def dyn_usersettings_submit(param, request):
"""
ExtDirect method for submitting user setting section form.
"""
sess = DBSession()
s = None
if 'auth.settings' in request.session:
s = request.session['auth.settings']
for (ust, us) in sess \
.query(UserSettingType, UserSetting) \
.outerjoin(UserSetting, and_(
UserSettingType.id == UserSetting.type_id,
UserSetting.user_id == request.user.id
)) \
.filter(UserSettingType.name.in_(param.keys())):
if ust.name in param:
if us:
us.value = ust.param_to_db(param[ust.name])
else:
us = UserSetting()
us.user = request.user
us.type = ust
us.value = ust.param_to_db(param[ust.name])
sess.add(us)
if s:
s[ust.name] = ust.parse_param(param[ust.name])
if s:
request.session['auth.settings'] = s
return {
'success' : True
}
def xop_request(ctx, request):
# TODO: add optional redirect-to-site?
if not ctx.can_access(request):
raise HTTPForbidden('Access Denied')
gw = ctx.get_gateway()
if (not gw) or (not hasattr(gw, 'process_request')):
raise HTTPForbidden('Access Denied')
if not callable(gw.process_request):
raise HTTPForbidden('Access Denied')
try:
sess = DBSession()
xoplist = gw.process_request(request, sess)
except Exception as e:
# TODO: cancel and log?
raise HTTPForbidden('Access Denied')
for xop in xoplist:
ctx.check_operation(xop)
sess.add(xop)
if hasattr(gw, 'generate_response') and callable(gw.generate_response):
return gw.generate_response(request, xoplist)
resp = Response(body='OK', content_type='text/plain', charset='UTF-8')
return resp
def _cal_events_update(params, req):
cal_id = params.get('CalendarId', '')
if cal_id != _cal['id']:
return
if 'EventId' not in params:
return
evtype, evid = params['EventId'].split('-')
if evtype != 'ticket':
return
evid = int(evid)
if not has_permission('TICKETS_UPDATE', req.context, req):
return
sess = DBSession()
tkt = sess.query(Ticket).get(evid)
if tkt is None:
return
sess.execute(SetVariable('ticketid', tkt.id))
if 'StartDate' in params:
new_ts = dparse(params['StartDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
tkt.assigned_time = new_ts
if ('EndDate' in params) and tkt.assigned_time:
new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
delta = new_ts - tkt.assigned_time
tkt.duration = delta.seconds
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
config = setup_config(settings)
reg = threadlocal.get_current_registry()
factory = pyramid_mako.MakoRendererFactory()
name_resolver = DottedNameResolver()
lookup_opts = pyramid_mako.parse_options_from_settings(settings, 'mako.', name_resolver.maybe_resolve)
lookup_opts.update({
'default_filters' : ['context[\'self\'].ddl.ddl_fmt']
})
factory.lookup = pyramid_mako.PkgResourceTemplateLookup(**lookup_opts)
reg.registerUtility(factory, IRendererFactory, name='.mak')
sess = DBSession()
mm = ModuleManager(config)
sess.execute(SetVariable('accessuid', 0))
sess.execute(SetVariable('accessgid', 0))
sess.execute(SetVariable('accesslogin', '[CREATEDB]'))
mm.scan()
mm.install('core', sess)
for moddef in mm.modules:
if moddef != 'core':
mm.install(moddef, sess)
def _cal_events(evts, params, req):
if not has_permission('TICKETS_LIST', req.context, req):
return
ts_from = params.get('startDate')
ts_to = params.get('endDate')
if (not ts_from) or (not ts_to):
return
ts_from = dparse(ts_from).replace(hour=0, minute=0, second=0, microsecond=0)
ts_to = dparse(ts_to).replace(hour=23, minute=59, second=59, microsecond=999999)
sess = DBSession()
q = sess.query(Ticket)\
.filter(
Ticket.assigned_time <= ts_to,
IntervalSeconds(Ticket.assigned_time, Ticket.duration) >= ts_from
)
for tkt in q:
ev = {
'id' : 'ticket-%d' % tkt.id,
'cid' : _cal['id'],
'title' : tkt.name,
'start' : tkt.assigned_time,
'end' : tkt.end_time,
'notes' : tkt.description,
'apim' : 'tickets',
'apic' : 'Ticket',
'apiid' : tkt.id,
'caned' : False
}
evts.append(ev)
def dyn_priv_group_get(params, request):
"""
ExtDirect method for getting group's capabilities.
