def view_init(request, session, tab):
"""Common init for all 'view'.
Args:
request: (Request)
session: (DBSession)
tab: (str) current tab in view
Returns:
(User, dict of (str: any)): user, view_params
"""
uid = request.matchdict['uid']
user = User.get(session, uid)
if user is None:
request.session.flash("User %s does not exists" % uid, 'warning')
raise HTTPFound(location=request.route_url('home'))
current_uid = request.unauthenticated_userid
view_params = {"user": user,
"tabs": tabs,
"tab": tab,
"allow_edit": (uid == current_uid),
"sections": []}
return user, view_params
def edit_init(request, session, tab):
"""Common init for all 'edit' views.
Args:
request: (Request)
session: (DBSession)
tab: (str) current tab in view
Returns:
(ResearchObject, dict of (str: any)): ro, view_params
"""
ro, view_params = view_init(request, session, tab)
warn_links = [link for link in ro.out_links if link.type == 'produce']
error_links = [link for link in ro.in_links if link.type != 'contains']
view_params["warn_links"] = warn_links
view_params["error_links"] = error_links
if not view_params["allow_edit"]:
msg = "Access to %s edition not granted for you" % ro.id
request.session.flash(msg, 'warning')
raise HTTPFound(location=request.route_url('home'))
if 'back' in request.params:
# request.session.flash("Edition stopped", 'success')
loc = request.route_url('ro_view_%s' % tab, uid=ro.id)
raise HTTPFound(location=loc)
if 'update' in request.params:
# edit project visibility
public = 'visibility' in request.params
ro.public = public
if 'confirm_transfer' in request.params:
if request.unauthenticated_userid != ro.owner:
request.session.flash("Action non authorized for you", 'warning')
raise HTTPFound(location=request.route_url('home'))
user = User.get(session, request.params["new_owner"])
if user is None:
msg = "User '%s' is unknown" % request.params["new_owner"]
request.session.flash(msg, 'warning')
raise HTTPFound(location=request.current_route_url())
ro.change_owner(session, user)
loc = request.route_url("ro_view_home", uid=ro.id)
transaction.commit()
raise HTTPFound(location=loc)
delete_recursive = "confirm_delete_recursive" in request.params
if "confirm_delete" in request.params or delete_recursive:
if ResearchObject.remove(session, ro, delete_recursive):
transaction.commit()
request.session.flash("RO '%s' deleted" % ro.id, 'success')
else:
request.session.flash("Failed to delete '%s'" % ro.id, 'warning')
raise HTTPFound(location=request.route_url('home'))
return ro, view_params
def view(request):
if request.unauthenticated_userid is not None:
request.session.flash("Already logged in, log out first", 'warning')
return HTTPFound(location=request.route_url('home'))
if "ok" in request.params:
session = DBSession()
view_params = {}
for field_name in ("user_id", "user_name", "user_email"):
if field_name in request.params:
view_params[field_name] = request.params[field_name]
# check all fields are correct
uid = request.params["user_id"]
if len(uid) == 0 or not is_good_id(uid):
request.session.flash("User id is not a valid id", 'warning')
return view_params
name = request.params["user_name"]
if len(name) == 0 or not is_good_name(name):
request.session.flash("Name given is not valid", 'warning')
return view_params
email = request.params["user_email"]
if len(email) == 0 or not is_good_email(email):
request.session.flash("Email given is not valid", 'warning')
return view_params
# check user does not exist already
# as a user
user = User.get(session, uid)
if user is not None:
request.session.flash("User %s already exists" % uid, 'warning')
return view_params
# as a team
team = Team.get(session, uid)
if team is not None:
msg = "User %s already exists as a team name" % uid
request.session.flash(msg, 'warning')
return view_params
# register new user
User.create(session, uid, name, email)
return log_user_in(request, uid, True)
else:
return {}
def register_new_user(request, session, team, new_uid):
"""Register a new user according to info in form
Args:
request: (Request)
session: (DBSession)
team: (Team)
new_uid: (str) id of user to add to team auth
Returns:
(bool): whether team has changed and need to be reloaded
"""
if new_uid == team.id:
msg = "Cannot be a member of itself"
request.session.flash(msg, 'warning')
return False
role = Role.from_str(request.params.get("role_new", "denied"))
member = User.get(session, new_uid)
if member is not None:
if new_uid in (pol.actor for pol in team.auth):
msg = "%s already a direct member" % member.id
request.session.flash(msg, 'warning')
return False
team.add_policy(session, member, role)
request.session.flash("New member %s added" % member.id, 'success')
return True
member = Team.get(session, new_uid)
if member is not None:
if team.has_member(session, new_uid):
request.session.flash("%s already a member" % member.id, 'warning')
return False
if member.has_member(session, team.id):
msg = "Circular reference %s is a member of %s" % (team.id,
member.id)
request.session.flash(msg, 'warning')
return False
team.add_policy(session, member, role)
request.session.flash("New member %s added" % member.id, 'success')
return True
request.session.flash("User %s does not exists" % new_uid, 'warning')
return False
def view(request):
if request.unauthenticated_userid is not None:
request.session.flash("Already logged in, log out first", 'warning')
return HTTPFound(location=request.route_url('home'))
if "ok" in request.params:
session = DBSession()
uid = request.params["user_id"]
user = User.get(session, uid)
if user is None:
msg = "No such user! <a href='%s'>Register?</a>" % request.route_url('user_register')
request.session.flash(Markup(msg), 'warning')
return HTTPFound(location=request.current_route_url())
pwd = request.params["password"]
# check password
if check_password(session, user, pwd):
return log_user_in(request, uid)
else:
request.session.flash("Invalid password", 'warning')
return HTTPFound(location=request.current_route_url())
else:
return {}
