コード例 #1
0
ファイル: frontend.py プロジェクト: koddsson/dpxdt-server
def homepage():
    """Renders the homepage."""
    if current_user.is_authenticated():
        if not login_fresh():
            logging.debug('User needs a fresh token')
            abort(login.needs_refresh())

        auth.claim_invitations(current_user)

    build_list = operations.UserOps(current_user.get_id()).get_builds()

    return render_template('home.html', build_list=build_list)
コード例 #2
0
ファイル: auth.py プロジェクト: koddsson/dpxdt-server
def can_user_access_build(param_name):
    """Determines if the current user can access the build ID in the request.

    Args:
        param_name: Parameter name to use for getting the build ID from the
            request. Will fetch from GET or POST requests.

    Returns:
        The build the user has access to.
    """
    build_id = (request.args.get(param_name, type=int)
                or request.form.get(param_name, type=int))
    if not build_id:
        logging.debug('Build ID in param_name=%r was missing', param_name)
        abort(400)

    ops = operations.UserOps(current_user.get_id())
    build, user_is_owner = ops.owns_build(build_id)
    if not build:
        logging.debug('Could not find build_id=%r', build_id)
        abort(404)

    if current_user.is_authenticated() and not user_is_owner:
        # Assume the user should be able to access the build but can't because
        # the cache is out of date. This forces the cache to repopulate, any
        # outstanding user invitations to be completed, hopefully resulting in
        # the user having access to the build.
        ops.evict()
        claim_invitations(current_user)
        build, user_is_owner = ops.owns_build(build_id)

    if not user_is_owner:
        if current_user.is_authenticated() and current_user.superuser:
            pass
        elif request.method != 'GET':
            logging.debug('No way to log in user via modifying request')
            abort(403)
        elif build.public:
            pass
        elif current_user.is_authenticated():
            logging.debug('User does not have access to this build')
            abort(flask.Response('You cannot access this build', 403))
        else:
            logging.debug('Redirecting user to login to get build access')
            abort(login.unauthorized())
    elif not login_fresh():
        logging.debug('User login is old; forcing refresh')
        abort(login.needs_refresh())

    return build
コード例 #3
0
ファイル: frontend.py プロジェクト: koddsson/dpxdt-server
def new_build():
    """Page for crediting or editing a build."""
    form = forms.BuildForm()
    if form.validate_on_submit():
        build = models.Build()
        form.populate_obj(build)
        build.owners.append(current_user)

        db.session.add(build)
        db.session.flush()

        auth.save_admin_log(build, created_build=True, message=build.name)

        db.session.commit()

        operations.UserOps(current_user.get_id()).evict()

        logging.info('Created build via UI: build_id=%r, name=%r', build.id,
                     build.name)
        return redirect(url_for('view_build', id=build.id))

    return render_template('new_build.html', build_form=form)
コード例 #4
0
ファイル: auth.py プロジェクト: koddsson/dpxdt-server
def revoke_admin():
    """Form submission handler for revoking admin access to a build."""
    build = g.build
    form = forms.RemoveAdminForm()
    if form.validate_on_submit():
        user = models.User.query.get(form.user_id.data)
        if not user:
            logging.debug(
                'User being revoked admin access does not exist.'
                'id=%r, build_id=%r', form.user_id.data, build.id)
            abort(400)

        if user == current_user:
            logging.debug(
                'User trying to remove themself as admin. '
                'id=%r, build_id=%r', user.id, build.id)
            abort(400)

        db.session.add(build)
        db.session.add(user)
        db.session.refresh(build, lockmode='update')
        db.session.refresh(user, lockmode='update')

        user_is_owner = build.owners.filter_by(id=user.id)
        if not user_is_owner:
            logging.debug(
                'User being revoked admin access is not owner. '
                'id=%r, build_id=%r.', user.id, build.id)
            abort(400)

        build.owners.remove(user)
        save_admin_log(build, revoked_admin=True, message=user.email_address)

        db.session.commit()

        operations.UserOps(user.get_id()).evict()

    return redirect(url_for('manage_admins', build_id=build.id))
コード例 #5
0
ファイル: auth.py プロジェクト: koddsson/dpxdt-server
def load_user(user_id):
    user = operations.UserOps(user_id).load()
    if user and user.is_authenticated():
        logging.debug('Authenticated as user=%r', user.get_id())
    return user