faseList")
@require(
All(in_group('LiderProyecto'),
has_permission('definir proyecto'),
msg='Debe poseer Rol "LiderProyecto" para definir fases'))
def definir_fase(self, id, **named):
identity = request.environ.get('repoze.who.identity')
fases = []
expresion = named.get('expresion')
orden = named.get('submit')
iduser = identity['user']
proyecto = DBSession.query(Proyecto).filter(Proyecto.id == id).one()
proyectoEstado = proyecto.estado
for grupo in iduser.groups:
if (grupo.group_name == 'LiderProyecto'):
if (orden == None or orden == 'Listar Todos'
or orden == 'Cancelar'):
fases = DBSession.query(Fase).filter(
Fase.proyecto_id == id).order_by(
Fase.numero_fase).all()
muestraBoton = "false"
elif (orden == 'Buscar' and expresion != None):
fasesxdescripcion = DBSession.query(Fase).filter(
Fase.proyecto_id == id).filter(
Fase.descripcion.like('%' + expresion +
'%')).all()
fasesxestado = DBSession.query(Fase).join(
(EstadoFase, Fase.estadoObj)).filter(
Fase.proyecto_id == id).filter(
EstadoFase.descripcion.like('%' + expresion +
'%')).all()
fases = fasesxdescripcion + fasesxestado
muestraBoton = "true"
elif (grupo.group_name == 'Desarrollador'
or grupo.group_name == 'Aprobador'):
ufrs = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.user_id == iduser.user_id).all()
for ufr in ufrs:
if (str(ufr.fase.proyecto_id) == id):
fasetot = []
if (orden == None or orden == 'Listar Todos'
or orden == 'Cancelar'):
fase1 = DBSession.query(Fase).filter(
Fase.id == ufr.fase_id).one()
muestraBoton = "false"
elif (orden == 'Buscar' and expresion != None):
fase1xdescripcion = DBSession.query(Fase).filter(
Fase.id == ufr.fase_id).filter(
Fase.descripcion.like('%' + expresion +
'%')).all()
fase1xestado = DBSession.query(Fase).join(
(EstadoFase, Fase.estadoObj
)).filter(Fase.id == ufr.fase_id).filter(
EstadoFase.descripcion.like('%' +
expresion +
'%')).all()
fasetot = fase1xdescripcion + fase1xestado
muestraBoton = "true"
for fase1 in fasetot:
if (fase1 in fases):
pass
else:
fases.append(fase1)
faseset = set(fases)
fases = list(faseset)
fases = sorted(fases, key=lambda Fase: Fase.numero_fase)
proyecto_id = id
from webhelpers import paginate
count = fases.__len__()
page = int(named.get('page', '1'))
currentPage = paginate.Page(
fases,
page,
item_count=count,
items_per_page=5,
)
fases = currentPage.items
return dict(page='Lista de fases',
fases=fases,
proyecto_id=proyecto_id,
subtitulo='fases',
user=iduser,
proyectoEstado=proyectoEstado,
muestraBoton=muestraBoton,
proyecto=proyecto,
currentPage=currentPage)
@expose(template="gestionitem.templates.proyectoTmpl.agregar_fase")
@require(
All(in_group('LiderProyecto'),
has_permission('crear fase'),
msg='Debe poseer Rol "LiderProyecto" para agregar fases'))
def agregar_fase(self, id):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
proyecto = DBSession.query(Proyecto).filter(Proyecto.id == id).one()
fase = DBSession.query(Fase).filter(
Fase.proyecto_id == proyecto.id).all()
codigos = []
for i, cod in enumerate(fase):
codigos.append(cod.codigo_fase)
codigos.append(",")
return dict(page='Nueva Fase',
proyecto=proyecto,
user=user,
codigos=codigos)
@expose()
@require(
All(in_group('LiderProyecto'),
has_permission('crear fase'),
msg='Debe poseer Rol "LiderProyecto" para agregar fases'))
def save_fase(self, id, descripcion_proyecto, nombre_fase, codFase,
submit):
fases = DBSession.query(Fase).filter(Fase.proyecto_id == id)
num = fases.count() + 1
new = Fase(descripcion=nombre_fase,
proyecto_id=id,
numero_fase=num,
estado_id=3,
codigo_fase=codFase)
DBSession.add(new)
flash('''Fase Registrada: %s''' % (nombre_fase, ))
redirect('/proyecto/definir_fase/' + id)
@expose("gestionitem.templates.proyectoTmpl.editar_fase")
@require(
All(in_group('LiderProyecto'),
has_permission('editar fase'),
msg='Debe poseer Rol "LiderProyecto" para editar fases'))
def editar_fase(self, id):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
fase = DBSession.query(Fase).filter(Fase.id == id).one()
fases = DBSession.query(Fase).filter(
Fase.proyecto_id == fase.proyecto_id).all()
codigos = []
for i, cod in enumerate(fases):
codigos.append(cod.codigo_fase)
codigos.append(",")
return dict(page='Editar fase',
id=id,
fase=fase,
user=user,
codigos=codigos,
subtitulo='ABM-Fase')
@expose()
@require(
All(in_group('LiderProyecto'),
has_permission('editar fase'),
msg='Debe poseer Rol "LiderProyecto" para editar fases'))
def actualizar_fase(self, id, descripcion_proyecto, nombre_fase,
numero_fase, submit):
fase = DBSession.query(Fase).filter(Fase.id == id).one()
fase.descripcion = nombre_fase
fase.numero_fase = numero_fase
# fase.codigo_fase = codFase
DBSession.flush()
redirect('/proyecto/definir_fase/' + str(fase.proyecto_id))
@expose()
@require(
All(in_group('LiderProyecto'),
has_permission('eliminar fase'),
msg='Debe poseer Rol "LiderProyecto" para eliminar fases'))
def eliminar_fase(self, id):
fase = DBSession.query(Fase).filter(Fase.id == id).one()
id_proyecto = fase.proyecto_id
ufrs = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == id).all()
for ufr in ufrs:
DBSession.delete(ufr)
DBSession.flush()
# itemusuarios = DBSession.query(TipoItemUsuario).filter(TipoItemUsuario.fase_id == id).all()
DBSession.delete(fase)
fases = DBSession.query(Fase).filter(
Fase.proyecto_id == id_proyecto).order_by(Fase.id).all()
for i, fase in enumerate(fases):
fase.numero_fase = i + 1
DBSession.flush()
redirect('/proyecto/definir_fase/' + str(id_proyecto))
@expose("gestionitem.templates.proyectoTmpl.usuario_faseList")
@require(
in_group('LiderProyecto',
msg='Debe poseer Rol "LiderProyecto" para listar usuarios'))
def usuario_faseList(self, id, **named):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
expresion = named.get('expresion')
orden = named.get('submit')
usuarioFaseRols = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == id).all()
for ufr in usuarioFaseRols:
if ufr.usuario == None:
DBSession.delete(ufr)
DBSession.flush()
if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'):
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == id).all()
muestraBoton = "false"
elif (orden == 'Buscar' and expresion != None):
usuarioxnombre = DBSession.query(UsuarioFaseRol).join(
(User, UsuarioFaseRol.usuario)).filter(
UsuarioFaseRol.fase_id == id).filter(
User.user_name.like('%' + expresion + '%')).order_by(
User.user_name).all()
usuarioxrol = DBSession.query(UsuarioFaseRol).join(
(Rol, UsuarioFaseRol.rol)).filter(
UsuarioFaseRol.fase_id == id).filter(
Rol.group_name.like('%' + expresion + '%')).all()
usuarioFaseRol1 = usuarioxnombre + usuarioxrol
