def metadata(self, req, form): """ Display Metadata file upload form """ argd = wash_urlargd( form, { 'filetype': (str, ""), 'mode': (str, ""), 'submit_date': (str, "yyyy-mm-dd"), 'submit_time': (str, "hh:mm:ss"), 'email_logs_to': (str, None) }) _ = gettext_set_language(argd['ln']) not_authorized = user_authorization(req, argd['ln']) if not_authorized: return not_authorized uid = getUid(req) if argd['email_logs_to'] is None: argd['email_logs_to'] = get_email(uid) body = batchuploader_templates.tmpl_display_menu(argd['ln'], ref="metadata") body += batchuploader_templates.tmpl_display_web_metaupload_form( argd['ln'], argd['filetype'], argd['mode'], argd['submit_date'], argd['submit_time'], argd['email_logs_to']) title = _("Metadata batch upload") return page(title=title, body=body, metaheaderadd=batchuploader_templates.tmpl_styles(), uid=uid, lastupdated=__lastupdated__, req=req, language=argd['ln'], navmenuid="batchuploader")
def get_new_ticket_RT_info(uid, recId): response = {} response["resultCode"] = 0 if BIBCATALOG_SYSTEM is None: response["description"] = "<!--No ticket system configured-->" elif BIBCATALOG_SYSTEM and uid: bibcat_resp = BIBCATALOG_SYSTEM.check_system(uid) if bibcat_resp == "": # add available owners users = [] users_list = list_registered_users() for user_tuple in users_list: try: user = {"username": get_user_preferences(user_tuple[0])["bibcatalog_username"], "id": user_tuple[0]} except KeyError: continue users.append(user) response["users"] = users # add available queues response["queues"] = BIBCATALOG_SYSTEM.get_queues(uid) # add user email response["email"] = get_email(uid) # TODO try catch response["ticketTemplates"] = load_ticket_templates(recId) response["resultCode"] = 1 else: # put something in the tickets container, for debug response["description"] = "Error connecting to RT<!--" + bibcat_resp + "-->" return response
def metadata(self, req, form): """ Display Metadata file upload form """ argd = wash_urlargd(form, { 'filetype': (str, ""), 'mode': (str, ""), 'submit_date': (str, "yyyy-mm-dd"), 'submit_time': (str, "hh:mm:ss"), 'email_logs_to': (str, None)}) _ = gettext_set_language(argd['ln']) not_authorized = user_authorization(req, argd['ln']) if not_authorized: return not_authorized uid = getUid(req) if argd['email_logs_to'] is None: argd['email_logs_to'] = get_email(uid) body = batchuploader_templates.tmpl_display_menu(argd['ln'], ref="metadata") body += batchuploader_templates.tmpl_display_web_metaupload_form(argd['ln'], argd['filetype'], argd['mode'], argd['submit_date'], argd['submit_time'], argd['email_logs_to']) title = _("Metadata batch upload") return page(title = title, body = body, metaheaderadd = batchuploader_templates.tmpl_styles(), uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "batchuploader")
def get_new_ticket_RT_info(uid, recId): response = {} response['resultCode'] = 0 if BIBCATALOG_SYSTEM is None: response['description'] = "<!--No ticket system configured-->" elif BIBCATALOG_SYSTEM and uid: bibcat_resp = BIBCATALOG_SYSTEM.check_system(uid) if bibcat_resp == "": # add available owners users = [] users_list = list_registered_users() for user_tuple in users_list: try: user = {'username': get_user_preferences(user_tuple[0])['bibcatalog_username'], 'id': user_tuple[0]} except KeyError: continue users.append(user) response['users'] = users # add available queues response['queues'] = BIBCATALOG_SYSTEM.get_queues(uid) # add user email response['email'] = get_email(uid) # TODO try catch response['ticketTemplates'] = load_ticket_templates(recId) response['resultCode'] = 1 else: # put something in the tickets container, for debug response['description'] = "Error connecting to RT<!--" + bibcat_resp + "-->" return response
