def editalias(self, aliasid):
"Edit alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = EditDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id == alias.domain_id)
if request.method == 'POST' and c.form.validate():
if update_if_changed(c.form, alias):
try:
edit_alias(alias, c.user, request.host,
request.remote_addr)
flash(_('The domain alias: %s has been updated') %
alias.name)
redirect(url('domain-detail', domainid=alias.domain_id))
except IntegrityError:
Session.rollback()
msg = _('The update failed')
flash_alert(msg)
log.info(msg)
else:
msg = _('No changes were made to the domain alias')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', domainid=alias.domain_id))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return self.render('/domains/editalias.html')
def edit_auth(self, authid):
"Edit auth server"
server = self._get_authserver(authid)
if not server:
abort(404)
c.form = AddAuthForm(request.POST, server, csrf_context=session)
if request.method == 'POST' and c.form.validate():
kwd = dict(domainid=server.domain_id)
if auth_update_if_changed(c.form, server):
try:
edit_auth(server, c.user, request.host,
request.remote_addr)
flash(_('The authentication settings have been updated'))
self.invalidate = 1
self._get_authserver(authid)
kwd['uc'] = 1
redirect(url('domain-detail', **kwd))
except IntegrityError:
Session.rollback()
msg = _('The authentication settings update failed')
flash_alert(msg)
log.info(msg)
else:
msg = _('No changes were made to the authentication settings')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', **kwd))
c.domainid = server.domains.id
c.domainname = server.domains.name
c.authid = authid
return self.render('/domains/editauth.html')
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = user_update_form(user, c.user, request.POST, session)
if request.method == 'POST' and c.form.validate():
kwd = dict(userid=user.id)
if update_changed(c.form, FORM_FIELDS, user):
try:
update_user(user, c.user, request.host,
request.remote_addr)
flash(_('The account has been updated'))
kwd['uc'] = 1
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active and
c.form.active.data is False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail', **kwd))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/edit.html')
def editdestination(self, destinationid):
"Edit destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST,
server,
csrf_context=session)
if request.method == 'POST' and c.form.validate():
kwd = dict(domainid=server.domain_id)
if update_if_changed(c.form, server):
try:
update_destination(server, c.user, request.host,
request.remote_addr)
self.invalidate = 1
self._get_server(destinationid)
kwd['uc'] = 1
flash(_('The destination server has been updated'))
redirect(url('domain-detail', **kwd))
except IntegrityError:
Session.rollback()
msg = _('The update failed')
flash_alert(msg)
log.info(msg)
else:
msg = _('No changes were made to the destination server')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', **kwd))
c.id = destinationid
c.domainid = server.domain_id
return self.render('/domains/editdestination.html')
def editalias(self, aliasid):
"Edit alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = EditDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id == alias.domain_id)
if request.method == 'POST' and c.form.validate():
if update_if_changed(c.form, alias):
try:
edit_alias(alias, c.user, request.host,
request.remote_addr)
flash(
_('The domain alias: %s has been updated') %
alias.name)
redirect(url('domain-detail', domainid=alias.domain_id))
except IntegrityError:
Session.rollback()
msg = _('The update failed')
flash_alert(msg)
log.info(msg)
else:
msg = _('No changes were made to the domain alias')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', domainid=alias.domain_id))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return self.render('/domains/editalias.html')
def editaddress(self, addressid):
"Edit address"
address = get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.method == 'POST' and c.form.validate():
try:
if (address.address != c.form.address.data
or address.enabled != c.form.enabled.data):
update_address(c.form, address, c.user, request.host,
request.remote_addr)
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
Session.rollback()
msg = _('The address %(addr)s already exists') % \
dict(addr=c.form.address.data)
flash_alert(msg)
log.info(msg)
except NoResultFound:
domain = c.form.address.data.split('@')[1]
msg = _('Domain: %(d)s does not belong to you') % \
