def new_user_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Update the database
fields = []
values = []
for key in ['username','forename', 'surname1', 'surname2', 'email']:
if key in CTK.post:
fields.append (key)
values.append ("'%s'"%(CTK.post[key]))
if 'password' in CTK.post:
fields.append ('password')
values.append ("'%s'"%(md5(CTK.post['password']).hexdigest()))
for key in ['profile_id']:
if key in CTK.post:
fields.append (key)
values.append ("%s" %(CTK.post[key]))
q = "INSERT INTO users (%s) VALUES (%s);" %(", ".join(fields), ", ".join(values))
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok",
'redirect': "/admin/user"}
def del_type():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Target asset_type
asset_type_id = CTK.request.url.split('/')[-1]
# Check whether it can be deleted
q = "SELECT COUNT(*) as total FROM assets WHERE asset_types_id = %(asset_type_id)s;" %(locals())
re = Query(q)
usage = re['total'][0]
if usage != 0:
subs = Util.get_es_substitutions (usage)
msg = ("No se puede eliminar. "
"Existe%(n)s %(num)d activo%(s)s de este tipo." % subs)
return default (msg)
# Delete
q = "DELETE FROM asset_types WHERE id = %(asset_type_id)s;" %(locals())
ok = query_check_success (q)
if not ok:
return default ('No se pudo realizar la eliminación.')
return CTK.HTTP_Redir(LOCATION)
def del_license():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Target license
license_id = CTK.request.url.split('/')[-1]
# Check whether it can be deleted
q = "SELECT COUNT(*) as total FROM assets WHERE licenses_id = %(license_id)s;" % (
locals())
re = Query(q)
usage = re['total'][0]
if usage != 0:
subs = Util.get_es_substitutions(usage)
msg = ("Imposible realizar la operación. La licencia está "
"siendo usada por %(num)d activo%(s)s" % subs)
return default(msg)
# Delete
q = "DELETE FROM licenses WHERE id = %(license_id)s;" % (locals())
ok = query_check_success(q)
if not ok:
return default('No se pudo eliminar la licencia.')
return default()
def add_bookmark(bookmark):
asset_id, user_id = bookmark
sql = "INSERT INTO bookmarks VALUES (%s,%s);" % \
(str(asset_id), str(user_id))
if query_check_success(sql):
return True
return False
def new_user_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Update the database
fields = []
values = []
for key in ['username', 'forename', 'surname1', 'surname2', 'email']:
if key in CTK.post:
fields.append(key)
values.append("'%s'" % (CTK.post[key]))
if 'password' in CTK.post:
fields.append('password')
values.append("'%s'" % (md5(CTK.post['password']).hexdigest()))
for key in ['profile_id']:
if key in CTK.post:
fields.append(key)
values.append("%s" % (CTK.post[key]))
q = "INSERT INTO users (%s) VALUES (%s);" % (", ".join(fields),
", ".join(values))
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok", 'redirect': "/admin/user"}
def del_type():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Target asset_type
asset_type_id = CTK.request.url.split('/')[-1]
# Check whether it can be deleted
q = "SELECT COUNT(*) as total FROM assets WHERE asset_types_id = %(asset_type_id)s;" % (
locals())
re = Query(q)
usage = re['total'][0]
if usage != 0:
subs = Util.get_es_substitutions(usage)
msg = ("No se puede eliminar. "
"Existe%(n)s %(num)d activo%(s)s de este tipo." % subs)
return default(msg)
# Delete
q = "DELETE FROM asset_types WHERE id = %(asset_type_id)s;" % (locals())
ok = query_check_success(q)
if not ok:
return default('No se pudo realizar la eliminación.')
return CTK.HTTP_Redir(LOCATION)
def del_license():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Target license
license_id = CTK.request.url.split('/')[-1]
# Check whether it can be deleted
q = "SELECT COUNT(*) as total FROM assets WHERE licenses_id = %(license_id)s;" %(locals())
re = Query(q)
usage = re['total'][0]
if usage != 0:
subs = Util.get_es_substitutions (usage)
msg = ("Imposible realizar la operación. La licencia está "
"siendo usada por %(num)d activo%(s)s" % subs)
return default (msg)
# Delete
q = "DELETE FROM licenses WHERE id = %(license_id)s;" %(locals())
ok = query_check_success (q)
if not ok:
return default ('No se pudo eliminar la licencia.')
