Exemplo n.º 1
0
    def test_create_comment_ok(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)

        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)

        api = ContentApi(user)
        p = api.create(ContentType.Page, workspace, None, 'this_is_a_page')
        c = api.create_comment(workspace, p, 'this is the comment', True)

        eq_(Content, c.__class__)
        eq_(p.content_id, c.parent_id)
        eq_(user, c.owner)
        eq_(workspace, c.workspace)
        eq_(ContentType.Comment, c.type)
        eq_('this is the comment', c.description)
        eq_('', c.label)
        eq_(ActionDescription.COMMENT, c.revision_type)
Exemplo n.º 2
0
    def test_set_status_ok(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)

        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)
        api = ContentApi(user)
        c = api.create(ContentType.Folder, workspace, None, 'parent', True)
        with new_revision(c):
            for new_status in [
                    'open', 'closed-validated', 'closed-unvalidated',
                    'closed-deprecated'
            ]:
                api.set_status(c, new_status)

                eq_(new_status, c.status)
                eq_(ActionDescription.STATUS_UPDATE, c.revision_type)
Exemplo n.º 3
0
    def post(
        self,
        name: str,
        email: str,
        password: str,
        is_tracim_manager: str = 'off',
        is_tracim_admin: str = 'off',
        send_email: str = 'off',
    ):
        is_tracim_manager = h.on_off_to_boolean(is_tracim_manager)
        is_tracim_admin = h.on_off_to_boolean(is_tracim_admin)
        send_email = h.on_off_to_boolean(send_email)
        current_user = tmpl_context.current_user

        if current_user.profile.id < Group.TIM_ADMIN:
            # A manager can't give large rights
            is_tracim_manager = False
            is_tracim_admin = False

        api = UserApi(current_user)

        if api.user_with_email_exists(email):
            tg.flash(
                _('A user with email address "{}" already exists.').format(
                    email), CST.STATUS_ERROR)
            tg.redirect(self.url())

        user = api.create_user()
        user.email = email
        user.display_name = name
        if password:
            user.password = password
        elif send_email:
            # Setup a random password to send email at user
            password = self.generate_password()
            user.password = password

        user.webdav_left_digest_response_hash = '%s:/:%s' % (email, password)

        api.save(user)

        # Now add the user to related groups
        group_api = GroupApi(current_user)
        user.groups.append(group_api.get_one(Group.TIM_USER))
        if is_tracim_manager:
            user.groups.append(group_api.get_one(Group.TIM_MANAGER))
            if is_tracim_admin:
                user.groups.append(group_api.get_one(Group.TIM_ADMIN))

        api.save(user)

        if send_email:
            email_manager = get_email_manager()
            email_manager.notify_created_account(user, password=password)

        api.execute_created_user_actions(user)
        tg.flash(
            _('User {} created.').format(user.get_display_name()),
            CST.STATUS_OK)
        tg.redirect(self.url())
Exemplo n.º 4
0
    def test_search_in_description(self):
        # HACK - D.A. - 2015-03-09
        # This test is based on a bug which does NOT return results found
        # at root of a workspace (eg a folder)

        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)

        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)

        api = ContentApi(user)
        a = api.create(ContentType.Folder, workspace, None,
                       'this is randomized folder', True)
        p = api.create(ContentType.Page, workspace, a,
                       'this is dummy label content', True)

        with new_revision(p):
            p.description = 'This is some amazing test'

        api.save(p)
        original_id = p.content_id

        res = api.search(['dummy'])
        eq_(1, len(res.all()))
        item = res.all()[0]
        eq_(original_id, item.content_id)
Exemplo n.º 5
0
 def test_unit__get_all_manageable(self):
     admin = DBSession.query(User) \
         .filter(User.email == '*****@*****.**').one()
     uapi = UserApi(admin)
     # Checks a case without workspaces.
     wapi = WorkspaceApi(current_user=admin)
     eq_([], wapi.get_all_manageable())
     # Checks an admin gets all workspaces.
     w4 = wapi.create_workspace(label='w4')
     w3 = wapi.create_workspace(label='w3')
     w2 = wapi.create_workspace(label='w2')
     w1 = wapi.create_workspace(label='w1')
     eq_([w1, w2, w3, w4], wapi.get_all_manageable())
     # Checks a regular user gets none workspace.
     gapi = GroupApi(None)
     u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
     wapi = WorkspaceApi(current_user=u)
     rapi = RoleApi(current_user=u)
     off = 'off'
     rapi.create_one(u, w4, UserRoleInWorkspace.READER, off)
     rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, off)
     rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, off)
     rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, off)
     eq_([], wapi.get_all_manageable())
     # Checks a manager gets only its own workspaces.
     u.groups.append(gapi.get_one(Group.TIM_MANAGER))
     rapi.delete_one(u.user_id, w2.workspace_id)
     rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, off)
     eq_([w1, w2], wapi.get_all_manageable())
Exemplo n.º 6
0
    def test_get_all_with_parent_id(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)
        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)

