def reference_outline_view(context, request):
# Look for moveUp or moveDown in QUERY_STRING, telling us to
# reorder something
status_message = None
subpath = request.params.get('subpath')
backto = {
'href': resource_url(context.__parent__, request),
'title': context.__parent__.title,
}
user_can_edit = False
actions = []
if has_permission('create', context, request):
addables = get_folder_addables(context, request)
if addables is not None:
actions.extend(addables())
if has_permission('edit', context, request):
user_can_edit = True
actions.append(('Edit', 'edit.html'))
if subpath:
direction = request.params['direction']
status_message = move_subpath(context, subpath, direction)
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
if has_permission('administer', context, request):
actions.append(('Advanced', 'advanced.html'))
page_title = context.title
api = TemplateAPI(context, request, page_title)
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider()
# provide client data for rendering current tags in the tagbox
client_json_data = dict(
tagbox=get_tags_client_data(context, request),
)
previous, next = get_previous_next(context, request)
api.status_message = status_message
return render_to_response(
'templates/show_referencemanual.pt',
dict(api=api,
actions=actions,
user_can_edit=user_can_edit,
head_data=convert_to_script(client_json_data),
tree=getTree(context, request, api),
backto=backto,
layout=layout,
previous_entry=previous,
next_entry=next),
request=request,
)
def __call__(self):
if self.request.params.get('form.submitted', None) is not None:
resp = self.login()
if resp:
# if this returned with something, we deal with it
return resp
# Log in user seamlessly with kerberos if enabled
try_kerberos = self.request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_config_setting('kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(self.request)
if userid:
return remember_login(self.context, self.request, userid, None)
# Break infinite loop if kerberos authorization fails
if (self.request.authorization
and self.request.authorization[0] == 'Negotiate'):
try_kerberos = False
page_title = 'Login to %s' % get_setting(self.context, 'title')
api = TemplateAPI(self.context, self.request, page_title)
sso_providers = []
sso = self.settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = self.settings.get('sso.%s.provider' % name)
title = self.settings.get('sso.%s.title' % name)
sso_providers.append({
'title': title,
'name': name,
'url': login_url(self.request, provider)
})
api.status_message = self.request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(api=api,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
came_from=self.request.params.get('came_from', ''),
app_url=self.request.application_url),
request=self.request)
forget_headers = forget(self.request)
response.headers.extend(forget_headers)
return response
def reference_outline_view(context, request):
# Look for moveUp or moveDown in QUERY_STRING, telling us to
# reorder something
status_message = None
subpath = request.params.get('subpath')
backto = {
'href': resource_url(context.__parent__, request),
'title': context.__parent__.title,
}
user_can_edit = False
actions = []
if has_permission('create', context, request):
addables = get_folder_addables(context, request)
if addables is not None:
actions.extend(addables())
if has_permission('edit', context, request):
user_can_edit = True
actions.append(('Edit', 'edit.html'))
if subpath:
direction = request.params['direction']
status_message = move_subpath(context, subpath, direction)
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
if has_permission('administer', context, request):
actions.append(('Advanced', 'advanced.html'))
page_title = context.title
api = TemplateAPI(context, request, page_title)
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider()
# provide client data for rendering current tags in the tagbox
client_json_data = dict(tagbox=get_tags_client_data(context, request), )
previous, next = get_previous_next(context, request)
api.status_message = status_message
return render_to_response(
'templates/show_referencemanual.pt',
dict(api=api,
actions=actions,
user_can_edit=user_can_edit,
head_data=convert_to_script(client_json_data),
tree=getTree(context, request, api),
backto=backto,
layout=layout,
previous_entry=previous,
next_entry=next),
request=request,
)
def admin_contents_moveup_view(context, request):
api = TemplateAPI(context, request, 'Contents')
name = request.GET['name']
order = context.order
n = order.index(name)
if n == 0:
api.status_message = 'Already at top of list'
else:
order[n], order[n-1] = order[n-1], order[n]
context.order = order
