コード例 #1
    def silouserview(self, silo, username):
        if not request.environ.get('repoze.who.identity'):
            abort(401, "Not Authorised")

        if not ag.granary.issilo(silo):

        ident = request.environ.get('repoze.who.identity')

        http_method = request.environ['REQUEST_METHOD']        
        if http_method == 'GET':
            silos = ag.authz(ident)
            if not silo in silos:
                abort(403, "User is not a member of the silo %s"%silo)
            if not ('administrator' in ident['permissions'] or \
                    'manager' in ident['permissions'] or ident['user'].user_name == username):
                abort(403, "Do not have administrator or manager credentials to view profiles of other users")
            silos = ag.authz(ident, permission=['administrator', 'manager'])
            if not silo in silos:
                abort(403, "Do not have administrator or manager credentials for silo %s"%silo)
            if not ('administrator' in ident['permissions'] or 'manager' in ident['permissions']):
                abort(403, "Do not have administrator or manager credentials")

        existing_users = list_usernames()
        if not username in existing_users:
            abort(404, "User not found")

        c.ident = ident
        c.silo = silo
        c.username = username

        if http_method == "GET":
            a, m, s = list_group_usernames(silo)
            if not (username in a or username in m or username in s):
                abort(404, "User not found in silo")
            c.user = list_user(username)
            #if 'groups' in c.user and c.user['groups']:
            #    for i in c.user['groups']:
            #        if i[0] != silo:
            #            c.user['groups'].remove(i)
            accept_list = None
            if 'HTTP_ACCEPT' in request.environ:
                    accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
                    accept_list= [MT("text", "html")]
            if not accept_list:
                accept_list= [MT("text", "html")]
            mimetype = accept_list.pop(0)
                if str(mimetype).lower() in ["text/html", "text/xhtml"]:
                    return render("/silo_user.html")
                elif str(mimetype).lower() in ["text/plain", "application/json"]:
                    response.content_type = 'application/json; charset="UTF-8"'
                    response.status_int = 200
                    response.status = "200 OK"
                    return simplejson.dumps(c.user)
                    mimetype = accept_list.pop(0)
                except IndexError:
                    mimetype = None
            #Whoops nothing satisfies - return text/plain            
            response.content_type = 'application/json; charset="UTF-8"'
            response.status_int = 200
            response.status = "200 OK"
            return simplejson.dumps(c.user)
        elif http_method == "POST":
            params = request.POST
            if not ('role' in params and params['role'] and params['role'] in ['administrator', 'manager', 'submitter']):
                abort(400, "Parameters 'role' not found or is invalid")
            kw = ag.granary.describe_silo(silo)
            #Get existing owners, admins, managers and users
            owners = []
            admins = []
            managers = []
            submitters = []
            if 'owners' in kw and kw['owners']:
                owners = [x.strip() for x in kw['owners'].split(",") if x]
            if 'administrators' in kw and kw['administrators']:
                admins = [x.strip() for x in kw['administrators'].split(",") if x]
            if 'managers' in kw and kw['managers']:
                managers = [x.strip() for x in kw['managers'].split(",") if x]
            if 'submitters' in kw and kw['submitters']:
                submitters = [x.strip() for x in kw['submitters'].split(",") if x]
            to_remove = []
            to_add = []
            if params['role'] == 'administrator':
                if not 'administrator' in ident['permissions']:
                    abort(403, "Need to be administrator to add user to role admin")
                if not username in admins:
                    to_add.append((username, 'administrator'))
                if not username in owners:
                if username in managers:
                    to_remove.append((username, 'manager'))
                if username in submitters:
                    to_remove.append((username, 'submitter'))
            elif params['role'] == 'manager':
                if not username in managers:
                    to_add.append((username, 'manager'))
                if not username in owners:
                if username in admins:
                    if not 'administrator' in ident['permissions']:
                        abort(403, "Need to be admin to modify user of role admin")
                    if len(admins) == 1:
                        abort(403, "Add another administrator to silo before updating user role")
                    to_remove.append((username, 'administrator'))
                if username in submitters:
                    to_remove.append((username, 'submitter'))
            elif params['role'] == 'submitter':
                if not username in submitters:
                    to_add.append((username, 'submitter'))
                if not username in owners:
                if username in admins:
                    if not 'administrator' in ident['permissions']:
                        abort(403, "Need to be admin to modify user of role admin")
                    if len(admins) == 1:
                        abort(403, "Add another administrator to silo before updating user role")
                    to_remove.append((username, 'administrator'))
                if username in managers:
                    if len(managers) == 1 and len(admins) == 0:
                        abort(403, "Add another administrator or manager to silo before updating user role")
                    to_remove.append((username, 'manager'))

