class MyUserDBModelView(UserDBModelView):
# View that add DB specifics to User view.
# Override to implement your own custom view.
# Then override userdbmodelview property on SecurityManager
show_fieldsets = [
(lazy_gettext('User info'),
{{'fields': ['username', 'active', 'roles', 'login_count', 'extra']}}),
(lazy_gettext('Personal Info'),
{{'fields': ['first_name', 'last_name', 'email'], 'expanded': True}}),
(lazy_gettext('Audit Info'),
{{'fields': ['last_login', 'fail_login_count', 'created_on',
'created_by', 'changed_on', 'changed_by'], 'expanded': False}}),
]
user_show_fieldsets = [
(lazy_gettext('User info'),
{{'fields': ['username', 'active', 'roles', 'login_count', 'extra']}}),
(lazy_gettext('Personal Info'),
{{'fields': ['first_name', 'last_name', 'email'], 'expanded': True}}),
]
add_columns = ['first_name', 'last_name', 'username', 'active', 'email', 'roles', 'extra', 'password', 'conf_password']
list_columns = ['first_name', 'last_name', 'username', 'email', 'active', 'roles']
edit_columns = ['first_name', 'last_name', 'username', 'active', 'email', 'roles', 'extra']
class TestForm(DynamicForm):
TestFieldOne = StringField(lazy_gettext('Test Field One'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
TestFieldTwo = StringField(lazy_gettext('Test Field One'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
class RegisterUserDBView(BaseRegisterUser):
"""
View for Registering a new user, auth db mode
"""
form = RegisterUserDBForm
""" The WTForm form presented to the user to register himself """
form_title = lazy_gettext('Fill out the registration form')
""" The form title """
redirect_url = '/'
error_message = lazy_gettext(
'Not possible to register you at the moment, try again later')
message = lazy_gettext('Registration sent to your email')
""" The message shown on a successful registration """
def form_get(self, form):
datamodel_user = SQLAInterface(User, self.appbuilder.get_session)
datamodel_register_user = SQLAInterface(RegisterUser,
self.appbuilder.get_session)
if len(form.username.validators) == 1:
form.username.validators.append(Unique(datamodel_user, 'username'))
form.username.validators.append(
Unique(datamodel_register_user, 'username'))
if len(form.email.validators) == 2:
form.email.validators.append(Unique(datamodel_user, 'email'))
form.email.validators.append(
Unique(datamodel_register_user, 'email'))
def form_post(self, form):
self.add_registration(username=form.username.data,
first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
password=form.password.data)
class RegisterUserModelView(ModelView):
route_base = '/registeruser'
base_permissions = ['can_list', 'can_show', 'can_delete']
list_title = lazy_gettext('List of Registration Requests')
show_title = lazy_gettext('Show Registration')
list_columns = ['username', 'registration_date', 'email']
show_exclude_columns = ['password']
search_exclude_columns = ['password']
class PermissionModelView(ModelView):
route_base = '/permissions'
base_permissions = ['can_list']
list_title = lazy_gettext('List Base Permissions')
show_title = lazy_gettext('Show Base Permission')
add_title = lazy_gettext('Add Base Permission')
edit_title = lazy_gettext('Edit Base Permission')
label_columns = {'name': lazy_gettext('Name')}
class ViewMenuModelView(ModelView):
route_base = '/viewmenus'
base_permissions = ['can_list']
list_title = lazy_gettext('List View Menus')
show_title = lazy_gettext('Show View Menu')
add_title = lazy_gettext('Add View Menu')
edit_title = lazy_gettext('Edit View Menu')
label_columns = {'name': lazy_gettext('Name')}
class RegisterUserDBForm(DynamicForm):
username = StringField(lazy_gettext('User Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
first_name = StringField(lazy_gettext('First Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
