def user_not_permitted(self, group): """Check the user is permmited to approve/reject the user.""" sm = getSecurityManager() portal = getUtility(ISiteRoot) portal_membership = getToolByName(self, 'portal_membership') if sm.checkPermission(ManagePortal, portal): return False elif portal_membership.isAnonymousUser(): raise Unauthorized('You need to login to access this page.') current_user = portal_membership.getAuthenticatedMember() current_user_groups = current_user.getGroups() if not group: self.plone_utils.addPortalMessage( _(u'You do not have permission to do this.')) self.REQUEST.RESPONSE.redirect(self.absolute_url()) return True group_list = asList(group) for current_group in group_list: if current_group in current_user_groups: return False self.plone_utils.addPortalMessage( _(u'You do not have permission to do this.')) self.REQUEST.RESPONSE.redirect(self.absolute_url()) return True
def check_approval_group(self): """Check current approval group based on the request.""" request = self.REQUEST userid = request.form['userid'] sm = getSecurityManager() portal = getUtility(ISiteRoot) user = self.waiting_list.get(userid) if userid: user = self.waiting_list.get(userid) if user is None: self.plone_utils.addPortalMessage( _(u'This user has already been dealt with.')) elif sm.checkPermission(ManagePortal, portal): # show the current approval group current_username = user['username'] current_approval_group = user['approval_group'] messsage_string = _( u'Approval group for "%(username)s" is "%(approval)s"') % { 'username': current_username, 'approval': current_approval_group} self.plone_utils.addPortalMessage(messsage_string) else: self.plone_utils.addPortalMessage( _(u'You do not have permission to manage this user.')) request.RESPONSE.redirect(self.absolute_url())
def update_approval_group(self): """Fix wrong approval group based on the request.""" request = self.REQUEST userid = request.form['userid'] sm = getSecurityManager() portal = getUtility(ISiteRoot) if userid: user = self.waiting_list.get(userid) if user is None: self.plone_utils.addPortalMessage( _(u'This user has already been dealt with.')) elif sm.checkPermission(ManagePortal, portal): # Fix the wrong approval group current_approval_group = user['approval_group'] data_user_group = user['user_group'] new_approval_group = self.update_data_approval_group( data_user_group) user['approval_group'] = new_approval_group # commit a subtransaction, to save the changes transaction.get().commit() messsage_string = _(u'"%(current)s" updated to "%(new)s"') % { 'current': current_approval_group, 'new': new_approval_group} self.plone_utils.addPortalMessage(messsage_string) else: self.plone_utils.addPortalMessage( _(u'You do not have permission to manage this user.')) request.RESPONSE.redirect(self.absolute_url())
def get_status(self, user): """Return user status.""" if not user: return "" current_email = user.getProperty('email', '') status = _("Active") if current_email.startswith(self.disabled_email): status = _("Inactive") return status
def user_activate(self, user_id, request): """Activate user with user_id. Remove USERDISABLED<randomkey>[email protected] from email field. """ if not user_id: self.plone_utils.addPortalMessage( _(u'This user ID is not valid.')) return self.prepare_member_properties() portal_membership = getToolByName(self, 'portal_membership') portal_registration = getToolByName(self, 'portal_registration') user = portal_membership.getMemberById(user_id) if not user: self.plone_utils.addPortalMessage( _(u'This user does not exists.')) return try: current_user_id = "" if not portal_membership.isAnonymousUser(): current_user = portal_membership.getAuthenticatedMember() current_user_id = current_user.id current_time = datetime.now().strftime("%d %B %Y %I:%M %p") current_email = user.getProperty('email', '') if not current_email: # no email return if not current_email.startswith(self.disabled_email): # already active return split = current_email.find("_") if split < len(self.disabled_email): # assume not valid email, should not be the case return new_email = current_email[split+1:] # update user_last_updated_date and user_last_updated_by user.setMemberProperties({ 'email': new_email, 'last_updated_by': current_user_id, 'last_updated_date': current_time}) portal_registration.mailPassword(user.id, request) self.plone_utils.addPortalMessage( _(u"""This user is activated and reset password email is sent to the user.""")) except (AttributeError, ValueError) as err: logging.exception(err) return {FORM_ERROR_MARKER: err} return
def check_userid(self, data): """Make sure the user does not already exist or on the waiting list.""" if data['username'] in self.waiting_list.keys(): # user id is already on waiting list error_text = _( u"""The login name you selected is already in use.""") if self.getUsername_field(): return { FORM_ERROR_MARKER: _(u'You will need to signup again.'), 'username': error_text} else: return { FORM_ERROR_MARKER: _(u'You will need to signup again.'), 'email': error_text}
