def password_edit_view(request):
""" Render the change password form page.
Seek the database for the user datas based on user_id used in the route. If
the user did not exist then add an error flash message and redirect to the
user list.
If the user exist then render an empty password form. If the form is
validated then change the user password in the database and add
success flash message. If the form is not valid, then display again the
form with validation errors.
:param request: a ``pyramid.request`` object
"""
_ = request.translate
user_id = request.matchdict['user_id']
user = AuthUser.get_by_id(user_id)
if not user:
request.session.flash(_(u"This user did not exist!"), 'error')
return HTTPFound(location=request.route_path('tools.user_list'))
form = Form(request, schema=UserPasswordForm, obj=user)
if 'form_submitted' in request.params and form.validate():
form.bind(user)
DBSession.add(user)
request.session.flash(_(u"Password updated."), 'success')
return HTTPFound(location=request.route_path('tools.user_list'))
return dict(renderer=FormRenderer(form))
def password_edit_view(request):
""" Render the change password form page.
Seek the database for the user datas based on user_id used in the route. If
the user did not exist then add an error flash message and redirect to the
user list.
If the user exist then render an empty password form. If the form is
validated then change the user password in the database and add
success flash message. If the form is not valid, then display again the
form with validation errors.
:param request: a ``pyramid.request`` object
"""
_ = request.translate
user_id = request.matchdict['user_id']
user = AuthUser.get_by_id(user_id)
if not user:
request.session.flash(_(u"This user did not exist!"), 'error')
return HTTPFound(location=request.route_path('tools.user_list'))
form = Form(request, schema=UserPasswordForm, obj=user)
if 'form_submitted' in request.params and form.validate():
form.bind(user)
DBSession.add(user)
request.session.flash(_(u"Password updated."), 'success')
return HTTPFound(location=request.route_path('tools.user_list'))
return dict(renderer=FormRenderer(form))
def setUp(self):
self.settings = settings
self.config_uri = config_uri
self.engine = engine_from_config(self.settings, prefix='sqlalchemy.')
DBSession.configure(bind=self.engine)
Base.metadata.bind = self.engine
Base.metadata.create_all(self.engine)
self.DBSession = DBSession
def setUp(self):
self.settings = settings
self.config_uri = config_uri
self.engine = engine_from_config(self.settings, prefix='sqlalchemy.')
DBSession.configure(bind=self.engine)
Base.metadata.bind = self.engine
Base.metadata.create_all(self.engine)
self.DBSession = DBSession
def get_user_stats():
""" Get basic database statistics.
:return: users and groups counts from the database
:rtype: dictionary
"""
usercount = DBSession.query(AuthUser.user_id).count()
groupcount = DBSession.query(AuthGroup.group_id).count()
return dict(usercount=usercount, groupcount=groupcount)
def get_user_stats():
""" Get basic database statistics.
:return: users and groups counts from the database
:rtype: dictionary
"""
usercount = DBSession.query(AuthUser.user_id).count()
groupcount = DBSession.query(AuthGroup.group_id).count()
return dict(usercount=usercount, groupcount=groupcount)
def rock_add_view(request):
_ = request.translate
form = RockForm(request.POST)
if 'form_submitted' in request.params and form.validate():
rock = Rock()
form.populate_obj(rock)
DBSession.add(rock)
request.session.flash(_(u"Rock added."), 'success')
return HTTPFound(location=request.route_path('geo.rock_list'))
return dict(form=form)
def zone_add_view(request):
_ = request.translate
form = ZoneForm(request.POST)
if 'form_submitted' in request.params and form.validate():
zone = Zone()
form.populate_obj(zone)
DBSession.add(zone)
request.session.flash(_(u"Zone added."), 'success')
return HTTPFound(location=request.route_path('geo.zone_list'))
return dict(form=form)
def get_zone_stats():
""" Get basic database statistics.
