def rb_merge_users(new_id, old_id):
"""Updates RB data after an Avatar merge
:param new_id: Target user
:param old_id: Source user (being deleted in the merge)
"""
from indico.modules.rb import settings as rb_settings
from indico.modules.rb.models.blocking_principals import BlockingPrincipal
from indico.modules.rb.models.blockings import Blocking
from indico.modules.rb.models.reservations import Reservation
from indico.modules.rb.models.rooms import Room
old_user = User.get(int(old_id))
new_user = User.get(int(new_id))
for bp in BlockingPrincipal.find():
if bp.principal == old_user:
bp.principal = new_user
Blocking.find(created_by_id=old_id).update({'created_by_id': new_id})
Reservation.find(created_by_id=old_id).update({'created_by_id': new_id})
Reservation.find(booked_for_id=old_id).update({'booked_for_id': new_id})
Room.find(owner_id=old_id).update({'owner_id': new_id})
for key in ('authorized_principals', 'admin_principals'):
principals = rb_settings.get(key)
principals = principals_merge_users(principals, new_id, old_id)
rb_settings.set(key, principals)
def rb_merge_users(new_id, old_id):
"""Updates RB data after an Avatar merge
:param new_id: Target user
:param old_id: Source user (being deleted in the merge)
"""
from indico.modules.rb import settings as rb_settings
from indico.modules.rb.models.blocking_principals import BlockingPrincipal
from indico.modules.rb.models.blockings import Blocking
from indico.modules.rb.models.reservations import Reservation
from indico.modules.rb.models.rooms import Room
old_user = User.get(int(old_id))
new_user = User.get(int(new_id))
for bp in BlockingPrincipal.find():
if bp.principal == old_user:
bp.principal = new_user
Blocking.find(created_by_id=old_id).update({'created_by_id': new_id})
Reservation.find(created_by_id=old_id).update({'created_by_id': new_id})
Reservation.find(booked_for_id=old_id).update({'booked_for_id': new_id})
Room.find(owner_id=old_id).update({'owner_id': new_id})
for key in ('authorized_principals', 'admin_principals'):
principals = rb_settings.get(key)
principals = principals_merge_users(principals, new_id, old_id)
rb_settings.set(key, principals)
def migrate_system_user(self):
if self.system_user_id is not None:
user = User.get(self.system_user_id, is_deleted=False)
if not user:
raise Exception('Invalid system_user user id')
user.is_system = True
self.print_success('Using existing system user: {}'.format(user), always=True)
return
user_id = 0 if not User.get(0) else None
db.session.add(User(id=user_id, is_system=True, first_name='Indico', last_name='System'))
db.session.flush()
self.print_success('Added new system user: {}'.format(User.get_system_user()), always=True)
def migrate_chatrooms(self):
print cformat('%{white!}migrating chatrooms')
default_server = ChatPlugin.settings.get('muc_server')
chatrooms = {}
for old_room in committing_iterator(
self.chat_root['indexByID']._data.itervalues()):
has_custom_server = not old_room._createdInLocalServer and old_room._host != default_server
custom_server = convert_to_unicode(
old_room._host) if has_custom_server else ''
identifier = (custom_server, old_room._name.lower())
room = chatrooms.get(identifier)
if room:
print cformat(
'- %{cyan}{} %{yellow!}DUPLICATE%{reset}').format(
room.name)
else:
user = User.get(int(old_room._owner.id)) or User.get(
Config.getInstance().getJanitorUserId())
room = Chatroom(
jid_node=convert_to_unicode(old_room._name.lower()),
name=convert_to_unicode(old_room._name),
description=convert_to_unicode(old_room._description),
password=convert_to_unicode(old_room._password),
custom_server=custom_server,
created_by_user=user,
created_dt=old_room._creationDate,
modified_dt=old_room._modificationDate)
chatrooms[identifier] = room
db.session.add(room)
print cformat('- %{cyan}{}').format(room.name)
if room.custom_server:
print cformat(
' %{blue!}Custom server:%{reset} {}').format(
room.custom_server)
events = set()
for event in old_room._conferences:
assoc = ChatroomEventAssociation(
event_id=int(event),
chatroom=room,
hidden=not old_room._showRoom,
show_password=old_room._showPass)
db.session.add(assoc)
events.add(assoc.event_id)
if events:
print cformat(' %{blue!}Events:%{reset} {}').format(', '.join(
map(unicode, events)))
else:
print cformat(' %{yellow!}no events%{reset}')
def _get_breadcrumbs(self):
if 'user_id' in request.view_args:
user = User.get(request.view_args['user_id'])
profile_breadcrumb = _('Profile of {name}').format(name=user.full_name)
else:
profile_breadcrumb = _('My Profile')
