Esempio n. 1
0
def auth_tokens_POST(request):
    """
    Lists all available alert channels
    """
    if request.matched_route.name == 'users_self_property':
        user = request.user
    else:
        user = User.by_id(request.matchdict.get('user_id'))
        if not user:
            return HTTPNotFound()

    req_data = request.safe_json_body or {}
    if not req_data.get('expires'):
        req_data.pop('expires', None)
    form = forms.AuthTokenCreateForm(MultiDict(req_data), csrf_context=request)
    if not form.validate():
        return HTTPUnprocessableEntity(body=form.errors_json)
    token = AuthToken()
    form.populate_obj(token)
    if token.expires:
        interval = h.time_deltas.get(token.expires)['delta']
        token.expires = datetime.datetime.utcnow() + interval
    user.auth_tokens.append(token)
    DBSession.flush()
    return token.get_dict()
Esempio n. 2
0
def users_resource_permissions_list(request):
    """
    Get list of permissions assigned to specific resources
    """
    user = User.by_id(request.matchdict.get('user_id'))
    if not user:
        return HTTPNotFound()
    return [permission_tuple_to_dict(perm) for perm in
            user.resources_with_possible_perms()]
Esempio n. 3
0
def auth_tokens_list(request):
    """
    Lists all available alert channels
    """
    if request.matched_route.name == 'users_self_property':
        user = request.user
    else:
        user = User.by_id(request.matchdict.get('user_id'))
        if not user:
            return HTTPNotFound()
    return [c.get_dict() for c in user.auth_tokens]
Esempio n. 4
0
def auth_tokens_DELETE(request):
    """
    Lists all available alert channels
    """
    if request.matched_route.name == 'users_self_property':
        user = request.user
    else:
        user = User.by_id(request.matchdict.get('user_id'))
        if not user:
            return HTTPNotFound()

    for token in user.auth_tokens:
        if token.token == request.params.get('token'):
            user.auth_tokens.remove(token)
            return True
    return False
Esempio n. 5
0
def get_user(request):
    if not request.path_info.startswith('/static'):
        user_id = unauthenticated_userid(request)
        try:
            user_id = int(user_id)
        except Exception:
            return None

        if user_id:
            user = User.by_id(user_id)
            if user:
                request.environ['appenlight.username'] = '******' % (
                    user_id, user.user_name)
            return user
        else:
            return None
Esempio n. 6
0
def users_DELETE(request):
    """
    Removes a user permanently from db - makes a check to see if after the
    operation there will be at least one admin left
    """
    msg = _('There needs to be at least one administrator in the system')
    user = User.by_id(request.matchdict.get('user_id'))
    if user:
        users = User.users_for_perms(['root_administration']).all()
        if len(users) < 2 and user.id == users[0].id:
            request.session.flash(msg, 'warning')
        else:
            DBSession.delete(user)
            request.session.flash(_('User removed'))
            return True
    request.response.status = 422
    return False
Esempio n. 7
0
def users_update(request):
    """
    Updates user object
    """
    user = User.by_id(request.matchdict.get('user_id'))
    if not user:
        return HTTPNotFound()
    post_data = request.safe_json_body or {}
    if request.method == 'PATCH':
        form = forms.UserUpdateForm(MultiDict(post_data),
                                    csrf_context=request)
        if form.validate():
            form.populate_obj(user, ignore_none=True)
            if form.user_password.data:
                user.set_password(user.user_password)
            if form.status.data:
                user.status = 1
            else:
                user.status = 0
        else:
            return HTTPUnprocessableEntity(body=form.errors_json)
    return user.get_dict(exclude_keys=['security_code_date', 'notes',
                                       'security_code', 'user_password'])
Esempio n. 8
0
def relogin_to_user(request):
    user = User.by_id(request.GET.get('user_id'))
    if not user:
        return HTTPNotFound()
    headers = security.remember(request, user.id)
    return HTTPFound(location=request.route_url('/'), headers=headers)