예제 #1
0
 def _process_args(self):
     if not session.user:
         return
     self.user = session.user
     if 'user_id' in request.view_args:
         self.user = User.get(request.view_args['user_id'])
         if self.user is None:
             raise NotFound('This user does not exist')
         elif request.method == 'GET' and not request.is_xhr and self.flash_user_status:
             # Show messages about the user's status if it's a simple GET request
             if self.user.is_deleted:
                 if self.user.merged_into_id is not None:
                     msg = _(
                         'This user has been merged into <a href="{url}">another user</a>.'
                     )
                     flash(
                         Markup(msg).format(url=url_for(
                             request.endpoint, self.user.merged_into_user)),
                         'warning')
                 else:
                     flash(_('This user is marked as deleted.'), 'warning')
             if self.user.is_pending:
                 flash(
                     _('This user is marked as pending, i.e. it has been attached to something but never '
                       'logged in.'), 'warning')
     if not self.allow_system_user and self.user.is_system:
         return redirect(url_for('users.user_profile'))
예제 #2
0
 def _original_user(self):
     # A proper user, with an id that can be mapped directly to sqlalchemy
     if isinstance(self.id, int) or self.id.isdigit():
         return User.get(int(self.id))
     # A user who had no real fossir account but an ldap identifier/email.
     # In this case we try to find his real user and replace the ID of this object
     # with that user's ID.
     data = self.id.split(':')
     # TODO: Once everything is in SQLAlchemy this whole thing needs to go away!
     user = None
     if data[0] == 'LDAP':
         identifier = data[1]
         email = data[2]
         # You better have only one ldap provider or at least different identifiers ;)
         identity = Identity.find_first(Identity.provider != 'fossir',
                                        Identity.identifier == identifier)
         if identity:
             user = identity.user
     elif data[0] == 'Nice':
         email = data[1]
     else:
         return None
     if not user:
         user = User.find_first(User.all_emails.contains(email))
     if user:
         self._old_id = self.id
         self.id = str(user.id)
         logger.info("Updated legacy user id (%s => %s)", self._old_id,
                     self.id)
     return user
예제 #3
0
 def _process(self):
     users = [User.get(int(id_)) for id_ in request.form.getlist('user_id')]
     self.user.favorite_users |= set(filter(None, users))
     tpl = get_template_module('users/_favorites.html')
     return jsonify(success=True,
                    users=[serialize_user(user) for user in users],
                    html=tpl.favorite_users_list(self.user))
예제 #4
0
 def _get_breadcrumbs(self):
     if 'user_id' in request.view_args:
         user = User.get(request.view_args['user_id'])
         profile_breadcrumb = _('Profile of {name}').format(
             name=user.full_name)
     else:
         profile_breadcrumb = _('My Profile')
     return render_breadcrumbs(profile_breadcrumb)
예제 #5
0
 def _process(self):
     user = User.get(int(request.view_args['fav_user_id']))
     self.user.favorite_users.discard(user)
     try:
         db.session.flush()
     except StaleDataError:
         # Deleted in another transaction
         db.session.rollback()
     return jsonify(success=True)
예제 #6
0
 def export_user(self, user):
     if not user:
         raise HTTPAPIError('You need to be logged in', 403)
     user = User.get(self._user_id, is_deleted=False)
     if not user:
         raise HTTPAPIError('Requested user not found', 404)
     if not user.can_be_modified(user):
         raise HTTPAPIError('You do not have access to that info', 403)
     return [user.as_avatar.fossilize()]
    def get_form_defaults(self):
        email = session.get('register_verified_email')
        existing_user_id = session.get('register_pending_user')
        existing_user = User.get(existing_user_id) if existing_user_id else None
        data = {'email': email}

        if existing_user:
            data.update(first_name=existing_user.first_name,
                        last_name=existing_user.last_name,
                        affiliation=existing_user.affiliation)

