Exemplo n.º 1
0
def permission_create(request):
    _ = get_localizer(request)
    
    permission_model = PermissionModel(request.db_session)
    
    factory = FormFactory(_)
    PermissionCreateForm = factory.make_permission_create_form()
    form = PermissionCreateForm(request.params)
    
    if request.method == 'POST':
        check_csrf_token(request)
        
        validate_result = form.validate()
        permission_name = request.params['permission_name']
        description = request.params['description']
        
        by_name = permission_model.get_by_name(permission_name)
        if by_name is not None:
            msg = _(u'Permission name %s already exists') % permission_name
            form.permission_name.errors.append(msg)
            validate_result = False

        if validate_result:
            with transaction.manager:
                permission_model.create(
                    permission_name=permission_name, 
                    description=description, 
                )
            
            msg = _(u"Permission ${permission_name} has been created", 
                    mapping=dict(permission_name=permission_name))
            request.add_flash(msg, 'success')
            return HTTPFound(location=request.route_url('admin.permission_list'))
    return dict(form=form)
Exemplo n.º 2
0
    def test_check_csrf_token(self):
        from pyramid.httpexceptions import HTTPBadRequest
        from ez2pay.utils import check_csrf_token

        mock_session = (
            flexmock()
            .should_receive('get_csrf_token')
            .replace_with(lambda: 'MOCK_CSRF_TOKEN')
            .twice()
            .mock()
        )

        mock_request = flexmock(
            session=mock_session,
            params=dict(csrf_token='MOCK_CSRF_TOKEN')
        )

        check_csrf_token(mock_request)

        mock_request = flexmock(
            session=mock_session,
            params=dict(csrf_token='BAD_TOKEN')
        )
        with self.assertRaises(HTTPBadRequest):
            check_csrf_token(mock_request)
Exemplo n.º 3
0
def payment(request):
    # TODO: get the form record from database and determine which account
    # for processing the payment, and what kind of limitation we have here
    _ = get_localizer(request)
    factory = FormFactory(_)
    PaymentForm = factory.make_payment_form()
    form = PaymentForm()

    if request.method == 'POST':
        check_csrf_token(request)

        # TODO: tokenlize the card
        payment_uri = request.params['payment_uri']
        print '#'*10, payment_uri

        balanced.configure('ef13dce2093b11e388de026ba7d31e6f')
        customer = balanced.Customer()
        customer.save()
        customer.add_card(payment_uri)
        customer.debit(
            amount=12345,
            source_uri=payment_uri,
            description='Payment made via EZ2Pay for XXX',
        )
        return dict(form=form, processed=True)
        # TODO: call the balanced API, charge the card

    return dict(form=form, processed=False)
Exemplo n.º 4
0
def user_create(request):
    _ = get_localizer(request)
    
    user_model = UserModel(request.db_session)
    group_model = GroupModel(request.db_session)
    
    factory = FormFactory(_)
    UserCreateForm = factory.make_user_create_form()
    form = UserCreateForm(request.params)
    
    groups = group_model.get_list()
    form.groups.choices = [
        (str(g.group_id), '%s - %s' % (g.group_name, g.display_name)) 
        for g in groups
    ]
    
    if request.method == 'POST':
        check_csrf_token(request)
        
        validate_result = form.validate()
        user_name = request.params['user_name']
        display_name = request.params['display_name']
        password = request.params['password']
        email = request.params['email']
        groups = request.params.getall('groups')
        
        by_name = user_model.get_by_name(user_name)
        if by_name is not None:
            msg = _(u'Username %s already exists') % user_name
            form.user_name.errors.append(msg)
            validate_result = False
            
        by_email = user_model.get_by_email(email)
        if by_email is not None:
            msg = _(u'Email %s already exists') % email
            form.email.errors.append(msg)
            validate_result = False
        
        if validate_result:
            with transaction.manager:
                user_id = user_model.create(
                    user_name=user_name,
                    display_name=display_name,
                    password=password,
                    email=email,
                )
                user_model.update_groups(user_id, map(int, groups))
            
            msg = _(u"User ${user_name} has been created", 
                    mapping=dict(user_name=user_name))
            request.add_flash(msg, 'success')
            return HTTPFound(location=request.route_url('admin.user_list'))
    
    return dict(form=form)
Exemplo n.º 5
0
def permission_edit(request):
    _ = get_localizer(request)
    
    permission_model = PermissionModel(request.db_session)
    
    permission_name = request.matchdict['permission_name']
    permission = permission_model.get_by_name(permission_name)
    if permission is None:
        msg = _(u'Permission %s does not exist') % permission_name
        return HTTPNotFound(msg)
    
    factory = FormFactory(_)
    PermissionEditForm = factory.make_permission_edit_form()
    form = PermissionEditForm(request.params, permission)
    
    if request.method == 'POST':
        check_csrf_token(request)
        
        validate_result = form.validate()
        permission_name = request.params['permission_name']
        description = request.params['description']
        
        by_name = permission_model.get_by_name(permission_name)
        if (
            by_name is not None and 
            permission_name != permission.permission_name
        ):
            msg = _(u'Permission name %s already exists') % permission_name
            form.permission_name.errors.append(msg)
            validate_result = False

        if validate_result:
            with transaction.manager:
                permission_model.update_permission(
                    permission_id=permission.permission_id,
                    permission_name=permission_name, 
                    description=description, 
                )
            
