class AccountController(BaseController): def login(self): """ This is where the login form should be rendered. Without the login counter, we won't be able to tell if the user has tried to log in with wrong credentials """ identity = request.environ.get('repoze.who.identity') came_from = str(request.GET.get('came_from', '')) or \ url(controller='account', action='welcome') if identity: redirect(url(came_from)) else: c.came_from = came_from c.login_counter = request.environ['repoze.who.logins'] + 1 return render('/derived/account/login.html') @ActionProtector(not_anonymous()) def welcome(self): """ Greet the user if she logged in successfully or redirect back to the login form otherwise(using ActionProtector decorator). """ identity = request.environ.get('repoze.who.identity') return 'Welcome back %s' % identity['repoze.who.userid'] @ActionProtector(not_anonymous()) def test_user_access(self): return 'You are inside user section' @ActionProtector(has_permission('admin')) def test_admin_access(self): return 'You are inside admin section'
class StaticPagesController(BaseController): @ActionProtector(not_anonymous()) def help(self): c.root_path = url('/', qualified=True) return render("/static_pages/help.mako") @ActionProtector(not_anonymous()) def citing(self): c.root_path = url('/', qualified=True) return render("/static_pages/citing.mako")
class BasicPylonsController(WSGIController): """Mock Pylons controller""" sub1 = SubController1() panel = SecurePanel() def index(self, **kwargs): return 'hello world' @ActionProtector(in_group('admins')) def admin(self, *args, **kwargs): return 'got to admin' def troll_detected(reason): # Let's ignore the reason return 'Trolls are banned' @ActionProtector(All(not_anonymous(), Not(is_user('sballmer'))), denial_handler=troll_detected) def leave_comment(self): return 'Comment accepted' @special_require(not_anonymous()) def logout(self): return 'You have been logged out' @special_require(All(not_anonymous(), Not(is_user('sballmer'))), denial_handler=troll_detected) def start_thread(self): return 'You have started a thread' @ActionProtector(Not(not_anonymous())) def get_parameter(self, something): # Checking that parameters are received return 'Parameter received: %s' % something def boolean_predicate(self): p = not_anonymous() return 'The predicate is %s' % bool(p) def is_met_util(self): if is_met(not_anonymous()): return 'You are not anonymous' return 'You are anonymous' def not_met_util(self): if not_met(not_anonymous()): return 'You are anonymous' return 'You are not anonymous'
def post_login(self): """ Handle logic post a user's login I want to create a login_handler that's redirected to after login. This would check - if user was logged in, if not then send back to login - if user is admin, go to job list - if user can add joblist then go to * - if user is read only go to job list that's trimmed down a bit On the post login page adjust the max age on the existing cookie to XX remember me timeframe """ if auth.check(not_anonymous()): log.debug('checked auth') else: # login failed, redirect back to login log.debug('failed auth') redirect(url(controller="accounts", action="login", login_failed=True) ) # expire this cookie into the future ck = request.cookies['authtkt'] response.set_cookie('authtkt', ck, max_age=60 * 60 * 24 * 7, path='/' ) redirect(url('/page/test'))
def login(self): """This is where the login form should be rendered.""" if auth.check(not_anonymous()): # if we're not anonymous then we're logged in and need to be # redirected log.debug('already logged in') redirect(url('/page/test')) # Without the login counter, we won't be able to tell if the user has # tried to log in with the wrong credentials if 'repoze.who.logins' in request.environ: login_counter = request.environ['repoze.who.logins'] else: login_counter = 0 if login_counter > 0: log.debug('Wrong Login credentials') #flash('Wrong credentials') tpl.login_counter = login_counter tpl.came_from = request.params.get('came_from') or url('/') if 'login_failed' in request.params: tpl.login_failed = True else: tpl.login_failed = False return render('/login.mako')
def post_login(self): """ Handle logic post a user's login I want to create a login_handler that's redirected to after login. This would check - if user was logged in, if not then send back to login - if user is admin, go to job list - if user can add joblist then go to * - if user is read only go to job list that's trimmed down a bit On the post login page adjust the max age on the existing cookie to XX remember me timeframe """ if auth.check(not_anonymous()): log.debug('checked auth') else: # login failed, redirect back to login log.debug('failed auth') redirect( url(controller="accounts", action="login", login_failed=True)) # expire this cookie into the future ck = request.cookies['authtkt'] response.set_cookie('authtkt', ck, max_age=60 * 60 * 24 * 7, path='/') redirect(url('/page/test'))
def get_failures(self): """ Retourne la liste (au format JSON) des collecteurs Vigilo en panne. Déclenche un appel à la méthode flash si cette liste est non vide. """ # On vérifie que l'utilisateurs dispose des permissions appropriées All( not_anonymous(msg=_("You need to be authenticated")), Any( config.is_manager, has_permission('%s-access' % config.app_name.lower()), msg=_("You don't have access to %s") % config.app_name ) ).check_authorization(request.environ) # On récupère la liste des connecteurs en panne failures = self.check_connectors_freshness() # Si cette liste n'est pas vide, on affiche un message à l'utilisateur if failures: flash(_( 'Vigilo has detected a breakdown on the following ' 'collector(s): %(list)s' ) % {'list': ', '.join(failures)}, 'error' ) # Dans les 2 cas (liste vide ou non), on la retourne au format JSON return dict(failures=failures)
class NotifyServerController(ServiceController): service_type = "notify" @expose(content_type='text/xml') def index(self, **kw): descr = etree.Element('resource', uri=self.uri) entry = etree.SubElement(descr, 'method', name='/notify/email', value="Send an email from user") etree.SubElement(entry, 'arguments', value='recipient,subject') etree.SubElement(entry, 'verb', value='POST') etree.SubElement(entry, 'body', value='required') return etree.tostring(descr) @expose(content_type='text/xml') @require(predicates.not_anonymous()) def email(self, recipients=None, subject=None, body=None): #pylint: disable=no-self-use """Send an email for logged in users POST application/text ?subject=required&recipient=required[,required][&body] TEXT BODY POST applcation/xml ?subject=required&recipient=required[,required][&body] <message> <subject>.. </subject> <recipient> .. </recipient> <body> .. </body> </message> """ #sender = identity.get_current_user().resource_value sender = config.get('bisque.admin_email') if request.content_type == 'application/xml': message = etree.XML(request.body) node = message.find('subject') if subject is None and node is not None: subject = node.text node = message.find('recipient') if recipients is None and node is not None: recipients = node.text node = message.find('body') if body is None and node is not None: body = node.text else: # if request.content_type == 'application/text': if body is None: body = request.body if not subject: return "<failure msg='no subject' />" if not body: return "<failure msg='no body' />" if not recipients: return "<failure msg='no recipients' />" if send_mail(sender, recipients, subject, body): return "<success/>" else: return "<failure msg='send failed' />"
def index(self): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True arches = DBSession.query(Arch).order_by('name') return dict(arches=arches, num_items=arches.count(), admin=admin)
def index(self): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True kernels = DBSession.query(Kernel).order_by('name') return dict(kernels=kernels, num_items=kernels.count(), admin=admin)
def index(self): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True osfamilies = DBSession.query(OSFamily).order_by('name') return dict(osfamilies=osfamilies, num_items=osfamilies.count(), admin=admin)
def logout(request): """Log out the user.""" get_log().info("logout") check_predicate(request, predicates.not_anonymous(msg='Must be logged in')) cookie = request.environ['repoze.who.plugins']['cookie'] headers = cookie.forget(request.environ, None) # TODO: read logout URL from config? raise pyramid.httpexceptions.HTTPFound("/", headers=headers)
def index(self): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True drivers = DBSession.query(Driver).order_by('name') return dict(drivers=drivers, num_items=drivers.count(), admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True kernel_name = args[0] kernel = Kernel.by_kernel_name(kernel_name) return dict(kernel=kernel, admin=admin)
def __call__(self, environ, start_response): # need to check path_info to avoid infinite loop if not_anonymous().is_met(environ) or environ['PATH_INFO'] == self._signin_url: return self._app(environ, start_response) else: status = "301 Redirect" headers = [("Location", self._signin_url),] start_response(status, headers) return ["Not logged in",]
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True arch_name = args[0] arch = Arch.by_arch_name(arch_name) return dict(arch=arch, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True drivertype_name = args[0] drivertype = DriverType.by_drivertype_name(drivertype_name) return dict(drivertype=drivertype, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True license_name = args[0] license = License.by_license_name(license_name) return dict(license=license, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True osfamily_name = args[0] osfamily = OSFamily.by_osfamily_name(osfamily_name) osreleases = osfamily.osreleases return dict(osfamily=osfamily, osreleases=osreleases, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True systemfamily_name = args[0] systemfamily = SystemFamily.by_systemfamily_name(systemfamily_name) systems = systemfamily.systems return dict(systemfamily=systemfamily, systems=systems, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True vendor_name = args[0] vendor = Vendor.by_vendor_name(vendor_name) names = vendor.other_names return dict(vendor=vendor, names=names, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True system_name = args[0] system = System.by_system_name(system_name) devices = system.devices return dict(system=system, devices=devices, admin=admin)
class ShortcutsController(BaseController): allow_only = authorize.not_anonymous() @expose('sapns/shortcuts/edit.html') @require(predicates.not_anonymous()) def edit(self, id=None, **params): came_from = params.get('came_from', '/') page = _('Shorcuts editing') return dict(page=page, came_from=came_from) @expose() @require(predicates.not_anonymous()) def save(self, id=None, **params): came_from = params.get('came_from', '/') redirect(url(came_from)) @expose('json') @require(predicates.not_anonymous()) def delete(self, id_shortcut, **params): logger = logging.getLogger(__name__ + '/delete') try: logger.info('Deleting shortcut [%s]' % id_shortcut) # the shortcut to be deleted sc = dbs.query(SapnsShortcut).get(id_shortcut) dbs.query(SapnsShortcut).\ filter(SapnsShortcut.shortcut_id == id_shortcut).\ delete() dbs.flush() _key = '%d_%d' % (sc.user_id, sc.parent_id) cache.get_cache('user_get_shortcuts').remove_value(key=_key) return dict(status=True) except Exception, e: logger.error(e) return dict(status=False)
class SubmissionsController(TGController): allow_only = not_anonymous(msg=u'Only logged in users may see submissions') def __init__(self): pass def _before(self, *args, **kwargs): '''Prepare tmpl_context with navigation menus''' pass @expose('sauce.templates.submissions') def index(self, page=1, *args, **kwargs): '''Submission listing page''' c.table = SubmissionTable(DBSession) #TODO: Ugly and stolen from controllers.user # teammates = set() # for team in request.user.teams: # teammates |= set(team.students) # teammates.discard(request.user) values = SubmissionTableFiller(DBSession).get_value(user_id=request.user.id) # for teammate in teammates: # values.extend(SubmissionTableFiller(DBSession).get_value(user_id=teammate.id)) return dict(page='submissions', view=None, user=request.user, values=values) @expose() def _lookup(self, submission_id, *args): '''Return SubmissionController for specified submission_id''' try: submission_id = int(submission_id) submission = Submission.query.filter_by(id=submission_id).one() except ValueError: flash('Invalid Submission id: %s' % submission_id, 'error') abort(400) except NoResultFound: flash('Submission %d not found' % submission_id, 'error') abort(404) except MultipleResultsFound: # pragma: no cover log.error('Database inconsistency: Submission %d', submission_id, exc_info=True) flash('An error occurred while accessing Submission %d' % submission_id, 'error') abort(500) controller = SubmissionController(submission) return controller, args
def _fn(context, request): try: log.info("checking / requiring login") p = predicates.not_anonymous(msg='Must be logged in') p.check_authorization(request.environ) except predicates.NotAuthorizedError: log.debug("login required.") redirect('/login?came_from={}'.format(request.path)) else: log.debug("logged in.") return request_handler(request)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True driver_name = args[0] driver = Driver.by_driver_name(driver_name) devices = driver.devices descriptions = driver.descriptions builds = driver.driverbuilds tmpl_context.devices_form = DriverDeviceForm("new_driver_device_form", action='adddevice', ) tmpl_context.meta_form = DriverBuildMetaForm("new_driver_build_meta_form", action='addmeta', ) return dict(driver=driver, devices=devices, descriptions=descriptions, builds=builds, admin=admin)
def default(self, *args): admin=False if predicates.not_anonymous(): if predicates.has_permission('admin'): admin=True device_name = args[0] device = Device.by_device_name(device_name) drivers = device.drivers aliases = device.devicealiases systems = device.systems tmpl_context.systems_form = DeviceSystemForm("new_device_system_form", action='addsystem', ) tmpl_context.alias_form = DeviceAliasForm("new_device_alias_form", action='addalias', ) return dict(device=device, drivers=drivers, aliases=aliases, systems=systems, admin=admin)
class UserController(CrudRestController): allow_only = has_permission(constants.permission_admin_name) model = User table = user_table table_filler = user_table_filler edit_form = user_edit_form new_form = user_new_form edit_filler = user_edit_filler @with_trailing_slash @expose('tgext.crud.templates.get_all') @expose('json') @paginate('value_list', items_per_page=7) def get_all(self, *args, **kw): return CrudRestController.get_all(self, *args, **kw) @expose('genshi:tgext.crud.templates.post_delete') def post_delete(self, *args, **kw): flash("You haven't the right to delete any users") redirect('/users') @expose('tgext.crud.templates.edit') def edit(self, *args, **kw): flash("You haven't the right to edit any users") redirect('/users') @require(not_anonymous()) @expose('genshi:tgext.crud.templates.new') def new(self, *args, **kw): flash( "You haven't the right to add any users, this is the job of Tequila system" ) redirect('/users') @expose() @registered_validate(error_handler=new) def post(self, *args, **kw): pass @expose() @registered_validate(error_handler=edit) def put(self, *args, **kw): pass