return render_breadcrumbs(profile_breadcrumb)
def retrieve_principal(principal):
from indico.modules.users import User
type_, id_ = principal
if type_ in {'Avatar', 'User'}:
return User.get(int(id_))
else:
raise ValueError('Unexpected type: {}'.format(type_))
def _getAnswer(self):
for fossil in self._userList:
user = User.get(int(fossil['id']))
if user is not None:
user.is_admin = True
admins = User.find(is_admin=True, is_deleted=False).order_by(User.first_name, User.last_name).all()
return fossilize([u.as_avatar for u in admins])
def retrieve_principal(principal):
from indico.modules.users import User
type_, id_ = principal
if type_ in {'Avatar', 'User'}:
return User.get(int(id_))
else:
raise ValueError('Unexpected type: {}'.format(type_))
def migrate_groups(self):
print cformat('%{white!}migrating groups')
for old_group in committing_iterator(self.zodb_root['groups'].itervalues()):
if old_group.__class__.__name__ != 'Group':
continue
group = LocalGroup(id=int(old_group.id), name=convert_to_unicode(old_group.name).strip())
print cformat('%{green}+++%{reset} %{white!}{:6d}%{reset} %{cyan}{}%{reset}').format(group.id, group.name)
members = set()
for old_member in old_group.members:
if old_member.__class__.__name__ != 'Avatar':
print cformat('%{yellow!}!!! Unsupported group member type: {}').format(
old_member.__class__.__name__)
continue
user = User.get(int(old_member.id))
if user is None:
print cformat('%{yellow!}!!! User not found: {}').format(old_member.id)
continue
while user.merged_into_user:
user = user.merged_into_user
if user.is_deleted:
print cformat('%{yellow!}!!! User deleted: {}').format(user.id)
continue
members.add(user)
for member in sorted(members, key=attrgetter('full_name')):
print cformat('%{blue!}<->%{reset} %{white!}{:6d} %{yellow}{} ({})').format(
member.id, member.full_name, member.email)
group.members = members
db.session.add(group)
def _original_user(self):
# A proper user, with an id that can be mapped directly to sqlalchemy
if isinstance(self.id, int) or self.id.isdigit():
return User.get(int(self.id))
# A user who had no real indico account but an ldap identifier/email.
# In this case we try to find his real user and replace the ID of this object
# with that user's ID.
data = self.id.split(':')
# TODO: Once everything is in SQLAlchemy this whole thing needs to go away!
user = None
if data[0] == 'LDAP':
identifier = data[1]
email = data[2]
# You better have only one ldap provider or at least different identifiers ;)
identity = Identity.find_first(Identity.provider != 'indico', Identity.identifier == identifier)
if identity:
user = identity.user
elif data[0] == 'Nice':
email = data[1]
else:
return None
if not user:
user = User.find_first(User.all_emails.contains(email))
if user:
self._old_id = self.id
self.id = str(user.id)
logger.info("Updated legacy user id (%s => %s)", self._old_id, self.id)
return user
def _process(self):
users = [User.get(int(id_)) for id_ in request.form.getlist('user_id')]
self.user.favorite_users |= set(filter(None, users))
tpl = get_template_module('users/_favorites.html')
return jsonify(success=True,
users=[serialize_user(user) for user in users],
html=tpl.favorite_users_list(self.user))
def _checkParams(self):
if not session.user:
return
self.user = session.user
if 'user_id' in request.view_args:
self.user = User.get(request.view_args['user_id'])
if self.user is None:
raise NotFound('This user does not exist')
elif request.method == 'GET' and not request.is_xhr and self.flash_user_status:
# Show messages about the user's status if it's a simple GET request
if self.user.is_deleted:
if self.user.merged_into_id is not None:
msg = _(
'This user has been merged into <a href="{url}">another user</a>.'
)
flash(
Markup(msg).format(url=url_for(
request.endpoint, self.user.merged_into_user)),
'warning')
else:
flash(_('This user is marked as deleted.'), 'warning')
if self.user.is_pending:
flash(
_('This user is marked as pending, i.e. it has been attached to something but never '
'logged in.'), 'warning')
def user(self):
user_id = self.get('_user_id')
user = User.get(user_id) if user_id is not None else None
if user and user.is_deleted:
merged_into_user = user.merged_into_user
user = None
# If the user is deleted and the request is likely to be seen by
# the user, we forcefully log him out and inform him about it.
if not request.is_xhr and request.blueprint != 'assets':
self.clear()
if merged_into_user:
msg = _(
'Your profile has been merged into <strong>{}</strong>. Please log in using that profile.'