last_name = StringField(lazy_gettext('Last Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
email = StringField(lazy_gettext('Email'),
validators=[DataRequired(), Email()],
widget=BS3TextFieldWidget())
password = PasswordField(
lazy_gettext('Password'),
description=lazy_gettext(
'Please use a good password policy, this application does not check this for you'
),
validators=[DataRequired()],
widget=BS3PasswordFieldWidget())
conf_password = PasswordField(
lazy_gettext('Confirm Password'),
description=lazy_gettext('Please rewrite the password to confirm'),
validators=[
EqualTo('password', message=lazy_gettext('Passwords must match'))
],
widget=BS3PasswordFieldWidget())
recaptcha = RecaptchaField()
class UserInfoEdit(DynamicForm):
first_name = StringField(
lazy_gettext('First Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget(),
description=lazy_gettext('Write the user first name or names'))
last_name = StringField(
lazy_gettext('Last Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget(),
description=lazy_gettext('Write the user last name'))
class ResetMyPasswordView(SimpleFormView):
"""
View for resetting own user password
"""
route_base = '/resetmypassword'
form = ResetPasswordForm
form_title = lazy_gettext('Reset Password Form')
redirect_url = '/'
message = lazy_gettext('Password Changed')
def form_post(self, form):
self.appbuilder.sm.reset_password(g.user.id, form.password.data)
flash(as_unicode(self.message), 'info')
class RegisterUserOIDForm(DynamicForm):
username = StringField(lazy_gettext('User Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
first_name = StringField(lazy_gettext('First Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
last_name = StringField(lazy_gettext('Last Name'),
validators=[DataRequired()],
widget=BS3TextFieldWidget())
email = StringField(lazy_gettext('Email'),
validators=[DataRequired(), Email()],
widget=BS3TextFieldWidget())
recaptcha = RecaptchaField()
class RoleModelView(ModelView):
route_base = '/roles'
list_title = lazy_gettext('List Roles')
show_title = lazy_gettext('Show Role')
add_title = lazy_gettext('Add Role')
edit_title = lazy_gettext('Edit Role')
label_columns = {
'name': lazy_gettext('Name'),
'permissions': lazy_gettext('Permissions')
}
list_columns = ['name', 'permissions']
order_columns = ['name']
@action("Copy Role",
lazy_gettext('Copy Role'),
lazy_gettext('Copy the selected roles?'),
icon='fa-copy',
single=False)
def copy_role(self, items):
self.update_redirect()
for item in items:
new_role = item.__class__()
new_role.name = item.name
new_role.permissions = item.permissions
new_role.name = new_role.name + ' copy'
self.datamodel.add(new_role)
return redirect(self.get_redirect())
class ResetPasswordView(SimpleFormView):
"""
View for reseting all users password
"""
route_base = '/resetpassword'
form = ResetPasswordForm
form_title = lazy_gettext('Reset Password Form')
redirect_url = '/'
message = lazy_gettext('Password Changed')
def form_post(self, form):
pk = request.args.get('pk')
self.appbuilder.sm.reset_password(pk, form.password.data)
flash(as_unicode(self.message), 'info')
class ResetPasswordForm(DynamicForm):
password = PasswordField(
lazy_gettext('Password'),
description=lazy_gettext(
'Please use a good password policy, this application does not check this for you'
),
validators=[DataRequired()],
widget=BS3PasswordFieldWidget())
conf_password = PasswordField(
lazy_gettext('Confirm Password'),
description=lazy_gettext('Please rewrite the password to confirm'),
validators=[
EqualTo('password', message=lazy_gettext('Passwords must match'))
],
widget=BS3PasswordFieldWidget())
class AuthView(BaseView):
route_base = ''
login_template = ''
invalid_login_message = lazy_gettext('Invalid login. Please try again.')
