def post(
self,
name: str,
email: str,
password: str,
is_tracim_manager: str = 'off',
is_tracim_admin: str = 'off',
send_email: str = 'off',
):
is_tracim_manager = h.on_off_to_boolean(is_tracim_manager)
is_tracim_admin = h.on_off_to_boolean(is_tracim_admin)
send_email = h.on_off_to_boolean(send_email)
current_user = tmpl_context.current_user
if current_user.profile.id < Group.TIM_ADMIN:
# A manager can't give large rights
is_tracim_manager = False
is_tracim_admin = False
api = UserApi(current_user)
if api.user_with_email_exists(email):
tg.flash(
_('A user with email address "{}" already exists.').format(
email), CST.STATUS_ERROR)
tg.redirect(self.url())
user = api.create_user()
user.email = email
user.display_name = name
if password:
user.password = password
elif send_email:
# Setup a random password to send email at user
password = self.generate_password()
user.password = password
user.webdav_left_digest_response_hash = '%s:/:%s' % (email, password)
api.save(user)
# Now add the user to related groups
group_api = GroupApi(current_user)
user.groups.append(group_api.get_one(Group.TIM_USER))
if is_tracim_manager:
user.groups.append(group_api.get_one(Group.TIM_MANAGER))
if is_tracim_admin:
user.groups.append(group_api.get_one(Group.TIM_ADMIN))
api.save(user)
if send_email:
email_manager = get_email_manager()
email_manager.notify_created_account(user, password=password)
api.execute_created_user_actions(user)
tg.flash(
_('User {} created.').format(user.get_display_name()),
CST.STATUS_OK)
tg.redirect(self.url())
def test_unit__get_all_manageable(self):
admin = DBSession.query(User) \
.filter(User.email == '*****@*****.**').one()
uapi = UserApi(admin)
# Checks a case without workspaces.
wapi = WorkspaceApi(current_user=admin)
eq_([], wapi.get_all_manageable())
# Checks an admin gets all workspaces.
w4 = wapi.create_workspace(label='w4')
w3 = wapi.create_workspace(label='w3')
w2 = wapi.create_workspace(label='w2')
w1 = wapi.create_workspace(label='w1')
eq_([w1, w2, w3, w4], wapi.get_all_manageable())
# Checks a regular user gets none workspace.
gapi = GroupApi(None)
u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
wapi = WorkspaceApi(current_user=u)
rapi = RoleApi(current_user=u)
off = 'off'
rapi.create_one(u, w4, UserRoleInWorkspace.READER, off)
rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, off)
rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, off)
rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, off)
eq_([], wapi.get_all_manageable())
# Checks a manager gets only its own workspaces.
u.groups.append(gapi.get_one(Group.TIM_MANAGER))
rapi.delete_one(u.user_id, w2.workspace_id)
rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, off)
eq_([w1, w2], wapi.get_all_manageable())
def test_unit__get_all_manageable(self):
admin = DBSession.query(User) \
.filter(User.email == '*****@*****.**').one()
uapi = UserApi(admin)
# Checks a case without workspaces.
wapi = WorkspaceApi(current_user=admin)
eq_([], wapi.get_all_manageable())
# Checks an admin gets all workspaces.
w4 = wapi.create_workspace(label='w4')
w3 = wapi.create_workspace(label='w3')
w2 = wapi.create_workspace(label='w2')
w1 = wapi.create_workspace(label='w1')
eq_([w1, w2, w3, w4], wapi.get_all_manageable())
# Checks a regular user gets none workspace.
gapi = GroupApi(None)
u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
wapi = WorkspaceApi(current_user=u)
rapi = RoleApi(current_user=u)
rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)
rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False)
rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
eq_([], wapi.get_all_manageable())