usuarioFaseRol = set(usuarioFaseRol1)
usuarioFaseRol = list(usuarioFaseRol)
muestraBoton = "true"
fase = DBSession.query(Fase).filter(Fase.id == id).one()
from webhelpers import paginate
count = usuarioFaseRol.__len__()
page = int(named.get('page', '1'))
currentPage = paginate.Page(
usuarioFaseRol,
page,
item_count=count,
items_per_page=5,
)
usuarioFaseRol = currentPage.items
descripcion = fase.descripcion
proyecto = DBSession.query(Proyecto).filter(
Proyecto.id == fase.proyecto_id).one()
return dict(page='Usuarios de fase ' + descripcion,
usuariofaserol=usuarioFaseRol,
descripcion=descripcion,
fase_id=id,
subtitulo='Usuarios de fase',
proyecto_id=fase.proyecto_id,
user=user,
muestraBoton=muestraBoton,
proyecto=proyecto,
currentPage=currentPage)
@expose("gestionitem.templates.proyectoTmpl.agregarUsuarioFase")
@require(
All(in_group('LiderProyecto'),
has_permission('asignar desarrollador'),
msg='LiderProyecto" para agregar usuarios'))
def agregar_usuario_fase(self, id, **named):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
usuarios = DBSession.query(User).join((Rol, User.groups)).filter(
or_(Rol.group_name == 'Aprobador',
Rol.group_name == 'Desarrollador')).all()
roles = DBSession.query(Rol).filter(
or_(Rol.group_name == 'Aprobador',
Rol.group_name == 'Desarrollador')).all()
fase = DBSession.query(Fase).filter(Fase.id == id).one()
# usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(UsuarioFaseRol.fase_id == id).all()
return dict(page='Asignar Usuario a fase ' + fase.descripcion,
usuarios=usuarios,
roles=roles,
proyecto_id=id,
user=user,
fase=fase)
@expose()
@require(
All(in_group('LiderProyecto'),
has_permission('asignar desarrollador'),
msg='Debe poseer Rol "LiderProyecto" para agregar usuarios'))
def save_usuario_fase(self, fase, user, rol, **named):
try:
rol = int(rol)
try:
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == fase).filter(
UsuarioFaseRol.user_id == user).filter(
UsuarioFaseRol.rol_id == rol).one()
DBSession.delete(usuarioFaseRol)
except:
pass
new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol)
DBSession.add(new)
except:
for rol1 in rol:
try:
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == fase).filter(
UsuarioFaseRol.user_id == user).filter(
UsuarioFaseRol.rol_id == rol1).one()
DBSession.delete(usuarioFaseRol)
except:
pass
new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol1)
DBSession.add(new)
CambiarEstadoFase = DBSession.query(Fase).filter(Fase.id == fase).one()
CambiarEstadoFase.estado_id = 1
redirect('/proyecto/usuario_faseList/' + fase)
@expose()
@require(
All(in_group('LiderProyecto'),
has_permission('eliminar desarrollador'),
msg='Debe poseer Rol "LiderProyecto" para eliminar usuarios'))
def eliminar_usuario_fase(self, ufr):
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.id == ufr).one()
fase = usuarioFaseRol.fase_id
DBSession.delete(usuarioFaseRol)
usuarioFaseRolcantidad = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == fase).all()
if usuarioFaseRolcantidad.__len__() == 0:
faseCambiarEstado = DBSession.query(Fase).filter(
Fase.id == fase).one()
faseCambiarEstado.estado_id = 3
DBSession.flush()
redirect('/proyecto/usuario_faseList/' + str(fase))
@expose("gestionitem.templates.proyectoTmpl.editarUsuarioFase")
@require(
All(in_group('LiderProyecto'),
has_permission('editar desarrollador'),
msg='Debe poseer Rol "LiderProyecto" para editar usuarios'))
def editar_usuario_fase(self, ufr, **named):
identity = request.environ.get('repoze.who.identity')
user = identity['user']
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.id == ufr).one()
fase = DBSession.query(Fase).filter(
Fase.id == usuarioFaseRol.fase_id).one()
usuario = DBSession.query(User).filter(
User.user_id == usuarioFaseRol.user_id).one()
rol = DBSession.query(Rol).filter(
Rol.group_id == usuarioFaseRol.rol_id).one()
roles = DBSession.query(Rol).filter(
or_(Rol.group_name == 'Aprobador',
Rol.group_name == 'Desarrollador')).all()
return dict(page='Editar Usuario de fase' + fase.descripcion,
fase=fase,
usuario=usuario,
roles=roles,
rol=rol,
user=user,
ufr=usuarioFaseRol)
@expose()
@require(
All(in_group('LiderProyecto'),
has_permission('editar desarrollador'),
msg='Debe poseer Rol "LiderProyecto" para editar usuarios'))
def actualizar_usuario_fase(self, fase, ufr, submit, **named):
rol = named.get('rol')
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.id == ufr).one()
user = usuarioFaseRol.user_id
if rol == None:
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.id == ufr).one()
DBSession.delete(usuarioFaseRol)
else:
try:
rol = int(rol)
try:
usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == fase).filter(
UsuarioFaseRol.user_id == user).filter(
UsuarioFaseRol.rol_id == rol).one()
DBSession.delete(usuarioFaseRol)
except:
pass
new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol)
DBSession.add(new)
except:
for rol1 in rol:
try:
usuarioFaseRol = DBSession.query(
UsuarioFaseRol).filter(
UsuarioFaseRol.fase_id == fase).filter(
UsuarioFaseRol.user_id == user).filter(
UsuarioFaseRol.rol_id == rol1).one()
DBSession.delete(usuarioFaseRol)
except:
pass
new = UsuarioFaseRol(user_id=user,
fase_id=fase,
rol_id=rol1)
DBSession.add(new)
redirect('/proyecto/usuario_faseList/' + fase)
class HistorialLBController(CrudRestController):
"""Controlador de Historial de una Línea Base"""
#{ Variables
title = u"Historial de la Línea Base: %s"
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{plantillas
tmp_action = "./"
#{ Modificadores
model = HistorialLB
table = historial_lb_table
table_filler = historial_lb_table_filler
opciones = dict(tipo_operacion=u'Tipo de Operación',
fecha_modificacion= u'Fecha de Mofificación'
)
columnas = dict(tipo_operacion='combobox',
fecha_modificacion= 'fecha'
)
comboboxes = dict(tipo_operacion= [u"Apertura", u"Cierre", u"Ruptura", u"Revisión", u"Creación"])
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.historialitem.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
id_lb = UrlParser.parse_id(request.url, "lbs")
lb = LB.por_id(id_lb)
titulo = self.title % lb.codigo
tmpl_context.widget = self.table
historial = self.table_filler.get_value(lb=lb, **kw)
return dict(lista_elementos=historial,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
comboboxes=self.comboboxes,
url_action=self.tmp_action,
atras="../../"
)
@without_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.historialitem.get_all')
@expose('json')
def post_buscar(self, *args, **kw):
"""
Controlador que recibe los parámetros de búsqueda para
devolver el resultado esperado.