title = lazy_gettext('Sign In')
@expose('/login/', methods=['GET', 'POST'])
def login(self):
pass
@expose('/logout/')
def logout(self):
logout_user()
return redirect(self.appbuilder.get_url_for_index)
class Formulariooferta(FlaskForm):
cliente = StringField('Cliente', render_kw={'readonly': "true"})
producto = SelectField('Producto', render_kw={'readonly': "true"})
descuento = FloatField('Descuento %',
render_kw={'readonly': 'true'},
validators=[DataRequired()],
default=0)
precio = FloatField('Precio $',
render_kw={'readonly': 'true'},
validators=[DataRequired()],
default=0)
cantidad_oferta = IntegerField('Cantidad disponible para la oferta',
render_kw={'readonly': 'true'},
validators=[DataRequired()],
widget=BS3TextFieldWidget())
cantidad = IntegerField('Cantidad',
render_kw={'type': "number"},
validators=[DataRequired()],
widget=BS3TextFieldWidget())
total = FloatField('Total $',
render_kw={'readonly': 'true'},
validators=[DataRequired()],
default=0,
description=lazy_gettext("""Total Previo Impuestos"""))
submit = SubmitField("Realizar Pedido",
render_kw={"onclick": "confirmacion(event)"})
def wraps(self, *args, **kwargs):
permission_str = PERMISSION_PREFIX + f._permission_name
if self.appbuilder.sm.has_access(permission_str, self.__class__.__name__):
return f(self, *args, **kwargs)
else:
flash(as_unicode(lazy_gettext("Access is Denied")), "danger")
return redirect(url_for(self.appbuilder.sm.auth_view.__class__.__name__ + ".login"))
class MyUserDBModelView(UserDBModelView):
show_fieldsets = [
(lazy_gettext('User info'), {
'fields': [
'username', 'active', 'roles', 'seclevel', 'user_vendor',
'user_vendor_site', 'login_count'
]
}),
(lazy_gettext('Personal Info'), {
'fields': ['first_name', 'last_name', 'email', 'user_interests'],
'expanded': True
}),
(lazy_gettext('Audit Info'), {
'fields': [
'last_login', 'fail_login_count', 'created_on', 'created_by',
'changed_on', 'changed_by'
],
'expanded':
False
}),
]
user_show_fieldsets = [
(lazy_gettext('User info'), {
'fields': [
'username', 'active', 'roles', 'login_count', 'user_vendor',
'user_vendor_site'
]
}),
(lazy_gettext('Personal Info'), {
'fields': ['first_name', 'last_name', 'email', 'user_interests'],
'expanded': True
}),
]
add_columns = [
'first_name', 'last_name', 'username', 'active', 'email', 'roles',
'seclevel', 'user_vendor', 'user_vendor_site', 'user_interests',
'password', 'conf_password'
]
list_columns = [
'first_name', 'last_name', 'username', 'email', 'active', 'roles',
'seclevel', 'user_vendor', 'user_vendor_site'
]
edit_columns = [
'first_name', 'last_name', 'username', 'active', 'email', 'roles',
'seclevel', 'user_vendor', 'user_vendor_site', 'user_interests'
]
def wraps(self, *args, **kwargs):
permission_str = PERMISSION_PREFIX + f._permission_name
if self.appbuilder.sm.has_access(permission_str, self.__class__.__name__):
return f(self, *args, **kwargs)
else:
log.warning("Access is Denied for: {0} on: {1}".format(permission_str, self.__class__.__name__))
flash(as_unicode(lazy_gettext("Access is Denied")), "danger")
return redirect(url_for(self.appbuilder.sm.auth_view.__class__.__name__ + ".login"))
def test_lazy_gettext(self):
app = flask.Flask(__name__)
b = babel.Babel(app, default_locale='de_DE')
yes = lazy_gettext(u'Yes')
with app.test_request_context():
assert text_type(yes) == 'Ja'
app.config['BABEL_DEFAULT_LOCALE'] = 'en_US'
with app.test_request_context():
assert text_type(yes) == 'Yes'
class UserStatsChartView(DirectByChartView):
chart_title = lazy_gettext('User Statistics')
label_columns = {
'username': lazy_gettext('User Name'),
'login_count': lazy_gettext('Login count'),
'fail_login_count': lazy_gettext('Failed login count')
}
search_columns = UserModelView.search_columns
definitions = [{
'label': 'Login Count',
'group': 'username',
'series': ['login_count']
}, {
'label': 'Failed Login Count',
'group': 'username',
'series': ['fail_login_count']
}]
class UserInfoEditView(SimpleFormView):
form = UserInfoEdit
form_title = lazy_gettext('Edit User Information')
redirect_url = '/'
message = lazy_gettext('User information changed')
def form_get(self, form):
