Esempio n. 1
0
def privilege_list():
    setup_translation()
    can_edit = bool(current_user.has_roles('admin') or current_user.can_do('edit_privileges'))
    output = """\
    <table class="table table-striped">
      <thead>
        <tr>
          <th scope="col">""" + word("Privilege") + """</th>
          <th scope="col" class="text-end">""" + word("Action") + """</th>
        </tr>
      </thead>
      <tbody>
"""
    for role in db.session.execute(select(Role).order_by(Role.name)).scalars():
        if can_edit and role.name not in ['user', 'admin', 'developer', 'advocate', 'cron', 'trainer']:
            output += '        <tr><td>' + str(role.name) + '</td><td class="text-end"><a class="btn ' + app.config['BUTTON_CLASS'] + ' btn-danger btn-sm" href="' + url_for('delete_privilege', id=role.id) + '">Delete</a></td></tr>\n'
        else:
            output += '        <tr><td>' + str(role.name) + '</td><td>&nbsp;</td></tr>\n'

    output += """\
      </tbody>
    </table>
"""
    response = make_response(render_template('users/rolelist.html', version_warning=None, bodyclass='daadminbody', page_title=word('Privileges'), tab_title=word('Privileges'), privilegelist=output, can_edit=can_edit), 200)
    response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
    return response
Esempio n. 2
0
def user_profile_page():
    setup_translation()
    the_tz = current_user.timezone if current_user.timezone else get_default_timezone()
    if current_user.social_id and current_user.social_id.startswith('phone$'):
        form = PhoneUserProfileForm(request.form, obj=current_user)
    else:
        form = UserProfileForm(request.form, obj=current_user)
    form.timezone.choices = [(x, x) for x in sorted(list(zoneinfo.available_timezones()))]
    form.timezone.default = the_tz
    if str(form.timezone.data) == 'None' or str(form.timezone.data) == '':
        form.timezone.data = the_tz
    if request.method == 'POST' and form.validate():
        if current_user.has_roles(['admin', 'developer']):
            form.populate_obj(current_user)
        else:
            current_user.first_name = form.first_name.data
            current_user.last_name = form.last_name.data
            if current_user.social_id and current_user.social_id.startswith('phone$'):
                current_user.email = form.email.data
        db.session.commit()
        #docassemble.webapp.daredis.clear_user_cache()
        flash(word('Your information was saved.'), 'success')
        return redirect(url_for('interview_list'))
    response = make_response(render_template('users/user_profile_page.html', version_warning=None, page_title=word('User Profile'), tab_title=word('User Profile'), form=form, debug=debug_status()), 200)
    response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
    return response
Esempio n. 3
0
def user_add():
    setup_translation()
    is_admin = bool(current_user.has_roles('admin'))
    user_role = db.session.execute(select(Role).filter_by(name='user')).scalar_one()
    add_form = UserAddForm(request.form, role_id=[str(user_role.id)])
    if is_admin:
        add_form.role_id.choices = [(r.id, r.name) for r in db.session.execute(select(Role.id, Role.name).where(Role.name != 'cron').order_by('name'))]
    else:
        add_form.role_id.choices = [(r.id, r.name) for r in db.session.execute(select(Role.id, Role.name).where(and_(Role.name != 'cron', Role.name != 'admin', Role.name != 'developer', Role.name != 'advocate')).order_by('name'))]
    add_form.role_id.default = user_role.id
    if str(add_form.role_id.data) == 'None':
        add_form.role_id.data = user_role.id
    if request.method == 'POST' and add_form.validate():
        user, user_email = app.user_manager.find_user_by_email(add_form.email.data)
        if user:
            flash(word("A user with that e-mail has already registered"), "error")
            return redirect(url_for('user_add'))
        user_auth = UserAuthModel(password=app.user_manager.hash_password(add_form.password.data))
        while True:
            new_social = 'local$' + random_alphanumeric(32)
            existing_user = db.session.execute(select(UserModel).filter_by(social_id=new_social)).scalar()
            if existing_user:
                continue
            break
        the_user = UserModel(
            active=True,
            nickname=re.sub(r'@.*', '', add_form.email.data),
            social_id=new_social,
            email=add_form.email.data,
            user_auth=user_auth,
            first_name = add_form.first_name.data,
            last_name = add_form.last_name.data,
            confirmed_at = datetime.datetime.now()
        )
        num_roles = 0
        for role in db.session.execute(select(Role).order_by('id')).scalars():
            if not is_admin and role.name in ('admin', 'developer', 'advocate'):
                next
            if role.id in add_form.role_id.data:
                if role.name != 'cron':
                    the_user.roles.append(role)
                    num_roles +=1
        if num_roles == 0:
            the_user.roles.append(user_role)
        db.session.add(user_auth)
        db.session.add(the_user)
        db.session.commit()
        #docassemble.webapp.daredis.clear_user_cache()
        flash(word("The new user has been created"), "success")
        return redirect(url_for('user_list'))
    response = make_response(render_template('users/add_user_page.html', version_warning=None, bodyclass='daadminbody', page_title=word('Add User'), tab_title=word('Add User'), form=add_form), 200)
    response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
    return response
Esempio n. 4
0
def invite():
    """ Allows users to send invitations to register an account """
    setup_translation()
    is_admin = bool(current_user.has_roles('admin'))
    user_manager = current_app.user_manager