return HTTPFound(location=resource_url(context, request, 'admin.html'))
def admin_contents_movedown_view(context, request):
api = TemplateAPI(context, request, 'Contents')
name = request.GET['name']
order = list(context.order) # in case it is raw OOBTreeItems
n = order.index(name)
if n + 1 == len(order):
api.status_message = 'Already at bottom of list'
else:
order[n], order[n + 1] = order[n + 1], order[n]
context.order = order
return HTTPFound(location=resource_url(context, request, 'admin.html'))
def admin_contents_movedown_view(context, request):
api = TemplateAPI(context, request, 'Contents')
name = request.GET['name']
order = list(context.order) # in case it is raw OOBTreeItems
n = order.index(name)
if n+1 == len(order):
api.status_message = 'Already at bottom of list'
else:
order[n], order[n+1] = order[n+1], order[n]
context.order = order
return HTTPFound(location=resource_url(context, request, 'admin.html'))
def admin_contents_moveup_view(context, request):
api = TemplateAPI(context, request, 'Contents')
name = request.GET['name']
order = context.order
n = order.index(name)
if n == 0:
api.status_message = 'Already at top of list'
else:
order[n], order[n - 1] = order[n - 1], order[n]
context.order = order
return HTTPFound(location=resource_url(context, request, 'admin.html'))
def __call__(self):
if self.request.params.get('form.submitted', None) is not None:
resp = self.login()
if resp:
# if this returned with something, we deal with it
return resp
# Log in user seamlessly with kerberos if enabled
try_kerberos = self.request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_config_setting('kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(self.request)
if userid:
return remember_login(self.context, self.request, userid, None)
# Break infinite loop if kerberos authorization fails
if (self.request.authorization and
self.request.authorization[0] == 'Negotiate'):
try_kerberos = False
page_title = 'Login to %s' % get_setting(self.context, 'title')
api = TemplateAPI(self.context, self.request, page_title)
sso_providers = []
sso = self.settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = self.settings.get('sso.%s.provider' % name)
title = self.settings.get('sso.%s.title' % name)
sso_providers.append({'title': title, 'name': name,
'url': login_url(self.request, provider)})
api.status_message = self.request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(
api=api,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
came_from=self.request.params.get('came_from', ''),
app_url=self.request.application_url),
request=self.request)
forget_headers = forget(self.request)
response.headers.extend(forget_headers)
return response
def admin_contents_moveup_view(context, request):
peopledir = find_peopledirectory(context)
api = TemplateAPI(context, request, "Contents")
name = request.GET["name"]
order = context.order
n = order.index(name)
if n == 0:
api.status_message = "Already at top of list"
else:
order[n], order[n - 1] = order[n - 1], order[n]
context.order = order
return HTTPFound(location=resource_url(context, request, "admin.html"))
def admin_contents_movedown_view(context, request):
peopledir = find_peopledirectory(context)
api = TemplateAPI(context, request, 'Contents')
name = request.GET['name']
order = context.order
n = order.index(name)
if n+1 == len(order):
api.status_message = 'Already at bottom of list'
else:
order[n], order[n+1] = order[n+1], order[n]
context.order = order
return HTTPFound(location=model_url(context, request, 'admin.html'))
def admin_contents(context, request):
peopledir = find_peopledirectory(context)
api = TemplateAPI(context, request, "Contents")
if "form.delete" in request.POST:
if "selected" not in request.POST:
api.status_message = "Please select a value"
else:
selected = request.POST["selected"]
if isinstance(selected, basestring):
selected = [selected]
for name in selected:
del context[name]
return HTTPFound(location=resource_url(context, request, "admin.html"))
actions = get_admin_actions(context, request)
del actions[0] # Get rid of "Edit" action--doesn't make sense here.
actions += get_actions(context, request)
return dict(api=api, peopledir=peopledir, actions=actions, has_categories=peopledir is context)
def admin_contents(context, request):
peopledir = find_peopledirectory(context)
api = TemplateAPI(context, request, 'Contents')
if 'form.delete' in request.POST:
if 'selected' not in request.POST:
api.status_message = 'Please select a value'
else:
for name in request.POST.getall('selected'):
del context[name]
return HTTPFound(
location=resource_url(context, request, 'admin.html'))
actions = get_admin_actions(context, request)
del actions[0] # Get rid of "Edit" action--doesn't make sense here.
