def accessControl(self): login = StringToBool(self.getField('login')) logout = StringToBool(self.getField('logout')) if logout: # invalidate session self.getSession().invalidate() # destroy remember cookies self.clearRemember(self.getBasepath()) login = False from controllers import MASTER_ACCESS, PRELOGIN, LOGGED, DEV_ACCESS # force default accessLevel to PRELOGIN if not set and hasStatmonACL if model.hasStatmonACL(): if not self.getSessionValue('logged',default=False,init=True): self.setSessionValue('accessLevel',PRELOGIN) else: # else set accessLevel to MASTER_ACCESS (omitting ACL_EDIT_ACCESS) # force regardless of exiting value self.setSessionValue('accessLevel',MASTER_ACCESS) login = False # validate if login params are supplied remember = self.getCookie('rememberUser',False) if login or (remember and not logout): user = self.getField('user','') password = self.getField('pass','') onepass = self.getField('opass','') statmonUser = None if (user and onepass): oneTimeUser = model.getStatmonUser(user) if onepass in self.oneTimePass(oneTimeUser,forValidation=True): statmonUser = oneTimeUser if (user and password) or remember or statmonUser: refreshRemember = False # attempt cookie validation if remember and not statmonUser: rememberUser = model.getStatmonUser(remember) if rememberUser and self.getCookie('rememberCert',secret=rememberUser.password) == rememberUser.user: model.validateStatmonUser(rememberUser.user) # touch last login timestamp statmonUser = rememberUser refreshRemember = True else: self.clearRemember(self.getBasepath()) # attempt normal validation if model.validateStatmonUser(user,password): statmonUser = model.getStatmonUser(user,password) if statmonUser: self.setSessionValue('logged',True) self.setSessionValue('user',statmonUser.user) accessLevel = statmonUser.access|LOGGED self.setSessionValue('accessLevel',accessLevel) # refresh or set remember cookies if (self.getField('remember',False) or refreshRemember) and statmonUser.password and not onepass: self.setRemember(self.getBasepath(),statmonUser.user,statmonUser.password) # force login if not logged in and (page requires login or user requests login) if (model.hasStatmonACL() and not self.getSessionValue('logged',False,True) and (self.getControllerByURI(notFound=False,overrideFound=False,forbidden=True) or login)): redirectURL = '' for item in self.getNavItems(ignoreAccess=True): if item.navTitle == 'Logout': if item.getURI()[0:2] == '..': redirectURL = item.getLink(self) break if redirectURL: from mod_python.util import redirect redirect(self.req,redirectURL) else: from settingsControllers import LoginController self.overrideContent = LoginController self._highlightController = LoginController global _serverName if not _serverName: try: _serverName = model.getStatus()[0].server_name except: _serverName = None if model.hasStatmonACL(): if self.getSessionValue('user'): if _serverName: self.setStatus(self.getSessionValue('user')+'@'+_serverName) else: self.setStatus(self.getSessionValue('user')) if self.getAccessLevel()&DEV_ACCESS: self.debugAlerts = True
def processInputs(self,allowBlankUser=True): update = StringToBool(self.getField('update')) addUser = InputController(self.req,'Add/Update User',applyButton='Add/Update User',defaultButton=None,parent=self) user = addUser.processInput(II('user','Username',II.TEXT,allowBlank=True)) pass1 = addUser.processInput(II('pass1','Password',II.PASS,allowBlank=True)) pass2 = addUser.processInput(II('pass2','Retype Password',II.PASS,allowBlank=True)) originalUser = None if user: originalUser = model.getStatmonUser(user) accessOpt = self.USER_TYPE if not update: if originalUser and originalUser.access: accessOpt = originalUser.access options=((self.MASTER_TYPE,'Master'),(self.ADMIN_TYPE,'Admin'),(self.USER_TYPE,'User')) if self.getAccessLevel()&self.DEBUG_TYPE: for option in options: options += ((option[0]|self.DEBUG_TYPE,option[1]+' (debug)'),) access = addUser.processInput(II('access','Access Type',II.DROPDOWN,allowBlank=False,options=options,default=accessOpt)) try: access = int(access) except: access = 0 badval = False password = None passany = (pass1 or pass2) if passany: if pass1 == pass2: password = pass1 else: addUser.updateInput('pass1',badval=True) addUser.updateInput('pass2',badval=True) badval = True self.addAlert(user and passany and not password,'E','Passwords do not match! Changes not applied.') if user: if not badval and update: if originalUser and not self.getAccessLevel()&self.DEBUG_TYPE: # only another debug user can remove debug access |= originalUser.access&self.DEBUG_TYPE model.updateStatmonUser(user,password,access) if originalUser: self.addMessage('User <span class="condition">%s</span> updated.' % self.escape(user)) else: self.addMessage('User <span class="condition">%s</span> added.' % self.escape(user)) if not password: if not originalUser or not originalUser.password: self.addAlert(True,'W','No password set! User <span class="condition">%s</span> will not be able to login until it has been set.' %user) else: self.addMessage('Old password was left unchanged.') if originalUser and originalUser.access != access: oldType = self.getAccessType(originalUser.access) newType = self.getAccessType(access) self.addMessage('Access Type change from <span class="condition">%s</span> to <span class="condition">%s</span>.' % (oldType,newType) ) if not user and (passany or not allowBlankUser): addUser.updateInput('user',badval=True) self.addAlert(update and not user,'E','Bad Username! Changes not applied.') self.addAlert(not update and not user and not allowBlankUser,'W','Enter valid username before applying!') self.addUser = addUser.getContent() return (update and not badval), user