return default ()
def add_bookmark (bookmark):
asset_id, user_id = bookmark
sql = "INSERT INTO bookmarks VALUES (%s,%s);" % \
(str(asset_id), str(user_id))
if query_check_success(sql):
return True
return False
def del_bookmark(bookmark):
asset_id, user_id = bookmark
sql = "DELETE FROM bookmarks " \
"WHERE assets_id='%s' AND users_id='%s';" % \
(str(asset_id), str(user_id))
if query_check_success(sql):
return True
return False
def del_bookmark (bookmark):
asset_id, user_id = bookmark
sql = "DELETE FROM bookmarks " \
"WHERE assets_id='%s' AND users_id='%s';" % \
(str(asset_id), str(user_id))
if query_check_success(sql):
return True
return False
def edit_profile_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
profile_id = CTK.post.pop('profile_id')
if not profile_id:
return CTK.HTTP_Error(406)
# Update: profiles
sql_values = []
for key in ['name', 'description']:
if key in CTK.post:
sql_values.append("%s='%s'" % (key, CTK.post[key]))
if sql_values:
q = "UPDATE profiles SET %s WHERE id = %s;" % (','.join(sql_values),
profile_id)
if not query_check_success(q):
return {'ret': "error"}
# Update: profiles has roles
q = ''
for key in CTK.post:
if not key.startswith('role_'):
continue
role_id = key[len('role_'):]
if bool(int(CTK.post[key])):
q += ("INSERT INTO profiles_has_roles " +
" VALUES (%(profile_id)s, %(role_id)s);") % (locals())
else:
q += (
"DELETE FROM profiles_has_roles " +
" WHERE profiles_id = %(profile_id)s AND roles_id = %(role_id)s;"
) % (locals())
if q:
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok"}
def new_type_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Update the database
if 'type' in CTK.post:
q = "INSERT INTO asset_types (type) VALUES ('%s');" % (
CTK.post['type'])
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok", 'redirect': LOCATION}
def new_profile_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
name = CTK.post['name']
desc = CTK.post['description']
q = ("INSERT INTO profiles (name, description) VALUES ('%s', '%s');") %(name, desc)
query_check_success (q)
q = "SELECT id FROM profiles WHERE name = '%s';" %(name)
re = Query(q)
new_id = re['id'][0]
if not new_id:
return {'ret': "error"}
q = ("INSERT INTO profiles_has_roles VALUES (%s, %d);") %(new_id, Role.ROLE_CONSUMER)
query_check_success (q)
return {'ret': "ok",
'redirect': "/admin/profile/%s" %(new_id)}
def new_type_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Update the database
if 'type' in CTK.post:
q = "INSERT INTO asset_types (type) VALUES ('%s');"%(CTK.post['type'])
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok",
'redirect': LOCATION}
def edit_profile_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
profile_id = CTK.post.pop('profile_id')
if not profile_id:
return CTK.HTTP_Error(406)
# Update: profiles
sql_values = []
for key in ['name', 'description']:
if key in CTK.post:
sql_values.append ("%s='%s'" %(key, CTK.post[key]))
if sql_values:
q = "UPDATE profiles SET %s WHERE id = %s;" %(','.join(sql_values), profile_id)
if not query_check_success (q):
return {'ret': "error"}
# Update: profiles has roles
q = ''
for key in CTK.post:
if not key.startswith('role_'):
continue
role_id = key[len('role_'):]
if bool(int(CTK.post[key])):
q += ("INSERT INTO profiles_has_roles " +
" VALUES (%(profile_id)s, %(role_id)s);") %(locals())
else:
q += ("DELETE FROM profiles_has_roles " +
" WHERE profiles_id = %(profile_id)s AND roles_id = %(role_id)s;") %(locals())
if q:
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok"}
def new_profile_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
name = CTK.post['name']
desc = CTK.post['description']
q = ("INSERT INTO profiles (name, description) VALUES ('%s', '%s');") % (
name, desc)
query_check_success(q)
q = "SELECT id FROM profiles WHERE name = '%s';" % (name)
re = Query(q)
new_id = re['id'][0]
if not new_id:
return {'ret': "error"}
q = ("INSERT INTO profiles_has_roles VALUES (%s, %d);") % (
new_id, Role.ROLE_CONSUMER)
query_check_success(q)
return {'ret': "ok", 'redirect': "/admin/profile/%s" % (new_id)}
def edit_type_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
asset_type_id = CTK.post.pop('asset_typeid')
if not asset_type_id:
return CTK.HTTP_Error(406)
# Update the database
if 'type' in CTK.post:
q = "UPDATE asset_types SET type='%s' WHERE id = %s;"%(CTK.post['type'], asset_type_id)
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok"}
def edit_type_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
asset_type_id = CTK.post.pop('asset_typeid')
if not asset_type_id:
return CTK.HTTP_Error(406)
# Update the database
if 'type' in CTK.post:
q = "UPDATE asset_types SET type='%s' WHERE id = %s;" % (
CTK.post['type'], asset_type_id)
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok"}
def del_user():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Target user
user_id = CTK.request.url.split('/')[4]
# Delete
q = "DELETE FROM users WHERE id = %(user_id)s;" % (locals())
ok = query_check_success(q)
if ok:
msg = None
else:
msg = ('Este usuario no puede ser eliminado ya que posee '
'activos en el sistema.')