        return FormDefaults(**data)
 def _process_args(self):
     self.identity_info = load_identity_info()
     if not self.identity_info or self.identity_info['fossir_user_id'] is None:
         # Just redirect to the front page or whereever we wanted to go.
         # Probably someone simply used his browser's back button.
         flash('There is no pending login.', 'warning')
         return multipass.redirect_success()
     self.user = User.get(self.identity_info['fossir_user_id'])
     self.emails = sorted(self.user.all_emails & set(self.identity_info['data'].getlist('email')))
     self.verification_email_sent = self.identity_info.get('verification_email_sent', False)
     self.email_verified = self.identity_info['email_verified']
     self.must_choose_email = len(self.emails) != 1 and not self.email_verified
예제 #9
0
    def _make_idref(self, column, value, incoming=False, target_column=None):
        """Generate a ID reference.

        When generating an incoming ID reference, `column` must be a PK
        and point to the column that is referenced by FKs.  In this case
        the `value` is ignored since it will be auto-generated by the db
        when the new row is isnerted.

        Otherwise, exactly one of `column` or `target_column` must be set.
        `column` is the column in the current table that has a FK referencing
        some other column.
        `target_column` is already the column that is referenced by a FK
        in the current table.
        """
        assert (column is None) != (target_column is None)

        if value is None:
            return None

        if incoming:
            assert column.primary_key
            assert target_column is None
            fullname = '{}.{}'.format(column.table.fullname, column.name)
            type_ = 'idref_set'
        else:
            if target_column is not None:
                fullname = '{}.{}'.format(target_column.table.fullname,
                                          target_column.name)
            else:
                fk = _get_single_fk(column)
                fullname = fk.target_fullname
                target_column = fk.column
            if target_column is User.__table__.c.id and value is not None:
                type_ = 'userref'
            else:
                type_ = 'idref'
        uuid = self.id_map[fullname].setdefault(value, self._get_uuid())
        if type_ == 'userref' and uuid not in self.users:
            user = User.get(value)
            self.users[uuid] = None if user.is_system else {
                'first_name': user.first_name,
                'last_name': user.last_name,
                'title': user._title,
                'affiliation': user.affiliation,
                'phone': user.phone,
                'address': user.address,
                'email': user.email,
                'all_emails': list(user.all_emails)
            }
        return type_, uuid
예제 #10
0
def grant_admin(user_id):
    """Grants administration rights to a given user"""
    user = User.get(user_id)
    if user is None:
        print(cformat("%{red}This user does not exist"))
        return
    _print_user_info(user)
    if user.is_admin:
        print(cformat("%{yellow}This user already has administration rights"))
        return
    if click.confirm(
            cformat("%{yellow}Grant administration rights to this user?")):
        user.is_admin = True
        db.session.commit()
        print(cformat("%{green}Administration rights granted successfully"))
예제 #11
0
def revoke_admin(user_id):
    """Revokes administration rights from a given user"""
    user = User.get(user_id)
    if user is None:
        print(cformat("%{red}This user does not exist"))
        return
    _print_user_info(user)
    if not user.is_admin:
        print(
            cformat("%{yellow}This user does not have administration rights"))
        return
    if click.confirm(
            cformat("%{yellow}Revoke administration rights from this user?")):
        user.is_admin = False
        db.session.commit()
        print(cformat("%{green}Administration rights revoked successfully"))
예제 #12
0
 def user(self):
     user_id = self.get('_user_id')
     user = User.get(user_id) if user_id is not None else None
     if user and user.is_deleted:
         merged_into_user = user.merged_into_user
         user = None
         # If the user is deleted and the request is likely to be seen by
         # the user, we forcefully log him out and inform him about it.
         if not request.is_xhr and request.blueprint != 'assets':
             self.clear()
             if merged_into_user:
                 msg = _(
                     'Your profile has been merged into <strong>{}</strong>. Please log in using that profile.'
                 )
                 flash(
                     Markup(msg).format(merged_into_user.full_name),
                     'warning')
             else:
                 flash(_('Your profile has been deleted.'), 'error')
     return user
예제 #13
0
 def _validate(self, data):
     if not data:
         flash(_('The verification token is invalid or expired.'), 'error')
         return False, None
     user = User.get(data['user_id'])
     if not user or user != self.user:
         flash(
             _('This token is for a different fossir user. Please login with the correct account'
               ), 'error')
         return False, None
     existing = UserEmail.find_first(is_user_deleted=False,
                                     email=data['email'])
     if existing and not existing.user.is_pending:
         if existing.user == self.user:
             flash(
                 _('This email address is already attached to your account.'
                   ))
         else:
             flash(
                 _('This email address is already in use by another account.'
                   ), 'error')
         return False, existing.user
     return True, existing.user if existing else None
예제 #14
0
 def _create_user(id_,
                  first_name=u'Guinea',
                  last_name=u'Pig',
                  rb_admin=False,
                  admin=False,
                  email=None,
                  groups=None,
                  legacy=False):
     user = User.get(id_)
     if user:
         return user.as_avatar if legacy else user
     user = User()
     user.id = id_
     user.first_name = first_name
     user.last_name = last_name
     user.email = email or u'{}@example.com'.format(id_)
     user.is_admin = admin
     user.local_groups = {g.group for g in (groups or ())}
     db.session.add(user)
     db.session.flush()
     if rb_admin:
         rb_settings.acls.add_principal('admin_principals', user)
     db.session.flush()
     return user.as_avatar if legacy else user
예제 #15
0
def principal_from_fossil(fossil,
                          allow_pending=False,
                          allow_groups=True,
                          allow_missing_groups=False,
                          allow_emails=False,
                          allow_networks=False,
                          existing_data=None):
    from fossir.modules.networks.models.networks import IPNetworkGroup
    from fossir.modules.groups import GroupProxy
    from fossir.modules.users import User