)
flash(
Markup(msg).format(merged_into_user.full_name),
'warning')
else:
flash(_('Your profile has been deleted.'), 'error')
elif user and user.is_blocked:
user = None
if not request.is_xhr and request.blueprint != 'assets':
self.clear()
flash(_('Your Indico profile has been blocked.'), 'error')
return user
def _original_user(self):
# A proper user, with an id that can be mapped directly to sqlalchemy
if isinstance(self.id, int) or self.id.isdigit():
return User.get(int(self.id))
# A user who had no real indico account but an ldap identifier/email.
# In this case we try to find his real user and replace the ID of this object
# with that user's ID.
data = self.id.split(':')
# TODO: Once everything is in SQLAlchemy this whole thing needs to go away!
user = None
if data[0] == 'LDAP':
identifier = data[1]
email = data[2]
# You better have only one ldap provider or at least different identifiers ;)
identity = Identity.find_first(Identity.provider != 'indico', Identity.identifier == identifier)
if identity:
user = identity.user
elif data[0] == 'Nice':
email = data[1]
else:
return None
if not user:
user = User.find_first(User.all_emails.contains(email))
if user:
self._old_id = self.id
self.id = str(user.id)
logger.info("Updated legacy user id (%s => %s)", self._old_id, self.id)
return user
def _create_user(self, form, handler):
data = form.data
existing_user_id = session.get('register_pending_user')
if existing_user_id:
# Get pending user and set it as non-pending
user = User.get(existing_user_id)
user.is_pending = False
else:
user = User(first_name=data['first_name'], last_name=data['last_name'], email=data['email'],
address=data.get('address', ''), phone=data.get('phone', ''), affiliation=data['affiliation'])
identity = handler.create_identity(data)
user.identities.add(identity)
user.secondary_emails = handler.extra_emails - {user.email}
user.favorite_users.add(user)
db.session.add(user)
minfo = HelperMaKaCInfo.getMaKaCInfoInstance()
timezone = session.timezone
if timezone == 'LOCAL':
timezone = minfo.getTimezone()
user.settings.set('timezone', timezone)
user.settings.set('lang', session.lang or minfo.getLang())
handler.update_user(user, form)
db.session.flush()
login_user(user, identity)
msg = _('You have sucessfully registered your Indico profile. '
'Check <a href="{url}">your profile</a> for further details and settings.')
flash(Markup(msg).format(url=url_for('users.user_profile')), 'success')
return handler.redirect_success()
def _checkParams(self):
AdminService._checkParams(self)
pm = ParameterManager(self._params)
user_id = pm.extract("userId", pType=int, allowEmpty=False)
self._user = User.get(user_id)
if self._user is None:
raise NoReportError(_("The user that you are trying to login as does not exist anymore in the database"))
def migrate_groups(self):
print cformat('%{white!}migrating groups')
for old_group in committing_iterator(self.zodb_root['groups'].itervalues()):
if old_group.__class__.__name__ != 'Group':
continue
group = LocalGroup(id=int(old_group.id), name=convert_to_unicode(old_group.name).strip())
print cformat('%{green}+++%{reset} %{white!}{:6d}%{reset} %{cyan}{}%{reset}').format(group.id, group.name)
members = set()
for old_member in old_group.members:
if old_member.__class__.__name__ != 'Avatar':
print cformat('%{yellow!}!!! Unsupported group member type: {}').format(
old_member.__class__.__name__)
continue
user = User.get(int(old_member.id))
if user is None:
print cformat('%{yellow!}!!! User not found: {}').format(old_member.id)
continue
while user.merged_into_user:
user = user.merged_into_user
if user.is_deleted:
print cformat('%{yellow!}!!! User deleted: {}').format(user.id)
continue
members.add(user)
for member in sorted(members, key=attrgetter('full_name')):
print cformat('%{blue!}<->%{reset} %{white!}{:6d} %{yellow}{} ({})').format(
member.id, member.full_name, member.email)
group.members = members
db.session.add(group)
def retrieve_principal(principal, allow_groups=True, legacy=True):
"""Retrieves principal object from a `(type, id)` tuple.
Valid principal types are 'Avatar', 'User' and 'Group'.
:param principal: The principal (a tuple/list)
:param allow_groups: If group principals are allowed
:param legacy: If legacy wrappers or new objects should be returned.
"""
from indico.modules.groups import GroupProxy
from indico.modules.groups.legacy import LocalGroupWrapper, LDAPGroupWrapper
from indico.modules.users import User
type_, id_ = principal
if type_ in {'Avatar', 'User'}:
user = User.get(int(id_))
if not user:
return None
return user.as_avatar if legacy else user
elif type_ == 'Group' and allow_groups:
if isinstance(id_, (int, basestring)): # legacy group
group = LocalGroupWrapper(id_) if unicode(
id_).isdigit() else LDAPGroupWrapper(id_)
return group if legacy else group.group
else: # new group
provider, name_or_id = id_
group = GroupProxy(name_or_id, provider)
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected type: {}'.format(type_))
def _getNavigationDrawer(self):
if "user_id" in request.view_args:
user = User.get(request.view_args["user_id"])
profile_breadcrumb = _("Profile of {name}").format(name=user.full_name)
else:
profile_breadcrumb = _("My Profile")
return WSimpleNavigationDrawer(profile_breadcrumb)
def retrieve_principal(principal, allow_groups=True, legacy=True):
"""Retrieves principal object from a `(type, id)` tuple.