dict(d=domain)
flash(msg)
log.info(msg)
redirect(
url(controller='accounts',
action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return self.render('/accounts/editaddress.html')
def edit_server(self, serverid):
"Edit scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
if (server.hostname != c.form.hostname.data or
server.enabled != c.form.enabled.data):
try:
server.hostname = c.form.hostname.data
server.enabled = c.form.enabled.data
Session.add(server)
Session.commit()
update_serial.delay()
info = HOSTUPDATE_MSG % dict(n=server.hostname)
audit_log(c.user.username,
2, info, request.host,
request.remote_addr, datetime.now())
flash(_('The scanning server has been updated'))
except IntegrityError:
Session.rollback()
flash(_('Update of server failed'))
else:
flash_info(_('No changes were made to the server'))
redirect(url(controller='settings'))
return render('/settings/editserver.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if request.POST and c.form.validate():
username = user.username
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username, 4, info, request.host,
request.remote_addr, now())
if userid == c.user.id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(
_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def edit(self, orgid):
"Edit an organization"
org = self._get_org(orgid)
if not org:
abort(404)
c.form = OrgForm(request.POST, org, csrf_context=session)
c.form.domains.query = Session.query(Domain)
c.form.admins.query = Session.query(User).filter(
User.account_type == 2)
c.id = org.id
if request.POST and c.form.validate():
updated = False
for field in c.form:
if (field.name != 'csrf_token' and
field.data != getattr(org, field.name)):
setattr(org, field.name, field.data)
updated = True
if updated:
try:
Session.add(org)
Session.commit()
info = UPDATEORG_MSG % dict(o=org.name)
audit_log(c.user.username,
2, info, request.host,
request.remote_addr, datetime.now())
flash(_('The organization has been updated'))
except IntegrityError:
Session.rollback()
flash(_('The organization could not be updated'))
else:
flash_info(_('No changes made, Organization not updated'))
redirect(url(controller='organizations'))
return render('/organizations/edit.html')
def editdestination(self, destinationid):
"Edit destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST,
server,
csrf_context=session)
if request.method == 'POST' and c.form.validate():
kwd = dict(domainid=server.domain_id)
if update_if_changed(c.form, server):
try:
update_destination(server, c.user, request.host,
request.remote_addr)
self.invalidate = 1
self._get_server(destinationid)
kwd['uc'] = 1
flash(_('The destination server has been updated'))
redirect(url('domain-detail', **kwd))
except IntegrityError:
Session.rollback()
msg = _('The update failed')
flash_alert(msg)
log.info(msg)
else:
msg = _('No changes were made to the destination server')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', **kwd))
c.id = destinationid
c.domainid = server.domain_id
return self.render('/domains/editdestination.html')
def edit_auth(self, authid):
"Edit auth server"
server = self._get_authserver(authid)
if not server:
abort(404)
c.form = AddAuthForm(request.POST, server, csrf_context=session)
if request.method == 'POST' and c.form.validate():
kwd = dict(domainid=server.domain_id)
if auth_update_if_changed(c.form, server):
try:
edit_auth(server, c.user, request.host,
request.remote_addr)
flash(_('The authentication settings have been updated'))
self.invalidate = 1
self._get_authserver(authid)
kwd['uc'] = 1
redirect(url('domain-detail', **kwd))
except IntegrityError:
Session.rollback()
msg = _('The authentication settings update failed')
flash_alert(msg)
log.info(msg)
else:
msg = _('No changes were made to the authentication settings')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', **kwd))
c.domainid = server.domains.id
c.domainname = server.domains.name
c.authid = authid
return self.render('/domains/editauth.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.id = domainid
c.form = domain_update_form(c.user, request.POST, domain,
get_organizations, session)
if request.method == 'POST' and c.form.validate():
kwd = dict(domainid=domain.id)
if domain_update_if_changed(c.form, domain):
try:
update_domain(domain, c.user, request.host,
request.remote_addr)
flash(_('The domain: %(dom)s has been updated') %
dict(dom=domain.name))
kwd['uc'] = 1
except IntegrityError:
Session.rollback()
msg = _('The domain %(dom)s could not be updated') % \
dict(dom=domain.name)
flash(msg)
log.info(msg)