return default(msg)
def new_license_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Update the database
fields = []
values = []
for key in ['name', 'description']:
if key in CTK.post:
fields.append(key)
values.append("'%s'" % (CTK.post[key]))
q = "INSERT INTO licenses (%s) VALUES (%s);" % (", ".join(fields),
", ".join(values))
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok", 'redirect': LOCATION}
def delete(self):
"""Delete the collection and all its assets (or their
attachments if deletion is not possible."""
changes = []
for asset_id in self._collection['assets']:
a = Asset.Asset(asset_id)
oa = OpAsset.OpAsset(a)
ret = oa.delete()
if ret['type'] == 'partial' and ret['ret'] == True:
changes.append((asset_id, None))
if ret['ret'] == False:
self.__update_assets(changes)
return False
q = "DELETE FROM collections WHERE id = '%s';" % self._collection['id']
if not query_check_success(q):
return False
return True
def del_user():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Target user
user_id = CTK.request.url.split('/')[4]
# Delete
q = "DELETE FROM users WHERE id = %(user_id)s;" %(locals())
ok = query_check_success (q)
if ok:
msg = None
else:
msg = ('Este usuario no puede ser eliminado ya que posee '
'activos en el sistema.')
return default (msg)
def new_license_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Update the database
fields = []
values = []
for key in ['name', 'description']:
if key in CTK.post:
fields.append (key)
values.append ("'%s'"%(CTK.post[key]))
q = "INSERT INTO licenses (%s) VALUES (%s);" %(", ".join(fields), ", ".join(values))
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok",
'redirect': LOCATION}
def delete (self):
"""Delete the collection and all its assets (or their
attachments if deletion is not possible."""
changes = []
for asset_id in self._collection['assets']:
a = Asset.Asset (asset_id)
oa = OpAsset.OpAsset(a)
ret = oa.delete()
if ret['type'] == 'partial' and ret['ret'] == True:
changes.append((asset_id, None))
if ret['ret'] == False:
self.__update_assets (changes)
return False
q = "DELETE FROM collections WHERE id = '%s';" % self._collection['id']
if not query_check_success (q):
return False
return True
def edit_license_apply():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
license_id = CTK.post.pop('licenseid')
if not license_id:
return CTK.HTTP_Error(406)
# Update the database
sql_values = []
for key in ['name', 'description']:
if key in CTK.post:
sql_values.append ("%s='%s'" %(key, CTK.post[key]))
q = "UPDATE licenses SET %s WHERE id = %s;" %(','.join(sql_values), license_id)
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok"}
def edit_license_apply():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
license_id = CTK.post.pop('licenseid')
if not license_id:
return CTK.HTTP_Error(406)
# Update the database
sql_values = []
for key in ['name', 'description']:
if key in CTK.post:
sql_values.append("%s='%s'" % (key, CTK.post[key]))
q = "UPDATE licenses SET %s WHERE id = %s;" % (','.join(sql_values),
license_id)
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok"}
def del_profile():
# Authentication
fail = Auth.assert_is_role (Role.ROLE_ADMIN)
if fail: return fail
# Target profile
profile_id = CTK.request.url.split('/')[4]
# Check whether it can be deleted
q = "SELECT COUNT(*) FROM users WHERE profile_id = %(profile_id)s;" %(locals())
re = Query(q)
usage = re['COUNT(*)'][0]
if usage != 0:
return default ("El perfil está en uso por %d usuarios"%(usage))
# Delete it
q = "DELETE FROM profiles_has_roles WHERE profiles_id = %(profile_id)s;" %(locals())
q += "DELETE FROM profiles WHERE id = %(profile_id)s;" %(locals())
ok = query_check_success (q)
