def insert_user(data):
user_rec = dict(
FIRSTNAME=data.first_name,
LASTNAME=data.last_name,
LOGINID=data.username,
EMAIL=data.email,
PHONE=data.phone,
PASSWORD=gen_password(),
DTUPD=now,
DTADD=now,
STATUS="A",
)
db = system.database
table = db.table("dz_users", "USERID")
new_id = table.insert(user_rec)
# set user password
user = User(data.username)
user.set_password(data.password)
# make sure new users don't accidentally get access
db("delete from dz_members where userid=%s", new_id)
# add default group
add_user(user.username, "users")
return new_id
def test_user_can(self):
class MyObject(object):
def allows(self, user, action):
return action == 'read' or user.username == 'admin'
obj = MyObject()
user = OldUser('user1')
self.assertTrue(user.can('read', obj))
self.assertFalse(user.can('edit', obj))
user = OldUser('admin')
self.assertTrue(user.can('read', obj))
self.assertTrue(user.can('edit', obj))
def test_user_is_member(self):
user = OldUser('admin')
self.assertTrue(user.is_member('administrators'))
self.assertTrue(user.is_member('users'))
self.assertFalse(user.is_member('notagroup'))
user = OldUser('user1')
self.assertTrue(user.is_member('users'))
self.assertFalse(user.is_member('administrators'))
self.assertFalse(user.is_member('notagroup'))
def reset_password(token, password, confirm):
if not valid_token(token):
return Page('expired')
elif not valid_new_password(password):
error('Invalid password ({})'.format(valid_new_password.msg))
elif password <> confirm:
error('Passwords do not match')
else:
user = user_by_token(token)
if not user:
error('Invalid request')
else:
user = User(user['LOGINID'])
user.set_password(password)
rec = ForgotToken.find(token=token)[0]
rec.expiry = time.time()
rec.put()
return home('complete')
def reset_password(token,password,confirm):
if not valid_token(token):
return Page('expired')
elif not valid_new_password(password):
error('Invalid password ({})'.format(valid_new_password.msg))
elif password <> confirm:
error('Passwords do not match')
else:
user = user_by_token(token)
if not user:
error('Invalid request')
else:
user = User(user['LOGINID'])
user.set_password(password)
rec = ForgotToken.find(token=token)[0]
rec.expiry = time.time()
rec.put()
return home('complete')
def insert(cls, form):
values = form.evaluate()
username = values['USERNAME'].lower()
password = gen_password()
values['FIRSTNAME'] = values['FIRST_NAME']
values['LASTNAME'] = values['LAST_NAME']
values['LOGINID'] = username
values['PASSWORD'] = ''
values['DTUPD'] = values['DTADD'] = datetime.datetime.now()
values['STATUS'] = 'A'
users = db.table('dz_users', 'USERID')
id = users.insert(values)
db('delete from dz_members where userid=%s',
id) # make sure new users have no memberships
add_user(values['LOGINID'], 'users')
new_user = ZoomUser(username)
new_user.set_password(password)
msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>'
logger.activity(
'users',
msg % (user.id, user.username, new_user.id, new_user.username))
audit('created user account', new_user.username)
if values['SEND_INVITATION'] == True:
recipients = [values['EMAIL']]
tpl = load('welcome.md')
t = dict(
first_name=values['FIRST_NAME'],
username=username,
password=password,
site_name=site_name(),
site_url=site_url(),
admin_email='*****@*****.**',
owner_name=owner_name(),
)
body = markdown(viewfill(tpl, t.get))
subject = 'Welcome - ' + site_name()
send(recipients, subject, body)
message('invitation sent')
def insert(cls, form):
values = form.evaluate()
username = values['USERNAME'].lower()
password = gen_password()
values['FIRSTNAME'] = values['FIRST_NAME']
values['LASTNAME'] = values['LAST_NAME']
values['LOGINID'] = username
values['PASSWORD'] = ''
values['DTUPD'] = values['DTADD'] = datetime.datetime.now()