Valid principal types are 'Avatar', 'User' and 'Group'.
:param principal: The principal (a tuple/list)
:param allow_groups: If group principals are allowed
:param legacy: If legacy wrappers or new objects should be returned.
"""
from indico.modules.groups import GroupProxy
from indico.modules.groups.legacy import LocalGroupWrapper, LDAPGroupWrapper
from indico.modules.users import User
type_, id_ = principal
if type_ in {'Avatar', 'User'}:
user = User.get(int(id_))
if not user:
return None
return user.as_avatar if legacy else user
elif type_ == 'Group' and allow_groups:
if isinstance(id_, (int, basestring)): # legacy group
group = LocalGroupWrapper(id_) if unicode(id_).isdigit() else LDAPGroupWrapper(id_)
return group if legacy else group.group
else: # new group
provider, name_or_id = id_
group = GroupProxy(name_or_id, provider)
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected type: {}'.format(type_))
def _get_breadcrumbs(self):
if 'user_id' in request.view_args:
user = User.get(request.view_args['user_id'])
profile_breadcrumb = _('Profile of {name}').format(name=user.full_name)
else:
profile_breadcrumb = _('My Profile')
return render_breadcrumbs(profile_breadcrumb)
def _getNavigationDrawer(self):
if 'user_id' in request.view_args:
user = User.get(request.view_args['user_id'])
profile_breadcrumb = _('Profile of {name}').format(name=user.full_name)
else:
profile_breadcrumb = _('My Profile')
return WSimpleNavigationDrawer(profile_breadcrumb)
def _getNavigationDrawer(self):
if 'user_id' in request.view_args:
user = User.get(request.view_args['user_id'])
profile_breadcrumb = _('Profile of {name}').format(name=user.full_name)
else:
profile_breadcrumb = _('My Profile')
return WSimpleNavigationDrawer(profile_breadcrumb)
def _checkParams(self):
AdminService._checkParams(self)
pm = ParameterManager(self._params)
user_id = pm.extract("userId", pType=int, allowEmpty=False)
self._user = User.get(user_id)
if self._user is None:
raise NoReportError(_("The user that you are trying to login as does not exist anymore in the database"))
def verify_signed_user_url(url, method):
"""Verify a signed URL and extract the associated user.
:param url: the full relative URL of the request, including the query string
:param method: the HTTP method of the request
:return: the user associated with the signed link or `None` if no token was provided
:raise Forbidden: if a token is present but invalid
"""
from indico.modules.users import User
parsed = url_parse(url)
params = url_decode(parsed.query)
try:
user_id, signature = params.pop('user_token').split('_', 1)
user_id = int(user_id)
except KeyError:
return None
except ValueError:
raise BadRequest(_('The persistent link you used is invalid.'))
url = url_unparse(
('', '', parsed.path, url_encode(params, sort=False), parsed.fragment))
user = User.get(user_id)
if not user:
raise BadRequest(_('The persistent link you used is invalid.'))
signer = _get_user_url_signer(user)
signature_data = f'{method}:{user.id}:{url}'
if not signer.verify_signature(signature_data.encode(), signature):
raise BadRequest(_('The persistent link you used is invalid.'))
return user
def principal_from_identifier(identifier, allow_groups=False, allow_external_users=False):
# XXX: this is currently only used in PrincipalList
# if we ever need to support more than just users and groups,
# make sure to add it in here as well
from indico.modules.groups import GroupProxy
from indico.modules.users import User
try:
type_, data = identifier.split(':', 1)
except ValueError:
raise ValueError('Invalid data')
if type_ == 'User':
try:
user_id = int(data)
except ValueError:
raise ValueError('Invalid data')
user = User.get(user_id, is_deleted=False)
if user is None:
raise ValueError('Invalid user: {}'.format(user_id))
return user
elif type_ == 'ExternalUser':
if not allow_external_users:
raise ValueError('External users are not allowed')
cache = GenericCache('external-user')
external_user_data = cache.get(data)
if not external_user_data:
raise ValueError('Invalid data')
user = User.query.filter(User.all_emails == external_user_data['email'], ~User.is_deleted).first()
if user:
return user
# create a pending user. this user isn't sent to the DB unless it gets added
# to the sqlalchemy session somehow (e.g. by adding it to an ACL).
# like this processing form data does not result in something being stored in
# the database, which is good!
return User(first_name=external_user_data['first_name'], last_name=external_user_data['last_name'],
email=external_user_data['email'], affiliation=external_user_data['affiliation'],
address=external_user_data['address'], phone=external_user_data['phone'], is_pending=True)
elif type_ == 'Group':
if not allow_groups:
raise ValueError('Groups are not allowed')
try:
provider, name = data.split(':', 1)
except ValueError:
raise ValueError('Invalid data')
if not provider:
# local group
try:
group_id = int(name)
except ValueError:
raise ValueError('Invalid data')
group = GroupProxy(group_id)
else:
# multipass group
group = GroupProxy(name, provider)
if group.group is None:
raise ValueError('Invalid group: {}'.format(data))
return group
else:
raise ValueError('Invalid data')
def _getAnswer(self):
user = User.get(self._userId)
if user is not None:
user.is_admin = False
admins = User.find(is_admin=True,
is_deleted=False).order_by(User.first_name,
User.last_name).all()
return fossilize([u.as_avatar for u in admins])
def principal_from_fossil(fossil, allow_pending=False, allow_groups=True, legacy=True, allow_missing_groups=False,
allow_emails=False, allow_networks=False):
from indico.modules.networks.models.networks import IPNetworkGroup
from indico.modules.groups import GroupProxy
from indico.modules.users import User
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for (k, v) in data.items()}
email = data['email'].lower()
# check if there is not already a (pending) user with that e-mail
# we need to check for non-pending users too since the search may
# show a user from external results even though the email belongs
# to an indico account in case some of the search criteria did not
# match the indico account
user = User.find_first(User.all_emails.contains(email), ~User.is_deleted)
if not user:
user = User(first_name=data.get('first_name') or '', last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''), phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''), is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError("Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user.as_avatar if legacy else user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_networks and type_ == 'IPNetworkGroup':
group = IPNetworkGroup.get(int(id_))
if group is None:
raise ValueError('IP network group does not exist: {}'.format(id_))
return group
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group.as_legacy_group if legacy else group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(provider, id_))
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def principal_from_fossil(fossil,
allow_pending=False,
allow_groups=True,
legacy=True,
allow_missing_groups=False,
allow_emails=False):
"""Gets a GroupWrapper or AvatarUserWrapper from a fossil"""
from indico.modules.groups import GroupProxy
from indico.modules.users import User
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for (k, v) in data.items()}
email = data['email'].lower()
# check if there is not already a pending user with that e-mail
user = User.find_first(email=email, is_pending=True)
if not user:
user = User(first_name=data.get('first_name') or '',
last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''),
phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''),
is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError(
"Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user.as_avatar if legacy else user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group.as_legacy_group if legacy else group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(
provider, id_))
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def _retrieve_principal(principal):
"""Retrieve a principal from a serialized string defined by a list ``[User, 23]`` or a comma
delimited string like ``User:23``.
"""
from indico.modules.users import User
type_, id_ = principal if isinstance(principal, (list, tuple)) else principal.split(':')
if type_ in {'Avatar', 'User'}:
return User.get(int(id_))
raise ValueError(f'Unexpected type: {type_}')
def _getAnswer(self):
try:
entry = session.pop('login_as_orig_user')
except KeyError:
raise NoReportError(_('No login-as history entry found'))
session.user = User.get(entry['user_id'])
session.update(entry['session_data'])
return True
def export_user(self, user):
if not user:
raise HTTPAPIError('You need to be logged in', 403)
user = User.get(self._user_id, is_deleted=False)
if not user:
raise HTTPAPIError('Requested user not found', 404)
if not user.can_be_modified(user):
raise HTTPAPIError('You do not have access to that info', 403)
return [user.as_avatar.fossilize()]
def _process(self):
user = User.get(int(request.view_args['fav_user_id']))
self.user.favorite_users.discard(user)
try:
db.session.flush()
except StaleDataError:
# Deleted in another transaction
db.session.rollback()
return jsonify(success=True)
def _process(self):
user = User.get(int(request.view_args['fav_user_id']))
self.user.favorite_users.discard(user)
try:
db.session.flush()
except StaleDataError:
# Deleted in another transaction
db.session.rollback()
return jsonify(success=True)
def export_user(self, user):
if not user:
raise HTTPAPIError('You need to be logged in', 403)
user = User.get(self._user_id, is_deleted=False)
if not user:
raise HTTPAPIError('Requested user not found', 404)
if not user.can_be_modified(user):
raise HTTPAPIError('You do not have access to that info', 403)
return [user.as_avatar.fossilize()]
def _getAnswer(self):
try:
entry = session.pop('login_as_orig_user')
except KeyError:
raise NoReportError(_('No login-as history entry found'))
session.user = User.get(entry['user_id'])
session.update(entry['session_data'])
return True
def _getAnswer(self):
for user in self._userList:
spk = conference.SubContribParticipation()
if user["_type"] == "Avatar":
