def dyn_usersettings_submit(param, request): """ ExtDirect method for submitting user setting section form. """ sess = DBSession() s = None if 'auth.settings' in request.session: s = request.session['auth.settings'] for (ust, us) in sess \ .query(UserSettingType, UserSetting) \ .outerjoin(UserSetting, and_( UserSettingType.id == UserSetting.type_id, UserSetting.user_id == request.user.id )) \ .filter(UserSettingType.name.in_(param.keys())): if ust.name in param: if us: us.value = ust.param_to_db(param[ust.name]) else: us = UserSetting() us.user = request.user us.type = ust us.value = ust.param_to_db(param[ust.name]) sess.add(us) if s: s[ust.name] = ust.parse_param(param[ust.name]) if s: request.session['auth.settings'] = s return { 'success' : True }
def xop_request(ctx, request): # TODO: add optional redirect-to-site? if not ctx.can_access(request): raise HTTPForbidden('Access Denied') gw = ctx.get_gateway() if (not gw) or (not hasattr(gw, 'process_request')): raise HTTPForbidden('Access Denied') if not callable(gw.process_request): raise HTTPForbidden('Access Denied') try: sess = DBSession() xoplist = gw.process_request(request, sess) except Exception as e: # TODO: cancel and log? raise HTTPForbidden('Access Denied') for xop in xoplist: ctx.check_operation(xop) sess.add(xop) if hasattr(gw, 'generate_response') and callable(gw.generate_response): return gw.generate_response(request, xoplist) resp = Response(body='OK', content_type='text/plain', charset='UTF-8') return resp
def _cal_events_update(params, req): cal_id = params.get('CalendarId', '') if cal_id != _cal['id']: return if 'EventId' not in params: return evtype, evid = params['EventId'].split('-') if evtype != 'ticket': return evid = int(evid) if not has_permission('TICKETS_UPDATE', req.context, req): return sess = DBSession() tkt = sess.query(Ticket).get(evid) if tkt is None: return sess.execute(SetVariable('ticketid', tkt.id)) if 'StartDate' in params: new_ts = dparse(params['StartDate']).replace(tzinfo=None, microsecond=0) if new_ts: tkt.assigned_time = new_ts if ('EndDate' in params) and tkt.assigned_time: new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0) if new_ts: delta = new_ts - tkt.assigned_time tkt.duration = delta.seconds
def main(argv=sys.argv): if len(argv) != 2: usage(argv) config_uri = argv[1] setup_logging(config_uri) settings = get_appsettings(config_uri) config = setup_config(settings) reg = threadlocal.get_current_registry() factory = pyramid_mako.MakoRendererFactory() name_resolver = DottedNameResolver() lookup_opts = pyramid_mako.parse_options_from_settings(settings, 'mako.', name_resolver.maybe_resolve) lookup_opts.update({ 'default_filters' : ['context[\'self\'].ddl.ddl_fmt'] }) factory.lookup = pyramid_mako.PkgResourceTemplateLookup(**lookup_opts) reg.registerUtility(factory, IRendererFactory, name='.mak') sess = DBSession() mm = ModuleManager(config) sess.execute(SetVariable('accessuid', 0)) sess.execute(SetVariable('accessgid', 0)) sess.execute(SetVariable('accesslogin', '[CREATEDB]')) mm.scan() mm.install('core', sess) for moddef in mm.modules: if moddef != 'core': mm.install(moddef, sess)
def _cal_events(evts, params, req): if not has_permission('TICKETS_LIST', req.context, req): return ts_from = params.get('startDate') ts_to = params.get('endDate') if (not ts_from) or (not ts_to): return ts_from = dparse(ts_from).replace(hour=0, minute=0, second=0, microsecond=0) ts_to = dparse(ts_to).replace(hour=23, minute=59, second=59, microsecond=999999) sess = DBSession() q = sess.query(Ticket)\ .filter( Ticket.assigned_time <= ts_to, IntervalSeconds(Ticket.assigned_time, Ticket.duration) >= ts_from ) for tkt in q: ev = { 'id' : 'ticket-%d' % tkt.id, 'cid' : _cal['id'], 'title' : tkt.name, 'start' : tkt.assigned_time, 'end' : tkt.end_time, 'notes' : tkt.description, 'apim' : 'tickets', 'apic' : 'Ticket', 'apiid' : tkt.id, 'caned' : False } evts.append(ev)