        api = ContentApi(user)
        item = api.create(ContentType.Folder, workspace, None, 'parent', True)
        item2 = api.create(ContentType.File, workspace, item, 'file1', True)
        item3 = api.create(ContentType.File, workspace, None, 'file2', True)
        parent_id = item.content_id
        child_id = item2.content_id
        uid = user.user_id
        wid = workspace.workspace_id
        transaction.commit()

        # Refresh instances after commit
        user = uapi.get_one(uid)
        workspace = WorkspaceApi(user).get_one(wid)
        api = ContentApi(user)

        items = api.get_all(None, ContentType.Any, workspace)
        eq_(3, len(items))

        items2 = api.get_all(parent_id, ContentType.File, workspace)
        eq_(1, len(items2))
        eq_(child_id, items2[0].content_id)
Exemplo n.º 7
0
 def test_unit__get_all_manageable(self):
     admin = DBSession.query(User) \
         .filter(User.email == '*****@*****.**').one()
     uapi = UserApi(admin)
     # Checks a case without workspaces.
     wapi = WorkspaceApi(current_user=admin)
     eq_([], wapi.get_all_manageable())
     # Checks an admin gets all workspaces.
     w4 = wapi.create_workspace(label='w4')
     w3 = wapi.create_workspace(label='w3')
     w2 = wapi.create_workspace(label='w2')
     w1 = wapi.create_workspace(label='w1')
     eq_([w1, w2, w3, w4], wapi.get_all_manageable())
     # Checks a regular user gets none workspace.
     gapi = GroupApi(None)
     u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True)
     wapi = WorkspaceApi(current_user=u)
     rapi = RoleApi(current_user=u)
     rapi.create_one(u, w4, UserRoleInWorkspace.READER, False)
     rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False)
     rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False)
     rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
     eq_([], wapi.get_all_manageable())
     # Checks a manager gets only its own workspaces.
     u.groups.append(gapi.get_one(Group.TIM_MANAGER))
     rapi.delete_one(u.user_id, w2.workspace_id)
     rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False)
     eq_([w1, w2], wapi.get_all_manageable())
Exemplo n.º 8
0
    def test_mark_read__all(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]
        user_a = uapi.create_user(email='this.is@user',
                                  groups=groups,
                                  save_now=True)
        user_b = uapi.create_user(email='*****@*****.**',
                                  groups=groups,
                                  save_now=True)

        wapi = WorkspaceApi(user_a)
        workspace = wapi.create_workspace('test workspace', save_now=True)

        role_api = RoleApi(user_a)
        role_api.create_one(user_b, workspace, UserRoleInWorkspace.READER,
                            False)
        cont_api_a = ContentApi(user_a)
        cont_api_b = ContentApi(user_b)

        page_2 = cont_api_a.create(ContentType.Page,
                                   workspace,
                                   None,
                                   'this is page1',
                                   do_save=True)
        page_3 = cont_api_a.create(ContentType.Thread,
                                   workspace,
                                   None,
                                   'this is page2',
                                   do_save=True)
        page_4 = cont_api_a.create(ContentType.File,
                                   workspace,
                                   None,
                                   'this is page3',
                                   do_save=True)

        for rev in page_2.revisions:
            eq_(user_b not in rev.read_by.keys(), True)
        for rev in page_3.revisions:
            eq_(user_b not in rev.read_by.keys(), True)
        for rev in page_4.revisions:
            eq_(user_b not in rev.read_by.keys(), True)

        DBSession.refresh(page_2)
        DBSession.refresh(page_3)
        DBSession.refresh(page_4)

        cont_api_b.mark_read__all()

        for rev in page_2.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_3.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_4.revisions:
            eq_(user_b in rev.read_by.keys(), True)
Exemplo n.º 9
0
    def post(
            self,
            name: str,
            email: str,
            password: str,
            is_tracim_manager: str='off',
            is_tracim_admin: str='off',
            send_email: str='off',
    ):
        is_tracim_manager = h.on_off_to_boolean(is_tracim_manager)
        is_tracim_admin = h.on_off_to_boolean(is_tracim_admin)
        send_email = h.on_off_to_boolean(send_email)
        current_user = tmpl_context.current_user

        if current_user.profile.id < Group.TIM_ADMIN:
            # A manager can't give large rights
            is_tracim_manager = False
            is_tracim_admin = False


        api = UserApi(current_user)

        if api.user_with_email_exists(email):
            tg.flash(_('A user with email address "{}" already exists.').format(email), CST.STATUS_ERROR)
            tg.redirect(self.url())

        user = api.create_user()
        user.email = email
        user.display_name = name
        if password:
            user.password = password
        elif send_email:
            # Setup a random password to send email at user
            password = str(uuid.uuid4())
            user.password = password

        user.webdav_left_digest_response_hash = '%s:/:%s' % (email, password)

        api.save(user)

