#!/usr/bin/python3 # # Session management # # @author Brian Hession # @email [email protected] # from env import * import sshttp, userstable, sessionstable users = userstable.SSUsers(DATABASE) sessions = sessionstable.SSSessions(DATABASE) def has_session(): return sshttp.has_cookie() def session_is_valid(): return has_session() and sessions.is_valid(sshttp.get_cookie()) def get_session(): if session_is_valid(): session = sessions.get_session(sshttp.get_cookie()) if session: sessions.update_session(sshttp.get_cookie()) return session return None
parameters['invalid'] = 1 sshttp.send302(sshttp.build_uri('/groupctl.py', parameters)) else: gid = groupstable.SSGroups(DATABASE).create_group( uid, args.getvalue('groupname')) sshttp.send302(sshttp.build_uri('/groups.py', {'gid': gid})) # Delete group elif 'deletegroup' in args: user = sessions.get_user() uid = userstable.USERS_SCHEMA.get(user, 'id') email = userstable.USERS_SCHEMA.get(user, 'email') groups = groupstable.SSGroups(DATABASE) users = userstable.SSUsers(DATABASE) if 'gid' not in args: sshttp.senderror(400) else: level = groups.get_membership_level( args.getvalue('gid'), uid) if level == None or level != groupstable.ADMIN: sshttp.senderror(403) elif 'password' not in args: parameters['gid'] = args.getvalue('gid') parameters['nopassword'] = 1 sshttp.send302( sshttp.build_uri('/groups.py', parameters)) elif not users.validate_user(email, args.getvalue('password')): parameters['gid'] = args.getvalue('gid')