def dyn_priv_group_get(params, request): """ ExtDirect method for getting group's capabilities. """ gid = int(params.get('owner')) if gid <= 0: raise KeyError('Invalid group ID') recs = [] sess = DBSession() group = sess.query(Group).get(gid) if group is None: raise KeyError('Invalid group ID') for priv in sess.query(Privilege)\ .join(NPModule)\ .filter(NPModule.enabled == True, Privilege.can_be_set == True)\ .order_by(Privilege.name): prx = { 'privid' : priv.id, 'owner' : group.id, 'code' : priv.code, 'name' : priv.name, 'hasacls' : priv.has_acls, 'value' : None } if priv.code in group.caps: prx['value'] = group.caps[priv.code].value recs.append(prx) return { 'records' : recs, 'total' : len(recs), 'success' : True }
def bitcoin_walletss(request): loc = get_localizer(request) cfg = request.registry.settings sess = DBSession() errmess = None tpldef = {'errmessage':errmess} request.run_hook('access.cl.tpldef', tpldef, request) access_user = sess.query(AccessEntity).filter_by(nick=str(request.user)).first() bitcoind_host = cfg.get('netprofile.client.bitcoind.host') bitcoind_port = cfg.get('netprofile.client.bitcoind.port') bitcoind_login = cfg.get('netprofile.client.bitcoind.login') bitcoind_password = cfg.get('netprofile.client.bitcoind.password') userwallets = [] bitcoind = bitcoinrpc.connect_to_remote(bitcoind_login, bitcoind_password, host=bitcoind_host, port=bitcoind_port) userwallets = [{'wallet':wallet, 'balance':"{0}".format(float(bitcoind.getbalance(wallet))), 'address':bitcoind.getaddressesbyaccount(wallet)} for wallet in bitcoind.listaccounts() if wallet.startswith(access_user.nick)] if len(userwallets) > 0: nextid = max(map(int, re.findall('\d+', ",".join([w['wallet'] for w in userwallets])))) + 1 else: nextid = 0 nextwallet = "{0}{1}".format(access_user.nick, nextid) tpldef.update({'wallets':userwallets, 'nextwallet':nextwallet}) return tpldef
def find_princs_digest(param, request): sess = DBSession() try: user = sess.query(User).filter(User.state == UserState.active, User.enabled == True, User.login == param['username']).one() except NoResultFound: return None if not user.a1_hash: return None req_path = unquote(request.path.lower()) uri_path = unquote(param['uri'].lower()) if req_path != uri_path: return None ha2 = hashlib.md5( ('%s:%s' % (request.method, param['uri'])).encode()).hexdigest() data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'], 'auth', ha2) resp = hashlib.md5(('%s:%s' % (user.a1_hash, data)).encode()).hexdigest() if resp == param['response']: groups = ['g:%s' % user.group.name] for sgr in user.secondary_groups: if sgr == user.group: continue groups.append('g:%s' % sgr.name) return groups return None
def get_settings(request): # FIXME: implement settings cache invalidation if 'auth.settings' in request.session: return request.session['auth.settings'] mmgr = request.registry.getUtility(IModuleManager) all_settings = mmgr.get_settings('user') user = request.user if user is None: ret = {} for moddef, sections in all_settings.items(): for sname, section in sections.items(): for setting_name, setting in section.items(): if setting.default is None: continue ret['%s.%s.%s' % (moddef, sname, setting_name)] = setting.default else: sess = DBSession() ret = dict( (s.name, s.value) for s in sess.query(UserSetting).filter(UserSetting.user == user)) for moddef, sections in all_settings.items(): for sname, section in sections.items(): for setting_name, setting in section.items(): fullname = '%s.%s.%s' % (moddef, sname, setting.name) if fullname in ret: ret[fullname] = setting.parse_param(ret[fullname]) elif setting.default is not None: ret[fullname] = setting.default request.session['auth.settings'] = ret return ret
def dav_children(self): sess = DBSession() for g in sess.query(Group): g.__req__ = self.req g.__parent__ = self g.__plugin__ = self yield g
def _ent_hist_tickets(hist, ent, req, begin, end, max_num): sess = DBSession() # TODO: check permissions qc = sess.query(TicketChange).options(joinedload( TicketChange.user)).join(Ticket).filter(Ticket.entity == ent) qt = sess.query(Ticket).options(joinedload( Ticket.created_by)).filter(Ticket.entity == ent) if begin is not None: qc = qc.filter(TicketChange.timestamp >= begin) qt = qt.filter(Ticket.creation_time >= begin) if end is not None: qc = qc.filter(TicketChange.timestamp <= end) qt = qt.filter(Ticket.creation_time <= end) if max_num: qc = qc.limit(max_num) qt = qt.limit(max_num) for tc in qc: eh = tc.get_entity_history(req) if eh: hist.append(eh) for tkt in qt: eh = tkt.get_entity_history(req) if eh: hist.append(eh)