def edit(self, req, form): args = wash_urlargd(form, {"verbose" : (int, 0)}) uid = webuser.getUid(req) # load the right message language _ = gettext_set_language(args['ln']) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return webuser.page_not_authorized(req, "../youraccount/edit", navmenuid='youraccount') if webuser.isGuestUser(uid): return webuser.page_not_authorized(req, "../youraccount/edit", text=_("This functionality is forbidden to guest users."), navmenuid='youraccount') body = '' user_info = webuser.collect_user_info(req) if args['verbose'] == 9: keys = user_info.keys() keys.sort() for key in keys: body += "<b>%s</b>:%s<br />" % (key, user_info[key]) # set CSRF token: csrf_token, dummy_csrf_token_time = webuser.regenerate_csrf_token_if_needed(req) #check if the user should see bibcatalog user name / passwd in the settings can_config_bibcatalog = (acc_authorize_action(user_info, 'runbibedit')[0] == 0) can_config_profiling = (acc_authorize_action(user_info, 'profiling')[0] == 0) return page(title= _("Your Settings"), body=body+webaccount.perform_set(webuser.get_email(uid), args['ln'], can_config_bibcatalog, can_config_profiling, verbose=args['verbose'], csrf_token=csrf_token), navtrail="""<a class="navtrail" href="%s/youraccount/display?ln=%s">""" % (CFG_SITE_SECURE_URL, args['ln']) + _("Your Account") + """</a>""", description=_("%(x_name)s Personalize, Your Settings", x_name=CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), keywords=_("%(x_name)s, personalize", x_name=CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), uid=uid, req=req, secure_page_p = 1, language=args['ln'], lastupdated='', navmenuid='youraccount')
def record_locked_by_user_details(recid, uid): """ Get the details about the user that has locked a record and the time the record has been locked. @return: user details and time when record was locked @rtype: tuple """ active_uids = uids_with_active_caches(recid) try: active_uids.remove(uid) except ValueError: pass record_blocked_by_nickname = record_blocked_by_email = locked_since = "" if active_uids: record_blocked_by_uid = active_uids[0] record_blocked_by_nickname = get_user_info(record_blocked_by_uid)[1] record_blocked_by_email = get_email(record_blocked_by_uid) locked_since = get_record_locked_since(recid, record_blocked_by_uid) return record_blocked_by_nickname, record_blocked_by_email, locked_since
def documents(self, req, form): """ Display document upload form """ argd = wash_urlargd(form, { }) _ = gettext_set_language(argd['ln']) not_authorized = user_authorization(req, argd['ln']) if not_authorized: return not_authorized uid = getUid(req) email_logs_to = get_email(uid) body = batchuploader_templates.tmpl_display_menu(argd['ln'], ref="documents") body += batchuploader_templates.tmpl_display_web_docupload_form(argd['ln'], email_logs_to=email_logs_to) title = _("Document batch upload") return page(title = title, body = body, metaheaderadd = batchuploader_templates.tmpl_styles(), uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "batchuploader")
def documents(self, req, form): """ Display document upload form """ argd = wash_urlargd(form, {}) _ = gettext_set_language(argd['ln']) not_authorized = user_authorization(req, argd['ln']) if not_authorized: return not_authorized uid = getUid(req) email_logs_to = get_email(uid) body = batchuploader_templates.tmpl_display_menu(argd['ln'], ref="documents") body += batchuploader_templates.tmpl_display_web_docupload_form( argd['ln'], email_logs_to=email_logs_to) title = _("Document batch upload") return page(title=title, body=body, metaheaderadd=batchuploader_templates.tmpl_styles(), uid=uid, lastupdated=__lastupdated__, req=req, language=argd['ln'], navmenuid="batchuploader")