item = self.appbuilder.sm.get_user_by_id(g.user.id)
# fills the form generic solution
for key, value in form.data.items():
form_field = getattr(form, key)
form_field.data = getattr(item, key)
def form_post(self, form):
form = self.form.refresh(request.form)
item = self.appbuilder.sm.get_user_by_id(g.user.id)
form.populate_obj(item)
self.appbuilder.sm.update_user(item)
flash(as_unicode(self.message), 'info')
def wraps(self, *args, **kwargs):
permission_str = PERMISSION_PREFIX + f._permission_name
if self.appbuilder.sm.has_access(permission_str, self.__class__.__name__):
return f(self, *args, **kwargs)
else:
log.warning("Access is Denied for: {0} on: {1}".format(permission_str, self.__class__.__name__))
response = make_response(jsonify({'message': str(lazy_gettext("Access is Denied")),
'severity': 'danger'}), 401)
response.headers['Content-Type'] = "application/json"
return response
return redirect(url_for(self.appbuilder.sm.auth_view.__class__.__name__ + ".login"))
def action(self, name, pk):
"""
Action method to handle actions from a show view
"""
if self.appbuilder.sm.has_access(name, self.__class__.__name__):
action = self.actions.get(name)
return action.func(self.datamodel.get(pk))
else:
print("INVALID ACCESS ON {0}".format(self.__class__.__name__))
flash(as_unicode(lazy_gettext("Access is Denied")), "danger")
return redirect('.')
def action(self, name, pk):
"""
Action method to handle actions from a show view
"""
if self.appbuilder.sm.has_access(name, self.__class__.__name__):
action = self.actions.get(name)
return action.func(self.datamodel.get(pk))
else:
print("INVALID ACCESS ON {0}".format(self.__class__.__name__))
flash(as_unicode(lazy_gettext("Access is Denied")), "danger")
return redirect('.')
def action_post(self):
"""
Action method to handle multiple records selected from a list view
"""
name = request.form['action']
pks = request.form.getlist('rowid')
if self.appbuilder.sm.has_access(name, self.__class__.__name__):
action = self.actions.get(name)
items = [self.datamodel.get(pk) for pk in pks]
return action.func(items)
else:
flash(as_unicode(lazy_gettext("Access is Denied")), "danger")
return redirect('.')
def action_post(self):
"""
Action method to handle multiple records selected from a list view
"""
name = request.form['action']
pks = request.form.getlist('rowid')
if self.appbuilder.sm.has_access(name, self.__class__.__name__):
action = self.actions.get(name)
items = [self.datamodel.get(pk) for pk in pks]
return action.func(items)
else:
print("INVALID ACCESS ON {0} {1}".format(name, self.__class__.__name__))
flash(as_unicode(lazy_gettext("Access is Denied")), "danger")
return redirect('.')
class PermissionViewModelView(ModelView):
route_base = '/permissionviews'
base_permissions = ['can_list']
list_title = lazy_gettext('List Permissions on Views/Menus')
show_title = lazy_gettext('Show Permission on Views/Menus')
add_title = lazy_gettext('Add Permission on Views/Menus')
edit_title = lazy_gettext('Edit Permission on Views/Menus')
label_columns = {'permission': lazy_gettext('Permission'), 'view_menu': lazy_gettext('View/Menu')}
list_columns = ['permission', 'view_menu']
class DataModel():
obj = None
""" Messages to display on CRUD Events """
add_row_message = lazy_gettext('Added Row')
edit_row_message = lazy_gettext('Changed Row')
delete_row_message = lazy_gettext('Deleted Row')
delete_integrity_error_message = lazy_gettext(
'Associated data exists, please delete them first')
add_integrity_error_message = lazy_gettext(
'Integrity error, probably unique constraint')
edit_integrity_error_message = lazy_gettext(
'Integrity error, probably unique constraint')
general_error_message = lazy_gettext('General Error')
def __init__(self, obj):
self.obj = obj
def _get_attr_value(self, item, col):
if hasattr(getattr(item, col), '__call__'):
# its a function
return getattr(item, col)()
else:
# its attribute
return getattr(item, col)
def get_values_item(self, item, show_columns):
return [self._get_attr_value(item, col) for col in show_columns]
def get_values(self, lst, list_columns):
"""
Get Values: formats values for list template.
