def login(self, username=None, password=None):
"""The login POST endpoint."""
if cherrypy.request.method != "POST":
raise cherrypy.HTTPError(404)
if cherrypy.session.get('username'):
flash("You have already logged in.")
raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")
valid = User.validate_credentials(username, password)
status = User.get_user(username)['member_type']
if not valid:
flash("Invalid credentials.", 'error')
raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")
if status == 'banned':
flash("You can't login, you are banned!", 'error')
raise cherrypy.HTTPRedirect('/')
User.log_visit(username)
cherrypy.session['username'] = username
cherrypy.session.save()
flash("Logged in successfully!", 'success')
# redirect user back to the page where login was entered
raise cherrypy.HTTPRedirect(cherrypy.request.headers.get("Referer", "/") or "/")
def delete(username, songname):
"""Attempts to delete a song."""
if not cherrypy.session.get('username'):
raise cherrypy.HTTPError(401)
if cherrypy.request.method != 'POST':
raise cherrypy.HTTPError(404)
current_user = cherrypy.session.get('username')
user = User.get_user(current_user)
if user['member_type'] != 'admin':
if current_user != username:
raise cherrypy.HTTPError(401)
songid = Song.get_user_song(username, songname)
Song.delete_song(songid)
flash("Deleted '%s'" % (songname), 'success')
raise cherrypy.HTTPRedirect("/users/" + username)
def render(self, view, **params):
"""Renders a template with some parameters pulled from the active session"""
username=cherrypy.session.get('username')
logged_in = username!=None
if not 'error_message' in params:
params['error_message'] = ''
try:
current_user = cherrypy.session.get('username')
user = User.get_user(username)
params['member_type'] = user['member_type']
except Exception as e:
params['member_type'] = ''
params['flash'] = flash=cherrypy.session.get('flash')
params['username'] = username
params['logged_in'] = logged_in
return view.render(**params)
def users(self, who=None, **args):
"""User detail page handler."""
if not who:
# TODO add user listing here?
flash('Invalid user.', 'error')
return self.render(error_view)
person = User.get_user(who)
if person == None:
msg = "User '%s' not found!" % (str(who))
return self.render(error_view, error_message=msg)
if 'ban' in args:
self.set_user_type(who, 'banned')
elif 'unban' in args:
self.set_user_type(who, 'member')
sanitized = User.sanitize_user(person)
songs = User.get_user_songs_detailed(person["username"])
return self.render(user_view, user=sanitized, songs=songs)
def set_user_type(self, target, status):
"""
Attempts to set user member_type.
Checks the credentials of the current session.
"""
if not cherrypy.session.get('username'):
raise cherrypy.HTTPError(401)
username=cherrypy.session.get('username')
user = User.get_user(username)
if user['member_type'] != 'admin':
raise cherrypy.HTTPError(401)
try:
User.set_user_type(target, status)
except:
flash("Can't set user status!", 'error')
else:
flash("User status set to %s!" % status, 'success')
raise cherrypy.HTTPRedirect("/users/%s" % target)