"""
gid = int(params.get('owner'))
if gid <= 0:
raise KeyError('Invalid group ID')
recs = []
sess = DBSession()
group = sess.query(Group).get(gid)
if group is None:
raise KeyError('Invalid group ID')
for priv in sess.query(Privilege)\
.join(NPModule)\
.filter(NPModule.enabled == True, Privilege.can_be_set == True)\
.order_by(Privilege.name):
prx = {
'privid' : priv.id,
'owner' : group.id,
'code' : priv.code,
'name' : priv.name,
'hasacls' : priv.has_acls,
'value' : None
}
if priv.code in group.caps:
prx['value'] = group.caps[priv.code].value
recs.append(prx)
return {
'records' : recs,
'total' : len(recs),
'success' : True
}
def bitcoin_walletss(request):
loc = get_localizer(request)
cfg = request.registry.settings
sess = DBSession()
errmess = None
tpldef = {'errmessage':errmess}
request.run_hook('access.cl.tpldef', tpldef, request)
access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first()
bitcoind_host = cfg.get('netprofile.client.bitcoind.host')
bitcoind_port = cfg.get('netprofile.client.bitcoind.port')
bitcoind_login = cfg.get('netprofile.client.bitcoind.login')
bitcoind_password = cfg.get('netprofile.client.bitcoind.password')
userwallets = []
bitcoind = bitcoinrpc.connect_to_remote(bitcoind_login, bitcoind_password, host=bitcoind_host, port=bitcoind_port)
userwallets = [{'wallet':wallet, 'balance':"{0}".format(float(bitcoind.getbalance(wallet))), 'address':bitcoind.getaddressesbyaccount(wallet)} for wallet in bitcoind.listaccounts() if wallet.startswith(access_user.nick)]
if len(userwallets) > 0:
nextid = max(map(int, re.findall('\d+', ",".join([w['wallet'] for w in userwallets])))) + 1
else:
nextid = 0
nextwallet = "{0}{1}".format(access_user.nick, nextid)
tpldef.update({'wallets':userwallets, 'nextwallet':nextwallet})
return tpldef
def find_princs_digest(param, request):
sess = DBSession()
try:
user = sess.query(User).filter(User.state == UserState.active,
User.enabled == True,
User.login == param['username']).one()
except NoResultFound:
return None
if not user.a1_hash:
return None
req_path = unquote(request.path.lower())
uri_path = unquote(param['uri'].lower())
if req_path != uri_path:
return None
ha2 = hashlib.md5(
('%s:%s' % (request.method, param['uri'])).encode()).hexdigest()
data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'],
'auth', ha2)
resp = hashlib.md5(('%s:%s' % (user.a1_hash, data)).encode()).hexdigest()
if resp == param['response']:
groups = ['g:%s' % user.group.name]
for sgr in user.secondary_groups:
if sgr == user.group:
continue
groups.append('g:%s' % sgr.name)
return groups
return None
def get_settings(request):
# FIXME: implement settings cache invalidation
if 'auth.settings' in request.session:
return request.session['auth.settings']
mmgr = request.registry.getUtility(IModuleManager)
all_settings = mmgr.get_settings('user')
user = request.user
if user is None:
ret = {}
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
if setting.default is None:
continue
ret['%s.%s.%s' %
(moddef, sname, setting_name)] = setting.default
else:
sess = DBSession()
ret = dict(
(s.name, s.value)
for s in sess.query(UserSetting).filter(UserSetting.user == user))
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting.name)
if fullname in ret:
ret[fullname] = setting.parse_param(ret[fullname])
elif setting.default is not None:
ret[fullname] = setting.default
request.session['auth.settings'] = ret
return ret
def dav_children(self): sess = DBSession() for g in sess.query(Group): g.__req__ = self.req g.__parent__ = self g.__plugin__ = self yield g
def _ent_hist_tickets(hist, ent, req, begin, end, max_num):
sess = DBSession()
# TODO: check permissions
qc = sess.query(TicketChange).options(joinedload(
TicketChange.user)).join(Ticket).filter(Ticket.entity == ent)
qt = sess.query(Ticket).options(joinedload(
Ticket.created_by)).filter(Ticket.entity == ent)
if begin is not None:
qc = qc.filter(TicketChange.timestamp >= begin)
qt = qt.filter(Ticket.creation_time >= begin)
