def security_save(self): context = self.context.get_instance() for acl in context.acl: DBSession.delete(acl) for checkbox_name in self.request.POST: role_id, permission_name = checkbox_name.split('.') acl = ApplicationACL(application_id=context.id, role_id=role_id, permission_name=permission_name) DBSession.add(acl) request = self.request return HTTPFound(location=request.fa_url(request.model_name, request.model_id, 'security'))
def save_query(context, request): current_uid = request.authenticated_user.id query_meta = cgi.parse_qs(request.POST['query_meta']) if not 'query_name' in query_meta: return Response(u"Please specify a query name.", status=409) query_name = query_meta['query_name'][0] taken = DBSession.query(SavedQuery).filter(SavedQuery.author_id==current_uid).filter(SavedQuery.query_name==query_name).count() submit_type = request.POST['submit_type'] if submit_type == 'submit_edit': if taken: return Response(u"Name already in use: '%s'." % query_name, status=409) sq_id = query_meta['sq_id'][0] qry = DBSession.query(SavedQuery) qry = qry.filter(SavedQuery.author_id==current_uid) qry = qry.filter(SavedQuery.id==sq_id) sq = qry.one() sq.query_name = query_name return Response(u"The query has been renamed as '%s'." % query_name) elif submit_type == 'submit_delete': sq_id = query_meta['sq_id'][0] qry = DBSession.query(SavedQuery) qry = qry.filter(SavedQuery.author_id==current_uid) qry = qry.filter(SavedQuery.id==sq_id) sq = qry.one() DBSession.delete(sq) return Response(u"The saved query has been deleted.") elif submit_type == 'submit_add': if taken: return Response(u"Name already in use: '%s'." % query_name, status=409) # add sq = SavedQuery(query_name=query_name, report_name=query_meta['report_name'][0], query_string=request.POST['query_string'], author_id = current_uid) DBSession.add(sq) return Response(u"The query has been saved as '%s'." % query_name)
def change_password(request): session = DBSession() token = request.params.get('token') ptoken = session.query(PasswordResetToken).filter_by(token=token).first() password = request.params.get('password') repeat = request.params.get('password_repeat') if not ptoken: request.add_message(_(u'Token doesn\'t exist.'), type='danger') elif password != repeat: request.add_message(_(u'Passwords missmatch.'), type='danger') elif not password or not repeat: request.add_message(_(u'Missing password.'), type='danger') elif len(password)<6: request.add_message(_(u'Password too short. It needs to be at least 6 characters long.'), type='danger') else: ptoken.user.set_password(password) session.delete(ptoken) request.add_message(_(u'Password changed.'), type='success') return HTTPFound(location='/login_form') return {'request': request, 'token': token}