def test_one_user_group_write_and_publish(self): f = Feed(name='123') f.save() u = User(passwordhash='123') u.save() g = Group(name='usergroup') g.save() g.set_users([u.id]) self.assertEqual(f.authors(), []) self.assertEqual(f.publishers(), []) self.assertEqual(f.author_groups(), []) self.assertEqual(f.publisher_groups(), []) self.assertFalse(f.user_can_write(u)) self.assertFalse(f.user_can_publish(u)) f.grant('Write', group=g) f.grant('Publish', group=g) f = Feed.get(id=f.id) self.assertEqual(f.authors(), []) self.assertEqual(f.publishers(), []) self.assertEqual(f.author_groups(), [g]) self.assertEqual(f.publisher_groups(), [g]) self.assertTrue(f.user_can_write(u)) self.assertTrue(f.user_can_publish(u))
def test_one_user_group_read_only(self): f = Feed(name='123') f.save() u = User(passwordhash='123') u.save() g = Group(name='usergroup') g.set_users([u.id]) g.save() self.assertEqual(f.authors(), []) self.assertEqual(f.publishers(), []) self.assertEqual(f.author_groups(), []) self.assertEqual(f.publisher_groups(), []) self.assertFalse(f.user_can_write(u)) self.assertFalse(f.user_can_publish(u)) f.grant('Read', group=g) self.assertEqual(f.authors(), []) self.assertEqual(f.publishers(), []) self.assertEqual(f.author_groups(), []) self.assertEqual(f.publisher_groups(), []) self.assertFalse(f.user_can_write(u)) self.assertFalse(f.user_can_publish(u))
def test_admin_cannot_create_unnamed_group(self): self.assertFalse(self.group_exists()) self.login(ADMINNAME, ADMINPASS) resp = self.post_create_group(name='') self.assertFalse(self.group_exists()) with self.assertRaises(Group.DoesNotExist): Group.get(name='')
def test_user_with_one_feed_via_group(self): u = User(passwordhash='123') g = Group(name='group_with_a_name') f = Feed() u.save() f.save() g.save() g.set_users([u.id]) f.grant('Write', group=g) self.assertEqual(u.writeable_feeds(), [f])
def users_and_groups(): ''' list of all users and groups (HTML page). ''' if request.method == 'POST': action = request.form.get('action', 'creategroup') if action == 'creategroup': if not request.form.get('name', '').strip(): flash("I'm not making you an un-named group!") return redirect(url_for('users_and_groups')) Group.create(name=request.form.get('name', 'blank').strip()) return render_template('users_and_groups.html', users=User.select(), groups=Group.select())
def group(groupid): ''' edit one user group. ''' try: thisgroup = Group.get(id=groupid) except: flash('Invalid group ID') return redirect(request.referrer if request.referrer else '/') if request.method == 'POST': if request.form.get('action', 'none') == 'delete': UserGroup.delete().where(UserGroup.group == thisgroup).execute() thisgroup.delete_instance() flash('group:'+ thisgroup.name +' deleted.') return redirect(url_for('users_and_groups')) if request.form.get('action', 'none') == 'update': thisgroup.name = request.form.get('groupname', thisgroup.name) thisgroup.save() groupusers = request.form.getlist('groupusers') thisgroup.set_users(groupusers) flash('saved') return render_template('group.html', group=thisgroup, allusers=User.select())
def group(groupid): ''' edit one user group. ''' try: thisgroup = Group.get(id=groupid) except: flash('Invalid group ID') return redirect(request.referrer if request.referrer else '/') if request.method == 'POST': if request.form.get('action', 'none') == 'delete': UserGroup.delete().where(UserGroup.group == thisgroup).execute() thisgroup.delete_instance() flash('group:' + thisgroup.name + ' deleted.') return redirect(url_for('users_and_groups')) if request.form.get('action', 'none') == 'update': thisgroup.name = request.form.get('groupname', thisgroup.name) thisgroup.save() groupusers = request.form.getlist('groupusers') thisgroup.set_users(groupusers) flash('saved') return render_template('group.html', group=thisgroup, allusers=User.select())