def index(req, c=CFG_SITE_NAME, ln=CFG_SITE_LANG, order="", doctype="", deletedId="", deletedAction="", deletedDoctype=""): global uid ln = wash_language(ln) # load the right message language _ = gettext_set_language(ln) t = "" # get user ID: try: uid = getUid(req) (auth_code, auth_message) = acc_authorize_action(uid, 'submit') if auth_code > 0 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../yoursubmissions.py/index", navmenuid='yoursubmissions', text=auth_message) u_email = get_email(uid) except Error as e: return error_page(str(e), req, ln=ln) if deletedId != "": t += deleteSubmission(deletedId, deletedAction, deletedDoctype, u_email) # doctypes res = run_sql("select ldocname,sdocname from sbmDOCTYPE order by ldocname") doctypes = [] for row in res: doctypes.append({ 'id': row[1], 'name': row[0], 'selected': (doctype == row[1]), }) # submissions # request order default value reqorder = "sbmSUBMISSIONS.md DESC, lactname" # requested value if order == "actiondown": reqorder = "lactname ASC, sbmSUBMISSIONS.md DESC" elif order == "actionup": reqorder = "lactname DESC, sbmSUBMISSIONS.md DESC" elif order == "refdown": reqorder = "reference ASC, sbmSUBMISSIONS.md DESC, lactname DESC" elif order == "refup": reqorder = "reference DESC, sbmSUBMISSIONS.md DESC, lactname DESC" elif order == "cddown": reqorder = "sbmSUBMISSIONS.cd DESC, lactname" elif order == "cdup": reqorder = "sbmSUBMISSIONS.cd ASC, lactname" elif order == "mddown": reqorder = "sbmSUBMISSIONS.md DESC, lactname" elif order == "mdup": reqorder = "sbmSUBMISSIONS.md ASC, lactname" elif order == "statusdown": reqorder = "sbmSUBMISSIONS.status DESC, lactname" elif order == "statusup": reqorder = "sbmSUBMISSIONS.status ASC, lactname" if doctype != "": docselect = " and doctype='%s' " % doctype else: docselect = "" res = run_sql( "SELECT sbmSUBMISSIONS.* FROM sbmSUBMISSIONS,sbmACTION WHERE sactname=action and email=%s and id!='' " + docselect + " ORDER BY doctype," + reqorder, (u_email, )) currentdoctype = "" currentaction = "" currentstatus = "" submissions = [] for row in res: if currentdoctype != row[1]: currentdoctype = row[1] currentaction = "" currentstatus = "" res2 = run_sql( "SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (currentdoctype, )) if res2: ldocname = res2[0][0] else: ldocname = """***Unknown Document Type - (%s)""" % ( currentdoctype, ) if currentaction != row[2]: currentaction = row[2] res2 = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (currentaction, )) if res2: lactname = res2[0][0] else: lactname = "\"" else: lactname = "\"" if currentstatus != row[3]: currentstatus = row[3] status = row[3] else: status = "\"" submissions.append({ 'docname': ldocname, 'actname': lactname, 'status': status, 'cdate': row[6], 'mdate': row[7], 'reference': row[5], 'id': row[4], 'act': currentaction, 'doctype': currentdoctype, 'pending': (row[3] == "pending") }) # display t += websubmit_templates.tmpl_yoursubmissions( ln=ln, order=order, doctypes=doctypes, submissions=submissions, ) return page( title=_("Your Submissions"), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'account': _("Your Account"), }, body=t, description="", keywords="", uid=uid, language=ln, req=req, navmenuid='yoursubmissions')