def user_deactivate(self, user_id): """Deactivate user with user_id. Add USERDISABLED<randomkey>[email protected] to email field. """ if not user_id: self.plone_utils.addPortalMessage( _(u'This user ID is not valid.')) return self.prepare_member_properties() portal_membership = getToolByName(self, 'portal_membership') user = portal_membership.getMemberById(user_id) if not user: self.plone_utils.addPortalMessage( _(u'This user does not exists.')) return try: current_user_id = "" if not portal_membership.isAnonymousUser(): current_user = portal_membership.getAuthenticatedMember() current_user_id = current_user.id current_time = datetime.now().strftime("%d %B %Y %I:%M %p") current_email = user.getProperty('email', '') if not current_email: # no email return if current_email.startswith(self.disabled_email): # already deactivate return new_email = self.disabled_email + self.id_generator() + "_" + \ current_email # update user_last_updated_date and user_last_updated_by user.setMemberProperties({ 'email': new_email, 'last_updated_by': current_user_id, 'last_updated_date': current_time}) passwd = self.id_generator(size=32) user.setSecurityProfile(password=passwd) self.plone_utils.addPortalMessage( _(u'This user is deactivated.')) except (AttributeError, ValueError) as err: logging.exception(err) return {FORM_ERROR_MARKER: err} return
def reject_user(self): """Reject the user based on the request.""" request = self.REQUEST # portal_registration = getToolByName(self, 'portal_registration') userid = request.form['userid'] user = self.waiting_list.get(userid) if user is None: self.plone_utils.addPortalMessage( _(u'This user has already been dealt with.')) elif self.user_not_permitted(user['approval_group']): self.plone_utils.addPortalMessage( _(u'You do not have permission to manage this user.')) else: user = self.waiting_list.pop(userid) self.send_reject_email(user) self.plone_utils.addPortalMessage(_(u'User has been rejected.')) request.RESPONSE.redirect(self.absolute_url())
def validate_password(self, data): """Validate password.""" errors = {} if not data['password']: errors['password'] = _(u'Please enter a password') if not data['password_verify']: errors['password_verify'] = _(u'Please enter a password') if errors: errors[FORM_ERROR_MARKER] = _(u'Please enter a password') return errors if data['password'] != data['password_verify']: errors[FORM_ERROR_MARKER] = _(u'The passwords do not match') errors['password'] = _(u'The passwords do not match') errors['password_verify'] = _(u'The passwords do not match') return errors registration = getToolByName(self, 'portal_registration') # This should ensure that the password is at least 5 chars long, but # if the user filling in the form has ManagePortal permission it is # ignored error_message = registration.testPasswordValidity(data['password']) if error_message: errors[FORM_ERROR_MARKER] = error_message errors['password'] = '******' errors['password_verify'] = ' ' return errors return None
def create_member(self, request, data, reset_password=False): """Create member.""" self.prepare_member_properties() portal_membership = getToolByName(self, 'portal_membership') portal_registration = getToolByName(self, 'portal_registration') portal_groups = getToolByName(self, 'portal_groups') username = data['username'] # TODO(ivanteoh): add switch to prevent groups being created on the fly user_group = data['user_group'] self.create_group(user_group) # need to recheck the member has not been created in the meantime member = portal_membership.getMemberById(username) if member is None: # need to also pass username in properties, otherwise the user # isn't found when setting the properties try: current_user_id = "" if not portal_membership.isAnonymousUser(): current_user = portal_membership.getAuthenticatedMember() current_user_id = current_user.id current_time = datetime.now().strftime("%d %B %Y %I:%M %p") member = portal_registration.addMember( username, data['password'], [], properties={'username': username, 'fullname': data['fullname'], 'email': data['email'], 'approved_by': current_user_id, 'approved_date': current_time}) except (AttributeError, ValueError) as err: logging.exception(err) return {FORM_ERROR_MARKER: err} portal_groups.addPrincipalToGroup(member.getUserName(), user_group) if reset_password: # send out reset password email portal_registration.mailPassword(username, request) else: return {FORM_ERROR_MARKER: _("This user already exists.")}
def update_member(self, request, user_id, user_fullname, current_group, new_group): """Update member with full name and / or group.""" # If we use custom member properties they must be initialized # before regtool is called self.prepare_member_properties() portal_membership = getToolByName(self, 'portal_membership') portal_registration = getToolByName(self, 'portal_registration') portal_groups = getToolByName(self, 'portal_groups') if not user_id: self.plone_utils.addPortalMessage( _(u'User ID is not valid.')) return user = portal_membership.getMemberById(user_id) if not user: self.plone_utils.addPortalMessage( _(u'This user does not exists.')) return if not new_group: self.plone_utils.addPortalMessage( _(u'User group is not valid.')) return new_user_group = portal_groups.getGroupById(new_group) if not