def profile_edit():
form = ProfileForm(obj=g.user)
form.edit_obj = g.user
if form.validate_on_submit():
form.populate_obj(g.user)
db.session.commit()
next_url = get_next_url()
if next_url is not None:
return render_redirect(next_url)
else:
flash("Your profile was successfully edited.", category='info')
return render_redirect(url_for('profile'), code=303)
return render_form(form, title="Edit profile", formid="profile_edit", submit="Save changes", ajax=True)
def client_edit(key):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
form = RegisterClientForm(obj=client)
form.edit_obj = client
form.client_owner.choices = available_client_owners()
if request.method == 'GET':
if client.user:
form.client_owner.data = client.user.userid
else:
form.client_owner.data = client.org.userid
if form.validate_on_submit():
if client.user != form.user or client.org != form.org:
# Ownership has changed. Remove existing permission assignments
for perm in UserClientPermissions.query.filter_by(client=client).all():
db.session.delete(perm)
for perm in TeamClientPermissions.query.filter_by(client=client).all():
db.session.delete(perm)
flash("This application’s owner has changed, so all previously assigned permissions "
"have been revoked", "warning")
form.populate_obj(client)
client.user = form.user
client.org = form.org
if not client.team_access:
# This client does not have access to teams in organizations. Remove all existing assignments
for cta in ClientTeamAccess.query.filter_by(client=client).all():
db.session.delete(cta)
db.session.commit()
return render_redirect(url_for('client_info', key=client.key), code=303)
return render_form(form=form, title="Edit application", formid="client_edit",
submit="Save changes", ajax=True)
def login():
# If user is already logged in, send them back
if g.user:
return redirect(get_next_url(referrer=True), code=303)
loginform = LoginForm()
openidform = OpenIdForm(csrf_session_key='csrf_openid')
if request.method == 'GET':
openidform.openid.data = 'http://'
formid = request.form.get('form.id')
if request.method == 'POST' and formid == 'openid':
if openidform.validate():
return oid.try_login(openidform.openid.data,
ask_for=['email', 'fullname', 'nickname'])
elif request.method == 'POST' and formid == 'login':
if loginform.validate():
user = loginform.user
login_internal(user)
if loginform.remember.data:
session.permanent = True
else:
session.permanent = False
flash('You are now logged in', category='info')
return render_redirect(get_next_url(), code=303)
if request.is_xhr and formid == 'login':
return render_template('forms/loginform.html', loginform=loginform)
else:
return render_template('login.html', openidform=openidform, loginform=loginform,
oiderror=oid.fetch_error(), oidnext=oid.get_next_url())
def add_email():
form = NewEmailAddressForm()
if form.validate_on_submit():
useremail = UserEmailClaim(user=g.user, email=form.email.data)
db.session.add(useremail)
db.session.commit()
send_email_verify_link(useremail)
flash("We sent you an email to confirm your address.", "info")
return render_redirect(url_for('profile'), code=303)
return render_form(form=form, title="Add an email address", formid="email_add", submit="Add email", ajax=True)
def remove_email(md5sum):
useremail = UserEmail.query.filter_by(md5sum=md5sum, user=g.user).first()
if not useremail:
useremail = UserEmailClaim.query.filter_by(md5sum=md5sum, user=g.user).first_or_404()
if isinstance(useremail, UserEmail) and useremail.primary:
flash("You cannot remove your primary email address", "error")
return render_redirect(url_for('profile'), code=303)
return render_delete(useremail, title="Confirm removal", message="Remove email address %s?" % useremail,
success="You have removed your email address %s." % useremail,
next=url_for('profile'))
def add_phone():
form = NewPhoneForm()
if form.validate_on_submit():
userphone = UserPhoneClaim(user=g.user, phone=form.phone.data)
db.session.add(userphone)
send_phone_verify_code(userphone)
db.session.commit()
flash("We sent a verification code to your phone number.", "info")
return render_redirect(url_for('verify_phone', number=userphone.phone), code=303)
return render_form(form=form, title="Add a phone number", formid="phone_add", submit="Add phone", ajax=True)
def org_new():
form = OrganizationForm()
form.edit_obj = None
if form.validate_on_submit():
org = Organization()
form.populate_obj(org)
org.owners.users.append(g.user)
db.session.add(org)
db.session.commit()
return render_redirect(url_for('org_info', name=org.name), code=303)
return render_form(form=form, title="New Organization", formid="org_new", submit="Create", ajax=False)
def change_password():
if g.user.pw_hash is None:
form = PasswordResetForm()
else:
form = PasswordChangeForm()
if form.validate_on_submit():
g.user.password = form.password.data
db.session.commit()
flash("Your new password has been saved.", category='info')