def index(req, c=CFG_SITE_NAME, ln=CFG_SITE_LANG, order="", doctype="", deletedId="", deletedAction="", deletedDoctype=""): ln = wash_language(ln) # load the right message language _ = gettext_set_language(ln) t = "" # get user ID: try: uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../yourapprovals.py/index", navmenuid='yourapprovals') u_email = get_email(uid) except Error as e: return error_page(str(e), req, ln=ln) user_info = collect_user_info(req) if not user_info['precached_useapprove']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use approval system.")) res = run_sql("SELECT sdocname,ldocname FROM sbmDOCTYPE ORDER BY ldocname") referees = [] for row in res: doctype = row[0] docname = row[1] reftext = "" if isRefereed(doctype) and __isReferee(req, doctype): referees.append ({'doctype': doctype, 'docname': docname, 'categories': None}) else: res2 = run_sql("select sname,lname from sbmCATEGORIES where doctype=%s", (doctype,)) categories = [] for row2 in res2: category = row2[0] categname = row2[1] if isRefereed(doctype, category) and __isReferee(req, doctype, category): categories.append({ 'id' : category, 'name' : categname, }) if categories: referees.append({ 'doctype' : doctype, 'docname' : docname, 'categories' : categories }) t = websubmit_templates.tmpl_yourapprovals(ln=ln, referees=referees) return page(title=_("Your Approvals"), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'account' : _("Your Account"), }, body=t, description="", keywords="", uid=uid, language=ln, req=req, navmenuid='yourapprovals')
def email_notify(alert, records, argstr): """Send the notification e-mail for a specific alert.""" if CFG_WEBALERT_DEBUG_LEVEL > 2: print("+" * 80 + '\n') uid = alert[0] user_info = collect_user_info(uid) frequency = alert[3] alert_name = alert[5] alert_description = alert[7] alert_recipient_email = alert[8] # set only by admin. Bypasses access-right checks. filtered_out_recids = [] # only set in debug mode if not alert_recipient_email: # Filter out records that user (who setup the alert) should # not see. This does not apply to external records (hosted # collections). filtered_records = ([], records[1]) for recid in records[0]: (auth_code, auth_msg) = check_user_can_view_record(user_info, recid) if auth_code == 0: filtered_records[0].append(recid) elif CFG_WEBALERT_DEBUG_LEVEL > 2: # only keep track of this in DEBUG mode filtered_out_recids.append(recid) else: # If admin has decided to send to some mailing-list, we cannot # verify that recipients have access to the records. So keep # all of them. filtered_records = records if len(filtered_records[0]) == 0: total_n_external_records = 0 for external_collection_results in filtered_records[1][0]: total_n_external_records += len(external_collection_results[1][0]) if total_n_external_records == 0: return msg = "" if CFG_WEBALERT_DEBUG_LEVEL > 2 and filtered_out_recids: print("-> these records have been filtered out, as user id %s did not have access:\n%s" % \ (uid, repr(filtered_out_recids))) if CFG_WEBALERT_DEBUG_LEVEL > 0: msg = "*** THIS MESSAGE WAS SENT IN DEBUG MODE ***\n\n" url = CFG_SITE_URL + "/search?" + argstr # Extract the pattern, the collection list, the current collection # and the sc (split collection) from the formatted query query = parse_qs(argstr) pattern = query.get('p', [''])[0] collection_list = query.get('c', []) current_collection = query.get('cc', ['']) sc = query.get('sc', ['1']) collections = calculate_desired_collection_list(collection_list, current_collection, int(sc[0])) msg += webalert_templates.tmpl_alert_email_body(alert_name, alert_description, url, filtered_records, pattern, collections, frequency, alert_use_basket_p(alert)) email = alert_recipient_email or get_email(uid) if email == 'guest': print("********************************************************************************") print("The following alert was not send, because cannot detect user email address:") print(" " + repr(argstr)) print("********************************************************************************") return if CFG_WEBALERT_DEBUG_LEVEL > 0: print("********************************************************************************") print(msg) print("********************************************************************************") if