if end is not None:
qc = qc.filter(TicketChange.timestamp <= end)
qt = qt.filter(Ticket.creation_time <= end)
if max_num:
qc = qc.limit(max_num)
qt = qt.limit(max_num)
for tc in qc:
eh = tc.get_entity_history(req)
if eh:
hist.append(eh)
for tkt in qt:
eh = tkt.get_entity_history(req)
if eh:
hist.append(eh)
def dav_children(self): sess = DBSession() for u in sess.query(User): u.__req__ = self.req u.__parent__ = self u.__plugin__ = self yield u
def _cal_events_update(params, req):
if 'EventId' not in params:
return
evtype, evid = params['EventId'].split('-')
if evtype != 'ticket':
return
evid = int(evid)
if not req.has_permission('TICKETS_UPDATE'):
return
# TODO: fancy permissions/ACLs
sess = DBSession()
tkt = sess.query(Ticket).get(evid)
if tkt is None:
return
sess.execute(SetVariable('ticketid', tkt.id))
if 'StartDate' in params:
new_ts = dparse(params['StartDate']).replace(tzinfo=None,
microsecond=0)
if new_ts:
tkt.assigned_time = new_ts
if ('EndDate' in params) and tkt.assigned_time:
new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0)
if new_ts:
delta = new_ts - tkt.assigned_time
tkt.duration = delta.seconds
def dav_create(self, req, name, rtype=None, props=None, data=None): # TODO: externalize type resolution user = req.user sess = DBSession() if rtype and (dprops.COLLECTION in rtype): obj = FileFolder( user_id=user.id, group_id=user.group_id, name=name, parent=None, rights=F_DEFAULT_DIRS ) sess.add(obj) else: obj = File( user_id=user.id, group_id=user.group_id, filename=name, name=name, folder=None, rights=F_DEFAULT_FILES ) sess.add(obj) if data is not None: # TODO: detect type of data (fd / buffer) obj.set_from_file(data, user, sess) if props and (dprops.CONTENT_TYPE in props): obj.mime_type = props[dprops.CONTENT_TYPE] if props: if dprops.CREATION_DATE in props: obj.creation_time = props[dprops.CREATION_DATE] if dprops.LAST_MODIFIED in props: obj.modification_time = props[dprops.LAST_MODIFIED] return (obj, False)
def client_issue_append(ctx, req):
loc = req.localizer
cfg = req.registry.settings
if not asbool(cfg.get('netprofile.client.ticket.enabled', True)):
raise HTTPForbidden(detail=_('Issues view is disabled'))
errors = {}
if ctx.archived:
req.session.flash({
'class':
'danger',
'text':
loc.translate(
_('This ticket is archived. You can\'t append to it.'))
})
return HTTPSeeOther(location=req.route_url('tickets.cl.issues',
traverse=(ctx.id, 'view')))
if 'submit' in req.POST:
csrf = req.POST.get('csrf', '')
comments = req.POST.get('comments', '')
if csrf != req.get_csrf():
errors['csrf'] = _a('Error submitting form')
elif not comments:
errors['comments'] = _a('Invalid field length')
if len(errors) == 0:
sess = DBSession()
ch = TicketChange()
ch.ticket = ctx
ch.from_client = True
ch.show_client = True
ch.comments = comments
sess.add(ch)
req.session.flash({
'text':
loc.translate(
_('Your comment was successfully appended to the issue'))
})
return HTTPSeeOther(location=req.route_url(
'tickets.cl.issues', traverse=(ctx.id, 'view')))
tpldef = {
'crumbs': [{
'text': loc.translate(_('My Issues')),
'url': req.route_url('tickets.cl.issues', traverse=())
}, {
'text':
loc.translate(_('View Issue #%d')) % ctx.id,
'url':
req.route_url('tickets.cl.issues', traverse=(ctx.id, 'view'))
}, {
'text':
loc.translate(_('Append Comment to Issue #%d')) % ctx.id
}],
'ticket':
ctx,
'errors': {err: loc.translate(errors[err])
for err in errors}
}
req.run_hook('access.cl.tpldef', tpldef, req)
req.run_hook('access.cl.tpldef.issue.append', tpldef, req)
return tpldef
def xop_request(ctx, request):
# TODO: add optional redirect-to-site?
if not ctx.can_access(request):
raise HTTPForbidden('Access Denied')
gw = ctx.get_gateway()
if (not gw) or (not hasattr(gw, 'process_request')):
raise HTTPForbidden('Access Denied')
if not callable(gw.process_request):
raise HTTPForbidden('Access Denied')
try:
sess = DBSession()
xoplist = gw.process_request(request, sess)
except Exception as e:
# TODO: cancel and log?
raise HTTPForbidden('Access Denied')
for xop in xoplist:
ctx.check_operation(xop)
sess.add(xop)
if hasattr(gw, 'generate_response') and callable(gw.generate_response):
return gw.generate_response(request, xoplist)
resp = Response(body='OK', content_type='text/plain', charset='UTF-8')
return resp
def file_ul(request):
sess = DBSession()
try:
ff_id = request.POST['ffid']
except KeyError:
ff_id = None
folder = None
if ff_id:
ff_id = int(ff_id)
folder = sess.query(FileFolder).get(ff_id)
if folder and not folder.can_write(request.user):
raise ValueError('Folder access denied')
for fo in request.POST.getall('file'):
obj = File(
user_id=request.user.id,
user=request.user,
group_id=request.user.group.id,
group=request.user.group,
rights=F_DEFAULT_FILES
)
if fo.filename:
obj.name = obj.filename = fo.filename
obj.folder = folder
sess.add(obj)
obj.set_from_file(fo.file, request.user, sess)
res = Response(html_escape(json.dumps({
'success' : True,
'msg' : 'File(s) uploaded'
}), False))
res.headerlist.append(('X-Frame-Options', 'SAMEORIGIN'))
return res
def _dyn_prep_tpl(params, req):
objid = params.get('objid')
objtype = params.get('objtype')
if (not objid) or (not objtype):
raise ValueError('No object specified')
docid = params.get('docid')
if not docid:
raise ValueError('No document specified')
sess = DBSession()
docid = int(docid)
doc = sess.query(Document).get(docid)
if not doc:
raise KeyError('No such document')
config = {
'docid' : docid,
'code' : doc.code,
'name' : doc.name,
'type' : doc.type,
'vars' : doc.variables,
'body' : doc.body
}
tpl_vars = {}
form_fields = []
req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req)
req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req)
return {
'success' : True,
'doc' : config,
'vars' : tpl_vars,
'form' : form_fields
}
def client_promise(ctx, request):
loc = get_localizer(request)
csrf = request.POST.get('csrf', '')
diff = request.POST.get('diff', '')
if 'submit' in request.POST:
sess = DBSession()
if csrf != request.get_csrf():
request.session.flash({
'text' : loc.translate(_('Error submitting form')),
'class' : 'danger'
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
fp = FuturePayment()
fp.stash = ctx
fp.entity = request.user.parent
fp.origin = FuturePaymentOrigin.user
fp.difference = diff
sess.add(fp)
request.session.flash({
'text' : loc.translate(_('Successfully added new promised payment'))
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
request.session.flash({
'text' : loc.translate(_('Error submitting form')),
'class' : 'danger'
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def client_chrate(ctx, request):
loc = get_localizer(request)
csrf = request.POST.get('csrf', '')
rate_id = int(request.POST.get('rateid'), 0)
aent_id = int(request.POST.get('entityid'))
ent = request.user.parent
err = True
if csrf == request.get_csrf():
sess = DBSession()
aent = sess.query(AccessEntity).get(aent_id)
if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities):
err = False
if 'clear' in request.POST:
rate_id = None
aent.next_rate_id = None
elif rate_id > 0:
aent.next_rate_id = rate_id
if err:
request.session.flash({
'text' : loc.translate(_('Error scheduling rate change')),
'class' : 'danger'
})
elif rate_id:
request.session.flash({
'text' : loc.translate(_('Rate change successfully scheduled'))
})
else:
request.session.flash({
'text' : loc.translate(_('Rate change successfully cancelled'))
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def sync(self):
to_update = []
sess = DBSession()
if len(self._pending_results) > 0:
task_uuids = [k
for k, v
in self._pending_results.items()
if v.ready()]
if len(task_uuids) > 0:
for log in sess.query(TaskLog).filter(
TaskLog.celery_id.in_(task_uuids)):
log.update(self._pending_results[log.celery_id])
to_update.append(log)
del self._pending_results[log.celery_id]
if len(self._sync_needed) > 0:
sn = self._sync_needed
for task in sess.query(Task).filter(Task.id.in_(sn.keys())):
task.last_run_time = sn[task.id].last_run_time
task.run_count = sn[task.id].run_count
to_update.append(task)
self._sync_needed = {}
self._schedule = self.get_from_db()
self.install_default_entries(self._schedule)
self._heap = None
def dyn_priv_group_set(px, request):
"""
ExtDirect method for setting group's capabilities.
"""
if 'records' not in px:
raise ValueError('No records found')
sess = DBSession()
for params in px['records']:
gid = int(params.get('owner'))
privid = int(params.get('privid'))
value = params.get('value')
if gid <= 0:
raise KeyError('Invalid group ID')
group = sess.query(Group).get(gid)
if group is None:
raise KeyError('Invalid group ID')
if value not in {True, False, None}:
raise ValueError('Invalid capability value')
priv = sess.query(Privilege)\
.join(NPModule)\
.filter(Privilege.id == privid, NPModule.enabled == True, Privilege.can_be_set == True)\
.one()
code = priv.code
if value is None:
if code in group.privileges:
del group.privileges[code]
else:
group.privileges[code] = value
return { 'success' : True }
def ff_tree_delete(params, request):
sess = DBSession()
user = request.user
root_ff = user.group.effective_root_folder
total = 0
for rec in params.get('records', ()):
ff_id = rec.get('id')
if ff_id == 'root':
continue
ff_id = int(ff_id)
ff = sess.query(FileFolder).get(ff_id)
if ff is None:
raise KeyError('Unknown folder ID %d' % ff_id)
if root_ff and (not ff.is_inside(root_ff)):
raise ValueError('Folder access denied')
cur_parent = ff.parent
if cur_parent and ((not cur_parent.can_write(user)) or (not cur_parent.can_traverse_path(user))):
raise ValueError('Folder access denied')
if (not cur_parent) and (not user.root_writable):
raise ValueError('Folder access denied')
# Extra precaution
if ff.user != user:
raise ValueError('Folder access denied')
sess.delete(ff)
total += 1
return {
'success' : True,
'total' : total
}
def disable(self, moddef):
"""
Remove a module from the list of enabled modules.