values['STATUS'] = 'A'
users = db.table('dz_users','USERID')
id = users.insert(values)
db('delete from dz_members where userid=%s', id) # make sure new users have no memberships
add_user(values['LOGINID'], 'users')
new_user = ZoomUser(username)
new_user.set_password(password)
msg = '<a href="/users/%s">%s</a> added new user <a href="/users/%s">%s</a>'
logger.activity('users', msg % (user.id, user.username, new_user.id, new_user.username))
audit('created user account', new_user.username)
if values['SEND_INVITATION'] == True:
recipients = [values['EMAIL']]
tpl = load('welcome.md')
t = dict(
first_name = values['FIRST_NAME'],
username = username,
password = password,
site_name = site_name(),
site_url = site_url(),
admin_email = '*****@*****.**',
owner_name = owner_name(),
)
body = markdown(viewfill(tpl, t.get))
subject = 'Welcome - ' + site_name()
send(recipients, subject, body)
message('invitation sent')
def test_user_authorize(self):
class MyObject(object):
def allows(self, user, action):
return action == 'read' or user.username == 'admin'
obj = MyObject()
user = OldUser('user1')
user.authorize('read', obj)
with self.assertRaises(UnauthorizedException):
user.authorize('edit', obj)
user = OldUser('admin')
user.authorize('read', obj)
user.authorize('edit', obj)
def show(self, id):
from zoom.user import User
from zoom.manager import manager
user = Users.get(id)
if user:
user_fields.update(user.__dict__)
edit_button = '<a id="edit-button" class=action href="/users/%s/edit">Edit</a>' % (
id)
password_button = '<a id="password-button" class=action href="/users/%s/password">Set Password</a>' % (
id)
deactivate_button = '<a id="deactiveate-button" class=action href="/users/%s/deactivate">Deactivate</a>' % (
id)
activate_button = '<a id=activate-button class=action href="/users/%s/activate">Activate</a>' % (
id)
delete_button = '<a id="delete-button" class=action href="/users/%s/delete">Delete</a>' % (
id)
if user.status == 'A':
actions = deactivate_button
status = ''
else:
actions = activate_button
status = (
'<div style="display:inline;padding-left:10px;font-size:0.8em;">(deactivated)</tab>'
)
actions = delete_button + actions + password_button + edit_button + '<div style="clear:both"></div>'
u = User(user['username'])
activity_data = db(
'select id, timestamp, route, status, address, elapsed, message from log where user=%s and timestamp>=%s order by timestamp desc limit 50',
user.username, today - 26 * one_week)
labels = 'id', 'When', 'Route', 'Status', 'Address', 'Elapsed', 'Message'
activity = browse([
(link_to(a[0], abs_url_for(
'/info/system-log', a[0])), '<span title="%s">%s</span>' %
(a[1], how_long_ago(a[1])), a[2], a[3], a[4], a[5], a[6][:40])
for a in activity_data
],
labels=labels)
auth_data = db(
'select * from audit_log where (subject1=%s or subject2=%s) and timestamp>=%s order by timestamp desc limit 20',
user.username, user.username, today - 26 * one_week)
labels = 'id', 'App', 'User', 'Activity', 'Subject1', 'Subject2', 'Timestamp'
auth_activity = browse([(a[0], a[1], a[2], a[3], a[4], a[5], a[6])
for a in auth_data],
labels=labels)
apps = [
a.name for a in manager.apps.values()
if a.name in (hasattr(u, 'apps') and u.apps or [])
]
page = Page(
'show',
dict(
id=id,
fields=user_fields.show(),
full_name=user.get_full_name(),
roles=' '.join([
link_to(g, '/groups/%s' % g)
for g in sorted(hasattr(u, 'roles') and u.roles or [])
]),
apps=' '.join(
[link_to(g, '/apps/%s' % g) for g in sorted(apps)]),
actions=actions,
status=status,
activity=activity,
auth_activity=auth_activity,
).get)
return page
def test_user_is_disabled(self):
user = OldUser('user1')
self.assertEqual(user.is_disabled, False)
user.status = 'D'
self.assertEqual(user.is_disabled, True)
