def _process_args(self):
if not session.user:
return
self.user = session.user
if 'user_id' in request.view_args:
self.user = User.get(request.view_args['user_id'])
if self.user is None:
raise NotFound('This user does not exist')
elif request.method == 'GET' and not request.is_xhr and self.flash_user_status:
# Show messages about the user's status if it's a simple GET request
if self.user.is_deleted:
if self.user.merged_into_id is not None:
msg = _(
'This user has been merged into <a href="{url}">another user</a>.'
)
flash(
Markup(msg).format(url=url_for(
request.endpoint, self.user.merged_into_user)),
'warning')
else:
flash(_('This user is marked as deleted.'), 'warning')
if self.user.is_pending:
flash(
_('This user is marked as pending, i.e. it has been attached to something but never '
'logged in.'), 'warning')
if not self.allow_system_user and self.user.is_system:
return redirect(url_for('users.user_profile'))
def _original_user(self):
# A proper user, with an id that can be mapped directly to sqlalchemy
if isinstance(self.id, int) or self.id.isdigit():
return User.get(int(self.id))
# A user who had no real fossir account but an ldap identifier/email.
# In this case we try to find his real user and replace the ID of this object
# with that user's ID.
data = self.id.split(':')
# TODO: Once everything is in SQLAlchemy this whole thing needs to go away!
user = None
if data[0] == 'LDAP':
identifier = data[1]
email = data[2]
# You better have only one ldap provider or at least different identifiers ;)
identity = Identity.find_first(Identity.provider != 'fossir',
Identity.identifier == identifier)
if identity:
user = identity.user
elif data[0] == 'Nice':
email = data[1]
else:
return None
if not user:
user = User.find_first(User.all_emails.contains(email))
if user:
self._old_id = self.id
self.id = str(user.id)
logger.info("Updated legacy user id (%s => %s)", self._old_id,
self.id)
return user
def _process(self):
users = [User.get(int(id_)) for id_ in request.form.getlist('user_id')]
self.user.favorite_users |= set(filter(None, users))
tpl = get_template_module('users/_favorites.html')
return jsonify(success=True,
users=[serialize_user(user) for user in users],
html=tpl.favorite_users_list(self.user))
def _get_breadcrumbs(self):
if 'user_id' in request.view_args:
user = User.get(request.view_args['user_id'])
profile_breadcrumb = _('Profile of {name}').format(
name=user.full_name)
else:
profile_breadcrumb = _('My Profile')
return render_breadcrumbs(profile_breadcrumb)
def _process(self):
user = User.get(int(request.view_args['fav_user_id']))
self.user.favorite_users.discard(user)
try:
db.session.flush()
except StaleDataError:
# Deleted in another transaction
db.session.rollback()
return jsonify(success=True)
def export_user(self, user):
if not user:
raise HTTPAPIError('You need to be logged in', 403)
user = User.get(self._user_id, is_deleted=False)
if not user:
raise HTTPAPIError('Requested user not found', 404)
if not user.can_be_modified(user):
raise HTTPAPIError('You do not have access to that info', 403)
return [user.as_avatar.fossilize()]
def get_form_defaults(self):
email = session.get('register_verified_email')
existing_user_id = session.get('register_pending_user')
existing_user = User.get(existing_user_id) if existing_user_id else None
data = {'email': email}
if existing_user:
data.update(first_name=existing_user.first_name,
last_name=existing_user.last_name,
affiliation=existing_user.affiliation)
return FormDefaults(**data)
def _process_args(self):
self.identity_info = load_identity_info()
if not self.identity_info or self.identity_info['fossir_user_id'] is None:
# Just redirect to the front page or whereever we wanted to go.
# Probably someone simply used his browser's back button.
flash('There is no pending login.', 'warning')
return multipass.redirect_success()
self.user = User.get(self.identity_info['fossir_user_id'])
self.emails = sorted(self.user.all_emails & set(self.identity_info['data'].getlist('email')))
self.verification_email_sent = self.identity_info.get('verification_email_sent', False)
self.email_verified = self.identity_info['email_verified']
self.must_choose_email = len(self.emails) != 1 and not self.email_verified
def _make_idref(self, column, value, incoming=False, target_column=None):
"""Generate a ID reference.
When generating an incoming ID reference, `column` must be a PK
and point to the column that is referenced by FKs. In this case
the `value` is ignored since it will be auto-generated by the db
when the new row is isnerted.
Otherwise, exactly one of `column` or `target_column` must be set.
`column` is the column in the current table that has a FK referencing
some other column.
`target_column` is already the column that is referenced by a FK
in the current table.