"""
from netprofile_core.models import NPModule
if moddef not in self.modules:
logger.error(
'Can\'t find module "%s". Verify installation and try again.',
moddef)
return False
if moddef in self.loaded:
if not self.unload(moddef): # pragma: no cover
logger.error('Can\'t unload module "%s".', moddef)
return False
sess = DBSession()
try:
mod = sess.query(NPModule).filter(NPModule.name == moddef).one()
except NoResultFound:
return False
if not mod.enabled:
return True
mod.enabled = False
transaction.commit()
return True
def client_upload(request):
csrf = request.POST.get('csrf', '')
mode = request.POST.get('mode', '')
if not mode:
raise HTTPForbidden('Invalid upload use')
if csrf != request.get_csrf():
raise HTTPForbidden('Error uploading file')
sess = DBSession()
# FIXME: add folder cfg
tpldef = []
for fo in request.POST.getall('files'):
obj = File()
if fo.filename:
obj.name = obj.filename = fo.filename
sess.add(obj)
obj.set_from_file(fo.file, None, sess)
signal = request.run_hook('access.cl.upload', obj, mode, request, sess, tpldef)
if True not in signal:
tpldef.append({
'name' : obj.filename,
'size' : obj.size,
'error' : _('Error uploading file')
})
sess.delete(obj)
tpldef = { 'files' : tpldef }
request.run_hook('access.cl.tpldef.upload', tpldef, request)
return tpldef
def find_princs_digest(param, request):
sess = DBSession()
try:
user = sess.query(User).filter(User.state == UserState.active,
User.enabled.is_(True),
User.login == param['username']).one()
except NoResultFound:
return None
if not user.password_ha1:
return None
req_path = unquote(request.path.lower())
uri_path = unquote(param['uri'].lower())
if req_path != uri_path:
return None
ha2 = hashlib.md5(('%s:%s' % (request.method,
param['uri'])).encode()).hexdigest()
data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'],
param['cnonce'], 'auth', ha2)
resp = hashlib.md5(('%s:%s' % (user.password_ha1,
data)).encode()).hexdigest()
if hmac.compare_digest(resp, param['response']):
groups = ['g:%s' % (user.group.name,)]
for sgr in user.secondary_groups:
if sgr == user.group:
continue
groups.append('g:%s' % (sgr.name,))
return groups
return None
def cals_avail(params, req):
cals = []
sess = DBSession()
q = sess.query(Calendar).filter(
Calendar.user_id != req.user.id,
or_(
and_(Calendar.group_access != CalendarAccess.none, Calendar.group == req.user.group),
Calendar.global_access != CalendarAccess.none
)
)
for cal in q:
cals.append({
'id' : 'user-%u' % cal.id,
'title' : cal.name,
'desc' : cal.description,
'owner' : str(cal.user),
'color' : cal.style,
'hidden' : False,
'cancreate' : cal.can_write(req.user)
})
return {
'success' : True,
'calendars' : cals,
'total' : len(cals)
}
def do_login(request):
if authenticated_userid(request):
return HTTPFound(location=request.route_url('core.home'))
login = ''
did_fail = False
cur_locale = locale_neg(request)
if 'submit' in request.POST:
login = request.POST.get('user', '')
passwd = request.POST.get('pass', '')
csrf = request.POST.get('csrf', '')
if csrf == request.get_csrf():
sess = DBSession()
reg = request.registry
hash_con = reg.settings.get('netprofile.auth.hash', 'sha1')
salt_len = int(reg.settings.get('netprofile.auth.salt_length', 4))
q = sess.query(User).filter(User.state == UserState.active).filter(User.enabled == True).filter(User.login == login)
for user in q:
if user.check_password(passwd, hash_con, salt_len):
return auth_add(request, login, 'core.home')
did_fail = True
mmgr = request.registry.getUtility(IModuleManager)
return {
'login' : login,
'failed' : did_fail,
'res_css' : mmgr.get_css(request),
'res_js' : mmgr.get_js(request),
'res_ljs' : mmgr.get_local_js(request, cur_locale),
'cur_loc' : cur_locale
}
def dyn_acl_user_set(px, request):
"""
ExtDirect method for setting user's ACLs.
