def wrap(request, *args, **kwargs): # If user isn't authenticated if not request.user.is_authenticated(): logging.info("User not authenticated tried to access the system") request.flash['notice'] = 'Por favor inicie sesión primero' return redirect('login') # define basic data profile = request.user.get_profile() region_id = kwargs.get('region_id', None) cuerpo_id = kwargs.get('cuerpo_id', None) company_id = kwargs.get('company_id', None) cursor = connections['principal'].cursor() # check role if defined at decorator instantiation if self.roles: role_name = None # assign current role to human readable format if profile.is_administrator(): role_name = 'administrator' elif profile.is_regional_operations_manager(): role_name = 'regional_operations_manager' elif profile.is_cuerpo_manager(): role_name = 'cuerpo' elif profile.is_company_manager(): role_name = 'company' # If user doesn't have access, redirect if not (role_name in self.roles): request.flash['error'] = 'Usted no tiene permisos para realizar esta acción' logging.info("User %s doesn't have permission to access %s", request.user.username, request.path) return redirect('index') # deliver region if requested if region_id: region = Region.fetch_from_db(cursor, region_id) if not region: logging.info("Region:%s doesn't exist", region_id) # why %s: http://stackoverflow.com/questions/2796178/error-url-redirection request.flash["error"] = 'La region que ha seleccionado no existe' cursor.close() return redirect('index') # now we must check user's permissions if not profile.has_region_permission(region): logging.warning("User:%s unauthorized to access Region:%s information", profile.old_id, region_id) request.flash["error"] = 'No tiene permiso para acceder a la información de la región seleccionada' cursor.close() return redirect('index') # replace region_id with full region object del kwargs['region_id'] kwargs['region'] = region # deliver cuerpo if requested if cuerpo_id: cuerpo = Cuerpo.fetch_from_db(cursor, cuerpo_id) if not cuerpo: logging.info("Cuerpo:%s doesn't exist", cuerpo_id) # why %s: http://stackoverflow.com/questions/2796178/error-url-redirection request.flash["error"] = 'El cuerpo que ha ingresado no existe' cursor.close() return redirect('index') # now we must check user's permissions if not profile.has_cuerpo_permission(cursor, cuerpo): logging.warning("User:%s unauthorized to access Cuerpo:%s information", profile.old_id, cuerpo_id) request.flash["error"] = 'No tiene permiso para acceder a la información del cuerpo seleccionado' cursor.close() return redirect('index') # replace cuerpo_id with full cuerpo object del kwargs['cuerpo_id'] kwargs['cuerpo'] = cuerpo # deliver company if requested if company_id: company = Company.fetch_from_db(cursor, company_id) if not company: logging.info("Company:%s doesn't exist", company_id) # why %s: http://stackoverflow.com/questions/2796178/error-url-redirection request.flash["error"] = 'La compañía que ha ingresado no existe' cursor.close() return redirect('index') # now we must check user's permissions if not profile.has_company_permission(cursor, company): logging.warning("User:%s unauthorized to access Company:%s information", profile.old_id, company_id) request.flash["error"] = 'No tiene permiso para acceder a la información de la compañía seleccionada' cursor.close() return redirect('index') # replace company_id with full company object del kwargs['company_id'] kwargs['company'] = company # user has permission over cuerpo cursor.close() return func(request, *args, **kwargs)
def wrap(request, *args, **kwargs): # If user isn't authenticated if not request.user.is_authenticated(): logging.info( "User not authenticated tried to access the system") request.flash['notice'] = 'Por favor inicie sesión primero' return redirect('login') # define basic data profile = request.user.get_profile() region_id = kwargs.get('region_id', None) cuerpo_id = kwargs.get('cuerpo_id', None) company_id = kwargs.get('company_id', None) cursor = connections['principal'].cursor() # check role if defined at decorator instantiation if self.roles: role_name = None # assign current role to human readable format if profile.is_administrator(): role_name = 'administrator' elif profile.is_regional_operations_manager(): role_name = 'regional_operations_manager' elif