def dav_children(self): sess = DBSession() for u in sess.query(User): u.__req__ = self.req u.__parent__ = self u.__plugin__ = self yield u
def _cal_events_update(params, req): if 'EventId' not in params: return evtype, evid = params['EventId'].split('-') if evtype != 'ticket': return evid = int(evid) if not req.has_permission('TICKETS_UPDATE'): return # TODO: fancy permissions/ACLs sess = DBSession() tkt = sess.query(Ticket).get(evid) if tkt is None: return sess.execute(SetVariable('ticketid', tkt.id)) if 'StartDate' in params: new_ts = dparse(params['StartDate']).replace(tzinfo=None, microsecond=0) if new_ts: tkt.assigned_time = new_ts if ('EndDate' in params) and tkt.assigned_time: new_ts = dparse(params['EndDate']).replace(tzinfo=None, microsecond=0) if new_ts: delta = new_ts - tkt.assigned_time tkt.duration = delta.seconds
def dav_create(self, req, name, rtype=None, props=None, data=None): # TODO: externalize type resolution user = req.user sess = DBSession() if rtype and (dprops.COLLECTION in rtype): obj = FileFolder( user_id=user.id, group_id=user.group_id, name=name, parent=None, rights=F_DEFAULT_DIRS ) sess.add(obj) else: obj = File( user_id=user.id, group_id=user.group_id, filename=name, name=name, folder=None, rights=F_DEFAULT_FILES ) sess.add(obj) if data is not None: # TODO: detect type of data (fd / buffer) obj.set_from_file(data, user, sess) if props and (dprops.CONTENT_TYPE in props): obj.mime_type = props[dprops.CONTENT_TYPE] if props: if dprops.CREATION_DATE in props: obj.creation_time = props[dprops.CREATION_DATE] if dprops.LAST_MODIFIED in props: obj.modification_time = props[dprops.LAST_MODIFIED] return (obj, False)
def client_issue_append(ctx, req): loc = req.localizer cfg = req.registry.settings if not asbool(cfg.get('netprofile.client.ticket.enabled', True)): raise HTTPForbidden(detail=_('Issues view is disabled')) errors = {} if ctx.archived: req.session.flash({ 'class': 'danger', 'text': loc.translate( _('This ticket is archived. You can\'t append to it.')) }) return HTTPSeeOther(location=req.route_url('tickets.cl.issues', traverse=(ctx.id, 'view'))) if 'submit' in req.POST: csrf = req.POST.get('csrf', '') comments = req.POST.get('comments', '') if csrf != req.get_csrf(): errors['csrf'] = _a('Error submitting form') elif not comments: errors['comments'] = _a('Invalid field length') if len(errors) == 0: sess = DBSession() ch = TicketChange() ch.ticket = ctx ch.from_client = True ch.show_client = True ch.comments = comments sess.add(ch) req.session.flash({ 'text': loc.translate( _('Your comment was successfully appended to the issue')) }) return HTTPSeeOther(location=req.route_url( 'tickets.cl.issues', traverse=(ctx.id, 'view'))) tpldef = { 'crumbs': [{ 'text': loc.translate(_('My Issues')), 'url': req.route_url('tickets.cl.issues', traverse=()) }, { 'text': loc.translate(_('View Issue #%d')) % ctx.id, 'url': req.route_url('tickets.cl.issues', traverse=(ctx.id, 'view')) }, { 'text': loc.translate(_('Append Comment to Issue #%d')) % ctx.id }], 'ticket': ctx, 'errors': {err: loc.translate(errors[err]) for err in errors} } req.run_hook('access.cl.tpldef', tpldef, req) req.run_hook('access.cl.tpldef.issue.append', tpldef, req) return tpldef
def file_ul(request): sess = DBSession() try: ff_id = request.POST['ffid'] except KeyError: ff_id = None folder = None if ff_id: ff_id = int(ff_id) folder = sess.query(FileFolder).get(ff_id) if folder and not folder.can_write(request.user): raise ValueError('Folder access denied') for fo in request.POST.getall('file'): obj = File( user_id=request.user.id, user=request.user, group_id=request.user.group.id, group=request.user.group, rights=F_DEFAULT_FILES ) if fo.filename: obj.name = obj.filename = fo.filename obj.folder = folder sess.add(obj) obj.set_from_file(fo.file, request.user, sess) res = Response(html_escape(json.dumps({ 'success' : True, 'msg' : 'File(s) uploaded' }), False)) res.headerlist.append(('X-Frame-Options', 'SAMEORIGIN')) return res
