def permission_create(request):
_ = get_localizer(request)
permission_model = PermissionModel(request.db_session)
factory = FormFactory(_)
PermissionCreateForm = factory.make_permission_create_form()
form = PermissionCreateForm(request.params)
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
permission_name = request.params['permission_name']
description = request.params['description']
by_name = permission_model.get_by_name(permission_name)
if by_name is not None:
msg = _(u'Permission name %s already exists') % permission_name
form.permission_name.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
permission_model.create(
permission_name=permission_name,
description=description,
)
msg = _(u"Permission ${permission_name} has been created",
mapping=dict(permission_name=permission_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('admin.permission_list'))
return dict(form=form)
def test_check_csrf_token(self):
from pyramid.httpexceptions import HTTPBadRequest
from ez2pay.utils import check_csrf_token
mock_session = (
flexmock()
.should_receive('get_csrf_token')
.replace_with(lambda: 'MOCK_CSRF_TOKEN')
.twice()
.mock()
)
mock_request = flexmock(
session=mock_session,
params=dict(csrf_token='MOCK_CSRF_TOKEN')
)
check_csrf_token(mock_request)
mock_request = flexmock(
session=mock_session,
params=dict(csrf_token='BAD_TOKEN')
)
with self.assertRaises(HTTPBadRequest):
check_csrf_token(mock_request)
def payment(request):
# TODO: get the form record from database and determine which account
# for processing the payment, and what kind of limitation we have here
_ = get_localizer(request)
factory = FormFactory(_)
PaymentForm = factory.make_payment_form()
form = PaymentForm()
if request.method == 'POST':
check_csrf_token(request)
# TODO: tokenlize the card
payment_uri = request.params['payment_uri']
print '#'*10, payment_uri
balanced.configure('ef13dce2093b11e388de026ba7d31e6f')
customer = balanced.Customer()
customer.save()
customer.add_card(payment_uri)
customer.debit(
amount=12345,
source_uri=payment_uri,
description='Payment made via EZ2Pay for XXX',
)
return dict(form=form, processed=True)
# TODO: call the balanced API, charge the card
return dict(form=form, processed=False)
def user_create(request):
_ = get_localizer(request)
user_model = UserModel(request.db_session)
group_model = GroupModel(request.db_session)
factory = FormFactory(_)
UserCreateForm = factory.make_user_create_form()
form = UserCreateForm(request.params)
groups = group_model.get_list()
form.groups.choices = [
(str(g.group_id), '%s - %s' % (g.group_name, g.display_name))
for g in groups
]
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
user_name = request.params['user_name']
display_name = request.params['display_name']
password = request.params['password']
email = request.params['email']
groups = request.params.getall('groups')
by_name = user_model.get_by_name(user_name)
if by_name is not None:
msg = _(u'Username %s already exists') % user_name
form.user_name.errors.append(msg)
validate_result = False
by_email = user_model.get_by_email(email)
if by_email is not None:
msg = _(u'Email %s already exists') % email
form.email.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
user_id = user_model.create(
user_name=user_name,
display_name=display_name,
password=password,
email=email,
)
user_model.update_groups(user_id, map(int, groups))
msg = _(u"User ${user_name} has been created",
mapping=dict(user_name=user_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('admin.user_list'))
return dict(form=form)
def permission_edit(request):
_ = get_localizer(request)
permission_model = PermissionModel(request.db_session)
permission_name = request.matchdict['permission_name']
permission = permission_model.get_by_name(permission_name)
if permission is None:
msg = _(u'Permission %s does not exist') % permission_name
return HTTPNotFound(msg)
factory = FormFactory(_)
PermissionEditForm = factory.make_permission_edit_form()
form = PermissionEditForm(request.params, permission)
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
permission_name = request.params['permission_name']
description = request.params['description']
by_name = permission_model.get_by_name(permission_name)
if (
by_name is not None and
permission_name != permission.permission_name
):
msg = _(u'Permission name %s already exists') % permission_name
form.permission_name.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
permission_model.update_permission(
permission_id=permission.permission_id,
permission_name=permission_name,
description=description,
)
msg = _(u"Permission ${permission_name} has been updated",
mapping=dict(permission_name=permission_name))
request.add_flash(msg, 'success')
