def _process_args(self): if not session.user: return self.user = session.user if 'user_id' in request.view_args: self.user = User.get(request.view_args['user_id']) if self.user is None: raise NotFound('This user does not exist') elif request.method == 'GET' and not request.is_xhr and self.flash_user_status: # Show messages about the user's status if it's a simple GET request if self.user.is_deleted: if self.user.merged_into_id is not None: msg = _( 'This user has been merged into <a href="{url}">another user</a>.' ) flash( Markup(msg).format(url=url_for( request.endpoint, self.user.merged_into_user)), 'warning') else: flash(_('This user is marked as deleted.'), 'warning') if self.user.is_pending: flash( _('This user is marked as pending, i.e. it has been attached to something but never ' 'logged in.'), 'warning') if not self.allow_system_user and self.user.is_system: return redirect(url_for('users.user_profile'))
def _original_user(self): # A proper user, with an id that can be mapped directly to sqlalchemy if isinstance(self.id, int) or self.id.isdigit(): return User.get(int(self.id)) # A user who had no real fossir account but an ldap identifier/email. # In this case we try to find his real user and replace the ID of this object # with that user's ID. data = self.id.split(':') # TODO: Once everything is in SQLAlchemy this whole thing needs to go away! user = None if data[0] == 'LDAP': identifier = data[1] email = data[2] # You better have only one ldap provider or at least different identifiers ;) identity = Identity.find_first(Identity.provider != 'fossir', Identity.identifier == identifier) if identity: user = identity.user elif data[0] == 'Nice': email = data[1] else: return None if not user: user = User.find_first(User.all_emails.contains(email)) if user: self._old_id = self.id self.id = str(user.id) logger.info("Updated legacy user id (%s => %s)", self._old_id, self.id) return user
def _process(self): users = [User.get(int(id_)) for id_ in request.form.getlist('user_id')] self.user.favorite_users |= set(filter(None, users)) tpl = get_template_module('users/_favorites.html') return jsonify(success=True, users=[serialize_user(user) for user in users], html=tpl.favorite_users_list(self.user))
def _get_breadcrumbs(self): if 'user_id' in request.view_args: user = User.get(request.view_args['user_id']) profile_breadcrumb = _('Profile of {name}').format( name=user.full_name) else: profile_breadcrumb = _('My Profile') return render_breadcrumbs(profile_breadcrumb)
def _process(self): user = User.get(int(request.view_args['fav_user_id'])) self.user.favorite_users.discard(user) try: db.session.flush() except StaleDataError: # Deleted in another transaction db.session.rollback() return jsonify(success=True)
def export_user(self, user): if not user: raise HTTPAPIError('You need to be logged in', 403) user = User.get(self._user_id, is_deleted=False) if not user: raise HTTPAPIError('Requested user not found', 404) if not user.can_be_modified(user): raise HTTPAPIError('You do not have access to that info', 403) return [user.as_avatar.fossilize()]
def get_form_defaults(self): email = session.get('register_verified_email') existing_user_id = session.get('register_pending_user') existing_user = User.get(existing_user_id) if existing_user_id else None data = {'email': email} if existing_user: data.update(first_name=existing_user.first_name, last_name=existing_user.last_name, affiliation=existing_user.affiliation) return FormDefaults(**data)
def _process_args(self): self.identity_info = load_identity_info() if not self.identity_info or self.identity_info['fossir_user_id'] is None: # Just redirect to the front page or whereever we wanted to go. # Probably someone simply used his browser's back button. flash('There is no pending login.', 'warning') return multipass.redirect_success() self.user = User.get(self.identity_info['fossir_user_id']) self.emails = sorted(self.user.all_emails & set(self.identity_info['data'].getlist('email'))) self.verification_email_sent = self.identity_info.get('verification_email_sent', False) self.email_verified = self.identity_info['email_verified'] self.must_choose_email = len(self.emails) != 1 and not self.email_verified
def _make_idref(self, column, value, incoming=False, target_column=None): """Generate a ID reference. When generating an incoming ID reference, `column` must be a PK and point to the column that is referenced by FKs. In this case the `value` is ignored since it will be auto-generated by the db when the new row is isnerted. Otherwise, exactly one of `column` or `target_column` must be set. `column` is the column in the current table that has a FK referencing some other column. `target_column` is already the column that is referenced by a FK in the current table. """ assert (column is None) != (target_column is None) if value is None: return None if incoming: assert column.primary_key assert target_column is None fullname = '{}.{}'.format(column.table.fullname, column.name) type_ = 'idref_set' else: if target_column is not None: fullname = '{}.{}'.format(target_column.table.fullname, target_column.name) else: fk = _get_single_fk(column) fullname = fk.target_fullname target_column = fk.column if target_column is User.__table__.c.id and value is not None: type_ = 'userref' else: type_ = 'idref' uuid = self.id_map[fullname].setdefault(value, self._get_uuid()) if type_ == 'userref' and uuid not in self.users: user = User.get(value) self.users[uuid] = None if user.is_system else { 'first_name': user.first_name, 'last_name': user.last_name, 'title': user._title, 'affiliation': user.affiliation, 'phone': user.phone, 'address': user.address, 'email': user.email, 'all_emails': list(user.all_emails) } return type_, uuid