returns [{'col_name':'col_value',....},{'col_name':'col_value',....}]
:param lst:
The list of item objects from query
:param list_columns:
The list of columns to include
"""
retlst = []
for item in lst:
retdict = {}
for col in list_columns:
retdict[col] = self._get_attr_value(item, col)
retlst.append(retdict)
return retlst
""" Database delete generic error, format with err message """
LOGMSG_WAR_DBI_AVG_ZERODIV = "Zero division on aggregate_avg"
LOGMSG_WAR_FAB_VIEW_EXISTS = "View already exists {0} ignoring"
""" Attempt to add an already added view, format with view name """
LOGMSG_WAR_DBI_ADD_INTEGRITY = "Add record integrity error: {0}"
""" Dabase integrity error, format with err message """
LOGMSG_WAR_DBI_EDIT_INTEGRITY = "Edit record integrity error: {0}"
""" Dabase integrity error, format with err message """
LOGMSG_WAR_DBI_DEL_INTEGRITY = "Delete record integrity error: {0}"
""" Dabase integrity error, format with err message """
LOGMSG_INF_FAB_ADD_VIEW = "Registering class {0} on menu {1}"
""" Inform that view class was added, format with class name, name"""
FLAMSG_ERR_SEC_ACCESS_DENIED = lazy_gettext("Access is Denied")
""" Access denied flash message """
PERMISSION_PREFIX = 'can_'
""" Prefix to be concatenated to permission names, and inserted in the backend """
AUTH_OID = 0
AUTH_DB = 1
AUTH_LDAP = 2
AUTH_REMOTE_USER = 3
AUTH_OAUTH = 4
""" Constants for supported authentication types """
class MyUserDBModelView(UserDBModelView):
"""
View that add DB specifics to User view.
Override to implement your own custom view.
Then override userdbmodelview property on SecurityManager
"""
login_template = 'login.html'
label_columns = {'activeformat':'Está activo?','cuilformat':'Cuil'}
show_fieldsets = [
(lazy_gettext('User info'),
{'fields': ['username', 'active', 'roles', 'login_count', 'cuil']}),
(lazy_gettext('Personal Info'),
{'fields': ['first_name', 'last_name', 'email'], 'expanded': True}),
(lazy_gettext('Audit Info'),
{'fields': ['last_login', 'fail_login_count', 'created_on',
'created_by', 'changed_on', 'changed_by'], 'expanded': False}),
]
user_show_fieldsets = [
(lazy_gettext('Informacion de Usuario'),
{'fields': ['username', 'active', 'roles', 'login_count', 'cuil']}),
(lazy_gettext('Informacion Personal'),
{'fields': ['first_name', 'last_name', 'email'], 'expanded': True}),
]
add_columns = [
'username',
'first_name',
'last_name',
'email',
'cuil',
'password',
'conf_password'
]
list_columns = [
'first_name',
'last_name',
'username',
'email',
'cuilformat',
'activeformat',
'roles'
]
edit_columns = [
'first_name',
'last_name',
'username',
'cuil',
'active',
'roles'
]
validators_columns ={
'cuil':[InputRequired(),cuitvalidatorProveedores]
}
add_form_extra_fields = {
'roles': QuerySelectMultipleField(
'Rol',
query_factory=cuil_query,
widget=Select2ManyWidget()
),
"password": PasswordField(
lazy_gettext("Password"),
description=lazy_gettext(
"Utilice una buena política de contraseñas, esta aplicación no verifica esto por usted"
),
validators=[validators.DataRequired()],
widget=BS3PasswordFieldWidget(),
),
"conf_password": PasswordField(
lazy_gettext("Confirmar Password"),
description=lazy_gettext("Vuelva a escribir la contraseña del usuario para confirmar"),
validators=[
EqualTo("password", message=lazy_gettext("Passwords deben coincidir"))
],
widget=BS3PasswordFieldWidget(),
),
}
edit_form_extra_fields = {
'roles': QuerySelectMultipleField(
'Rol',
query_factory=cuil_query,
widget=Select2ManyWidget()
),
'first_name': StringField(
'Nombre',
validators=[validators.DataRequired()]
),
'last_name': StringField(
'Apellidos',
validators=[validators.DataRequired()]
),
'username': StringField(
'Nombre de usuario',
validators=[validators.DataRequired()]
),
'cuil': StringField(
'Cuil',
validators=[InputRequired(),cuitvalidatorProveedores]
)
}
class BaseInterface(object):
"""
Base class for all data model interfaces.