def feedpage(feedid): ''' the back end settings for one feed. ''' try: feed = Feed.get(id=feedid) user = user_session.get_user() except user_session.NotLoggedIn: user = User() except: flash('invalid feed id! (' + str(feedid) + ')') return redirect(url_for('feeds')) if request.method == 'POST': if not user_session.logged_in(): flash("You're not logged in!") return redirect(url_for('feeds')) if not user.is_admin: flash('Sorry! Only Admins can change these details.') return redirect(request.referrer) action = request.form.get('action', 'none') if action == 'edit': feed.name = request.form.get('title', feed.name).strip() inlist = request.form.getlist feed.post_types = ', '.join(inlist('post_types')) feed.set_authors(by_id(User, inlist('authors'))) feed.set_publishers(by_id(User, inlist('publishers'))) feed.set_author_groups(by_id(Group, inlist('author_groups'))) feed.set_publisher_groups(by_id(Group, inlist('publisher_groups'))) feed.save() flash('Saved') elif action == 'delete': for post in feed.posts: post_type_module = post_types.load(post.type) delete_post_and_run_callback(post, post_type_module) feed.delete_instance(True, True) # cascade/recursive delete. flash('Deleted') return redirect(url_for('feeds')) return render_template('feed.html', feed=feed, user=user, all_posttypes=post_types.types(), allusers=User.select(), allgroups=Group.select() )
def create_group(self, name): g = Group(name=name) g.save() return g
def user_edit(userid=-1): ''' edit one user. Admins can edit any user, but other users can only edit themselves. if userid is -1, create a new user. ''' try: current_user = user_session.get_user() except user_session.NotLoggedIn as e: flash("Sorry, you're not logged in!") return permission_denied("You're not logged in!") userid = int(userid) if userid != -1: try: user = User.get(id=userid) except User.DoesNotExist: return not_found(title="User doesn't exist", message="Sorry, that user does not exist!") else: if not current_user.is_admin: flash('Sorry! Only admins can create new users!') return permission_denied("Admins only!") try: user = User.get(loginname=request.form.get('loginname', '')) return permission_denied("Username already exists!") except peewee.DoesNotExist: pass user = User() #pylint: disable=no-value-for-parameter if request.method == 'POST': if current_user != user and not current_user.is_admin: return permission_denied("Sorry, you may not edit this user.") update_user(user, request.form, current_user) # save: try: user.save() if userid == -1: flash('New user created.') return redirect(url_for('user_edit', userid=user.id)) else: flash('Saved') except peewee.IntegrityError as err: flash('Cannot Save:' + str(err)) elif request.method == 'DELETE': if not current_user.is_admin: return 'Sorry, only admins can delete users', 403 if user.id == current_user.id: return 'Sorry! You cannot delete yourself!', 403 user.delete_instance(recursive=True) return 'User: %s deleted. (And all their posts)' % user.displayname users_posts = Post.select().where(Post.author == user) \ .order_by(Post.write_date.desc()) \ .limit(10) return render_template('user.html', allgroups=Group.select(), posts=users_posts, user=user)
def user_edit(userid=-1): ''' edit one user. Admins can edit any user, but other users can only edit themselves. if userid is -1, create a new user. ''' try: current_user = user_session.get_user() except user_session.NotLoggedIn as e: flash("Sorry, you're not logged in!") return permission_denied("You're not logged in!") userid = int(userid) if userid != -1: try: user = User.get(id=userid) except User.DoesNotExist: return not_found(title="User doesn't exist", message="Sorry, that user does not exist!") else: if not current_user.is_admin: flash('Sorry! Only admins can create new users!') return permission_denied("Admins only!") try: user = User.get(loginname=request.form['loginname']) return permission_denied("Username already exists!") except peewee.DoesNotExist: pass user = User() #pylint: disable=no-value-for-parameter if request.method == 'POST': if current_user != user and not current_user.is_admin: return permission_denied("Sorry, you may not edit this user.") update_user(user, request.form, current_user) # save: try: user.save() if userid == -1: flash('New user created.') return redirect(url_for('user_edit', userid=user.id)) else: flash('Saved') except peewee.IntegrityError as err: flash('Cannot Save:' + str(err)) elif request.method == 'DELETE': if not current_user.is_admin: return 'Sorry, only admins can delete users', 403 if user.id == current_user.id: return 'Sorry! You cannot delete yourself!', 403 user.delete_instance(recursive=True) return 'User: %s deleted. (And all their posts)' % user.displayname users_posts = Post.select().where(Post.author == user) \ .order_by(Post.write_date.desc()) \ .limit(10) return render_template('user.html', allgroups=Group.select(), posts=users_posts, user=user)
def group_exists(self, name='new group'): try: Group.get(name=name) return True except Group.DoesNotExist: return False