def create_user(user, password, full_name, email, contact_address, telephone, notes, status, utype,data_group): check_secobj("A0001") db = utils.ConnectDB() db.execute("""INSERT INTO users(user, password, full_name, email, contact_address, telephone, notes, status, type) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)""", (user,\ password,\ full_name,\ email,\ contact_address,\ telephone,\ notes,\ status,\ utype)) db.execute('COMMIT')
def actual_user_datagroup_privileges(datagroup): db = utils.ConnectDB() count = db.query("SELECT `update`, `create`, `delete`, `view` FROM users_datagroup WHERE `user` = ? and `data_group` = ?",(get_actual_user()['user'], datagroup)) row = db.fetchone() if count > 0: return row else return False
def formulario_ejemplo_DELETE(**params): try: db = utils.ConnectDB() db.execute('DELETE FROM users WHERE user = %s', (params.get('user', ''), )) db.execute('COMMIT') message = 'ok' except Exception, e: message = repr(e)
def formulario_ejemplo_POST(**params): db = utils.ConnectDB() if params.get('create') == 'true': db.execute('INSERT INTO users (user, full_name) VALUES (%s, %s)', (params.get('user'), params.get('full_name'))) else: db.execute('UPDATE users SET full_name = %s WHERE user = %s', (params.get('full_name'), params.get('user'))) db.execute('COMMIT') redirect('/web/menu_principal/formulario_ejemplo')
def crear_entrada_material_POST(**params): db = utils.ConnectDB() user = params.get('user') new = params.get('new') if user: db.execute('SELECT user, full_name FROM users WHERE user = %s', (user, )) rowdata = db.fetchone() else: rowdata = {'user': '', 'full_name': ''} redirect('crear_entrada_material')
def user_detail_GET(**params): db = utils.ConnectDB() user = params.get('user') new = params.get('new') if user: db.execute('SELECT user, full_name FROM users WHERE user = %s', (user, )) rowdata = db.fetchone() else: rowdata = {'user': '', 'full_name': ''} return template("user_detail.html", title='Formulario', userdata=rowdata, create=('true' if new else 'false')) redirect('/web/security/users')
def update_user(user,**fields): check_secobj("A0003") db = utils.ConnectDB() db.execute("SELECT * FROM user WHERE user = ?",(user,)) row = db.fetchone() if row: privileges = actual_user_datagroup_privileges(row['data_group']) if !privileges or privileges['update'] != 1: raise Exception(_("Actualizacion de datos de usuario denegada, el usuario actual no tiene asignado el grupo de datos {data_group} o este grupo no tiene el privilegio de actualizacion").format(data_group=row['data_group'])) else: raise Exception(_("El usuario {user} no fue encontrado".format(user=user))) db.execute('UPDATE users SET {updated_fields} WHERE user = %s'.format(updated_fields=", ".["{field} = '{value}'" for field, value in fields.iteritems()]),(user,)) db.execute('COMMIT')
def delete_user(user): check_secobj("A0002") db = utils.ConnectDB() db.execute("SELECT * FROM user WHERE user = ?",(user,)) row = db.fetchone() if row: privileges = actual_user_datagroup_privileges(row['data_group']) if !privileges or privileges['delete'] != 1: raise Exception(_("Eliminacion de usuario denegada, el usuario actual no tiene asignado el grupo de datos {data_group} o este grupo no tiene el privilegio de eliminacion").format(data_group=row['data_group'])) else: raise Exception(_("El usuario {user} no fue encontrado".format(user=user))) db.execute('DELETE FROM users WHERE user = %s',(user,)) db.execute('COMMIT')
def authenticate(): try: ts = datetime.datetime.now() + datetime.timedelta(days=1) token = str(uuid.uuid4()) response.set_cookie("token", token, expires=ts, path="/") username = request.forms.get('username', '') password = request.forms.get('password', '') if utils.check_pass(username, password): db = utils.ConnectDB() db.execute('UPDATE users SET session_key = %s WHERE user = %s', (token, username)) db.execute('COMMIT') redirect('/home.html') else: redirect('/?incorrect_login=True&username={username}'.format( username=username)) except bottle.HTTPResponse, e: raise e
def record_history(action, data): db = utils.ConnectDB() db.execute("""INSERT INTO user_history(log_id, user, action, data, `timestamp`) VALUES (:?, :?, :?, :?, :?);""", ( str(uuid.uuid4()), get_actual_user()['user'] action, \ data, \ time.strftime("%Y-%m-%d %H:%M:%S", time.gmtime()) ) ) db.execute('COMMIT')
def formulario_ejemplo_GET(**params): db = utils.ConnectDB() user = params.get('user') new = params.get('new') if user: db.execute('SELECT user, full_name FROM users WHERE user = %s', (user, )) rowdata = db.fetchone() return template("formulario_ejemplo.html", title='Formulario', userdata=rowdata, create='false') elif new == 'true': return template("formulario_ejemplo.html", title='Formulario', userdata={ 'user': '', 'full_name': '' }, create='true') redirect('/web/menu_principal/tabla_ejemplo')