profile.is_cuerpo_manager(): role_name = 'cuerpo' elif profile.is_company_manager(): role_name = 'company' # If user doesn't have access, redirect if not (role_name in self.roles): request.flash[ 'error'] = 'Usted no tiene permisos para realizar esta acción' logging.info( "User %s doesn't have permission to access %s", request.user.username, request.path) return redirect('index') # deliver region if requested if region_id: region = Region.fetch_from_db(cursor, region_id) if not region: logging.info( "Region:%s doesn't exist", region_id ) # why %s: http://stackoverflow.com/questions/2796178/error-url-redirection request.flash[ "error"] = 'La region que ha seleccionado no existe' cursor.close() return redirect('index') # now we must check user's permissions if not profile.has_region_permission(region): logging.warning( "User:%s unauthorized to access Region:%s information", profile.old_id, region_id) request.flash[ "error"] = 'No tiene permiso para acceder a la información de la región seleccionada' cursor.close() return redirect('index') # replace region_id with full region object del kwargs['region_id'] kwargs['region'] = region # deliver cuerpo if requested if cuerpo_id: cuerpo = Cuerpo.fetch_from_db(cursor, cuerpo_id) if not cuerpo: logging.info( "Cuerpo:%s doesn't exist", cuerpo_id ) # why %s: http://stackoverflow.com/questions/2796178/error-url-redirection request.flash[ "error"] = 'El cuerpo que ha ingresado no existe' cursor.close() return redirect('index') # now we must check user's permissions if not profile.has_cuerpo_permission(cursor, cuerpo): logging.warning( "User:%s unauthorized to access Cuerpo:%s information", profile.old_id, cuerpo_id) request.flash[ "error"] = 'No tiene permiso para acceder a la información del cuerpo seleccionado' cursor.close() return redirect('index') # replace cuerpo_id with full cuerpo object del kwargs['cuerpo_id'] kwargs['cuerpo'] = cuerpo # deliver company if requested if company_id: company = Company.fetch_from_db(cursor, company_id) if not company: logging.info( "Company:%s doesn't exist", company_id ) # why %s: http://stackoverflow.com/questions/2796178/error-url-redirection request.flash[ "error"] = 'La compañía que ha ingresado no existe' cursor.close() return redirect('index') # now we must check user's permissions if not profile.has_company_permission(cursor, company): logging.warning( "User:%s unauthorized to access Company:%s information", profile.old_id, company_id) request.flash[ "error"] = 'No tiene permiso para acceder a la información de la compañía seleccionada' cursor.close() return redirect('index') # replace company_id with full company object del kwargs['company_id'] kwargs['company'] = company # user has permission over cuerpo cursor.close() return func(request, *args, **kwargs)
def authenticate(self, username=None, password=None): user = None cursor = connections['postfix'].cursor() # username needs to be transformed into email # reference: http://stackoverflow.com/questions/3217682/checking-validity-of-email-in-django-python try: validate_email(username) except ValidationError: username = u'@'.join((username, u'bomberos.cl',)) query = "SELECT correopk FROM mailbox WHERE username = %s AND password = %s" params = (username, password,) cursor.execute(query, params) postfix_data = cursor.fetchone() if postfix_data is None: # The username/password do not match logging.info("Username/password for user %s do not match", username) cursor.close() return None try: user = User.objects.get(username=username) except User.DoesNotExist: logging.info("The user (%s) is logging for the first time, initializing data", username) user = User(username=username, password=password) user.is_staff = False user.is_superuser = False user.save() profile = user.get_profile() # If for some reason the user does not have a uid in the database, burn everything and abort if postfix_data[0] is None: logging.info("User %s does not have a correopk", username) profile.delete() user.delete() cursor.close() return None correo_pk = postfix_data[0] # Try and get the user_id from usu_mail query = "SELECT fk_usu FROM mail_usu WHERE fk_mail = %s" params = (correo_pk,) cursor.execute(query, params) user_data = cursor.fetchone() if not user_data: logging.info("User %s with correopk %s does not exist in table 