    if existing_data is None:
        existing_data = set()

    type_ = fossil['_type']
    id_ = fossil['id']
    if type_ == 'Avatar':
        if isinstance(id_, int) or id_.isdigit():
            # regular user
            user = User.get(int(id_))
        elif allow_pending:
            data = GenericCache('pending_identities').get(id_)
            if not data:
                raise ValueError("Cannot find user '{}' in cache".format(id_))

            data = {k: '' if v is None else v for k, v in data.items()}
            email = data['email'].lower()

            # check if there is not already a (pending) user with that e-mail
            # we need to check for non-pending users too since the search may
            # show a user from external results even though the email belongs
            # to an fossir account in case some of the search criteria did not
            # match the fossir account
            user = User.find_first(User.all_emails.contains(email),
                                   ~User.is_deleted)
            if not user:
                user = User(first_name=data.get('first_name') or '',
                            last_name=data.get('last_name') or '',
                            email=email,
                            address=data.get('address', ''),
                            phone=data.get('phone', ''),
                            affiliation=data.get('affiliation', ''),
                            is_pending=True)
                db.session.add(user)
                db.session.flush()
        else:
            raise ValueError(
                "Id '{}' is not a number and allow_pending=False".format(id_))
        if user is None:
            raise ValueError('User does not exist: {}'.format(id_))
        return user
    elif allow_emails and type_ == 'Email':
        return EmailPrincipal(id_)
    elif allow_networks and type_ == 'IPNetworkGroup':
        group = IPNetworkGroup.get(int(id_))
        if group is None or (group.hidden and group not in existing_data):
            raise ValueError('IP network group does not exist: {}'.format(id_))
        return group
    elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
        group = GroupProxy(int(id_))
        if group.group is None:
            raise ValueError('Local group does not exist: {}'.format(id_))
        return group
    elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
        provider = fossil['provider']
        group = GroupProxy(id_, provider)
        if group.group is None and not allow_missing_groups:
            raise ValueError('Multipass group does not exist: {}:{}'.format(
                provider, id_))
        return group
    else:
        raise ValueError('Unexpected fossil type: {}'.format(type_))
예제 #16
0
 def _process(self):
     self.group.members.discard(User.get(request.view_args['user_id']))
     return jsonify(success=True)