"""
if 'records' not in px:
raise ValueError('No records found')
sess = DBSession()
for params in px['records']:
uid = int(params.get('owner'))
aclid = int(params.get('privid'))
code = params.get('code')
value = params.get('value')
if uid <= 0:
raise KeyError('Invalid user ID')
user = sess.query(User).get(uid)
if user is None:
raise KeyError('Invalid user ID')
if value not in {True, False, None}:
raise ValueError('Invalid capability value')
priv = sess.query(Privilege)\
.join(NPModule)\
.filter(Privilege.code == code, NPModule.enabled == True, Privilege.can_be_set == True)\
.one()
code = priv.code
if value is None:
if (code, aclid) in user.acls:
del user.acls[(code, aclid)]
else:
user.acls[(code, aclid)] = value
return { 'success' : True }
def dav_children(self): sess = DBSession() for u in sess.query(User): ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self yield ab
def main(argv=sys.argv):
if len(argv) != 2:
usage(argv)
config_uri = argv[1]
setup_logging(config_uri)
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
cache.cache = cache.configure_cache(settings)
config = Configurator(
settings=settings,
root_factory=RootFactory,
locale_negotiator=locale_neg
)
config.add_route_predicate('vhost', VHostPredicate)
config.add_view_predicate('vhost', VHostPredicate)
mmgr = config.registry.getUtility(IModuleManager)
mmgr.load('core')
mmgr.load_enabled()
rts = rt.configure(mmgr, config.registry)
app = rts.app()
rt.run(rts, app)
def client_activate(request):
if authenticated_userid(request):
return HTTPSeeOther(location=request.route_url('access.cl.home'))
did_fail = True
cur_locale = locale_neg(request)
cfg = request.registry.settings
comb_js = asbool(cfg.get('netprofile.client.combine_js', False))
can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False))
must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True))
link_id = int(cfg.get('netprofile.client.registration.link_id', 1))
rand_len = int(cfg.get('netprofile.client.registration.code_length', 20))
if (not can_reg) or (not must_verify):
return HTTPSeeOther(location=request.route_url('access.cl.login'))
code = request.GET.get('code', '').strip().upper()
login = request.GET.get('for', '')
if code and login and (len(code) == rand_len):
sess = DBSession()
for link in sess.query(AccessEntityLink)\
.options(joinedload(AccessEntityLink.entity))\
.filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code):
# TODO: implement code timeouts
ent = link.entity
if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login):
ent.access_state = AccessState.ok.value
sess.delete(link)
did_fail = False
break
tpldef = {
'failed' : did_fail,
'comb_js' : comb_js,
'cur_loc' : cur_locale
}
request.run_hook('access.cl.tpldef.activate', tpldef, request)
return tpldef
def file_mnt(request):
ff_id = request.matchdict.get('ffid')
if ff_id == 'root':
if not request.user.root_readable:
raise HTTPForbidden()
resp = DAVMountResponse(
request=request,
path='/',
username=request.user.login
)
else:
try:
ff_id = int(ff_id)
except (TypeError, ValueError):
raise HTTPNotFound()
sess = DBSession()
ff = sess.query(FileFolder).get(ff_id)
if not ff.allow_traverse(request):
raise HTTPForbidden()
path = '/'.join(ff.get_uri()[1:] + [''])
resp = DAVMountResponse(
request=request,
path=path,
username=request.user.login
)
resp.make_body()
resp.headerlist.append(('X-Frame-Options', 'SAMEORIGIN'))
return resp
def get_settings(request):
# FIXME: implement settings cache invalidation
if 'auth.settings' in request.session:
return request.session['auth.settings']
mmgr = request.registry.getUtility(IModuleManager)
all_settings = mmgr.get_settings('user')
user = request.user
if user is None:
ret = {}
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
if setting.default is None:
continue
ret['%s.%s.%s' % (moddef,
sname,
setting_name)] = setting.default
else:
sess = DBSession()
ret = dict(
(s.name, s.value)
for s
in sess.query(UserSetting).filter(UserSetting.user == user))
for moddef, sections in all_settings.items():
for sname, section in sections.items():
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting.name)
if fullname in ret:
ret[fullname] = setting.parse_param(ret[fullname])
elif setting.default is not None:
ret[fullname] = setting.default
request.session['auth.settings'] = ret
return ret
def dyn_globalsettings_form(param, request):
"""
ExtDirect method to populate a global settings form.
"""
node = param['section']
path = node.split('.')
if len(path) != 2:
raise ValueError('Invalid section node ID specified: %r' % (node,))
moddef = path[0]
sname = path[1]
mmgr = request.registry.getUtility(IModuleManager)
if moddef not in mmgr.loaded:
raise ValueError('Unknown, uninstalled or disabled module name requested: %r' % (moddef,))
all_settings = mmgr.get_settings('global')
if moddef not in all_settings or sname not in all_settings[moddef]:
raise ValueError('Setting doesn\'t exist: %r' % (node,))
form = []
section = all_settings[moddef][sname]
sess = DBSession()
values = dict(
(s.name, s.value)
for s
in sess.query(GlobalSetting).filter(
GlobalSetting.name.startswith('%s.%s.' % (moddef, sname))
)
)
for setting_name, setting in section.items():
fullname = '%s.%s.%s' % (moddef, sname, setting_name)
if fullname in values:
values[fullname] = setting.parse_param(values[fullname])
return section.get_form_cfg(request, moddef, values)
def disable(self, moddef):
"""
Remove a module from the list of enabled modules.