"""
id_lb = UrlParser.parse_id(request.url, "lbs")
lb = LB.por_id(id_lb)
titulo = self.title % lb.codigo
tmpl_context.widget = self.table
buscar_table_filler = HistorialLBTableFiller(DBSession)
buscar_table_filler.filtros = kw
historial = buscar_table_filler.get_value(lb=lb, **kw)
return dict(lista_elementos=historial,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
comboboxes=self.comboboxes,
url_action='../',
opciones=self.opciones,
atras='../'
)
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.lb.examinar')
@expose('json')
def examinar(self, *args, **kw):
"""
Muestra los elementos que forman parte de la LB
"""
id_lb = int(args[0])
lb = LB.por_id(id_lb)
titulo = u"Ítems de Línea Base: %s" % lb.codigo
iplbs = item_lb_table_filler.get_value(lb=lb, **kw)
tmpl_context.widget = item_lb_table
atras = "../../"
return dict(lista_elementos=iplbs,
page=titulo,
titulo=titulo,
modelo="ItemsPorLB",
atras=atras
)
@expose()
def get_one(self, *args, **kw):
pass
@expose()
def new(self, *args, **kw):
pass
@expose()
def post_delete(self, id):
pass
@expose()
def post(self, *args, **kw):
pass
@expose()
def edit(self, *args, **kw):
pass
@expose()
def put(self, *args, **kw):
pass
from baruwa.model.meta import Session
from baruwa.model.auth import LDAPSettings, RadiusSettings
from baruwa.model.accounts import Group, domain_owners
from baruwa.model.accounts import organizations_admins as oa
from baruwa.model.domains import DomainAlias
from baruwa.model.domains import Domain, DeliveryServer, AuthServer
from baruwa.forms.domains import BulkDelDomains, AddLDAPSettingsForm
from baruwa.forms.domains import AddDomainForm, AddDeliveryServerForm
from baruwa.forms.domains import AddAuthForm, AUTH_PROTOCOLS, EditDomainAlias
from baruwa.forms.domains import AddDomainAlias, AddRadiusSettingsForm
from baruwa.lib.audit.msgs.domains import *
log = logging.getLogger(__name__)
@ControllerProtector(All(not_anonymous(), OnlyAdminUsers()))
class DomainsController(BaseController):
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
c.selectedtab = 'domains'
def _get_server(self, destinationid):
"utility"
try:
cachekey = u'deliveryserver-%s' % destinationid
q = Session.query(DeliveryServer)\
class ReportsController(BaseController):
@ActionProtector(not_anonymous())
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
c.selectedtab = 'reports'
def __after__(self):
"Clean up"
if hasattr(self, 'imgfile'):
self.imgfile.close()
def _get_filter(self, filterid):
"utility to return filter object"
try:
cachekey = u'filter-%s' % filterid
q = Session.query(SavedFilter).filter(SavedFilter.id==filterid)\
.options(FromCache('sql_cache_short', cachekey))
if self.invalidate:
q.invalidate()
savedfilter = q.one()
except NoResultFound:
savedfilter = None
return savedfilter
def _save_filter(self, filt):
"utility to save filters to session"
if not session.get('filter_by', False):
session['filter_by'] = []
session['filter_by'].append(filt)
session.save()
else:
if not filt in session['filter_by']:
session['filter_by'].append(filt)
session.save()
def _png(self, data, reportid):
"PNG"
if int(reportid) == 11:
chart = build_barchart(data)
elif int(reportid) == 9:
chart = build_spam_chart(data)
else:
piedata = [getattr(row, REPORTS[reportid]['sort']) for row in data]
total = sum(piedata)
labels = [("%.1f%%" % (
(1.0 * getattr(row, REPORTS[reportid]['sort']) / total) * 100))
for row in data]
chart = PieChart(350, 284)
chart.chart.labels = labels
chart.chart.data = piedata
chart.chart.width = 200
chart.chart.height = 200
chart.chart.x = 90
chart.chart.y = 30
chart.chart.slices.strokeWidth = 1
chart.chart.slices.strokeColor = colors.black
self.imgfile = StringIO()
renderPM.drawToFile(chart,
self.imgfile,
'PNG',
bg=colors.HexColor('#FFFFFF'))
def _csv(self, data):
"output to csv"
try:
self.csvfile = StringIO()
head = data[0]
format = head.keys()
csvwriter = CSVWriter(self.csvfile, format)
csvwriter.writeasobj(data)
except IndexError:
pass
def _generate_png(self, data, reportid):
"Generate PNG images on the fly"
lock.acquire()
try:
self._png(data, reportid)
response.content_type = 'image/png'
response.headers['Cache-Control'] = 'max-age=0'
pngdata = self.imgfile.getvalue()
response.headers['Content-Length'] = len(pngdata)
except:
abort(404)
finally:
self.imgfile.close()
lock.release()
return pngdata
def _generate_csv(self, data, reportid):
"Generate CSV files on the fly"
lock.acquire()
try:
self._csv(data)
response.content_type = 'text/csv'
response.headers['Cache-Control'] = 'max-age=0'
csvdata = self.csvfile.getvalue()
disposition = ('attachment; filename=%s.csv' %
REPORTS[reportid]['title'].replace(' ', '_'))
response.headers['Content-Disposition'] = disposition
response.headers['Content-Length'] = len(csvdata)
except:
abort(404)
finally:
self.csvfile.close()
lock.release()
return csvdata
def _generate_pdf(self, data, reportid):
"Generate PDF's on the fly"
logo = os.path.join(config['pylons.paths']['static_files'], 'imgs',
'logo.png')
lock.acquire()
try:
pdfcreator = PDFReport(logo, _('Baruwa mail report'))
sortby = REPORTS[reportid]['sort']
if reportid in ['1', '2', '3', '4', '5', '6', '7', '8', '10']:
pieheadings = ('', _('Address'), _('Count'), _('Volume'), '')
pdfcreator.add(data, REPORTS[reportid]['title'], pieheadings,
sortby)
if reportid == '11':
totalsheaders = dict(date=_('Date'),
mail=_('Mail totals'),
spam=_('Spam totals'),
virus=_('Virus totals'),
volume=_('Mail volume'),
totals=_('Totals'))
pdfcreator.add(data,
_('Message Totals'),
totalsheaders,
chart='bar')
response.headers['Content-Type'] = PDF_HEADER
disposition = ('attachment; filename=%s.pdf' %
REPORTS[reportid]['title'].replace(' ', '_'))
response.headers['Content-Disposition'] = disposition
pdfdata = pdfcreator.build()
response.headers['Content-Length'] = len(pdfdata)
finally:
lock.release()
return pdfdata
# def _get_count(self):
# "Get message count"
# countq = MsgCount(Session, c.user)
# return countq()
def _get_data(self, format=None, success=None, errors=None):
"Get report data"
filters = session.get('filter_by', [])
query = Session.query(
func.max(Message.timestamp).label('oldest'),
func.min(Message.timestamp).label('newest'))
uquery = UserFilter(Session, c.user, query)
query = uquery.filter()
# count = self._get_count()
countq = MsgCount(Session, c.user)
count = countq()
cachekey = u'savedfilters-%s' % c.user.username
sfq = Session.query(SavedFilter)\
.filter(SavedFilter.user == c.user)\
.options(FromCache('sql_cache_short', cachekey))
if self.invalidate:
sfq.invalidate()
savedfilters = sfq.all()
if filters:
dynq = DynaQuery(Message, query, filters)
query = dynq.generate()
dcountq = Session.query(func.count(Message.id).label('count'))
dcountqi = UserFilter(Session, c.user, dcountq)
dcountq = dcountqi.filter()
dyncq = DynaQuery(Message, dcountq, filters)
dcountq = dyncq.generate()
dcount = dcountq.one()
count = dcount.count
cachekey = u'report-aggregates-%s' % c.user.username
query = query.options(FromCache('sql_cache_short', cachekey))
if self.invalidate:
query.invalidate()
data = query.all()
saved_filters = [
processfilters(filt, filters) for filt in savedfilters
]
if format is None:
return data, count, filters, saved_filters
else:
if format == 'json':
data = data[0]
filterdict = dict(FILTER_ITEMS)
filterbydict = dict(FILTER_BY)
active_filters = [
dict(filter_field=filterdict[filt['field']],
filter_by=filterbydict[filt['filter']],
filter_value=filt['value']) for filt in filters
]
try:
newest = data.newest.strftime("%Y-%m-%d %H:%M")
oldest = data.oldest.strftime("%Y-%m-%d %H:%M")
except AttributeError:
newest = ''
oldest = ''
datadict = dict(count=count, newest=newest, oldest=oldest)
jsondata = dict(success=success,
data=datadict,
errors=errors,
active_filters=active_filters,
saved_filters=saved_filters)
return jsondata
def index(self, format=None):
"Index page"
c.form = FilterForm(request.POST, csrf_context=session)
errors = ''
success = True
if request.POST and c.form.validate():
fitem = dict(field=c.form.filtered_field.data,
filter=c.form.filtered_by.data,
value=c.form.filtered_value.data)
self._save_filter(fitem)