return render_redirect(url_for('profile'), code=303)
return render_form(form=form, title="Change password", formid="changepassword", submit="Change password", ajax=True)
def org_edit(name):
org = Organization.query.filter_by(name=name).first_or_404()
if g.user not in org.owners.users:
abort(403)
form = OrganizationForm(obj=org)
form.edit_obj = org
if form.validate_on_submit():
form.populate_obj(org)
db.session.commit()
return render_redirect(url_for('org_info', name=org.name), code=303)
return render_form(form=form, title="New Organization", formid="org_edit", submit="Save", ajax=False)
def team_new(name):
org = Organization.query.filter_by(name=name).first_or_404()
if g.user not in org.owners.users:
abort(403)
form = TeamForm()
if form.validate_on_submit():
team = Team(org=org)
form.populate_obj(team)
db.session.add(team)
db.session.commit()
return render_redirect(url_for('org_info', name=org.name), code=303)
return render_form(form=form, title=u"Create new team", formid='team_new', submit="Create", ajax=False)
def team_edit(name, userid):
org = Organization.query.filter_by(name=name).first_or_404()
if g.user not in org.owners.users:
abort(403)
team = Team.query.filter_by(org=org, userid=userid).first_or_404()
form = TeamForm(obj=team)
form.edit_obj = team
if form.validate_on_submit():
form.populate_obj(team)
db.session.commit()
return render_redirect(url_for('org_info', name=org.name), code=303)
return render_form(form=form, title=u"Edit team: %s" % team.title, formid='team_edit', submit="Save", ajax=False)
def resource_new(key):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
form = ResourceForm()
form.edit_id = None
if form.validate_on_submit():
resource = Resource(client=client)
form.populate_obj(resource)
db.session.add(resource)
db.session.commit()
flash("Your new resource has been saved", "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Define a resource", formid="resource_new", submit="Define resource", ajax=True)
def permission_new():
form = PermissionForm()
form.context.choices = available_client_owners()
if request.method == 'GET':
form.context.data = g.user.userid
if form.validate_on_submit():
perm = Permission()
form.populate_obj(perm)
perm.user = form.user
perm.org = form.org
perm.allusers = False
db.session.add(perm)
db.session.commit()
flash("Your new permission has been defined", "info")
return render_redirect(url_for('permission_list'), code=303)
return render_form(form=form, title="Define a new permission", formid="perm_new",
submit="Define new permission", ajax=True)
def resource_action_new(key, idr):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
resource = Resource.query.get_or_404(idr)
if resource.client != client:
abort(403)
form = ResourceActionForm()
form.edit_id = None
form.edit_resource = resource
if form.validate_on_submit():
action = ResourceAction(resource=resource)
form.populate_obj(action)
db.session.add(action)
db.session.commit()
flash("Your new action has been saved", "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Define an action", formid="action_new", submit="Define action", ajax=True)
def verify_phone(number):
phoneclaim = UserPhoneClaim.query.filter_by(phone=number).first_or_404()
if phoneclaim.user != g.user:
abort(403)
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if not g.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=g.user, phone=phoneclaim.phone, gets_text=True, primary=primary)
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash("Your phone number has been verified.", "info")
return render_redirect(url_for('profile'), code=303)
return render_form(form=form, title="Verify phone number", formid="phone_verify", submit="Verify", ajax=True)
def client_new():
form = RegisterClientForm()
form.client_owner.choices = available_client_owners()
if request.method == 'GET':
form.client_owner.data = g.user.userid
if form.validate_on_submit():
client = Client()
form.populate_obj(client)
client.user = form.user
client.org = form.org
client.trusted = False
db.session.add(client)
db.session.commit()
return render_redirect(url_for('client_info', key=client.key), code=303)
return render_form(form=form, title="Register a new client application",
formid="client_new", submit="Register application", ajax=True)
def permission_user_new(key):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
if client.user:
available_perms = Permission.query.filter(db.or_(
Permission.allusers == True,
Permission.user == g.user)).order_by('name').all()
form = UserPermissionAssignForm()
elif client.org:
available_perms = Permission.query.filter(db.or_(
Permission.allusers == True,
Permission.org == client.org)).order_by('name').all()
form = TeamPermissionAssignForm()
form.org = client.org
form.team_id.choices = [(team.userid, team.title) for team in client.org.teams]
else:
abort(403) # This should never happen. Clients always have an owner.