def _dyn_prep_tpl(params, req): objid = params.get('objid') objtype = params.get('objtype') if (not objid) or (not objtype): raise ValueError('No object specified') docid = params.get('docid') if not docid: raise ValueError('No document specified') sess = DBSession() docid = int(docid) doc = sess.query(Document).get(docid) if not doc: raise KeyError('No such document') config = { 'docid' : docid, 'code' : doc.code, 'name' : doc.name, 'type' : doc.type, 'vars' : doc.variables, 'body' : doc.body } tpl_vars = {} form_fields = [] req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req) req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req) return { 'success' : True, 'doc' : config, 'vars' : tpl_vars, 'form' : form_fields }
def client_promise(ctx, request): loc = get_localizer(request) csrf = request.POST.get('csrf', '') diff = request.POST.get('diff', '') if 'submit' in request.POST: sess = DBSession() if csrf != request.get_csrf(): request.session.flash({ 'text' : loc.translate(_('Error submitting form')), 'class' : 'danger' }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=())) fp = FuturePayment() fp.stash = ctx fp.entity = request.user.parent fp.origin = FuturePaymentOrigin.user fp.difference = diff sess.add(fp) request.session.flash({ 'text' : loc.translate(_('Successfully added new promised payment')) }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=())) request.session.flash({ 'text' : loc.translate(_('Error submitting form')), 'class' : 'danger' }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def client_chrate(ctx, request): loc = get_localizer(request) csrf = request.POST.get('csrf', '') rate_id = int(request.POST.get('rateid'), 0) aent_id = int(request.POST.get('entityid')) ent = request.user.parent err = True if csrf == request.get_csrf(): sess = DBSession() aent = sess.query(AccessEntity).get(aent_id) if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities): err = False if 'clear' in request.POST: rate_id = None aent.next_rate_id = None elif rate_id > 0: aent.next_rate_id = rate_id if err: request.session.flash({ 'text' : loc.translate(_('Error scheduling rate change')), 'class' : 'danger' }) elif rate_id: request.session.flash({ 'text' : loc.translate(_('Rate change successfully scheduled')) }) else: request.session.flash({ 'text' : loc.translate(_('Rate change successfully cancelled')) }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def sync(self): to_update = [] sess = DBSession() if len(self._pending_results) > 0: task_uuids = [k for k, v in self._pending_results.items() if v.ready()] if len(task_uuids) > 0: for log in sess.query(TaskLog).filter( TaskLog.celery_id.in_(task_uuids)): log.update(self._pending_results[log.celery_id]) to_update.append(log) del self._pending_results[log.celery_id] if len(self._sync_needed) > 0: sn = self._sync_needed for task in sess.query(Task).filter(Task.id.in_(sn.keys())): task.last_run_time = sn[task.id].last_run_time task.run_count = sn[task.id].run_count to_update.append(task) self._sync_needed = {} self._schedule = self.get_from_db() self.install_default_entries(self._schedule) self._heap = None
def dyn_priv_group_set(px, request): """ ExtDirect method for setting group's capabilities. """ if 'records' not in px: raise ValueError('No records found') sess = DBSession() for params in px['records']: gid = int(params.get('owner')) privid = int(params.get('privid')) value = params.get('value') if gid <= 0: raise KeyError('Invalid group ID') group = sess.query(Group).get(gid) if group is None: raise KeyError('Invalid group ID') if value not in {True, False, None}: raise ValueError('Invalid capability value') priv = sess.query(Privilege)\ .join(NPModule)\ .filter(Privilege.id == privid, NPModule.enabled == True, Privilege.can_be_set == True)\ .one() code = priv.code if value is None: if code in group.privileges: del group.privileges[code] else: group.privileges[code] = value return { 'success' : True }