elif request.POST and not c.form.validate():
success = False
key = c.form.errors.keys()
errors = dict(field=key[0], msg=', '.join(c.form.errors[key[0]]))
if success:
self.invalidate = True
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
jsondata = self._get_data(format, success, errors)
return json.dumps(jsondata)
data, count, filters, saved_filters = self._get_data()
c.data = data
c.count = count
c.active_filters = filters
c.saved_filters = saved_filters
c.FILTER_BY = FILTER_BY
c.FILTER_ITEMS = FILTER_ITEMS
return render('/reports/index.html')
def display(self, reportid, format=None):
"Display a report"
c.report_title = REPORTS[reportid]['title']
filters = session.get('filter_by', [])
if reportid in ['1', '2', '3', '4', '5', '6', '7', '8', '10']:
rquery = ReportQuery(c.user, reportid, filters)
query = rquery()
cachekey = u'reportquery-%s-%s' % (c.user.username, reportid)
query = query.options(FromCache('sql_cache_short', cachekey))
data = query[:10]
if format == 'png':
return self._generate_png(data, reportid)
if format == 'csv':
info = REPORTDL_MSG % dict(r=c.report_title, f='csv')
audit_log(c.user.username, 1, info, request.host,
request.remote_addr, datetime.now())
return self._generate_csv(data, reportid)
jsondata = [
dict(tooltip=getattr(item, 'address'),
y=getattr(item, REPORTS[reportid]['sort']),
stroke='black',
color=PIE_COLORS[index],
size=getattr(item, 'size'))
for index, item in enumerate(data)
]
template = '/reports/piereport.html'
if reportid == '9':
query = sa_scores(Session, c.user)
if filters:
dynq = DynaQuery(Message, query, filters)
query = dynq.generate()
cachekey = u'sascores-%s' % c.user.username
query = query.options(FromCache('sql_cache_short', cachekey))
data = query.all()
if format == 'json':
scores = []
counts = []
for row in data:
scores.append(
dict(value=int(row.score), text=str(row.score)))
counts.append(
dict(y=int(row.count),
tooltip=(_('Score ') + str(row.score) + ': ' +
str(row.count))))
jsondata = dict(scores=scores, count=counts)
elif format == 'png':
return self._generate_png(data, reportid)
else:
jsondata = {}
jsondata['labels'] = [{
'value': index + 1,
'text': str(item.score)
} for index, item in enumerate(data)]
jsondata['scores'] = [item.count for item in data]
template = '/reports/barreport.html'
if reportid == '10':
if format == 'json':
data = [[
item.address.strip(),
get_hostname(item.address.strip()),
country_flag(item.address.strip()), item.count,
format_byte_size(item.size)
] for item in data]
template = '/reports/relays.html'
if reportid == '11':
query = message_totals(Session, c.user)
if filters:
dynq = DynaQuery(Message, query, filters)
query = dynq.generate()
cachekey = u'msgtotals-%s' % c.user.username
query = query.options(FromCache('sql_cache_short', cachekey))
data = query.all()
if format == 'png':
return self._generate_png(data, reportid)
elif format == 'json':
dates = []
mail_total = []
spam_total = []
size_total = []
virus_total = []
for row in data:
dates.append(str(row.date))
mail_total.append(int(row.mail_total))
spam_total.append(int(row.spam_total))
virus_total.append(int(row.virus_total))
size_total.append(int(row.total_size))
jsondata = dict(
dates=[
dict(value=index + 1, text=date)
for index, date in enumerate(dates)
],
mail=[
dict(y=total,
tooltip=(_('Mail totals on ') + dates[index] +
': ' + str(total)))
for index, total in enumerate(mail_total)
],
spam=[
dict(y=total,
tooltip=(_('Spam totals on ') + dates[index] +
': ' + str(total)))
for index, total in enumerate(spam_total)
],
virii=[
dict(y=total,
tooltip=(_('Virus totals on ') + dates[index] +
': ' + str(total)))
for index, total in enumerate(virus_total)
],
volume=size_total,
mail_total=sum(mail_total),
spam_total=sum(spam_total),
virus_total=sum(virus_total),
volume_total=sum(size_total))
try:
vpct = "%.1f" % (
(1.0 * sum(virus_total) / sum(mail_total)) * 100)
spct = "%.1f" % (
(1.0 * sum(spam_total) / sum(mail_total)) * 100)
except ZeroDivisionError:
vpct = "0.0"
spct = "0.0"
jsondata['vpct'] = vpct
jsondata['spct'] = spct
data = [
dict(date=str(row.date),
mail_total=row.mail_total,
spam_total=row.spam_total,
virus_total=row.virus_total,
size_total=format_byte_size(row.total_size),
virus_percent="%.1f" %
((1.0 * int(row.virus_total) / int(row.mail_total)) *
100),
spam_percent="%.1f" %
((1.0 * int(row.spam_total) / int(row.mail_total)) *
100)) for row in data
]
elif format == 'csv':
info = REPORTDL_MSG % dict(r=c.report_title, f='csv')
audit_log(c.user.username, 1, info, request.host,
request.remote_addr, datetime.now())
return self._generate_csv(data, reportid)
else:
jsondata = dict(mail=[],
spam=[],
virus=[],
volume=[],
labels=[])
for index, item in enumerate(data):
jsondata['spam'].append(item.spam_total)
jsondata['mail'].append(item.mail_total)
jsondata['virus'].append(item.virus_total)
jsondata['volume'].append(item.total_size)
jsondata['labels'].append(
dict(text=str(item.date), value=index))
template = '/reports/listing.html'
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
return json.dumps(dict(items=list(data), pie_data=jsondata))
if format == 'pdf' and reportid != '9':
info = REPORTDL_MSG % dict(r=c.report_title, f='pdf')
audit_log(c.user.username, 1, info, request.host,
request.remote_addr, datetime.now())
return self._generate_pdf(data, reportid)
c.reportid = reportid
c.chart_data = json.dumps(jsondata)
c.top_items = data
c.active_filters = filters
c.saved_filters = []
c.FILTER_BY = FILTER_BY
c.FILTER_ITEMS = FILTER_ITEMS
c.form = FilterForm(request.POST, csrf_context=session)
info = REPORTVIEW_MSG % dict(r=c.report_title)
audit_log(c.user.username, 1, info, request.host, request.remote_addr,
datetime.now())
return render(template)
def delete(self, filterid, format=None):
"Delete a temp filter"
filters = session.get('filter_by', [])
errors = {}
success = True
try:
del filters[int(filterid)]
except IndexError:
msg = _("The filter does not exist")
if format != 'json':
flash_alert(msg)
errors = dict(msg=msg)
success = False
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
if not errors:
self.invalidate = True
return json.dumps(self._get_data(format, success, errors))
flash(_("The filter has been removed"))
redirect(url(controller='reports'))
def save(self, filterid, format=None):
"Save a temp filter"
filters = session.get('filter_by', [])
try:
filt = filters[int(filterid)]
filteritems = dict(FILTER_ITEMS)
filterby = dict(FILTER_BY)
saved = SavedFilter(name="%s %s %s" %
(filteritems[filt["field"]],
filterby[filt["filter"]], filt["value"]),
field=filt["field"],
option=filt["filter"],
user=c.user)
saved.value = filt["value"]
Session.add(saved)
Session.commit()
success = True
error_msg = ''
self.invalidate = True
except IndexError:
success = False
error_msg = _("The filter does not exist")
except IntegrityError:
success = False
error_msg = _("The filter already exists")
Session.rollback()
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
errors = dict(msg=error_msg)
return json.dumps(self._get_data(format, success, errors))
if success:
flash(_("The filter has been saved"))
else:
flash(error_msg)
redirect(url('toplevel', controller='reports'))
def load(self, filterid, format=None):
"Load a saved filter"
savedfilter = self._get_filter(filterid)
if not savedfilter:
abort(404)
filt = dict(filter=str(savedfilter.option),
field=savedfilter.field,
value=savedfilter.value)
self._save_filter(filt)
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
self.invalidate = True
return json.dumps(self._get_data(format, True, {}))
redirect(url('toplevel', controller='reports'))
def delete_stored(self, filterid, format=None):
"Delete a saved dilter"
savedfilter = self._get_filter(filterid)
if not savedfilter:
abort(404)
Session.delete(savedfilter)
Session.commit()
if format == 'json':
response.headers['Content-Type'] = JSON_HEADER
self.invalidate = True
return json.dumps(self._get_data(format, True, {}))
flash(_("The filter has been deleted"))
redirect(url('toplevel', controller='reports'))
def show_filters(self):
"Show filters"
filters = session.get('filter_by', [])
c.active_filters = filters
