def form_valid(self, form): user = self.object role = form.data.get('role') if not role: raise Exception('Role is required') clear_roles(user) if form.data.get('is_active'): assign_role(user, role) return super(EditUserView, self).form_valid(form)
def test_clear_roles(self): user = self.user assign_role(user, ShoRole1) assign_role(user, ShoRole2) assign_role(user, ShoRole3) clear_roles(user) self.assertListEqual([], get_user_roles(user))
def profile(request, account_slug): account = get_object_or_404(Account.objects.active(), slug=account_slug) can_modify_profile = (request.user == account or has_permission(request.user, "modify_profile")) user_group_form = StaffUserGroupForm(request.POST or None, request.FILES or None) if request.user.is_authenticated: if user_group_form.is_valid() and has_permission(request.user, "change_user_group"): group = user_group_form.cleaned_data['group'] clear_roles(account) assign_role(account, group) if group in ['administrator','moderator','janitor']: account.is_staff = True account.save() has_comment_priv = request.user.has_priv("can_comment") can_change_group = has_permission(request.user, "change_user_group") else: has_comment_priv = False can_change_group = False if request.method == "POST": newCommentTextarea = request.POST.get("newCommentTextarea") aboutUserTextarea = request.POST.get("aboutUserTextarea") if not request.user.is_authenticated: return redirect('account:login') elif newCommentTextarea and has_comment_priv: # Comment creating comment_content = newCommentTextarea Comment.objects.create(content=comment_content, author=request.user, content_object=account) return redirect('booru:profile', account_slug=account.slug) elif aboutUserTextarea and can_modify_profile: # About myself editing account.about = aboutUserTextarea account.save() return redirect('booru:profile', account_slug=account.slug) # TODO: I don't remember if I can safely pass account as # an parameter to the render. favorites = Post.objects.filter(favorites__account=account)[:5] context = { 'account' : account, 'recent_favorites' : favorites, 'recent_uploads' : account.get_posts().not_deleted().order_by('-id'), 'deleted_posts' : account.get_posts().deleted(), 'can_modify_profile': request.user.is_authenticated and can_modify_profile, 'can_comment': has_comment_priv, 'user_group_form': user_group_form, 'can_change_group': can_change_group } return render(request, 'booru/account/profile.html', context)
def test_request_mass_rename_by_logged_staff_no_perm_client(self): user = self.create_test_user(is_staff=True) clear_roles(user) assign_role(user, 'janitor') revoke_permission(user, 'mass_rename') self.assertFalse(has_permission(user, 'mass_rename')) c = Client() logged_in = c.login(username='******', password='******') response = c.get('/staff_page/mass_rename') self.assertEqual(302, response.status_code)
def update(self, instance, validated_data): positions_data = self.context['request'].data['positions'] user_id = self.context['request'].data['id'] user = get_object_or_404(User, pk=user_id) instance = super(UserDetailSerializer, self).update(instance, validated_data) new_positions = [] for row in positions_data: position = get_object_or_404(Position, pk=row) new_positions.append(position) current_positions = UserPosition.objects.filter(user=user_id) current_positions.delete() # TODO not delete already existing positions for new_pos in new_positions: UserPosition.objects.create(user=user, position=new_pos) categories_data = self.context['request'].data['categories'] new_categories = [] for row in categories_data: category = get_object_or_404(Category, pk=row) new_categories.append(category) current_categories = UserCategory.objects.filter(user=user_id) current_categories.delete() # TODO not delete already existing categories for new_cat in new_categories: UserCategory.objects.create(user=user, category=new_cat) units_data = self.context['request'].data['units'] new_units = [] for row in units_data: unit = get_object_or_404(Unit, pk=row) new_units.append(unit) current_units = UserUnit.objects.filter(user=user_id) current_units.delete() # TODO not delete already existing units for new_un in new_units: UserUnit.objects.create(user=user, unit=new_un) faculties_data = self.context['request'].data['faculties'] new_faculties = [] for row in faculties_data: faculty = get_object_or_404(Faculty, pk=row) new_faculties.append(faculty) current_faculties = UserFaculty.objects.filter(user=user_id) current_faculties.delete() # TODO not delete already existing faculties for new_fac in new_faculties: UserFaculty.objects.create(user=user, faculty=new_fac) role_data = self.context['request'].data['role'] clear_roles(user) for row in role_data: assign_role(user, retrieve_role(row)) return instance