else:
msg = _('No changes were made to the domain')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', **kwd))
return self.render('/domains/edit.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.id = domainid
c.form = domain_update_form(c.user, request.POST, domain,
get_organizations, session)
if request.method == 'POST' and c.form.validate():
kwd = dict(domainid=domain.id)
if domain_update_if_changed(c.form, domain):
try:
update_domain(domain, c.user, request.host,
request.remote_addr)
flash(
_('The domain: %(dom)s has been updated') %
dict(dom=domain.name))
kwd['uc'] = 1
except IntegrityError:
Session.rollback()
msg = _('The domain %(dom)s could not be updated') % \
dict(dom=domain.name)
flash(msg)
log.info(msg)
else:
msg = _('No changes were made to the domain')
flash_info(msg)
log.info(msg)
redirect(url('domain-detail', **kwd))
return self.render('/domains/edit.html')
def edit(self, orgid):
"Edit an organization"
org = get_org(orgid)
if not org:
abort(404)
c.id = org.id
c.form = org_add_form(request.POST, session, org)
if request.method == 'POST' and c.form.validate():
if update_if_changed(c.form, org):
try:
edit_org(org, c.user, request.host, request.remote_addr)
msg = _('The organization has been updated')
flash(msg)
log.info(msg)
except IntegrityError:
Session.rollback()
msg = _('The organization could not be updated')
flash(msg)
log.info(msg)
else:
msg = _('No changes made, Organization not updated')
flash_info(msg)
log.info(msg)
redirect(url(controller='organizations'))
return self.render('/organizations/edit.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.POST and c.form.validate():
username = user.username
user_id = unicode(user.id)
Session.delete(user)
Session.commit()
update_serial.delay()
flash(_('The account has been deleted'))
info = DELETEACCOUNT_MSG % dict(u=username)
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr, now())
if userid == user_id:
redirect(url('/logout'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/delete.html')
def edit(self, orgid):
"Edit an organization"
org = get_org(orgid)
if not org:
abort(404)
c.id = org.id
c.form = org_add_form(request.POST, session, org)
if request.method == 'POST' and c.form.validate():
if update_if_changed(c.form, org):
try:
edit_org(org, c.user, request.host, request.remote_addr)
msg = _('The organization has been updated')
flash(msg)
log.info(msg)
except IntegrityError:
Session.rollback()
msg = _('The organization could not be updated')
flash(msg)
log.info(msg)
else:
msg = _('No changes made, Organization not updated')
flash_info(msg)
log.info(msg)
redirect(url(controller='organizations'))
return self.render('/organizations/edit.html')
def edit(self, orgid):
"Edit an organization"
org = self._get_org(orgid)
if not org:
abort(404)
c.form = OrgForm(request.POST, org, csrf_context=session)
c.form.domains.query = Session.query(Domain)
c.form.admins.query = Session.query(User).filter(
User.account_type == 2)
c.id = org.id
if request.POST and c.form.validate():
updated = False
for field in c.form:
if (field.name != 'csrf_token'
and field.data != getattr(org, field.name)):
setattr(org, field.name, field.data)
updated = True
if updated:
try:
Session.add(org)
Session.commit()
info = UPDATEORG_MSG % dict(o=org.name)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, datetime.now())
flash(_('The organization has been updated'))
except IntegrityError:
Session.rollback()
flash(_('The organization could not be updated'))
else:
flash_info(_('No changes made, Organization not updated'))
redirect(url(controller='organizations'))
return render('/organizations/edit.html')
def editaddress(self, addressid):
"Edit address"
address = get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.method == 'POST' and c.form.validate():
try:
if (address.address != c.form.address.data or
address.enabled != c.form.enabled.data):
update_address(c.form, address, c.user,
request.host, request.remote_addr)
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
Session.rollback()
msg = _('The address %(addr)s already exists') % \
dict(addr=c.form.address.data)
flash_alert(msg)
log.info(msg)
except NoResultFound:
domain = c.form.address.data.split('@')[1]
msg = _('Domain: %(d)s does not belong to you') % \
dict(d=domain)
flash(msg)
log.info(msg)
redirect(url(controller='accounts', action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return self.render('/accounts/editaddress.html')
def editalias(self, aliasid):
"Edit alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = EditDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain).filter(Domain.id == alias.domain_id)