def grant_admin(user_id): """Grants administration rights to a given user""" user = User.get(user_id) if user is None: print(cformat("%{red}This user does not exist")) return _print_user_info(user) if user.is_admin: print(cformat("%{yellow}This user already has administration rights")) return if click.confirm( cformat("%{yellow}Grant administration rights to this user?")): user.is_admin = True db.session.commit() print(cformat("%{green}Administration rights granted successfully"))
def revoke_admin(user_id): """Revokes administration rights from a given user""" user = User.get(user_id) if user is None: print(cformat("%{red}This user does not exist")) return _print_user_info(user) if not user.is_admin: print( cformat("%{yellow}This user does not have administration rights")) return if click.confirm( cformat("%{yellow}Revoke administration rights from this user?")): user.is_admin = False db.session.commit() print(cformat("%{green}Administration rights revoked successfully"))
def user(self): user_id = self.get('_user_id') user = User.get(user_id) if user_id is not None else None if user and user.is_deleted: merged_into_user = user.merged_into_user user = None # If the user is deleted and the request is likely to be seen by # the user, we forcefully log him out and inform him about it. if not request.is_xhr and request.blueprint != 'assets': self.clear() if merged_into_user: msg = _( 'Your profile has been merged into <strong>{}</strong>. Please log in using that profile.' ) flash( Markup(msg).format(merged_into_user.full_name), 'warning') else: flash(_('Your profile has been deleted.'), 'error') return user
def _validate(self, data): if not data: flash(_('The verification token is invalid or expired.'), 'error') return False, None user = User.get(data['user_id']) if not user or user != self.user: flash( _('This token is for a different fossir user. Please login with the correct account' ), 'error') return False, None existing = UserEmail.find_first(is_user_deleted=False, email=data['email']) if existing and not existing.user.is_pending: if existing.user == self.user: flash( _('This email address is already attached to your account.' )) else: flash( _('This email address is already in use by another account.' ), 'error') return False, existing.user return True, existing.user if existing else None
def _create_user(id_, first_name=u'Guinea', last_name=u'Pig', rb_admin=False, admin=False, email=None, groups=None, legacy=False): user = User.get(id_) if user: return user.as_avatar if legacy else user user = User() user.id = id_ user.first_name = first_name user.last_name = last_name user.email = email or u'{}@example.com'.format(id_) user.is_admin = admin user.local_groups = {g.group for g in (groups or ())} db.session.add(user) db.session.flush() if rb_admin: rb_settings.acls.add_principal('admin_principals', user) db.session.flush() return user.as_avatar if legacy else user
def principal_from_fossil(fossil, allow_pending=False, allow_groups=True, allow_missing_groups=False, allow_emails=False, allow_networks=False, existing_data=None): from fossir.modules.networks.models.networks import IPNetworkGroup from fossir.modules.groups import GroupProxy from fossir.modules.users import User if existing_data is None: existing_data = set() type_ = fossil['_type'] id_ = fossil['id'] if type_ == 'Avatar': if isinstance(id_, int) or id_.isdigit(): # regular user user = User.get(int(id_)) elif allow_pending: data = GenericCache('pending_identities').get(id_) if not data: raise ValueError("Cannot find user '{}' in cache".format(id_)) data = {k: '' if v is None else v for k, v in data.items()} email = data['email'].lower() # check if there is not already a (pending) user with that e-mail # we need to check for non-pending users too since the search may # show a user from external results even though the email belongs # to an fossir account in case some of the search criteria did not # match the fossir account user = User.find_first(User.all_emails.contains(email), ~User.is_deleted) if not user: user = User(first_name=data.get('first_name') or '', last_name=data.get('last_name') or '', email=email, address=data.get('address', ''), phone=data.get('phone', ''), affiliation=data.get('affiliation', ''), is_pending=True) db.session.add(user) db.session.flush() else: raise ValueError( "Id '{}' is not a number and allow_pending=False".format(id_)) if user is None: raise ValueError('User does not exist: {}'.format(id_)) return user elif allow_emails and type_ == 'Email': return EmailPrincipal(id_) elif allow_networks and type_ == 'IPNetworkGroup': group = IPNetworkGroup.get(int(id_)) if group is None or (group.hidden and group not in existing_data): raise ValueError('IP network group does not exist: {}'.format(id_)) return group elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}: group = GroupProxy(int(id_)) if group.group is None: raise ValueError('Local group does not exist: {}'.format(id_)) return group elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}: provider = fossil['provider'] group = GroupProxy(id_, provider) if group.group is None and not allow_missing_groups: raise ValueError('Multipass group does not exist: {}:{}'.format( provider, id_)) return group else: raise ValueError('Unexpected fossil type: {}'.format(type_))
def _process(self): self.group.members.discard(User.get(request.view_args['user_id'])) return jsonify(success=True)