'mail_usu'" % (username, correo_pk)) profile.delete() user.delete() cursor.close() return None profile.old_id = user_data[0] cursor.close() cursor = connections['principal'].cursor() # First of all, determine user role profile.determine_role(cursor) # If user is not reg. op. manager, fetch company if profile.is_regional_operations_manager(): cuerpos = Region.fetch_all_related(cursor, profile.get_region_id()) for cuerpo_data in cuerpos: cuerpo = Cuerpo.fetch_from_db(cursor, cuerpo_data["id"]) if cuerpo: # is null in case of virtual cuerpo or inconsistent db cuerpo.save() else: # Try and get the user company query = "SELECT usu_fk_cia FROM usuarios WHERE usu_id = %s" params = (profile.old_id,) cursor.execute(query, params) user_data = cursor.fetchone() if not user_data: # The user does not exist in the principal database (broken foreign key) # As always, burn and quit logging.error("User %s with id %s does not exist in table 'usuarios'", username, profile.old_id) profile.delete() user.delete() cursor.close() return None old_company_id = user_data[0] company = Company.fetch_from_db(cursor, old_company_id) if not company: logging.error("User %s associated company is foreign key broken (in commune, province, region, or cuerpo)", username) profile.delete() user.delete() cursor.close() return None profile.company = company profile.save() user.save() cursor.close() return user
def authenticate(self, username=None, password=None): user = None cursor = connections['postfix'].cursor() # username needs to be transformed into email # reference: http://stackoverflow.com/questions/3217682/checking-validity-of-email-in-django-python try: validate_email(username) except ValidationError: username = u'@'.join(( username, u'bomberos.cl', )) query = "SELECT correopk FROM mailbox WHERE username = %s AND password = %s" params = ( username, password, ) cursor.execute(query, params) postfix_data = cursor.fetchone() if postfix_data is None: # The username/password do not match logging.info("Username/password for user %s do not match", username) cursor.close() return None try: user = User.objects.get(username=username) except User.DoesNotExist: logging.info( "The user (%s) is logging for the first time, initializing data", username) user = User(username=username, password=password) user.is_staff = False user.is_superuser = False user.save() profile = user.get_profile() # If for some reason the user does not have a uid in the database, burn everything and abort if postfix_data[0] is None: logging.info("User %s does not have a correopk", username) profile.delete() user.delete() cursor.close() return None correo_pk = postfix_data[0] # Try and get the user_id from usu_mail query = "SELECT fk_usu FROM mail_usu WHERE fk_mail = %s" params = (correo_pk, ) cursor.execute(query, params) user_data = cursor.fetchone() if not user_data: logging.info( "User %s with correopk %s does not exist in table 'mail_usu'" % (username, correo_pk)) profile.delete() user.delete() cursor.close() return None profile.old_id = user_data[0] cursor.close() cursor = connections['principal'].cursor() # First of all, determine user role profile.determine_role(cursor) # If user is not reg. op. manager, fetch company if profile.is_regional_operations_manager(): cuerpos = Region.fetch_all_related(cursor, profile.get_region_id()) for cuerpo_data in cuerpos: cuerpo = Cuerpo.fetch_from_db(cursor, cuerpo_data["id"]) if cuerpo: # is null in case of virtual cuerpo or inconsistent db cuerpo.save() else: # Try and get the user company query = "SELECT usu_fk_cia FROM usuarios WHERE usu_id = %s" params = (profile.old_id, ) cursor.execute(query, params) user_data = cursor.fetchone() if not user_data: # The user does not exist in the principal database (broken foreign key) # As always, burn and quit logging.error( "User %s with id %s does not exist in table 'usuarios'", username, profile.old_id) profile.delete() user.delete() cursor.close() return None old_company_id = user_data[0] company = Company.fetch_from_db(cursor, old_company_id) if not company: logging.error( "User %s associated company is foreign key broken (in commune, province, region, or cuerpo)", username) profile.delete() user.delete() cursor.close() return None profile.company = company profile.save() user.save() cursor.close() return user