if request.POST and c.form.validate():
updated = False
for field in c.form:
if field.name != "csrf_token" and field.data != getattr(alias, field.name):
setattr(alias, field.name, field.data)
updated = True
if updated:
try:
Session.add(alias)
Session.commit()
update_serial.delay()
info = UPDATEDOMALIAS_MSG % dict(d=alias.name)
audit_log(c.user.username, 2, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain alias: %s has been updated") % alias.name)
redirect(url("domain-detail", domainid=alias.domain_id))
except IntegrityError:
Session.rollback()
flash_alert(_("The update failed"))
else:
flash_info(_("No changes were made to the domain alias"))
redirect(url("domain-detail", domainid=alias.domain_id))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render("/domains/editalias.html")
def editdestination(self, destinationid):
"Edit destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST, server, csrf_context=session)
if request.POST and c.form.validate():
updated = False
kw = dict(domainid=server.domain_id)
for field in c.form:
if field.name != "csrf_token" and field.data != getattr(server, field.name):
setattr(server, field.name, field.data)
updated = True
if updated:
try:
Session.add(server)
Session.commit()
flash(_("The destination server has been updated"))
info = UPDATEDELSVR_MSG % dict(d=server.domains.name, ds=server.address)
audit_log(c.user.username, 2, info, request.host, request.remote_addr, datetime.now())
self.invalidate = 1
self._get_server(destinationid)
redirect(url("domain-detail", **kw))
except IntegrityError:
Session.rollback()
flash_alert(_("The update failed"))
else:
flash_info(_("No changes were made to the destination server"))
redirect(url("domain-detail", **kw))
c.id = destinationid
c.domainid = server.domain_id
return render("/domains/editdestination.html")
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = user_update_form(user, c.user, request.POST, session)
if request.method == 'POST' and c.form.validate():
kwd = dict(userid=user.id)
if update_changed(c.form, FORM_FIELDS, user):
try:
update_user(user, c.user, request.host,
request.remote_addr)
flash(_('The account has been updated'))
kwd['uc'] = 1
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active
and c.form.active.data is False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail', **kwd))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/edit.html')
def edit_server(self, serverid):
"Edit scan server"
server = self._get_server(serverid)
if not server:
abort(404)
c.form = ServerForm(request.POST, server, csrf_context=session)
c.id = server.id
if request.POST and c.form.validate():
if (server.hostname != c.form.hostname.data
or server.enabled != c.form.enabled.data):
try:
server.hostname = c.form.hostname.data
server.enabled = c.form.enabled.data
Session.add(server)
Session.commit()
update_serial.delay()
info = HOSTUPDATE_MSG % dict(n=server.hostname)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(_('The scanning server has been updated'))
except IntegrityError:
Session.rollback()
flash(_('Update of server failed'))
else:
flash_info(_('No changes were made to the server'))
redirect(url(controller='settings'))
return render('/settings/editserver.html')
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if c.user.is_domain_admin:
c.form.domains.query = Session.query(Domain).join(dom_owns,
(oas, dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)
if user.account_type != 3 or c.user.is_peleb:
del c.form.domains
if c.user.is_peleb:
del c.form.username
del c.form.email
del c.form.active
if request.POST and c.form.validate():
update = False
kwd = dict(userid=userid)
for attr in FORM_FIELDS:
field = getattr(c.form, attr)
if field and field.data != getattr(user, attr):
setattr(user, attr, field.data)
update = True
if update:
try:
Session.add(user)
Session.commit()
update_serial.delay()
flash(_('The account has been updated'))
kwd['uc'] = 1
info = UPDATEACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active and
c.form.active.data == False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail',
**kwd))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/edit.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
if c.user.is_superadmin:
c.form.organizations.query_factory = self._get_organizations
else:
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
updated = False
kw = {'domainid': domain.id}
for field in c.form:
intfields = [
'spam_actions', 'highspam_actions', 'delivery_mode',