c.FILTER_BY = FILTER_BY
c.FILTER_ITEMS = FILTER_ITEMS
return render('/reports/show_filters.html')
def add_filters(self):
"Show form"
c.form = FilterForm(request.POST, csrf_context=session)
return render('/reports/add_filters.html')
class AccountsController(BaseController):
"Accounts controller"
def __before__(self):
"set context"
BaseController.__before__(self)
if self.identity:
c.user = self.identity['user']
else:
c.user = None
c.selectedtab = 'accounts'
def login(self):
"login"
if request.remote_addr in session:
if session[request.remote_addr] > arrow.utcnow().datetime:
msg = _('You have been banned after' ' several failed logins')
log.info(msg)
abort(409, msg)
else:
del session[request.remote_addr]
session.save()
identity = request.environ.get('repoze.who.identity')
came_from = unquote(str(request.GET.get('came_from', '')))
if not came_from or ' ' in came_from:
came_from = url('home')
if '://' in came_from:
from_url = urlparse(came_from)
came_from = from_url[2]
if identity:
redirect(url(came_from))
else:
c.came_from = came_from
c.login_counter = request.environ['repoze.who.logins']
if c.login_counter >= 3:
ban_until = arrow.utcnow().datetime + timedelta(minutes=5)
if request.remote_addr not in session:
session[request.remote_addr] = ban_until
session.save()
else:
if arrow.utcnow().datetime > session[request.remote_addr]:
del session[request.remote_addr]
session.save()
c.form = ResetPwForm(request.POST, csrf_context=session)
return self.render('/accounts/login.html')
def loggedin(self):
"Landing page"
came_from = (unquote(str(request.params.get('came_from', '')))
or url('/'))
if not self.identity:
if 'repoze.who.logins' in request.environ:
login_counter = request.environ['repoze.who.logins'] + 1
else:
abort(409)
redirect(
url('/accounts/login',
came_from=came_from,
__logins=login_counter))
userid = self.identity['repoze.who.userid']
user = self.identity['user']
if user is None:
try:
user, local_part, domain, domains = add_user(userid)
msg = _('First time Login from external auth,'
' your local account was created')
user_address_update(user, local_part, domain, domains,
self.identity)
except IntegrityError:
Session.rollback()
redirect(url('/logout'))
except ldap.LDAPError:
pass
else:
if not user.active:
redirect(url('/logout'))
msg = _('Login successful, Welcome back %(username)s !' %
dict(username=userid))
update_login(user)
if user.is_peleb:
for domain in user.domains:
if check_language(domain.language):
session['lang'] = domain.language
session.save()
break
session['taskids'] = []
session.save()
info = auditmsgs.ACCOUNTLOGIN_MSG % dict(u=user.username)
audit_log(user.username, 6, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
flash(msg)
log.info(msg)
redirect(url(came_from))
# pylint: disable-msg=R0201
def loggedout(self):
"Logged out page"
session.clear()
if 'theme' in session:
del session['theme']
session.save()
came_from = (unquote(str(request.params.get('came_from', '')))
or url('/accounts/login'))
redirect(url(came_from))
def passwdreset(self):
"""Render password reset page"""
c.came_from = '/'
c.login_counter = 0
c.form = ResetPwForm(request.POST, csrf_context=session)
if request.method == 'POST' and c.form.validate():
key_seed = '%s%s' % (c.form.email.data, arrow.utcnow().ctime())
token = hashlib.sha1(key_seed).hexdigest()
user = Session.query(User)\
.filter(User.email == c.form.email.data)\
.one()
if not user.local:
flash(
_('The account %s is an external account, use your'
' External systems to change the password. '
'Contact your system adminstrator if you do not '
'know which external systems you authenticate to') %
user.email)
redirect(url('/accounts/login'))
rtoken = Session\
.query(ResetToken.used)\
.filter(ResetToken.used == false())\
.filter(ResetToken.user_id == user.id)\
.all()
if not rtoken:
rtoken = ResetToken(token, user.id)
Session.add(rtoken)
Session.commit()
host = URL_PREFIX_RE.sub('', request.host_url)
c.username = user.username
c.firstname = user.firstname or user.username
c.reset_url = url('accounts-pw-token-reset',
token=token,
host=host)
text = self.render('/email/pwreset.txt')
mailer = Mailer(get_conf_options(config))
mailer.start()
sdrnme = config.get('baruwa.custom.name', 'Baruwa')
email = Msg(author=[(sdrnme,
config.get('baruwa.reports.sender'))],
to=[('', c.form.email.data)],
subject=_("[%s] Password reset request") % sdrnme)
email.plain = text
mailer.send(email)
mailer.stop()
flash(
_('An email has been sent to the address provided, '
'please follow the instructions in that email to '
'reset your password.'))
redirect(url('/accounts/login'))
return self.render('/accounts/login.html')
def pwtokenreset(self, token):
"""Reset password using token"""
try:
token = Session.query(ResetToken)\
.filter(ResetToken.token == token)\
.filter(ResetToken.used == false()).one()
threshold = token.timestamp + timedelta(minutes=20)
if arrow.utcnow().datetime > threshold:
Session.delete(token)
Session.commit()
raise NoResultFound
user = self._get_user(token.user_id)
if not user or user.is_superadmin:
raise NoResultFound
passwd = mkpasswd()
user.set_password(passwd)
Session.add(user)
Session.delete(token)
Session.commit()
c.passwd = passwd
c.firstname = user.firstname or user.username
text = self.render('/email/pwchanged.txt')
mailer = Mailer(get_conf_options(config))
mailer.start()
sdrnme = config.get('baruwa.custom.name', 'Baruwa')
email = Msg(author=[(sdrnme, config.get('baruwa.reports.sender'))],
to=[('', user.email)],
subject=_("[%s] Password reset") % sdrnme)
email.plain = text
mailer.send(email)
mailer.stop()
flash(
_('The password has been reset, check your email for'
' the temporary password you should use to login.'))
except NoResultFound:
msg = _('The token used is invalid or does not exist')
flash_alert(msg)
log.info(msg)
redirect(url('/accounts/login'))
@ActionProtector(All(not_anonymous(), OnlyAdminUsers(),
CanAccessAccount()))
def pwchange(self, userid):
"""Reset a user password"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = ChangePasswordForm(request.POST, csrf_context=session)
if request.method == 'POST' and c.form.validate():
if user.local and not user.is_superadmin:
change_user_pw(user, c.user, c.form.password1.data,
request.host, request.remote_addr)
msg = _('The account password for %(name)s has been reset') \
% dict(name=user.username)
flash(msg)
else:
if user.is_superadmin:
flash(_('Admin accounts can not be modified via the web'))
else:
flash(
_('This is an external account, use'
' external system to reset the password'))
redirect(url('account-detail', userid=user.id))
c.id = userid
c.username = user.username
c.posturl = 'accounts-pw-change'
return self.render('/accounts/pwchange.html')
@ActionProtector(not_anonymous())
def upwchange(self, userid):
"""User change own password"""
user = self._get_user(userid)
if not user:
abort(404)
if user.id != c.user.id or c.user.is_superadmin:
abort(403)
c.form = UserPasswordForm(request.POST, csrf_context=session)
if (request.method == 'POST' and c.form.validate()
and user.validate_password(c.form.password3.data)):
if user.local:
user.set_password(c.form.password1.data)
Session.add(user)
Session.commit()
flash(
_('The account password for %(name)s has been reset') %
dict(name=user.username))
info = auditmsgs.PASSWORDCHANGE_MSG % dict(u=user.username)
audit_log(c.user.username, 2, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
flash(
_('This is an external account, use'
' external system to reset the password'))
redirect(url('account-detail', userid=user.id))
elif (request.method == 'POST'
and not user.validate_password(c.form.password3.data)
and not c.form.password3.errors):
flash_alert(
_('The old password supplied does'
' not match our records'))
c.id = userid
c.username = user.username
c.posturl = 'accounts-pw-uchange'
return self.render('/accounts/pwchange.html')
# pylint: disable-msg=W0622
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def index(self, page=1, orgid=None, domid=None, format=None):
"""GET /accounts/: Paginate items in the collection"""
num_items = session.get('accounts_num_items', 10)