Sub class it to implement your own interface for some data engine.
"""
obj = None
filter_converter_class = None
""" when sub classing override with your own custom filter converter """
""" Messages to display on CRUD Events """
add_row_message = lazy_gettext('Added Row')
edit_row_message = lazy_gettext('Changed Row')
delete_row_message = lazy_gettext('Deleted Row')
delete_integrity_error_message = lazy_gettext(
'Associated data exists, please delete them first')
add_integrity_error_message = lazy_gettext(
'Integrity error, probably unique constraint')
edit_integrity_error_message = lazy_gettext(
'Integrity error, probably unique constraint')
general_error_message = lazy_gettext('General Error')
""" Tuple with message and text with severity type ex: ("Added Row", "info") """
message = ()
def __init__(self, obj):
self.obj = obj
def _get_attr_value(self, item, col):
if not hasattr(item, col):
# it's an inner obj attr
return reduce(getattr, col.split('.'), item)
if hasattr(getattr(item, col), '__call__'):
# its a function
return getattr(item, col)()
else:
# its attribute
return getattr(item, col)
def get_filters(self, search_columns=None):
search_columns = search_columns or []
return Filters(self.filter_converter_class, self, search_columns)
def get_values_item(self, item, show_columns):
return [self._get_attr_value(item, col) for col in show_columns]
def _get_values(self, lst, list_columns):
"""
Get Values: formats values for list template.
returns [{'col_name':'col_value',....},{'col_name':'col_value',....}]
:param lst:
The list of item objects from query
:param list_columns:
The list of columns to include
"""
retlst = []
for item in lst:
retdict = {}
for col in list_columns:
retdict[col] = self._get_attr_value(item, col)
retlst.append(retdict)
return retlst
def get_values(self, lst, list_columns):
"""
Get Values: formats values for list template.