def change_user_role(self, roles): """Changes User Role Requires: django-rolepermissions Params: user: User Object roles: A list containing new roles of the user This methods clears the previous roles of the user and replaces them with the new one. """ clear_roles(self) for role in roles: assign_role(self, role) return self
def get_set_user_info(request): """ Get the basic information for the current logged in user """ try: if request.session.session_key is not None: # update the session details User = get_user_model() cur_user = User.objects.get(id=request.user.id) clear_roles(cur_user) assign_role(cur_user, Pi) request.session[ 'cu_designation'] = cur_user.get_designation_display() request.session['cu_designation_id'] = cur_user.designation request.session['cu_last_name'] = cur_user.last_name request.session['cu_first_name'] = cur_user.first_name request.session['cu_email'] = cur_user.email request.session['cu_issuperuser'] = cur_user.is_superuser if cur_user.is_superuser: request.session['cu_designation'] = 'Super Administrator' cur_user_email = cur_user.email elif request.session.get('cu_email') is not None: cur_user_email = request.session['cu_email'] else: cur_user_email = None global user_permissions if cur_user_email: user_permissions = available_perm_names(cur_user) else: user_permissions = [] if settings.DEBUG: if cur_user.is_superuser and len(user_permissions) == 0: user_permissions = ['all'] return (cur_user_email, user_permissions) except User.DoesNotExist as e: terminal.tprint( "%s: A user who is not vetted is trying to log in. Kick them out." % str(e), 'fail') return None except Exception as e: send_sentry_message(str(e)) if settings.DEBUG: logging.error(traceback.format_exc()) # we need a default page to go to return render(request, 'dashboard/dashboard.html', params)
def form_valid(self, form): extra_fields = { 'first_name': form.instance.first_name, 'last_name': form.instance.last_name } try: user = User.objects.create_user(form.instance.email, form.instance.password, **extra_fields) role = form.data.get('role') if not role: raise Exception('Role is required') clear_roles(user) assign_role(user, role) messages.success(self.request, "User {} created".format(user.email)) except Exception as error: messages.error(self.request, "Failed on create. Error {}".format(error)) return HttpResponseRedirect(self.get_success_url())
def edit_users(request, d_type): params = get_basic_info(request) try: if d_type == 'edit_user': dash_views.update_user(request, pk_id) # lets update the permissions too edit_user = User.objects.get(id=pk_id) clear_roles(edit_user) for name, obj in inspect.getmembers( importlib.import_module("coinfection.settings.roles"), inspect.isclass): if inspect.isclass(obj): if name == 'AbstractUserRole': continue if obj.alias == edit_user.designation: assign_role(edit_user, obj) break return JsonResponse({ 'error': False, 'message': 'The user has been edited successfully' }) except DataError as e: transaction.rollback() if settings.DEBUG: terminal.tprint('%s (%s)' % (str(e), type(e)), 'fail') capture_exception(e) return JsonResponse({ 'error': True, 'message': 'Please check the entered data' }) except Exception as e: if settings.DEBUG: terminal.tprint('%s (%s)' % (str(e), type(e)), 'fail') capture_exception(e) return JsonResponse({ 'error': True, 'message': 'There was an error while updating the database' })
def handle(self, *args, **options): # Sync auth.Group with current registered roles (leaving existing groups intact!) for role in roles.RolesManager.get_roles(): group, created = role.get_or_create_group() if created: self.stdout.write("Created Group: %s from Role: %s" % (group.name, role.get_name())) # Sync auth.Permission with permissions for this role role.get_default_true_permissions() if options.get('reset_user_permissions', False): # dj1.7 compat # Push any permission changes made to roles and remove any unregistered roles from all auth.Users self.stdout.write("Resetting permissions for ALL Users to defaults defined by roles.") for user in get_user_model().objects.all(): user_roles = roles.get_user_roles(user=user) roles.clear_roles(user=user) for role in user_roles: roles.assign_role(user=user, role=role)