def post_login(self): identity = request.environ.get('repoze.who.identity') if not identity: session['failedlogin'] +=1 session.save() #h.flash(_("Incorrect User name or Password")) if session['failedlogin']>3: session['failedlogin'] = 0 session.save() #return "To many login atempts!" return HTTPForbidden(request=request,body="Incorrect User name or Password") if identity['user'].pending: session['failedlogin'] = 0 session.save() h.flash(_('Your account is still pending. Check your email for activation link')) #return redirect logout return redirect(url(controller="account",action="logout")) #return render(path.join(get_lang()[0],'derived/account/login.mako')) if identity['user'].deleted: session['failedlogin'] = 0 session.save() h.flash(_('Your account has been deleted!')) return redirect(url(controller="account",action="logout")) #return render(path.join(get_lang()[0],'derived/account/login.mako')) session['user'] = identity['user'].id if is_met(not_anonymous()): session['failedlogin'] = 0 session['user_selection']={} session['product_selection']={} session['invoice_selection']={} session.save() if 'came_from' in session: came_from = session['came_from'] del session['came_from'] session.save() return redirect(came_from) return render(path.join(get_lang()[0],'derived/account/login.mako'))
def _check_security(self): predicate = getattr(self, 'allow_only', None) if predicate is None: return True try: predicate.check_authorization(pylons.request.environ) except WhatNotAuthorizedError, e: reason = unicode(e) if hasattr(self, '_failed_authorization'): # Should shortcircut the rest, but if not we will still # deny authorization self._failed_authorization(reason) if not_anonymous().is_met(request.environ): # The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason)
def test_uploaded(self, **kw): ''' XDMA upload request using HTTP uploads this function is only created temporaly to provide backward compatibility for DN provide http uploads, where directory is not specified by DN but is known by the server and thus should be ignored here ''' #log.debug( 'dn_test_uploaded - username ' + str(identity.current.user_name) ) # check the user identity here and return 401 if fails if not not_anonymous(): response.status_int = 401 return "Access denied" log.debug('dn_test_uploaded ' + str(kw)) hashes_str = kw.pop('hashes', []) all_hashes = [] for fhash in hashes_str.split(','): all_hashes.append(fhash) found_hashes = image_service.files_exist(all_hashes) found_html = ",".join([str(h) for h in found_hashes]) return "Found: " + found_html
def _check_security(self): if not hasattr(self, "allow_only") or self.allow_only is None: log.debug('No controller-wide authorization at %s', request.path) return True try: predicate = self.allow_only predicate.check_authorization(request.environ) except NotAuthorizedError, e: reason = unicode(e) if hasattr(self, '_failed_authorization'): # Should shortcircut the rest, but if not we will still # deny authorization self._failed_authorization(reason) if not_anonymous().is_met(request.environ): # The user is authenticated but not allowed. code = 403 status = 'error' else: # The user has not been not authenticated. code = 401 status = 'warning' pylons.response.status = code flash(reason, status=status) abort(code, comment=reason)
class AtributosPorTipoItemController(CrudRestController): """Controlador de roles""" #{ Variables title = u"Atributos de: %s" action = "./" #{ Plantillas # No permitir rols anonimos (?) allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{ Modificadores model = AtributosPorTipoItem table = atributos_por_tipo_item_table table_filler = atributos_por_tipo_item_table_filler new_form = atributos_por_tipo_item_add_form edit_form = atributos_por_tipo_item_edit_form edit_filler = atributos_por_tipo_item_edit_filler opciones = dict(nombre=u'Nombre', tipo=u"Tipo") columnas = dict(nombre=u'texto', tipo=u"combobox") comboboxes = dict(tipo=AtributosPorTipoItem._tipos_permitidos) #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.tipoitem.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ id_tipo_item = UrlParser.parse_id(request.url, "tipositems") puede_crear = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item).is_met( request.environ) tipo = TipoItem.por_id(id_tipo_item) titulo = self.title % tipo.nombre atributos = self.table_filler.get_value(id_tipo_item=id_tipo_item, **kw) tmpl_context.widget = self.table url_action = self.action atras = "../" return dict(lista_elementos=atributos, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, comboboxes=self.comboboxes, url_action=url_action, puede_crear=puede_crear, atras=atras) @without_trailing_slash @expose('lpm.templates.atributotipoitem.edit') def edit(self, *args, **kw): """Despliega una pagina para modificar el atributo""" id_tipo_item = UrlParser.parse_id(request.url, "tipositems") url_action = "../" pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(url_action) tmpl_context.widget = self.edit_form value = self.edit_filler.get_value( \ values={'id_atributos_por_tipo_item': int(args[0])}) value['_method'] = 'PUT' page = "Atributo {nombre}".format(nombre=value["nombre"]) return dict(value=value, page=page, atras=url_action) @without_trailing_slash @expose('lpm.templates.atributotipoitem.new') def new(self, *args, **kw): """Despliega una pagina para crear un tipo_item""" id_tipo_item = UrlParser.parse_id(request.url, "tipositems") url_action = "./" pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(atras) tmpl_context.widget = self.new_form return dict(value=kw, page=u"Nuevo Atributo", action=url_action, atras=url_action) @validate(atributos_por_tipo_item_add_form, error_handler=new) @expose() def post(self, *args, **kw): """create a new record""" id_tipo_item = UrlParser.parse_id(request.url, "tipositems") url_action = "./" pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo_item) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(url_action) if kw.has_key("sprox_id"): del kw["sprox_id"] tipo = TipoItem.por_id(id_tipo_item) try: tipo.agregar_atributo(**kw) except NombreDeAtributoError, err: flash(unicode(err), "warning") redirect(url_action)
from baruwa.model.meta import Session from baruwa.model.auth import LDAPSettings, RadiusSettings from baruwa.model.accounts import Group, domain_owners from baruwa.model.accounts import organizations_admins as oa from baruwa.model.domains import DomainAlias from baruwa.model.domains import Domain, DeliveryServer, AuthServer from baruwa.forms.domains import BulkDelDomains, AddLDAPSettingsForm from baruwa.forms.domains import AddDomainForm, AddDeliveryServerForm from baruwa.forms.domains import AddAuthForm, AUTH_PROTOCOLS, EditDomainAlias from baruwa.forms.domains import AddDomainAlias, AddRadiusSettingsForm from baruwa.lib.audit.msgs.domains import * log = logging.getLogger(__name__) @ControllerProtector(All(not_anonymous(), OnlyAdminUsers())) class DomainsController(BaseController): def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity["user"] else: c.user = None c.selectedtab = "domains" def _get_server(self, destinationid): "utility" try: cachekey = u"deliveryserver-%s" % destinationid q = (
def boolean_predicate(self): p = not_anonymous() return 'The predicate is %s' % bool(p)
c.paginator = paginate.Page(users, page=int(request.params.get("page", page)), items_per_page=10) return render(path.join(get_lang()[0], "/derived/user/staff/index.mako")) def customer(self): c.menu_items = h.top_menu(self.menu_items, _("Customers")) if is_met(in_group("customer")) or is_met(in_group("admin")): user = request.environ.get("repoze.who.identity")["user"] values = create_dict(user) return render_customer_form(self.menu_items, user.id, values) @checkframe(url(controller="user", action="index")) def index(self, page=1): c.contents = h.readContents(session[_("pages.dat")][_("Customers")])[0] return render(path.join(get_lang()[0], "derived/user/index.mako")) @ActionProtector(not_anonymous()) def edit(self, id): user = Session.query(User).filter_by(id=id).one() identity = request.environ.get("repoze.who.identity") if is_met(has_permission("edit_user")): c.menu_items = h.top_menu(self.menu_items, _("Customers")) values = create_dict(user) return render_form(self.menu_items, values, action="update", id=user.id) elif identity["user"] == user: values = create_dict(user) return render_customer_form(self.menu_items, user.id, values) else: h.flash("You are not authorized to edit this user data!") came_from = str(request.GET.get("came_from", "")) or url(controller="user", action="index") return redirect(h.url(came_from))
from repoze.what.predicates import not_anonymous # pylint: disable-msg=E0611 # pylint: disable-msg=E0611 from repoze.what.plugins.pylonshq import ControllerProtector from baruwa.lib.base import BaseController from baruwa.model.meta import Session from baruwa.lib.mq import FANOUT_XCHG from baruwa.model.settings import DomSigImg, UserSigImg from baruwa.forms.misc import Fmgr from baruwa.tasks.settings import delete_sig from baruwa.lib.auth.predicates import check_domain_ownership, check_dom_access log = logging.getLogger(__name__) @ControllerProtector(not_anonymous()) class FilemanagerController(BaseController): "FM controller" def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None # pylint: disable-msg=R0912,R0915,R0914,W0142,W0622 def index(self, domainid=None, userid=None): "Index" action = request.GET.get('action', None) if not action:
class HistorialItemController(CrudRestController): """Controlador de Historial de un Ítem""" #{ Variables title = u"Historial del Ítem %s" allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{plantillas tmp_action = "./" #{ Modificadores model = HistorialItems table = historial_item_table table_filler = historial_item_filler opciones = dict( tipo_modificacion=u'Tipo de Modificacion', fecha_modificacion=u'Fecha de Mofificacion', nombre_usuario=u'Nombre de Usuario', ) columnas = dict(tipo_modificacion=u'texto', fecha_modificacion=u'fecha', nombre_usuario=u'texto') #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.historialitem.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ titulo = self.title id_p_item = UrlParser.parse_id(request.url, "versiones") if id_p_item: p_item = PropiedadItem.por_id(id_p_item) titulo = u"Cambios en versión: %d" % p_item.version tmpl_context.widget = self.table items = self.table_filler.get_value(id_p_item=id_p_item, **kw) return dict(lista_elementos=items, page=titulo, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action=self.tmp_action, atras="../../") # @without_trailing_slash # @paginate('lista_elementos', items_per_page=5) # @expose('lpm.templates.historialitem.get_all') # @expose('json') @expose() def post_buscar(self, *args, **kw): """ Controlador que recibe los parámetros de búsqueda para devolver el resultado esperado. """ titulo = self.title id_p_item = UrlParser.parse_id(request.url, "versiones") if id_p_item: p_item = PropiedadItem.por_id(id_p_item) titulo = u"Cambios en versión: %d" % p_item.version tmpl_context.widget = self.table buscar_table_filler = HistorialItemTableFiller(DBSession) buscar_table_filler.filtros = kw items = buscar_table_filler.get_value(id_usuario=id_usuario, **kw) return dict(lista_elementos=items, page=titulo, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action=self.tmp_action, atras="../../../") @expose() def get_one(self, *args, **kw): pass @expose() def new(self, *args, **kw): pass @expose() def post_delete(self, id): pass @expose() def post(self, *args, **kw): pass @expose() def edit(self, *args, **kw): pass @expose() def put(self, *args, **kw): pass @expose() def revertir(self, *args, **kw): pass
class ProyectoController(CrudRestController): """Controlador de Proyectos""" #{ Variables title = u"Administrar Proyectos" #{ Plantillas tmp_action = "/proyectos/buscar" # No permitir usuarios anonimos (?) allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{ Sub Controlador fases = FaseController(DBSession) tipositems = ProyectoTipoItemController(DBSession) miembros = MiembrosProyectoController() nomiembros = NoMiembrosProyectoController() rolesproyecto = RolesProyectoController(DBSession) #{ Modificadores model = Proyecto table = proyecto_table table_filler = proyecto_table_filler new_form = proyecto_add_form edit_form = proyecto_edit_form edit_filler = proyecto_edit_filler #para el form de busqueda opciones = dict(nombre=u"Nombre de Proyecto", codigo=u"Código", estado=u"Estado", complejidad_total=u"Complejidad Total", numero_fases=u"Número de Fases", fecha_creacion=u"Fecha de Creación") #el diccionario opciones de tiene lo que se muestra en #el combobox de selección de filtros, #tiene que tener la misma clave que los valores de columnas columnas = dict( nombre="texto", codigo="texto", #lider="text", estado="combobox", complejidad_total="entero", numero_fases="entero", fecha_creacion="fecha") comboboxes = dict(estado=Proyecto.estados_posibles) #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.proyecto.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ puede_crear = PoseePermiso("crear proyecto").is_met(request.environ) if pylons.request.response_type == 'application/json': return dict(lista=self.table_filler.get_value(**kw)) if not getattr(self.table.__class__, ' ', False): proyectos = self.table_filler.get_value(**kw) else: proyectos = [] tmpl_context.widget = self.table atras = '/' return dict(lista_elementos=proyectos, page=self.title, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action="/proyectos/", puede_crear=puede_crear, comboboxes=self.comboboxes, atras=atras) @expose() def iniciar(self, id_proyecto): """Inicia un proyecto""" if (not PoseePermiso('iniciar proyecto', id_proyecto=id_proyecto).is_met(request.environ)): flash("No puedes iniciar el proyecto", "warning") proy = Proyecto.por_id(id_proyecto) if not proy.obtener_lider(): msg = "No puedes iniciar el proyecto. Debes primero asignarle " msg += "un lider" flash(msg, "warning") redirect("/proyectos/") proy.iniciar_proyecto() flash("El proyecto se ha iniciado correctamente") redirect("/proyectos/") @without_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.proyecto.get_all') @expose('json') def post_buscar(self, *args, **kw): """ Controlador que recibe los parámetros de búsqueda para devolver el resultado esperado. """ puede_crear = PoseePermiso("crear proyecto").is_met(request.environ) pp = PoseePermiso('consultar proyecto') if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect("/proyectos/") tmpl_context.widget = self.table buscar_table_filler = ProyectoTableFiller(DBSession) buscar_table_filler.filtros = kw proyectos = buscar_table_filler.get_value() atras = '/proyectos/' return dict(lista_elementos=proyectos, page=self.title, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, url_action="/proyectos/", puede_crear=puede_crear, comboboxes=self.comboboxes, opciones=self.opciones, atras=atras) @without_trailing_slash @expose('lpm.templates.proyecto.new') def new(self, *args, **kw): """Display a page to show a new record.""" tmpl_context.widget = self.new_form atras = "/proyectos/" return dict(value=kw, page="Nuevo Proyecto", atras=atras) @validate(proyecto_add_form, error_handler=new) @expose() def post(self, *args, **kw): if "sprox_id" in kw: del kw["sprox_id"] proy = Proyecto(**kw) DBSession.add(proy) DBSession.flush() proy.codigo = Proyecto.generar_codigo(proy) #Creamos el rol miembro y lider de proyecto para este proyecto. plant_l = Rol.obtener_rol_plantilla(nombre_rol=u"Lider de Proyecto") rol_l = Rol.nuevo_rol_desde_plantilla(plantilla=plant_l, id=proy.id_proyecto) flash("Se ha creado un nuevo proyecto") redirect("/proyectos/") @expose('lpm.templates.proyecto.edit') def edit(self, id_proyecto, *args, **kw): """Despliega una pagina para admistrar un proyecto""" pp = PoseePermiso('modificar proyecto', id_proyecto=id_proyecto) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect("/proyectos") proyecto = Proyecto.por_id(id_proyecto) tmpl_context.widget = self.edit_form value = self.edit_filler.get_value(values={'id_proyecto': id_proyecto}) value['_method'] = 'PUT' atras = "/proyectos/" return dict(value=value, page="Modificar Proyecto %s" % proyecto.nombre, atras=atras) @validate(proyecto_edit_form, error_handler=edit) @expose() def put(self, *args, **kw): """Registra los cambios en la edición de un proyecto. """ if "sprox_id" in kw: del kw["sprox_id"] id_proyecto = UrlParser.parse_id(request.url, "proyectos") proy = Proyecto.por_id(id_proyecto) proy.nombre = unicode(kw["nombre"]) proy.descripcion = unicode(kw["descripcion"]) redirect("/proyectos/") @expose() def post_delete(self, id_proyecto): proy = Proyecto.por_id(int(id_proyecto)) p_items = DBSession.query(PropiedadItem).filter(and_(PropiedadItem.id_item_actual ==\ Item.id_item, Item.id_fase == \ Fase.id_fase, Fase.id_proyecto == id_proyecto)).all() for pi in p_items: DBSession.delete(pi) DBSession.delete(proy) flash("Proyecto Eliminado") redirect("/proyectos/") @expose('lpm.templates.index') def _default(self, *args, **kw): """Maneja las urls no encontradas""" flash(_('Recurso no encontrado'), 'warning') redirect('/') return dict(page='index') @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.proyecto.get_all') @expose('json') def get_one(self, *args, **kw): id_proyecto = int(args[0]) puede_crear = PoseePermiso("crear proyecto").is_met(request.environ) if pylons.request.response_type == 'application/json': return dict(lista=self.table_filler.get_value( id_proyecto=id_proyecto, **kw)) if not getattr(self.table.__class__, ' ', False): proyecto = self.table_filler.get_value(id_proyecto=id_proyecto, **kw) else: proyecto = [] tmpl_context.widget = self.table atras = '../' return dict(lista_elementos=proyecto, page=self.title, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action="/proyectos/", puede_crear=puede_crear, comboboxes=self.comboboxes, atras=atras)
