def user_not_permitted(self, group):
"""Check the user is permmited to approve/reject the user."""
sm = getSecurityManager()
portal = getUtility(ISiteRoot)
portal_membership = getToolByName(self, 'portal_membership')
if sm.checkPermission(ManagePortal, portal):
return False
elif portal_membership.isAnonymousUser():
raise Unauthorized('You need to login to access this page.')
current_user = portal_membership.getAuthenticatedMember()
current_user_groups = current_user.getGroups()
if not group:
self.plone_utils.addPortalMessage(
_(u'You do not have permission to do this.'))
self.REQUEST.RESPONSE.redirect(self.absolute_url())
return True
group_list = asList(group)
for current_group in group_list:
if current_group in current_user_groups:
return False
self.plone_utils.addPortalMessage(
_(u'You do not have permission to do this.'))
self.REQUEST.RESPONSE.redirect(self.absolute_url())
return True
def check_approval_group(self):
"""Check current approval group based on the request."""
request = self.REQUEST
userid = request.form['userid']
sm = getSecurityManager()
portal = getUtility(ISiteRoot)
user = self.waiting_list.get(userid)
if userid:
user = self.waiting_list.get(userid)
if user is None:
self.plone_utils.addPortalMessage(
_(u'This user has already been dealt with.'))
elif sm.checkPermission(ManagePortal, portal):
# show the current approval group
current_username = user['username']
current_approval_group = user['approval_group']
messsage_string = _(
u'Approval group for "%(username)s" is "%(approval)s"') % {
'username': current_username,
'approval': current_approval_group}
self.plone_utils.addPortalMessage(messsage_string)
else:
self.plone_utils.addPortalMessage(
_(u'You do not have permission to manage this user.'))
request.RESPONSE.redirect(self.absolute_url())
def update_approval_group(self):
"""Fix wrong approval group based on the request."""
request = self.REQUEST
userid = request.form['userid']
sm = getSecurityManager()
portal = getUtility(ISiteRoot)
if userid:
user = self.waiting_list.get(userid)
if user is None:
self.plone_utils.addPortalMessage(
_(u'This user has already been dealt with.'))
elif sm.checkPermission(ManagePortal, portal):
# Fix the wrong approval group
current_approval_group = user['approval_group']
data_user_group = user['user_group']
new_approval_group = self.update_data_approval_group(
data_user_group)
user['approval_group'] = new_approval_group
# commit a subtransaction, to save the changes
transaction.get().commit()
messsage_string = _(u'"%(current)s" updated to "%(new)s"') % {
'current': current_approval_group,
'new': new_approval_group}
self.plone_utils.addPortalMessage(messsage_string)
else:
self.plone_utils.addPortalMessage(
_(u'You do not have permission to manage this user.'))
request.RESPONSE.redirect(self.absolute_url())
def get_status(self, user):
"""Return user status."""
if not user:
return ""
current_email = user.getProperty('email', '')
status = _("Active")
if current_email.startswith(self.disabled_email):
status = _("Inactive")
return status
def user_activate(self, user_id, request):
"""Activate user with user_id.
Remove USERDISABLED<randomkey>[email protected] from email field.
"""
if not user_id:
self.plone_utils.addPortalMessage(
_(u'This user ID is not valid.'))
return
self.prepare_member_properties()
portal_membership = getToolByName(self, 'portal_membership')
portal_registration = getToolByName(self, 'portal_registration')
user = portal_membership.getMemberById(user_id)
if not user:
self.plone_utils.addPortalMessage(
_(u'This user does not exists.'))
return
try:
current_user_id = ""
if not portal_membership.isAnonymousUser():
current_user = portal_membership.getAuthenticatedMember()
current_user_id = current_user.id
current_time = datetime.now().strftime("%d %B %Y %I:%M %p")
current_email = user.getProperty('email', '')
if not current_email:
# no email
return
if not current_email.startswith(self.disabled_email):
# already active
return
split = current_email.find("_")
if split < len(self.disabled_email):
# assume not valid email, should not be the case
return
new_email = current_email[split+1:]
# update user_last_updated_date and user_last_updated_by
user.setMemberProperties({
'email': new_email,
'last_updated_by': current_user_id,
'last_updated_date': current_time})
portal_registration.mailPassword(user.id, request)
self.plone_utils.addPortalMessage(
_(u"""This user is activated and
reset password email is sent to the user."""))
except (AttributeError, ValueError) as err:
logging.exception(err)
return {FORM_ERROR_MARKER: err}
return
def check_userid(self, data):
"""Make sure the user does not already exist or on the waiting list."""
if data['username'] in self.waiting_list.keys():
# user id is already on waiting list
error_text = _(
u"""The login name you selected is already in use.""")
if self.getUsername_field():
return {
FORM_ERROR_MARKER: _(u'You will need to signup again.'),
'username': error_text}
else:
return {
FORM_ERROR_MARKER: _(u'You will need to signup again.'),
'email': error_text}
def user_deactivate(self, user_id):
"""Deactivate user with user_id.