        # Now add the user to related groups
        group_api = GroupApi(current_user)
        user.groups.append(group_api.get_one(Group.TIM_USER))
        if is_tracim_manager:
            user.groups.append(group_api.get_one(Group.TIM_MANAGER))
            if is_tracim_admin:
                user.groups.append(group_api.get_one(Group.TIM_ADMIN))

        api.save(user)

        if send_email:
            email_manager = get_email_manager()
            email_manager.notify_created_account(user, password=password)

        tg.flash(_('User {} created.').format(user.get_display_name()), CST.STATUS_OK)
        tg.redirect(self.url())
Exemplo n.º 10
0
    def test_archive(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)
        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)

        api = ContentApi(user)
        item = api.create(ContentType.Folder, workspace, None, 'not_archived',
                          True)
        item2 = api.create(ContentType.Folder, workspace, None, 'to_archive',
                           True)
        uid = user.user_id
        wid = workspace.workspace_id
        transaction.commit()

        # Refresh instances after commit
        user = uapi.get_one(uid)
        workspace = WorkspaceApi(user).get_one(wid)
        api = ContentApi(user)

        items = api.get_all(None, ContentType.Any, workspace)
        eq_(2, len(items))

        items = api.get_all(None, ContentType.Any, workspace)
        with new_revision(items[0]):
            api.archive(items[0])
        transaction.commit()

        # Refresh instances after commit
        user = uapi.get_one(uid)
        workspace = WorkspaceApi(user).get_one(wid)
        api = ContentApi(user)

        items = api.get_all(None, ContentType.Any, workspace)
        eq_(1, len(items))
        transaction.commit()

        # Refresh instances after commit
        user = uapi.get_one(uid)
        workspace = WorkspaceApi(user).get_one(wid)
        api = ContentApi(user)

        # Test that the item is still available if "show deleted" is activated
        api = ContentApi(None, show_archived=True)
        items = api.get_all(None, ContentType.Any, workspace)
        eq_(2, len(items))
Exemplo n.º 11
0
    def test_set_status_unknown_status(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)

        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)
        api = ContentApi(user)
        c = api.create(ContentType.Folder, workspace, None, 'parent', True)
        with new_revision(c):
            api.set_status(c, 'unknown-status')
Exemplo n.º 12
0
    def test_get_all_with_filter(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)
        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)

        api = ContentApi(user)
        item = api.create(ContentType.Folder, workspace, None, 'thefolder',
                          True)
        item2 = api.create(ContentType.File, workspace, None, 'thefile', True)
        uid = user.user_id
        wid = workspace.workspace_id
        transaction.commit()

        # Refresh instances after commit
        user = uapi.get_one(uid)
        workspace = WorkspaceApi(user).get_one(wid)
        api = ContentApi(user)

        items = api.get_all(None, ContentType.Any, workspace)
        eq_(2, len(items))

        items2 = api.get_all(None, ContentType.File, workspace)
        eq_(1, len(items2))
        eq_('thefile', items2[0].label)

        items3 = api.get_all(None, ContentType.Folder, workspace)
        eq_(1, len(items3))
        eq_('thefolder', items3[0].label)
Exemplo n.º 13
0
    def post(self, name, email, password, is_tracim_manager='off', is_tracim_admin='off'):
        is_tracim_manager = h.on_off_to_boolean(is_tracim_manager)
        is_tracim_admin = h.on_off_to_boolean(is_tracim_admin)
        current_user = tmpl_context.current_user

        if current_user.profile.id < Group.TIM_ADMIN:
            # A manager can't give large rights
            is_tracim_manager = False
            is_tracim_admin = False


        api = UserApi(current_user)

        if api.user_with_email_exists(email):
            tg.flash(_('A user with email address "{}" already exists.').format(email), CST.STATUS_ERROR)
            tg.redirect(self.url())

        user = api.create_user()
        user.email = email
        user.display_name = name
        if password:
            user.password = password
        api.save(user)