from baruwa.lib.auth.predicates import OnlySuperUsers from baruwa.tasks.settings import update_serial from baruwa.model.accounts import Group from baruwa.forms.organizations import RelayForm, RelayEditForm from baruwa.forms.organizations import ImportCSVForm from baruwa.tasks import importdomains from baruwa.lib.audit.msgs import organizations as auditmsgs from baruwa.lib.api import org_add_form, create_org, edit_org, delete_org, \ update_if_changed, org_delete_form, relay_update_if_changed, add_relay, \ edit_relay, delete_relay, get_org, get_relay log = logging.getLogger(__name__) @ControllerProtector(All(not_anonymous(), OnlySuperUsers())) class OrganizationsController(BaseController): "Organizations controller" def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None c.selectedtab = 'organizations' def index(self, page=1, format=None): "index page" total_found = 0 search_time = 0
class EventController(TGController): def __init__(self, event): self.event = event self.sheets = SheetsController(event=self.event) self.lessons = LessonsController(event=self.event) self.admin = EventAdminController(event=self.event) self.submissions = SubmissionsController(event=self.event) c.event = self.event self.allow_only = Any( is_public(self.event), user_is_in('teachers', self.event), has_permission('manage'), msg=u'This Event is not public' ) c.sub_menu = menu(self.event, True) def _before(self, *args, **kwargs): '''Prepare tmpl_context with navigation menus''' #c.side_menu = entity_menu(self.event, 'Sheets', self.event.sheets) c.sub_menu = menu(self.event) @expose('sauce.templates.event') def index(self, *args, **kwargs): '''Event details page''' return dict(page='events', event=self.event) @expose('sauce.templates.form') @require(not_anonymous(msg=u'Only logged in users can enroll for events')) def enroll(self, password=None, lesson=None, team=None, *args, **kwargs): '''Event enrolling page''' params = {} if not self.event.enroll: flash('Enroll not allowed', 'error') return HTTPForbidden() if self.event.password and password != self.event.password: if password: flash('Wrong password', 'error') c.text = u'Please enter the password to enroll for this event:' c.form = PasswordEnrollForm else: if password: params['password'] = password if self.event.enroll == 'event': try: self.event._members.append(request.user) DBSession.flush() except SQLAlchemyError: log.warn('Error while enrolling user %r for event %r:', request.user, self.event, exc_info=True) flash('An error occured', 'error') else: flash('Enrolled for Event "%s"' % self.event.name, 'ok') redirect(self.event.url) if self.event.enroll in ('lesson_team', 'team', 'team_new') and team: if self.event.enroll == 'team_new' and team == '__new__': try: lesson = Lesson.query.get(int(lesson)) except ValueError: lesson = team = None else: # Get unique team name q = Team.query.filter_by(lesson=lesson) i = q.count() + 1 while True: name = 'New Team %d' % i t = q.filter_by(name=name).first() if not t: break i = i + 1 team = Team(lesson=lesson, name=name) DBSession.add(team) else: try: team = Team.query.get(int(team)) except ValueError: team = None if team: try: team.members.append(request.user) DBSession.flush() except SQLAlchemyError: log.warn('Error while enrolling user %r for team %r:', request.user, team, exc_info=True) flash('An error occured', 'error') lesson = lesson.id else: flash('Enrolled for Team "%s" in Lesson "%s" in Event "%s"' % (team.name, team.lesson.name, self.event.name), 'ok') redirect(self.event.url) else: flash('Selected Team does not exist', 'error') if self.event.enroll in ('lesson', 'lesson_team', 'team', 'team_new') and not lesson: c.text = u'Please select the lesson you would like to attend:' c.form = LessonSelectionForm(event=self.event, action=url('', params)) if self.event.enroll == 'lesson' and lesson: try: lesson = Lesson.query.get(int(lesson)) except ValueError: lesson = None if lesson: try: lesson._members.append(request.user) DBSession.flush() except SQLAlchemyError: log.warn('Error while enrolling user %r for lesson %r:', request.user, lesson, exc_info=True) flash('An error occured', 'error') else: flash('Enrolled for Lesson "%s" in Event "%s"' % (lesson.name, self.event.name), 'ok') redirect(self.event.url) else: flash('Selected Lesson does not exist', 'error') if self.event.enroll in ('lesson_team', 'team', 'team_new') and lesson: try: lesson = Lesson.query.get(int(lesson)) except ValueError: lesson = None else: params['lesson'] = lesson.id c.text = u'Please select the team in which you would like to work:' c.form = TeamSelectionForm( lesson=lesson, new=bool(self.event.enroll == 'team_new'), action=url('', params), ) return dict(page='events', heading=u'Enroll for %s' % self.event.name)
def index(self): debug = not_anonymous(msg='log in!')\ .is_met(cherrypy.request.wsgi_environ) gatherings = Session.query(Gathering).all() return {'gatherings': gatherings, 'debug': debug}
filter(SapnsShortcut.shortcut_id == id_shortcut).\ delete() dbs.flush() _key = '%d_%d' % (sc.user_id, sc.parent_id) cache.get_cache('user_get_shortcuts').remove_value(key=_key) return dict(status=True) except Exception, e: logger.error(e) return dict(status=False) @expose('json') @require(predicates.not_anonymous()) def bookmark(self, id_shortcut, **params): logger = logging.getLogger(__name__ + '/bookmark') try: logger.info('Bookmarking shortcut [%s]' % id_shortcut) user = dbs.query(SapnsUser).get(request.identity['user'].user_id) dboard = user.get_dashboard() dboard.add_child(id_shortcut) _key = '%d_%d' % (user.user_id, dboard.shortcut_id) cache.get_cache('user_get_shortcuts').remove_value(key=_key) return dict(status=True) except Exception, e:
class RolController(CrudRestController): """Controlador de roles""" #{ Variables title = u"Administrar Roles" action = "/roles/" rol_tipo = u"Sistema" #indica que el tipo no hay que averiguar. #{ Plantillas # No permitir usuarios anonimos (?) allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{ Modificadores model = Rol table = rol_table table_filler = rol_table_filler new_form = rol_add_form edit_form = rol_edit_form edit_filler = rol_edit_filler #para el form de busqueda opciones = dict(codigo=u'Código', nombre_rol=u'Nombre', tipo=u'Tipo') columnas = dict(codigo='texto', nombre_rol='texto', tipo='combobox') comboboxes = dict(tipo=Rol.tipos_posibles) #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.rol.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ puede_crear = PoseePermiso("crear rol").is_met(request.environ) if request.response_type == 'application/json': return self.table_filler.get_value(**kw) if not getattr(self.table.__class__, '__retrieves_own_value__', False): roles = self.table_filler.get_value(**kw) else: roles = [] tmpl_context.widget = self.table atras = "/" return dict(lista_elementos=roles, page=self.title, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, comboboxes=self.comboboxes, url_action=self.action, puede_crear=puede_crear, atras=atras) @expose('lpm.templates.rol.edit') def edit(self, *args, **kw): """Despliega una pagina para modificar rol""" pp = PoseePermiso('modificar rol') if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(self.action) tmpl_context.widget = self.edit_form value = self.edit_filler.get_value(values={'id_rol': int(args[0])}) page = "Rol {nombre}".format(nombre=value["nombre_rol"]) atras = self.action return dict(value=value, page=page, atras=atras) @expose('lpm.templates.rol.get_one') def get_one(self, id_rol): """Despliega una página para visualizar el rol""" class select(MultipleSelectDojo): def _my_update_params(self, d, nullable=False): options = [] pks = [] for i, v in enumerate(d["value"]): pks.append(int(v)) permisos = DBSession.query(Permiso) \ .filter(Permiso.id_permiso.in_(pks)).all() for p in permisos: options.append((p.id_permiso, '%s' % p.nombre_permiso)) d['options'] = options return d class selector(WidgetSelectorDojo): default_multiple_select_field_widget_type = select class RolVerEditForm(RolEditForm): __model__ = Rol __hide_fields__ = ['id_rol'] __omit_fields__ = [ 'usuarios', 'codigo', 'creado', 'id_proyecto', 'id_fase', 'id_tipo_item' ] __field_order__ = ['nombre_rol', 'tipo', 'descripcion', 'permisos'] __widget_selector_type__ = selector descripcion = TextArea tmpl_context.widget = RolVerEditForm(DBSession) value = self.edit_filler.get_value(values={'id_rol': int(id_rol)}) page = "Rol {nombre}".format(nombre=value["nombre_rol"]) atras = self.action return dict(value=value, page=page, atras=atras) @without_trailing_slash @expose('lpm.templates.rol.new') def new(self, *args, **kw): """Despliega una pagina para crear un rol""" pp = PoseePermiso('crear rol') if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(self.action) tmpl_context.widget = self.new_form if request.environ.get( 'HTTP_REFERER') == "http://" + request.environ.get( 'HTTP_HOST', ) + "/": atras = "../" else: atras = "/roles" return dict(value=kw, page="Nuevo Rol", action=self.action, atras=atras) #@validate(rol_add_form, error_handler=new) @expose() def post(self, *args, **kw): """create a new record""" pp = PoseePermiso('crear rol') if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(self.action) if (not kw.has_key('tipo')): kw["tipo"] = self.rol_tipo Rol.crear_rol(**kw) redirect(self.action) #@validate(rol_edit_form, error_handler=edit) @expose() def put(self, *args, **kw): """update a record""" pp = PoseePermiso('modificar rol') if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(self.action) Rol.actualizar_rol(**kw) redirect(self.action) @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.rol.get_all') @expose('json') def post_buscar(self, *args, **kw): puede_crear = PoseePermiso("crear rol").is_met(request.environ) tmpl_context.widget = self.table buscar_table_filler = self.table_filler.__class__(DBSession) buscar_table_filler.filtros = kw roles = buscar_table_filler.get_value() atras = self.action return dict(lista_elementos=roles, page=self.title, titulo=self.title, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, comboboxes=self.comboboxes, url_action=self.action, puede_crear=puede_crear, atras=atras)
log = logging.getLogger(__name__) CONFIG_SECTIONS = { 1: 'General Settings', 2: 'Message Processing Settings', 3: 'Virus checks Settings', 4: 'Content checks Settings', 5: 'Reporting Settings', 6: 'Notice Settings', 7: 'Spam checks Settings', 8: 'Logging Settings' } @ControllerProtector(not_anonymous()) class SettingsController(BaseController): #@ActionProtector(not_anonymous()) def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None c.selectedtab = 'settings' def _get_server(self, serverid): "returns server object" try: server = Session.query(Server).get(serverid)
class RootController(BaseController): """ The root controller for the fedora-tagger application. """ error = ErrorController() @expose('json') def dump(self): """ A http interface to the dump2json method. Returns a json dump of the database (nearly) in full. """ return dump2json() def _search_query(self, term): """ Produce a query searching over packages for ``term`` """ query = model.Package.query.filter_by(name=term) if query.count() != 1: # Broaden the search query = model.Package.query.filter( model.Package.name.like("%%%s%%" % term)) return query @expose('json') @require(not_anonymous(msg="Login with your FAS credentials.")) def search(self, term): """ Handles /search URL. Returns a JSON object including how many items were found, and a (few) samples. """ query = self._search_query(term) return dict(count=query.count(), term=term, samples=[p.name for p in query.all()[:3]]) @expose('json') @require(not_anonymous(msg="Login with your FAS credentials.")) def add(self, label, package): """ Handles /add URL. Returns a JSON object indicating success or failure. - If the package does not exist. Fail. - If the label does not exist, create it. - If the label is not associated with the package, associate it. - Log a 'vote' for the current user on the new tag. """ json = dict(tag=label, package=package) query = model.TagLabel.query.filter_by(label=label) if query.count() == 0: model.DBSession.add(model.TagLabel(label=label)) label = query.one() query = model.Package.query.filter_by(name=package) if query.count() == 0: json['msg'] = "No such package '%s'" % package return json package = query.one() query = model.Tag.query.filter_by(label=label, package=package) if query.count() != 0: json['msg'] = "%s already tagged '%s'" % (package.name, label.label) return json tag = model.Tag(label=label, package=package) model.DBSession.add(tag) vote = model.Vote(like=True) vote.user = model.get_user() vote.tag = tag model.DBSession.add(vote) json['msg'] = "Success. '%s' added to package '%s'" % (label.label, package.name) return json @expose('fedoratagger.templates.tagger') @require(not_anonymous(msg="Login with your FAS credentials.")) def tagger(self): """ Really, the main index. Returns a list of (the first three) card widgets for the template to render. The rest are acquired as needed via ajax calls to the /card path. """ cards = [CardWidget(package=None) for i in range(3)] cards[1].css_class = 'card center' return dict(cards=cards) index = tagger @expose() @require(not_anonymous(msg="Login with your FAS credentials.")) def leaderboard(self, N=10): """ Handles the /leaderboard path. Returns an HTML table of the top N users. """ users = model.FASUser.query.all() users.sort(lambda x, y: cmp(len(x.votes), len(y.votes)), reverse=True) users = users[:N] keys = ['rank', 'gravatar_sm', 'username', 'total_votes'] row = "<tr>" + ''.join(["<td>{%s}</td>" % k for k in keys]) + "</tr>" rows = [ row.format(**dict([(k, getattr(u, k)) for k in keys])) for u in users ] template = """ <table class="leaderboard"> <tr> <th>Rank</th> <th colspan="2">User</th> <th>Votes</th> </tr> {rows} </table>""" return template.format(rows="".join(rows)) @expose() @require(not_anonymous(msg="Login with your FAS credentials.")) def details(self, name=None): """ Handles the /details path. Return a list of details for a package. """ icon_template = "https://admin.fedoraproject.org/community/images/16_{serv}.png" item_template = "<li><img src='{icon}'/><a href='{url}' target='_blank'>{text}</a></li>" services = [ ('pkgdb', 'Downloads', "https://admin.fedoraproject.org/community/?package={name}#package_maintenance/details/downloads" ), ('koji', 'Builds', "http://koji.fedoraproject.org/koji/search?terms={name}&type=package&match=exact" ), ('bodhi', 'Updates', "https://admin.fedoraproject.org/updates/{name}"), ('bugs', 'Bugs', "https://admin.fedoraproject.org/pkgdb/acls/bugs/{name}"), ('sources', 'Source', "http://pkgs.fedoraproject.org/gitweb/?p={name}.git"), ] items = [ item_template.format(icon=icon_template.format(serv=serv), url=url.format(name=name), text=text) for serv, text, url in services ] return "<ul>" + "\n".join(items) + "</ul>" @expose() @require(not_anonymous(msg="Login with your FAS credentials.")) def card(self, name=None): """ Handles the /card path. Return a rendered CardWidget in HTML. If no name is specified, produce a widget for a package selected at random. If a name is specified, try to search for that package and render the associated CardWidget. """ package = None if name and name != "undefined": query = self._search_query(name) package = query.first() w = CardWidget(package=package) return w.display() @expose('json') @require(not_anonymous(msg="Login with your FAS credentials.")) def vote(self, id, like): """ Handles the /vote path. Return JSON indicating results and stats. If the user has voted on this tag before, only allow a 'change' of votes; no "double-voting". If they have not, then register their new vote. """ like = asbool(like) tag = model.Tag.query.filter_by(id=id).one() user = model.get_user() # See if they've voted on this before. query = model.Vote.query.filter_by(user=user, tag=tag) if query.count() == 0: # They haven't. So register a new vote. if like: tag.like += 1 else: tag.dislike += 1 vote = model.Vote(like=like) vote.user = user vote.tag = tag model.DBSession.add(vote) else: # Otherwise, they've voted on this before. See if they're changing # their vote. vote = query.one() if vote.like == like: # They're casting the same vote, the same way. Ignore them. pass else: # Okay. Let them change their vote. if like: tag.like += 1 tag.dislike -= 1 else: tag.like -= 1 tag.dislike += 1 vote.like = like # Done changing vote. json = tag.