def post(self, *args, **kwargs):
user_uuid = self.get_argument('uuid', '')
user = User.by_uuid(user_uuid)
if user is not None:
errors = []
username = self.get_argument('username', None)
password = self.get_argument('password', None)
if password is not None:
if 12 <= len(password) <= 100:
self.change_user_password(user)
else:
errors.append("Password invalid length (12-100)")
if username is not None and username != user.username:
if 3 <= len(username) <= 15:
if User.by_username(username) is None:
user.username = username
dbsession.add(user)
dbsession.flush()
else:
errors.append("Username already exists")
else:
errors.append("Username is an invalid length (3-15)")
self.render("admin/manage_users.html", errors=errors)
else:
self.render("admin/manage_users.html",
errors=["User does not exist"])
def post(self, *args, **kwargs):
user_uuid = self.get_argument('uuid', '')
user = User.by_uuid(user_uuid)
if user is not None:
errors = []
username = self.get_argument('username', None)
password = self.get_argument('password', None)
if password is not None:
if 12 <= len(password) <= 100:
self.change_user_password(user)
else:
errors.append("Password invalid length (12-100)")
if username is not None and username != user.username:
if 3 <= len(username) <= 15:
if User.by_username(username) is None:
user.username = username
dbsession.add(user)
dbsession.flush()
else:
errors.append("Username already exists")
else:
errors.append("Username is an invalid length (3-15)")
self.render("admin/manage_users.html", errors=errors)
else:
self.render("admin/manage_users.html",
errors=["User does not exist"]
)
def wrapper(self, *args, **kwargs):
if self.session is not None:
user = User.by_username(self.session['username'])
if user is not None and user.has_permission(permission):
return method(self, *args, **kwargs)
logging.warn("Attempted unauthorized access from %s to %s" % (
self.request.remote_ip,
self.request.uri,
))
self.redirect(self.application.settings['forbidden_url'])
