def create_user(user, password, full_name, email, contact_address, telephone, notes, status, utype,data_group):
check_secobj("A0001")
db = utils.ConnectDB()
db.execute("""INSERT INTO users(user,
password,
full_name,
email,
contact_address,
telephone,
notes,
status,
type)
VALUES (?,
?,
?,
?,
?,
?,
?,
?,
?)""",
(user,\
password,\
full_name,\
email,\
contact_address,\
telephone,\
notes,\
status,\
utype))
db.execute('COMMIT')
def actual_user_datagroup_privileges(datagroup):
db = utils.ConnectDB()
count = db.query("SELECT `update`, `create`, `delete`, `view` FROM users_datagroup WHERE `user` = ? and `data_group` = ?",(get_actual_user()['user'], datagroup))
row = db.fetchone()
if count > 0:
return row
else
return False
def formulario_ejemplo_DELETE(**params):
try:
db = utils.ConnectDB()
db.execute('DELETE FROM users WHERE user = %s',
(params.get('user', ''), ))
db.execute('COMMIT')
message = 'ok'
except Exception, e:
message = repr(e)
def formulario_ejemplo_POST(**params):
db = utils.ConnectDB()
if params.get('create') == 'true':
db.execute('INSERT INTO users (user, full_name) VALUES (%s, %s)',
(params.get('user'), params.get('full_name')))
else:
db.execute('UPDATE users SET full_name = %s WHERE user = %s',
(params.get('full_name'), params.get('user')))
db.execute('COMMIT')
redirect('/web/menu_principal/formulario_ejemplo')
def crear_entrada_material_POST(**params):
db = utils.ConnectDB()
user = params.get('user')
new = params.get('new')
if user:
db.execute('SELECT user, full_name FROM users WHERE user = %s',
(user, ))
rowdata = db.fetchone()
else:
rowdata = {'user': '', 'full_name': ''}
redirect('crear_entrada_material')
def user_detail_GET(**params):
db = utils.ConnectDB()
user = params.get('user')
new = params.get('new')
if user:
db.execute('SELECT user, full_name FROM users WHERE user = %s',
(user, ))
rowdata = db.fetchone()
else:
rowdata = {'user': '', 'full_name': ''}
return template("user_detail.html",
title='Formulario',
userdata=rowdata,
create=('true' if new else 'false'))
redirect('/web/security/users')
def update_user(user,**fields):
check_secobj("A0003")
db = utils.ConnectDB()
db.execute("SELECT * FROM user WHERE user = ?",(user,))
row = db.fetchone()
if row:
privileges = actual_user_datagroup_privileges(row['data_group'])
if !privileges or privileges['update'] != 1:
raise Exception(_("Actualizacion de datos de usuario denegada, el usuario actual no tiene asignado el grupo de datos {data_group} o este grupo no tiene el privilegio de actualizacion").format(data_group=row['data_group']))
else:
raise Exception(_("El usuario {user} no fue encontrado".format(user=user)))
db.execute('UPDATE users SET {updated_fields} WHERE user = %s'.format(updated_fields=", ".["{field} = '{value}'" for field, value in fields.iteritems()]),(user,))
db.execute('COMMIT')
def delete_user(user):
check_secobj("A0002")
db = utils.ConnectDB()
db.execute("SELECT * FROM user WHERE user = ?",(user,))
row = db.fetchone()
if row:
privileges = actual_user_datagroup_privileges(row['data_group'])
if !privileges or privileges['delete'] != 1:
raise Exception(_("Eliminacion de usuario denegada, el usuario actual no tiene asignado el grupo de datos {data_group} o este grupo no tiene el privilegio de eliminacion").format(data_group=row['data_group']))
else:
raise Exception(_("El usuario {user} no fue encontrado".format(user=user)))
db.execute('DELETE FROM users WHERE user = %s',(user,))
db.execute('COMMIT')
def authenticate():
try:
ts = datetime.datetime.now() + datetime.timedelta(days=1)
token = str(uuid.uuid4())
response.set_cookie("token", token, expires=ts, path="/")
username = request.forms.get('username', '')
password = request.forms.get('password', '')
if utils.check_pass(username, password):
db = utils.ConnectDB()
db.execute('UPDATE users SET session_key = %s WHERE user = %s',
(token, username))
db.execute('COMMIT')
redirect('/home.html')
else:
redirect('/?incorrect_login=True&username={username}'.format(
username=username))
except bottle.HTTPResponse, e:
raise e
def record_history(action, data):
db = utils.ConnectDB()
db.execute("""INSERT INTO user_history(log_id,
user,
action,
data,
`timestamp`)
VALUES (:?,
:?,
:?,
:?,
:?);""",
(
str(uuid.uuid4()),
get_actual_user()['user']
action, \
data, \
time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime())
)
)
db.execute('COMMIT')
def formulario_ejemplo_GET(**params):
db = utils.ConnectDB()
user = params.get('user')
new = params.get('new')
if user:
db.execute('SELECT user, full_name FROM users WHERE user = %s',
(user, ))
rowdata = db.fetchone()
return template("formulario_ejemplo.html",
title='Formulario',
userdata=rowdata,
create='false')
elif new == 'true':
return template("formulario_ejemplo.html",
title='Formulario',
userdata={
'user': '',
'full_name': ''
},
create='true')
redirect('/web/menu_principal/tabla_ejemplo')