            msg = _(u"Permission ${permission_name} has been updated", 
                    mapping=dict(permission_name=permission_name))
            request.add_flash(msg, 'success')
            url = request.route_url('admin.permission_edit', 
                                    permission_name=permission_name)
            return HTTPFound(location=url)
        
    return dict(form=form, permission=permission)
Exemplo n.º 6
0
def group_create(request):
    _ = get_localizer(request)
    
    group_model = GroupModel(request.db_session)
    permission_model = PermissionModel(request.db_session)
    
    factory = FormFactory(_)
    GroupCreateForm = factory.make_group_create_form()
    form = GroupCreateForm(request.params)
    
    permissions = permission_model.get_list()
    form.permissions.choices = [
        (str(p.permission_id), p.permission_name) 
        for p in permissions
    ]
    
    if request.method == 'POST':
        check_csrf_token(request)
        
        validate_result = form.validate()
        group_name = request.params['group_name']
        display_name = request.params['display_name']
        permissions = request.params.getall('permissions')
        
        by_name = group_model.get_by_name(group_name)
        if by_name is not None:
            msg = _(u'Group name %s already exists') % group_name
            form.group_name.errors.append(msg)
            validate_result = False

        if validate_result:
            with transaction.manager:
                group_id = group_model.create(
                    group_name=group_name, 
                    display_name=display_name, 
                )
                group_model.update_permissions(
                    group_id=group_id, 
                    permission_ids=permissions,
                )
            
            msg = _(u"Group ${group_name} has been created", 
                    mapping=dict(group_name=group_name))
            request.add_flash(msg, 'success')
            return HTTPFound(location=request.route_url('admin.group_list'))
    
    return dict(form=form)
Exemplo n.º 7
0
def user_edit(request):
    _ = get_localizer(request)
    
    user_model = UserModel(request.db_session)
    group_model = GroupModel(request.db_session)
    
    user_name = request.matchdict['user_name']
    user = user_model.get_by_name(user_name)
    if user is None:
        msg = _(u'User %s does not exists') % user_name
        return HTTPNotFound(msg)
    user_groups = [str(g.group_id) for g in user.groups]
    
    factory = FormFactory(_)
    UserEditForm = factory.make_user_edit_form()
    form = UserEditForm(
        request.params, 
        display_name=user.display_name,
        email=user.email,
        groups=user_groups
    )
    
    groups = group_model.get_list()
    form.groups.choices = [
        (str(g.group_id), '%s - %s' % (g.group_name, g.display_name), ) 
        for g in groups
    ]
    
    if request.method == 'POST':
        check_csrf_token(request)
        
        validate_result = form.validate()
        display_name = request.params['display_name']
        password = request.params['password']
        email = request.params['email']
        groups = request.params.getall('groups')
        
        by_email = user_model.get_by_email(email)
        if by_email is not None and email != user.email:
            msg = _(u'Email %s already exists') % email
            form.email.errors.append(msg)
            validate_result = False
        
        if validate_result:
            with transaction.manager:
                user_model.update_user(
                    user_id=user.user_id,
                    display_name=display_name,
                    email=email,
                )
                if password:
                    user_model.update_password(user.user_id, password)
                user_model.update_groups(user.user_id, map(int, groups))
            
            msg = _(u"User ${user_name} has been updated", 
                    mapping=dict(user_name=user_name))
            request.add_flash(msg, 'success')
            url = request.route_url('admin.user_edit', 
                                    user_name=user.user_name)
            return HTTPFound(location=url)
    
    return dict(form=form, user=user)
Exemplo n.º 8
0
def register(request):
    _ = get_localizer(request)
    settings = request.registry.settings
    
    user_model = UserModel(request.db_session)
    
    factory = FormFactory(_)
    RegisterForm = factory.make_register_form()
    form = RegisterForm(request.params)
    
    if request.method == 'POST':
        check_csrf_token(request)
        
        validate_result = form.validate()
        user_name = request.params['user_name']
        password = request.params['password']
        email = request.params['email']

        black_domain = set(settings.get('email_black_domain_list', []))
        domain = email.split('@')[-1].lower()
        if domain in black_domain:
            msg = _(u'Invalid email address')
            form.email.errors.append(msg)
            validate_result = False
        
        by_name = user_model.get_by_name(user_name)
        if by_name is not None:
            msg = _(u'Username %s already exists') % user_name
            form.user_name.errors.append(msg)
            validate_result = False
            
        by_email = user_model.get_by_email(email)
        if by_email is not None:
            msg = _(u'Email %s already exists') % email
            form.email.errors.append(msg)
            validate_result = False

        if validate_result:
            with transaction.manager:
                
                user_id = user_model.create(
                    user_name=user_name,
                    display_name=user_name,
                    password=password,
                    email=email,
                )
                
                auth_secret_key = settings['auth_secret_key']
                code = user_model.get_verification_code(
                    user_id=user_id, 
                    verify_type='create_user',
                    secret=auth_secret_key
                )
                link = request.route_url(
                    'account.activate', 
                    user_name=user_name, 
                    code=code
                )
                params = dict(link=link, user_name=user_name)
                html = render_mail(
                    request, 
                    'ez2pay:templates/mails/register_link.genshi', 
                    params
                )
                
                subject = _('ez2pay account activation')
                send_mail(
                    request=request,
                    subject=subject,
                    to_addresses=[email],
                    format='html',
                    body=html
                )
            
            msg = _(u"User ${user_name} has been registered", 
                    mapping=dict(user_name=user_name))
            request.add_flash(msg, 'success')
            return HTTPFound(location=request.route_url('account.check_mailbox'))
    
    return dict(form=form)