CFG_WEBALERT_DEBUG_LEVEL < 2: send_email(fromaddr=webalert_templates.tmpl_alert_email_from(), toaddr=email, subject=webalert_templates.tmpl_alert_email_title(alert_name), content=msg, header='', footer='', attempt_times=CFG_WEBALERT_SEND_EMAIL_NUMBER_OF_TRIES, attempt_sleeptime=CFG_WEBALERT_SEND_EMAIL_SLEEPTIME_BETWEEN_TRIES) if CFG_WEBALERT_DEBUG_LEVEL == 4: send_email(fromaddr=webalert_templates.tmpl_alert_email_from(), toaddr=CFG_SITE_ADMIN_EMAIL, subject=webalert_templates.tmpl_alert_email_title(alert_name), content=msg, header='', footer='', attempt_times=CFG_WEBALERT_SEND_EMAIL_NUMBER_OF_TRIES, attempt_sleeptime=CFG_WEBALERT_SEND_EMAIL_SLEEPTIME_BETWEEN_TRIES)
def index(req, c=CFG_SITE_NAME, ln=CFG_SITE_LANG, order="", doctype="", deletedId="", deletedAction="", deletedDoctype=""): ln = wash_language(ln) # load the right message language _ = gettext_set_language(ln) t = "" # get user ID: try: uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../yourapprovals.py/index", navmenuid='yourapprovals') u_email = get_email(uid) except Error as e: return error_page(str(e), req, ln=ln) user_info = collect_user_info(req) if not user_info['precached_useapprove']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use approval system.")) res = run_sql("SELECT sdocname,ldocname FROM sbmDOCTYPE ORDER BY ldocname") referees = [] for row in res: doctype = row[0] docname = row[1] reftext = "" if isRefereed(doctype) and __isReferee(req, doctype): referees.append({ 'doctype': doctype, 'docname': docname, 'categories': None }) else: res2 = run_sql( "select sname,lname from sbmCATEGORIES where doctype=%s", (doctype, )) categories = [] for row2 in res2: category = row2[0] categname = row2[1] if isRefereed(doctype, category) and __isReferee( req, doctype, category): categories.append({ 'id': category, 'name': categname, }) if categories: referees.append({ 'doctype': doctype, 'docname': docname, 'categories': categories }) t = websubmit_templates.tmpl_yourapprovals(ln=ln, referees=referees) return page( title=_("Your Approvals"), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'account': _("Your Account"), }, body=t, description="", keywords="", uid=uid, language=ln, req=req, navmenuid='yourapprovals')
def index(req, c=CFG_SITE_NAME, ln=CFG_SITE_LANG, order="", doctype="", deletedId="", deletedAction="", deletedDoctype=""): global uid ln = wash_language(ln) # load the right message language _ = gettext_set_language(ln) t = "" # get user ID: try: uid = getUid(req) (auth_code, auth_message) = acc_authorize_action(uid, 'submit') if auth_code > 0 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../yoursubmissions.py/index", navmenuid='yoursubmissions', text=auth_message) u_email = get_email(uid) except Error as e: return error_page(str(e), req, ln=ln) if deletedId != "": t += deleteSubmission(deletedId, deletedAction, deletedDoctype, u_email) # doctypes res = run_sql("select ldocname,sdocname from sbmDOCTYPE order by ldocname") doctypes = [] for row in res: doctypes.append({ 'id' : row[1], 'name' : row[0], 'selected' : (doctype == row[1]), }) # submissions # request order default value reqorder = "sbmSUBMISSIONS.md DESC, lactname" # requested value if order == "actiondown": reqorder = "lactname ASC, sbmSUBMISSIONS.md DESC" elif order == "actionup": reqorder = "lactname DESC, sbmSUBMISSIONS.md DESC" elif order == "refdown": reqorder = "reference ASC, sbmSUBMISSIONS.md DESC, lactname DESC" elif order == "refup": reqorder = "reference DESC, sbmSUBMISSIONS.md DESC, lactname DESC" elif order == "cddown": reqorder = "sbmSUBMISSIONS.cd DESC, lactname" elif order == "cdup": reqorder = "sbmSUBMISSIONS.cd ASC, lactname" elif order == "mddown": reqorder = "sbmSUBMISSIONS.md DESC, lactname" elif order == "mdup": reqorder = "sbmSUBMISSIONS.md ASC, lactname" elif order == "statusdown": reqorder = "sbmSUBMISSIONS.status DESC, lactname" elif order == "statusup": reqorder = "sbmSUBMISSIONS.status ASC, lactname" if doctype != "": docselect = " and doctype='%s' " % doctype else: docselect = "" res = run_sql("SELECT sbmSUBMISSIONS.