            owners = list(set(owners))
            admins = list(set(admins))
            managers = list(set(managers))
            submitters = list(set(submitters))

            # Update silo info
            if to_remove or to_add:
                kw['owners'] = ','.join(owners)
                kw['administrators'] = ','.join(admins)
                kw['managers'] = ','.join(managers)
                kw['submitters'] = ','.join(submitters)
                ag.granary.describe_silo(silo, **kw)

                #Add new silo users into database
                if to_add:
                    add_group_users(silo, to_add)
                    response.status_int = 201
                    response.status = "201 Created"
                    response.headers['Content-Location'] = url(controller="users", action="silouserview", silo=silo, username=username)
                    response_message = "201 Created"

                if to_remove:
                    delete_group_users(silo, to_remove)
                    response.status_int = 204
                    response.status = "204 Updated"
                    response_message = None
                response.status_int = 400
                response.status = "400 Bad Request"
                response_message = "No updates to user role"

            #Conneg return
            accept_list = None
            if 'HTTP_ACCEPT' in request.environ:
                    accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
                    accept_list= [MT("text", "html")]
            if not accept_list:
                accept_list= [MT("text", "html")]
            mimetype = accept_list.pop(0)
                if str(mimetype).lower() in ["text/html", "text/xhtml"]:
                    redirect(url(controller="users", action="silouserview", silo=silo, username=username))
                elif str(mimetype).lower() in ["text/plain", "application/json"]:
                    response.content_type = 'application/json; charset="UTF-8"'
                    return response_message
                    mimetype = accept_list.pop(0)
                except IndexError:
                    mimetype = None
            #Whoops nothing satisfies - return text/plain
            response.content_type = 'application/json; charset="UTF-8"'
            return response_message
        elif http_method == "DELETE":
            kw = ag.granary.describe_silo(silo)
            #Get existing owners, admins, managers and users
            owners = []
            admins = []
            managers = []
            submitters = []
            if 'owners' in kw and kw['owners']:
                owners = [x.strip() for x in kw['owners'].split(",") if x]
            if 'administrators' in kw and kw['administrators']:
                admins = [x.strip() for x in kw['administrators'].split(",") if x]
            if 'managers' in kw and kw['managers']:
                managers = [x.strip() for x in kw['managers'].split(",") if x]
            if 'submitters' in kw and kw['submitters']:
                submitters = [x.strip() for x in kw['submitters'].split(",") if x]

            #Gather user roles to delete
            to_remove = []
            if username in admins:
                if not 'administrator' in ident['permissions']:
                    abort(403, "Need to be admin to modify user of role admin")                
                if len(admins) == 1:
                    abort(403, "Add another administrator to silo before deleting user")
                to_remove.append((username, 'administrator'))
            if username in managers:
                if len(managers) == 1 and len(admins) == 0:
                    abort(403, "Add another administrator or manager to silo before deleting user")
                to_remove.append((username, 'manager'))
            if username in submitters:
                to_remove.append((username, 'submitter'))
            if username in owners:

            owners = list(set(owners))
            admins = list(set(admins))
            managers = list(set(managers))
            submitters = list(set(submitters))

            if to_remove:
                # Update silo info
                kw['owners'] = ','.join(owners)
                kw['administrators'] = ','.join(admins)
                kw['managers'] = ','.join(managers)
                kw['submitters'] = ','.join(submitters)
                ag.granary.describe_silo(silo, **kw)
                delete_group_users(silo, to_remove)
                abort(400, "No user to delete")
            accept_list = None
            response.content_type = "text/plain"
            response.status_int = 200
            response.status = "200 OK"
            return "{'ok':'true'}"
コード例 #2
    def userview(self, username):
        if not request.environ.get('repoze.who.identity'):
            abort(401, "Not Authorised")

        ident = request.environ.get('repoze.who.identity')

        http_method = request.environ['REQUEST_METHOD']

        if http_method == 'GET' or 'DELETE':
            #Admins, managers and user can see user data / delete the user
            if not ('administrator' in ident['permissions'] or \
                   'manager' in ident['permissions'] or ident['user'].user_name == username):
                abort(403, "Do not have administrator or manager credentials to view profiles of other users")
        elif http_method == 'POST':
            #Only user can updte their data
            if not ident['user'].user_name == username:
                abort(403, "Login as %s to edit profile"%username)

        existing_users = list_usernames()
        if not username in existing_users:
            abort(404, "User not found")

        c.ident = ident
        c.username = username

        if http_method == "GET":
            c.user = list_user(username)
            accept_list = None
            if 'HTTP_ACCEPT' in request.environ:
                    accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
                    accept_list= [MT("text", "html")]
            if not accept_list:
                accept_list= [MT("text", "html")]
            mimetype = accept_list.pop(0)
                if str(mimetype).lower() in ["text/html", "text/xhtml"]:
                    return render("/admin_user.html")
                elif str(mimetype).lower() in ["text/plain", "application/json"]:
                    response.content_type = 'application/json; charset="UTF-8"'
                    response.status_int = 200
                    response.status = "200 OK"
                    return simplejson.dumps(c.user)
                    mimetype = accept_list.pop(0)
                except IndexError:
                    mimetype = None
            #Whoops nothing satisfies - return text/html            
            response.content_type = 'application/json; charset="UTF-8"'
            response.status_int = 200
            response.status = "200 OK"
            return simplejson.dumps(c.user)
        elif http_method == "POST":
            params = request.POST
            if not('password' in params or 'name' in params or \
                   'email' in params or 'firstname' in params or 'lastname' in params):
                abort(400, "No valid parameters found")
            params['username'] = username
            response.status_int = 204
            response.status = "204 Updated"
            response_message = None
            # conneg return
            accept_list = None
            if 'HTTP_ACCEPT' in request.environ:
                    accept_list = conneg_parse(request.environ['HTTP_ACCEPT'])
                    accept_list= [MT("text", "html")]
            if not accept_list:
                accept_list= [MT("text", "html")]
            mimetype = accept_list.pop(0)
                if str(mimetype).lower() in ["text/html", "text/xhtml"]:
                    redirect(url(controller="users", action="userview", username=username))
                elif str(mimetype).lower() in ["text/plain", "application/json"]:
                    response.content_type = "text/plain"
                    return response_message
                    mimetype = accept_list.pop(0)
                except IndexError:
                    mimetype = None
            # Whoops - nothing satisfies - return text/plain
            response.content_type = "text/plain"
            return response_message
        elif http_method == "DELETE":
            user_groups = list_user_groups(username)
            if user_groups:
                abort(403, "User is member of silos. Remove user from all silos before deleting them")
            #Delete user from database
            #Get all the silos user belomgs to, remove them from each silo and sync silo metadata
            # conneg return
            accept_list = None
            response.content_type = "text/plain"
            response.status_int = 200
            response.status = "200 OK"
            return "{'ok':'true'}"