c.form = BulkDelUsers(request.POST, csrf_context=session)
if request.method == 'POST':
if c.form.accountid.data and \
str(c.user.id) in c.form.accountid.data:
c.form.accountid.data.remove(str(c.user.id))
if c.form.accountid.data and c.form.whatdo.data == 'disable':
Session.query(User)\
.filter(User.id.in_(c.form.accountid.data))\
.update({'active': False}, synchronize_session='fetch')
Session.commit()
if c.form.accountid.data and c.form.whatdo.data == 'enable':
Session.query(User)\
.filter(User.id.in_(c.form.accountid.data))\
.update({'active': True}, synchronize_session='fetch')
Session.commit()
if c.form.accountid.data and c.form.whatdo.data == 'delete':
session['bulk_account_delete'] = c.form.accountid.data
session.save()
# redirect for confirmation
redirect(url('accounts-confirm-delete'))
users = Session.query(User.id, User.username, User.firstname,
User.lastname, User.email, User.active,
User.local, User.account_type).order_by(User.id)
usrcount = Session.query(User.id)
if c.user.is_domain_admin:
users = users.join(domain_users, (dom_owns,
domain_users.c.domain_id ==
dom_owns.c.domain_id),
(oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
usrcount = usrcount.join(domain_users, (dom_owns,
domain_users.c.domain_id ==
dom_owns.c.domain_id),
(oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if domid:
users = users.filter(
and_(domain_users.c.domain_id == domid,
domain_users.c.user_id == User.id))
usrcount = usrcount.filter(
and_(domain_users.c.domain_id == domid,
domain_users.c.user_id == User.id))
if orgid:
users = users.filter(
and_(
domain_users.c.user_id == User.id,
domain_users.c.domain_id == dom_owns.c.domain_id,
dom_owns.c.organization_id == orgid,
))
usrcount = usrcount.filter(
and_(
domain_users.c.user_id == User.id,
domain_users.c.domain_id == dom_owns.c.domain_id,
dom_owns.c.organization_id == orgid,
))
users = users.distinct(User.id)
usrcount = usrcount.distinct(User.id)
pages = paginate.Page(users,
page=int(page),
items_per_page=num_items,
item_count=usrcount.count())
if format == 'json':
response.headers['Content-Type'] = 'application/json'
data = convert_acct_to_json(pages, orgid)
return data
c.page = pages
c.domid = domid
c.orgid = orgid
return self.render('/accounts/index.html')
# pylint: disable-msg=R0914,W0142,W0613
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def search(self, format=None):
"Search for accounts"
total_found = 0
search_time = 0
num_items = session.get('accounts_num_items', 10)
qry = request.GET.get('q', '')
doms = request.GET.get('d', None)
kwds = {'presliced_list': True}
page = int(request.GET.get('p', 1))
conn = SphinxClient()
sphinxopts = extract_sphinx_opts(config['sphinx.url'])
conn.SetServer(sphinxopts.get('host', '127.0.0.1'))
conn.SetMatchMode(SPH_MATCH_EXTENDED2)
conn.SetFieldWeights(
dict(username=50, email=30, firstname=10, lastname=10))
if page == 1:
conn.SetLimits(0, num_items, 500)
else:
page = int(page)
offset = (page - 1) * num_items
conn.SetLimits(offset, num_items, 500)
if doms:
conn.SetFilter('domains', [
int(doms),
])
if c.user.is_domain_admin:
# crcs = get_dom_crcs(Session, c.user)
domains = Session.query(Domain.id).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
conn.SetFilter('domains', [domain[0] for domain in domains])
qry = clean_sphinx_q(qry)
try:
results = conn.Query(qry, 'accounts, accounts_rt')
except (socket.timeout, struct.error):
redirect(request.path_qs)
qry = restore_sphinx_q(qry)
if results and results['matches']:
ids = [hit['id'] for hit in results['matches']]
total_found = results['total_found']
search_time = results['time']
users = Session.query(User.id,
User.username,
User.firstname,
User.lastname,
User.email,
User.active,
User.local,
User.account_type)\
.filter(User.id.in_(ids))\
.order_by(User.id)\
.all()
usercount = total_found
else:
users = []
usercount = 0
c.q = qry
c.d = doms
c.total_found = total_found
c.search_time = search_time
c.page = paginate.Page(users,
page=int(page),
items_per_page=num_items,
item_count=usercount,
**kwds)
return self.render('/accounts/searchresults.html')
@ActionProtector(All(not_anonymous(), CanAccessAccount()))
def detail(self, userid):
"""GET /accounts/userid/ Show a specific item"""
user = self._get_user(userid)
if not user:
abort(404)
c.account = user
return self.render('/accounts/account.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def add(self):
"""/accounts/new"""
c.form = user_add_form(c.user, request.POST, session)
if request.method == 'POST' and c.form.validate():
try:
user = create_user(c.form, c.user.username, request.host,
request.remote_addr)
flash(
_('The account: %(user)s was created successfully') %
{'user': user.username})
redirect(url('account-detail', userid=user.id))
except IntegrityError:
Session.rollback()
flash_alert(
_('Either the username or email address already exist'))
return self.render('/accounts/new.html')
@ActionProtector(All(not_anonymous(), CanAccessAccount()))
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = user_update_form(user, c.user, request.POST, session)
if request.method == 'POST' and c.form.validate():
kwd = dict(userid=user.id)
if update_changed(c.form, FORM_FIELDS, user):
try:
update_user(user, c.user, request.host,
request.remote_addr)
flash(_('The account has been updated'))
kwd['uc'] = 1
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active
and c.form.active.data is False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail', **kwd))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/edit.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers(),
CanAccessAccount()))
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.method == 'POST':
if c.form.validate():
delete_user(user, c.user, request.host, request.remote_addr)
flash(_('The account has been deleted'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(
_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/delete.html')
@ActionProtector(not_anonymous())
def confirm_delete(self):
"Confirm mass delete"
accountids = session.get('bulk_account_delete', [])
if not accountids:
redirect(url(controller='accounts', action='index'))
num_items = 10
if len(accountids) > num_items and len(accountids) <= 20:
num_items = 20
if len(accountids) > num_items and len(accountids) <= 50:
num_items = 50
if len(accountids) > num_items and len(accountids) <= 100:
num_items = 100
users = Session.query(User).filter(User.id.in_(accountids))
usrcount = Session.query(User.id)
if c.user.is_domain_admin and usrcount:
users = users.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id == oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
usrcount = usrcount.join(domain_users, (dom_owns,
domain_users.c.domain_id == dom_owns.c.domain_id),
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if request.method == 'POST':
tasks = []
# try:
for account in users.all():
info = auditmsgs.DELETEACCOUNT_MSG % dict(u=account.username)
Session.delete(account)
tasks.append([
c.user.username, 4,
unicode(info), request.host, request.remote_addr,
arrow.utcnow().datetime
])
Session.commit()
del session['bulk_account_delete']
session.save()
backend_user_update(None, True)
for task in tasks:
audit_log(*task)
flash(_('The accounts have been deleted'))
redirect(url(controller='accounts'))
else:
flash(
_('The following accounts are about to be deleted,'
' this action is not reversible, Do you wish to '
'continue ?'))
try:
c.page = paginate.Page(users,
page=1,
items_per_page=num_items,
item_count=usrcount.count())
except DataError:
msg = _('An error occured try again')
flash_alert(msg)
log.info(msg)
redirect(url(controller='accounts', action='index'))
return self.render('/accounts/confirmbulkdel.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers(),
CanAccessAccount()))
def addaddress(self, userid):
"Add address"
user = self._get_user(userid)
if not user:
abort(404)
c.form = AddressForm(request.POST, csrf_context=session)
if request.method == 'POST' and c.form.validate():
try:
addr = create_address(c.form, user, c.user, request.host,
request.remote_addr)
flash(
_('The alias address %(address)s was successfully created.'