        # Now add the user to related groups
        group_api = GroupApi(current_user)
        user.groups.append(group_api.get_one(Group.TIM_USER))
        if is_tracim_manager:
            user.groups.append(group_api.get_one(Group.TIM_MANAGER))
            if is_tracim_admin:
                user.groups.append(group_api.get_one(Group.TIM_ADMIN))

        api.save(user)

        tg.flash(_('User {} created.').format(user.get_display_name()), CST.STATUS_OK)
        tg.redirect(self.url())
Exemplo n.º 14
0
 def __init__(self, *args, **kwargs):
     super().__init__(*args, **kwargs)
     self._session = DBSession
     self._transaction = transaction
     self._user_api = UserApi(None)
     self._group_api = GroupApi(None)
Exemplo n.º 15
0
class UserCommand(AppContextCommand):

    ACTION_CREATE = 'create'
    ACTION_UPDATE = 'update'

    action = NotImplemented

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self._session = DBSession
        self._transaction = transaction
        self._user_api = UserApi(None)
        self._group_api = GroupApi(None)

    def get_description(self):
        return '''Create or update user.'''

    def get_parser(self, prog_name):
        parser = super().get_parser(prog_name)

        parser.add_argument(
            "-l",
            "--login",
            help='User login (email)',
            dest='login',
            required=True
        )

        parser.add_argument(
            "-p",
            "--password",
            help='User password',
            dest='password',
            required=False,
            default=None
        )

        parser.add_argument(
            "-g",
            "--add-to-group",
            help='Add user to group',
            dest='add_to_group',
            nargs='*',
            action=Extender,
            default=[],
        )

        parser.add_argument(
            "-rmg",
            "--remove-from-group",
            help='Remove user from group',
            dest='remove_from_group',
            nargs='*',
            action=Extender,
            default=[],
        )

        parser.add_argument(
            "--send-email",
            help='Send mail to user',
            dest='send_email',
            required=False,
            action='store_true',
            default=False,
        )

        return parser

    def _user_exist(self, login):
        return self._user_api.user_with_email_exists(login)

    def _get_group(self, name):
        return self._group_api.get_one_with_name(name)

    def _add_user_to_named_group(self, user, group_name):
        group = self._get_group(group_name)
        if user not in group.users:
            group.users.append(user)
        self._session.flush()

    def _remove_user_from_named_group(self, user, group_name):
        group = self._get_group(group_name)
        if user in group.users:
            group.users.remove(user)
        self._session.flush()

    def _create_user(self, login, password, **kwargs):
        if not password:
            if self._password_required():
                raise CommandAbortedError("You must provide -p/--password parameter")
            password = ''

        try:
            user = User(email=login, password=password, **kwargs)
            self._session.add(user)
            self._session.flush()
        except IntegrityError:
            self._session.rollback()
            raise AlreadyExistError()

        return user

    def _update_password_for_login(self, login, password):
        user = self._user_api.get_one_by_email(login)
        user.password = password
        self._session.flush()
        transaction.commit()

    def take_action(self, parsed_args):
        super().take_action(parsed_args)

        user = self._proceed_user(parsed_args)
        self._proceed_groups(user, parsed_args)

        print("User created/updated")

    def _proceed_user(self, parsed_args):
        self._check_context(parsed_args)

        if self.action == self.ACTION_CREATE:
            try:
                user = self._create_user(login=parsed_args.login, password=parsed_args.password)
            except AlreadyExistError:
                raise CommandAbortedError("Error: User already exist (use `user update` command instead)")
            if parsed_args.send_email:
                email_manager = get_email_manager()
                email_manager.notify_created_account(
                    user=user,
                    password=parsed_args.password,
                )

        else:
            if parsed_args.password:
                self._update_password_for_login(login=parsed_args.login, password=parsed_args.password)
            user = self._user_api.get_one_by_email(parsed_args.login)

        return user

    def _proceed_groups(self, user, parsed_args):
        # User always in "users" group
        self._add_user_to_named_group(user, 'users')

        for group_name in parsed_args.add_to_group:
            self._add_user_to_named_group(user, group_name)

        for group_name in parsed_args.remove_from_group:
            self._remove_user_from_named_group(user, group_name)

    def _password_required(self):
        if config.get('auth_type') == LDAPAuth.name:
            return False
        return True

    def _check_context(self, parsed_args):
        if config.get('auth_type') == LDAPAuth.name:
            auth_instance = config.get('auth_instance')
            if not auth_instance.ldap_auth.user_exist(parsed_args.login):
                raise LDAPUserUnknown(
                    "LDAP is enabled and user with login/email \"%s\" not found in LDAP" % parsed_args.login
                )
Exemplo n.º 16
0
class UserCommand(AppContextCommand):

