def validateUserAndPassword(self, username, password):
"""
Looks first if the user is configured in the configuration file,
e.g. standard users like the "manager" account. If not the user
databases, like "Member", are checked. The encrypted password is
validated.
"""
if (username, sha.new(password).hexdigest()) not in users:
if len(username) >= 2:
# which database to use for user authentification
if username[:2].lower() == "mi":
user = Member.search(username[2:])
else:
self.warning("wrong prefix for username '%s'" % username)
raise LoginError, "WrongUsername"
# check user exist and unique
if user.count() == 0:
self.warning("user '%s' not found" % username)
raise LoginError, "WrongUsername"
elif user.count() > 1:
self.warning("User '%s' not unique" % username)
raise LoginError, "WrongUsername"
else:
# check password
if user[0].passwordHash == sha.new(password).hexdigest():
# correct user from Member database
self.info("User '%s' authorized" % username)
else:
self.warning("Wrong password for user '%s' in Member database" % username)
raise LoginError, "WrongPassword"
else:
self.warning("Username '%s' to short" % username)
raise LoginError, "WrongUsername"
def getRolesOfUser(self, username):
if username in roles:
return roles[username]
else:
if len(username) >= 2:
if username[:2].lower() == "mi":
user = Member.search(username[2:])
else:
# wrong prefix of username
return []
if user.count() == 1:
# get roles from database of user
return rolesTable[user[0].role]
else:
# user not unique or doesn't exist
return []
else:
# wrong user name
return []
def writeContent(self, trans=None):
'''
this servlet changes member record
'''
# retrieving the required parameters
accountNb = int(self.transaction.request().field('accountNb','0'))
print "nb: %s" % accountNb
firstName = self.transaction.request().field('firstName','')
print "fn: %s" % firstName
lastName = self.transaction.request().field('lastName','')
if not accountNb:
print "no accountNb"
if not firstName:
print "no firstname"
if not lastName:
print "no lastname"
# if it is a new account, create a new record
storeObjects = Member.search(str(accountNb))
if storeObjects.count() == 0:
print "create new member"
member = Member(accountNb=accountNb,firstName=firstName,lastName=lastName)
member.sync()
# calculating and setting the dates for "membershipEndFrom"
membershipKind = string.strip(self.transaction.request().field('membershipKind',''))
membershipFrom = string.strip(self.transaction.request().field('membershipFrom',''))
membershipEndFrom = string.strip(self.transaction.request().field('membershipEndFrom',''))
endsAt = string.strip(self.transaction.request().field('endsAt',''))
# if membershipEndFrom or membershipFrom are not set, they are equal
if (not membershipEndFrom) and (membershipFrom):
membershipEndFrom = membershipFrom
if (membershipEndFrom) and (not membershipFrom):
membershipFrom = membershipEndFrom
if (endsAt) and (not membershipEndFrom):
y = DateTime.DateTimeFrom(endsAt)+DateTime.DateTimeDelta(1)
membershipEndFrom = y.date
# retrieve accountNb's of all family members
accounts = []
accountObjects = Member.search("%s_" % str(accountNb)[:-1])
for x in accountObjects:
accounts.append(x.accountNb)
#
# Update all records of the family
#
for record in accounts:
errors = ''
storeObjects = Member.search(str(record))
member = storeObjects[0]
# if austrittsdatum and not member.Austrittsdatum():
# member.setAustrittsdatum(DateTime.DateTimeFrom(austrittsdatum))
# member.setAustrittsgrund(string.strip(self.transaction.request().field('Austrittsgrund','')))
#
# personal part of the record is only updated for the target member
#
if record == accountNb:
#
# change member object
#
self.updateMemberFields(member)
#
# membership status is only maintained for the main member of a family
#
if str(record)[-1:] == "0":
ms = self.getMemberships(member)
membershipNb = 0
if membershipEndFrom != '':
for x in range(1,nbOfMemberships+1):
if (ms['membershipKind'+str(x)]) and (not ms['membershipEndFrom'+str(x)]):
ms['membershipEndFrom'+str(x)] = DateTime.DateTimeFrom(membershipEndFrom)
#
# fees with equal membershipFrom and membershipEndFrom could be overwritten
#
if ms['membershipFrom'+str(x)] == DateTime.DateTimeFrom(membershipEndFrom):
membershipNb = x - 1
else:
membershipNb = x
elif membershipFrom:
for x in range(1,nbOfMemberships+1):
if (not ms['membershipKind'+str(x)]) and (membershipNb == 0):
membershipNb = x - 1
#
# set new fee in the next free slot (2-5 and 1) respective slot 1, if no fee already exists
#
if membershipKind:
ms['membershipKind'+str(membershipNb % nbOfMemberships + 1)] = membershipKind
ms['membershipFrom'+str(membershipNb % nbOfMemberships + 1)] = DateTime.DateTimeFrom(membershipFrom)
ms['membershipEndFrom'+str(membershipNb % nbOfMemberships + 1)] = None
ms['membershipPayNextFrom'+str(membershipNb % nbOfMemberships + 1)] = DateTime.DateTimeFrom(membershipFrom)
ms['membershipKind'+str((membershipNb + 1) % nbOfMemberships + 1)] = ""
ms['membershipFrom'+str((membershipNb + 1) % nbOfMemberships + 1)] = None
ms['membershipEndFrom'+str((membershipNb + 1) % nbOfMemberships + 1)] = None
ms['membershipPayNextFrom'+str((membershipNb + 1) % nbOfMemberships + 1)] = None
self.updateMemberships(member,ms)
self.updateStandardFields(member,errors)
#
# store updates in database
#
member.sync()
#
# back to member page
#
self.transaction.response().sendRedirect('MemberView?accountNb=' + str(accountNb))
def search(self, pattern='', context=''):
return Member.search(pattern,context)
def getAttrs(self, accountNb=''):
if accountNb:
records = Member.search(str(accountNb))
return records[0].allAttrs()
else:
return None