def post(self, *args, **kwargs): user_uuid = self.get_argument('uuid', '') user = User.by_uuid(user_uuid) if user is not None: errors = [] username = self.get_argument('username', None) password = self.get_argument('password', None) if password is not None: if 12 <= len(password) <= 100: self.change_user_password(user) else: errors.append("Password invalid length (12-100)") if username is not None and username != user.username: if 3 <= len(username) <= 15: if User.by_username(username) is None: user.username = username dbsession.add(user) dbsession.flush() else: errors.append("Username already exists") else: errors.append("Username is an invalid length (3-15)") self.render("admin/manage_users.html", errors=errors) else: self.render("admin/manage_users.html", errors=["User does not exist"])
def post(self, *args, **kwargs): user_uuid = self.get_argument('uuid', '') user = User.by_uuid(user_uuid) if user is not None: errors = [] username = self.get_argument('username', None) password = self.get_argument('password', None) if password is not None: if 12 <= len(password) <= 100: self.change_user_password(user) else: errors.append("Password invalid length (12-100)") if username is not None and username != user.username: if 3 <= len(username) <= 15: if User.by_username(username) is None: user.username = username dbsession.add(user) dbsession.flush() else: errors.append("Username already exists") else: errors.append("Username is an invalid length (3-15)") self.render("admin/manage_users.html", errors=errors) else: self.render("admin/manage_users.html", errors=["User does not exist"] )
def wrapper(self, *args, **kwargs): if self.session is not None: user = User.by_username(self.session['username']) if user is not None and user.has_permission(permission): return method(self, *args, **kwargs) logging.warn("Attempted unauthorized access from %s to %s" % ( self.request.remote_ip, self.request.uri, )) self.redirect(self.application.settings['forbidden_url'])