def edit_user(user_id):
cuser = None
if user_id is not None:
cuser = User.get(id=user_id)
if not cuser:
return abort(404)
if cuser.id != request.user.id and not request.user.can_manage:
return abort(403)
elif not request.user.can_manage:
return abort(403)
errors = []
if request.method == 'POST':
if not cuser and not request.user.can_manage:
return abort(403)
user_name = request.form.get('user_name')
password = request.form.get('user_password')
can_manage = request.form.get('user_can_manage') == 'on'
can_view_buildlogs = request.form.get(
'user_can_view_buildlogs') == 'on'
can_download_artifacts = request.form.get(
'user_can_download_artifacts') == 'on'
if not cuser: # Create a new user
assert request.user.can_manage
other = User.get(name=user_name)
if other:
errors.append('User {!r} already exists'.format(user_name))
elif len(user_name) == 0:
errors.append('Username is empty')
elif len(password) == 0:
errors.append('Password is empty')
else:
cuser = User(name=user_name,
passhash=utils.hash_pw(password),
can_manage=can_manage,
can_view_buildlogs=can_view_buildlogs,
can_download_artifacts=can_download_artifacts)
else: # Update user settings
if password:
cuser.passhash = utils.hash_pw(password)
# The user can only update privileges if he has managing privileges.
if request.user.can_manage:
cuser.can_manage = can_manage
cuser.can_view_buildlogs = can_view_buildlogs
cuser.can_download_artifacts = can_download_artifacts
if not errors:
return redirect(cuser.url())
models.rollback()
return render_template('edit_user.html',
user=request.user,
cuser=cuser,
errors=errors)
def login():
errors = []
if request.method == 'POST':
user_name = request.form['user_name']
user_password = request.form['user_password']
user = User.get(name=user_name, passhash=utils.hash_pw(user_password))
if user:
token = LoginToken.create(request.remote_addr, user)
session['flux_login_token'] = token.token
return redirect(url_for('dashboard'))
errors.append('Username or password invalid.')
return render_template('login.html', errors=errors)
def create_or_update_root(cls):
root = cls.get_root_user()
if root:
# Make sure the root has all privileges.
root.can_manage = True
root.can_download_artifacts = True
root.can_view_buildlogs = True
root.set_password(config.root_password)
root.name = config.root_user
else:
# Create a new root user.
app.logger.info('Creating new root user: {!r}'.format(
config.root_user))
root = cls(name=config.root_user,
passhash=utils.hash_pw(config.root_password),
can_manage=True,
can_download_artifacts=True,
can_view_buildlogs=True)
return root
def get_by_login_details(cls, user_name, password):
passhash = utils.hash_pw(password)
return orm.select(
x for x in cls
if x.name == user_name and x.passhash == passhash).first()
def set_password(self, password):
self.passhash = utils.hash_pw(password)