__json__() json['user'] = { 'votes': user.total_votes, 'rank': user.rank, } return json @expose('fedoratagger.templates.login') def login(self, came_from=url('/')): """Start the user login.""" login_counter = request.environ['repoze.who.logins'] if login_counter > 0: flash(_('Wrong credentials'), 'warning') return dict(page='login', login_counter=str(login_counter), came_from=came_from) @expose() def post_login(self, came_from=url('/')): """ Redirect the user to the initially requested page on successful authentication or redirect her back to the login page if login failed. """ if not request.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect('/login', params=dict(came_from=came_from, __logins=login_counter)) userid = request.identity['repoze.who.userid'] flash(_('Welcome back, %s!' % userid)) redirect(came_from) @expose() def post_logout(self, came_from=url('/')): """ Redirect the user to the initially requested page on logout and say goodbye as well. """ flash(_('We hope to see you soon!')) redirect(came_from)
class TipoItemController(CrudRestController): """Controlador para tipos de item""" #{ Variables title = u"Tipos de Ítem de fase: %s" action = "./" subaction = "./atributostipoitem/" #{subcontroller miembrostipo = MiembrosTipoController() nomiembrostipo = NoMiembrosTipoController() atributostipoitem = AtributosPorTipoItemController(DBSession) rolestipo = RolesTipoController(DBSession) #{ Plantillas # No permitir tipo_items anonimos (?) allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{ Modificadores model = TipoItem table = tipo_item_table table_filler = tipo_item_table_filler new_form = tipo_item_add_form edit_form = tipo_item_edit_form edit_filler = tipo_item_edit_filler #para el form de busqueda opciones = dict(codigo= u'Código', nombre= u'Nombre' ) columnas = dict(codigo='texto', nombre='texto' ) #comboboxes = dict() #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.tipoitem.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ id_proyecto = UrlParser.parse_id(request.url, "proyectos") id_fase = UrlParser.parse_id(request.url, "fases") atras = "../" if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti") id_fase = UrlParser.parse_id(request.url, "fases_ti") atras = "../../" proy = Proyecto.por_id(id_proyecto) puede_crear = puede_crear = PoseePermiso("crear tipo item", id_fase=id_fase).is_met(request.environ) if proy.estado != "Iniciado": puede_crear = False fase = Fase.por_id(id_fase) titulo = self.title % fase.nombre tipo_items = self.table_filler.get_value(id_fase=id_fase, **kw) tmpl_context.widget = self.table url_action = self.action if UrlParser.parse_nombre(request.url, "post_buscar"): url_action = "../" return dict(lista_elementos=tipo_items, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action=url_action, puede_crear=puede_crear, atras=atras ) @expose('lpm.templates.tipoitem.edit') def edit(self, *args, **kw): """Despliega una pagina para modificar tipo_item""" id_tipo = UrlParser.parse_id(request.url, "tipositems") id_fase = UrlParser.parse_id(request.url, "fases") if not id_fase: id_fase = UrlParser.parse_id(request.url, "fases_ti") value = self.edit_filler.get_value(values={'id_tipo_item': id_tipo}) url_action = "./" pp = PoseePermiso('redefinir tipo item', id_tipo_item=id_tipo) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(url_action) tmpl_context.widget = self.edit_form value['_method'] = 'PUT' page = "Tipo Item: {nombre}".format(nombre=value["nombre"]) return dict(value=value, page=page, atras=url_action, url_action=url_action ) @without_trailing_slash @expose('lpm.templates.tipoitem.new') def new(self, *args, **kw): """Despliega una pagina para crear un tipo_item""" id_fase = UrlParser.parse_id(request.url, "fases") if not id_fase: id_fase = UrlParser.parse_id(request.url, "fases_ti") pp = PoseePermiso('crear tipo item', id_fase=id_fase) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect("./") atras = self.action tmpl_context.widget = self.new_form return dict(value=kw, page=u"Nuevo Tipo de Ítem", action=self.action, atras=atras) #@validate(tipo_item_add_form, error_handler=new) @expose() def post(self, *args, **kw): """create a new record""" id_proyecto = UrlParser.parse_id(request.url, "proyectos") id_fase = UrlParser.parse_id(request.url, "fases") if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti") id_fase = UrlParser.parse_id(request.url, "fases_ti") pp = PoseePermiso('crear tipo item', id_fase=id_fase) url_action = self.action if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(url_action) if kw.has_key("sprox_id"): del kw["sprox_id"] id_padre = int(kw["id_padre"]) id_importado = kw["id_importado"] if (kw["id_importado"]): id_importado = int(kw["id_importado"]) mezclar = False if kw.has_key("mezclar"): mezclar = kw["mezclar"] del kw["mezclar"] del kw["id_padre"] del kw["id_importado"] proy = Proyecto.por_id(id_proyecto) tipo = proy.definir_tipo_item(id_padre, id_importado, mezclar, **kw) #Creamos el rol miembro de tipo de ítem #plant_m = Rol.obtener_rol_plantilla(nombre_rol=u"Miembro de Tipo Item") #rol_m = Rol.nuevo_rol_desde_plantilla(plantilla=plant_m, # id=tipo.id_tipo_item) flash(u"Creacion exitosa") redirect(url_action) @validate(tipo_item_edit_form, error_handler=edit) @expose() def put(self, *args, **kw): """update a record""" url_action = url_action = "../../" pp = PoseePermiso('redefinir tipo item', id_tipo_item=kw["id_tipo_item"]) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect(url_action) tipo = TipoItem.por_id(int(kw["id_tipo_item"])) tipo.descripcion = unicode(kw["descripcion"]) flash("Actualizacion exitosa") redirect("./") @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.tipoitem.get_all') @expose('json') def post_buscar(self, *args, **kw): id_proyecto = UrlParser.parse_id(request.url, "proyectos") id_fase = UrlParser.parse_id(request.url, "fases") atras = "../" if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti") id_fase = UrlParser.parse_id(request.url, "fases_ti") atras = "../../../" proy = Proyecto.por_id(id_proyecto) puede_crear = puede_crear = PoseePermiso("crear tipo item", id_fase=id_fase).is_met(request.environ) if proy.estado != "Iniciado": puede_crear = False fase = Fase.por_id(id_fase) titulo = self.title % fase.nombre tmpl_context.widget = self.table buscar_table_filler = self.table_filler.__class__(DBSession) buscar_table_filler.filtros = kw tipos_items = buscar_table_filler.get_value(id_fase=id_fase) return dict(lista_elementos=tipos_items, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action="../", puede_crear=puede_crear, atras=atras ) @expose() def post_delete(self, *args, **kw): """This is the code that actually deletes the record""" atras = './' id_tipo = int(args[0]) tipo = TipoItem.por_id(id_tipo) DBSession.delete(tipo) redirect(atras) @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.tipoitem.get_all') @expose('json') def get_one(self, *args, **kw): id_tipo = int(args[0]) id_proyecto = UrlParser.parse_id(request.url, "proyectos") id_fase = UrlParser.parse_id(request.url, "fases") if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase_ti") id_fase = UrlParser.parse_id(request.url, "fases_ti") proy = Proyecto.por_id(id_proyecto) puede_crear = puede_crear = PoseePermiso("crear tipo item", id_fase=id_fase).is_met(request.environ) if proy.estado != "Iniciado": puede_crear = False ti = self.table_filler.get_value(id_tipo=id_tipo, **kw) tmpl_context.widget = self.table fase = Fase.por_id(id_fase) titulo = self.title % fase.nombre atras = '../' return dict(lista_elementos=ti, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action=self.action, puede_crear=puede_crear, atras=atras )
class ProyectoController(BaseController): allow_only = not_anonymous( msg='Solo usuarios registrados pueden acceder a los proyectos') @expose() def index(self, **named): """Handle the front-page.""" redirect('/proyecto/lista') @expose(template='gestionitem.templates.proyectoTmpl.lista') def lista(self, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] expresion = named.get('expresion') orden = named.get('submit') proyectos = [] id = identity['user'] for grupo in id.groups: if (grupo.group_name == 'Administrador'): if (orden == None or orden == 'Listar Todos'): proyectos = DBSession.query(Proyecto).filter( Proyecto.estado != 4).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): proyectoxlider = DBSession.query(Proyecto).join( (User, Proyecto.lider)).filter( User.user_name.like('%' + expresion + '%')).filter( Proyecto.estado != 4).all() proyectoxdescripcion = DBSession.query(Proyecto).filter( Proyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectoxestado = DBSession.query(Proyecto).join( (EstadoProyecto, Proyecto.estadoObj)).filter( EstadoProyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectos = proyectoxdescripcion + proyectoxlider + proyectoxestado muestraBoton = "true" if (grupo.group_name == 'LiderProyecto'): if (orden == None or orden == 'Listar Todos'): proyectosLider = DBSession.query(Proyecto).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): proyectoxlider = DBSession.query(Proyecto).join( (User, Proyecto.lider)).filter( User.user_name.like('%' + expresion + '%')).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() proyectoxdescripcion = DBSession.query(Proyecto).filter( Proyecto.descripcion.like('%' + expresion + '%') ).filter(Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() proyectoxestado = DBSession.query(Proyecto).join( (EstadoProyecto, Proyecto.estadoObj)).filter( EstadoProyecto.descripcion.like( '%' + expresion + '%')).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() proyectosLider = proyectoxdescripcion + proyectoxlider + proyectoxestado muestraBoton = "true" elif (orden): proyectosLider = DBSession.query(Proyecto).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() muestraBoton = "false" for proyect in proyectosLider: if (proyect in proyectos): proyect.setDefinir() proyect.setmostrarFases() indice = proyectos.index(proyect) proyectos[indice] = proyect else: proyect.setDefinir() proyect.setmostrarFases() proyectos.append(proyect) if (grupo.group_name == 'Desarrollador' or grupo.group_name == 'Aprobador'): proyectosDesarrollador = [] ufrs = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.user_id == id.user_id).all() if (orden == None or orden == 'Listar Todos'): for ufr in ufrs: try: fase = DBSession.query(Fase).join( (Proyecto, Fase.proyectoObj)).filter( Fase.id == ufr.fase_id).filter( Proyecto.estado != 4).one() proyectosDesarrollador.append(fase.proyectoObj) except: pass proyectosDesarrolladorset = set(proyectosDesarrollador) proyectosDesarrollador = list(proyectosDesarrolladorset) muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): proyectoxlider = DBSession.query(Proyecto).join( (User, Proyecto.lider)).filter( User.user_name.like('%' + expresion + '%')).filter( Proyecto.estado != 4).all() proyectoxdescripcion = DBSession.query(Proyecto).filter( Proyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectoxestado = DBSession.query(Proyecto).join( (EstadoProyecto, Proyecto.estadoObj)).filter( EstadoProyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectosaux = proyectoxlider + proyectoxdescripcion + proyectoxestado proyectosauxset = set(proyectosaux) proyectosaux = list(proyectosauxset) for ufr in ufrs: if ufr.fase.proyectoObj in proyectosaux: proyectosDesarrollador.append(ufr.fase.proyectoObj) proyectosDesarrolladorset = set(proyectosDesarrollador) proyectosDesarrollador = list(proyectosDesarrolladorset) muestraBoton = "true" if proyectos.__len__() > 0: for proyecto1 in proyectosDesarrollador: if proyecto1 in proyectos: proyecto1.setmostrarFases() else: proyecto1.setmostrarFases() proyectos.append(proyecto1) else: proyectos = proyectosDesarrollador for proyecto12 in proyectos: proyecto12.setmostrarFases() proset = set(proyectos) proyectos = list(proset) from webhelpers import paginate count = proyectos.