% dict(address=addr.address)))
except IntegrityError:
Session.rollback()
msg = _('The address %(addr)s already exists') % \
dict(addr=c.form.address.data)
flash_alert(msg)
log.info(msg)
except NoResultFound:
domain = c.form.address.data.split('@')[1]
msg = _('Domain: %(d)s does not belong to you') % \
dict(d=domain)
flash(msg)
log.info(msg)
redirect(url(controller='accounts', action='detail',
userid=userid))
c.id = userid
return self.render('/accounts/addaddress.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers(),
CanAccessAccount()))
def editaddress(self, addressid):
"Edit address"
address = get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.method == 'POST' and c.form.validate():
try:
if (address.address != c.form.address.data
or address.enabled != c.form.enabled.data):
update_address(c.form, address, c.user, request.host,
request.remote_addr)
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
Session.rollback()
msg = _('The address %(addr)s already exists') % \
dict(addr=c.form.address.data)
flash_alert(msg)
log.info(msg)
except NoResultFound:
domain = c.form.address.data.split('@')[1]
msg = _('Domain: %(d)s does not belong to you') % \
dict(d=domain)
flash(msg)
log.info(msg)
redirect(
url(controller='accounts',
action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return self.render('/accounts/editaddress.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers(),
CanAccessAccount()))
def deleteaddress(self, addressid):
"Delete address"
address = get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.method == 'POST' and c.form.validate():
user_id = delete_address(address, c.user, request.host,
request.remote_addr)
flash(_('The address has been deleted'))
redirect(
url(controller='accounts', action='detail', userid=user_id))
c.id = addressid
c.userid = address.user_id
return self.render('/accounts/deleteaddress.html')
def set_language(self):
"Set the language"
nextpage = request.params.get('next', None)
if not nextpage:
nextpage = request.headers.get('Referer', None)
if not nextpage:
nextpage = '/'
if '://' in nextpage:
from_url = urlparse(nextpage)
nextpage = from_url[2]
lang_code = request.params.get('language', None)
if lang_code and check_language(lang_code):
session['lang'] = lang_code
session.save()
params = []
for param in request.params:
if param not in ['language', 'amp']:
value = request.params[param]
if value:
if (param == 'came_from'
and '://' in urllib2.unquote(value)):
urlparts = urlparse(urllib2.unquote(value))
value = urlparts[2] or '/'
params.append('%s=%s' %
(urllib2.quote(param), urllib2.quote(value)))
if 'lc=1' not in params:
params.append('lc=1')
if params:
nextpage = "%s?%s" % (nextpage, '&'.join(params))
redirect(nextpage)
@ActionProtector(All(not_anonymous(), OwnsDomain()))
def import_accounts(self, domainid):
"import accounts"
try:
cachekey = u'domain-%s' % domainid
domain = Session.query(Domain.id, Domain.name)\
.filter(Domain.id == domainid)\
.options(FromCache('sql_cache_med', cachekey)).one()
except NoResultFound:
abort(404)
c.form = ImportCSVForm(request.POST, csrf_context=session)
if request.method == 'POST' and c.form.validate():
basedir = config['pylons.cache_dir']
csvdata = request.POST['csvfile']
if hasattr(csvdata, 'filename'):
dstfile = os.path.join(basedir, 'uploads',
csvdata.filename.lstrip(os.sep))
if not os.path.exists(dstfile) and iscsv(csvdata.file):
csvfile = open(dstfile, 'w')
shutil.copyfileobj(csvdata.file, csvfile)
csvdata.file.close()
csvfile.close()
task = importaccounts.apply_async(args=[
domainid, dstfile, c.form.skipfirst.data, c.user.id
])
session['taskids'].append(task.task_id)
session['acimport-count'] = 1
session['acimport-file'] = dstfile
session.save()
msg = _('File uploaded, and is being processed, this page'
' will automatically refresh to show the status')
flash(msg)
log.info(msg)
redirect(url('accounts-import-status',
taskid=task.task_id))
else:
filename = csvdata.filename.lstrip(os.sep)
if not iscsv(csvdata.file):
msg = _('The file: %s is not a CSV file') % filename
flash_alert(msg)
log.info(msg)
else:
msg = _('The file: %s already exists and'
' is being processed.') % filename
flash_alert(msg)
log.info(msg)
csvdata.file.close()
else:
msg = _('No CSV was file uploaded, try again')
flash_alert(msg)
log.info(msg)
c.domain = domain
return self.render('/accounts/importaccounts.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def import_status(self, taskid):
"import status"
result = AsyncResult(taskid)
if result is None or taskid not in session['taskids']:
msg = _('The task status requested has expired or does not exist')
flash(msg)
log.info(msg)
redirect(url(controller='accounts', action='index'))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
if c.user.is_superadmin:
msg = _('Error occured in processing %s') % result.result
flash_alert(msg)
log.info(msg)
else:
flash_alert(_('Backend error occured during processing.'))
redirect(url(controller='accounts'))
backend_user_update(None, True)
audit_log(c.user.username, 3, unicode(auditmsgs.ACCOUNTIMPORT_MSG),
request.host, request.remote_addr,
arrow.utcnow().datetime)
else:
session['acimport-count'] += 1
if (session['acimport-count'] >= 10
and result.state in ['PENDING', 'RETRY', 'FAILURE']):
result.revoke()
try:
os.unlink(session['acimport-file'])
except OSError:
pass
del session['acimport-count']
session.save()
msg = _('The import could not be processed,'
' try again later')
flash_alert(msg)
log.info(msg)
redirect(url(controller='accounts'))
finished = False
c.finished = finished
c.results = result.result
c.success = result.successful()
return self.render('/accounts/importstatus.html')
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def export_accounts(self, domainid=None, orgid=None):
"export domains"
task = exportaccounts.apply_async(args=[domainid, c.user.id, orgid])
if 'taskids' not in session:
session['taskids'] = []
session['taskids'].append(task.task_id)
session['acexport-count'] = 1
session.save()
msg = _('Accounts export is being processed')
flash(msg)
log.info(msg)
redirect(url('accounts-export-status', taskid=task.task_id))
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def export_status(self, taskid):
"export status"
result = AsyncResult(taskid)
if result is None or taskid not in session['taskids']:
msg = _('The task status requested has expired or does not exist')
flash(msg)
log.info(msg)
redirect(url(controller='accounts', action='index'))
if result.ready():
finished = True
flash.pop_messages()
if isinstance(result.result, Exception):
msg = _('Error occured in processing %s') % result.result
if c.user.is_superadmin:
flash_alert(msg)
log.info(msg)
else:
flash_alert(_('Backend error occured during processing.'))
log.info(msg)
redirect(url(controller='accounts', action='index'))
results = dict(
f=True if not result.result['global_error'] else False,
id=taskid,
global_error=result.result['global_error'])
audit_log(c.user.username, 5, unicode(auditmsgs.ACCOUNTEXPORT_MSG),
request.host, request.remote_addr,
arrow.utcnow().datetime)
else:
try:
session['acexport-count'] += 1
except KeyError:
session['acexport-count'] = 1
session.save()
if (session['acexport-count'] >= 10
and result.state in ['PENDING', 'RETRY', 'FAILURE']):
result.revoke()
del session['acexport-count']
session.save()
msg = _('The export could not be processed, try again later')
flash_alert(msg)
log.info(msg)
redirect(url(controller='accounts', action='index'))
finished = False
results = dict(f=None, global_error=None)
c.finished = finished
c.results = results
c.success = result.successful()
dwn = request.GET.get('d', None)
if finished and (dwn and dwn == 'y'):
response.content_type = 'text/csv'
response.headers['Cache-Control'] = 'max-age=0'
csvdata = result.result['f']
disposition = 'attachment; filename=accounts-export-%s.csv' % \
taskid
response.headers['Content-Disposition'] = str(disposition)
response.headers['Content-Length'] = len(csvdata)
return csvdata
return self.render('/accounts/exportstatus.html')
# pylint: disable-msg=R0201,W0613
@ActionProtector(All(not_anonymous(), OnlyAdminUsers()))
def setnum(self, format=None):
"Set number of account items returned"
num = check_num_param(request)
if num and num in [10, 20, 50, 100]:
session['accounts_num_items'] = num
session.save()
nextpage = request.headers.get('Referer', '/')
if '://' in nextpage:
from_url = urlparse(nextpage)
nextpage = from_url[2]
redirect(nextpage)
class FasesGestConfController(CrudRestController):
"""Controlador de Fases en Desarrollo"""
#{ Variables
title = u"Fases de proyecto: %s"
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#Subcontrolador
lbs = LineaBaseController(DBSession)
#{ Modificadores
model = Fase
table = fases_gestconf_table
table_filler = fases_gestconf_table_filler
opciones = dict(nombre= u'Nombre',
posicion= u'Posición',
numero_items= u'Nro. de Ítems',
estado= u'Estado',
codigo= u'Código'
)
columnas = dict(nombre='texto',
posicion='entero',
numero_items='entero',
estado='combobox',
codigo='texto'
)
comboboxes = dict(estado=Fase.estados_posibles)
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.fases.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
id_proyecto = UrlParser.parse_id(request.url, "proyectos_gestconf")
proy = Proyecto.por_id(id_proyecto)
titulo = self.title % proy.nombre
atras = "../"
fases = self.table_filler.get_value(id_proyecto=id_proyecto, **kw)
tmpl_context.widget = self.table
return dict(lista_elementos=fases,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action='./',
puede_crear=False,
comboboxes=self.comboboxes,
atras=atras
)
@without_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.fases.get_all')
@expose('json')
def post_buscar(self, *args, **kw):
"""
Controlador que recibe los parámetros de búsqueda para
devolver el resultado esperado.