'report_every'
]
if (field.name in intfields
and int(field.data) == getattr(domain, field.name)):
continue
if (field.name != 'csrf_token'
and field.data != getattr(domain, field.name)):
setattr(domain, field.name, field.data)
updated = True
if updated:
try:
Session.add(domain)
Session.commit()
update_serial.delay()
info = UPDATEDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(
_('The domain: %(dom)s has been updated') %
dict(dom=domain.name))
kw['uc'] = 1
except IntegrityError:
Session.rollback()
flash(
_('The domain %(dom)s could not be updated') %
dict(dom=domain.name))
else:
flash_info(_('No changes were made to the domain'))
redirect(url('domain-detail', **kw))
return render('/domains/edit.html')
def editaddress(self, addressid):
"Edit address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
try:
if (address.address != c.form.address.data
or address.enabled != c.form.enabled.data):
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
address.address = c.form.address.data
address.enabled = c.form.enabled.data
Session.add(address)
Session.commit()
update_serial.delay()
info = ADDRUPDATE_MSG % dict(a=address.address,
ac=address.user.username)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
flash_alert(
_('The address %(addr)s already exists') %
dict(addr=c.form.address.data))
except NoResultFound:
flash(
_('Domain: %(d)s does not belong to you') % dict(d=domain))
redirect(
url(controller='accounts',
action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/editaddress.html')
def editaddress(self, addressid):
"Edit address"
address = self._get_address(addressid)
if not address:
abort(404)
c.form = AddressForm(request.POST, address, csrf_context=session)
if request.POST and c.form.validate():
try:
if (address.address != c.form.address.data or
address.enabled != c.form.enabled.data):
if c.user.is_domain_admin:
# check if they own the domain
domain = c.form.address.data.split('@')[1]
domain = Session.query(Domain).options(
joinedload('organizations')).join(
dom_owns, (oas,
dom_owns.c.organization_id ==
oas.c.organization_id))\
.filter(oas.c.user_id == c.user.id)\
.filter(Domain.name == domain).one()
address.address = c.form.address.data
address.enabled = c.form.enabled.data
Session.add(address)
Session.commit()
update_serial.delay()
info = ADDRUPDATE_MSG % dict(a=address.address,
ac=address.user.username)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
flash(_('The alias address has been updated'))
else:
flash_info(_('No changes were made to the address'))
except IntegrityError:
Session.rollback()
flash_alert(_('The address %(addr)s already exists') %
dict(addr=c.form.address.data))
except NoResultFound:
flash(_('Domain: %(d)s does not belong to you') %
dict(d=domain))
redirect(url(controller='accounts', action='detail',
userid=address.user_id))
c.id = addressid
c.userid = address.user_id
return render('/accounts/editaddress.html')
def edit(self, userid):
"""GET /accounts/edit/id: Form to edit an existing item"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
c.form.domains.query = Session.query(Domain)
if user.account_type != 3 or c.user.is_peleb:
del c.form.domains
if c.user.is_peleb:
del c.form.username
del c.form.email
del c.form.active
if request.POST and c.form.validate():
update = False
kwd = dict(userid=userid)
for attr in FORM_FIELDS:
field = getattr(c.form, attr)
if field and field.data != getattr(user, attr):
setattr(user, attr, field.data)
update = True
if update:
try:
Session.add(user)
Session.commit()
update_serial.delay()
flash(_('The account has been updated'))
kwd['uc'] = 1
info = UPDATEACCOUNT_MSG % dict(u=user.username)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
except IntegrityError:
Session.rollback()
flash_alert(
_('The account: %(acc)s could not be updated') %
dict(acc=user.username))
if (user.id == c.user.id and c.form.active
and c.form.active.data == False):
redirect(url('/logout'))
else:
flash_info(_('No changes made to the account'))
redirect(url(controller='accounts', action='detail', **kwd))
c.fields = FORM_FIELDS
c.id = userid
return render('/accounts/edit.html')
def edit_auth(self, authid):
"Edit auth server"
server = self._get_authserver(authid)
if not server:
abort(404)
c.form = AddAuthForm(request.POST, server, csrf_context=session)
#del c.form.protocol
if request.POST and c.form.validate():
updated = False
kw = dict(domainid=server.domain_id)
for field in c.form:
if field.name == 'protocol' or field.name == 'csrf_token':
continue
if (field.data != getattr(server, field.name)