:return: zones and groups counts from the database
:rtype: dictionary
"""
zonecount = DBSession.query(Zone.zone_id).count()
groupcount = DBSession.query(Group.group_id).count()
rockcount = DBSession.query(Rock.rock_id).count()
engravingcount = None
return dict(zonecount=zonecount, groupcount=groupcount,
rockcount=rockcount, engravingcount=engravingcount)
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# configure SQLAlchemy
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
config = Configurator(settings=settings)
# configure the root factory (used for Auth & Auth)
root_factory = RootFactory
config.set_root_factory(root_factory)
# configure session
session_factory = session_factory_from_settings(settings)
config.set_session_factory(session_factory)
# configure auth & auth
config.include(anuket.add_authorization)
# set an auth_user object
config.set_request_property(get_auth_user, 'auth_user', reify=True)
# configure subscribers
## config.include(anuket.subscribers)
##Comented to avoid crsf check
##TODO bring back CSRF
from pyramid.events import BeforeRender, NewRequest
config.add_subscriber(anuket.subscribers.add_renderer_globals, BeforeRender)
config.add_subscriber(anuket.subscribers.add_localizer, NewRequest)
# configure static views
config.include(anuket.add_static_views)
# configure routes
config.include(anuket.views.root)
config.include(anuket.views.tools)
config.include(anuket.views.user)
#TODO improve this
from begotemp.views import geo_zone, geo_group, geo_rock
config.include(geo_zone)
config.include(geo_group)
config.include(geo_rock)
## configure views
config.scan('anuket')
config.scan()
config.add_translation_dirs('anuket:locale')
config.set_locale_negotiator('anuket.lib.i18n.locale_negotiator')
return config.make_wsgi_app()
def initialize_db(self):
""" Initialize the database schema and insert default values.
:return: 0 (OK) or 1 (abnormal termination error)
"""
config_uri = self.args.config_uri
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
# check if there is already a versioned database
revision = get_alembic_revision(config_uri)
if revision:
print("This database is versioned. "
"Use the upgrade script instead!")
return 1
# create the tables (except alembic_version)
Base.metadata.create_all(engine)
# add default user & group values
with transaction.manager:
admins_group = AuthGroup()
admins_group.groupname = u'admins'
admin_user = AuthUser()
admin_user.username = u'admin'
admin_user.password = u'admin'
admin_user.group = admins_group
try:
DBSession.add(admins_group)
DBSession.add(admin_user)
DBSession.flush()
except IntegrityError:
DBSession.rollback()
print("There is already a database. "
"Use the upgrade script instead!")
return 1
# stamp the database with the most recent revision
# (and create alembic_version table)
try:
alembic_cfg = get_alembic_settings(config_uri)
stamp(alembic_cfg, 'head')
except (AttributeError, ImportError): # pragma: no cover
# alembic is missing or not configured
pass
print("Database initialization done.")
return 0
def initialize_db(self):
""" Initialize the database schema and insert default values.
:return: 0 (OK) or 1 (abnormal termination error)
"""
config_uri = self.args.config_uri
settings = get_appsettings(config_uri)
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
# check if there is already a versioned database
revision = get_alembic_revision(config_uri)
if revision:
print("This database is versioned. "
"Use the upgrade script instead!")
return 1
# create the tables (except alembic_version)
Base.metadata.create_all(engine)
# add default user & group values
with transaction.manager:
admins_group = AuthGroup()
admins_group.groupname = u'admins'
admin_user = AuthUser()
admin_user.username = u'admin'
admin_user.password = u'admin'
admin_user.group = admins_group
try:
DBSession.add(admins_group)
DBSession.add(admin_user)
DBSession.flush()
except IntegrityError:
DBSession.rollback()
print("There is already a database. "
"Use the upgrade script instead!")
return 1
# stamp the database with the most recent revision
# (and create alembic_version table)
try:
alembic_cfg = get_alembic_settings(config_uri)
stamp(alembic_cfg, 'head')
except (AttributeError, ImportError): # pragma: no cover
# alembic is missing or not configured
pass
print("Database initialization done.")
return 0
def user_list_view(request):
""" Render the user list page.
