#!/usr/bin/python3 # # Session management # # @author Brian Hession # @email [email protected] # from env import * import sshttp, userstable, sessionstable users = userstable.SSUsers(DATABASE) sessions = sessionstable.SSSessions(DATABASE) def has_session(): return sshttp.has_cookie() def session_is_valid(): return has_session() and sessions.is_valid(sshttp.get_cookie()) def get_session(): if session_is_valid(): session = sessions.get_session(sshttp.get_cookie()) if session: sessions.update_session(sshttp.get_cookie()) return session return None
parameters['invalid'] = 1
sshttp.send302(sshttp.build_uri('/groupctl.py',
parameters))
else:
gid = groupstable.SSGroups(DATABASE).create_group(
uid, args.getvalue('groupname'))
sshttp.send302(sshttp.build_uri('/groups.py',
{'gid': gid}))
# Delete group
elif 'deletegroup' in args:
user = sessions.get_user()
uid = userstable.USERS_SCHEMA.get(user, 'id')
email = userstable.USERS_SCHEMA.get(user, 'email')
groups = groupstable.SSGroups(DATABASE)
users = userstable.SSUsers(DATABASE)
if 'gid' not in args:
sshttp.senderror(400)
else:
level = groups.get_membership_level(
args.getvalue('gid'), uid)
if level == None or level != groupstable.ADMIN:
sshttp.senderror(403)
elif 'password' not in args:
parameters['gid'] = args.getvalue('gid')
parameters['nopassword'] = 1
sshttp.send302(
sshttp.build_uri('/groups.py', parameters))
elif not users.validate_user(email,
args.getvalue('password')):
parameters['gid'] = args.getvalue('gid')