Add USERDISABLED<randomkey>[email protected] to email field.
"""
if not user_id:
self.plone_utils.addPortalMessage(
_(u'This user ID is not valid.'))
return
self.prepare_member_properties()
portal_membership = getToolByName(self, 'portal_membership')
user = portal_membership.getMemberById(user_id)
if not user:
self.plone_utils.addPortalMessage(
_(u'This user does not exists.'))
return
try:
current_user_id = ""
if not portal_membership.isAnonymousUser():
current_user = portal_membership.getAuthenticatedMember()
current_user_id = current_user.id
current_time = datetime.now().strftime("%d %B %Y %I:%M %p")
current_email = user.getProperty('email', '')
if not current_email:
# no email
return
if current_email.startswith(self.disabled_email):
# already deactivate
return
new_email = self.disabled_email + self.id_generator() + "_" + \
current_email
# update user_last_updated_date and user_last_updated_by
user.setMemberProperties({
'email': new_email,
'last_updated_by': current_user_id,
'last_updated_date': current_time})
passwd = self.id_generator(size=32)
user.setSecurityProfile(password=passwd)
self.plone_utils.addPortalMessage(
_(u'This user is deactivated.'))
except (AttributeError, ValueError) as err:
logging.exception(err)
return {FORM_ERROR_MARKER: err}
return
def reject_user(self):
"""Reject the user based on the request."""
request = self.REQUEST
# portal_registration = getToolByName(self, 'portal_registration')
userid = request.form['userid']
user = self.waiting_list.get(userid)
if user is None:
self.plone_utils.addPortalMessage(
_(u'This user has already been dealt with.'))
elif self.user_not_permitted(user['approval_group']):
self.plone_utils.addPortalMessage(
_(u'You do not have permission to manage this user.'))
else:
user = self.waiting_list.pop(userid)
self.send_reject_email(user)
self.plone_utils.addPortalMessage(_(u'User has been rejected.'))
request.RESPONSE.redirect(self.absolute_url())
def validate_password(self, data):
"""Validate password."""
errors = {}
if not data['password']:
errors['password'] = _(u'Please enter a password')
if not data['password_verify']:
errors['password_verify'] = _(u'Please enter a password')
if errors:
errors[FORM_ERROR_MARKER] = _(u'Please enter a password')
return errors
if data['password'] != data['password_verify']:
errors[FORM_ERROR_MARKER] = _(u'The passwords do not match')
errors['password'] = _(u'The passwords do not match')
errors['password_verify'] = _(u'The passwords do not match')
return errors
registration = getToolByName(self, 'portal_registration')
# This should ensure that the password is at least 5 chars long, but
# if the user filling in the form has ManagePortal permission it is
# ignored
error_message = registration.testPasswordValidity(data['password'])
if error_message:
errors[FORM_ERROR_MARKER] = error_message
errors['password'] = '******'
errors['password_verify'] = ' '
return errors
return None
def create_member(self, request, data, reset_password=False):
"""Create member."""
self.prepare_member_properties()
portal_membership = getToolByName(self, 'portal_membership')
portal_registration = getToolByName(self, 'portal_registration')
portal_groups = getToolByName(self, 'portal_groups')
username = data['username']
# TODO(ivanteoh): add switch to prevent groups being created on the fly
user_group = data['user_group']
self.create_group(user_group)
# need to recheck the member has not been created in the meantime
member = portal_membership.getMemberById(username)
if member is None:
# need to also pass username in properties, otherwise the user
# isn't found when setting the properties
try:
current_user_id = ""
if not portal_membership.isAnonymousUser():
current_user = portal_membership.getAuthenticatedMember()
current_user_id = current_user.id
current_time = datetime.now().strftime("%d %B %Y %I:%M %p")
member = portal_registration.addMember(
username, data['password'], [],
properties={'username': username,
'fullname': data['fullname'],
'email': data['email'],
'approved_by': current_user_id,
'approved_date': current_time})
except (AttributeError, ValueError) as err:
logging.exception(err)
return {FORM_ERROR_MARKER: err}
portal_groups.addPrincipalToGroup(member.getUserName(), user_group)
if reset_password:
# send out reset password email
portal_registration.mailPassword(username, request)
else:
return {FORM_ERROR_MARKER: _("This user already exists.")}
def update_member(self, request, user_id, user_fullname, current_group,
new_group):
"""Update member with full name and / or group."""