def ff_tree_delete(params, request): sess = DBSession() user = request.user root_ff = user.group.effective_root_folder total = 0 for rec in params.get('records', ()): ff_id = rec.get('id') if ff_id == 'root': continue ff_id = int(ff_id) ff = sess.query(FileFolder).get(ff_id) if ff is None: raise KeyError('Unknown folder ID %d' % ff_id) if root_ff and (not ff.is_inside(root_ff)): raise ValueError('Folder access denied') cur_parent = ff.parent if cur_parent and ((not cur_parent.can_write(user)) or (not cur_parent.can_traverse_path(user))): raise ValueError('Folder access denied') if (not cur_parent) and (not user.root_writable): raise ValueError('Folder access denied') # Extra precaution if ff.user != user: raise ValueError('Folder access denied') sess.delete(ff) total += 1 return { 'success' : True, 'total' : total }
def disable(self, moddef): """ Remove a module from the list of enabled modules. """ from netprofile_core.models import NPModule if moddef not in self.modules: logger.error( 'Can\'t find module "%s". Verify installation and try again.', moddef) return False if moddef in self.loaded: if not self.unload(moddef): # pragma: no cover logger.error('Can\'t unload module "%s".', moddef) return False sess = DBSession() try: mod = sess.query(NPModule).filter(NPModule.name == moddef).one() except NoResultFound: return False if not mod.enabled: return True mod.enabled = False transaction.commit() return True
def client_upload(request): csrf = request.POST.get('csrf', '') mode = request.POST.get('mode', '') if not mode: raise HTTPForbidden('Invalid upload use') if csrf != request.get_csrf(): raise HTTPForbidden('Error uploading file') sess = DBSession() # FIXME: add folder cfg tpldef = [] for fo in request.POST.getall('files'): obj = File() if fo.filename: obj.name = obj.filename = fo.filename sess.add(obj) obj.set_from_file(fo.file, None, sess) signal = request.run_hook('access.cl.upload', obj, mode, request, sess, tpldef) if True not in signal: tpldef.append({ 'name' : obj.filename, 'size' : obj.size, 'error' : _('Error uploading file') }) sess.delete(obj) tpldef = { 'files' : tpldef } request.run_hook('access.cl.tpldef.upload', tpldef, request) return tpldef
def find_princs_digest(param, request): sess = DBSession() try: user = sess.query(User).filter(User.state == UserState.active, User.enabled.is_(True), User.login == param['username']).one() except NoResultFound: return None if not user.password_ha1: return None req_path = unquote(request.path.lower()) uri_path = unquote(param['uri'].lower()) if req_path != uri_path: return None ha2 = hashlib.md5(('%s:%s' % (request.method, param['uri'])).encode()).hexdigest() data = '%s:%s:%s:%s:%s' % (param['nonce'], param['nc'], param['cnonce'], 'auth', ha2) resp = hashlib.md5(('%s:%s' % (user.password_ha1, data)).encode()).hexdigest() if hmac.compare_digest(resp, param['response']): groups = ['g:%s' % (user.group.name,)] for sgr in user.secondary_groups: if sgr == user.group: continue groups.append('g:%s' % (sgr.name,)) return groups return None
def cals_avail(params, req): cals = [] sess = DBSession() q = sess.query(Calendar).filter( Calendar.user_id != req.user.id, or_( and_(Calendar.group_access != CalendarAccess.none, Calendar.group == req.user.group), Calendar.global_access != CalendarAccess.none ) ) for cal in q: cals.append({ 'id' : 'user-%u' % cal.id, 'title' : cal.name, 'desc' : cal.description, 'owner' : str(cal.user), 'color' : cal.style, 'hidden' : False, 'cancreate' : cal.can_write(req.user) }) return { 'success' : True, 'calendars' : cals, 'total' : len(cals) }
def do_login(request): if authenticated_userid(request): return HTTPFound(location=request.route_url('core.home')) login = '' did_fail = False cur_locale = locale_neg(request) if 'submit' in request.POST: login = request.POST.get('user', '') passwd = request.POST.get('pass', '') csrf = request.POST.get('csrf', '') if csrf == request.get_csrf(): sess = DBSession() reg = request.registry hash_con = reg.settings.get('netprofile.auth.hash', 'sha1') salt_len = int(reg.settings.get('netprofile.auth.salt_length', 4)) q = sess.query(User).filter(User.state == UserState.active).filter(User.enabled == True).filter(User.login == login) for user in q: if user.check_password(passwd, hash_con, salt_len): return auth_add(request, login, 'core.home') did_fail = True mmgr = request.registry.getUtility(IModuleManager) return { 'login' : login, 'failed' : did_fail, 'res_css' : mmgr.get_css(request), 'res_js' : mmgr.get_js(request), 'res_ljs' : mmgr.get_local_js(request, cur_locale), 'cur_loc' : cur_locale }