"""
from netprofile_core.models import NPModule
if moddef not in self.modules:
logger.error(
'Can\'t find module \'%s\'. Verify installation and try again.',
moddef)
return False
if moddef in self.loaded:
if not self.unload(moddef): # pragma: no cover
logger.error('Can\'t unload module \'%s\'.', moddef)
return False
sess = DBSession()
try:
mod = sess.query(NPModule).filter(NPModule.name == moddef).one()
except NoResultFound:
return False
if mod.enabled == False:
return True
mod.enabled = False
transaction.commit()
return True
def client_activate(request):
if authenticated_userid(request):
return HTTPSeeOther(location=request.route_url('access.cl.home'))
did_fail = True
cur_locale = locale_neg(request)
cfg = request.registry.settings
comb_js = asbool(cfg.get('netprofile.client.combine_js', False))
can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False))
must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True))
link_id = int(cfg.get('netprofile.client.registration.link_id', 1))
rand_len = int(cfg.get('netprofile.client.registration.code_length', 20))
if (not can_reg) or (not must_verify):
return HTTPSeeOther(location=request.route_url('access.cl.login'))
code = request.GET.get('code', '').strip().upper()
login = request.GET.get('for', '')
if code and login and (len(code) == rand_len):
sess = DBSession()
for link in sess.query(AccessEntityLink)\
.options(joinedload(AccessEntityLink.entity))\
.filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code):
# TODO: implement code timeouts
ent = link.entity
if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login):
ent.access_state = AccessState.ok.value
sess.delete(link)
did_fail = False
break
tpldef = {
'failed' : did_fail,
'comb_js' : comb_js,
'cur_loc' : cur_locale
}
request.run_hook('access.cl.tpldef.activate', tpldef, request)
return tpldef
def client_chrate(ctx, request):
loc = request.localizer
csrf = request.POST.get('csrf', '')
rate_id = int(request.POST.get('rateid'), 0)
aent_id = int(request.POST.get('entityid'))
ent = request.user.parent
err = True
if csrf == request.get_csrf():
sess = DBSession()
aent = sess.query(AccessEntity).get(aent_id)
if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities):
err = False
if 'clear' in request.POST:
rate_id = None
aent.next_rate_id = None
elif rate_id > 0:
aent.next_rate_id = rate_id
if err:
request.session.flash({
'text' : loc.translate(_('Error scheduling rate change')),
'class' : 'danger'
})
elif rate_id:
request.session.flash({
'text' : loc.translate(_('Rate change successfully scheduled'))
})
else:
request.session.flash({
'text' : loc.translate(_('Rate change successfully cancelled'))
})
return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def new_entity_validator(ret, values, request):
# FIXME: handle permissions
if 'etypeid' not in values:
return
sess = DBSession()
try:
ent_type = sess.query(EntityType).get(int(values['etypeid']))
except (TypeError, ValueError):
ent_type = None
# FIXME: error out on non-existent types
if ent_type is None:
return
parent_id = values.get('parentid')
if not parent_id and not ent_type.root:
ret['errors']['parent'].append(
request.localizer.translate(_('This entity requires a parent.')))
if parent_id:
try:
parent = sess.query(Entity).get(int(parent_id))
if parent and parent.type.leaf:
ret['errors']['parent'].append(
request.localizer.translate(
_('This entity can\'t have children.')))