Return a paged user list from the database. The paged list can be
ordered by username, first name or last name. Add an error flash message
if the list is empty. Return also basic users statistics.
:param request: a ``pyramid.request`` object
"""
_ = request.translate
stats = get_user_stats()
sortable_columns = ['username', 'first_name', 'last_name']
column = request.params.get('sort')
search = request.params.get('search')
# construct the query
users = DBSession.query(AuthUser)
if column and column in sortable_columns:
users = users.order_by(column)
else:
users = users.order_by(AuthUser.username)
if search:
users = users.filter(AuthUser.username.like('%' + search + '%'))
# add a flash message for empty results
if users.count() == 0:
request.session.flash(_(u"There is no results!"), 'error')
# paginate results
page_url = paginate.PageURL_WebOb(request)
users = paginate.Page(users,
page=int(request.params.get("page", 1)),
items_per_page=20,
url=page_url)
return dict(users=users, stats=stats)
def user_list_view(request):
""" Render the user list page.
Return a paged user list from the database. The paged list can be
ordered by username, first name or last name. Add an error flash message
if the list is empty. Return also basic users statistics.
:param request: a ``pyramid.request`` object
"""
_ = request.translate
stats = get_user_stats()
sortable_columns = ['username', 'first_name', 'last_name']
column = request.params.get('sort')
search = request.params.get('search')
# construct the query
users = DBSession.query(AuthUser)
if column and column in sortable_columns:
users = users.order_by(column)
else:
users = users.order_by(AuthUser.username)
if search:
users = users.filter(AuthUser.username.like('%' + search + '%'))
# add a flash message for empty results
if users.count() == 0:
request.session.flash(_(u"There is no results!"), 'error')
# paginate results
page_url = paginate.PageURL_WebOb(request)
users = paginate.Page(users,
page=int(request.params.get("page", 1)),
items_per_page=20,
url=page_url)
return dict(users=users, stats=stats)
def get_by_id(cls, group_id):
""" Query the `auth_group` table by `group_id`.
:param group_id: the group id
:type group_id: integer
:return: a ``sqlalchemy.orm.query.Query`` object
"""
return DBSession.query(cls).get(group_id)
def get_by_email(cls, email=None):
""" Query the auth_user table by email.
:param username: the user email
:type username: unicode
:return: a ``sqlalchemy.orm.query.Query`` object
"""
if email:
return DBSession.query(cls).filter(cls.email == email).first()
def get_by_id(cls, user_id=None):
""" Query the `auth_user` table by `user_id`.
:param user_id: the user id
:type username: integer
:return: a ``sqlalchemy.orm.query.Query`` object
"""
if user_id:
return DBSession.query(cls).get(user_id)
def get_grouplist():
""" Generate a list of groups from the database.
:return: a list of pair values (`group_id`, `groupname`)
:rtype: list
"""
# For use in group select forms.
groups = DBSession.query(AuthGroup).order_by(AuthGroup.groupname).all()
grouplist = [(group.group_id, group.groupname) for group in groups]
return grouplist
def get_by_username(cls, username=None):
""" Query the `auth_user` table by username.
:param username: the user username
:type username: unicode
:return: a ``sqlalchemy.orm.query.Query`` object
"""
if username:
return DBSession.query(cls).filter(
cls.username == username).first()
def get_grouplist():
""" Generate a list of groups from the database.
:return: a list of pair values (`group_id`, `groupname`)
:rtype: list
"""
# For use in group select forms.
groups = DBSession.query(AuthGroup).order_by(AuthGroup.groupname).all()
grouplist = [(group.group_id, group.groupname) for group in groups]
return grouplist
def user_add_view(request):
""" Render the add user form page.