spk.setDataFromAvatar(User.get(int(user['id'])).as_avatar)
elif user["_type"] == "ContributionParticipation":
author_index_author_id = "{} {} {}".format(user['familyName'], user['firstName'], user['email']).lower()
author = self._conf.getAuthorIndex().getById(author_index_author_id)[0]
spk = make_participation_from_obj(author, contrib_participation=spk)
self._subContrib.newSpeaker(spk)
return fossilize(self._subContrib.getSpeakerList(), ISubContribParticipationFullFossil)
def migrate_admins(self):
print cformat('%{white!}migrating admins')
for avatar in committing_iterator(self.zodb_root['adminlist']._AdminList__list):
try:
user = User.get(int(avatar.id))
except ValueError:
continue
if user is None or user.is_deleted:
continue
user.is_admin = True
print cformat('%{green}+++%{reset} %{cyan}{}').format(user)
def export_user(self, user):
from indico.modules.users.schemas import UserSchema
if not user:
raise HTTPAPIError('You need to be logged in', 403)
user = User.get(self._user_id, is_deleted=False)
if not user:
raise HTTPAPIError('Requested user not found', 404)
if not user.can_be_modified(user):
raise HTTPAPIError('You do not have access to that info', 403)
return [UserSchema().dump(user)]
def get_form_defaults(self):
email = session.get('register_verified_email')
existing_user_id = session.get('register_pending_user')
existing_user = User.get(existing_user_id) if existing_user_id else None
data = {'email': email}
if existing_user:
data.update(first_name=existing_user.first_name,
last_name=existing_user.last_name,
affiliation=existing_user.affiliation)
return FormDefaults(**data)
def _process_args(self):
self.identity_info = load_identity_info()
if not self.identity_info or self.identity_info['indico_user_id'] is None:
# Just redirect to the front page or whereever we wanted to go.
# Probably someone simply used his browser's back button.
flash('There is no pending login.', 'warning')
return multipass.redirect_success()
self.user = User.get(self.identity_info['indico_user_id'])
self.emails = sorted(self.user.all_emails & set(self.identity_info['data'].getlist('email')))
self.verification_email_sent = self.identity_info.get('verification_email_sent', False)
self.email_verified = self.identity_info['email_verified']
self.must_choose_email = len(self.emails) != 1 and not self.email_verified
def get_form_defaults(self):
email = session.get('register_verified_email')
existing_user_id = session.get('register_pending_user')
existing_user = User.get(existing_user_id) if existing_user_id else None
data = {'email': email}
if existing_user:
data.update(first_name=existing_user.first_name,
last_name=existing_user.last_name,
affiliation=existing_user.affiliation)
return FormDefaults(**data)
def _process_args(self):
self.identity_info = load_identity_info()
if not self.identity_info or self.identity_info['indico_user_id'] is None:
# Just redirect to the front page or whereever we wanted to go.
# Probably someone simply used his browser's back button.
flash('There is no pending login.', 'warning')
return multipass.redirect_success()
self.user = User.get(self.identity_info['indico_user_id'])
self.emails = sorted(self.user.all_emails & set(self.identity_info['data'].getlist('email')))
self.verification_email_sent = self.identity_info.get('verification_email_sent', False)
self.email_verified = self.identity_info['email_verified']
self.must_choose_email = len(self.emails) != 1 and not self.email_verified
def migrate_chatrooms(self):
print cformat('%{white!}migrating chatrooms')
default_server = ChatPlugin.settings.get('muc_server')
chatrooms = {}
for old_room in committing_iterator(self.chat_root['indexByID']._data.itervalues()):
has_custom_server = not old_room._createdInLocalServer and old_room._host != default_server
custom_server = convert_to_unicode(old_room._host) if has_custom_server else ''
identifier = (custom_server, old_room._name.lower())
room = chatrooms.get(identifier)
if room:
print cformat('- %{cyan}{} %{yellow!}DUPLICATE%{reset}').format(room.name)
else:
user = User.get(int(old_room._owner.id)) or User.get(Config.getInstance().getJanitorUserId())
room = Chatroom(jid_node=convert_to_unicode(old_room._name.lower()),
name=convert_to_unicode(old_room._name),
description=convert_to_unicode(old_room._description),
password=convert_to_unicode(old_room._password),
custom_server=custom_server,
created_by_user=user,
created_dt=old_room._creationDate,
modified_dt=old_room._modificationDate)
chatrooms[identifier] = room
db.session.add(room)
print cformat('- %{cyan}{}').format(room.name)
if room.custom_server:
print cformat(' %{blue!}Custom server:%{reset} {}').format(room.custom_server)
events = set()
for event in old_room._conferences:
assoc = ChatroomEventAssociation(event_id=int(event),
chatroom=room,
hidden=not old_room._showRoom,
show_password=old_room._showPass)
db.session.add(assoc)
events.add(assoc.event_id)
if events:
print cformat(' %{blue!}Events:%{reset} {}').format(', '.join(map(unicode, events)))
else:
print cformat(' %{yellow!}no events%{reset}')
def revoke_admin(user_id):
"""Revokes administration rights from a given user"""
user = User.get(user_id)
if user is None:
print(cformat("%{red}This user does not exist"))
return
_print_user_info(user)
if not user.is_admin:
print(cformat("%{yellow}This user does not have administration rights"))
return
if click.confirm(cformat("%{yellow}Revoke administration rights from this user?")):
user.is_admin = False
db.session.commit()
print(cformat("%{green}Administration rights revoked successfully"))
def grant_admin(user_id):
"""Grants administration rights to a given user"""
user = User.get(user_id)
if user is None:
print(cformat("%{red}This user does not exist"))
return
_print_user_info(user)
if user.is_admin:
print(cformat("%{yellow}This user already has administration rights"))
return
if click.confirm(cformat("%{yellow}Grant administration rights to this user?")):
user.is_admin = True
db.session.commit()
print(cformat("%{green}Administration rights granted successfully"))
def unblock(user_id):
"""Unblock a given user."""