"""
assert (column is None) != (target_column is None)
if value is None:
return None
if incoming:
assert column.primary_key
assert target_column is None
fullname = '{}.{}'.format(column.table.fullname, column.name)
type_ = 'idref_set'
else:
if target_column is not None:
fullname = '{}.{}'.format(target_column.table.fullname,
target_column.name)
else:
fk = _get_single_fk(column)
fullname = fk.target_fullname
target_column = fk.column
if target_column is User.__table__.c.id and value is not None:
type_ = 'userref'
else:
type_ = 'idref'
uuid = self.id_map[fullname].setdefault(value, self._get_uuid())
if type_ == 'userref' and uuid not in self.users:
user = User.get(value)
self.users[uuid] = None if user.is_system else {
'first_name': user.first_name,
'last_name': user.last_name,
'title': user._title,
'affiliation': user.affiliation,
'phone': user.phone,
'address': user.address,
'email': user.email,
'all_emails': list(user.all_emails)
}
return type_, uuid
def grant_admin(user_id):
"""Grants administration rights to a given user"""
user = User.get(user_id)
if user is None:
print(cformat("%{red}This user does not exist"))
return
_print_user_info(user)
if user.is_admin:
print(cformat("%{yellow}This user already has administration rights"))
return
if click.confirm(
cformat("%{yellow}Grant administration rights to this user?")):
user.is_admin = True
db.session.commit()
print(cformat("%{green}Administration rights granted successfully"))
def revoke_admin(user_id):
"""Revokes administration rights from a given user"""
user = User.get(user_id)
if user is None:
print(cformat("%{red}This user does not exist"))
return
_print_user_info(user)
if not user.is_admin:
print(
cformat("%{yellow}This user does not have administration rights"))
return
if click.confirm(
cformat("%{yellow}Revoke administration rights from this user?")):
user.is_admin = False
db.session.commit()
print(cformat("%{green}Administration rights revoked successfully"))
def user(self):
user_id = self.get('_user_id')
user = User.get(user_id) if user_id is not None else None
if user and user.is_deleted:
merged_into_user = user.merged_into_user
user = None
# If the user is deleted and the request is likely to be seen by
# the user, we forcefully log him out and inform him about it.
if not request.is_xhr and request.blueprint != 'assets':
self.clear()
if merged_into_user:
msg = _(
'Your profile has been merged into <strong>{}</strong>. Please log in using that profile.'
)
flash(
Markup(msg).format(merged_into_user.full_name),
'warning')
else:
flash(_('Your profile has been deleted.'), 'error')
return user
def _validate(self, data):
if not data:
flash(_('The verification token is invalid or expired.'), 'error')
return False, None
user = User.get(data['user_id'])
if not user or user != self.user:
flash(
_('This token is for a different fossir user. Please login with the correct account'
), 'error')
return False, None
existing = UserEmail.find_first(is_user_deleted=False,
email=data['email'])
if existing and not existing.user.is_pending:
if existing.user == self.user:
flash(
_('This email address is already attached to your account.'
))
else:
flash(
_('This email address is already in use by another account.'
), 'error')
return False, existing.user
return True, existing.user if existing else None
def _create_user(id_,
first_name=u'Guinea',
last_name=u'Pig',
rb_admin=False,
admin=False,
email=None,
groups=None,
legacy=False):
user = User.get(id_)
if user:
return user.as_avatar if legacy else user
user = User()
user.id = id_
user.first_name = first_name
user.last_name = last_name
user.email = email or u'{}@example.com'.format(id_)
user.is_admin = admin
user.local_groups = {g.group for g in (groups or ())}
db.session.add(user)
db.session.flush()
if rb_admin:
rb_settings.acls.add_principal('admin_principals', user)
db.session.flush()
return user.as_avatar if legacy else user
def principal_from_fossil(fossil,
allow_pending=False,
allow_groups=True,
allow_missing_groups=False,
allow_emails=False,
allow_networks=False,
existing_data=None):
from fossir.modules.networks.models.networks import IPNetworkGroup
from fossir.modules.groups import GroupProxy
from fossir.modules.users import User
if existing_data is None:
existing_data = set()
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for k, v in data.items()}
email = data['email'].lower()
# check if there is not already a (pending) user with that e-mail
# we need to check for non-pending users too since the search may
# show a user from external results even though the email belongs
# to an fossir account in case some of the search criteria did not
# match the fossir account
user = User.find_first(User.all_emails.contains(email),
~User.is_deleted)
if not user:
user = User(first_name=data.get('first_name') or '',
last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''),
phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''),
is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError(
"Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_networks and type_ == 'IPNetworkGroup':
group = IPNetworkGroup.get(int(id_))
if group is None or (group.hidden and group not in existing_data):
raise ValueError('IP network group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(
provider, id_))
return group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def _process(self):
self.group.members.discard(User.get(request.view_args['user_id']))
return jsonify(success=True)