def dyn_acl_user_set(px, request): """ ExtDirect method for setting user's ACLs. """ if 'records' not in px: raise ValueError('No records found') sess = DBSession() for params in px['records']: uid = int(params.get('owner')) aclid = int(params.get('privid')) code = params.get('code') value = params.get('value') if uid <= 0: raise KeyError('Invalid user ID') user = sess.query(User).get(uid) if user is None: raise KeyError('Invalid user ID') if value not in {True, False, None}: raise ValueError('Invalid capability value') priv = sess.query(Privilege)\ .join(NPModule)\ .filter(Privilege.code == code, NPModule.enabled == True, Privilege.can_be_set == True)\ .one() code = priv.code if value is None: if (code, aclid) in user.acls: del user.acls[(code, aclid)] else: user.acls[(code, aclid)] = value return { 'success' : True }
def dav_children(self): sess = DBSession() for u in sess.query(User): ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self yield ab
def main(argv=sys.argv): if len(argv) != 2: usage(argv) config_uri = argv[1] setup_logging(config_uri) settings = get_appsettings(config_uri) engine = engine_from_config(settings, 'sqlalchemy.') DBSession.configure(bind=engine) cache.cache = cache.configure_cache(settings) config = Configurator( settings=settings, root_factory=RootFactory, locale_negotiator=locale_neg ) config.add_route_predicate('vhost', VHostPredicate) config.add_view_predicate('vhost', VHostPredicate) mmgr = config.registry.getUtility(IModuleManager) mmgr.load('core') mmgr.load_enabled() rts = rt.configure(mmgr, config.registry) app = rts.app() rt.run(rts, app)
def client_activate(request): if authenticated_userid(request): return HTTPSeeOther(location=request.route_url('access.cl.home')) did_fail = True cur_locale = locale_neg(request) cfg = request.registry.settings comb_js = asbool(cfg.get('netprofile.client.combine_js', False)) can_reg = asbool(cfg.get('netprofile.client.registration.enabled', False)) must_verify = asbool(cfg.get('netprofile.client.registration.verify_email', True)) link_id = int(cfg.get('netprofile.client.registration.link_id', 1)) rand_len = int(cfg.get('netprofile.client.registration.code_length', 20)) if (not can_reg) or (not must_verify): return HTTPSeeOther(location=request.route_url('access.cl.login')) code = request.GET.get('code', '').strip().upper() login = request.GET.get('for', '') if code and login and (len(code) == rand_len): sess = DBSession() for link in sess.query(AccessEntityLink)\ .options(joinedload(AccessEntityLink.entity))\ .filter(AccessEntityLink.type_id == link_id, AccessEntityLink.value == code): # TODO: implement code timeouts ent = link.entity if (ent.access_state == AccessState.block_inactive.value) and (ent.nick == login): ent.access_state = AccessState.ok.value sess.delete(link) did_fail = False break tpldef = { 'failed' : did_fail, 'comb_js' : comb_js, 'cur_loc' : cur_locale } request.run_hook('access.cl.tpldef.activate', tpldef, request) return tpldef
def file_mnt(request): ff_id = request.matchdict.get('ffid') if ff_id == 'root': if not request.user.root_readable: raise HTTPForbidden() resp = DAVMountResponse( request=request, path='/', username=request.user.login ) else: try: ff_id = int(ff_id) except (TypeError, ValueError): raise HTTPNotFound() sess = DBSession() ff = sess.query(FileFolder).get(ff_id) if not ff.allow_traverse(request): raise HTTPForbidden() path = '/'.join(ff.get_uri()[1:] + ['']) resp = DAVMountResponse( request=request, path=path, username=request.user.login ) resp.make_body() resp.headerlist.append(('X-Frame-Options', 'SAMEORIGIN')) return resp