    the_next = request.args.get('next',
                                _endpoint_url(user_manager.after_invite_endpoint))

    user_role = db.session.execute(select(Role).filter_by(name='user')).scalar_one()
    invite_form = MyInviteForm(request.form)
    if is_admin:
        invite_form.role_id.choices = [(str(r.id), str(r.name)) for r in db.session.execute(select(Role.id, Role.name).where(and_(Role.name != 'cron', Role.name != 'admin')).order_by('name'))]
    else:
        invite_form.role_id.choices = [(str(r.id), str(r.name)) for r in db.session.execute(select(Role.id, Role.name).where(and_(Role.name != 'cron', Role.name != 'admin', Role.name != 'developer', Role.name != 'advocate')).order_by('name'))]
    if request.method=='POST' and invite_form.validate():
        email_addresses = []
        for email_address in re.split(r'[\n\r]+', invite_form.email.data.strip()):
            (part_one, part_two) = email.utils.parseaddr(email_address)
            email_addresses.append(part_two)

        the_role_id = None

        for role in db.session.execute(select(Role).order_by('id')).scalars():
            if not is_admin and role.name in ('admin', 'developer', 'advocate'):
                continue
            if role.id == int(invite_form.role_id.data) and role.name != 'admin' and role.name != 'cron':
                the_role_id = role.id

        if the_role_id is None:
            the_role_id = user_role.id

        has_error = False
        for email_address in email_addresses:
            user, user_email = user_manager.find_user_by_email(email_address)
            if user:
                flash(word("A user with that e-mail has already registered") + " (" + email_address + ")", "error")
                has_error = True
                continue
            user_invite = MyUserInvitation(email=email_address, role_id=the_role_id, invited_by_user_id=current_user.id)
            db.session.add(user_invite)
            db.session.commit()
            token = user_manager.generate_token(user_invite.id)
            accept_invite_link = url_for('user.register',
                                         token=token,
                                         _external=True)