"""
id_proyecto = UrlParser.parse_id(request.url, "proyectos_gestconf")
proy = Proyecto.por_id(id_proyecto)
titulo = self.title % proy.nombre
atras = "../"
buscar_table_filler = FasesGestConfTableFiller(DBSession)
buscar_table_filler.filtros = kw
fases = buscar_table_filler.get_value(id_proyecto=id_proyecto, **kw)
tmpl_context.widget = self.table
return dict(lista_elementos=fases,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action='../',
puede_crear=False,
comboboxes=self.comboboxes,
atras=atras
)
@expose('lpm.templates.index')
def _default(self, *args, **kw):
"""Maneja las urls no encontradas"""
flash(_('Recurso no encontrado'), 'warning')
redirect('/')
return dict(page='index')
@expose()
def new(self, *args, **kw):
pass
@expose()
def post_delete(self, id):
pass
@expose()
def post(self, *args, **kw):
pass
@expose()
def edit(self, *args, **kw):
pass
@expose()
def put(self, *args, **kw):
pass
@expose()
def get_one(self, *args, **kw):
pass
class FaseController(CrudRestController):
"""Controlador de Fases"""
#{ Variables
title = u"Fases de proyecto: %s"
allow_only = not_anonymous(u"El usuario debe haber iniciado sesión")
#{plantillas
#tmp_action = "/proyectos/%d/fases/"
#tmp_action_fase = "/proyectos_fase/%d/fases/" #desde submenu fase
tmp_action = "./"
#Subcontrolador
tipositems = TipoItemController(DBSession)
miembrosfase = MiembrosFaseController()
nomiembrosfase = NoMiembrosFaseController()
rolesfase = RolesFaseController(DBSession)
#{ Modificadores
model = Fase
table = fase_table
table_filler = fase_table_filler
new_form = fase_add_form
edit_form = fase_edit_form
edit_filler = fase_edit_filler
opciones = dict(nombre=u'Nombre',
posicion=u'Posición',
numero_items=u'Nro. de Ítems',
estado=u'Estado',
codigo=u'Código')
columnas = dict(nombre='texto',
posicion='entero',
numero_items='entero',
estado='combobox',
codigo='texto')
comboboxes = dict(estado=Fase.estados_posibles)
#{ Métodos
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.fases.get_all')
@expose('json')
def get_all(self, *args, **kw):
"""
Retorna todos los registros
Retorna una página HTML si no se especifica JSON
"""
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
atras = "../"
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
atras = "../../"
puede_crear = PoseePermiso(
"crear fase", id_proyecto=id_proyecto).is_met(request.environ)
proy = Proyecto.por_id(id_proyecto)
if proy.estado == "Iniciado":
puede_crear = False
titulo = self.title % proy.nombre
fases = self.table_filler.get_value(id_proyecto=id_proyecto, **kw)
tmpl_context.widget = self.table
return dict(lista_elementos=fases,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action=self.tmp_action,
puede_crear=puede_crear,
comboboxes=self.comboboxes,
atras=atras)
@without_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.fases.get_all')
@expose('json')
def post_buscar(self, *args, **kw):
"""
Controlador que recibe los parámetros de búsqueda para
devolver el resultado esperado.
"""
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
#action = self.tmp_action % id_proyecto
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
#action = self.tmp_action_fase % id_proyecto
puede_crear = PoseePermiso(
"crear fase", id_proyecto=id_proyecto).is_met(request.environ)
proy = Proyecto.por_id(id_proyecto)
if proy.estado == "Iniciado":
puede_crear = False
titulo = self.title % proy.nombre
tmpl_context.widget = self.table
buscar_table_filler = FaseTableFiller(DBSession)
buscar_table_filler.filtros = kw
fases = buscar_table_filler.get_value(id_proyecto=id_proyecto)
atras = '../'
return dict(lista_elementos=fases,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
url_action="../",
puede_crear=puede_crear,
comboboxes=self.comboboxes,
opciones=self.opciones,
atras=atras)
@without_trailing_slash
@expose('lpm.templates.fases.new')
def new(self, *args, **kw):
"""Display a page to show a new record."""
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
atras = "./"
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
atras = "../../"
if not id_proyecto:
redirect(atras)
tmpl_context.widget = self.new_form
return dict(value=kw, page="Nueva Fase", atras=atras)
@expose()
def post_delete(self, id):
"""Elimina una fase de la bd si el proyecto no está iniciado"""
fase = Fase.por_id(id)
proy = Proyecto.por_id(fase.id_proyecto)
proy.eliminar_fase(id)
flash("Fase eliminada")
redirect("../")
@validate(fase_add_form, error_handler=new)
@expose()
def post(self, *args, **kw):
if "sprox_id" in kw:
del kw["sprox_id"]
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
atras = "./"
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
atras = "../../"
proy = Proyecto.por_id(id_proyecto)
fase = proy.crear_fase(**kw)
#Creamos el rol miembro de fase
#plant_m = Rol.obtener_rol_plantilla(nombre_rol=u"Miembro de Fase")
#rol_m = Rol.nuevo_rol_desde_plantilla(plantilla=plant_m,
# id=fase.id_fase)
flash("Fase Creada")
redirect(atras)
@expose('lpm.templates.fases.edit')
def edit(self, *args, **kw):
"""Despliega una pagina para realizar modificaciones"""
id_fase = UrlParser.parse_id(request.url, "fases")
fase = Fase.por_id(int(id_fase))
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
atras = "./"
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
pp = PoseePermiso('modificar fase', id_fase=id_fase)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect("./")
tmpl_context.widget = FaseEditForm(DBSession)
value = self.edit_filler.get_value(values={'id_fase': id_fase})
page = u"Modificar Fase: %s" % value["nombre"]
return dict(value=value, page=page, atras=atras)
@validate(fase_edit_form, error_handler=edit)
@expose()
def put(self, *args, **kw):
"""update"""
if "sprox_id" in kw:
del kw["sprox_id"]
id_proyecto = int(kw["id_proyecto"])
id_fase = int(kw["id_fase"])
del kw["id_fase"]
pp = PoseePermiso('modificar fase', id_fase=id_fase)
if not pp.is_met(request.environ):
flash(pp.message % pp.nombre_permiso, 'warning')
redirect("../")
proy = Proyecto.por_id(id_proyecto)
proy.modificar_fase(id_fase, **kw)
flash("Fase modificada")
redirect("./")
@with_trailing_slash
@paginate('lista_elementos', items_per_page=5)
@expose('lpm.templates.fases.get_all')
@expose('json')
def get_one(self, *args, **kw):
id_proyecto = UrlParser.parse_id(request.url, "proyectos")
action = "./"
atras = '../'
if not id_proyecto:
id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase")
atras = "/proyectos_fase/"
id_fase = int(args[0])
puede_crear = PoseePermiso(
"crear fase", id_proyecto=id_proyecto).is_met(request.environ)
proy = Proyecto.por_id(id_proyecto)
if proy.estado == "Iniciado":
puede_crear = False
if pylons.request.response_type == 'application/json':
return dict(
lista=self.table_filler.get_value(id_fase=id_fase, **kw))
if not getattr(self.table.__class__, ' ', False):
fase = self.table_filler.get_value(id_fase=id_fase, **kw)
else:
fase = []
tmpl_context.widget = self.table
titulo = self.title % proy.nombre
return dict(lista_elementos=fase,
page=titulo,
titulo=titulo,
modelo=self.model.__name__,
columnas=self.columnas,
opciones=self.opciones,
url_action=action,
puede_crear=puede_crear,
comboboxes=self.comboboxes,
atras=atras)
def not_met_util(self):
if not_met(not_anonymous()):
return 'You are anonymous'
return 'You are not anonymous'