    ACTION_CREATE = 'create'
    ACTION_UPDATE = 'update'

    action = NotImplemented

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
        self._session = DBSession
        self._transaction = transaction
        self._user_api = UserApi(None)
        self._group_api = GroupApi(None)

    def get_description(self):
        return '''Create or update user.'''

    def get_parser(self, prog_name):
        parser = super().get_parser(prog_name)

        parser.add_argument("-l",
                            "--login",
                            help='User login (email)',
                            dest='login',
                            required=True)

        parser.add_argument("-p",
                            "--password",
                            help='User password',
                            dest='password',
                            required=False,
                            default=None)

        parser.add_argument(
            "-g",
            "--add-to-group",
            help='Add user to group',
            dest='add_to_group',
            nargs='*',
            action=Extender,
            default=[],
        )

        parser.add_argument(
            "-rmg",
            "--remove-from-group",
            help='Remove user from group',
            dest='remove_from_group',
            nargs='*',
            action=Extender,
            default=[],
        )

        parser.add_argument(
            "--send-email",
            help='Send mail to user',
            dest='send_email',
            required=False,
            action='store_true',
            default=False,
        )

        return parser

    def _user_exist(self, login):
        return self._user_api.user_with_email_exists(login)

    def _get_group(self, name):
        return self._group_api.get_one_with_name(name)

    def _add_user_to_named_group(self, user, group_name):
        group = self._get_group(group_name)
        if user not in group.users:
            group.users.append(user)
        self._session.flush()

    def _remove_user_from_named_group(self, user, group_name):
        group = self._get_group(group_name)
        if user in group.users:
            group.users.remove(user)
        self._session.flush()

    def _create_user(self, login, password, **kwargs):
        if not password:
            if self._password_required():
                raise CommandAbortedError(
                    "You must provide -p/--password parameter")
            password = ''

        try:
            user = User(email=login, password=password, **kwargs)
            user.update_webdav_digest_auth(password)
            self._session.add(user)
            self._session.flush()

            # We need to enable radicale if it not already done
            daemons = DaemonsManager()
            daemons.run('radicale', RadicaleDaemon)

            user_api = UserApi(user)
            user_api.execute_created_user_actions(user)
        except IntegrityError:
            self._session.rollback()
            raise AlreadyExistError()

        return user

    def _update_password_for_login(self, login, password):
        user = self._user_api.get_one_by_email(login)
        user.password = password
        user.update_webdav_digest_auth(password)
        self._session.flush()
        transaction.commit()

    def take_action(self, parsed_args):
        super().take_action(parsed_args)

        user = self._proceed_user(parsed_args)
        self._proceed_groups(user, parsed_args)

        print("User created/updated")

    def _proceed_user(self, parsed_args):
        self._check_context(parsed_args)

        if self.action == self.ACTION_CREATE:
            try:
                user = self._create_user(login=parsed_args.login,
                                         password=parsed_args.password)
            except AlreadyExistError:
                raise CommandAbortedError(
                    "Error: User already exist (use `user update` command instead)"
                )
            if parsed_args.send_email:
                email_manager = get_email_manager()
                email_manager.notify_created_account(
                    user=user,
                    password=parsed_args.password,
                )

        else:
            if parsed_args.password:
                self._update_password_for_login(login=parsed_args.login,
                                                password=parsed_args.password)
            user = self._user_api.get_one_by_email(parsed_args.login)

        return user

    def _proceed_groups(self, user, parsed_args):
        # User always in "users" group
        self._add_user_to_named_group(user, 'users')

        for group_name in parsed_args.add_to_group:
            self._add_user_to_named_group(user, group_name)

        for group_name in parsed_args.remove_from_group:
            self._remove_user_from_named_group(user, group_name)

    def _password_required(self):
        if config.get('auth_type') == LDAPAuth.name:
            return False
        return True

    def _check_context(self, parsed_args):
        if config.get('auth_type') == LDAPAuth.name:
            auth_instance = config.get('auth_instance')
            if not auth_instance.ldap_auth.user_exist(parsed_args.login):
                raise LDAPUserUnknown(
                    "LDAP is enabled and user with login/email \"%s\" not found in LDAP"
                    % parsed_args.login)
Exemplo n.º 17
0
    def test_search_in_label_or_description(self):
        # HACK - D.A. - 2015-03-09
        # This test is based on a bug which does NOT return results found
        # at root of a workspace (eg a folder)

