def view(request): if request.unauthenticated_userid is not None: request.session.flash("Already logged in, log out first", 'warning') return HTTPFound(location=request.route_url('home')) if "ok" in request.params: session = DBSession() view_params = {} for field_name in ("user_id", "user_name", "user_email"): if field_name in request.params: view_params[field_name] = request.params[field_name] # check all fields are correct uid = request.params["user_id"] if len(uid) == 0 or not is_good_id(uid): request.session.flash("User id is not a valid id", 'warning') return view_params name = request.params["user_name"] if len(name) == 0 or not is_good_name(name): request.session.flash("Name given is not valid", 'warning') return view_params email = request.params["user_email"] if len(email) == 0 or not is_good_email(email): request.session.flash("Email given is not valid", 'warning') return view_params # check user does not exist already # as a user user = User.get(session, uid) if user is not None: request.session.flash("User %s already exists" % uid, 'warning') return view_params # as a team team = Team.get(session, uid) if team is not None: msg = "User %s already exists as a team name" % uid request.session.flash(msg, 'warning') return view_params # register new user User.create(session, uid, name, email) return log_user_in(request, uid, True) else: return {}
def view_init(request, session, tab): """Common init for all 'view'. Args: request: (Request) session: (DBSession) tab: (str) current tab in view Returns: (User, dict of (str: any)): user, view_params """ uid = request.matchdict['uid'] user = User.get(session, uid) if user is None: request.session.flash("User %s does not exists" % uid, 'warning') raise HTTPFound(location=request.route_url('home')) current_uid = request.unauthenticated_userid view_params = {"user": user, "tabs": tabs, "tab": tab, "allow_edit": (uid == current_uid), "sections": []} return user, view_params
def edit_init(request, session, tab): """Common init for all 'edit' views. Args: request: (Request) session: (DBSession) tab: (str) current tab in view Returns: (ResearchObject, dict of (str: any)): ro, view_params """ ro, view_params = view_init(request, session, tab) warn_links = [link for link in ro.out_links if link.type == 'produce'] error_links = [link for link in ro.in_links if link.type != 'contains'] view_params["warn_links"] = warn_links view_params["error_links"] = error_links if not view_params["allow_edit"]: msg = "Access to %s edition not granted for you" % ro.id request.session.flash(msg, 'warning') raise HTTPFound(location=request.route_url('home')) if 'back' in request.params: # request.session.flash("Edition stopped", 'success') loc = request.route_url('ro_view_%s' % tab, uid=ro.id) raise HTTPFound(location=loc) if 'update' in request.params: # edit project visibility public = 'visibility' in request.params ro.public = public if 'confirm_transfer' in request.params: if request.unauthenticated_userid != ro.owner: request.session.flash("Action non authorized for you", 'warning') raise HTTPFound(location=request.route_url('home')) user = User.get(session, request.params["new_owner"]) if user is None: msg = "User '%s' is unknown" % request.params["new_owner"] request.session.flash(msg, 'warning') raise HTTPFound(location=request.current_route_url()) ro.change_owner(session, user) loc = request.route_url("ro_view_home", uid=ro.id) transaction.commit() raise HTTPFound(location=loc) delete_recursive = "confirm_delete_recursive" in request.params if "confirm_delete" in request.params or delete_recursive: if ResearchObject.remove(session, ro, delete_recursive): transaction.commit() request.session.flash("RO '%s' deleted" % ro.id, 'success') else: request.session.flash("Failed to delete '%s'" % ro.id, 'warning') raise HTTPFound(location=request.route_url('home')) return ro, view_params
def register_new_user(request, session, team, new_uid): """Register a new user according to info in form Args: request: (Request) session: (DBSession) team: (Team) new_uid: (str) id of user to add to team auth Returns: (bool): whether team has changed and need to be reloaded """ if new_uid == team.id: msg = "Cannot be a member of itself" request.session.flash(msg, 'warning') return False role = Role.from_str(request.params.get("role_new", "denied")) member = User.get(session, new_uid) if member is not None: if new_uid in (pol.actor for pol in team.auth): msg = "%s already a direct member" % member.id request.session.flash(msg, 'warning') return False team.add_policy(session, member, role) request.session.flash("New member %s added" % member.id, 'success') return True member = Team.get(session, new_uid) if member is not None: if team.has_member(session, new_uid): request.session.flash("%s already a member" % member.id, 'warning') return False if member.has_member(session, team.id): msg = "Circular reference %s is a member of %s" % (team.id, member.id) request.session.flash(msg, 'warning') return False team.add_policy(session, member, role) request.session.flash("New member %s added" % member.id, 'success') return True request.session.flash("User %s does not exists" % new_uid, 'warning') return False