# If we use custom member properties they must be initialized
# before regtool is called
self.prepare_member_properties()
portal_membership = getToolByName(self, 'portal_membership')
portal_registration = getToolByName(self, 'portal_registration')
portal_groups = getToolByName(self, 'portal_groups')
if not user_id:
self.plone_utils.addPortalMessage(
_(u'User ID is not valid.'))
return
user = portal_membership.getMemberById(user_id)
if not user:
self.plone_utils.addPortalMessage(
_(u'This user does not exists.'))
return
if not new_group:
self.plone_utils.addPortalMessage(
_(u'User group is not valid.'))
return
new_user_group = portal_groups.getGroupById(new_group)
if not new_user_group:
self.plone_utils.addPortalMessage(
_(u'This user group does not exists.'))
return
try:
current_user_id = ""
if not portal_membership.isAnonymousUser():
current_user = portal_membership.getAuthenticatedMember()
current_user_id = current_user.id
current_time = datetime.now().strftime("%d %B %Y %I:%M %p")
# update user_last_updated_date and user_last_updated_by
user.setMemberProperties({
'fullname': user_fullname,
'last_updated_by': current_user_id,
'last_updated_date': current_time})
except (AttributeError, ValueError) as err:
logging.exception(err)
return {FORM_ERROR_MARKER: err}
if current_group != new_group:
try:
portal_groups.removePrincipalFromGroup(user_id, current_group)
except KeyError as err:
error_string = _(u'Can not remove group: %s.') % err
logging.exception(error_string)
self.plone_utils.addPortalMessage(error_string)
return
try:
portal_groups.addPrincipalToGroup(user_id, new_group)
except KeyError as err:
error_string = _(u'Can not add group: %s.') % err
logging.exception(error_string)
self.plone_utils.addPortalMessage(error_string)
return
return
def onSuccess(self, fields, REQUEST=None): # noqa C901
"""Save form input."""
# get username and password
portal_registration = getToolByName(self, 'portal_registration')
data = {}
for field in fields:
field_name = field.fgField.getName()
val = REQUEST.form.get(field_name, None)
if field_name == self.full_name_field:
data['fullname'] = val
elif field_name == self.username_field:
data['username'] = val
elif field_name == self.email_field:
data['email'] = val
elif field_name == self.password_field:
data['password'] = val
elif field_name == self.password_verify_field:
data['password_verify'] = val
else:
data[field_name] = val
if 'email' not in data:
return {
FORM_ERROR_MARKER: _(u'Sign Up form is not setup properly.')}
if 'username' not in data:
data['username'] = data['email']
# TalesField needs variables to be available from the context, so
# create a context and add them
expression_context = getExprContext(self, self.aq_parent)
for key in data.keys():
expression_context.setGlobal(key, REQUEST.form.get(key, None))
data['user_group'] = self.getUser_group_template(
expression_context=expression_context, **data)
# Split the manage_group_template into two:
# manage_group and approval_group
# manage_group_template can't use data argument any more
# because it will use when form data is not available
manage_group = self.getManage_group_template(
expression_context=expression_context)
is_manage_group_dict = isinstance(manage_group, dict)
data['approval_group'] = ""
if manage_group and is_manage_group_dict:
for manager, user_list in manage_group.iteritems():
if '*' in user_list:
data['approval_group'] = manager
if data['user_group'] in user_list:
data['approval_group'] = manager
break
if data['email'] is None or data['user_group'] == "":
# SignUpAdapter did not setup properly
return {
FORM_ERROR_MARKER: _(u'Sign Up form is not setup properly.')}
if not data['username']:
data['username'] = data['email']
# force email and username to lowercase
data['username'] = data['username'].lower()
data['email'] = data['email'].lower()
if not portal_registration.isValidEmail(data['email']):
return {
FORM_ERROR_MARKER: _(u'You will need to signup again.'),
'email': _(u'This is not a valid email address')}
if not portal_registration.isMemberIdAllowed(data['username']):
error_text = _(u"""The login name you selected is already in use or is not valid.
Please choose another.""")
if self.getUsername_field():
return {
FORM_ERROR_MARKER: _(u'You will need to signup again.'),
'username': error_text}
else:
return {
FORM_ERROR_MARKER: _(u'You will need to signup again.'),
'email': error_text}
check_id = self.check_userid(data)
if check_id:
return check_id
policy = self.getPolicy(data)
if policy == 'auto':
result = self.autoRegister(REQUEST, data)
# Just return the result, this should either be None on success or
# an error message
return result
email_from = getUtility(ISiteRoot).getProperty(
'email_from_address', '')
if not portal_registration.isValidEmail(email_from):
return {FORM_ERROR_MARKER: _(u'Portal email is not configured.')}
if policy == 'email':
result = self.emailRegister(REQUEST, data)
return result
if policy == 'approve':
result = self.approvalRegister(data)
return result
# If we get here, then something went wrong
return {FORM_ERROR_MARKER: _(u'The form is currently unavailable')}
from zope.component import getUtility
from zope.interface import implements
import logging
import random
import string
import transaction
SignUpAdapterSchema = FormAdapterSchema.copy() + atapi.Schema((
atapi.StringField(
'full_name_field',
default='fullname',
required=False,
widget=atapi.StringWidget(
label=_(u'label_full_name', default=u'Full Name Field'), # noqa H702
description=_(
u'help_full_name_field',
default=u"""Enter the id of the field that will be used for the
user's full name."""),
),
),
atapi.StringField(
'username_field',
required=False,
widget=atapi.StringWidget(
label=_(u'label_username', default=u'Username Field'),
description=_(
u'help_username_field',
default=u"""Enter the id of the field that will be used for the