        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user = uapi.create_user(email='this.is@user',
                                groups=groups,
                                save_now=True)

        workspace = WorkspaceApi(user).create_workspace('test workspace',
                                                        save_now=True)

        api = ContentApi(user)

        a = api.create(ContentType.Folder, workspace, None,
                       'this is randomized folder', True)
        p1 = api.create(ContentType.Page, workspace, a,
                        'this is dummy label content', True)
        p2 = api.create(ContentType.Page, workspace, a, 'Hey ! Jon !', True)

        with new_revision(p1):
            p1.description = 'This is some amazing test'

        with new_revision(p2):
            p2.description = 'What\'s up ?'

        api.save(p1)
        api.save(p2)

        id1 = p1.content_id
        id2 = p2.content_id

        eq_(
            1,
            DBSession.query(Workspace).filter(
                Workspace.label == 'test workspace').count())
        eq_(
            1,
            DBSession.query(ContentRevisionRO).filter(
                ContentRevisionRO.label ==
                'this is randomized folder').count())
        eq_(
            2,
            DBSession.query(ContentRevisionRO).filter(
                ContentRevisionRO.label ==
                'this is dummy label content').count())
        eq_(
            1,
            DBSession.query(ContentRevisionRO).filter(
                ContentRevisionRO.description ==
                'This is some amazing test').count())
        eq_(
            2,
            DBSession.query(ContentRevisionRO).filter(
                ContentRevisionRO.label == 'Hey ! Jon !').count())
        eq_(
            1,
            DBSession.query(ContentRevisionRO).filter(
                ContentRevisionRO.description == 'What\'s up ?').count())

        res = api.search(['dummy', 'jon'])
        eq_(2, len(res.all()))

        eq_(True, id1 in [o.content_id for o in res.all()])
        eq_(True, id2 in [o.content_id for o in res.all()])
Exemplo n.º 18
0
 def __init__(self, *args, **kwargs):
     super().__init__(*args, **kwargs)
     self._session = DBSession
     self._transaction = transaction
     self._user_api = UserApi(None)
     self._group_api = GroupApi(None)
Exemplo n.º 19
0
    def test_delete_undelete(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user1 = uapi.create_user(email='this.is@user',
                                 groups=groups,
                                 save_now=True)
        u1id = user1.user_id

        workspace = WorkspaceApi(user1).create_workspace('test workspace',
                                                         save_now=True)
        wid = workspace.workspace_id

        user2 = uapi.create_user()
        user2.email = '*****@*****.**'
        uapi.save(user2)

        RoleApi(user1).create_one(user2,
                                  workspace,
                                  UserRoleInWorkspace.CONTENT_MANAGER,
                                  with_notif=True,
                                  flush=True)

        # show archived is used at the top end of the test
        api = ContentApi(user1, show_deleted=True)
        p = api.create(ContentType.File, workspace, None, 'this_is_a_page',
                       True)

        u1id = user1.user_id
        u2id = user2.user_id
        pcid = p.content_id
        poid = p.owner_id

        transaction.commit()

        ####
        user1 = UserApi(None).get_one(u1id)
        workspace = WorkspaceApi(user1).get_one(wid)

        content = api.get_one(pcid, ContentType.Any, workspace)
        eq_(u1id, content.owner_id)
        eq_(poid, content.owner_id)

        u2 = UserApi(None).get_one(u2id)
        api2 = ContentApi(u2, show_deleted=True)
        content2 = api2.get_one(pcid, ContentType.Any, workspace)
        with new_revision(content2):
            api2.delete(content2)
        api2.save(content2)
        transaction.commit()

        ####

        user1 = UserApi(None).get_one(u1id)
        workspace = WorkspaceApi(user1).get_one(wid)
        # show archived is used at the top end of the test
        api = ContentApi(user1, show_deleted=True)
        u2 = UserApi(None).get_one(u2id)
        api2 = ContentApi(u2, show_deleted=True)

        updated = api2.get_one(pcid, ContentType.Any, workspace)
        eq_(
            u2id, updated.owner_id,
            'the owner id should be {} (found {})'.format(
                u2id, updated.owner_id))
        eq_(True, updated.is_deleted)
        eq_(ActionDescription.DELETION, updated.revision_type)

        ####

        updated2 = api.get_one(pcid, ContentType.Any, workspace)
        with new_revision(updated2):
            api.undelete(updated2)
        api.save(updated2)
        eq_(False, updated2.is_deleted)
        eq_(ActionDescription.UNDELETION, updated2.revision_type)
        eq_(u1id, updated2.owner_id)
Exemplo n.º 20
0
    def test_update_file_data(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]

        user1 = uapi.create_user(email='this.is@user',
                                 groups=groups,
                                 save_now=True)

        workspace = WorkspaceApi(user1).create_workspace('test workspace',
                                                         save_now=True)
        wid = workspace.workspace_id

        user2 = uapi.create_user()
        user2.email = '*****@*****.**'
        uapi.save(user2)