def view(request): if request.unauthenticated_userid is not None: request.session.flash("Already logged in, log out first", 'warning') return HTTPFound(location=request.route_url('home')) if "ok" in request.params: session = DBSession() uid = request.params["user_id"] user = User.get(session, uid) if user is None: msg = "No such user! <a href='%s'>Register?</a>" % request.route_url('user_register') request.session.flash(Markup(msg), 'warning') return HTTPFound(location=request.current_route_url()) pwd = request.params["password"] # check password if check_password(session, user, pwd): return log_user_in(request, uid) else: request.session.flash("Invalid password", 'warning') return HTTPFound(location=request.current_route_url()) else: return {}
def main(session, user, container): """Create ROs to test auth policies. Args: session (DBSession): user (User): default user container (ROContainer): top level container Returns: None """ # create another user other = User.create(session, uid='other', name="Other User", email="*****@*****.**") img = Image.open("seeweb/scripts/avatar/sartzet.png") upload_user_avatar(img, other) # user can view RO in container owner by other roa = ROArticle() roa.init(session, dict(owner=other.id, name="other article")) roa.store_description("Title\n=====\n\nLorem Ipsum\nlorem ipsum") roa.add_policy(session, user, Role.view) road = ROArticle() road.init(session, dict(owner=other.id, name="other editable article")) road.store_description("Title\n=====\n\nLorem Ipsum\nlorem ipsum") road.add_policy(session, user, Role.edit) roc = ROContainer() roc.init(session, dict(owner=other.id, name="other project", contents=[roa, road])) ROLink.connect(session, container.id, roc.id, 'contains') # access granted to ROs through their container policy roa = ROArticle() roa.init(session, dict(owner=other.id, name="other 'private' article")) roa.store_description("Title\n=====\n\nLorem Ipsum\nlorem ipsum") roc = ROContainer() roc.init(session, dict(owner=other.id, name="other 'denied' project", contents=[roa])) roc.add_policy(session, user, Role.denied) ROLink.connect(session, container.id, roc.id, 'contains') roc = ROContainer() roc.init(session, dict(owner=other.id, name="other project", contents=[roa])) roc.add_policy(session, user, Role.edit) ROLink.connect(session, container.id, roc.id, 'contains') # public container roa = ROArticle() roa.init(session, dict(owner=other.id, name="other article")) roa.store_description("Title\n=====\n\nLorem Ipsum\nlorem ipsum") road = ROArticle() road.init(session, dict(owner=other.id, name="other denied article")) road.store_description("Title\n=====\n\nLorem Ipsum\nlorem ipsum") road.add_policy(session, user, Role.denied) roc = ROContainer() roc.init(session, dict(owner=other.id, name="other 'public' project", contents=[roa, road])) roc.public = True ROLink.connect(session, container.id, roc.id, 'contains')
def main(session): # users revesansparole = User.create(session, uid='revesansparole', name="Jerome Chopard", email="*****@*****.**") img = Image.open("seeweb/scripts/avatar/revesansparole.png") upload_user_avatar(img, revesansparole) users.append(revesansparole) doofus0 = User.create(session, uid='doofus%d' % 0, name="Dummy Doofus", email="*****@*****.**") users.append(doofus0) doofus1 = User.create(session, uid='doofus%d' % 1, name="Dummy Doofus", email="*****@*****.**") users.append(doofus1) pradal = User.create(session, uid='pradal', name="Christophe Pradal", email="*****@*****.**") img = Image.open("seeweb/scripts/avatar/pradal.png") upload_user_avatar(img, pradal) users.append(pradal) sartzet = User.create(session, uid='sartzet', name="Simon Artzet", email="*****@*****.**") img = Image.open("seeweb/scripts/avatar/sartzet.png") upload_user_avatar(img, sartzet) users.append(sartzet) fboudon = User.create(session, uid='fboudon', name="Fred Boudon", email="*****@*****.**") img = Image.open("seeweb/scripts/avatar/fboudon.png") upload_user_avatar(img, fboudon) users.append(fboudon) # teams subsub_team = Team.create(session, uid="subsubteam") subsub_team.description = """Test team only""" subsub_team.add_policy(session, doofus0, Role.edit) teams.append(subsub_team) sub_team = Team.create(session, uid="subteam") sub_team.description = """Test team only""" sub_team.add_policy(session, doofus1, Role.edit) sub_team.add_policy(session, subsub_team, Role.edit) teams.append(sub_team) vplants = Team.create(session, uid="vplants") img = Image.open("seeweb/scripts/avatar/vplants.png") upload_team_avatar(img, vplants) descr = dedent(""" Team ---- INRIA team based in Montpellier """) vplants.store_description(descr) vplants.add_policy(session, pradal, Role.edit) vplants.add_policy(session, fboudon, Role.view) teams.append(vplants) oa = Team.create(session, uid="openalea") img = Image.open("seeweb/scripts/avatar/openalea.png") upload_team_avatar(img, oa) descr = dedent(""" Community --------- OpenAlea is an open source project primarily aimed at the plant research community. It is a distributed collaborative effort to develop Python libraries and tools that address the needs of current and future works in Plant Architecture modeling. OpenAlea includes modules to analyse, visualize and model the functioning and growth of plant architecture. """) oa.store_description(descr) oa.add_policy(session, revesansparole, Role.edit) oa.add_policy(session, pradal, Role.view) oa.add_policy(session, sartzet, Role.view) oa.add_policy(session, vplants, Role.edit) oa.add_policy(session, sub_team, Role.edit) teams.append(oa)