def display(username):
"Display the given user."
user = get_user(username=username)
if user is None:
return utils.error("No such user.")
if not am_admin_or_self(user):
return utils.error("Access not allowed.")
return flask.render_template("user/display.html", user=user)
def disable(username):
"Disable the given user account."
user = get_user(username=username)
if user is None:
return utils.error("No such user.")
if user["username"] == flask.g.current_user["username"]:
return utils.error("You cannot disable yourself.")
with UserSaver(user) as saver:
saver.set_status(constants.DISABLED)
utils.get_logger().info(f"disabled user {username}")
return flask.redirect(flask.url_for(".display", username=username))
def logs(username):
"Display the log records of the given user."
user = get_user(username=username)
if user is None:
return utils.error("No such user.")
if not am_admin_or_self(user):
return utils.error("Access not allowed.")
return flask.render_template("logs.html",
title=f"User {user['username']}",
cancel_url=flask.url_for(
".display", username=user["username"]),
logs=utils.get_logs(user["iuid"]))
def edit(username):
"Edit the user display. Or delete the user."
user = get_user(username=username)
if user is None:
return utils.error("No such user.")
if not am_admin_or_self(user):
return utils.error("Access not allowed.")
if utils.http_GET():
deletable = am_admin_and_not_self(user) and user["blobs_count"] == 0
return flask.render_template("user/edit.html",
user=user,
change_role=am_admin_and_not_self(user),
deletable=deletable)
elif utils.http_POST():
with UserSaver(user) as saver:
if flask.g.am_admin:
email = flask.request.form.get("email")
if email != user["email"]:
saver.set_email(email)
try:
quota = flask.request.form.get('quota') or None
if quota:
quota = int(quota)
if quota < 0: raise ValueError
except (ValueError, TypeError):
pass
else:
saver.set_quota(quota)
if am_admin_and_not_self(user):
saver.set_role(flask.request.form.get("role"))
if flask.request.form.get("accesskey"):
saver.set_accesskey()
return flask.redirect(
flask.url_for(".display", username=user["username"]))
elif utils.http_DELETE():
if user["blobs_count"] != 0:
return utils.error("Cannot delete non-empty user account.")
with flask.g.db:
flask.g.db.execute("DELETE FROM logs WHERE iuid=?",
(user["iuid"], ))
flask.g.db.execute(
"DELETE FROM users "
" WHERE username=? COLLATE NOCASE", (username, ))
utils.flash_message(f"Deleted user {username}.")
utils.get_logger().info(f"deleted user {username}")
if flask.g.am_admin:
return flask.redirect(flask.url_for(".all"))
else:
return flask.redirect(flask.url_for("home"))
def password():
"Set the password for a user account, and login user."
if utils.http_GET():
return flask.render_template(
"user/password.html", username=flask.request.args.get("username"))
elif utils.http_POST():
try:
try:
username = flask.request.form.get("username") or ""
if not username: raise ValueError
user = get_user(username=username)
if user is None: raise ValueError
if am_admin_and_not_self(user):
pass # No check for current password.
else:
password = flask.request.form.get("current_password") or ""
if not check_password_hash(user["password"], password):
raise ValueError
except ValueError:
raise ValueError("No such user or wrong password.")
password = flask.request.form.get("password")
if password != flask.request.form.get("confirm_password"):
raise ValueError("Wrong password entered; confirm failed.")
except ValueError as error:
return utils.error(error, flask.url_for(".password"))
with UserSaver(user) as saver:
saver.set_password(password)
utils.get_logger().info(f"password user {user['username']}")
if not flask.g.current_user:
do_login(username, password)
return flask.redirect(flask.url_for("home"))
def rename(filename):
data = get_blob_data(filename)
if not data:
return utils.error("No such blob.")
if not allow_update(data):
return utils.error("You may not rename the blob.")
if utils.http_GET():
return flask.render_template("blob/rename.html", data=data)
elif utils.http_POST():
try:
with BlobSaver(data) as saver:
saver.rename(flask.request.form.get("filename"))
except ValueError as error:
return utils.error(error)
return flask.redirect(
flask.url_for("blob.info", filename=saver["filename"]))
def logs(filename):
"Display the log records of the given blob."
data = get_blob_data(filename)
if not data:
return utils.error("No such blob.")
