def adminPrivilegesPost(handler, p_grant): handler.title("Privileges") requirePriv(handler, 'Admin') p_grant = {name: privs.keys() for name, privs in p_grant.iteritems()} privNames = set() for privs in p_grant.values(): privNames |= set(privs) if not privNames <= set(privList.keys()): ErrorBox.die("Update privileges", "Unrecognized privilege name") for user in User.loadAll(): for priv in privList: privs = p_grant.get(user.username, []) has = user.hasPrivilege(priv) if has and priv not in privs: print "Revoking %s from %s<br>" % (priv, user.username) user.privileges.remove(priv) Event.revokePrivilege(handler, user, priv) elif not has and priv in privs: print "Granting %s to %s<br>" % (priv, user.username) user.privileges.add(priv) Event.grantPrivilege(handler, user, priv, False) user.save() print "Done"
def adminUsersPost(handler, p_action, p_username, p_privileges = [], p_send_welcome = False): handler.title('User Management') requirePriv(handler, 'Admin') for case in switch(p_action): if case('resetpw'): handler.title('Reset password') user = User.load(username = p_username) if not user: ErrorBox.die('Reset Password', "No user named <b>%s</b>" % stripTags(p_username)) hadPreviousKey = (user.resetkey != None and user.resetkey != '0') user.resetkey = "%x" % random.randint(0x10000000, 0xffffffff) user.save() Event.genResetKey(handler, user) print "Reset key for %s: <a href=\"/resetpw/%s?key=%s\">%s</a><br>" % (user, user.safe.username, user.resetkey, user.resetkey) if hadPreviousKey: print "<b>Warning</b>: This invalides the previous reset key for this user<br>" break if case('impersonate'): user = User.load(username = p_username) if not user: ErrorBox.die('Impersonate User', "No user named <b>%s</b>" % stripTags(p_username)) if not 'impersonator' in handler.session: handler.session['impersonator'] = handler.session['user'] handler.session.remember('impersonator') Event.impersonate(handler, user) handler.session['user'] = user redirect('/') break if case('sessions'): redirect("/admin/sessions?username=%s" % p_username) break if case('privileges'): redirect("/admin/privileges?username=%s" % p_username) break if case('new'): if User.load(username = p_username): ErrorBox.die('Add User', "There is already a user named <b>%s</b>" % stripTags(p_username)) if not re.match("^%s$" % USERNAME_PATTERN, p_username): ErrorBox.die('Add User', "Username <b>%s</b> is illegal" % stripTags(p_username)) if not all(name in privList for name in p_privileges): ErrorBox.die('Add User', "Unrecognized privilege name") user = User(p_username, '', privileges = set(p_privileges)) Event.newUser(handler, user) for priv in p_privileges: Event.grantPrivilege(handler, user, priv, True) if p_send_welcome: user.resetkey = "%x" % random.randint(0x10000000, 0xffffffff) msg = "A Sprint account has been created for you with the username `%s'. " % user.username if settings.kerberosRealm: msg += "You can use your %s password to login, or set a dedicated Sprint password here: " % settings.kerberosRealm else: msg += "You can set a password here: " msg += "http://%s:%d/resetpw/%s?key=%s" % (gethostname(), PORT, user.safe.username, user.resetkey) sendmail(user.getEmail(), "Sprint - New Account", msg) user.save() delay(handler, SuccessBox("Added user <b>%s</b>" % stripTags(p_username), close = True)) redirect("/users/%s" % user.username) break