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( proyectos, page, item_count=count, items_per_page=5, ) proyectos = currentPage.items return dict(page='Lista de proyectos', proyectos=proyectos, subtitulo='Proyectos', user=user, muestraBoton=muestraBoton, currentPage=currentPage) @expose('gestionitem.templates.proyectoTmpl.nuevo') @require( All(in_group('Administrador'), has_permission('crear proyecto'), msg='Debe poseer Rol "Administrador" para crear nuevos proyectos')) def nuevo(self): """Handle the front-page.""" identity = request.environ.get('repoze.who.identity') user = identity['user'] lideres = DBSession.query(User).join( (Rol, User.groups)).filter(Rol.group_name == 'LiderProyecto').all() nombreProyectos = [] proyectos = DBSession.query(Proyecto).all() for proyecto in proyectos: nombreProyectos.append(proyecto.descripcion) nombreProyectos.append(",") return dict(page='Nuevo Proyecto', lideres=lideres, nombreProyectos=nombreProyectos, user=user) @expose() @require( All(in_group('Administrador'), has_permission('crear proyecto'), msg='Debe poseer Rol "Administrador" para crear nuevos proyectos')) def add_proyecto(self, descripcion, lider, **named): """Registra un proyecto nuevo """ new = Proyecto( descripcion=descripcion, id_lider=lider, estado=1, ) DBSession.add(new) flash('''Proyecto Registrado: %s''' % (descripcion, )) redirect('./index') @expose(template="gestionitem.templates.proyectoTmpl.editar") @require( All(in_group('Administrador'), has_permission('editar proyecto'), msg='Debe poseer Rol "Administrador" editar proyectos')) def editar(self, id): identity = request.environ.get('repoze.who.identity') user = identity['user'] proyecto = DBSession.query(Proyecto).filter_by(id=id).one() if proyecto.lider != None: usuarios = DBSession.query(User).join((Rol, User.groups)).filter( Rol.group_name == 'LiderProyecto').filter( User.user_id != proyecto.lider.user_id).all() else: usuarios = DBSession.query(User).join( (Rol, User.groups)).filter(Rol.group_name == 'LiderProyecto') return dict(page='Editar Proyecto', id=id, proyecto=proyecto, subtitulo='ABM-Proyecto', user=user, usuarios=usuarios) @expose() @require( All(in_group('Administrador'), has_permission('editar proyecto'), msg='Debe poseer Rol "Administrador" editar proyectos')) def actualizar(self, id, descripcion, id_user, submit): """Create a new movie record""" proyecto = DBSession.query(Proyecto).filter_by(id=id).one() proyecto.descripcion = descripcion proyecto.id_lider = id_user DBSession.flush() redirect('/proyecto') @expose() @require( in_group('Administrador', msg='Debe poseer Rol "Administrador" eliminar proyectos')) @require( All(in_group('Administrador'), has_permission('eliminar proyecto'), msg='Debe poseer Rol "Administrador" eliminar proyectos')) def eliminar(self, id): proyecto = DBSession.query(Proyecto).filter_by(id=id).one() proyecto.estado = 4 redirect('/proyecto') @expose(template='gestionitem.templates.proyectoTmpl.avisoEliminarProyecto' ) def avisoEliminarProyecto(self, id, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] proyecto = DBSession.query(Proyecto).filter_by(id=id).one() return dict(page='Aviso Editar Item', user=user, fases=proyecto.fases, proyecto=proyecto, subtitulo='Aviso') @expose() def cambiarEstado(self, id, estado, **named): proyecto = DBSession.query(Proyecto).filter_by(id=id).one() proyecto.estado = estado DBSession.flush() redirect('/proyecto') @expose(template="gestionitem.templates.proyectoTmpl.proyectoDef") @require( All(in_group('LiderProyecto'), has_permission('definir proyecto'), msg='Debe poseer Rol "LiderProyecto" para definir proyectos')) def proyectoDef(self, id, **named): fases = DBSession.query(Fase).filter(Fase.proyecto_id == id) proyecto_id = id return dict(page='Definir Proyecto', proyecto_id=proyecto_id, subtitulo='Definir Proyecto') @expose(template="gestionitem.templates.proyectoTmpl.faseList") @require( All(in_group('LiderProyecto'), has_permission('definir proyecto'), msg='Debe poseer Rol "LiderProyecto" para definir fases')) def definir_fase(self, id, **named): identity = request.environ.get('repoze.who.identity') fases = [] expresion = named.get('expresion') orden = named.get('submit') iduser = identity['user'] proyecto = DBSession.query(Proyecto).filter(Proyecto.id == id).one() proyectoEstado = proyecto.estado for grupo in iduser.groups: if (grupo.group_name == 'LiderProyecto'): if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'): fases = DBSession.query(Fase).filter( Fase.proyecto_id == id).order_by( Fase.numero_fase).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): fasesxdescripcion = DBSession.query(Fase).filter( Fase.proyecto_id == id).filter( Fase.descripcion.like('%' + expresion + '%')).all() fasesxestado = DBSession.query(Fase).join( (EstadoFase, Fase.estadoObj)).filter( Fase.proyecto_id == id).filter( EstadoFase.descripcion.like('%' + expresion + '%')).all() fases = fasesxdescripcion + fasesxestado muestraBoton = "true" elif (grupo.group_name == 'Desarrollador' or grupo.group_name == 'Aprobador'): ufrs = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.user_id == iduser.user_id).all() for ufr in ufrs: if (str(ufr.fase.proyecto_id) == id): fasetot = [] if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'): fase1 = DBSession.query(Fase).filter( Fase.id == ufr.fase_id).one() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): fase1xdescripcion = DBSession.query(Fase).filter( Fase.id == ufr.fase_id).filter( Fase.descripcion.like('%' + expresion + '%')).all() fase1xestado = DBSession.query(Fase).join( (EstadoFase, Fase.estadoObj )).filter(Fase.id == ufr.fase_id).filter( EstadoFase.descripcion.like('%' + expresion + '%')).all() fasetot = fase1xdescripcion + fase1xestado muestraBoton = "true" for fase1 in fasetot: if (fase1 in fases): pass else: fases.append(fase1) faseset = set(fases) fases = list(faseset) fases = sorted(fases, key=lambda Fase: Fase.numero_fase) proyecto_id = id from webhelpers import paginate count = fases.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( fases, page, item_count=count, items_per_page=5, ) fases = currentPage.items return dict(page='Lista de fases', fases=fases, proyecto_id=proyecto_id, subtitulo='fases', user=iduser, proyectoEstado=proyectoEstado, muestraBoton=muestraBoton, proyecto=proyecto, currentPage=currentPage) @expose(template="gestionitem.templates.proyectoTmpl.agregar_fase") @require( All(in_group('LiderProyecto'), has_permission('crear fase'), msg='Debe poseer Rol "LiderProyecto" para agregar fases')) def agregar_fase(self, id): identity = request.environ.get('repoze.who.identity') user = identity['user'] proyecto = DBSession.query(Proyecto).filter(Proyecto.id == id).one() fase = DBSession.query(Fase).filter( Fase.proyecto_id == proyecto.id).all() codigos = [] for i, cod in enumerate(fase): codigos.append(cod.codigo_fase) codigos.append(",") return dict(page='Nueva Fase', proyecto=proyecto, user=user, codigos=codigos) @expose() @require( All(in_group('LiderProyecto'), has_permission('crear fase'), msg='Debe poseer Rol "LiderProyecto" para agregar fases')) def save_fase(self, id, descripcion_proyecto, nombre_fase, codFase, submit): fases = DBSession.query(Fase).filter(Fase.proyecto_id == id) num = fases.count() + 1 new = Fase(descripcion=nombre_fase, proyecto_id=id, numero_fase=num, estado_id=3, codigo_fase=codFase) DBSession.add(new) flash('''Fase Registrada: %s''' % (nombre_fase, )) redirect('/proyecto/definir_fase/' + id) @expose("gestionitem.templates.proyectoTmpl.editar_fase") @require( All(in_group('LiderProyecto'), has_permission('editar fase'), msg='Debe poseer Rol "LiderProyecto" para editar fases')) def editar_fase(self, id): identity = request.environ.get('repoze.who.identity') user = identity['user'] fase = DBSession.query(Fase).filter(Fase.id == id).one() fases = DBSession.query(Fase).filter( Fase.proyecto_id == fase.proyecto_id).all() codigos = [] for i, cod in enumerate(fases): codigos.append(cod.codigo_fase) codigos.append(",") return dict(page='Editar fase', id=id, fase=fase, user=user, codigos=codigos, subtitulo='ABM-Fase') @expose() @require( All(in_group('LiderProyecto'), has_permission('editar fase'), msg='Debe poseer Rol "LiderProyecto" para editar fases')) def actualizar_fase(self, id, descripcion_proyecto, nombre_fase, numero_fase, submit): fase = DBSession.query(Fase).filter(Fase.id == id).one() fase.descripcion = nombre_fase fase.numero_fase = numero_fase # fase.codigo_fase = codFase DBSession.flush() redirect('/proyecto/definir_fase/' + str(fase.proyecto_id)) @expose() @require( All(in_group('LiderProyecto'), has_permission('eliminar fase'), msg='Debe poseer Rol "LiderProyecto" para eliminar fases')) def eliminar_fase(self, id): fase = DBSession.query(Fase).filter(Fase.id == id).one() id_proyecto = fase.proyecto_id ufrs = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == id).all() for ufr in ufrs: DBSession.delete(ufr) DBSession.flush() # itemusuarios = DBSession.query(TipoItemUsuario).filter(TipoItemUsuario.fase_id == id).all() DBSession.delete(fase) fases = DBSession.query(Fase).filter( Fase.proyecto_id == id_proyecto).order_by(Fase.id).all() for i, fase in enumerate(fases): fase.numero_fase = i + 1 DBSession.flush() redirect('/proyecto/definir_fase/' + str(id_proyecto)) @expose("gestionitem.templates.proyectoTmpl.usuario_faseList") @require( in_group('LiderProyecto', msg='Debe poseer Rol "LiderProyecto" para listar usuarios')) def usuario_faseList(self, id, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] expresion = named.get('expresion') orden = named.get('submit') usuarioFaseRols = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == id).all() for ufr in usuarioFaseRols: if ufr.usuario == None: DBSession.delete(ufr) DBSession.flush() if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'): usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == id).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): usuarioxnombre = DBSession.query(UsuarioFaseRol).join( (User, UsuarioFaseRol.usuario)).filter( UsuarioFaseRol.fase_id == id).filter( User.user_name.like('%' + expresion + '%')).order_by( User.user_name).all() usuarioxrol = DBSession.query(UsuarioFaseRol).join( (Rol, UsuarioFaseRol.rol)).filter( UsuarioFaseRol.fase_id == id).filter( Rol.group_name.like('%' + expresion + '%')).all() usuarioFaseRol1 = usuarioxnombre + usuarioxrol usuarioFaseRol = set(usuarioFaseRol1) usuarioFaseRol = list(usuarioFaseRol) muestraBoton = "true" fase = DBSession.query(Fase).filter(Fase.id == id).one() from webhelpers import paginate count = usuarioFaseRol.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( usuarioFaseRol, page, item_count=count, items_per_page=5, ) usuarioFaseRol = currentPage.items descripcion = fase.descripcion proyecto = DBSession.query(Proyecto).filter( Proyecto.id == fase.proyecto_id).one() return dict(page='Usuarios de fase ' + descripcion, usuariofaserol=usuarioFaseRol, descripcion=descripcion, fase_id=id, subtitulo='Usuarios de fase', proyecto_id=fase.proyecto_id, user=user, muestraBoton=muestraBoton, proyecto=proyecto, currentPage=currentPage) @expose("gestionitem.templates.proyectoTmpl.agregarUsuarioFase") @require( All(in_group('LiderProyecto'), has_permission('asignar desarrollador'), msg='LiderProyecto" para agregar usuarios')) def agregar_usuario_fase(self, id, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] usuarios = DBSession.query(User).join((Rol, User.groups)).filter( or_(Rol.group_name == 'Aprobador', Rol.group_name == 'Desarrollador')).all() roles = DBSession.query(Rol).filter( or_(Rol.group_name == 'Aprobador', Rol.group_name == 'Desarrollador')).all() fase = DBSession.query(Fase).filter(Fase.id == id).one() # usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(UsuarioFaseRol.fase_id == id).all() return dict(page='Asignar Usuario a fase ' + fase.descripcion, usuarios=usuarios, roles=roles, proyecto_id=id, user=user, fase=fase) @expose() @require( All(in_group('LiderProyecto'), has_permission('asignar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para agregar usuarios')) def save_usuario_fase(self, fase, user, rol, **named): try: rol = int(rol) try: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol) DBSession.add(new) except: for rol1 in rol: try: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol1).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol1) DBSession.add(new) CambiarEstadoFase = DBSession.query(Fase).filter(Fase.id == fase).one() CambiarEstadoFase.estado_id = 1 redirect('/proyecto/usuario_faseList/' + fase) @expose() @require( All(in_group('LiderProyecto'), has_permission('eliminar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para eliminar usuarios')) def eliminar_usuario_fase(self, ufr): usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() fase = usuarioFaseRol.fase_id DBSession.delete(usuarioFaseRol) usuarioFaseRolcantidad = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).all() if usuarioFaseRolcantidad.__len__() == 0: faseCambiarEstado = DBSession.query(Fase).filter( Fase.id == fase).one() faseCambiarEstado.estado_id = 3 DBSession.flush() redirect('/proyecto/usuario_faseList/' + str(fase)) @expose("gestionitem.templates.proyectoTmpl.editarUsuarioFase") @require( All(in_group('LiderProyecto'), has_permission('editar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para editar usuarios')) def editar_usuario_fase(self, ufr, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() fase = DBSession.query(Fase).filter( Fase.id == usuarioFaseRol.fase_id).one() usuario = DBSession.query(User).filter( User.user_id == usuarioFaseRol.user_id).one() rol = DBSession.query(Rol).filter( Rol.group_id == usuarioFaseRol.rol_id).one() roles = DBSession.query(Rol).filter( or_(Rol.group_name == 'Aprobador', Rol.group_name == 'Desarrollador')).all() return dict(page='Editar Usuario de fase' + fase.descripcion, fase=fase, usuario=usuario, roles=roles, rol=rol, user=user, ufr=usuarioFaseRol) @expose() @require( All(in_group('LiderProyecto'), has_permission('editar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para editar usuarios')) def actualizar_usuario_fase(self, fase, ufr, submit, **named): rol = named.get('rol') usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() user = usuarioFaseRol.user_id if rol == None: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() DBSession.delete(usuarioFaseRol) else: try: rol = int(rol) try: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol) DBSession.add(new) except: for rol1 in rol: try: usuarioFaseRol = DBSession.query( UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol1).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol1) DBSession.add(new) redirect('/proyecto/usuario_faseList/' + fase)
class HistorialLBController(CrudRestController): """Controlador de Historial de una Línea Base""" #{ Variables title = u"Historial de la Línea Base: %s" allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{plantillas tmp_action = "./" #{ Modificadores model = HistorialLB table = historial_lb_table table_filler = historial_lb_table_filler opciones = dict(tipo_operacion=u'Tipo de Operación', fecha_modificacion= u'Fecha de Mofificación' ) columnas = dict(tipo_operacion='combobox', fecha_modificacion= 'fecha' ) comboboxes = dict(tipo_operacion= [u"Apertura", u"Cierre", u"Ruptura", u"Revisión", u"Creación"]) #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.historialitem.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ id_lb = UrlParser.parse_id(request.url, "lbs") lb = LB.por_id(id_lb) titulo = self.title % lb.codigo tmpl_context.widget = self.table historial = self.table_filler.get_value(lb=lb, **kw) return dict(lista_elementos=historial, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, comboboxes=self.comboboxes, url_action=self.tmp_action, atras="../../" ) @without_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.historialitem.get_all') @expose('json') def post_buscar(self, *args, **kw): """ Controlador que recibe los parámetros de búsqueda para devolver el resultado esperado. """ id_lb = UrlParser.parse_id(request.url, "lbs") lb = LB.por_id(id_lb) titulo = self.title % lb.codigo tmpl_context.widget = self.table buscar_table_filler = HistorialLBTableFiller(DBSession) buscar_table_filler.filtros = kw historial = buscar_table_filler.get_value(lb=lb, **kw) return dict(lista_elementos=historial, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, comboboxes=self.comboboxes, url_action='../', opciones=self.opciones, atras='../' ) @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.lb.examinar') @expose('json') def examinar(self, *args, **kw): """ Muestra los elementos que forman parte de la LB """ id_lb = int(args[0]) lb = LB.por_id(id_lb) titulo = u"Ítems de Línea Base: %s" % lb.codigo iplbs = item_lb_table_filler.get_value(lb=lb, **kw) tmpl_context.widget = item_lb_table atras = "../../" return dict(lista_elementos=iplbs, page=titulo, titulo=titulo, modelo="ItemsPorLB", atras=atras ) @expose() def get_one(self, *args, **kw): pass @expose() def new(self, *args, **kw): pass @expose() def post_delete(self, id): pass @expose() def post(self, *args, **kw): pass @expose() def edit(self, *args, **kw): pass @expose() def put(self, *args, **kw): pass
from baruwa.model.meta import Session from baruwa.model.auth import LDAPSettings, RadiusSettings from baruwa.model.accounts import Group, domain_owners from baruwa.model.accounts import organizations_admins as oa from baruwa.model.domains import DomainAlias from baruwa.model.domains import Domain, DeliveryServer, AuthServer from baruwa.forms.domains import BulkDelDomains, AddLDAPSettingsForm from baruwa.forms.domains import AddDomainForm, AddDeliveryServerForm from baruwa.forms.domains import AddAuthForm, AUTH_PROTOCOLS, EditDomainAlias from baruwa.forms.domains import AddDomainAlias, AddRadiusSettingsForm from baruwa.lib.audit.msgs.domains import * log = logging.getLogger(__name__) @ControllerProtector(All(not_anonymous(), OnlyAdminUsers())) class DomainsController(BaseController): def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None c.selectedtab = 'domains' def _get_server(self, destinationid): "utility" try: cachekey = u'deliveryserver-%s' % destinationid q = Session.query(DeliveryServer)\