return CTK.HTTP_Redir('/admin/profile/')
def update(self):
"""Update a collection"""
col_id = self._collection['id']
q = "UPDATE collections SET name = '%s' "\
"WHERE id = %s;" % (self._collection['name'], col_id)
if not query_check_success(q):
return False
old_assets = Collection.Collection(col_id)['assets']
new_assets = self._collection['assets']
mod_assets = [x for x in old_assets if x not in new_assets]
changes = [(x, col_id) for x in new_assets]
changes += [(x, None) for x in mod_assets]
ok = self.__update_assets(changes)
if not ok:
return False
return True
def edit_user_apply():
# Authentication
is_admin = Role.user_has_role (Role.ROLE_ADMIN)
user_id = CTK.post['userid']
current_id = Auth.get_user_id()
try:
is_self = (int(user_id) == current_id)
except:
is_self = False
if not is_admin and not is_self:
return CTK.HTTP_Error(403)
if not user_id:
return CTK.HTTP_Error(406)
# Update the database
sql_values = []
for key in ['username', 'forename', 'surname1', 'surname2', 'email']:
if key in CTK.post:
sql_values.append ("%s='%s'" %(key, CTK.post[key]))
if 'password' in CTK.post:
password = CTK.post['password']
hashed_password = md5(password).hexdigest()
old_password = CTK.post['old_password']
if not password == old_password:
sql_values.append ("password='******'"%(hashed_password))
if is_admin:
key = 'profile_id'
if key in CTK.post:
sql_values.append ("%s=%s" %(key, CTK.post[key]))
q = "UPDATE users SET %s WHERE id = %s;" %(','.join(sql_values), user_id)
if not query_check_success (q):
return {'ret': "error"}
return {'ret': "ok"}
def edit_user_apply():
# Authentication
is_admin = Role.user_has_role(Role.ROLE_ADMIN)
user_id = CTK.post['userid']
current_id = Auth.get_user_id()
try:
is_self = (int(user_id) == current_id)
except:
is_self = False
if not is_admin and not is_self:
return CTK.HTTP_Error(403)
if not user_id:
return CTK.HTTP_Error(406)
# Update the database
sql_values = []
for key in ['username', 'forename', 'surname1', 'surname2', 'email']:
if key in CTK.post:
sql_values.append("%s='%s'" % (key, CTK.post[key]))
if 'password' in CTK.post:
password = CTK.post['password']
hashed_password = md5(password).hexdigest()
old_password = CTK.post['old_password']
if not password == old_password:
sql_values.append("password='******'" % (hashed_password))
if is_admin:
key = 'profile_id'
if key in CTK.post:
sql_values.append("%s=%s" % (key, CTK.post[key]))
q = "UPDATE users SET %s WHERE id = %s;" % (','.join(sql_values), user_id)
if not query_check_success(q):
return {'ret': "error"}
return {'ret': "ok"}
def update (self):
"""Update a collection"""
col_id = self._collection['id']
q = "UPDATE collections SET name = '%s' "\
"WHERE id = %s;" % (self._collection['name'], col_id)
if not query_check_success (q):
return False
old_assets = Collection.Collection(col_id)['assets']
new_assets = self._collection['assets']
mod_assets = [x for x in old_assets if x not in new_assets]
changes = [(x, col_id) for x in new_assets]
changes += [(x, None) for x in mod_assets]
ok = self.__update_assets (changes)
if not ok:
return False
return True
def del_profile():
# Authentication
fail = Auth.assert_is_role(Role.ROLE_ADMIN)
if fail: return fail
# Target profile
profile_id = CTK.request.url.split('/')[4]
# Check whether it can be deleted
q = "SELECT COUNT(*) FROM users WHERE profile_id = %(profile_id)s;" % (
locals())
re = Query(q)
usage = re['COUNT(*)'][0]
if usage != 0:
return default("El perfil está en uso por %d usuarios" % (usage))
# Delete it
q = "DELETE FROM profiles_has_roles WHERE profiles_id = %(profile_id)s;" % (
locals())
q += "DELETE FROM profiles WHERE id = %(profile_id)s;" % (locals())
ok = query_check_success(q)
return CTK.HTTP_Redir('/admin/profile/')