        RoleApi(user1).create_one(user2,
                                  workspace,
                                  UserRoleInWorkspace.CONTENT_MANAGER,
                                  with_notif=True,
                                  flush=True)

        # Test starts here

        api = ContentApi(user1)
        p = api.create(ContentType.File, workspace, None, 'this_is_a_page',
                       True)

        u1id = user1.user_id
        u2id = user2.user_id
        pcid = p.content_id
        poid = p.owner_id

        api.save(p)
        transaction.commit()

        # Refresh instances after commit
        user1 = uapi.get_one(u1id)
        workspace = WorkspaceApi(user1).get_one(wid)
        api = ContentApi(user1)

        content = api.get_one(pcid, ContentType.Any, workspace)
        eq_(u1id, content.owner_id)
        eq_(poid, content.owner_id)

        u2 = UserApi(None).get_one(u2id)
        api2 = ContentApi(u2)
        content2 = api2.get_one(pcid, ContentType.Any, workspace)
        with new_revision(content2):
            api2.update_file_data(content2, 'index.html', 'text/html',
                                  b'<html>hello world</html>')
        api2.save(content2)
        transaction.commit()

        # Refresh instances after commit
        user1 = uapi.get_one(u1id)
        workspace = WorkspaceApi(user1).get_one(wid)

        updated = api.get_one(pcid, ContentType.Any, workspace)
        eq_(
            u2id, updated.owner_id,
            'the owner id should be {} (found {})'.format(
                u2id, updated.owner_id))
        eq_('index.html', updated.file_name)
        eq_('text/html', updated.file_mimetype)
        eq_(b'<html>hello world</html>', updated.file_content)
        eq_(ActionDescription.REVISION, updated.revision_type)
Exemplo n.º 21
0
    def put(self, new_profile):
        # FIXME - Allow only self password or operation for managers
        current_user = tmpl_context.current_user
        user = tmpl_context.user

        group_api = GroupApi(current_user)

        if current_user.user_id==user.user_id:
            tg.flash(_('You can\'t change your own profile'), CST.STATUS_ERROR)
            tg.redirect(self.parent_controller.url())


        redirect_url = self.parent_controller.url(skip_id=True)

        if new_profile not in self.allowed_profiles:
            tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
            tg.redirect(redirect_url)

        pod_user_group = group_api.get_one(Group.TIM_USER)
        pod_manager_group = group_api.get_one(Group.TIM_MANAGER)
        pod_admin_group = group_api.get_one(Group.TIM_ADMIN)

        flash_message = _('User updated.') # this is the default value ; should never appear

        if new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_USER:
            if pod_user_group not in user.groups:
                user.groups.append(pod_user_group)

            try:
                user.groups.remove(pod_manager_group)
            except:
                pass

            try:
                user.groups.remove(pod_admin_group)
            except:
                pass

            flash_message = _('User {} is now a basic user').format(user.get_display_name())

        elif new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_MANAGER:
            if pod_user_group not in user.groups:
                user.groups.append(pod_user_group)
            if pod_manager_group not in user.groups:
                user.groups.append(pod_manager_group)

            try:
                user.groups.remove(pod_admin_group)
            except:
                pass

            flash_message = _('User {} can now workspaces').format(user.get_display_name())


        elif new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_ADMIN:
            if pod_user_group not in user.groups:
                user.groups.append(pod_user_group)
            if pod_manager_group not in user.groups:
                user.groups.append(pod_manager_group)
            if pod_admin_group not in user.groups:
                user.groups.append(pod_admin_group)

            flash_message = _('User {} is now an administrator').format(user.get_display_name())

        else:
            logger.error(self, 'Trying to change user {} profile with unexpected profile {}'.format(user.user_id, new_profile))
            tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
            tg.redirect(redirect_url)

        DBSession.flush()
        tg.flash(flash_message, CST.STATUS_OK)
        tg.redirect(redirect_url)
Exemplo n.º 22
0
    def put(self, new_profile):
        # FIXME - Allow only self password or operation for managers
        current_user = tmpl_context.current_user
        user = tmpl_context.user

        group_api = GroupApi(current_user)

        if current_user.user_id == user.user_id:
            tg.flash(_('You can\'t change your own profile'), CST.STATUS_ERROR)
            tg.redirect(self.parent_controller.url())

        redirect_url = self.parent_controller.url(skip_id=True)

        if new_profile not in self.allowed_profiles:
            tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
            tg.redirect(redirect_url)

        pod_user_group = group_api.get_one(Group.TIM_USER)
        pod_manager_group = group_api.get_one(Group.TIM_MANAGER)
        pod_admin_group = group_api.get_one(Group.TIM_ADMIN)