return flask.render_template("logs.html",
title=f"Blob {data['filename']}",
cancel_url=flask.url_for(
".info", filename=data["filename"]),
logs=utils.get_logs(data["iuid"]))
def info(filename):
"Display the information about the blob."
data = get_blob_data(filename)
if not data:
return utils.error("No such blob.")
return flask.render_template("blob/info.html",
data=data,
allow_update=allow_update(data),
allow_delete=allow_delete(data),
commands=get_commands(data))
def user(username):
"List of all blobs for the given user."
user = blobserver.user.get_user(username)
if user is None:
return utils.error("No such user.")
cursor = flask.g.db.cursor()
rows = cursor.execute("SELECT * FROM blobs WHERE username=?", (username, ))
blobs = [dict(zip(row.keys(), row)) for row in rows]
return flask.render_template("blobs/user.html",
user=user,
blobs=blobs,
commands=get_commands())
def upload():
"Upload a new blob."
if utils.http_GET():
return flask.render_template("blob/upload.html")
elif utils.http_POST():
infile = flask.request.files.get("file")
if not infile:
return utils.error("No file provided.")
if get_blob_data(infile.filename):
return utils.error("Blob already exists; do update instead.")
try:
with BlobSaver() as saver:
saver["filename"] = infile.filename
saver["description"] = flask.request.form.get("description")
saver["username"] = flask.g.current_user["username"]
saver.set_content(infile.read())
except ValueError as error:
return utils.error(error)
return flask.redirect(
flask.url_for("blob.info", filename=saver["filename"]))
def update(filename):
"Update the content and/or the description of a blob."
data = get_blob_data(filename)
if not data:
return utils.error("No such blob.")
if not allow_update(data):
return utils.error("You may not update the blob.")
if utils.http_GET():
return flask.render_template("blob/update.html", data=data)
elif utils.http_POST():
try:
with BlobSaver(data) as saver:
saver["description"] = flask.request.form.get("description")
infile = flask.request.files.get("file")
if infile:
saver.set_content(infile.read())
except ValueError as error:
return utils.error(error)
return flask.redirect(
flask.url_for("blob.info", filename=saver["filename"]))
def copy(filename):
data = get_blob_data(filename)
if not data:
return utils.error("No such blob.")
if utils.http_GET():
return flask.render_template("blob/copy.html", data=data)
elif utils.http_POST():
filepath = os.path.join(flask.current_app.config['STORAGE_DIRPATH'],
data["filename"])
try:
with open(filepath, "rb") as infile:
content = infile.read()
with BlobSaver() as saver:
saver["filename"] = flask.request.form.get("filename")
saver["description"] = flask.request.form.get("description")
saver["username"] = flask.g.current_user["username"]
saver.set_content(content)
except ValueError as error:
return utils.error(error)
return flask.redirect(
flask.url_for("blob.info", filename=saver["filename"]))
def register():
"Register a new user account."
if utils.http_GET():
return flask.render_template("user/register.html")
elif utils.http_POST():
try:
with UserSaver() as saver:
saver.set_username(flask.request.form.get("username"))
saver.set_email(flask.request.form.get("email"))
saver.set_role(constants.USER)
saver.set_quota(flask.current_app.config["DEFAULT_QUOTA"])
password = flask.request.form.get("password")
confirm = flask.request.form.get("confirm_password")
if password != confirm:
raise ValueError("Password confirmation failed.")
saver.set_password(password)
saver.set_status(constants.ENABLED)
user = saver.doc
except ValueError as error:
return utils.error(error)
utils.get_logger().info(f"registered user {user['username']}")
return flask.redirect(flask.url_for("home"))
def login():
"""Login to a user account.
Creates the admin user specified in the settings.json, if not done.
"""
if utils.http_GET():
return flask.render_template("user/login.html",
next=flask.request.args.get("next"))
elif utils.http_POST():
username = flask.request.form.get("username")
password = flask.request.form.get("password")
try:
if username and password:
do_login(username, password)
else:
raise ValueError
try:
next = flask.request.form["next"]
except KeyError:
return flask.redirect(flask.url_for("home"))
else:
return flask.redirect(next)
except ValueError:
return utils.error(
"Invalid user or password, or account disabled.")