def change_password(username, form, as_manager=False):
"""Change password, and return success/failure HTML."""
user = User(username, False)
if not user.user:
return user_management_failure_message(
"Problem: can't find user " + username, as_manager)
old_password = ws.get_cgi_parameter_str(form, PARAM.OLD_PASSWORD)
new_password_1 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_1)
new_password_2 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_2)
must_change_password = ws.get_cgi_parameter_bool(
form, PARAM.MUST_CHANGE_PASSWORD)
if new_password_1 != new_password_2:
return user_management_failure_message("New passwords don't match",
as_manager)
if len(new_password_1) < MINIMUM_PASSWORD_LENGTH:
return user_management_failure_message(
"New password must be at least {} characters; not changed.".format(
MINIMUM_PASSWORD_LENGTH
),
as_manager
)
if old_password == new_password_1 and not as_manager:
return user_management_failure_message(
"Old/new passwords are the same",
as_manager
)
if (not as_manager) and (not user.is_password_valid(old_password)):
return user_management_failure_message("Old password incorrect",
as_manager)
# OK
user.set_password(new_password_1)
user.save()
if not as_manager:
must_change_password = False
if must_change_password:
user.force_password_change()
audit("Password changed for user " + user.user)
return user_management_success_message(
"Password updated for user {}.".format(user.user),
as_manager,
"""<div class="important">
If you store your password in your CamCOPS tablet application,
remember to change it there as well.
</div>"""
)
def add_user(form):
"""Add a user, and return HTML success/failure message."""
username = ws.get_cgi_parameter_str(form, PARAM.USERNAME)
password_1 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_1)
password_2 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_2)
must_change_password = ws.get_cgi_parameter_bool(
form, PARAM.MUST_CHANGE_PASSWORD)
may_use_webviewer = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBVIEWER)
may_view_other_users_records = ws.get_cgi_parameter_bool(
form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS)
view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool(
form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED)
may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD)
superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER)
may_register_devices = ws.get_cgi_parameter_bool(
form, PARAM.MAY_REGISTER_DEVICES)
may_use_webstorage = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBSTORAGE)
may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA)
may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS)
may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES)
user = User(username, False)
if user.user:
return user_management_failure_message(
"User already exists: " + username)
if not is_username_permissible(username):
return user_management_failure_message(
"Invalid username: "******"Passwords don't mach")
if len(password_1) < MINIMUM_PASSWORD_LENGTH:
return user_management_failure_message(
"Password must be at least {} characters".format(
MINIMUM_PASSWORD_LENGTH
))
user = User(username, True)
user.set_password(password_1)
user.may_use_webviewer = may_use_webviewer
user.may_view_other_users_records = may_view_other_users_records
user.view_all_patients_when_unfiltered = view_all_patients_when_unfiltered
user.may_upload = may_upload
user.superuser = superuser
user.may_register_devices = may_register_devices
user.may_use_webstorage = may_use_webstorage
user.may_dump_data = may_dump_data
user.may_run_reports = may_run_reports
user.may_add_notes = may_add_notes
user.save()
if must_change_password:
user.force_password_change()
audit(
(
"User created: {}: "
"may_use_webviewer={}, "
"may_view_other_users_records={}, "
"view_all_patients_when_unfiltered={}, "
"may_upload={}, "
"superuser={}, "
"may_register_devices={}, "
"may_use_webstorage={}, "
"may_dump_data={}, "
"may_run_reports={}, "
"may_add_notes={}, "
"must_change_password={}"
).format(
user.user,
may_use_webviewer,
may_view_other_users_records,
view_all_patients_when_unfiltered,
may_upload,
superuser,
may_register_devices,
may_use_webstorage,
may_dump_data,
may_run_reports,
may_add_notes,
must_change_password
)
)
return user_management_success_message("User " + user.user + " created")
def change_user(form):
"""Apply changes to a user, and return success/failure HTML."""
username = ws.get_cgi_parameter_str(form, PARAM.USERNAME)
may_use_webviewer = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBVIEWER)
may_view_other_users_records = ws.get_cgi_parameter_bool(
form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS)
view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool(
form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED)
may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD)
superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER)
may_register_devices = ws.get_cgi_parameter_bool(
form, PARAM.MAY_REGISTER_DEVICES)
may_use_webstorage = ws.get_cgi_parameter_bool(
form, PARAM.MAY_USE_WEBSTORAGE)
may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA)
may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS)
may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES)
user = User(username, False)
if not user.user:
return user_management_failure_message("Invalid user: "******"User permissions edited for user {}: "
"may_use_webviewer={}, "
"may_view_other_users_records={}, "
"view_all_patients_when_unfiltered={}, "
"may_upload={}, "
"superuser={}, "
"may_register_devices={}, "
"may_use_webstorage={}, "
"may_dump_data={}, "
"may_run_reports={}, "
"may_add_notes={} "
).format(
user.user,
may_use_webviewer,
may_view_other_users_records,
view_all_patients_when_unfiltered,
may_upload,
superuser,
may_register_devices,
may_use_webstorage,
may_dump_data,
may_run_reports,
may_add_notes,
)
)
return user_management_success_message(
"Details updated for user " + user.user)
