def blog_user(user_id, blog_id): # Obtains user edit in blog context. user = auth.is_logged_in(request) blog = Blog.load(blog_id) permission = auth.is_blog_admin(user, blog) user_to_edit = User.find(user_id) return edit_user(user_to_edit, editing_user=user, context=blog_context, blog=blog)
def site_user(user_id, site_id): # Obtains user edit in site context. user = auth.is_logged_in(request) site = Site.load(site_id) permission = auth.is_site_admin(user, site) user_to_edit = User.find(user_id) return edit_user(user_to_edit, editing_user=user, context=site_context, site=site)
def post(self): login = self.get_argument("login") password = self.get_argument("password") password_confirm = self.get_argument("password_confirm") if len(password) >= 4 and (password == password_confirm): users = yield User.find(login=login) if len(users): self.write_error(500, "Already exist") return user = User(login=login) user.set_password(new_password=password) user.save() self.set_secure_cookie("user", login) self.get_user_from_cookies = lambda : login session = self.project_session session['current_user'] = user session.save() self.redirect("/") else: self.write_error(500, 'Incorrect password')
def user_edit(user_id, path, context, permission): # Obtains user edit in system context. user = auth.is_logged_in(request) permission = permission(user) user_to_edit = User.find(user_id=user_id) if user_id is not None else user status = None from core.error import PermissionsException if request.method == 'POST': if request.forms.getunicode('submit_settings') is not None: from core.libs import peewee user_to_edit.name = request.forms.getunicode('user_name') user_to_edit.email = request.forms.getunicode('user_email') try: user_to_edit.save() except peewee.IntegrityError: status = utils.Status( type='danger', no_sure=True, message= 'Error: user <b>{}</b> cannot be changed to the same name or email as another user.' .format(user_to_edit.for_display)) else: status = utils.Status( type='success', message='Data for user <b>{}</b> successfully updated.'. format(user_to_edit.for_display)) # TODO: all actions could be consolidated w/o multiple status lines if request.forms.getunicode('delete_permissions') is not None: deletes = request.forms.getall('del') try: user.remove_permissions(deletes) except PermissionsException as e: raise e status = utils.Status( type='success', message='Data for user <b>{}</b> successfully updated.'.format( user_to_edit.for_display)) if request.forms.getunicode('submit_permissions') is not None: permission_to_add = int( request.forms.getunicode('permission_list')) permission_target = request.forms.getunicode( 'permission_target_list') target_site = None target_blog = None if permission_to_add != auth.role.SYS_ADMIN: permission_target_item = permission_target[:5] if permission_target_item == 'site-': target_site = Site.load(permission_target[5:]) else: target_blog = Blog.load(permission_target[5:]) user_to_edit.add_permission(permission=permission_to_add, site=target_site, blog=target_blog) ''' what we should do: - get any existing permission - update it with the proper bitmask then, when listing permissions, go through and compare each bitmask against it the bitmask needs to be all in one entry per site/blog/user object it *might* work as we have it now but we'll need to test we might need to order by level to make sure it works ''' else: if user_to_edit.last_login is None: status = utils.Status( type='success', message='User <b>{}</b> successfully created.'.format( user_to_edit.for_display), ) import datetime user_to_edit.last_login = datetime.datetime.utcnow() user_to_edit.save() tags = template_tags(user=User.find(user_id=user.id)) tags.status = status try: tags.permissions = auth.get_permissions(user_to_edit) except PermissionsException: tags.permissions = [] tags.editor_permissions = auth.get_permissions(user) return edit_user(user_to_edit, editing_user=user, context=context(user_to_edit, path), tags=tags)
def user_edit(user_id, path, context, permission): # Obtains user edit in system context. user = auth.is_logged_in(request) permission = permission(user) user_to_edit = User.find(user_id=user_id) if user_id is not None else user status = None from core.error import PermissionsException if request.method == 'POST': if request.forms.getunicode('submit_settings') is not None: from core.libs import peewee user_to_edit.name = request.forms.getunicode('user_name') user_to_edit.email = request.forms.getunicode('user_email') try: user_to_edit.save() except peewee.IntegrityError: status = utils.Status( type='danger', no_sure=True, message='Error: user <b>{}</b> cannot be changed to the same name or email as another user.'.format( user_to_edit.for_display) ) else: status = utils.Status( type='success', message='Data for user <b>{}</b> successfully updated.'.format( user_to_edit.for_display) ) # TODO: all actions could be consolidated w/o multiple status lines if request.forms.getunicode('delete_permissions') is not None: deletes = request.forms.getall('del') try: user.remove_permissions(deletes) except PermissionsException as e: raise e status = utils.Status( type='success', message='Data for user <b>{}</b> successfully updated.'.format(user_to_edit.for_display) ) if request.forms.getunicode('submit_permissions') is not None: permission_to_add = int(request.forms.getunicode('permission_list')) permission_target = request.forms.getunicode('permission_target_list') target_site = None target_blog = None if permission_to_add != auth.role.SYS_ADMIN: permission_target_item = permission_target[:5] if permission_target_item == 'site-': target_site = Site.load(permission_target[5:]) else: target_blog = Blog.load(permission_target[5:]) user_to_edit.add_permission( permission=permission_to_add, site=target_site, blog=target_blog) ''' what we should do: - get any existing permission - update it with the proper bitmask then, when listing permissions, go through and compare each bitmask against it the bitmask needs to be all in one entry per site/blog/user object it *might* work as we have it now but we'll need to test we might need to order by level to make sure it works ''' else: if user_to_edit.last_login is None: status = utils.Status( type='success', message='User <b>{}</b> successfully created.'.format( user_to_edit.for_display), ) import datetime user_to_edit.last_login = datetime.datetime.utcnow() user_to_edit.save() tags = template_tags(user=User.find(user_id=user.id)) tags.status = status try: tags.permissions = auth.get_permissions(user_to_edit) except PermissionsException: tags.permissions = [] tags.editor_permissions = auth.get_permissions(user) return edit_user(user_to_edit, editing_user=user, context=context(user_to_edit, path), tags=tags)