        # this is the default value ; should never appear
        flash_message = _('User updated.')

        if new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_USER:
            if pod_user_group not in user.groups:
                user.groups.append(pod_user_group)

            try:
                user.groups.remove(pod_manager_group)
            except:
                pass

            try:
                user.groups.remove(pod_admin_group)
            except:
                pass

            flash_message = _('User {} is now a basic user').format(user.get_display_name())

        elif new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_MANAGER:
            if pod_user_group not in user.groups:
                user.groups.append(pod_user_group)
            if pod_manager_group not in user.groups:
                user.groups.append(pod_manager_group)

            try:
                user.groups.remove(pod_admin_group)
            except:
                pass

            flash_message = _('User {} can now workspaces').format(user.get_display_name())

        elif new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_ADMIN:
            if pod_user_group not in user.groups:
                user.groups.append(pod_user_group)
            if pod_manager_group not in user.groups:
                user.groups.append(pod_manager_group)
            if pod_admin_group not in user.groups:
                user.groups.append(pod_admin_group)

            flash_message = _('User {} is now an administrator').format(user.get_display_name())

        else:
            error_msg = \
                'Trying to change user {} profile with unexpected profile {}'
            logger.error(self, error_msg.format(user.user_id, new_profile))
            tg.flash(_('Unknown profile'), CST.STATUS_ERROR)
            tg.redirect(redirect_url)

        DBSession.flush()
        tg.flash(flash_message, CST.STATUS_OK)
        tg.redirect(redirect_url)
Exemplo n.º 23
0
    def test_mark_read__workspace(self):
        uapi = UserApi(None)
        groups = [
            GroupApi(None).get_one(Group.TIM_USER),
            GroupApi(None).get_one(Group.TIM_MANAGER),
            GroupApi(None).get_one(Group.TIM_ADMIN)
        ]
        user_a = uapi.create_user(email='this.is@user',
                                  groups=groups,
                                  save_now=True)
        user_b = uapi.create_user(email='*****@*****.**',
                                  groups=groups,
                                  save_now=True)

        wapi = WorkspaceApi(user_a)
        workspace1 = wapi.create_workspace('test workspace n°1', save_now=True)
        workspace2 = wapi.create_workspace('test workspace n°2', save_now=True)

        role_api1 = RoleApi(user_a)
        role_api1.create_one(user_b, workspace1, UserRoleInWorkspace.READER,
                             False)

        role_api2 = RoleApi(user_a)
        role_api2.create_one(user_b, workspace2, UserRoleInWorkspace.READER,
                             False)

        cont_api_a = ContentApi(user_a)
        cont_api_b = ContentApi(user_b)

        # Creates page_1 & page_2 in workspace 1
        #     and page_3 & page_4 in workspace 2
        page_1 = cont_api_a.create(ContentType.Page,
                                   workspace1,
                                   None,
                                   'this is a page',
                                   do_save=True)
        page_2 = cont_api_a.create(ContentType.Page,
                                   workspace1,
                                   None,
                                   'this is page1',
                                   do_save=True)
        page_3 = cont_api_a.create(ContentType.Thread,
                                   workspace2,
                                   None,
                                   'this is page2',
                                   do_save=True)
        page_4 = cont_api_a.create(ContentType.File,
                                   workspace2,
                                   None,
                                   'this is page3',
                                   do_save=True)

        for rev in page_1.revisions:
            eq_(user_b not in rev.read_by.keys(), True)
        for rev in page_2.revisions:
            eq_(user_b not in rev.read_by.keys(), True)
        for rev in page_3.revisions:
            eq_(user_b not in rev.read_by.keys(), True)
        for rev in page_4.revisions:
            eq_(user_b not in rev.read_by.keys(), True)

        # Set as read the workspace n°1
        cont_api_b.mark_read__workspace(workspace=workspace1)

        for rev in page_1.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_2.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_3.revisions:
            eq_(user_b not in rev.read_by.keys(), True)
        for rev in page_4.revisions:
            eq_(user_b not in rev.read_by.keys(), True)

        # Set as read the workspace n°2
        cont_api_b.mark_read__workspace(workspace=workspace2)

        for rev in page_1.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_2.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_3.revisions:
            eq_(user_b in rev.read_by.keys(), True)
        for rev in page_4.revisions:
            eq_(user_b in rev.read_by.keys(), True)