def change_password(username, form, as_manager=False): """Change password, and return success/failure HTML.""" user = User(username, False) if not user.user: return user_management_failure_message( "Problem: can't find user " + username, as_manager) old_password = ws.get_cgi_parameter_str(form, PARAM.OLD_PASSWORD) new_password_1 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_1) new_password_2 = ws.get_cgi_parameter_str(form, PARAM.NEW_PASSWORD_2) must_change_password = ws.get_cgi_parameter_bool( form, PARAM.MUST_CHANGE_PASSWORD) if new_password_1 != new_password_2: return user_management_failure_message("New passwords don't match", as_manager) if len(new_password_1) < MINIMUM_PASSWORD_LENGTH: return user_management_failure_message( "New password must be at least {} characters; not changed.".format( MINIMUM_PASSWORD_LENGTH ), as_manager ) if old_password == new_password_1 and not as_manager: return user_management_failure_message( "Old/new passwords are the same", as_manager ) if (not as_manager) and (not user.is_password_valid(old_password)): return user_management_failure_message("Old password incorrect", as_manager) # OK user.set_password(new_password_1) user.save() if not as_manager: must_change_password = False if must_change_password: user.force_password_change() audit("Password changed for user " + user.user) return user_management_success_message( "Password updated for user {}.".format(user.user), as_manager, """<div class="important"> If you store your password in your CamCOPS tablet application, remember to change it there as well. </div>""" )
def add_user(form): """Add a user, and return HTML success/failure message.""" username = ws.get_cgi_parameter_str(form, PARAM.USERNAME) password_1 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_1) password_2 = ws.get_cgi_parameter_str(form, PARAM.PASSWORD_2) must_change_password = ws.get_cgi_parameter_bool( form, PARAM.MUST_CHANGE_PASSWORD) may_use_webviewer = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBVIEWER) may_view_other_users_records = ws.get_cgi_parameter_bool( form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS) view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool( form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED) may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD) superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER) may_register_devices = ws.get_cgi_parameter_bool( form, PARAM.MAY_REGISTER_DEVICES) may_use_webstorage = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBSTORAGE) may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA) may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS) may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES) user = User(username, False) if user.user: return user_management_failure_message( "User already exists: " + username) if not is_username_permissible(username): return user_management_failure_message( "Invalid username: "******"Passwords don't mach") if len(password_1) < MINIMUM_PASSWORD_LENGTH: return user_management_failure_message( "Password must be at least {} characters".format( MINIMUM_PASSWORD_LENGTH )) user = User(username, True) user.set_password(password_1) user.may_use_webviewer = may_use_webviewer user.may_view_other_users_records = may_view_other_users_records user.view_all_patients_when_unfiltered = view_all_patients_when_unfiltered user.may_upload = may_upload user.superuser = superuser user.may_register_devices = may_register_devices user.may_use_webstorage = may_use_webstorage user.may_dump_data = may_dump_data user.may_run_reports = may_run_reports user.may_add_notes = may_add_notes user.save() if must_change_password: user.force_password_change() audit( ( "User created: {}: " "may_use_webviewer={}, " "may_view_other_users_records={}, " "view_all_patients_when_unfiltered={}, " "may_upload={}, " "superuser={}, " "may_register_devices={}, " "may_use_webstorage={}, " "may_dump_data={}, " "may_run_reports={}, " "may_add_notes={}, " "must_change_password={}" ).format( user.user, may_use_webviewer, may_view_other_users_records, view_all_patients_when_unfiltered, may_upload, superuser, may_register_devices, may_use_webstorage, may_dump_data, may_run_reports, may_add_notes, must_change_password ) ) return user_management_success_message("User " + user.user + " created")
def change_user(form): """Apply changes to a user, and return success/failure HTML.""" username = ws.get_cgi_parameter_str(form, PARAM.USERNAME) may_use_webviewer = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBVIEWER) may_view_other_users_records = ws.get_cgi_parameter_bool( form, PARAM.MAY_VIEW_OTHER_USERS_RECORDS) view_all_patients_when_unfiltered = ws.get_cgi_parameter_bool( form, PARAM.VIEW_ALL_PTS_WHEN_UNFILTERED) may_upload = ws.get_cgi_parameter_bool(form, PARAM.MAY_UPLOAD) superuser = ws.get_cgi_parameter_bool(form, PARAM.SUPERUSER) may_register_devices = ws.get_cgi_parameter_bool( form, PARAM.MAY_REGISTER_DEVICES) may_use_webstorage = ws.get_cgi_parameter_bool( form, PARAM.MAY_USE_WEBSTORAGE) may_dump_data = ws.get_cgi_parameter_bool(form, PARAM.MAY_DUMP_DATA) may_run_reports = ws.get_cgi_parameter_bool(form, PARAM.MAY_RUN_REPORTS) may_add_notes = ws.get_cgi_parameter_bool(form, PARAM.MAY_ADD_NOTES) user = User(username, False) if not user.user: return user_management_failure_message("Invalid user: "******"User permissions edited for user {}: " "may_use_webviewer={}, " "may_view_other_users_records={}, " "view_all_patients_when_unfiltered={}, " "may_upload={}, " "superuser={}, " "may_register_devices={}, " "may_use_webstorage={}, " "may_dump_data={}, " "may_run_reports={}, " "may_add_notes={} " ).format( user.user, may_use_webviewer, may_view_other_users_records, view_all_patients_when_unfiltered, may_upload, superuser, may_register_devices, may_use_webstorage, may_dump_data, may_run_reports, may_add_notes, ) ) return user_management_success_message( "Details updated for user " + user.user)