def view_user(request):
user = get_user(request)
page_title = 'User Data'
subtitle = user['first_last']
change_pw = False
if user['auth_mode'] != 'ldap':
if 'form.submitted' in request.POST:
user_name = request.POST['user_name']
first_name = request.POST['first_name']
last_name = request.POST['last_name']
email_address = request.POST['email_address']
password = request.POST['password']
# FIXME: Need some security checking here
if user_name != user['login']:
log.error('Bad person attemting to do bad things to:' %
user_name)
else:
# Update
log.info(
'UPDATE: user_name=%s,first_name=%s,last_name=%s,email_address=%s,password=%s'
% (user_name, first_name, last_name, email_address,
'<redacted>'))
try:
user = DBSession.query(User).filter(
User.user_name == user_name).one()
user.first_name = first_name
user.last_name = last_name
user.email_address = email_address
if password:
log.info(
'Changing password for: user_name=%s password=<redacted>'
% user_name)
salt = sha512_crypt.genconfig()[17:33]
encrypted_password = sha512_crypt.encrypt(password,
salt=salt)
user.salt = salt
user.password = encrypted_password
DBSession.flush()
return_url = '/logout?message=Your password has been changed successfully. Please log in again.'
return HTTPFound(return_url)
DBSession.flush()
except Exception, e:
pass
log.error("%s (%s)" % (Exception, e))
user = get_user(request)
def view_cp_user(request):
page_title = 'Control Panel - Users'
user = get_user(request)
users = DBSession.query(User).all()
groups = DBSession.query(Group).all()
params = {
'mode': None,
'commit': None,
'user_id': None,
}
for p in params:
try:
params[p] = request.params[p]
except:
pass
mode = params['mode']
commit = params['commit']
user_id = params['user_id']
error_msg = None
this_user = None
this_groups = None
subtitle = 'Users'
if mode == 'add':
subtitle = 'Add a new user'
if commit:
user_names = request.POST.getall('user_name')
first_names = request.POST.getall('first_name')
last_names = request.POST.getall('last_name')
email_addresses = request.POST.getall('email_address')
passwords = request.POST.getall('password')
try:
utcnow = datetime.utcnow()
for u in range(len(user_names)):
salt = sha512_crypt.genconfig()[17:33]
encrypted_password = sha512_crypt.encrypt(passwords[u],
salt=salt)
create = User(user_name=user_names[u],
first_name=first_names[u],
last_name=last_names[u],
email_address=email_addresses[u],
salt=salt,
password=encrypted_password,
updated_by=user['login'],
created=utcnow,
updated=utcnow)
DBSession.add(create)
DBSession.flush()
user_id = create.user_id
group_assignments = request.POST.getall(
'group_assignments')
for a in group_assignments:
g = DBSession.query(Group).filter(
Group.group_name == a).one()
create = UserGroupAssignment(group_id=g.group_id,
user_id=user_id,
updated_by=user['login'],
created=utcnow,
updated=utcnow)
DBSession.add(create)
DBSession.flush()
return_url = '/cp/user'
return HTTPFound(return_url)
except Exception as ex:
if type(ex).__name__ == 'IntegrityError':
log.error(
'User already exists in the db, please edit instead.')
# Rollback
DBSession.rollback()
# FIXME: Return a nice page
return HTTPConflict(
'User already exists in the db, please edit instead.')
else:
raise
# FIXME not trapping correctly
DBSession.rollback()
error_msg = ("Failed to create user (%s)" % (ex))
log.error(error_msg)
if mode == 'edit':
subtitle = 'Edit user'
if not commit:
try:
q = DBSession.query(User)
q = q.filter(User.user_id == user_id)
this_user = q.one()
q = DBSession.query(Group)
q = q.join(UserGroupAssignment,
Group.group_id == UserGroupAssignment.group_id)
q = q.filter(UserGroupAssignment.user_id == this_user.user_id)
results = q.all()
this_groups = []
for r in results:
this_groups.append(r.group_name)
except Exception, e:
conn_err_msg = e
return Response(str(conn_err_msg),
content_type='text/plain',
status_int=500)
if commit:
if 'form.submitted' in request.POST:
user_id = request.POST.get('user_id')
user_name = request.POST.get('user_name')
first_name = request.POST.get('first_name')
last_name = request.POST.get('last_name')
email_address = request.POST.get('email_address')
password = request.POST.get('password')
group_assignments = request.POST.getall('group_assignments')
# Update the user
utcnow = datetime.utcnow()
this_user = DBSession.query(User).filter(
User.user_id == user_id).one()
this_user.user_name = user_name
this_user.first_name = first_name
this_user.last_name = last_name
this_user.email_address = email_address
if password:
salt = sha512_crypt.genconfig()[17:33]
encrypted_password = sha512_crypt.encrypt(password,
salt=salt)
this_user.salt = salt
this_user.password = encrypted_password
this_user.updated_by = user['login']
DBSession.flush()
for g in groups:
if str(g.group_id) in group_assignments:
# assign
log.debug("Group: %s is in group assignments" %
g.group_name)
q = DBSession.query(UserGroupAssignment).filter(
UserGroupAssignment.group_id == g.group_id,
UserGroupAssignment.user_id == this_user.user_id)
check = DBSession.query(q.exists()).scalar()
if not check:
log.info("Assigning local user %s to group %s" %
(this_user.user_name, g.group_name))
update = UserGroupAssignment(
group_id=g.group_id,
user_id=user_id,
updated_by=user['login'],
created=utcnow,
updated=utcnow)
DBSession.add(update)
DBSession.flush()
else:
# delete
log.debug(
"Checking to see if we need to remove assignment for user: %s in group %s"
% (this_user.user_name, g.group_name))
q = DBSession.query(UserGroupAssignment).filter(
UserGroupAssignment.group_id == g.group_id,
UserGroupAssignment.user_id == this_user.user_id)
check = DBSession.query(q.exists()).scalar()
if check:
log.info("Removing local user %s from group %s" %
(this_user.user_name, g.group_name))
assignment = DBSession.query(
UserGroupAssignment).filter(
UserGroupAssignment.group_id == g.group_id,
UserGroupAssignment.user_id ==
this_user.user_id).one()
DBSession.delete(assignment)
DBSession.flush()
return_url = '/cp/user'
return HTTPFound(return_url)
(user['login']))
if valid_time:
# Convert the env name to the id
env_id = Env.get_env_id(to_env)
# Assign
utcnow = datetime.utcnow()
promote = ArtifactAssignment(deploy_id=deploy_id,
artifact_id=artifact_id,
env_id=env_id.env_id,
lifecycle_id=to_state,
updated_by=user['login'],
created=utcnow)
DBSession.add(promote)
DBSession.flush()
return_url = '/deploys?application_id=%s&nodegroup=%s&artifact_id=%s&to_env=%s&to_state=%s&commit=%s' % (
app.application_id, app.nodegroup, artifact_id, to_env,
to_state, commit)
return HTTPFound(return_url)
else:
error = True
message = "ACCESS DENIED: You are attempting to promote outside the allowed time window for %s: %s" % (
app.application_name, fw)
except Exception, e:
log.error("Failed to promote artifact (%s)" % (e))
return {
'layout': site_layout(),
'page_title': page_title,