Exemple #1
0
def admincontrol_manageuser_post_(request):
    form = request.web_input(ch_username="",
                             ch_full_name="",
                             ch_catchphrase="",
                             ch_email="",
                             ch_birthday="",
                             ch_gender="",
                             ch_country="",
                             remove_social=[])
    userid = d.get_int(form.userid)

    if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
        return d.errorpage(request.userid, errorcode.permission)

    profile.do_manage(
        request.userid,
        userid,
        username=form.username.strip() if form.ch_username else None,
        full_name=form.full_name.strip() if form.ch_full_name else None,
        catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
        birthday=form.birthday if form.ch_birthday else None,
        gender=form.gender if form.ch_gender else None,
        country=form.country if form.ch_country else None,
        remove_social=form.remove_social,
        permission_tag='permission-tag' in form)
    raise HTTPSeeOther(location="/admincontrol")
Exemple #2
0
    def POST(self):
        form = web.input(ch_username="", ch_full_name="", ch_catchphrase="", ch_email="",
                         ch_birthday="", ch_gender="", ch_country="")
        userid = d.get_int(form.userid)

        if self.user_id != userid and userid in staff.ADMINS and self.user_id not in staff.TECHNICAL:
            return d.errorpage(self.user_id, errorcode.permission)
        if form.get('impersonate'):
            if self.user_id not in staff.TECHNICAL:
                return d.errorpage(self.user_id, errorcode.permission)
            sess = web.ctx.weasyl_session
            sess.additional_data.setdefault('user-stack', []).append(sess.userid)
            sess.additional_data.changed()
            sess.userid = userid
            sess.save = True
            d.append_to_log(
                'staff.actions', userid=self.user_id, action='impersonate', target=userid)
            raise web.seeother('/')
        else:
            profile.do_manage(self.user_id, userid,
                              username=form.username.strip() if form.ch_username else None,
                              full_name=form.full_name.strip() if form.ch_full_name else None,
                              catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
                              birthday=form.birthday if form.ch_birthday else None,
                              gender=form.gender if form.ch_gender else None,
                              country=form.country if form.ch_country else None)
            raise web.seeother("/admincontrol")
Exemple #3
0
def admincontrol_manageuser_post_(request):
    form = request.web_input(ch_username="", ch_full_name="", ch_catchphrase="", ch_email="",
                             ch_birthday="", ch_gender="", ch_country="", remove_social=[])
    userid = d.get_int(form.userid)

    if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
        return d.errorpage(request.userid, errorcode.permission)

    profile.do_manage(request.userid, userid,
                      username=form.username.strip() if form.ch_username else None,
                      full_name=form.full_name.strip() if form.ch_full_name else None,
                      catchphrase=form.catchphrase.strip() if form.ch_catchphrase else None,
                      birthday=form.birthday if form.ch_birthday else None,
                      gender=form.gender if form.ch_gender else None,
                      country=form.country if form.ch_country else None,
                      remove_social=form.remove_social)
    raise HTTPSeeOther(location="/admincontrol")
Exemple #4
0
def test_InsufficientPermissions_WeasylError_if_user_does_not_have_tagging_permissions():
    # Set up for this test
    admin = db_utils.create_user()
    userid_owner = db_utils.create_user()
    userid_tag_adder = db_utils.create_user()
    journalid = db_utils.create_journal(userid_owner)
    charid = db_utils.create_character(userid_owner)
    submitid = db_utils.create_submission(userid_owner)
    profile.do_manage(admin, userid_tag_adder, permission_tag=False)

    with pytest.raises(WeasylError) as err:
        searchtag.associate(userid_tag_adder, tags, submitid=submitid)
    assert err.value.value == "InsufficientPermissions"

    with pytest.raises(WeasylError) as err:
        searchtag.associate(userid_tag_adder, tags, charid=charid)
    assert err.value.value == "InsufficientPermissions"

    with pytest.raises(WeasylError) as err:
        searchtag.associate(userid_tag_adder, tags, journalid=journalid)
    assert err.value.value == "InsufficientPermissions"
Exemple #5
0
    def test_remove_social_links(self):
        user = db_utils.create_user()

        links = [
            {
                'userid': user,
                'link_type': 'Twitter',
                'link_value': 'Weasyl',
            },
            {
                'userid': user,
                'link_type': 'Email',
                'link_value': 'mailto:[email protected]',
            },
        ]
        d.engine.execute(d.meta.tables['user_links'].insert().values(links))

        profile.do_manage(self.mod, user, remove_social=['Email'])

        test_user_profile = profile.select_manage(user)
        self.assertEqual(test_user_profile['sorted_user_links'], [('Twitter', ['Weasyl'])])
Exemple #6
0
    def POST(self):
        form = web.input(ch_username="",
                         ch_full_name="",
                         ch_catchphrase="",
                         ch_email="",
                         ch_birthday="",
                         ch_gender="",
                         ch_country="")
        userid = d.get_int(form.userid)

        if self.user_id != userid and userid in staff.ADMINS and self.user_id not in staff.TECHNICAL:
            return d.errorpage(self.user_id, errorcode.permission)
        if form.get('impersonate'):
            if self.user_id not in staff.TECHNICAL:
                return d.errorpage(self.user_id, errorcode.permission)
            sess = web.ctx.weasyl_session
            sess.additional_data.setdefault('user-stack',
                                            []).append(sess.userid)
            sess.additional_data.changed()
            sess.userid = userid
            sess.save = True
            d.append_to_log('staff.actions',
                            userid=self.user_id,
                            action='impersonate',
                            target=userid)
            raise web.seeother('/')
        else:
            profile.do_manage(
                self.user_id,
                userid,
                username=form.username.strip() if form.ch_username else None,
                full_name=form.full_name.strip()
                if form.ch_full_name else None,
                catchphrase=form.catchphrase.strip()
                if form.ch_catchphrase else None,
                birthday=form.birthday if form.ch_birthday else None,
                gender=form.gender if form.ch_gender else None,
                country=form.country if form.ch_country else None)
            raise web.seeother("/admincontrol")
Exemple #7
0
def admincontrol_manageuser_post_(request):
    userid = d.get_int(request.params.get('userid', ''))

    if request.userid != userid and userid in staff.ADMINS and request.userid not in staff.TECHNICAL:
        raise WeasylError('InsufficientPermissions')

    profile.do_manage(
        request.userid,
        userid,
        username=request.params.get('username', '').strip()
        if 'ch_username' in request.params else None,
        full_name=request.params.get('full_name', '').strip()
        if 'ch_full_name' in request.params else None,
        catchphrase=request.params.get('catchphrase', '').strip()
        if 'ch_catchphrase' in request.params else None,
        birthday=request.params.get('birthday', '')
        if 'ch_birthday' in request.params else None,
        gender=request.params.get('gender', '')
        if 'ch_gender' in request.params else None,
        country=request.params.get('country', '')
        if 'ch_country' in request.params else None,
        remove_social=request.params.getall('remove_social'),
        permission_tag='permission-tag' in request.params)
    raise HTTPSeeOther(location="/admincontrol")