def test_staff(self): staffer1 = C3sStaff( login=u'staffer1', password=u'stafferspassword' ) staffer1.group = ['staff'] staffer2 = C3sStaff( login=u'staffer2', password=u'staffer2spassword', ) staffer2.group = ['staff2'] self.session.add(staffer1) self.session.add(staffer2) self.session.flush() _staffer2_id = staffer2.id _staffer1_id = staffer1.id self.assertTrue(staffer2.password is not '') #print('by id: %s' % C3sStaff.get_by_id(_staffer1_id)) #print('by id: %s' % C3sStaff.get_by_id(_cashier1_id)) #print('by login: %s' % C3sStaff.get_by_login(u'staffer1')) #print('by login: %s' % C3sStaff.get_by_login(u'cashier1')) self.assertEqual( C3sStaff.get_by_id(_staffer1_id), C3sStaff.get_by_login(u'staffer1') ) self.assertEqual( C3sStaff.get_by_id(_staffer2_id), C3sStaff.get_by_login(u'staffer2') ) '''test get_all''' res = C3sStaff.get_all() self.assertEqual(len(res), 2) '''test delete_by_id''' C3sStaff.delete_by_id(1) res = C3sStaff.get_all() self.assertEqual(len(res), 1) '''test check_user_or_None''' res1 = C3sStaff.check_user_or_None(u'staffer2') res2 = C3sStaff.check_user_or_None(u'staffer1') #print res1 #print res2 self.assertTrue(res1 is not None) self.assertTrue(res2 is None) '''test check_password''' #print(C3sStaff.check_password(cashier1, 'cashierspassword')) C3sStaff.check_password(u'staffer2', u'staffer2spassword')
def staff_view(request): """ This view lets admins edit staff/cashier personnel: who may act as cashier etc.? """ _staffers = C3sStaff.get_all() class Staffer(colander.MappingSchema): login = colander.SchemaNode( colander.String(), title='login', ) password = colander.SchemaNode( colander.String(), title='passwort', ) schema = Staffer() stafferform = deform.Form( schema, buttons=[ deform.Button('new_staffer', 'save') ] ) if 'action' in request.POST: #print(request.POST['id']) try: _staffer = C3sStaff.get_by_id(int(request.POST['id'])) except: # print("exception!") return HTTPFound(location=request.route_url('staff')) #print(request.POST['action']) if request.POST['action'] == u'delete': #print("will delete staff id %s" % _staffer.id) C3sStaff.delete_by_id(_staffer.id) #print("deleted staff id %s" % _staffer.id) # send mail encrypted = encrypt_with_gnupg('''hi, %s was deleted from the backend by %s. best, your membership tool''' % (_staffer.login, request.authenticated_userid)) message = Message( subject='[C3S Yes] staff was deleted.', sender='*****@*****.**', recipients=[ request.registry.settings['c3smembership.mailaddr']], body=encrypted ) mailer = get_mailer(request) mailer.send(message) return HTTPFound(location=request.route_url('staff')) elif request.POST['action'] == 'edit': appstruct = { 'login': _staffer.login, 'password': '******', } stafferform.set_appstruct(appstruct) if 'new_staffer' in request.POST: #print "new staffer!" controls = request.POST.items() try: appstruct = stafferform.validate(controls) #print('validated!') except ValidationFailure, e: return { 'stafferform': e.render() } # XXX login must be unique! existing = C3sStaff.get_by_login(appstruct['login']) if existing is not None: #print "that staffer exists!" if u'_UNCHANGED_' in appstruct['password']: pass else: existing.password = appstruct['password'] existing.last_password_change = datetime.now() encrypted = encrypt_with_gnupg('''hi, the password of %s was changed by %s. best, your membership tool''' % (existing.login, request.authenticated_userid)) message = Message( subject='[C3S Yes] staff password changed.', sender='*****@*****.**', recipients=[ request.registry.settings['c3smembership.mailaddr']], body=encrypted ) else: # create new entry staffer = C3sStaff( login=appstruct['login'], password=appstruct['password'], email=u'', ) staffer.groups = [Group.get_staffers_group()] #print "about to add user" DBSession.add(staffer) DBSession.flush() print "added staffer" # send mail encrypted = encrypt_with_gnupg('''hi, %s was added to the backend by %s. best, your membership tool''' % (staffer.login, request.authenticated_userid)) message = Message( subject='[C3S Yes] staff was added.', sender='*****@*****.**', recipients=[ request.registry.settings['c3smembership.mailaddr']], body=encrypted ) mailer = get_mailer(request) mailer.send(message) return HTTPFound( request.route_url('staff') )