user = User.get(user_id)
if user is None:
print(cformat('%{red}This user does not exist'))
return
_print_user_info(user)
if not user.is_blocked:
print(cformat('%{yellow}This user is not blocked'))
return
if click.confirm(cformat('%{yellow}Unblock this user?')):
user.is_blocked = False
db.session.commit()
print(cformat('%{green}Successfully unblocked user'))
def _make_idref(self, column, value, incoming=False, target_column=None):
"""Generate a ID reference.
When generating an incoming ID reference, `column` must be a PK
and point to the column that is referenced by FKs. In this case
the `value` is ignored since it will be auto-generated by the db
when the new row is isnerted.
Otherwise, exactly one of `column` or `target_column` must be set.
`column` is the column in the current table that has a FK referencing
some other column.
`target_column` is already the column that is referenced by a FK
in the current table.
"""
assert (column is None) != (target_column is None)
if value is None:
return None
if incoming:
assert column.primary_key
assert target_column is None
fullname = '{}.{}'.format(column.table.fullname, column.name)
type_ = 'idref_set'
else:
if target_column is not None:
fullname = '{}.{}'.format(target_column.table.fullname,
target_column.name)
else:
fk = _get_single_fk(column)
fullname = fk.target_fullname
target_column = fk.column
if target_column is User.__table__.c.id and value is not None:
type_ = 'userref'
else:
type_ = 'idref'
uuid = self.id_map[fullname].setdefault(value, self._get_uuid())
if type_ == 'userref' and uuid not in self.users:
user = User.get(value)
self.users[uuid] = None if user.is_system else {
'first_name': user.first_name,
'last_name': user.last_name,
'title': user._title,
'affiliation': user.affiliation,
'phone': user.phone,
'address': user.address,
'email': user.email,
'all_emails': list(user.all_emails)
}
return type_, uuid
def revoke_admin(user_id):
"""Revokes administration rights from a given user"""
user = User.get(user_id)
if user is None:
print(cformat("%{red}This user does not exist"))
return
_print_user_info(user)
if not user.is_admin:
print(cformat("%{yellow}This user does not have administration rights"))
return
if click.confirm(cformat("%{yellow}Revoke administration rights from this user?")):
user.is_admin = False
db.session.commit()
print(cformat("%{green}Administration rights revoked successfully"))
def block(user_id):
"""Block a given user."""
user = User.get(user_id)
if user is None:
print(cformat("%{red}This user does not exist"))
return
_print_user_info(user)
if user.is_blocked:
print(cformat("%{yellow}This user is already blocked"))
return
if click.confirm(cformat("%{yellow}Block this user?")):
user.is_blocked = True
db.session.commit()
print(cformat("%{green}Successfully blocked user"))
def _checkParams(self):
if not session.avatar:
return
self.user = session.user
if 'user_id' in request.view_args:
self.user = User.get(request.view_args['user_id'])
if self.user is None:
raise NotFound('This user does not exist')
elif self.user.is_deleted:
if self.user.merged_into_id is not None:
msg = _('This user has been merged into <a href="{url}">another user</a>.')
flash(Markup(msg).format(url=url_for(request.endpoint, self.user.merged_into_user)), 'warning')
else:
flash(_('This user is marked as deleted.'), 'warning')
def user_grant(user_id):
"""Grants administration rights to a given user"""
user = User.get(user_id)
if user is None:
error("This user does not exist")
return
print_user_info(user)
if user.is_admin:
warning("This user already has administration rights")
return
if prompt_bool(cformat("%{yellow}Grant administration rights to this user?")):
user.is_admin = True
transaction.commit()
success("Administration rights granted successfully")
def user_revoke(user_id):
"""Revokes administration rights from a given user"""
user = User.get(user_id)
if user is None:
error("This user does not exist")
return
print_user_info(user)
if not user.is_admin:
warning("This user does not have administration rights")
return
if prompt_bool(cformat("%{yellow}Revoke administration rights from this user?")):
user.is_admin = False
transaction.commit()
success("Administration rights revoked successfully")
def _make_idref(self, column, value, incoming=False, target_column=None):
"""Generate a ID reference.