class ReportsController(BaseController): @ActionProtector(not_anonymous()) def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None c.selectedtab = 'reports' def __after__(self): "Clean up" if hasattr(self, 'imgfile'): self.imgfile.close() def _get_filter(self, filterid): "utility to return filter object" try: cachekey = u'filter-%s' % filterid q = Session.query(SavedFilter).filter(SavedFilter.id==filterid)\ .options(FromCache('sql_cache_short', cachekey)) if self.invalidate: q.invalidate() savedfilter = q.one() except NoResultFound: savedfilter = None return savedfilter def _save_filter(self, filt): "utility to save filters to session" if not session.get('filter_by', False): session['filter_by'] = [] session['filter_by'].append(filt) session.save() else: if not filt in session['filter_by']: session['filter_by'].append(filt) session.save() def _png(self, data, reportid): "PNG" if int(reportid) == 11: chart = build_barchart(data) elif int(reportid) == 9: chart = build_spam_chart(data) else: piedata = [getattr(row, REPORTS[reportid]['sort']) for row in data] total = sum(piedata) labels = [("%.1f%%" % ( (1.0 * getattr(row, REPORTS[reportid]['sort']) / total) * 100)) for row in data] chart = PieChart(350, 284) chart.chart.labels = labels chart.chart.data = piedata chart.chart.width = 200 chart.chart.height = 200 chart.chart.x = 90 chart.chart.y = 30 chart.chart.slices.strokeWidth = 1 chart.chart.slices.strokeColor = colors.black self.imgfile = StringIO() renderPM.drawToFile(chart, self.imgfile, 'PNG', bg=colors.HexColor('#FFFFFF')) def _csv(self, data): "output to csv" try: self.csvfile = StringIO() head = data[0] format = head.keys() csvwriter = CSVWriter(self.csvfile, format) csvwriter.writeasobj(data) except IndexError: pass def _generate_png(self, data, reportid): "Generate PNG images on the fly" lock.acquire() try: self._png(data, reportid) response.content_type = 'image/png' response.headers['Cache-Control'] = 'max-age=0' pngdata = self.imgfile.getvalue() response.headers['Content-Length'] = len(pngdata) except: abort(404) finally: self.imgfile.close() lock.release() return pngdata def _generate_csv(self, data, reportid): "Generate CSV files on the fly" lock.acquire() try: self._csv(data) response.content_type = 'text/csv' response.headers['Cache-Control'] = 'max-age=0' csvdata = self.csvfile.getvalue() disposition = ('attachment; filename=%s.csv' % REPORTS[reportid]['title'].replace(' ', '_')) response.headers['Content-Disposition'] = disposition response.headers['Content-Length'] = len(csvdata) except: abort(404) finally: self.csvfile.close() lock.release() return csvdata def _generate_pdf(self, data, reportid): "Generate PDF's on the fly" logo = os.path.join(config['pylons.paths']['static_files'], 'imgs', 'logo.png') lock.acquire() try: pdfcreator = PDFReport(logo, _('Baruwa mail report')) sortby = REPORTS[reportid]['sort'] if reportid in ['1', '2', '3', '4', '5', '6', '7', '8', '10']: pieheadings = ('', _('Address'), _('Count'), _('Volume'), '') pdfcreator.add(data, REPORTS[reportid]['title'], pieheadings, sortby) if reportid == '11': totalsheaders = dict(date=_('Date'), mail=_('Mail totals'), spam=_('Spam totals'), virus=_('Virus totals'), volume=_('Mail volume'), totals=_('Totals')) pdfcreator.add(data, _('Message Totals'), totalsheaders, chart='bar') response.headers['Content-Type'] = PDF_HEADER disposition = ('attachment; filename=%s.pdf' % REPORTS[reportid]['title'].replace(' ', '_')) response.headers['Content-Disposition'] = disposition pdfdata = pdfcreator.build() response.headers['Content-Length'] = len(pdfdata) finally: lock.release() return pdfdata # def _get_count(self): # "Get message count" # countq = MsgCount(Session, c.user) # return countq() def _get_data(self, format=None, success=None, errors=None): "Get report data" filters = session.get('filter_by', []) query = Session.query( func.max(Message.timestamp).label('oldest'), func.min(Message.timestamp).label('newest')) uquery = UserFilter(Session, c.user, query) query = uquery.filter() # count = self._get_count() countq = MsgCount(Session, c.user) count = countq() cachekey = u'savedfilters-%s' % c.user.username sfq = Session.query(SavedFilter)\ .filter(SavedFilter.user == c.user)\ .options(FromCache('sql_cache_short', cachekey)) if self.invalidate: sfq.invalidate() savedfilters = sfq.all() if filters: dynq = DynaQuery(Message, query, filters) query = dynq.generate() dcountq = Session.query(func.count(Message.id).label('count')) dcountqi = UserFilter(Session, c.user, dcountq) dcountq = dcountqi.filter() dyncq = DynaQuery(Message, dcountq, filters) dcountq = dyncq.generate() dcount = dcountq.one() count = dcount.count cachekey = u'report-aggregates-%s' % c.user.username query = query.options(FromCache('sql_cache_short', cachekey)) if self.invalidate: query.invalidate() data = query.all() saved_filters = [ processfilters(filt, filters) for filt in savedfilters ] if format is None: return data, count, filters, saved_filters else: if format == 'json': data = data[0] filterdict = dict(FILTER_ITEMS) filterbydict = dict(FILTER_BY) active_filters = [ dict(filter_field=filterdict[filt['field']], filter_by=filterbydict[filt['filter']], filter_value=filt['value']) for filt in filters ] try: newest = data.newest.strftime("%Y-%m-%d %H:%M") oldest = data.oldest.strftime("%Y-%m-%d %H:%M") except AttributeError: newest = '' oldest = '' datadict = dict(count=count, newest=newest, oldest=oldest) jsondata = dict(success=success, data=datadict, errors=errors, active_filters=active_filters, saved_filters=saved_filters) return jsondata def index(self, format=None): "Index page" c.form = FilterForm(request.POST, csrf_context=session) errors = '' success = True if request.POST and c.form.validate(): fitem = dict(field=c.form.filtered_field.data, filter=c.form.filtered_by.data, value=c.form.filtered_value.data) self._save_filter(fitem) elif request.POST and not c.form.validate(): success = False key = c.form.errors.keys() errors = dict(field=key[0], msg=', '.join(c.form.errors[key[0]])) if success: self.invalidate = True if format == 'json': response.headers['Content-Type'] = JSON_HEADER jsondata = self._get_data(format, success, errors) return json.dumps(jsondata) data, count, filters, saved_filters = self._get_data() c.data = data c.count = count c.active_filters = filters c.saved_filters = saved_filters c.FILTER_BY = FILTER_BY c.FILTER_ITEMS = FILTER_ITEMS return render('/reports/index.html') def display(self, reportid, format=None): "Display a report" c.report_title = REPORTS[reportid]['title'] filters = session.get('filter_by', []) if reportid in ['1', '2', '3', '4', '5', '6', '7', '8', '10']: rquery = ReportQuery(c.user, reportid, filters) query = rquery() cachekey = u'reportquery-%s-%s' % (c.user.username, reportid) query = query.options(FromCache('sql_cache_short', cachekey)) data = query[:10] if format == 'png': return self._generate_png(data, reportid) if format == 'csv': info = REPORTDL_MSG % dict(r=c.report_title, f='csv') audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return self._generate_csv(data, reportid) jsondata = [ dict(tooltip=getattr(item, 'address'), y=getattr(item, REPORTS[reportid]['sort']), stroke='black', color=PIE_COLORS[index], size=getattr(item, 'size')) for index, item in enumerate(data) ] template = '/reports/piereport.html' if reportid == '9': query = sa_scores(Session, c.user) if filters: dynq = DynaQuery(Message, query, filters) query = dynq.generate() cachekey = u'sascores-%s' % c.user.username query = query.options(FromCache('sql_cache_short', cachekey)) data = query.all() if format == 'json': scores = [] counts = [] for row in data: scores.append( dict(value=int(row.score), text=str(row.score))) counts.append( dict(y=int(row.count), tooltip=(_('Score ') + str(row.score) + ': ' + str(row.count)))) jsondata = dict(scores=scores, count=counts) elif format == 'png': return self._generate_png(data, reportid) else: jsondata = {} jsondata['labels'] = [{ 'value': index + 1, 'text': str(item.score) } for index, item in enumerate(data)] jsondata['scores'] = [item.count for item in data] template = '/reports/barreport.html' if reportid == '10': if format == 'json': data = [[ item.address.strip(), get_hostname(item.address.strip()), country_flag(item.address.strip()), item.count, format_byte_size(item.size) ] for item in data] template = '/reports/relays.html' if reportid == '11': query = message_totals(Session, c.user) if filters: dynq = DynaQuery(Message, query, filters) query = dynq.generate() cachekey = u'msgtotals-%s' % c.user.username query = query.options(FromCache('sql_cache_short', cachekey)) data = query.all() if format == 'png': return self._generate_png(data, reportid) elif format == 'json': dates = [] mail_total = [] spam_total = [] size_total = [] virus_total = [] for row in data: dates.append(str(row.date)) mail_total.append(int(row.mail_total)) spam_total.append(int(row.spam_total)) virus_total.append(int(row.virus_total)) size_total.append(int(row.total_size)) jsondata = dict( dates=[ dict(value=index + 1, text=date) for index, date in enumerate(dates) ], mail=[ dict(y=total, tooltip=(_('Mail totals on ') + dates[index] + ': ' + str(total))) for index, total in enumerate(mail_total) ], spam=[ dict(y=total, tooltip=(_('Spam totals on ') + dates[index] + ': ' + str(total))) for index, total in enumerate(spam_total) ], virii=[ dict(y=total, tooltip=(_('Virus totals on ') + dates[index] + ': ' + str(total))) for index, total in enumerate(virus_total) ], volume=size_total, mail_total=sum(mail_total), spam_total=sum(spam_total), virus_total=sum(virus_total), volume_total=sum(size_total)) try: vpct = "%.1f" % ( (1.0 * sum(virus_total) / sum(mail_total)) * 100) spct = "%.1f" % ( (1.0 * sum(spam_total) / sum(mail_total)) * 100) except ZeroDivisionError: vpct = "0.0" spct = "0.0" jsondata['vpct'] = vpct jsondata['spct'] = spct data = [ dict(date=str(row.date), mail_total=row.mail_total, spam_total=row.spam_total, virus_total=row.virus_total, size_total=format_byte_size(row.total_size), virus_percent="%.1f" % ((1.0 * int(row.virus_total) / int(row.mail_total)) * 100), spam_percent="%.1f" % ((1.0 * int(row.spam_total) / int(row.mail_total)) * 100)) for row in data ] elif format == 'csv': info = REPORTDL_MSG % dict(r=c.report_title, f='csv') audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return self._generate_csv(data, reportid) else: jsondata = dict(mail=[], spam=[], virus=[], volume=[], labels=[]) for index, item in enumerate(data): jsondata['spam'].append(item.spam_total) jsondata['mail'].append(item.mail_total) jsondata['virus'].append(item.virus_total) jsondata['volume'].append(item.total_size) jsondata['labels'].append( dict(text=str(item.date), value=index)) template = '/reports/listing.html' if format == 'json': response.headers['Content-Type'] = JSON_HEADER return json.dumps(dict(items=list(data), pie_data=jsondata)) if format == 'pdf' and reportid != '9': info = REPORTDL_MSG % dict(r=c.report_title, f='pdf') audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return self._generate_pdf(data, reportid) c.reportid = reportid c.chart_data = json.dumps(jsondata) c.top_items = data c.active_filters = filters c.saved_filters = [] c.FILTER_BY = FILTER_BY c.FILTER_ITEMS = FILTER_ITEMS c.form = FilterForm(request.POST, csrf_context=session) info = REPORTVIEW_MSG % dict(r=c.report_title) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return render(template) def delete(self, filterid, format=None): "Delete a temp filter" filters = session.get('filter_by', []) errors = {} success = True try: del filters[int(filterid)] except IndexError: msg = _("The filter does not exist") if format != 'json': flash_alert(msg) errors = dict(msg=msg) success = False if format == 'json': response.headers['Content-Type'] = JSON_HEADER if not errors: self.invalidate = True return json.dumps(self._get_data(format, success, errors)) flash(_("The filter has been removed")) redirect(url(controller='reports')) def save(self, filterid, format=None): "Save a temp filter" filters = session.get('filter_by', []) try: filt = filters[int(filterid)] filteritems = dict(FILTER_ITEMS) filterby = dict(FILTER_BY) saved = SavedFilter(name="%s %s %s" % (filteritems[filt["field"]], filterby[filt["filter"]], filt["value"]), field=filt["field"], option=filt["filter"], user=c.user) saved.value = filt["value"] Session.add(saved) Session.commit() success = True error_msg = '' self.invalidate = True except IndexError: success = False error_msg = _("The filter does not exist") except IntegrityError: success = False error_msg = _("The filter already exists") Session.rollback() if format == 'json': response.headers['Content-Type'] = JSON_HEADER errors = dict(msg=error_msg) return json.dumps(self._get_data(format, success, errors)) if success: flash(_("The filter has been saved")) else: flash(error_msg) redirect(url('toplevel', controller='reports')) def load(self, filterid, format=None): "Load a saved filter" savedfilter = self._get_filter(filterid) if not savedfilter: abort(404) filt = dict(filter=str(savedfilter.option), field=savedfilter.field, value=savedfilter.value) self._save_filter(filt) if format == 'json': response.headers['Content-Type'] = JSON_HEADER self.invalidate = True return json.dumps(self._get_data(format, True, {})) redirect(url('toplevel', controller='reports')) def delete_stored(self, filterid, format=None): "Delete a saved dilter" savedfilter = self._get_filter(filterid) if not savedfilter: abort(404) Session.delete(savedfilter) Session.commit() if format == 'json': response.headers['Content-Type'] = JSON_HEADER self.invalidate = True return json.dumps(self._get_data(format, True, {})) flash(_("The filter has been deleted")) redirect(url('toplevel', controller='reports')) def show_filters(self): "Show filters" filters = session.get('filter_by', []) c.active_filters = filters c.FILTER_BY = FILTER_BY c.FILTER_ITEMS = FILTER_ITEMS return render('/reports/show_filters.html') def add_filters(self): "Show form" c.form = FilterForm(request.POST, csrf_context=session) return render('/reports/add_filters.html')