Display an empty user form or validate the user submited form. If the form
is validated then add the user datas to the database and a success flash
message. If the form is not valid, then display again the form with
validation errors. Return also a list of groups to use in the group select
form.
:param request: a ``pyramid.request`` object
"""
_ = request.translate
grouplist = get_grouplist()
form = Form(request, schema=UserForm)
if 'form_submitted' in request.params and form.validate():
user = form.bind(AuthUser())
DBSession.add(user)
request.session.flash(_(u"User added."), 'success')
return HTTPFound(location=request.route_path('tools.user_list'))
return dict(renderer=FormRenderer(form), grouplist=grouplist)
def get_alembic_revision(config_uri):
""" Check the existence of an alembic revision in the database. If the
database is versioned, then return the current revision.
:param config_uri: an .ini file
:return: the alembic revision value or None
"""
try:
revision = DBSession.query(Migration.version_num).first()
except OperationalError:
revision = None
return revision
def user_add_view(request):
""" Render the add user form page.
Display an empty user form or validate the user submited form. If the form
is validated then add the user datas to the database and a success flash
message. If the form is not valid, then display again the form with
validation errors. Return also a list of groups to use in the group select
form.
:param request: a ``pyramid.request`` object
"""
_ = request.translate
grouplist = get_grouplist()
form = Form(request, schema=UserForm)
if 'form_submitted' in request.params and form.validate():
user = form.bind(AuthUser())
DBSession.add(user)
request.session.flash(_(u"User added."), 'success')
return HTTPFound(location=request.route_path('tools.user_list'))
return dict(renderer=FormRenderer(form),
grouplist=grouplist)
def main(global_config, **settings):
""" Configure and returns a Pyramid WSGI application.
:param global_config: key/values from the [DEFAULT] section of an .ini fine
:type global_config: dictionary
:param **settings: key/values from the [app:main] section of an .ini fine
:return: a ``pyramid.router.Router`` object
"""
# configure SQLAlchemy
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
config = Configurator(settings=settings)
# configure the root factory (used for Auth & Auth)
root_factory = RootFactory
config.set_root_factory(root_factory)
# configure session
session_factory = session_factory_from_settings(settings)
config.set_session_factory(session_factory)
# configure auth & auth
config.include(add_authorization)
# set an auth_user object
config.set_request_property(get_auth_user, 'auth_user', reify=True)
# configure subscribers
config.include(subscribers)
# configure static views
config.include(add_static_views)
# configure routes
config.include(root)
config.include(tools)
config.include(user)
# configure views
config.scan()
# configure i18n
config.add_translation_dirs('anuket:locale')
config.set_locale_negotiator('anuket.lib.i18n.locale_negotiator')
return config.make_wsgi_app()
def user_delete_view(request):
""" Delete an user.
Seek the database for the user datas based on user_id used in the route. If
the user did not exist then add an error flash message and redirect to the
user list. If the user exist then delete the user in the database, add a
warning flash message and then redirect to the user list.
:param request: a ``pyramid.request`` object
"""
# The confirm delete must be managed by modal messages in the templates,
# and we forbid direct deletion from the address bar (no referer)
_ = request.translate
if not request.referer:
request.session.flash(_(u"Insufficient permissions!"),
'error')
return HTTPFound(location=request.route_path('home'))
user_id = request.matchdict['user_id']
user = AuthUser.get_by_id(user_id)
if not user:
request.session.flash(_(u"This user did not exist!"), 'error')
return HTTPFound(location=request.route_path('tools.user_list'))
#forbid the deletion if it's the only admin user
if user.group.groupname == u'admins':
adminscount = DBSession.query(AuthUser.user_id).join(AuthGroup).\
filter(AuthGroup.groupname == u'admins').\
count()
if adminscount == 1:
request.session.flash(_(u"Deletion of the only admin forbidden!"),
'error')
return HTTPFound(location=request.route_path('tools.user_list'))
DBSession.delete(user)
request.session.flash(_(u"User deleted."), 'warn')
return HTTPFound(location=request.route_path('tools.user_list'))
def main(global_config, **settings):
""" This function returns a Pyramid WSGI application.