returns [{'col_name':'col_value',....},{'col_name':'col_value',....}]
:param lst:
The list of item objects from query
:param list_columns:
The list of columns to include
"""
for item in lst:
retdict = {}
for col in list_columns:
retdict[col] = self._get_attr_value(item, col)
yield retdict
def get_values_json(self, lst, list_columns):
"""
Converts list of objects from query to JSON
"""
result = []
for item in self.get_values(lst, list_columns):
for key, value in list(item.items()):
if isinstance(value, datetime.datetime) or isinstance(
value, datetime.date):
value = value.isoformat()
item[key] = value
if isinstance(value, list):
item[key] = [str(v) for v in value]
result.append(item)
return result
"""
Returns the models class name
useful for auto title on views
"""
@property
def model_name(self):
return self.obj.__class__.__name__
"""
Next methods must be overridden
"""
def query(self,
filters=None,
order_column='',
order_direction='',
page=None,
page_size=None):
pass
def is_image(self, col_name):
return False
def is_file(self, col_name):
return False
def is_gridfs_file(self, col_name):
return False
def is_gridfs_image(self, col_name):
return False
def is_string(self, col_name):
return False
def is_text(self, col_name):
return False
def is_integer(self, col_name):
return False
def is_numeric(self, col_name):
return False
def is_float(self, col_name):
return False
def is_boolean(self, col_name):
return False
def is_date(self, col_name):
return False
def is_datetime(self, col_name):
return False
def is_relation(self, prop):
return False
def is_relation_col(self, col):
return False
def is_relation_many_to_one(self, prop):
return False
def is_relation_many_to_many(self, prop):
return False
def is_relation_one_to_one(self, prop):
return False
def is_relation_one_to_many(self, prop):
return False
def is_nullable(self, col_name):
return True
def is_unique(self, col_name):
return False
def is_pk(self, col_name):
return False
def is_fk(self, col_name):
return False
def get_max_length(self, col_name):
return -1
def get_min_length(self, col_name):
return -1
"""
-----------------------------------------
FUNCTIONS FOR CRUD OPERATIONS
-----------------------------------------
"""
def add(self, item):
"""
Adds object
"""
raise NotImplementedError
def edit(self, item):
"""
Edit (change) object
"""
raise NotImplementedError
def delete(self, item):
"""
Deletes object
"""
raise NotImplementedError
def get_col_default(self, col_name):
pass
def get_keys(self, lst):
"""
return a list of pk values from object list
"""
pk_name = self.get_pk_name()
return [getattr(item, pk_name) for item in lst]
def get_pk_name(self, item):
"""
Returns the primary key name
"""
raise NotImplementedError
def get_pk_value(self, item):
return getattr(item, self.get_pk_name())
def get(self, pk, filter=None):
"""
return the record from key, you can optionally pass filters
if pk exits on the db but filters exclude it it will return none.
"""
pass
def get_related_model(self, prop):
raise NotImplementedError
def get_related_interface(self, col_name):
"""
Returns a BaseInterface for the related model
of column name.
:param col_name: Column name with relation
:return: BaseInterface
"""
raise NotImplementedError
def get_related_obj(self, col_name, value):
raise NotImplementedError
def get_related_fk(self, model):
raise NotImplementedError
def get_columns_list(self):
"""
Returns a list of all the columns names
"""
return []
def get_user_columns_list(self):
"""
Returns a list of user viewable columns names
"""
return self.get_columns_list()
def get_search_columns_list(self):
"""
Returns a list of searchable columns names
"""
return []
def get_order_columns_list(self, list_columns=None):
"""
Returns a list of order columns names
"""
return []
def get_relation_fk(self, prop):
pass
class LoginForm_oid(DynamicForm):
openid = StringField(lazy_gettext('openid'), validators=[DataRequired()])
username = StringField(lazy_gettext('User Name'))
remember_me = BooleanField(lazy_gettext('remember_me'), default=False)
class UserDBModelView(UserModelView):
"""
View that add DB specifics to User view.
Override to implement your own custom view.
