def _has_access(self):
# If no user, let the authenticated decorator take over
if self.current_user is None:
return
# verify the user exists
# WARNING: this is a list lookup. As the number of users is
# anticipated to be small for labadmin, this is probably okay.
if self.current_user not in db.get_users():
raise HTTPError(
403, 'User %s does not have access level '
'%s' %
(self.current_user, ', '.join(self._access_levels)))
# Base level access is given to everyone assuming the user
# is valid
if self._access_levels[0] == 'Base':
return
# verify access
if not db.has_access(self.current_user, self._access_levels):
raise HTTPError(
403, 'User %s does not have access level '
'%s' %
(self.current_user, ', '.join(self._access_levels)))
def get(self):
user = self.get_argument("user", None)
all_levels = []
user_levels = []
if user is not None:
all_levels = db.get_access_levels()
user_levels = db.get_access_levels_user(user)
users = db.get_users()
self.render("edit_user.html", all_levels=all_levels, user_levels=user_levels, users=users, user=user, msg="")
def get(self):
user = self.get_argument('user', None)
all_levels = []
user_levels = []
if user is not None:
all_levels = db.get_access_levels()
user_levels = db.get_access_levels_user(user)
users = db.get_users()
self.render('edit_user.html', all_levels=all_levels,
user_levels=user_levels, users=users, user=user, msg='')
def post(self):
msg = "Access levels updated"
access_levels = [int(x) for x in self.get_arguments("levels")]
user = self.get_argument("user")
try:
db.alter_access_levels(user, access_levels)
except Exception as e:
msg = "ERROR: %s" % str(e)
all_levels = db.get_access_levels()
user_levels = db.get_access_levels_user(user)
users = db.get_users()
self.render("edit_user.html", all_levels=all_levels, user_levels=user_levels, users=users, user=user, msg=msg)
def post(self):
msg = 'Access levels updated'
access_levels = [int(x) for x in self.get_arguments('levels')]
user = self.get_argument('user')
try:
db.alter_access_levels(user, access_levels)
except Exception as e:
msg = 'ERROR: %s' % str(e)
all_levels = db.get_access_levels()
user_levels = db.get_access_levels_user(user)
users = db.get_users()
self.render('edit_user.html', all_levels=all_levels,
user_levels=user_levels, users=users, user=user,
msg=msg)
def _has_access(self):
# If no user, let the authenticated decorator take over
if self.current_user is None:
return
# verify the user exists
# WARNING: this is a list lookup. As the number of users is
# anticipated to be small for labadmin, this is probably okay.
if self.current_user not in db.get_users():
raise HTTPError(403, 'User %s does not have access level '
'%s' % (self.current_user,
', '.join(self._access_levels)))
# Base level access is given to everyone assuming the user
# is valid
if self._access_levels[0] == 'Base':
return
# verify access
if not db.has_access(self.current_user, self._access_levels):
raise HTTPError(403, 'User %s does not have access level '
'%s' % (self.current_user,
', '.join(self._access_levels)))
def test_get_users(self):
obs = db.get_users()
exp = 'test'
self.assertIn(exp, obs)
def test_get_users(self):
obs = db.get_users()
exp = ["test"]
self.assertEqual(obs, exp)
def test_get_users(self):
obs = db.get_users()
exp = ['test']
self.assertEqual(obs, exp)
def test_get_users(self):
obs = db.get_users()
exp = 'test'
self.assertIn(exp, obs)
