def get_user(key, mail):
'''
Get the user with the the given mail,
with the given key.
'''
return DBSession.query(User).filter(
and_(User.email == mail, User.key == key)).first()
def post_delete(self, *args, **kw):
for id in args :
permission = DBSession.query(Permission).filter(Permission.id == id).first()
if permission.id == constants.permission_admin_name:
flash('Cannot delete admin permission', 'error')
redirect('/permissions')
if permission.name == constants.permissions_read_name:
flash('Cannot delete read permission', 'error')
redirect('/permissions')
return CrudRestController.post_delete(self, *args, **kw)
def post_delete(self, *args, **kw):
for id in args :
group = DBSession.query(Group).filter(Group.id == id).first()
if group.id == constants.group_admins_id:
flash('Cannot delete admin group', 'error')
redirect('/groups')
if group.name == constants.group_users_id:
flash('Cannot delete users group', 'error')
redirect('/groups')
return CrudRestController.post_delete(self, *args, **kw)
def post_delete(self, *args, **kw):
for id in args:
group = DBSession.query(Group).filter(Group.id == id).first()
if group.id == constants.group_admins_id:
flash('Cannot delete admin group', 'error')
redirect('/groups')
if group.name == constants.group_users_id:
flash('Cannot delete users group', 'error')
redirect('/groups')
return CrudRestController.post_delete(self, *args, **kw)
def post_delete(self, *args, **kw):
for id in args:
permission = DBSession.query(Permission).filter(
Permission.id == id).first()
if permission.id == constants.permission_admin_name:
flash('Cannot delete admin permission', 'error')
redirect('/permissions')
if permission.name == constants.permissions_read_name:
flash('Cannot delete read permission', 'error')
redirect('/permissions')
return CrudRestController.post_delete(self, *args, **kw)
def get_user_in_session(request):
'''
Get the user that is performing the current request
@param request: the web request
@type request: a WebOb
'''
if not 'repoze.who.identity' in request.environ :
abort(401)
identity = request.environ['repoze.who.identity']
email = identity['repoze.who.userid']
user = DBSession.query(User).filter(User.email == email).first()
return user
def get_user_in_session(request):
'''
Get the user that is performing the current request
@param request: the web request
@type request: a WebOb
'''
if not 'repoze.who.identity' in request.environ:
abort(401)
identity = request.environ['repoze.who.identity']
email = identity['repoze.who.userid']
user = DBSession.query(User).filter(User.email == email).first()
return user
def by_email_address(cls, email):
"""Return the user object whose email address is ``email``."""
return DBSession.query(cls).filter(cls.email == email).first()
def setdefaultkey(self):
uid = str(uuid.uuid4())
while DBSession.query(User).filter(User.key == uid).first():
uid = str(uuid.uuid4())
return uid
def auth(self,came_from='/',**kw):
'''
Fetch user back from tequila.
Validate the key from tequila.
Log user.
'''
if not kw.has_key('key'):
redirect(came_from)
# take parameters
key = kw.get('key')
environ = request.environ
authentication_plugins = environ['repoze.who.plugins']
identifier = authentication_plugins['ticket']
secret = identifier.secret
cookiename = identifier.cookie_name
remote_addr = environ['REMOTE_ADDR']
# get user
principal = tequila.validate_key(key,'tequila.epfl.ch')
if not principal :
redirect('/login/go')
# build user from tequila response
tmp_user = self.build_user(principal)
mail = tmp_user.email
# log or create him
user = DBSession.query(User).filter(User.email == tmp_user.email).first()
if user is None:
user_group = DBSession.query(Group).filter(Group.id == constants.group_users_id).first()
user_group.users.append(tmp_user)
DBSession.add(tmp_user)
DBSession.flush()
user = DBSession.query(User).filter(User.email == mail).first()
flash( '''Your account has been created''')
DBSession.flush()
elif user.name == constants.tmp_user_name:
user.name = tmp_user.name
user._set_date(datetime.datetime.now())
user_group = DBSession.query(Group).filter(Group.id == constants.group_users_id).first()
user_group.users.append(tmp_user)
flash( '''Your account has been created''')
DBSession.add(user)
DBSession.flush()
else :
flash( 'Welcome back', 'notice')
# user is logged now / look if he's an admin
admins = tg.config.get('admin.mails')
if admins is not None :
group_admins = DBSession.query(Group).filter(Group.id == constants.group_admins_id).first()
if user.email in admins:
user not in group_admins.users and group_admins.users.append(user)
else :
user in group_admins.users and group_admins.users.remove(user)
DBSession.flush()
# create the authentication ticket
user = DBSession.query(User).filter(User.email == mail).first()
userdata=str(user.id)
ticket = auth_tkt.AuthTicket(
secret, user.email, remote_addr, tokens=token,
user_data=userdata, time=None, cookie_name=cookiename,
secure=True)
val = ticket.cookie_value()
# set it in the cookies
response.set_cookie(
cookiename,
value=val,
max_age=None,
path='/',
domain=None,
secure=False,
httponly=False,
comment=None,
expires=None,
overwrite=False)
redirect(came_from)
def get_user(key,mail):
'''
Get the user with the the given mail,
with the given key.
'''
return DBSession.query(User).filter(and_(User.email == mail, User.key == key)).first()
