def update( self, **keyargs ): super().update( **keyargs ) c = self.app.db.cursor() if "email" in keyargs: email = keyargs["email"] User.check_email( email ) c.execute( """update users set email=? where object_id=?""", [email, self.id] ) if "new_password" in keyargs: new_password = keyargs["new_password"] User.check_password( new_password ) encrypted_new_password = password.encrypt( new_password ) if self.app.user.id==self.id: # normal users have to authorize the change with their old password if not "old_password" in keyargs: raise errors.PrivilegeError( "You need to authorize the change request with your old password" ) old_password = keyargs["old_password"] encrypted_old_password = c.execute( """select password from users where object_id=?""", [self.id] ).fetchone()[0] if not password.check( old_password, encrypted_old_password ): raise errors.PrivilegeError( "Invalid old password" ) c.execute( """update users set password=? where object_id=?""", [encrypted_new_password, self.id] ) if "avatar_id" in keyargs: avatar_id = int( keyargs["avatar_id"] ) if self.app.user.can_read( avatar_id ): obj = db_object.DBObject( self.app, object_id=avatar_id ) if files.File.supports(self.app, obj.media_type) and obj.media_type.startswith("image/"): file_obj = files.File( self.app, object_id=obj.id ) size_limit = 100*2**10 if file_obj.get_size() <= size_limit: c.execute( """update users set avatar_id=? where object_id=?""", [avatar_id, self.id] ) else: raise errors.ParameterError( "Avatar object exeeds size limit of %d bytes" % (size_limit) ) else: raise errors.ParameterError( "Unsupported media type for user avatars" ) else: raise errors.PrivilegeError()
def __init__( self, app, user_id=None, nick=None, plain_password=None, email=None, parent_id=None ): if( user_id!=None ): super().__init__( app, object_id=user_id ) else: self.check( app, nick, plain_password, email ) super().__init__( app, media_type=self.media_type, parent_id=parent_id ) encrypted_password = password.encrypt( plain_password ) try: c = self.app.db.cursor() c.execute( """insert into users (object_id,nick,password,email) values (?,?,?,?)""", [self.id, nick, encrypted_password, email] ) self.index( data=nick, source="nick", rank=2 ) except sqlite3.IntegrityError as e: raise Exception( "Nick already in use" )