            user_invite.token = token
            db.session.commit()
            #docassemble.webapp.daredis.clear_user_cache()
            try:
                logmessage("Trying to send invite e-mail to " + str(user_invite.email))
                emails.send_invite_email(user_invite, accept_invite_link)
                logmessage("Sent e-mail invite to " + str(user_invite.email))
            except Exception as e:
                try:
                    logmessage("Failed to send invite e-mail: " + e.__class__.__name__ + ': ' + str(e))
                except:
                    logmessage("Failed to send invite e-mail")
                db.session.delete(user_invite)
                db.session.commit()
                #docassemble.webapp.daredis.clear_user_cache()
                flash(word('Unable to send e-mail.  Error was: ') + str(e), 'error')
                has_error = True
        if has_error:
            return redirect(url_for('invite'))
        if len(email_addresses) > 1:
            flash(word('Invitations have been sent.'), 'success')
        else:
            flash(word('Invitation has been sent.'), 'success')
        return redirect(the_next)
    if invite_form.role_id.data is None:
        invite_form.role_id.process_data(str(user_role.id))
    response = make_response(render_template('flask_user/invite.html', version_warning=None, bodyclass='daadminbody', page_title=word('Invite User'), tab_title=word('Invite User'), form=invite_form), 200)
    response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
    return response
Esempio n. 5
0
def edit_user_profile_page(id):
    setup_translation()
    is_admin = bool(current_user.has_roles('admin'))
    if is_admin:
        can_edit_privileges = True
        can_delete = True
        can_edit_user_active_status = True
    else:
        can_edit_privileges = current_user.can_do('edit_user_privileges')
        can_delete = current_user.can_do('delete_user') and current_user.can_do('access_sessions') and current_user.can_do('edit_sessions')
        can_edit_user_active_status = current_user.can_do('edit_user_active_status')
    if not id:
        flash(word('The user account did not exit.'), 'danger')
        return redirect(url_for('user_list'))
    user = db.session.execute(select(UserModel).options(db.joinedload(UserModel.roles)).filter_by(id=id)).unique().scalar_one()
    if not user:
        flash(word('The user account did not exit.'), 'danger')
        return redirect(url_for('user_list'))
    if not is_admin:
        protected_user = False
        for role in user.roles:
            if role.name in ('admin', 'developer', 'advocate'):
                protected_user = True
                break
        if protected_user:
            flash(word('You do not have sufficient privileges to edit this user.'), 'danger')
            return redirect(url_for('user_list'))
    the_tz = user.timezone if user.timezone else get_default_timezone()
    if user is None or user.social_id.startswith('disabled$'):
        return redirect(url_for('user_list'))
    if 'disable_mfa' in request.args and int(request.args['disable_mfa']) == 1:
        user.otp_secret = None
        db.session.commit()
        #docassemble.webapp.daredis.clear_user_cache()
        return redirect(url_for('edit_user_profile_page', id=id))
    if 'reset_email_confirmation' in request.args and int(request.args['reset_email_confirmation']) == 1:
        user.confirmed_at = None
        db.session.commit()
        #docassemble.webapp.daredis.clear_user_cache()
        return redirect(url_for('edit_user_profile_page', id=id))
    if can_delete and daconfig.get('admin can delete account', True) and user.id != current_user.id:
        if 'delete_account' in request.args and int(request.args['delete_account']) == 1:
            server.user_interviews(user_id=id, secret=None, exclude_invalid=False, action='delete_all', delete_shared=False)
            delete_user_data(id, server.server_redis, server.server_redis_user)
            db.session.commit()
            flash(word('The user account was deleted.'), 'success')
            return redirect(url_for('user_list'))
        if 'delete_account_complete' in request.args and int(request.args['delete_account_complete']) == 1:
            server.user_interviews(user_id=id, secret=None, exclude_invalid=False, action='delete_all', delete_shared=True)
            delete_user_data(id, server.server_redis, server.server_redis_user)
            db.session.commit()
            flash(word('The user account was deleted.'), 'success')
            return redirect(url_for('user_list'))
    the_role_id = []
    for role in user.roles:
        the_role_id.append(role.id)
    if len(the_role_id) == 0:
        the_role_id = [db.session.execute(select(Role.id).filter_by(name='user')).scalar_one()]
    form = EditUserProfileForm(request.form, obj=user, role_id=the_role_id)
    if request.method == 'POST' and form.cancel.data:
        flash(word('The user profile was not changed.'), 'success')
        return redirect(url_for('user_list'))
    if user.social_id.startswith('local$') or daconfig.get('allow external auth with admin accounts', False):
        form.role_id.choices = [(r.id, r.name) for r in db.session.execute(select(Role.id, Role.name).where(Role.name != 'cron').order_by('name'))]
        privileges_note = None
    else:
        form.role_id.choices = [(r.id, r.name) for r in db.session.execute(select(Role.id, Role.name).where(and_(Role.name != 'cron', Role.name != 'admin')).order_by('name'))]
        privileges_note = word("Note: only users with e-mail/password accounts can be given admin privileges.")
    form.timezone.choices = [(x, x) for x in sorted(list(zoneinfo.available_timezones()))]
    form.timezone.default = the_tz
    if str(form.timezone.data) == 'None' or str(form.timezone.data) == '':
        form.timezone.data = the_tz
    form.uses_mfa.data = bool(user.otp_secret is not None)
    admin_id = db.session.execute(select(Role.id).filter_by(name='admin')).scalar_one()
    if request.method == 'POST' and form.validate(user.id, admin_id):
        if not can_edit_user_active_status:
            form.active.data = user.active
        form.populate_obj(user)
        if can_edit_privileges:
            roles_to_remove = []
            the_role_id = []
            for role in user.roles:
                if not is_admin and role.name in ('admin', 'developer', 'advocate'):
                    continue
                roles_to_remove.append(role)
            for role in roles_to_remove:
                user.roles.remove(role)
            for role in db.session.execute(select(Role).order_by('id')).scalars():
                if not is_admin and role.name in ('admin', 'developer', 'advocate'):
                    continue
                if role.id in form.role_id.data:
                    user.roles.append(role)
                    the_role_id.append(role.id)
        db.session.commit()
        flash(word('The information was saved.'), 'success')
        return redirect(url_for('user_list'))
    confirmation_feature = bool(user.id > 2)
    script = """
    <script>
      $(".dadeleteaccount").click(function(event){
        if (!confirm(""" + json.dumps(word("Are you sure you want to permanently delete this user's account?")) + """)){
          event.preventDefault();
          return false;
        }
      });
    </script>"""
    form.role_id.process_data(the_role_id)
    if user.active:
        form.active.default = 'checked'
    response = make_response(render_template('users/edit_user_profile_page.html', version_warning=None, page_title=word('Edit User Profile'), tab_title=word('Edit User Profile'), form=form, confirmation_feature=confirmation_feature, privileges_note=privileges_note, is_self=(user.id == current_user.id), extra_js=Markup(script), is_admin=is_admin, can_edit_privileges=can_edit_privileges, can_delete=can_delete, can_edit_user_active_status=can_edit_user_active_status), 200)
    response.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
    return response