* FROM sbmSUBMISSIONS,sbmACTION WHERE sactname=action and email=%s and id!='' "+docselect+" ORDER BY doctype,"+reqorder,(u_email,)) currentdoctype = "" currentaction = "" currentstatus = "" submissions = [] for row in res: if currentdoctype != row[1]: currentdoctype = row[1] currentaction = "" currentstatus = "" res2 = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s",(currentdoctype,)) if res2: ldocname = res2[0][0] else: ldocname = """***Unknown Document Type - (%s)""" % (currentdoctype,) if currentaction != row[2]: currentaction = row[2] res2 = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s",(currentaction,)) if res2: lactname = res2[0][0] else: lactname = "\"" else: lactname = "\"" if currentstatus != row[3]: currentstatus = row[3] status = row[3] else: status = "\"" submissions.append({ 'docname' : ldocname, 'actname' : lactname, 'status' : status, 'cdate' : row[6], 'mdate' : row[7], 'reference' : row[5], 'id' : row[4], 'act' : currentaction, 'doctype' : currentdoctype, 'pending' : (row[3] == "pending") }) # display t += websubmit_templates.tmpl_yoursubmissions( ln = ln, order = order, doctypes = doctypes, submissions = submissions, ) return page(title=_("Your Submissions"), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'account' : _("Your Account"), }, body=t, description="", keywords="", uid=uid, language=ln, req=req, navmenuid='yoursubmissions')
def authenticate(user, authorization_action, authorization_msg=""): """Authenticate the user against the user database. Check for its password, if it exists. Check for authorization_action access rights. Return user name upon authorization success, do system exit upon authorization failure. """ #FIXME return user # With SSO it's impossible to check for pwd if CFG_EXTERNAL_AUTH_USING_SSO or os.path.basename(sys.argv[0]) in CFG_VALID_PROCESSES_NO_AUTH_NEEDED: return user if authorization_msg: print(authorization_msg) print("=" * len(authorization_msg)) if user == "": print("\rUsername: "******"\n") sys.exit(1) except KeyboardInterrupt: sys.stderr.write("\n") sys.exit(1) else: print("\rUsername:"******"select id from user where email=%s", (user,), 1) + \ run_sql("select id from user where nickname=%s", (user,), 1) if not res: print("Sorry, %s does not exist." % user) sys.exit(1) else: uid = res[0][0] ok = False login_method = get_user_preferences(uid)['login_method'] if not CFG_EXTERNAL_AUTHENTICATION[login_method]: #Local authentication, let's see if we want passwords. res = run_sql("select id from user where id=%s " "and password=AES_ENCRYPT(email,'')", (uid,), 1) if res: ok = True if not ok: try: password_entered = getpass.getpass() except EOFError: sys.stderr.write("\n") sys.exit(1) except KeyboardInterrupt: sys.stderr.write("\n") sys.exit(1) if not CFG_EXTERNAL_AUTHENTICATION[login_method]: res = run_sql("select id from user where id=%s " "and password=AES_ENCRYPT(email, %s)", (uid, password_entered), 1) if res: ok = True else: if CFG_EXTERNAL_AUTHENTICATION[login_method].auth_user(get_email(uid), password_entered): ok = True if not ok: print("Sorry, wrong credentials for %s." % user) sys.exit(1) else: ## secondly check authorization for the authorization_action: (auth_code, auth_message) = acc_authorize_action(uid, authorization_action) if auth_code != 0: print(auth_message) sys.exit(1) return user