actions += get_actions(context, request)
return dict(
api=api,
peopledir=peopledir,
actions=actions,
has_categories=peopledir is context,
)
def admin_contents(context, request):
peopledir = find_peopledirectory(context)
api = TemplateAPI(context, request, 'Contents')
if 'form.delete' in request.POST:
if 'selected' not in request.POST:
api.status_message = 'Please select a value'
else:
for name in request.POST.getall('selected'):
del context[name]
return HTTPFound(location=resource_url(context, request,
'admin.html')
)
actions = get_admin_actions(context, request)
del actions[0] # Get rid of "Edit" action--doesn't make sense here.
actions += get_actions(context, request)
return dict(api=api,
peopledir=peopledir,
actions=actions,
has_categories=peopledir is context,
)
def login_view(context, request):
settings = request.registry.settings
came_from = request.session.get('came_from', request.url)
came_from = _fixup_came_from(request, came_from)
request.session['came_from'] = came_from
if request.params.get('form.submitted', None) is not None:
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html'
% request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator, impersonate_authenticator):
userid = authenticate(users, login, password)
if userid:
break
# if not successful, try again
if not userid:
redirect = request.resource_url(
request.root, 'login.html', query={'reason': reason})
return HTTPFound(location=redirect)
# else, remember
return remember_login(context, request, userid, max_age)
# Log in user seamlessly with kerberos if enabled
try_kerberos = request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_setting(context, 'kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(request)
if userid:
return remember_login(context, request, userid, None)
# Break infinite loop if kerberos authorization fails
if request.authorization and request.authorization[0] == 'Negotiate':
try_kerberos = False
page_title = 'Login to %s' % settings.get('system_name', 'KARL') # Per #366377, don't say what screen
api = TemplateAPI(context, request, page_title)
sso_providers = []
sso = settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = settings.get('sso.%s.provider' % name)
title = settings.get('sso.%s.title' % name)
sso_providers.append({'title': title, 'name': name,
'url': login_url(request, provider)})
api.status_message = request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(
api=api,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
def login_view(context, request):
plugins = request.environ.get('repoze.who.plugins', {})
auth_tkt = plugins.get('auth_tkt')
came_from = _fixup_came_from(request, request.POST.get('came_from'))
if request.params.get('form.submitted', None) is not None:
challenge_qs = {'came_from': came_from}
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html'
% request.application_url)
credentials = {'login': login, 'password': password}
max_age = request.POST.get('max_age')
if max_age is not None:
credentials['max_age'] = int(max_age)
# authenticate
authenticators = filter(None,
[plugins.get(name)
for name in ['zodb', 'zodb_impersonate']])
userid = None
if authenticators:
reason = 'Bad username or password'
else:
reason = 'No authenticatable users'
for plugin in authenticators:
userid = plugin.authenticate(request.environ, credentials)
if userid:
break
# if not successful, try again
if not userid:
challenge_qs['reason'] = reason
return HTTPFound(location='%s/login.html?%s'
% (request.application_url,
urlencode(challenge_qs, doseq=True)))
# else, remember
credentials['repoze.who.userid'] = userid
if auth_tkt is not None:
remember_headers = auth_tkt.remember(request.environ, credentials)
else:
remember_headers = []
# log the time on the user's profile, unless in read only mode
read_only = get_setting(context, 'read_only', False)
if not read_only:
profiles = find_profiles(context)
if profiles is not None:
profile = profiles.get(userid)
if profile is not None:
profile.last_login_time = datetime.utcnow()
# and redirect
return HTTPFound(headers=remember_headers, location=came_from)
page_title = '' # Per #366377, don't say what screen
api = TemplateAPI(context, request, page_title)
came_from = _fixup_came_from(request,
request.params.get('came_from', request.url))
api.status_message = request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(api=api,
came_from=came_from,
nothing='',
app_url=request.application_url),
request=request,
)
if auth_tkt is not None:
forget_headers = auth_tkt.forget(request.environ, {})
response.headers.extend(forget_headers)