and field.data != ''):
setattr(server, field.name, field.data)
updated = True
if (field.name == 'user_map_template' and
field.data != getattr(server, field.name)):
setattr(server, field.name, field.data)
updated = True
if updated:
try:
Session.add(server)
Session.commit()
flash(_('The authentication settings have been updated'))
self.invalidate = 1
self._get_authserver(authid)
info = UPDATEAUTHSVR_MSG % dict(d=server.domains.name,
ds=server.address)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
redirect(url('domain-detail', **kw))
except IntegrityError:
Session.rollback()
flash_alert(_('The authentication settings update failed'))
else:
flash_info(_('No changes were made to the '
'authentication settings'))
redirect(url('domain-detail', **kw))
c.domainid = server.domains.id
c.domainname = server.domains.name
c.authid = authid
return render('/domains/editauth.html')
def edit_auth(self, authid):
"Edit auth server"
server = self._get_authserver(authid)
if not server:
abort(404)
c.form = AddAuthForm(request.POST, server, csrf_context=session)
#del c.form.protocol
if request.POST and c.form.validate():
updated = False
kw = dict(domainid=server.domain_id)
for field in c.form:
if field.name == 'protocol' or field.name == 'csrf_token':
continue
if (field.data != getattr(server, field.name)
and field.data != ''):
setattr(server, field.name, field.data)
updated = True
if (field.name == 'user_map_template'
and field.data != getattr(server, field.name)):
setattr(server, field.name, field.data)
updated = True
if updated:
try:
Session.add(server)
Session.commit()
flash(_('The authentication settings have been updated'))
self.invalidate = 1
self._get_authserver(authid)
info = UPDATEAUTHSVR_MSG % dict(d=server.domains.name,
ds=server.address)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
redirect(url('domain-detail', **kw))
except IntegrityError:
Session.rollback()
flash_alert(_('The authentication settings update failed'))
else:
flash_info(
_('No changes were made to the '
'authentication settings'))
redirect(url('domain-detail', **kw))
c.domainid = server.domains.id
c.domainname = server.domains.name
c.authid = authid
return render('/domains/editauth.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = EditDomainForm(request.POST, domain, csrf_context=session)
if c.user.is_superadmin:
c.form.organizations.query_factory = self._get_organizations
else:
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
updated = False
kw = {'domainid': domain.id}
for field in c.form:
intfields = ['spam_actions', 'highspam_actions',
'delivery_mode', 'report_every']
if (field.name in intfields and
int(field.data) == getattr(domain, field.name)):
continue
if (field.name != 'csrf_token' and
field.data != getattr(domain, field.name)):
setattr(domain, field.name, field.data)
updated = True
if updated:
try:
Session.add(domain)
Session.commit()
update_serial.delay()
info = UPDATEDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr, now())
flash(_('The domain: %(dom)s has been updated') %
dict(dom=domain.name))
kw['uc'] = 1
except IntegrityError:
Session.rollback()
flash(_('The domain %(dom)s could not be updated') %
dict(dom=domain.name))
else:
flash_info(_('No changes were made to the domain'))
redirect(url('domain-detail', **kw))
return render('/domains/edit.html')
def new_server(self):
"Add scan server"
c.form = ServerForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
try:
server = Server(hostname=c.form.hostname.data,
enabled=c.form.enabled.data)
Session.add(server)
Session.commit()
info = HOSTADD_MSG % dict(n=server.hostname)
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
flash(_('The scanning server has been added'))
redirect(url(controller='settings'))
except IntegrityError:
Session.rollback()
flash_info(_('The server already exists'))
return render('/settings/addserver.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.method == 'POST':
if c.form.validate():
delete_user(user, c.user, request.host, request.remote_addr)
flash(_('The account has been deleted'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/delete.html')
def delete(self, userid):
"""/accounts/delete/id"""
user = self._get_user(userid)
if not user:
abort(404)
c.form = EditUserForm(request.POST, user, csrf_context=session)
del c.form.domains
if request.method == 'POST':
if c.form.validate():
delete_user(user, c.user, request.host, request.remote_addr)
flash(_('The account has been deleted'))
redirect(url(controller='accounts', action='index'))
else:
flash_info(