except (TypeError, ValueError):
pass
mod = request.registry.getUtility(IModuleManager).get_module_browser()[
ent_type.module.name]
em = mod[ent_type.model]
xret = em.validate_fields(values, request)
if 'errors' in xret:
ret['errors'].update(xret['errors'])
def task_generate(srv_ids=(), station_ids=()):
cfg = app.settings
factory = ConfigGeneratorFactory(cfg, app.mmgr)
ret = []
sess = DBSession()
loc = sys_localizer(app.mmgr.cfg.registry)
q = sess.query(Server)
if len(srv_ids) > 0:
q = q.filter(Server.id.in_(srv_ids))
if len(station_ids) > 0:
q = q.filter(Server.host_id.in_(station_ids))
for srv in q:
gen = factory.get(srv.type.generator_name)
logger.info('Generating config of type %s for host %s', srv.type.generator_name, str(srv.host))
gen.generate(srv)
ret.append(loc.translate(_('Successfully generated %s configuration for host %s.')) % (
srv.type.name,
str(srv.host)
))
hosts = factory.deploy()
ret.append(loc.translate(_('Successfully deployed configuration for hosts: %s.')) % (', '.join(hosts),))
factory.restore_umask()
transaction.commit()
return ret
def _dyn_prep_tpl(params, req):
objid = params.get('objid')
objtype = params.get('objtype')
if (not objid) or (not objtype):
raise ValueError('No object specified')
docid = params.get('docid')
if not docid:
raise ValueError('No document specified')
sess = DBSession()
docid = int(docid)
doc = sess.query(Document).get(docid)
if not doc:
raise KeyError('No such document')
config = {
'docid': docid,
'code': doc.code,
'name': doc.name,
'type': doc.type,
'vars': doc.variables,
'body': doc.body
}
tpl_vars = {}
form_fields = []
req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req)
req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req)
return {
'success': True,
'doc': config,
'vars': tpl_vars,
'form': form_fields
}
def dav_children(self): sess = DBSession() for ab in sess.query(AddressBook)\ .filter(AddressBook.user == self.user): ab.__req__ = self.req ab.__parent__ = self ab.__plugin__ = self yield ab
def _doc_gen_obj(tpl_vars, objid, objtype, req):
if objtype != 'entity':
return
obj = DBSession().query(Entity).get(objid)
if not obj:
return
v = obj.template_vars(req)
if v:
tpl_vars.update({'entity': v})
def _wizcb_future_submit(wiz, em, step, act, val, req):
sess = DBSession()
obj = FuturePayment()
em.set_values(obj, val, req, True)
sess.add(obj)
return {
'do' : 'close',
'reload' : True
}
def clone(self, req, ctx, recurse=True, _flush=True):
sess = DBSession()
obj = ctx.dav_clone(req)
sess.add(obj)
if recurse:
for ch in self.children(ctx):
newch = self.clone(req, ch, recurse, False)
obj.dav_append(req, newch, ch.__name__)
return obj
def __getitem__(self, name):
sess = DBSession()
try:
u = sess.query(User).filter(User.login == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
u.__req__ = self.req
u.__parent__ = self
u.__plugin__ = self
return u
def dav_sync_token(self):
varname = 'DAV:SYNC:ABC:%u' % (self.user.id,)
try:
var = NPVariable.get_ro(varname)
except NoResultFound:
sess = DBSession()
cvar = NPVariable.get_ro('DAV:SYNC:PLUG:UABOOKS')
var = NPVariable(name=varname, integer_value=cvar.integer_value)
sess.add(var)
return var.integer_value
def __getitem__(self, name):
sess = DBSession()
try:
g = sess.query(Group).filter(Group.name == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
g.__req__ = self.req
g.__parent__ = self
g.__plugin__ = self
return g
def __getitem__(self, name):
sess = DBSession()
try:
u = sess.query(User).filter(User.login == name).one()
except NoResultFound:
raise KeyError('No such file or directory')
ab = DAVPluginUserAddressBooks(self.req, u)
ab.__req__ = self.req
ab.__parent__ = self
return ab
def get_user(request):
sess = DBSession()
userid = unauthenticated_userid(request)
if userid is not None:
from .models import AccessEntity
try:
return sess.query(AccessEntity).filter(
AccessEntity.nick == userid).one()
except NoResultFound:
return None
def __iter__(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() # TODO: add access controls for t in sess.query(FileFolder.name).filter(FileFolder.parent == root): yield t[0] for t in sess.query(File.filename).filter(File.folder == root): yield t[0]
def dav_collections(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() for t in sess.query(FileFolder).filter(FileFolder.parent == root): t.__req__ = self.req t.__parent__ = self t.__plugin__ = self yield t
def dav_search_principals(self, req, test, query): cond = [] for prop, value in query.items(): if prop == dprops.DISPLAY_NAME: cond.append(Group.name.contains(value)) if (test == 'anyof') and (len(cond) > 1): cond = (or_(*cond),) q = DBSession().query(Group) if len(cond) > 0: return q.filter(*cond) return q
def get_user(request):
sess = DBSession()
userid = unauthenticated_userid(request)
if userid is not None:
try:
return sess.query(ExternalOperationProvider).filter(
ExternalOperationProvider.authentication_username ==
userid).one()
except NoResultFound:
return None
def __getitem__(self, name):
sess = DBSession()
try:
ab = sess.query(AddressBook)\
.filter(AddressBook.user == self.user, AddressBook.name == name)\
.one()
except NoResultFound:
raise KeyError('No such file or directory')
ab.__req__ = self.req
ab.__parent__ = self
ab.__plugin__ = self
return ab
def _mod_userloc(mapper, conn, tgt): try: from netprofile_ldap.ldap import store except ImportError: return user = tgt.user user_id = tgt.user_id if (not user) and user_id: user = DBSession().query(User).get(user_id) if user: user.vcard = None store(user)