"""
# configure SQLAlchemy
engine = engine_from_config(settings, 'sqlalchemy.')
DBSession.configure(bind=engine)
config = Configurator(settings=settings)
# configure the root factory (used for Auth & Auth)
root_factory = RootFactory
config.set_root_factory(root_factory)
# configure session
session_factory = session_factory_from_settings(settings)
config.set_session_factory(session_factory)
# configure auth & auth
config.include(anuket.add_authorization)
# set an auth_user object
config.set_request_property(get_auth_user, 'auth_user', reify=True)
# configure subscribers
config.include(anuket.subscribers)
# configure static views
config.include(anuket.add_static_views)
# configure routes
config.include(anuket.views.root)
config.include(anuket.views.tools)
config.include(anuket.views.user)
from anuketexample import views
config.include(views)
# configure views
config.scan('anuket')
config.scan()
config.add_translation_dirs('anuket:locale')
config.set_locale_negotiator('anuket.lib.i18n.locale_negotiator')
return config.make_wsgi_app()
def user_delete_view(request):
""" Delete an user.
Seek the database for the user datas based on user_id used in the route. If
the user did not exist then add an error flash message and redirect to the
user list. If the user exist then delete the user in the database, add a
warning flash message and then redirect to the user list.
:param request: a ``pyramid.request`` object
"""
# The confirm delete must be managed by modal messages in the templates,
# and we forbid direct deletion from the address bar (no referer)
_ = request.translate
if not request.referer:
request.session.flash(_(u"Insufficient permissions!"), 'error')
return HTTPFound(location=request.route_path('home'))
user_id = request.matchdict['user_id']
user = AuthUser.get_by_id(user_id)
if not user:
request.session.flash(_(u"This user did not exist!"), 'error')
return HTTPFound(location=request.route_path('tools.user_list'))
#forbid the deletion if it's the only admin user
if user.group.groupname == u'admins':
adminscount = DBSession.query(AuthUser.user_id).join(AuthGroup).\
filter(AuthGroup.groupname == u'admins').\
count()
if adminscount == 1:
request.session.flash(_(u"Deletion of the only admin forbidden!"),
'error')
return HTTPFound(location=request.route_path('tools.user_list'))
DBSession.delete(user)
request.session.flash(_(u"User deleted."), 'warn')
return HTTPFound(location=request.route_path('tools.user_list'))
def zone_list_view(request):
_ = request.translate
stats = get_zone_stats()
# construct the query
zones = DBSession.query(Zone)
zones = zones.order_by(Zone.zone_number)
# add a flash message for empty results
if zones.count() == 0:
request.session.flash(_(u"There is no results!"), 'error')
# paginate results
page_url = paginate.PageURL_WebOb(request)
zones = paginate.Page(zones,
page=int(request.params.get("page", 1)),
items_per_page=20,
url=page_url)
return dict(zones=zones, stats=stats)
def group_list_view(request):
_ = request.translate
stats=None
sortable_columns = ['group_number', 'zone_number']
#TODO correct zone_number sorting and listing
column = request.params.get('sort')
# construct the query
groups = DBSession.query(Group)
if column and column in sortable_columns:
groups = groups.order_by(column)
else:
groups = groups.order_by(Group.group_number)
# add a flash message for empty results
if groups.count() == 0:
request.session.flash(_(u"There is no results!"), 'error')
# paginate results
page_url = paginate.PageURL_WebOb(request)
groups = paginate.Page(groups,
page=int(request.params.get("page", 1)),
items_per_page=20,
url=page_url)
return dict(groups=groups, stats=stats)
def get_groups():
return DBSession.query(Group).order_by(Group.group_number).all()
def get_zones():
return DBSession.query(Zone).order_by(Zone.zone_number).all()