def dyn_globalsettings_form(param, request): """ ExtDirect method to populate a global settings form. """ node = param['section'] path = node.split('.') if len(path) != 2: raise ValueError('Invalid section node ID specified: %r' % (node,)) moddef = path[0] sname = path[1] mmgr = request.registry.getUtility(IModuleManager) if moddef not in mmgr.loaded: raise ValueError('Unknown, uninstalled or disabled module name requested: %r' % (moddef,)) all_settings = mmgr.get_settings('global') if moddef not in all_settings or sname not in all_settings[moddef]: raise ValueError('Setting doesn\'t exist: %r' % (node,)) form = [] section = all_settings[moddef][sname] sess = DBSession() values = dict( (s.name, s.value) for s in sess.query(GlobalSetting).filter( GlobalSetting.name.startswith('%s.%s.' % (moddef, sname)) ) ) for setting_name, setting in section.items(): fullname = '%s.%s.%s' % (moddef, sname, setting_name) if fullname in values: values[fullname] = setting.parse_param(values[fullname]) return section.get_form_cfg(request, moddef, values)
def disable(self, moddef): """ Remove a module from the list of enabled modules. """ from netprofile_core.models import NPModule if moddef not in self.modules: logger.error( 'Can\'t find module \'%s\'. Verify installation and try again.', moddef) return False if moddef in self.loaded: if not self.unload(moddef): # pragma: no cover logger.error('Can\'t unload module \'%s\'.', moddef) return False sess = DBSession() try: mod = sess.query(NPModule).filter(NPModule.name == moddef).one() except NoResultFound: return False if mod.enabled == False: return True mod.enabled = False transaction.commit() return True
def client_chrate(ctx, request): loc = request.localizer csrf = request.POST.get('csrf', '') rate_id = int(request.POST.get('rateid'), 0) aent_id = int(request.POST.get('entityid')) ent = request.user.parent err = True if csrf == request.get_csrf(): sess = DBSession() aent = sess.query(AccessEntity).get(aent_id) if ent and aent and (aent.parent == ent) and (aent in ctx.access_entities): err = False if 'clear' in request.POST: rate_id = None aent.next_rate_id = None elif rate_id > 0: aent.next_rate_id = rate_id if err: request.session.flash({ 'text' : loc.translate(_('Error scheduling rate change')), 'class' : 'danger' }) elif rate_id: request.session.flash({ 'text' : loc.translate(_('Rate change successfully scheduled')) }) else: request.session.flash({ 'text' : loc.translate(_('Rate change successfully cancelled')) }) return HTTPSeeOther(location=request.route_url('stashes.cl.accounts', traverse=()))
def new_entity_validator(ret, values, request): # FIXME: handle permissions if 'etypeid' not in values: return sess = DBSession() try: ent_type = sess.query(EntityType).get(int(values['etypeid'])) except (TypeError, ValueError): ent_type = None # FIXME: error out on non-existent types if ent_type is None: return parent_id = values.get('parentid') if not parent_id and not ent_type.root: ret['errors']['parent'].append( request.localizer.translate(_('This entity requires a parent.'))) if parent_id: try: parent = sess.query(Entity).get(int(parent_id)) if parent and parent.type.leaf: ret['errors']['parent'].append( request.localizer.translate( _('This entity can\'t have children.'))) except (TypeError, ValueError): pass mod = request.registry.getUtility(IModuleManager).get_module_browser()[ ent_type.module.name] em = mod[ent_type.model] xret = em.validate_fields(values, request) if 'errors' in xret: ret['errors'].update(xret['errors'])
def task_generate(srv_ids=(), station_ids=()): cfg = app.settings factory = ConfigGeneratorFactory(cfg, app.mmgr) ret = [] sess = DBSession() loc = sys_localizer(app.mmgr.cfg.registry) q = sess.query(Server) if len(srv_ids) > 0: q = q.filter(Server.id.in_(srv_ids)) if len(station_ids) > 0: q = q.filter(Server.host_id.in_(station_ids)) for srv in q: gen = factory.get(srv.type.generator_name) logger.info('Generating config of type %s for host %s', srv.type.generator_name, str(srv.host)) gen.generate(srv) ret.append(loc.translate(_('Successfully generated %s configuration for host %s.')) % ( srv.type.name, str(srv.host) )) hosts = factory.deploy() ret.append(loc.translate(_('Successfully deployed configuration for hosts: %s.')) % (', '.join(hosts),)) factory.restore_umask() transaction.commit() return ret