def put(self, request, user_id): try: user = User.objects.get(pk=user_id) except User.DoesNotExist: raise ApiException(request, _('User does not exist.'), status_code=HTTPStatus.NOT_FOUND) form = UserForms.Update.create_from_request(request) if not form.is_valid(): raise ValidationException(request, form) email = form.cleaned_data.get('email') assign_projects = form.cleaned_data.get('assign_projects') role = form.cleaned_data.get('role') if email != user.email: if User.objects.filter(email=email).exists(): raise ApiException(request, _('Email is already used.'), status_code=HTTPStatus.CONFLICT) form.fill(user) user.username = email if assign_projects is not None: user.assign_projects(request, assign_projects) if role: clear_roles(user) assign_role(user, role.value) user.save() return SingleResponse(request, data=user, status=HTTPStatus.OK, serializer=UserSerializer.Base)
def setRole(self): if self.is_staff or self.is_superuser: clear_roles(self) assign_role(self, 'administrador') self.role = 'Administrador' else: if self.role == 'Moderador': clear_roles(self) assign_role(self, 'moderador') else: clear_roles(self) assign_role(self, 'estudante') self.role = 'Estudante'
def remove_all_user_permission(auth_user): auth_user.is_superuser = False auth_user.is_staff = False auth_user.is_active = False clear_roles(auth_user) auth_user.save()
def tearDown(self): clear_roles(self.user)
def add_user(request): # given a user details add the user # 1. Get the next personnel code # 1. Add the details of the user and set is_active to 0. Generate a password # 2. Send email to the user with the activation link try: UserModel = get_user_model() nickname = request.POST.get('username') username = request.POST.get('username') designation = request.POST.get('designation') tel = request.POST.get('tel') email = request.POST.get('email') first_name = request.POST.get('first_name') last_name = request.POST.get('surname') new_user = UserModel(nickname=username, username=username, designation=designation, tel=tel, email=email, first_name=first_name, last_name=last_name, password=make_password('TestPass1234'), is_active=0) new_user.full_clean() new_user.save() # assign roles # ToDo: Find a way to clean the roles import clear_roles(new_user) for name, obj in inspect.getmembers( importlib.import_module("datahub.settings.roles"), inspect.isclass): if inspect.isclass(obj): if name == 'AbstractUserRole': continue if obj.alias == new_user.designation: assign_role(new_user, obj) # print("The user %s is now a %s", (edit_user.username, obj.perm_name)) break reg_view = RegistrationView() activation_link = reg_view.get_activation_key(new_user) # send an email to this user notify = Notification() uid = urlsafe_base64_encode(force_bytes(new_user.pk)) current_site = get_current_site(request) email_settings = { 'template': 'emails/verify_account.html', 'subject': '[%s] Confirm Registration' % settings.SITE_NAME, 'sender_email': settings.SENDER_EMAIL, 'recipient_email': email, 'site_name': settings.SITE_NAME, 'site_url': 'http://%s' % current_site.domain, 'title': 'Confirm Registration', 'salutation': 'Dear %s' % first_name, 'use_queue': getattr(settings, 'QUEUE_EMAILS', False), 'verification_link': 'http://%s/activate_new_user/%s/%s' % (current_site.domain, uid, activation_link), 'message': 'You have been registered successfully to the %s. We are glad to have you on board. Please click on the button below to activate your account. You will not be able to use your account until it is activated. The activation link will expire in %d hours' % (settings.SITE_NAME, settings.ACCOUNT_ACTIVATION_DAYS * 24), 'message_sub_heading': 'You have been registered successfully' } notify.send_email(email_settings) return JsonResponse({ 'error': False, 'message': 'The user has been saved successfully' }) except ValidationError as e: return JsonResponse({ 'error': True, 'message': 'There was an error while saving the user: %s' % str(e) }) except Exception as e: if settings.DEBUG: terminal.tprint(str(e), 'fail') capture_exception(e) raise