return response
def login_view(context, request):
settings = request.registry.settings
came_from = request.session.get('came_from', request.url)
if 'login.html' in came_from or 'logout.html' in came_from:
came_from = request.application_url
request.session['came_from'] = came_from
submitted = request.params.get('form.submitted', None)
if submitted:
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html' %
request.application_url)
max_retries = request.registry.settings.get('max_login_retries', 8)
left = context.login_tries.get(login, max_retries)
left = left - 1
users = find_users(context)
user = users.get_by_login(login)
profiles = find_profiles(context)
profile = profiles.get(user['id']) if user else None
# max tries almost reached, send email warning
if left == 2 and profile is not None:
reset_url = request.resource_url(profile, 'change_password.html')
mail = Message()
system_name = settings.get('system_name', 'KARL')
admin_email = settings.get('admin_email')
mail["From"] = "%s Administrator <%s>" % (system_name, admin_email)
mail["To"] = "%s <%s>" % (profile.title, profile.email)
mail["Subject"] = "Too many failed logins to %s" % system_name
body = render(
"templates/email_locked_warning.pt",
dict(login=login, reset_url=reset_url,
system_name=system_name),
request=request,
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [profile.email]
mailer = getUtility(IMailDelivery)
mailer.send(recipients, mail)
# if max tries reached, send password reset and lock
if left < 1:
log_failed_login(request, login)
# only send email the first time
if profile is not None and left == 0:
context.login_tries[login] = -1
request_password_reset(user, profile, request)
page_title = 'Access to %s is locked' % settings.get(
'system_name', 'KARL')
api = TemplateAPI(context, request, page_title)
response = render_to_response('templates/locked.pt',
dict(
api=api,
app_url=request.application_url),
request=request)
return response
# authenticate
reason = 'Bad username or password.'
try:
userid = _authenticate(context, login, password)
except TypeError:
userid = None
# if not successful, try again
if not userid:
log_failed_login(request, login)
reason = "%s You have %d attempts left." % (reason, left)
context.login_tries[login] = left
redirect = request.resource_url(request.root,
'login.html',
query={'reason': reason})
return HTTPFound(location=redirect)
# all ok, remember
context.login_tries[login] = max_retries
return login_user(request, profile, login, userid)
page_title = 'Login to %s' % settings.get(
'system_name', 'KARL') # Per #366377, don't say what screen
api = TemplateAPI(context, request, page_title)
status_message = request.params.get('reason', None)
if status_message != '@@@one-session-only@@@':
api.status_message = status_message
status_message = None
response = render_to_response('templates/login.pt',
dict(api=api,
status_message=status_message,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
def login_view(context, request):
settings = request.registry.settings
request.layout_manager.use_layout('anonymous')
came_from = _fixup_came_from(request, request.POST.get('came_from'))
if request.params.get('form.submitted', None) is not None:
challenge_qs = {'came_from': came_from}
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html' %
request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator,
impersonate_authenticator):
userid = authenticate(users, login, password)
if userid:
break
# if not successful, try again
if not userid:
challenge_qs['reason'] = reason
return HTTPFound(
location='%s/login.html?%s' %
(request.application_url, urlencode(challenge_qs, doseq=True)))
# else, remember
return remember_login(context, request, userid, max_age, came_from)
# Log in user seamlessly with kerberos if enabled
try_kerberos = request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_setting(context, 'kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(request)
if userid:
return remember_login(context, request, userid, None, came_from)
# Break infinite loop if kerberos authorization fails
if request.authorization and request.authorization[0] == 'Negotiate':
try_kerberos = False
page_title = 'Login to %s' % settings.get(
'system_name', 'KARL') # Per #366377, don't say what screen
layout = request.layout_manager.layout
layout.page_title = page_title
api = TemplateAPI(context, request, page_title)
came_from = _fixup_came_from(request,
request.params.get('came_from', request.url))
request.session['came_from'] = came_from
sso_providers = []
sso = settings.get('sso')
if sso:
# importing here rather than in global scope allows to only require
# velruse be installed for systems using it.
from velruse import login_url
for name in sso.split():
provider = settings.get('sso.%s.provider' % name)
title = settings.get('sso.%s.title' % name)
sso_providers.append({
'title': title,
'name': name,
'url': login_url(request, provider)
})
api.status_message = request.params.get('reason', None)
response = render_to_response('templates/login.pt',
dict(api=api,
came_from=came_from,
nothing='',
try_kerberos=try_kerberos,
sso_providers=sso_providers,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
def login_view(context, request):
settings = request.registry.settings
came_from = request.session.get('came_from', request.url)
came_from = _fixup_came_from(request, came_from)
request.session['came_from'] = came_from
submitted = request.params.get('form.submitted', None)
if submitted:
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html'
% request.application_url)
max_age = request.registry.settings.get('login_cookie_max_age', '36000')
max_age = int(max_age)
max_retries = request.registry.settings.get('max_login_retries', 8)
left = context.login_tries.get(login, max_retries)
left = left - 1
profiles = find_profiles(context)
profile = profiles.get(login)
# max tries almost reached, send email warning
if left == 2 and profile is not None:
reset_url = request.resource_url(profile, 'change_password.html')
mail = Message()
system_name = settings.get('system_name', 'KARL')
admin_email = settings.get('admin_email')
mail["From"] = "%s Administrator <%s>" % (system_name, admin_email)
mail["To"] = "%s <%s>" % (profile.title, profile.email)
mail["Subject"] = "Too many failed logins to %s" % system_name
body = render(
"templates/email_locked_warning.pt",
dict(login=login,
reset_url=reset_url,
system_name=system_name),
request=request,
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [profile.email]
mailer = getUtility(IMailDelivery)
mailer.send(recipients, mail)
# if max tries reached, send password reset and lock
if left < 1:
# only send email the first time
if profile is not None and left == 0:
context.login_tries[login] = -1
users = find_users(context)
user = users.get_by_id(login)
request_password_reset(user, profile, request)
page_title = 'Access to %s is locked' % settings.get('system_name', 'KARL')
api = TemplateAPI(context, request, page_title)
response = render_to_response(
'templates/locked.pt',
dict(
api=api,
app_url=request.application_url),
request=request)
return response
# authenticate
reason = 'Bad username or password.'
userid = _authenticate(context, login, password)
# if not successful, try again
if not userid:
reason = "%s You have %d attempts left." % (reason, left)
context.login_tries[login] = left
redirect = request.resource_url(
request.root, 'login.html', query={'reason': reason})
return HTTPFound(location=redirect)
device_cookie_name = request.registry.settings.get('device_cookie',
'CxR61DzG3P0Ae1')
# all ok, remember
admin_only = asbool(request.registry.settings.get('admin_only', ''))
admins = aslist(request.registry.settings.get('admin_userids', ''))
if not admin_only or userid in admins:
context.login_tries[login] = max_retries
response = remember_login(context, request, userid, max_age)
# have we logged in from this computer & browser before?
active_device = request.cookies.get(device_cookie_name, None)
if active_device is None:
# if not, send email
reset_url = request.resource_url(profile, 'change_password.html')
mail = Message()
system_name = settings.get('system_name', 'KARL')
admin_email = settings.get('admin_email')
mail["From"] = "%s Administrator <%s>" % (system_name, admin_email)
mail["To"] = "%s <%s>" % (profile.title, profile.email)
mail["Subject"] = "New %s Login Notification" % system_name
# TODO Carlos needs to come back and get this working
# https://bugs.launchpad.net/karl4/+bug/1648569/comments/10
# user_agent = user_agents.parse(request.user_agent)
body = render(
"templates/email_suspicious_login.pt",
dict(login=login,
reset_url=reset_url,
device_info=request.user_agent),
request=request,
)
if isinstance(body, unicode):
body = body.encode("UTF-8")
mail.set_payload(body, "UTF-8")
mail.set_type("text/html")
recipients = [profile.email]
mailer = getUtility(IMailDelivery)
mailer.send(recipients, mail)
# set cookie to avoid further notifications for this device
active_device = ''.join(random.choice(string.ascii_uppercase +
string.digits) for _ in range(16))
response.set_cookie(device_cookie_name, active_device,
max_age=315360000)
profile.active_device = active_device
request.session['logout_reason'] = None
return response
else:
return site_down_view(context, request)