# Checks a manager gets only its own workspaces.
u.groups.append(gapi.get_one(Group.TIM_MANAGER))
rapi.delete_one(u.user_id, w2.workspace_id)
rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
eq_([w1, w2], wapi.get_all_manageable())
def post(
self,
name: str,
email: str,
password: str,
is_tracim_manager: str='off',
is_tracim_admin: str='off',
send_email: str='off',
):
is_tracim_manager = h.on_off_to_boolean(is_tracim_manager)
is_tracim_admin = h.on_off_to_boolean(is_tracim_admin)
send_email = h.on_off_to_boolean(send_email)
current_user = tmpl_context.current_user
if current_user.profile.id < Group.TIM_ADMIN:
# A manager can't give large rights
is_tracim_manager = False
is_tracim_admin = False
api = UserApi(current_user)
if api.user_with_email_exists(email):
tg.flash(_('A user with email address "{}" already exists.').format(email), CST.STATUS_ERROR)
tg.redirect(self.url())
user = api.create_user()
user.email = email
user.display_name = name
if password:
user.password = password
elif send_email:
# Setup a random password to send email at user
password = str(uuid.uuid4())
user.password = password
user.webdav_left_digest_response_hash = '%s:/:%s' % (email, password)
api.save(user)
# Now add the user to related groups
group_api = GroupApi(current_user)
user.groups.append(group_api.get_one(Group.TIM_USER))
if is_tracim_manager:
user.groups.append(group_api.get_one(Group.TIM_MANAGER))
if is_tracim_admin:
user.groups.append(group_api.get_one(Group.TIM_ADMIN))
api.save(user)
if send_email:
email_manager = get_email_manager()
email_manager.notify_created_account(user, password=password)
tg.flash(_('User {} created.').format(user.get_display_name()), CST.STATUS_OK)
tg.redirect(self.url())
def post(self, name, email, password, is_tracim_manager='off', is_tracim_admin='off'):
is_tracim_manager = h.on_off_to_boolean(is_tracim_manager)
is_tracim_admin = h.on_off_to_boolean(is_tracim_admin)
current_user = tmpl_context.current_user
if current_user.profile.id < Group.TIM_ADMIN:
# A manager can't give large rights
is_tracim_manager = False
is_tracim_admin = False
api = UserApi(current_user)
if api.user_with_email_exists(email):
tg.flash(_('A user with email address "{}" already exists.').format(email), CST.STATUS_ERROR)
tg.redirect(self.url())
user = api.create_user()
user.email = email
user.display_name = name
if password:
user.password = password
api.save(user)
# Now add the user to related groups
group_api = GroupApi(current_user)
user.groups.append(group_api.get_one(Group.TIM_USER))
if is_tracim_manager:
user.groups.append(group_api.get_one(Group.TIM_MANAGER))
if is_tracim_admin:
user.groups.append(group_api.get_one(Group.TIM_ADMIN))
api.save(user)
tg.flash(_('User {} created.').format(user.get_display_name()), CST.STATUS_OK)
tg.redirect(self.url())
def put(self, new_profile):
# FIXME - Allow only self password or operation for managers
current_user = tmpl_context.current_user
user = tmpl_context.user
group_api = GroupApi(current_user)
if current_user.user_id == user.user_id:
tg.flash(_('You can\'t change your own profile'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url())
redirect_url = self.parent_controller.url(skip_id=True)
if new_profile not in self.allowed_profiles:
tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
tg.redirect(redirect_url)
pod_user_group = group_api.get_one(Group.TIM_USER)
pod_manager_group = group_api.get_one(Group.TIM_MANAGER)
pod_admin_group = group_api.get_one(Group.TIM_ADMIN)
# this is the default value ; should never appear
flash_message = _('User updated.')
if new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_USER:
if pod_user_group not in user.groups:
user.groups.append(pod_user_group)
try:
user.groups.remove(pod_manager_group)
except:
pass
try:
user.groups.remove(pod_admin_group)
except:
pass
flash_message = _('User {} is now a basic user').format(user.get_display_name())
elif new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_MANAGER:
if pod_user_group not in user.groups:
user.groups.append(pod_user_group)
if pod_manager_group not in user.groups:
user.groups.append(pod_manager_group)
try:
user.groups.remove(pod_admin_group)
except:
pass
flash_message = _('User {} can now workspaces').format(user.get_display_name())
elif new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_ADMIN:
if pod_user_group not in user.groups:
user.groups.append(pod_user_group)
if pod_manager_group not in user.groups:
user.groups.append(pod_manager_group)
if pod_admin_group not in user.groups:
user.groups.append(pod_admin_group)
flash_message = _('User {} is now an administrator').format(user.get_display_name())
else:
error_msg = \
'Trying to change user {} profile with unexpected profile {}'
logger.error(self, error_msg.format(user.user_id, new_profile))
tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
tg.redirect(redirect_url)
DBSession.flush()
tg.flash(flash_message, CST.STATUS_OK)
tg.redirect(redirect_url)
def put(self, new_profile):
# FIXME - Allow only self password or operation for managers
current_user = tmpl_context.current_user
user = tmpl_context.user
group_api = GroupApi(current_user)
if current_user.user_id==user.user_id:
tg.flash(_('You can\'t change your own profile'), CST.STATUS_ERROR)
tg.redirect(self.parent_controller.url())
redirect_url = self.parent_controller.url(skip_id=True)
if new_profile not in self.allowed_profiles:
tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
tg.redirect(redirect_url)
pod_user_group = group_api.get_one(Group.TIM_USER)
pod_manager_group = group_api.get_one(Group.TIM_MANAGER)
pod_admin_group = group_api.get_one(Group.TIM_ADMIN)
flash_message = _('User updated.') # this is the default value ; should never appear
if new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_USER:
if pod_user_group not in user.groups:
user.groups.append(pod_user_group)
try:
user.groups.remove(pod_manager_group)
except:
pass
try:
user.groups.remove(pod_admin_group)
except:
pass
flash_message = _('User {} is now a basic user').format(user.get_display_name())
elif new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_MANAGER:
if pod_user_group not in user.groups:
user.groups.append(pod_user_group)
if pod_manager_group not in user.groups:
user.groups.append(pod_manager_group)
try:
user.groups.remove(pod_admin_group)
except:
pass
flash_message = _('User {} can now workspaces').format(user.get_display_name())
elif new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_ADMIN:
if pod_user_group not in user.groups:
user.groups.append(pod_user_group)
if pod_manager_group not in user.groups:
user.groups.append(pod_manager_group)
if pod_admin_group not in user.groups:
user.groups.append(pod_admin_group)
flash_message = _('User {} is now an administrator').format(user.get_display_name())
else:
logger.error(self, 'Trying to change user {} profile with unexpected profile {}'.format(user.user_id, new_profile))
tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
tg.redirect(redirect_url)
DBSession.flush()
tg.flash(flash_message, CST.STATUS_OK)
tg.redirect(redirect_url)