_('The account: %(a)s and all associated data'
' will be deleted, This action is not reversible.') %
dict(a=user.username))
c.fields = FORM_FIELDS
c.id = userid
return self.render('/accounts/delete.html')
def new_server(self):
"Add scan server"
c.form = ServerForm(request.POST, csrf_context=session)
if request.POST and c.form.validate():
try:
server = Server(
hostname=c.form.hostname.data,
enabled=c.form.enabled.data
)
Session.add(server)
Session.commit()
info = HOSTADD_MSG % dict(n=server.hostname)
audit_log(c.user.username,
3, info, request.host,
request.remote_addr, datetime.now())
flash(_('The scanning server has been added'))
redirect(url(controller='settings'))
except IntegrityError:
Session.rollback()
flash_info(_('The server already exists'))
return render('/settings/addserver.html')
def editalias(self, aliasid):
"Edit alias domain"
alias = self._get_alias(aliasid)
if not alias:
abort(404)
c.form = EditDomainAlias(request.POST, alias, csrf_context=session)
c.form.domain.query = Session.query(Domain)\
.filter(Domain.id==alias.domain_id)
if request.POST and c.form.validate():
updated = False
for field in c.form:
if (field.name != 'csrf_token'
and field.data != getattr(alias, field.name)):
setattr(alias, field.name, field.data)
updated = True
if updated:
try:
Session.add(alias)
Session.commit()
update_serial.delay()
info = UPDATEDOMALIAS_MSG % dict(d=alias.name)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
flash(
_('The domain alias: %s has been updated') %
alias.name)
redirect(url('domain-detail', domainid=alias.domain_id))
except IntegrityError:
Session.rollback()
flash_alert(_('The update failed'))
else:
flash_info(_('No changes were made to the domain alias'))
redirect(url('domain-detail', domainid=alias.domain_id))
c.aliasid = aliasid
c.domainid = alias.domain_id
c.domainname = alias.domain.name
return render('/domains/editalias.html')
def edit(self, domainid):
"Edit a domain"
domain = self._get_domain(domainid)
if not domain:
abort(404)
c.form = AddDomainForm(request.POST, domain, csrf_context=session)
if c.user.is_superadmin:
c.form.organizations.query_factory = self._get_organizations
else:
del c.form.organizations
c.id = domainid
if request.POST and c.form.validate():
updated = False
kw = {"domainid": domain.id}
for field in c.form:
intfields = ["spam_actions", "highspam_actions", "delivery_mode", "report_every"]
if field.name in intfields and int(field.data) == getattr(domain, field.name):
continue
if field.name != "csrf_token" and field.data != getattr(domain, field.name):
setattr(domain, field.name, field.data)
updated = True
if updated:
try:
Session.add(domain)
Session.commit()
update_serial.delay()
info = UPDATEDOMAIN_MSG % dict(d=domain.name)
audit_log(c.user.username, 2, info, request.host, request.remote_addr, datetime.now())
flash(_("The domain: %(dom)s has been updated") % dict(dom=domain.name))
kw["uc"] = 1
except IntegrityError:
Session.rollback()
flash(_("The domain %(dom)s could not be updated") % dict(dom=domain.name))
else:
flash_info(_("No changes were made to the domain"))
redirect(url("domain-detail", **kw))
return render("/domains/edit.html")
def editdestination(self, destinationid):
"Edit destination server"
server = self._get_server(destinationid)
if not server:
abort(404)
c.form = AddDeliveryServerForm(request.POST,
server,
csrf_context=session)
if request.POST and c.form.validate():
updated = False
kw = dict(domainid=server.domain_id)
for field in c.form:
if (field.name != 'csrf_token'
and field.data != getattr(server, field.name)):
setattr(server, field.name, field.data)
updated = True
if updated:
try:
Session.add(server)
Session.commit()
flash(_('The destination server has been updated'))
info = UPDATEDELSVR_MSG % dict(d=server.domains.name,
ds=server.address)
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
self.invalidate = 1
self._get_server(destinationid)
redirect(url('domain-detail', **kw))
except IntegrityError:
Session.rollback()
flash_alert(_('The update failed'))
else:
flash_info(_('No changes were made to the destination server'))
redirect(url('domain-detail', **kw))
c.id = destinationid
c.domainid = server.domain_id
return render('/domains/editdestination.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.method == 'POST':
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.method == 'POST' and c.form.validate():
for field in c.form:
if field.type == 'SelectMultipleField' or \
(field.data and not field.name == 'csrf_token'):
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if (field.type == 'SelectMultipleField' and