form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
if form.validate_on_submit():
perms = set()
if client.user:
permassign = UserClientPermissions.query.filter_by(user=form.user, client=client).first()
if permassign:
perms.update(permassign.permissions.split(u' '))
else:
permassign = UserClientPermissions(user=form.user, client=client)
db.session.add(permassign)
else:
permassign = TeamClientPermissions.query.filter_by(team=form.team, client=client).first()
if permassign:
perms.update(permassign.permissions.split(u' '))
else:
permassign = TeamClientPermissions(team=form.team, client=client)
db.session.add(permassign)
perms.update(form.perms.data)
permassign.permissions = u' '.join(sorted(perms))
db.session.commit()
if client.user:
flash("Permissions have been assigned to user %s" % form.user.pickername, "info")
else:
flash("Permissions have been assigned to team '%s'" % permassign.team.pickername, "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Assign permissions", formid="perm_assign", submit="Assign permissions", ajax=True)
def resource_edit(key, idr):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
resource = Resource.query.get_or_404(idr)
if resource.client != client:
abort(403)
form = ResourceForm()
form.edit_id = idr
if request.method == 'GET':
form.name.data = resource.name
form.title.data = resource.title
form.description.data = resource.description
form.siteresource.data = resource.siteresource
if form.validate_on_submit():
form.populate_obj(resource)
db.session.commit()
flash("Your resource has been edited", "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Edit resource", formid="resource_edit", submit="Save changes", ajax=True)
def permission_user_edit(key, userid):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
if client.user:
user = User.query.filter_by(userid=userid).first_or_404()
available_perms = Permission.query.filter(db.or_(
Permission.allusers == True,
Permission.user == g.user)).order_by('name').all()
permassign = UserClientPermissions.query.filter_by(user=user, client=client).first_or_404()
elif client.org:
team = Team.query.filter_by(userid=userid).first_or_404()
available_perms = Permission.query.filter(db.or_(
Permission.allusers == True,
Permission.org == client.org)).order_by('name').all()
permassign = TeamClientPermissions.query.filter_by(team=team, client=client).first_or_404()
form = PermissionEditForm()
form.perms.choices = [(ap.name, u"%s – %s" % (ap.name, ap.title)) for ap in available_perms]
if request.method == 'GET':
if permassign:
form.perms.data = permassign.permissions.split(u' ')
if form.validate_on_submit():
form.perms.data.sort()
perms = u' '.join(form.perms.data)
if not perms:
db.session.delete(permassign)
else:
permassign.permissions = perms
db.session.commit()
if perms:
if client.user:
flash("Permissions have been updated for user %s" % user.pickername, "info")
else:
flash("Permissions have been updated for team '%s'" % team.title, "info")
else:
if client.user:
flash("All permissions have been revoked for user %s" % user.pickername, "info")
else:
flash("All permissions have been revoked for team '%s'" % team.title, "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Edit permissions", formid="perm_edit", submit="Save changes", ajax=True)
def permission_edit(id):
perm = Permission.query.get_or_404(id)
if not perm.owner_is(g.user):
abort(403)
form = PermissionForm(obj=perm)
form.context.choices = available_client_owners()
form.edit_obj = perm
if request.method == 'GET':
if perm.user:
form.context.data = perm.user.userid
else:
form.context.data = perm.org.userid
if form.validate_on_submit():
form.populate_obj(perm)
perm.user = form.user
perm.org = form.org
db.session.commit()
flash("Your permission has been saved", "info")
return render_redirect(url_for('permission_list'), code=303)
return render_form(form=form, title="Edit permission", formid="perm_edit",
submit="Save changes", ajax=True)
def client_team_access(key):
client = Client.query.filter_by(key=key).first_or_404()
form = ClientTeamAccessForm()
user_orgs = g.user.organizations_owned()
form.organizations.choices = [(org.userid, org.title) for org in user_orgs]
org_selected = [org.userid for org in user_orgs if client in org.clients_with_team_access()]
if request.method == 'GET':
form.organizations.data = org_selected
if form.validate_on_submit():
org_del = Organization.query.filter(Organization.userid.in_(
set(org_selected) - set(form.organizations.data))).all()
org_add = Organization.query.filter(Organization.userid.in_(
set(form.organizations.data) - set(org_selected))).all()
cta_del = ClientTeamAccess.query.filter_by(client=client).filter(
ClientTeamAccess.org_id.in_([org.id for org in org_del])).all()
for cta in cta_del:
db.session.delete(cta)
for org in org_add:
cta = ClientTeamAccess(org=org, client=client, access_level=CLIENT_TEAM_ACCESS.ALL)
db.session.add(cta)
db.session.commit()
flash("You have assigned access to teams in your organizations for this app.", "info")
return render_redirect(url_for('client_info', key=key), code=303)
return render_form(form=form, title="Select organizations", submit="Save", ajax=True)