class AccountsController(BaseController): "Accounts controller" def __before__(self): "set context" BaseController.__before__(self) if self.identity: c.user = self.identity['user'] else: c.user = None c.selectedtab = 'accounts' def login(self): "login" if request.remote_addr in session: if session[request.remote_addr] > arrow.utcnow().datetime: msg = _('You have been banned after' ' several failed logins') log.info(msg) abort(409, msg) else: del session[request.remote_addr] session.save() identity = request.environ.get('repoze.who.identity') came_from = unquote(str(request.GET.get('came_from', ''))) if not came_from or ' ' in came_from: came_from = url('home') if '://' in came_from: from_url = urlparse(came_from) came_from = from_url[2] if identity: redirect(url(came_from)) else: c.came_from = came_from c.login_counter = request.environ['repoze.who.logins'] if c.login_counter >= 3: ban_until = arrow.utcnow().datetime + timedelta(minutes=5) if request.remote_addr not in session: session[request.remote_addr] = ban_until session.save() else: if arrow.utcnow().datetime > session[request.remote_addr]: del session[request.remote_addr] session.save() c.form = ResetPwForm(request.POST, csrf_context=session) return self.render('/accounts/login.html') def loggedin(self): "Landing page" came_from = (unquote(str(request.params.get('came_from', ''))) or url('/')) if not self.identity: if 'repoze.who.logins' in request.environ: login_counter = request.environ['repoze.who.logins'] + 1 else: abort(409) redirect( url('/accounts/login', came_from=came_from, __logins=login_counter)) userid = self.identity['repoze.who.userid'] user = self.identity['user'] if user is None: try: user, local_part, domain, domains = add_user(userid) msg = _('First time Login from external auth,' ' your local account was created') user_address_update(user, local_part, domain, domains, self.identity) except IntegrityError: Session.rollback() redirect(url('/logout')) except ldap.LDAPError: pass else: if not user.active: redirect(url('/logout')) msg = _('Login successful, Welcome back %(username)s !' % dict(username=userid)) update_login(user) if user.is_peleb: for domain in user.domains: if check_language(domain.language): session['lang'] = domain.language session.save() break session['taskids'] = [] session.save() info = auditmsgs.ACCOUNTLOGIN_MSG % dict(u=user.username) audit_log(user.username, 6, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) flash(msg) log.info(msg) redirect(url(came_from)) # pylint: disable-msg=R0201 def loggedout(self): "Logged out page" session.clear() if 'theme' in session: del session['theme'] session.save() came_from = (unquote(str(request.params.get('came_from', ''))) or url('/accounts/login')) redirect(url(came_from)) def passwdreset(self): """Render password reset page""" c.came_from = '/' c.login_counter = 0 c.form = ResetPwForm(request.POST, csrf_context=session) if request.method == 'POST' and c.form.validate(): key_seed = '%s%s' % (c.form.email.data, arrow.utcnow().ctime()) token = hashlib.sha1(key_seed).hexdigest() user = Session.query(User)\ .filter(User.email == c.form.email.data)\ .one() if not user.local: flash( _('The account %s is an external account, use your' ' External systems to change the password. ' 'Contact your system adminstrator if you do not ' 'know which external systems you authenticate to') % user.email) redirect(url('/accounts/login')) rtoken = Session\ .query(ResetToken.used)\ .filter(ResetToken.used == false())\ .filter(ResetToken.user_id == user.id)\ .all() if not rtoken: rtoken = ResetToken(token, user.id) Session.add(rtoken) Session.commit() host = URL_PREFIX_RE.sub('', request.host_url) c.username = user.username c.firstname = user.firstname or user.username c.reset_url = url('accounts-pw-token-reset', token=token, host=host) text = self.render('/email/pwreset.txt') mailer = Mailer(get_conf_options(config)) mailer.start() sdrnme = config.get('baruwa.custom.name', 'Baruwa') email = Msg(author=[(sdrnme, config.get('baruwa.reports.sender'))], to=[('', c.form.email.data)], subject=_("[%s] Password reset request") % sdrnme) email.plain = text mailer.send(email) mailer.stop() flash( _('An email has been sent to the address provided, ' 'please follow the instructions in that email to ' 'reset your password.')) redirect(url('/accounts/login')) return self.render('/accounts/login.html') def pwtokenreset(self, token): """Reset password using token""" try: token = Session.query(ResetToken)\ .filter(ResetToken.token == token)\ .filter(ResetToken.used == false()).one() threshold = token.timestamp + timedelta(minutes=20) if arrow.utcnow().datetime > threshold: Session.delete(token) Session.commit() raise NoResultFound user = self._get_user(token.user_id) if not user or user.is_superadmin: raise NoResultFound passwd = mkpasswd() user.set_password(passwd) Session.add(user) Session.delete(token) Session.commit() c.passwd = passwd c.firstname = user.firstname or user.username text = self.render('/email/pwchanged.txt') mailer = Mailer(get_conf_options(config)) mailer.start() sdrnme = config.get('baruwa.custom.name', 'Baruwa') email = Msg(author=[(sdrnme, config.get('baruwa.reports.sender'))], to=[('', user.email)], subject=_("[%s] Password reset") % sdrnme) email.plain = text mailer.send(email) mailer.stop() flash( _('The password has been reset, check your email for' ' the temporary password you should use to login.')) except NoResultFound: msg = _('The token used is invalid or does not exist') flash_alert(msg) log.info(msg) redirect(url('/accounts/login')) @ActionProtector(All(not_anonymous(), OnlyAdminUsers(), CanAccessAccount())) def pwchange(self, userid): """Reset a user password""" user = self._get_user(userid) if not user: abort(404) c.form = ChangePasswordForm(request.POST, csrf_context=session) if request.method == 'POST' and c.form.validate(): if user.local and not user.is_superadmin: change_user_pw(user, c.user, c.form.password1.data, request.host, request.remote_addr) msg = _('The account password for %(name)s has been reset') \ % dict(name=user.username) flash(msg) else: if user.is_superadmin: flash(_('Admin accounts can not be modified via the web')) else: flash( _('This is an external account, use' ' external system to reset the password')) redirect(url('account-detail', userid=user.id)) c.id = userid c.username = user.username c.posturl = 'accounts-pw-change' return self.render('/accounts/pwchange.html') @ActionProtector(not_anonymous()) def upwchange(self, userid): """User change own password""" user = self._get_user(userid) if not user: abort(404) if user.id != c.user.id or c.user.is_superadmin: abort(403) c.form = UserPasswordForm(request.POST, csrf_context=session) if (request.method == 'POST' and c.form.validate() and user.validate_password(c.form.password3.data)): if user.local: user.set_password(c.form.password1.data) Session.add(user) Session.commit() flash( _('The account password for %(name)s has been reset') % dict(name=user.username)) info = auditmsgs.PASSWORDCHANGE_MSG % dict(u=user.username) audit_log(c.user.username, 2, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) else: flash( _('This is an external account, use' ' external system to reset the password')) redirect(url('account-detail', userid=user.id)) elif (request.method == 'POST' and not user.validate_password(c.form.password3.data) and not c.form.password3.errors): flash_alert( _('The old password supplied does' ' not match our records')) c.id = userid c.username = user.username c.posturl = 'accounts-pw-uchange' return self.render('/accounts/pwchange.html') # pylint: disable-msg=W0622 @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def index(self, page=1, orgid=None, domid=None, format=None): """GET /accounts/: Paginate items in the collection""" num_items = session.get('accounts_num_items', 10) c.form = BulkDelUsers(request.POST, csrf_context=session) if request.method == 'POST': if c.form.accountid.data and \ str(c.user.id) in c.form.accountid.data: c.form.accountid.data.remove(str(c.user.id)) if c.form.accountid.data and c.form.whatdo.data == 'disable': Session.query(User)\ .filter(User.id.in_(c.form.accountid.data))\ .update({'active': False}, synchronize_session='fetch') Session.commit() if c.form.accountid.data and c.form.whatdo.data == 'enable': Session.query(User)\ .filter(User.id.in_(c.form.accountid.data))\ .update({'active': True}, synchronize_session='fetch') Session.commit() if c.form.accountid.data and c.form.whatdo.data == 'delete': session['bulk_account_delete'] = c.form.accountid.data session.save() # redirect for confirmation redirect(url('accounts-confirm-delete')) users = Session.query(User.id, User.username, User.firstname, User.lastname, User.email, User.active, User.local, User.account_type).order_by(User.id) usrcount = Session.query(User.id) if c.user.is_domain_admin: users = users.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) usrcount = usrcount.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) if domid: users = users.filter( and_(domain_users.c.domain_id == domid, domain_users.c.user_id == User.id)) usrcount = usrcount.filter( and_(domain_users.c.domain_id == domid, domain_users.c.user_id == User.id)) if orgid: users = users.filter( and_( domain_users.c.user_id == User.id, domain_users.c.domain_id == dom_owns.c.domain_id, dom_owns.c.organization_id == orgid, )) usrcount = usrcount.filter( and_( domain_users.c.user_id == User.id, domain_users.c.domain_id == dom_owns.c.domain_id, dom_owns.c.organization_id == orgid, )) users = users.distinct(User.id) usrcount = usrcount.distinct(User.id) pages = paginate.Page(users, page=int(page), items_per_page=num_items, item_count=usrcount.count()) if format == 'json': response.headers['Content-Type'] = 'application/json' data = convert_acct_to_json(pages, orgid) return data c.page = pages c.domid = domid c.orgid = orgid return self.render('/accounts/index.html') # pylint: disable-msg=R0914,W0142,W0613 @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def search(self, format=None): "Search for accounts" total_found = 0 search_time = 0 num_items = session.get('accounts_num_items', 10) qry = request.GET.get('q', '') doms = request.GET.get('d', None) kwds = {'presliced_list': True} page = int(request.GET.get('p', 1)) conn = SphinxClient() sphinxopts = extract_sphinx_opts(config['sphinx.url']) conn.SetServer(sphinxopts.get('host', '127.0.0.1')) conn.SetMatchMode(SPH_MATCH_EXTENDED2) conn.SetFieldWeights( dict(username=50, email=30, firstname=10, lastname=10)) if page == 1: conn.SetLimits(0, num_items, 500) else: page = int(page) offset = (page - 1) * num_items conn.SetLimits(offset, num_items, 500) if doms: conn.SetFilter('domains', [ int(doms), ]) if c.user.is_domain_admin: # crcs = get_dom_crcs(Session, c.user) domains = Session.query(Domain.id).join(dom_owns, (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) conn.SetFilter('domains', [domain[0] for domain in domains]) qry = clean_sphinx_q(qry) try: results = conn.Query(qry, 'accounts, accounts_rt') except (socket.timeout, struct.error): redirect(request.path_qs) qry = restore_sphinx_q(qry) if results and results['matches']: ids = [hit['id'] for hit in results['matches']] total_found = results['total_found'] search_time = results['time'] users = Session.query(User.id, User.username, User.firstname, User.lastname, User.email, User.active, User.local, User.account_type)\ .filter(User.id.in_(ids))\ .order_by(User.id)\ .all() usercount = total_found else: users = [] usercount = 0 c.q = qry c.d = doms c.total_found = total_found c.search_time = search_time c.page = paginate.Page(users, page=int(page), items_per_page=num_items, item_count=usercount, **kwds) return self.render('/accounts/searchresults.html') @ActionProtector(All(not_anonymous(), CanAccessAccount())) def detail(self, userid): """GET /accounts/userid/ Show a specific item""" user = self._get_user(userid) if not user: abort(404) c.account = user return self.render('/accounts/account.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def add(self): """/accounts/new""" c.form = user_add_form(c.user, request.POST, session) if request.method == 'POST' and c.form.validate(): try: user = create_user(c.form, c.user.username, request.host, request.remote_addr) flash( _('The account: %(user)s was created successfully') % {'user': user.username}) redirect(url('account-detail', userid=user.id)) except IntegrityError: Session.rollback() flash_alert( _('Either the username or email address already exist')) return self.render('/accounts/new.html') @ActionProtector(All(not_anonymous(), CanAccessAccount())) def edit(self, userid): """GET /accounts/edit/id: Form to edit an existing item""" user = self._get_user(userid) if not user: abort(404) c.form = user_update_form(user, c.user, request.POST, session) if request.method == 'POST' and c.form.validate(): kwd = dict(userid=user.id) if update_changed(c.form, FORM_FIELDS, user): try: update_user(user, c.user, request.host, request.remote_addr) flash(_('The account has been updated')) kwd['uc'] = 1 except IntegrityError: Session.rollback() flash_alert( _('The account: %(acc)s could not be updated') % dict(acc=user.username)) if (user.id == c.user.id and c.form.active and c.form.active.data is False): redirect(url('/logout')) else: flash_info(_('No changes made to the account')) redirect(url(controller='accounts', action='detail', **kwd)) c.fields = FORM_FIELDS c.id = userid return self.render('/accounts/edit.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers(), CanAccessAccount())) def delete(self, userid): """/accounts/delete/id""" user = self._get_user(userid) if not user: abort(404) c.form = EditUserForm(request.POST, user, csrf_context=session) del c.form.domains if request.method == 'POST': if c.form.validate(): delete_user(user, c.user, request.host, request.remote_addr) flash(_('The account has been deleted')) redirect(url(controller='accounts', action='index')) else: flash_info( _('The account: %(a)s and all associated data' ' will be deleted, This action is not reversible.') % dict(a=user.username)) c.fields = FORM_FIELDS c.id = userid return self.render('/accounts/delete.html') @ActionProtector(not_anonymous()) def confirm_delete(self): "Confirm mass delete" accountids = session.get('bulk_account_delete', []) if not accountids: redirect(url(controller='accounts', action='index')) num_items = 10 if len(accountids) > num_items and len(accountids) <= 20: num_items = 20 if len(accountids) > num_items and len(accountids) <= 50: num_items = 50 if len(accountids) > num_items and len(accountids) <= 100: num_items = 100 users = Session.query(User).filter(User.id.in_(accountids)) usrcount = Session.query(User.id) if c.user.is_domain_admin and usrcount: users = users.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) usrcount = usrcount.join(domain_users, (dom_owns, domain_users.c.domain_id == dom_owns.c.domain_id), (oas, dom_owns.c.organization_id == oas.c.organization_id))\ .filter(oas.c.user_id == c.user.id) if request.method == 'POST': tasks = [] # try: for account in users.all(): info = auditmsgs.DELETEACCOUNT_MSG % dict(u=account.username) Session.delete(account) tasks.append([ c.user.username, 4, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime ]) Session.commit() del session['bulk_account_delete'] session.save() backend_user_update(None, True) for task in tasks: audit_log(*task) flash(_('The accounts have been deleted')) redirect(url(controller='accounts')) else: flash( _('The following accounts are about to be deleted,' ' this action is not reversible, Do you wish to ' 'continue ?')) try: c.page = paginate.Page(users, page=1, items_per_page=num_items, item_count=usrcount.count()) except DataError: msg = _('An error occured try again') flash_alert(msg) log.info(msg) redirect(url(controller='accounts', action='index')) return self.render('/accounts/confirmbulkdel.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers(), CanAccessAccount())) def addaddress(self, userid): "Add address" user = self._get_user(userid) if not user: abort(404) c.form = AddressForm(request.POST, csrf_context=session) if request.method == 'POST' and c.form.validate(): try: addr = create_address(c.form, user, c.user, request.host, request.remote_addr) flash( _('The alias address %(address)s was successfully created.' % dict(address=addr.address))) except IntegrityError: Session.rollback() msg = _('The address %(addr)s already exists') % \ dict(addr=c.form.address.data) flash_alert(msg) log.info(msg) except NoResultFound: domain = c.form.address.data.split('@')[1] msg = _('Domain: %(d)s does not belong to you') % \ dict(d=domain) flash(msg) log.info(msg) redirect(url(controller='accounts', action='detail', userid=userid)) c.id = userid return self.render('/accounts/addaddress.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers(), CanAccessAccount())) def editaddress(self, addressid): "Edit address" address = get_address(addressid) if not address: abort(404) c.form = AddressForm(request.POST, address, csrf_context=session) if request.method == 'POST' and c.form.validate(): try: if (address.address != c.form.address.data or address.enabled != c.form.enabled.data): update_address(c.form, address, c.user, request.host, request.remote_addr) flash(_('The alias address has been updated')) else: flash_info(_('No changes were made to the address')) except IntegrityError: Session.rollback() msg = _('The address %(addr)s already exists') % \ dict(addr=c.form.address.data) flash_alert(msg) log.info(msg) except NoResultFound: domain = c.form.address.data.split('@')[1] msg = _('Domain: %(d)s does not belong to you') % \ dict(d=domain) flash(msg) log.info(msg) redirect( url(controller='accounts', action='detail', userid=address.user_id)) c.id = addressid c.userid = address.user_id return self.render('/accounts/editaddress.