url = request.route_url('admin.permission_edit',
permission_name=permission_name)
return HTTPFound(location=url)
return dict(form=form, permission=permission)
def group_create(request):
_ = get_localizer(request)
group_model = GroupModel(request.db_session)
permission_model = PermissionModel(request.db_session)
factory = FormFactory(_)
GroupCreateForm = factory.make_group_create_form()
form = GroupCreateForm(request.params)
permissions = permission_model.get_list()
form.permissions.choices = [
(str(p.permission_id), p.permission_name)
for p in permissions
]
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
group_name = request.params['group_name']
display_name = request.params['display_name']
permissions = request.params.getall('permissions')
by_name = group_model.get_by_name(group_name)
if by_name is not None:
msg = _(u'Group name %s already exists') % group_name
form.group_name.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
group_id = group_model.create(
group_name=group_name,
display_name=display_name,
)
group_model.update_permissions(
group_id=group_id,
permission_ids=permissions,
)
msg = _(u"Group ${group_name} has been created",
mapping=dict(group_name=group_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('admin.group_list'))
return dict(form=form)
def user_edit(request):
_ = get_localizer(request)
user_model = UserModel(request.db_session)
group_model = GroupModel(request.db_session)
user_name = request.matchdict['user_name']
user = user_model.get_by_name(user_name)
if user is None:
msg = _(u'User %s does not exists') % user_name
return HTTPNotFound(msg)
user_groups = [str(g.group_id) for g in user.groups]
factory = FormFactory(_)
UserEditForm = factory.make_user_edit_form()
form = UserEditForm(
request.params,
display_name=user.display_name,
email=user.email,
groups=user_groups
)
groups = group_model.get_list()
form.groups.choices = [
(str(g.group_id), '%s - %s' % (g.group_name, g.display_name), )
for g in groups
]
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
display_name = request.params['display_name']
password = request.params['password']
email = request.params['email']
groups = request.params.getall('groups')
by_email = user_model.get_by_email(email)
if by_email is not None and email != user.email:
msg = _(u'Email %s already exists') % email
form.email.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
user_model.update_user(
user_id=user.user_id,
display_name=display_name,
email=email,
)
if password:
user_model.update_password(user.user_id, password)
user_model.update_groups(user.user_id, map(int, groups))
msg = _(u"User ${user_name} has been updated",
mapping=dict(user_name=user_name))
request.add_flash(msg, 'success')
url = request.route_url('admin.user_edit',
user_name=user.user_name)
return HTTPFound(location=url)
return dict(form=form, user=user)
def register(request):
_ = get_localizer(request)
settings = request.registry.settings
user_model = UserModel(request.db_session)
factory = FormFactory(_)
RegisterForm = factory.make_register_form()
form = RegisterForm(request.params)
if request.method == 'POST':
check_csrf_token(request)
validate_result = form.validate()
user_name = request.params['user_name']
password = request.params['password']
email = request.params['email']
black_domain = set(settings.get('email_black_domain_list', []))
domain = email.split('@')[-1].lower()
if domain in black_domain:
msg = _(u'Invalid email address')
form.email.errors.append(msg)
validate_result = False
by_name = user_model.get_by_name(user_name)
if by_name is not None:
msg = _(u'Username %s already exists') % user_name
form.user_name.errors.append(msg)
validate_result = False
by_email = user_model.get_by_email(email)
if by_email is not None:
msg = _(u'Email %s already exists') % email
form.email.errors.append(msg)
validate_result = False
if validate_result:
with transaction.manager:
user_id = user_model.create(
user_name=user_name,
display_name=user_name,
password=password,
email=email,
)
auth_secret_key = settings['auth_secret_key']
code = user_model.get_verification_code(
user_id=user_id,
verify_type='create_user',
secret=auth_secret_key
)
link = request.route_url(
'account.activate',
user_name=user_name,
code=code
)
params = dict(link=link, user_name=user_name)
html = render_mail(
request,
'ez2pay:templates/mails/register_link.genshi',
params
)
subject = _('ez2pay account activation')
send_mail(
request=request,
subject=subject,
to_addresses=[email],
format='html',
body=html
)
msg = _(u"User ${user_name} has been registered",
mapping=dict(user_name=user_name))
request.add_flash(msg, 'success')
return HTTPFound(location=request.route_url('account.check_mailbox'))
return dict(form=form)