new_user_group: self.plone_utils.addPortalMessage( _(u'This user group does not exists.')) return try: current_user_id = "" if not portal_membership.isAnonymousUser(): current_user = portal_membership.getAuthenticatedMember() current_user_id = current_user.id current_time = datetime.now().strftime("%d %B %Y %I:%M %p") # update user_last_updated_date and user_last_updated_by user.setMemberProperties({ 'fullname': user_fullname, 'last_updated_by': current_user_id, 'last_updated_date': current_time}) except (AttributeError, ValueError) as err: logging.exception(err) return {FORM_ERROR_MARKER: err} if current_group != new_group: try: portal_groups.removePrincipalFromGroup(user_id, current_group) except KeyError as err: error_string = _(u'Can not remove group: %s.') % err logging.exception(error_string) self.plone_utils.addPortalMessage(error_string) return try: portal_groups.addPrincipalToGroup(user_id, new_group) except KeyError as err: error_string = _(u'Can not add group: %s.') % err logging.exception(error_string) self.plone_utils.addPortalMessage(error_string) return return
def onSuccess(self, fields, REQUEST=None): # noqa C901 """Save form input.""" # get username and password portal_registration = getToolByName(self, 'portal_registration') data = {} for field in fields: field_name = field.fgField.getName() val = REQUEST.form.get(field_name, None) if field_name == self.full_name_field: data['fullname'] = val elif field_name == self.username_field: data['username'] = val elif field_name == self.email_field: data['email'] = val elif field_name == self.password_field: data['password'] = val elif field_name == self.password_verify_field: data['password_verify'] = val else: data[field_name] = val if 'email' not in data: return { FORM_ERROR_MARKER: _(u'Sign Up form is not setup properly.')} if 'username' not in data: data['username'] = data['email'] # TalesField needs variables to be available from the context, so # create a context and add them expression_context = getExprContext(self, self.aq_parent) for key in data.keys(): expression_context.setGlobal(key, REQUEST.form.get(key, None)) data['user_group'] = self.getUser_group_template( expression_context=expression_context, **data) # Split the manage_group_template into two: # manage_group and approval_group # manage_group_template can't use data argument any more # because it will use when form data is not available manage_group = self.getManage_group_template( expression_context=expression_context) is_manage_group_dict = isinstance(manage_group, dict) data['approval_group'] = "" if manage_group and is_manage_group_dict: for manager, user_list in manage_group.iteritems(): if '*' in user_list: data['approval_group'] = manager if data['user_group'] in user_list: data['approval_group'] = manager break if data['email'] is None or data['user_group'] == "": # SignUpAdapter did not setup properly return { FORM_ERROR_MARKER: _(u'Sign Up form is not setup properly.')} if not data['username']: data['username'] = data['email'] # force email and username to lowercase data['username'] = data['username'].lower() data['email'] = data['email'].lower() if not portal_registration.isValidEmail(data['email']): return { FORM_ERROR_MARKER: _(u'You will need to signup again.'), 'email': _(u'This is not a valid email address')} if not portal_registration.isMemberIdAllowed(data['username']): error_text = _(u"""The login name you selected is already in use or is not valid. Please choose another.""") if self.getUsername_field(): return { FORM_ERROR_MARKER: _(u'You will need to signup again.'), 'username': error_text} else: return { FORM_ERROR_MARKER: _(u'You will need to signup again.'), 'email': error_text} check_id = self.check_userid(data) if check_id: return check_id policy = self.getPolicy(data) if policy == 'auto': result = self.autoRegister(REQUEST, data) # Just return the result, this should either be None on success or # an error message return result email_from = getUtility(ISiteRoot).getProperty( 'email_from_address', '') if not portal_registration.isValidEmail(email_from): return {FORM_ERROR_MARKER: _(u'Portal email is not configured.')} if policy == 'email': result = self.emailRegister(REQUEST, data) return result if policy == 'approve': result = self.approvalRegister(data) return result # If we get here, then something went wrong return {FORM_ERROR_MARKER: _(u'The form is currently unavailable')}
from zope.component import getUtility from zope.interface import implements import logging import random import string import transaction SignUpAdapterSchema = FormAdapterSchema.copy() + atapi.Schema(( atapi.StringField( 'full_name_field', default='fullname', required=False, widget=atapi.StringWidget( label=_(u'label_full_name', default=u'Full Name Field'), # noqa H702 description=_( u'help_full_name_field', default=u"""Enter the id of the field that will be used for the user's full name."""), ), ), atapi.StringField( 'username_field', required=False, widget=atapi.StringWidget( label=_(u'label_username', default=u'Username Field'), description=_( u'help_username_field', default=u"""Enter the id of the field that will be used for the