len(field.data) and field.data != field.default)\
or (field.type != 'SelectMultipleField' and
field.data != field.default):
check_field(field)
conf = ConfigSettings(
internal=internal,
external=external,
section=sectionid
)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = auditmsgs.HOSTSETTING_MSG % subs
audit_log(c.user.username,
3, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = auditmsgs.HOSTSETTING_MSG % subs
check_value = get_check_value(field.type, conf.value)
if check_value != field.data:
# stored value not equal to updated value
if (field.type == 'SelectMultipleField' and
len(field.data) and
field.data != field.default) or \
(field.type != 'SelectMultipleField' and
field.data != field.default):
# not a default, we can update
check_field(field)
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
audit_log(c.user.username,
2, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
else:
# is the default lets delete the stored value
Session.delete(conf)
Session.commit()
updated = True
audit_log(c.user.username,
4, unicode(info), request.host,
request.remote_addr,
arrow.utcnow().datetime)
if updated:
flash(_('%(settings)s updated') % dict(
settings=CONFIG_SECTIONS[int(sectionid)]))
create_ms_settings.apply_async(exchange=FANOUT_XCHG)
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
# redirect(url('settings-scanner', serverid=serverid))
elif request.method == 'POST' and not c.form.validate():
msg = _("Error detected, check the settings below")
flash_alert(msg)
log.info(msg)
return self.render('/settings/section.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.POST:
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.POST and c.form.validate():
for field in c.form:
if field.data and not field.name == 'csrf_token':
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub('', field.label.text)
internal = field.name
else:
external = CONFIG_RE.sub('', field.label.text)
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if field.data != field.default:
conf = ConfigSettings(
internal=internal,
external=external,
section=sectionid
)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username,
3, info, request.host,
request.remote_addr, datetime.now())
else:
if conf.value != field.data:
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username,
2, info, request.host,
request.remote_addr, datetime.now())
if updated:
flash(_('%(settings)s updated') % dict(
settings=CONFIG_SECTIONS[int(sectionid)]))
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
#redirect(url('settings-scanner', serverid=serverid))
return render('/settings/section.html')
def section(self, serverid=1, sectionid='1'):
"Settings section"
server = self._get_server(serverid)
if not server:
abort(404)
if not int(sectionid) in CONFIG_SECTIONS:
abort(404)
c.serverid = serverid
c.sectionid = sectionid
c.scanner = server
c.sections = CONFIG_SECTIONS
c.form = settings_forms[sectionid](request.POST, csrf_context=session)
if not request.POST:
for field in c.form:
if (sectionid == '1' and '_' in field.name
and not field.name == 'csrf_token'):
internal = global_settings_dict[field.name]
else:
internal = field.name
conf = self._get_setting(serverid, internal)
if conf:
attr = getattr(c.form, field.name)
attr.data = conf.value
updated = None
if request.POST and c.form.validate():
for field in c.form:
if field.data and not field.name == 'csrf_token':
if sectionid == '1':
if '_' in field.name:
external = global_settings_dict[field.name]
internal = external
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
else:
external = CONFIG_RE.sub(u'',
unicode(field.label.text))
internal = field.name
conf = self._get_setting(serverid, internal)
if conf is None:
if field.data != field.default:
conf = ConfigSettings(internal=internal,
external=external,
section=sectionid)
conf.value = field.data
conf.server = server
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username, 3, info, request.host,
request.remote_addr, now())
else:
if conf.value != field.data:
conf.value = field.data
updated = True
Session.add(conf)
Session.commit()
subs = dict(svr=conf.server.hostname,
s=external,
a=conf.value)
info = HOSTSETTING_MSG % subs
audit_log(c.user.username, 2, info, request.host,
request.remote_addr, now())
if updated:
flash(
_('%(settings)s updated') %
dict(settings=CONFIG_SECTIONS[int(sectionid)]))
update_serial.delay()
else:
flash_info(_('No configuration changes made'))
#redirect(url('settings-scanner', serverid=serverid))
return render('/settings/section.html')