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers(), CanAccessAccount())) def deleteaddress(self, addressid): "Delete address" address = get_address(addressid) if not address: abort(404) c.form = AddressForm(request.POST, address, csrf_context=session) if request.method == 'POST' and c.form.validate(): user_id = delete_address(address, c.user, request.host, request.remote_addr) flash(_('The address has been deleted')) redirect( url(controller='accounts', action='detail', userid=user_id)) c.id = addressid c.userid = address.user_id return self.render('/accounts/deleteaddress.html') def set_language(self): "Set the language" nextpage = request.params.get('next', None) if not nextpage: nextpage = request.headers.get('Referer', None) if not nextpage: nextpage = '/' if '://' in nextpage: from_url = urlparse(nextpage) nextpage = from_url[2] lang_code = request.params.get('language', None) if lang_code and check_language(lang_code): session['lang'] = lang_code session.save() params = [] for param in request.params: if param not in ['language', 'amp']: value = request.params[param] if value: if (param == 'came_from' and '://' in urllib2.unquote(value)): urlparts = urlparse(urllib2.unquote(value)) value = urlparts[2] or '/' params.append('%s=%s' % (urllib2.quote(param), urllib2.quote(value))) if 'lc=1' not in params: params.append('lc=1') if params: nextpage = "%s?%s" % (nextpage, '&'.join(params)) redirect(nextpage) @ActionProtector(All(not_anonymous(), OwnsDomain())) def import_accounts(self, domainid): "import accounts" try: cachekey = u'domain-%s' % domainid domain = Session.query(Domain.id, Domain.name)\ .filter(Domain.id == domainid)\ .options(FromCache('sql_cache_med', cachekey)).one() except NoResultFound: abort(404) c.form = ImportCSVForm(request.POST, csrf_context=session) if request.method == 'POST' and c.form.validate(): basedir = config['pylons.cache_dir'] csvdata = request.POST['csvfile'] if hasattr(csvdata, 'filename'): dstfile = os.path.join(basedir, 'uploads', csvdata.filename.lstrip(os.sep)) if not os.path.exists(dstfile) and iscsv(csvdata.file): csvfile = open(dstfile, 'w') shutil.copyfileobj(csvdata.file, csvfile) csvdata.file.close() csvfile.close() task = importaccounts.apply_async(args=[ domainid, dstfile, c.form.skipfirst.data, c.user.id ]) session['taskids'].append(task.task_id) session['acimport-count'] = 1 session['acimport-file'] = dstfile session.save() msg = _('File uploaded, and is being processed, this page' ' will automatically refresh to show the status') flash(msg) log.info(msg) redirect(url('accounts-import-status', taskid=task.task_id)) else: filename = csvdata.filename.lstrip(os.sep) if not iscsv(csvdata.file): msg = _('The file: %s is not a CSV file') % filename flash_alert(msg) log.info(msg) else: msg = _('The file: %s already exists and' ' is being processed.') % filename flash_alert(msg) log.info(msg) csvdata.file.close() else: msg = _('No CSV was file uploaded, try again') flash_alert(msg) log.info(msg) c.domain = domain return self.render('/accounts/importaccounts.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def import_status(self, taskid): "import status" result = AsyncResult(taskid) if result is None or taskid not in session['taskids']: msg = _('The task status requested has expired or does not exist') flash(msg) log.info(msg) redirect(url(controller='accounts', action='index')) if result.ready(): finished = True flash.pop_messages() if isinstance(result.result, Exception): if c.user.is_superadmin: msg = _('Error occured in processing %s') % result.result flash_alert(msg) log.info(msg) else: flash_alert(_('Backend error occured during processing.')) redirect(url(controller='accounts')) backend_user_update(None, True) audit_log(c.user.username, 3, unicode(auditmsgs.ACCOUNTIMPORT_MSG), request.host, request.remote_addr, arrow.utcnow().datetime) else: session['acimport-count'] += 1 if (session['acimport-count'] >= 10 and result.state in ['PENDING', 'RETRY', 'FAILURE']): result.revoke() try: os.unlink(session['acimport-file']) except OSError: pass del session['acimport-count'] session.save() msg = _('The import could not be processed,' ' try again later') flash_alert(msg) log.info(msg) redirect(url(controller='accounts')) finished = False c.finished = finished c.results = result.result c.success = result.successful() return self.render('/accounts/importstatus.html') @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def export_accounts(self, domainid=None, orgid=None): "export domains" task = exportaccounts.apply_async(args=[domainid, c.user.id, orgid]) if 'taskids' not in session: session['taskids'] = [] session['taskids'].append(task.task_id) session['acexport-count'] = 1 session.save() msg = _('Accounts export is being processed') flash(msg) log.info(msg) redirect(url('accounts-export-status', taskid=task.task_id)) @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def export_status(self, taskid): "export status" result = AsyncResult(taskid) if result is None or taskid not in session['taskids']: msg = _('The task status requested has expired or does not exist') flash(msg) log.info(msg) redirect(url(controller='accounts', action='index')) if result.ready(): finished = True flash.pop_messages() if isinstance(result.result, Exception): msg = _('Error occured in processing %s') % result.result if c.user.is_superadmin: flash_alert(msg) log.info(msg) else: flash_alert(_('Backend error occured during processing.')) log.info(msg) redirect(url(controller='accounts', action='index')) results = dict( f=True if not result.result['global_error'] else False, id=taskid, global_error=result.result['global_error']) audit_log(c.user.username, 5, unicode(auditmsgs.ACCOUNTEXPORT_MSG), request.host, request.remote_addr, arrow.utcnow().datetime) else: try: session['acexport-count'] += 1 except KeyError: session['acexport-count'] = 1 session.save() if (session['acexport-count'] >= 10 and result.state in ['PENDING', 'RETRY', 'FAILURE']): result.revoke() del session['acexport-count'] session.save() msg = _('The export could not be processed, try again later') flash_alert(msg) log.info(msg) redirect(url(controller='accounts', action='index')) finished = False results = dict(f=None, global_error=None) c.finished = finished c.results = results c.success = result.successful() dwn = request.GET.get('d', None) if finished and (dwn and dwn == 'y'): response.content_type = 'text/csv' response.headers['Cache-Control'] = 'max-age=0' csvdata = result.result['f'] disposition = 'attachment; filename=accounts-export-%s.csv' % \ taskid response.headers['Content-Disposition'] = str(disposition) response.headers['Content-Length'] = len(csvdata) return csvdata return self.render('/accounts/exportstatus.html') # pylint: disable-msg=R0201,W0613 @ActionProtector(All(not_anonymous(), OnlyAdminUsers())) def setnum(self, format=None): "Set number of account items returned" num = check_num_param(request) if num and num in [10, 20, 50, 100]: session['accounts_num_items'] = num session.save() nextpage = request.headers.get('Referer', '/') if '://' in nextpage: from_url = urlparse(nextpage) nextpage = from_url[2] redirect(nextpage)
class FasesGestConfController(CrudRestController): """Controlador de Fases en Desarrollo""" #{ Variables title = u"Fases de proyecto: %s" allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #Subcontrolador lbs = LineaBaseController(DBSession) #{ Modificadores model = Fase table = fases_gestconf_table table_filler = fases_gestconf_table_filler opciones = dict(nombre= u'Nombre', posicion= u'Posición', numero_items= u'Nro. de Ítems', estado= u'Estado', codigo= u'Código' ) columnas = dict(nombre='texto', posicion='entero', numero_items='entero', estado='combobox', codigo='texto' ) comboboxes = dict(estado=Fase.estados_posibles) #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.fases.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ id_proyecto = UrlParser.parse_id(request.url, "proyectos_gestconf") proy = Proyecto.por_id(id_proyecto) titulo = self.title % proy.nombre atras = "../" fases = self.table_filler.get_value(id_proyecto=id_proyecto, **kw) tmpl_context.widget = self.table return dict(lista_elementos=fases, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action='./', puede_crear=False, comboboxes=self.comboboxes, atras=atras ) @without_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.fases.get_all') @expose('json') def post_buscar(self, *args, **kw): """ Controlador que recibe los parámetros de búsqueda para devolver el resultado esperado. """ id_proyecto = UrlParser.parse_id(request.url, "proyectos_gestconf") proy = Proyecto.por_id(id_proyecto) titulo = self.title % proy.nombre atras = "../" buscar_table_filler = FasesGestConfTableFiller(DBSession) buscar_table_filler.filtros = kw fases = buscar_table_filler.get_value(id_proyecto=id_proyecto, **kw) tmpl_context.widget = self.table return dict(lista_elementos=fases, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action='../', puede_crear=False, comboboxes=self.comboboxes, atras=atras ) @expose('lpm.templates.index') def _default(self, *args, **kw): """Maneja las urls no encontradas""" flash(_('Recurso no encontrado'), 'warning') redirect('/') return dict(page='index') @expose() def new(self, *args, **kw): pass @expose() def post_delete(self, id): pass @expose() def post(self, *args, **kw): pass @expose() def edit(self, *args, **kw): pass @expose() def put(self, *args, **kw): pass @expose() def get_one(self, *args, **kw): pass
class FaseController(CrudRestController): """Controlador de Fases""" #{ Variables title = u"Fases de proyecto: %s" allow_only = not_anonymous(u"El usuario debe haber iniciado sesión") #{plantillas #tmp_action = "/proyectos/%d/fases/" #tmp_action_fase = "/proyectos_fase/%d/fases/" #desde submenu fase tmp_action = "./" #Subcontrolador tipositems = TipoItemController(DBSession) miembrosfase = MiembrosFaseController() nomiembrosfase = NoMiembrosFaseController() rolesfase = RolesFaseController(DBSession) #{ Modificadores model = Fase table = fase_table table_filler = fase_table_filler new_form = fase_add_form edit_form = fase_edit_form edit_filler = fase_edit_filler opciones = dict(nombre=u'Nombre', posicion=u'Posición', numero_items=u'Nro. de Ítems', estado=u'Estado', codigo=u'Código') columnas = dict(nombre='texto', posicion='entero', numero_items='entero', estado='combobox', codigo='texto') comboboxes = dict(estado=Fase.estados_posibles) #{ Métodos @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.fases.get_all') @expose('json') def get_all(self, *args, **kw): """ Retorna todos los registros Retorna una página HTML si no se especifica JSON """ id_proyecto = UrlParser.parse_id(request.url, "proyectos") atras = "../" if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") atras = "../../" puede_crear = PoseePermiso( "crear fase", id_proyecto=id_proyecto).is_met(request.environ) proy = Proyecto.por_id(id_proyecto) if proy.estado == "Iniciado": puede_crear = False titulo = self.title % proy.nombre fases = self.table_filler.get_value(id_proyecto=id_proyecto, **kw) tmpl_context.widget = self.table return dict(lista_elementos=fases, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action=self.tmp_action, puede_crear=puede_crear, comboboxes=self.comboboxes, atras=atras) @without_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.fases.get_all') @expose('json') def post_buscar(self, *args, **kw): """ Controlador que recibe los parámetros de búsqueda para devolver el resultado esperado. """ id_proyecto = UrlParser.parse_id(request.url, "proyectos") #action = self.tmp_action % id_proyecto if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") #action = self.tmp_action_fase % id_proyecto puede_crear = PoseePermiso( "crear fase", id_proyecto=id_proyecto).is_met(request.environ) proy = Proyecto.por_id(id_proyecto) if proy.estado == "Iniciado": puede_crear = False titulo = self.title % proy.nombre tmpl_context.widget = self.table buscar_table_filler = FaseTableFiller(DBSession) buscar_table_filler.filtros = kw fases = buscar_table_filler.get_value(id_proyecto=id_proyecto) atras = '../' return dict(lista_elementos=fases, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, url_action="../", puede_crear=puede_crear, comboboxes=self.comboboxes, opciones=self.opciones, atras=atras) @without_trailing_slash @expose('lpm.templates.fases.new') def new(self, *args, **kw): """Display a page to show a new record.""" id_proyecto = UrlParser.parse_id(request.url, "proyectos") atras = "./" if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") atras = "../../" if not id_proyecto: redirect(atras) tmpl_context.widget = self.new_form return dict(value=kw, page="Nueva Fase", atras=atras) @expose() def post_delete(self, id): """Elimina una fase de la bd si el proyecto no está iniciado""" fase = Fase.por_id(id) proy = Proyecto.por_id(fase.id_proyecto) proy.eliminar_fase(id) flash("Fase eliminada") redirect("../") @validate(fase_add_form, error_handler=new) @expose() def post(self, *args, **kw): if "sprox_id" in kw: del kw["sprox_id"] id_proyecto = UrlParser.parse_id(request.url, "proyectos") atras = "./" if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") atras = "../../" proy = Proyecto.por_id(id_proyecto) fase = proy.crear_fase(**kw) #Creamos el rol miembro de fase #plant_m = Rol.obtener_rol_plantilla(nombre_rol=u"Miembro de Fase") #rol_m = Rol.nuevo_rol_desde_plantilla(plantilla=plant_m, # id=fase.id_fase) flash("Fase Creada") redirect(atras) @expose('lpm.templates.fases.edit') def edit(self, *args, **kw): """Despliega una pagina para realizar modificaciones""" id_fase = UrlParser.parse_id(request.url, "fases") fase = Fase.por_id(int(id_fase)) id_proyecto = UrlParser.parse_id(request.url, "proyectos") atras = "./" if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") pp = PoseePermiso('modificar fase', id_fase=id_fase) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect("./") tmpl_context.widget = FaseEditForm(DBSession) value = self.edit_filler.get_value(values={'id_fase': id_fase}) page = u"Modificar Fase: %s" % value["nombre"] return dict(value=value, page=page, atras=atras) @validate(fase_edit_form, error_handler=edit) @expose() def put(self, *args, **kw): """update""" if "sprox_id" in kw: del kw["sprox_id"] id_proyecto = int(kw["id_proyecto"]) id_fase = int(kw["id_fase"]) del kw["id_fase"] pp = PoseePermiso('modificar fase', id_fase=id_fase) if not pp.is_met(request.environ): flash(pp.message % pp.nombre_permiso, 'warning') redirect("../") proy = Proyecto.por_id(id_proyecto) proy.modificar_fase(id_fase, **kw) flash("Fase modificada") redirect("./") @with_trailing_slash @paginate('lista_elementos', items_per_page=5) @expose('lpm.templates.fases.get_all') @expose('json') def get_one(self, *args, **kw): id_proyecto = UrlParser.parse_id(request.url, "proyectos") action = "./" atras = '../' if not id_proyecto: id_proyecto = UrlParser.parse_id(request.url, "proyectos_fase") atras = "/proyectos_fase/" id_fase = int(args[0]) puede_crear = PoseePermiso( "crear fase", id_proyecto=id_proyecto).is_met(request.environ) proy = Proyecto.por_id(id_proyecto) if proy.estado == "Iniciado": puede_crear = False if pylons.request.response_type == 'application/json': return dict( lista=self.table_filler.get_value(id_fase=id_fase, **kw)) if not getattr(self.table.__class__, ' ', False): fase = self.table_filler.get_value(id_fase=id_fase, **kw) else: fase = [] tmpl_context.widget = self.table titulo = self.title % proy.nombre return dict(lista_elementos=fase, page=titulo, titulo=titulo, modelo=self.model.__name__, columnas=self.columnas, opciones=self.opciones, url_action=action, puede_crear=puede_crear, comboboxes=self.comboboxes, atras=atras)
def not_met_util(self): if not_met(not_anonymous()): return 'You are anonymous' return 'You are not anonymous'