def _dyn_prep_tpl(params, req): objid = params.get('objid') objtype = params.get('objtype') if (not objid) or (not objtype): raise ValueError('No object specified') docid = params.get('docid') if not docid: raise ValueError('No document specified') sess = DBSession() docid = int(docid) doc = sess.query(Document).get(docid) if not doc: raise KeyError('No such document') config = { 'docid': docid, 'code': doc.code, 'name': doc.name, 'type': doc.type, 'vars': doc.variables, 'body': doc.body } tpl_vars = {} form_fields = [] req.run_hook('documents.gen.object', tpl_vars, objid, objtype, req) req.run_hook('documents.gen.variables', tpl_vars, doc.variables, req) return { 'success': True, 'doc': config, 'vars': tpl_vars, 'form': form_fields }
def dav_children(self): sess = DBSession() for ab in sess.query(AddressBook)\ .filter(AddressBook.user == self.user): ab.__req__ = self.req ab.__parent__ = self ab.__plugin__ = self yield ab
def _doc_gen_obj(tpl_vars, objid, objtype, req): if objtype != 'entity': return obj = DBSession().query(Entity).get(objid) if not obj: return v = obj.template_vars(req) if v: tpl_vars.update({'entity': v})
def _wizcb_future_submit(wiz, em, step, act, val, req): sess = DBSession() obj = FuturePayment() em.set_values(obj, val, req, True) sess.add(obj) return { 'do' : 'close', 'reload' : True }
def clone(self, req, ctx, recurse=True, _flush=True): sess = DBSession() obj = ctx.dav_clone(req) sess.add(obj) if recurse: for ch in self.children(ctx): newch = self.clone(req, ch, recurse, False) obj.dav_append(req, newch, ch.__name__) return obj
def __getitem__(self, name): sess = DBSession() try: u = sess.query(User).filter(User.login == name).one() except NoResultFound: raise KeyError('No such file or directory') u.__req__ = self.req u.__parent__ = self u.__plugin__ = self return u
def dav_sync_token(self): varname = 'DAV:SYNC:ABC:%u' % (self.user.id,) try: var = NPVariable.get_ro(varname) except NoResultFound: sess = DBSession() cvar = NPVariable.get_ro('DAV:SYNC:PLUG:UABOOKS') var = NPVariable(name=varname, integer_value=cvar.integer_value) sess.add(var) return var.integer_value
def __getitem__(self, name): sess = DBSession() try: g = sess.query(Group).filter(Group.name == name).one() except NoResultFound: raise KeyError('No such file or directory') g.__req__ = self.req g.__parent__ = self g.__plugin__ = self return g
def __getitem__(self, name): sess = DBSession() try: u = sess.query(User).filter(User.login == name).one() except NoResultFound: raise KeyError('No such file or directory') ab = DAVPluginUserAddressBooks(self.req, u) ab.__req__ = self.req ab.__parent__ = self return ab
def get_user(request): sess = DBSession() userid = unauthenticated_userid(request) if userid is not None: from .models import AccessEntity try: return sess.query(AccessEntity).filter( AccessEntity.nick == userid).one() except NoResultFound: return None
def __iter__(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() # TODO: add access controls for t in sess.query(FileFolder.name).filter(FileFolder.parent == root): yield t[0] for t in sess.query(File.filename).filter(File.folder == root): yield t[0]
def dav_collections(self): user = self.req.user root = None if user: root = user.group.effective_root_folder sess = DBSession() for t in sess.query(FileFolder).filter(FileFolder.parent == root): t.__req__ = self.req t.__parent__ = self t.__plugin__ = self yield t
def dav_search_principals(self, req, test, query): cond = [] for prop, value in query.items(): if prop == dprops.DISPLAY_NAME: cond.append(Group.name.contains(value)) if (test == 'anyof') and (len(cond) > 1): cond = (or_(*cond),) q = DBSession().query(Group) if len(cond) > 0: return q.filter(*cond) return q
def get_user(request): sess = DBSession() userid = unauthenticated_userid(request) if userid is not None: try: return sess.query(ExternalOperationProvider).filter( ExternalOperationProvider.authentication_username == userid).one() except NoResultFound: return None
def __getitem__(self, name): sess = DBSession() try: ab = sess.query(AddressBook)\ .filter(AddressBook.user == self.user, AddressBook.name == name)\ .one() except NoResultFound: raise KeyError('No such file or directory') ab.__req__ = self.req ab.__parent__ = self ab.__plugin__ = self return ab
def _mod_userloc(mapper, conn, tgt): try: from netprofile_ldap.ldap import store except ImportError: return user = tgt.user user_id = tgt.user_id if (not user) and user_id: user = DBSession().query(User).get(user_id) if user: user.vcard = None store(user)