def reset(): "Reset the password for a user account and send email." if not flask.current_app.config["MAIL_SERVER"]: utils.flash_error("Cannot reset password; no email server defined.") return flask.redirect(flask.url_for("home")) if utils.http_GET(): email = flask.request.args.get("email") or "" email = email.lower() return flask.render_template("user/reset.html", email=email) elif utils.http_POST(): try: user = get_user(email=flask.request.form["email"]) if user is None: raise KeyError if user["status"] != constants.ENABLED: raise KeyError except KeyError: pass else: with UserSaver(user) as saver: saver.set_password() send_password_code(user, "password reset") utils.get_logger().info(f"reset user {user['username']}") utils.flash_message( "An email has been sent if the user account exists.") return flask.redirect(flask.url_for("home"))
def edit(iuid): "Edit the dataset, or delete it." try: dataset = get_dataset(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) if utils.http_GET(): if not allow_edit(dataset): utils.flash_error("Edit access to dataset not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) return flask.render_template("dataset/edit.html", am_owner=am_owner(dataset), dataset=dataset) elif utils.http_POST(): if not allow_edit(dataset): utils.flash_error("Edit access to dataset not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) try: with DatasetSaver(dataset) as saver: saver.set_title() if flask.g.am_admin: saver.change_owner() if am_owner(dataset): saver.set_editors() saver.set_description() saver.upload_file() saver.set_vega_lite_types() except ValueError as error: utils.flash_error(str(error)) return flask.redirect(flask.url_for(".display", iuid=iuid)) elif utils.http_DELETE(): if not possible_delete(dataset): utils.flash_error("Dataset cannot be deleted; use by graphics.") return flask.redirect(flask.url_for(".display", iuid=iuid)) if not allow_delete(dataset): utils.flash_error("Delete access to dataset not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) flask.g.db.delete(dataset) for log in utils.get_logs(dataset["_id"], cleanup=False): flask.g.db.delete(log) utils.flash_message("The dataset was deleted.") return flask.redirect(flask.url_for("datasets.display"))
def edit(iuid): "Edit the graphic, or delete it." try: graphic = get_graphic(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) if utils.http_GET(): if not allow_edit(graphic): utils.flash_error("Edit access to graphic not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) return flask.render_template("graphic/edit.html", am_owner=am_owner(graphic), graphic=graphic) elif utils.http_POST(): if not allow_edit(graphic): utils.flash_error("Edit access to graphic not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) try: with GraphicSaver(graphic) as saver: saver.set_title() if flask.g.am_admin: saver.change_owner() if am_owner(graphic): saver.set_editors() saver.set_description() saver.set_specification() except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) return flask.redirect(flask.url_for(".display", iuid=saver.doc["_id"])) elif utils.http_DELETE(): if not allow_delete(graphic): utils.flash_error("Delete access to graphic not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) flask.g.db.delete(graphic) for log in utils.get_logs(graphic["_id"], cleanup=False): flask.g.db.delete(log) utils.flash_message("The graphic was deleted.") return flask.redirect( flask.url_for("dataset.display", iuid=graphic["dataset"]))
def data(iuid): "Display the data contents of the dataset." try: dataset = get_dataset(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(flask.url_for("home")) if not allow_view(dataset): utils.flash_error("View access to dataset not allowed.") return flask.redirect(utils.url_referrer()) outfile = flask.g.db.get_attachment(dataset, "data.json") data = json.load(outfile) max_records = flask.current_app.config["MAX_RECORDS_INSPECT"] if len(data) > max_records: data = data[:max_records] utils.flash_message( f"Only the first {max_records} records are displayed.") return flask.render_template("dataset/data.html", dataset=dataset, data=data)
def edit(username): "Edit the user display. Or delete the user." user = get_user(username=username) if user is None: utils.flash_error("No such user.") return flask.redirect(flask.url_for("home")) if not am_admin_or_self(user): utils.flash_error("Access not allowed.") return flask.redirect(flask.url_for("home")) if utils.http_GET(): return flask.render_template("user/edit.html", user=user, deletable=is_empty(user)) elif utils.http_POST(): with UserSaver(user) as saver: if flask.g.am_admin: email = flask.request.form.get("email") if email != user["email"]: saver.set_email(email) if am_admin_and_not_self(user): saver.set_role(flask.request.form.get("role")) if flask.request.form.get("apikey"): saver.set_apikey() return flask.redirect( flask.url_for(".display", username=user["username"])) elif utils.http_DELETE(): if not is_empty(user): utils.flash_error("Cannot delete non-empty user account.") return flask.redirect(flask.url_for(".display", username=username)) for log in utils.get_logs(user["_id"], cleanup=False): flask.g.db.delete(log) flask.g.db.delete(user) utils.flash_message(f"Deleted user {username}.") utils.get_logger().info(f"deleted user {username}") if flask.g.am_admin: return flask.redirect(flask.url_for(".all")) else: return flask.redirect(flask.url_for("home"))
def register(): "Register a new user account." if not flask.g.am_admin and not flask.current_app.config["USER_REGISTER"]: utils.flash_error("Only admin can register new user accounts.") return flask.redirect(flask.url_for("home")) if utils.http_GET(): return flask.render_template("user/register.html") elif utils.http_POST(): try: with UserSaver() as saver: saver.set_username(flask.request.form.get("username")) saver.set_email(flask.request.form.get("email")) saver.set_role(constants.USER) if flask.g.am_admin: saver.set_password( flask.request.form.get("password") or None) saver.set_apikey() saver.set_status(constants.ENABLED) else: saver.set_password() user = saver.doc except ValueError as error: utils.flash_error(error) return flask.redirect(flask.url_for(".register")) utils.get_logger().info(f"registered user {user['username']}") if user["status"] == constants.ENABLED: # Directly enabled and code set. Send code to the user. if user["password"][:5] == "code:": send_password_code(user, "registration") utils.get_logger().info(f"enabled user {user['username']}") utils.flash_message("User account created; check your email.") # Directly enabled and password set. No email to anyone. else: utils.get_logger().info(f"enabled user {user['username']}" " and set password") utils.flash_message("User account created and password set.") # Was set to 'pending'; send email to admins. else: admins = get_users(constants.ADMIN, status=constants.ENABLED) emails = [u["email"] for u in admins] message = flask_mail.Message("DataGraphics user account pending", recipients=emails) url = flask.url_for(".display", username=user["username"], _external=True) message.body = f"To enable the user account, go to {url}" utils.mail.send(message) utils.get_logger().info(f"pending user {user['username']}") utils.flash_message("User account created; an email will be sent" " when it has been enabled by the admin.") return flask.redirect(flask.url_for("home"))