page_title = 'Login to %s' % settings.get('system_name', 'KARL') # Per #366377, don't say what screen
api = TemplateAPI(context, request, page_title)
status_message = request.params.get('reason', None)
if status_message != '@@@one-session-only@@@':
api.status_message = status_message
status_message = None
response = render_to_response(
'templates/login.pt',
dict(
api=api,
status_message = status_message,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
def show_referencemanual_view(context, request):
# Look for moveUp or moveDown in QUERY_STRING, telling us to
# reorder something
status_message = None
sectionUp = request.params.get('sectionUp', False)
if sectionUp:
section = context.get(sectionUp)
context.ordering.moveUp(sectionUp)
status_message = 'Moved section <em>%s</em> up' % section.title
else:
sectionDown = request.params.get('sectionDown', False)
if sectionDown:
section = context.get(sectionDown)
context.ordering.moveDown(sectionDown)
status_message = 'Moved section <em>%s</em> down' % section.title
else:
itemUp = request.params.get('itemUp', False)
if itemUp:
section = context.get(request.params.get('section'))
section.ordering.moveUp(itemUp)
title = section.get(itemUp).title
status_message = 'Moved item <em>%s</em> up' % title
else:
itemDown = request.params.get('itemDown', False)
if itemDown:
section = context.get(request.params.get('section'))
section.ordering.moveDown(itemDown)
title = section.get(itemDown).title
status_message = 'Moved item <em>%s</em> down' % title
backto = {
'href': model_url(context.__parent__, request),
'title': context.__parent__.title,
}
actions = []
if has_permission('create', context, request):
addables = get_folder_addables(context, request)
if addables is not None:
actions.extend(addables())
actions.append(('Edit', 'edit.html'))
if has_permission('delete', context, request):
actions.append(('Delete', 'delete.html'))
page_title = context.title
api = TemplateAPI(context, request, page_title)
# Get a layout
layout_provider = get_layout_provider(context, request)
layout = layout_provider('intranet')
# provide client data for rendering current tags in the tagbox
client_json_data = dict(
tagbox = get_tags_client_data(context, request),
)
api.status_message = status_message
return render_template_to_response(
'templates/show_referencemanual.pt',
api=api,
actions=actions,
head_data=convert_to_script(client_json_data),
sections=_get_toc(context, api.here_url),
backto=backto,
layout=layout,
)
def login_view(context, request):
request.layout_manager.use_layout('anonymous')
came_from = _fixup_came_from(request, request.POST.get('came_from'))
if request.params.get('form.submitted', None) is not None:
challenge_qs = {'came_from': came_from}
# identify
login = request.POST.get('login')
password = request.POST.get('password')
if login is None or password is None:
return HTTPFound(location='%s/login.html'
% request.application_url)
max_age = request.POST.get('max_age')
if max_age is not None:
max_age = int(max_age)
# authenticate
userid = None
reason = 'Bad username or password'
users = find_users(context)
for authenticate in (password_authenticator, impersonate_authenticator):
userid = authenticate(users, login, password)
if userid:
break
# if not successful, try again
if not userid:
challenge_qs['reason'] = reason
return HTTPFound(location='%s/login.html?%s'
% (request.application_url,
urlencode(challenge_qs, doseq=True)))
# else, remember
return remember_login(context, request, userid, max_age, came_from)
# Log in user seamlessly with kerberos if enabled
try_kerberos = request.GET.get('try_kerberos', None)
if try_kerberos:
try_kerberos = asbool(try_kerberos)
else:
try_kerberos = asbool(get_setting(context, 'kerberos', 'False'))
if try_kerberos:
from karl.security.kerberos_auth import get_kerberos_userid
userid = get_kerberos_userid(request)
if userid:
return remember_login(context, request, userid, None, came_from)
# Break infinite loop if kerberos authorization fails
if request.authorization and request.authorization[0] == 'Negotiate':
try_kerberos = False
page_title = 'Login to %s' % request.registry.settings.get('system_name', 'KARL') # Per #366377, don't say what screen
layout = request.layout_manager.layout
layout.page_title = page_title
api = TemplateAPI(context, request, page_title)
came_from = _fixup_came_from(request,
request.params.get('came_from', request.url))
api.status_message = request.params.get('reason', None)
response = render_to_response(
'templates/login.pt',
dict(
api=api,
came_from=came_from,
nothing='',
try_kerberos=try_kerberos,
app_url=request.application_url),
request=request)
forget_headers = forget(request)
response.headers.extend(forget_headers)
return response