When generating an incoming ID reference, `column` must be a PK
and point to the column that is referenced by FKs. In this case
the `value` is ignored since it will be auto-generated by the db
when the new row is isnerted.
Otherwise, exactly one of `column` or `target_column` must be set.
`column` is the column in the current table that has a FK referencing
some other column.
`target_column` is already the column that is referenced by a FK
in the current table.
"""
assert (column is None) != (target_column is None)
if value is None:
return None
if incoming:
assert column.primary_key
assert target_column is None
fullname = '{}.{}'.format(column.table.fullname, column.name)
type_ = 'idref_set'
else:
if target_column is not None:
fullname = '{}.{}'.format(target_column.table.fullname, target_column.name)
else:
fk = _get_single_fk(column)
fullname = fk.target_fullname
target_column = fk.column
if target_column is User.__table__.c.id and value is not None:
type_ = 'userref'
else:
type_ = 'idref'
uuid = self.id_map[fullname].setdefault(value, self._get_uuid())
if type_ == 'userref' and uuid not in self.users:
user = User.get(value)
self.users[uuid] = None if user.is_system else {
'first_name': user.first_name,
'last_name': user.last_name,
'title': user._title,
'affiliation': user.affiliation,
'phone': user.phone,
'address': user.address,
'email': user.email,
'all_emails': list(user.all_emails)
}
return type_, uuid
def principal_from_fossil(fossil, allow_pending=False, allow_groups=True, legacy=True, allow_missing_groups=False,
allow_emails=False):
"""Gets a GroupWrapper or AvatarUserWrapper from a fossil"""
from indico.modules.groups import GroupProxy
from indico.modules.users import User
type_ = fossil['_type']
id_ = fossil['id']
if type_ == 'Avatar':
if isinstance(id_, int) or id_.isdigit():
# regular user
user = User.get(int(id_))
elif allow_pending:
data = GenericCache('pending_identities').get(id_)
if not data:
raise ValueError("Cannot find user '{}' in cache".format(id_))
data = {k: '' if v is None else v for (k, v) in data.items()}
email = data['email'].lower()
# check if there is not already a pending user with that e-mail
user = User.find_first(email=email, is_pending=True)
if not user:
user = User(first_name=data.get('first_name') or '', last_name=data.get('last_name') or '',
email=email,
address=data.get('address', ''), phone=data.get('phone', ''),
affiliation=data.get('affiliation', ''), is_pending=True)
db.session.add(user)
db.session.flush()
else:
raise ValueError("Id '{}' is not a number and allow_pending=False".format(id_))
if user is None:
raise ValueError('User does not exist: {}'.format(id_))
return user.as_avatar if legacy else user
elif allow_emails and type_ == 'Email':
return EmailPrincipal(id_)
elif allow_groups and type_ in {'LocalGroupWrapper', 'LocalGroup'}:
group = GroupProxy(int(id_))
if group.group is None:
raise ValueError('Local group does not exist: {}'.format(id_))
return group.as_legacy_group if legacy else group
elif allow_groups and type_ in {'LDAPGroupWrapper', 'MultipassGroup'}:
provider = fossil['provider']
group = GroupProxy(id_, provider)
if group.group is None and not allow_missing_groups:
raise ValueError('Multipass group does not exist: {}:{}'.format(provider, id_))
return group.as_legacy_group if legacy else group
else:
raise ValueError('Unexpected fossil type: {}'.format(type_))
def migrate_submission(self, old_submission, question_map, timezone):
submission = SurveySubmission()
submitted_dt = old_submission.submissionDate
submission.submitted_dt = submitted_dt if submitted_dt.tzinfo else localize_as_utc(submitted_dt, timezone)
if not old_submission.anonymous and old_submission._submitter:
avatar = old_submission._submitter
with db.session.no_autoflush:
submission.user = User.get(int(avatar.id))
self.print_success(" - Submission from user {}".format(submission.user_id or 'anonymous'))
for old_answer in old_submission._answers:
question = question_map[old_answer._question]
answer = self.migrate_answer(old_answer, question)
submission.answers.append(answer)
question.answers.append(answer)
return submission
def category_suggestions():
if not redis_write_client:
return
while True:
user_id = next_scheduled_check()
if user_id is None:
break
user = User.get(int(user_id))
if user:
for category, score in get_category_scores(user).iteritems():
if score < SUGGESTION_MIN_SCORE:
continue
logger.debug('Suggesting {} with score {:.03} for {}'.format(category, score, user))
suggest(user, 'category', category.getId(), score)
unschedule_check(user_id)