Then override userdbmodelview property on SecurityManager
"""
add_form_extra_fields = {
'password':
PasswordField(
lazy_gettext('Password'),
description=lazy_gettext(
'Please use a good password policy, this application does not check this for you'
),
validators=[validators.DataRequired()],
widget=BS3PasswordFieldWidget()),
'conf_password':
PasswordField(lazy_gettext('Confirm Password'),
description=lazy_gettext(
'Please rewrite the user\'s password to confirm'),
validators=[
EqualTo('password',
message=lazy_gettext('Passwords must match'))
],
widget=BS3PasswordFieldWidget())
}
add_columns = [
'first_name', 'last_name', 'username', 'active', 'email', 'roles',
'password', 'conf_password'
]
@expose('/show/<pk>', methods=['GET'])
@has_access
def show(self, pk):
actions = {}
actions['resetpasswords'] = self.actions.get('resetpasswords')
widgets = self._get_show_widget(pk, actions=actions)
self.update_redirect()
return self.render_template(self.show_template,
pk=pk,
title=self.show_title,
widgets=widgets,
appbuilder=self.appbuilder,
related_views=self._related_views)
@expose('/userinfo/')
@has_access
def userinfo(self):
actions = {}
actions['resetmypassword'] = self.actions.get('resetmypassword')
widgets = self._get_show_widget(
g.user.id,
actions=actions,
show_fieldsets=self.user_show_fieldsets)
self.update_redirect()
return self.render_template(
self.show_template,
title=self.user_info_title,
widgets=widgets,
appbuilder=self.appbuilder,
)
@action('resetmypassword',
lazy_gettext("Reset my password"),
"",
"fa-lock",
multiple=False)
def resetmypassword(self, item):
return redirect(url_for('ResetMyPasswordView.this_form_get'))
@action('resetpasswords',
lazy_gettext("Reset Password"),
"",
"fa-lock",
multiple=False)
def resetpasswords(self, item):
return redirect(url_for('ResetPasswordView.this_form_get', pk=item.id))
def pre_update(self, item):
item.changed_on = datetime.datetime.now()
item.changed_by_fk = g.user.id
def pre_add(self, item):
item.password = generate_password_hash(item.password)
class UserModelView(ModelView):
route_base = '/users'
list_title = lazy_gettext('List Users')
show_title = lazy_gettext('Show User')
add_title = lazy_gettext('Add User')
edit_title = lazy_gettext('Edit User')
label_columns = {
'get_full_name': lazy_gettext('Full Name'),
'first_name': lazy_gettext('First Name'),
'last_name': lazy_gettext('Last Name'),
'username': lazy_gettext('User Name'),
'password': lazy_gettext('Password'),
'active': lazy_gettext('Is Active?'),
'email': lazy_gettext('EMail'),
'roles': lazy_gettext('Role'),
'last_login': lazy_gettext('Last login'),
'login_count': lazy_gettext('Login count'),
'fail_login_count': lazy_gettext('Failed login count'),
'created_on': lazy_gettext('Created on'),
'created_by': lazy_gettext('Created by'),
'changed_on': lazy_gettext('Changed on'),
'changed_by': lazy_gettext('Changed by')
}
description_columns = {
'first_name':
lazy_gettext('Write the user first name or names'),
'last_name':
lazy_gettext('Write the user last name'),
'username':
lazy_gettext(
'Username valid for authentication on DB or LDAP, unused for OID auth'
),
'password':
lazy_gettext(
'Please use a good password policy, this application does not check this for you'
),
'active':
lazy_gettext(
'It\'s not a good policy to remove a user, just make it inactive'),
'email':
lazy_gettext('The user\'s email, this will also be used for OID auth'),
'roles':
lazy_gettext(
'The user role on the application, this will associate with a list of permissions'
),
'conf_password':
lazy_gettext('Please rewrite the user\'s password to confirm')
}
list_columns = [
'first_name', 'last_name', 'username', 'email', 'active', 'roles'
]
show_fieldsets = [
(lazy_gettext('User info'), {
'fields': ['username', 'active', 'roles', 'login_count']
}),
(lazy_gettext('Personal Info'), {
'fields': ['first_name', 'last_name', 'email'],
'expanded': True
}),
(lazy_gettext('Audit Info'), {
'fields': [
'last_login', 'fail_login_count', 'created_on', 'created_by',
'changed_on', 'changed_by'
],
'expanded':
False
}),
]
user_show_fieldsets = [
(lazy_gettext('User info'), {
'fields': ['username', 'active', 'roles', 'login_count']
}),
(lazy_gettext('Personal Info'), {
'fields': ['first_name', 'last_name', 'email'],
'expanded': True
}),
]
search_exclude_columns = ['password']
add_columns = [
'first_name', 'last_name', 'username', 'active', 'email', 'roles'
]
edit_columns = [
'first_name', 'last_name', 'username', 'active', 'email', 'roles'
]
user_info_title = lazy_gettext("Your user information")
@expose('/userinfo/')
@has_access
def userinfo(self):
widgets = self._get_show_widget(
g.user.id, show_fieldsets=self.user_show_fieldsets)
self.update_redirect()
return self.render_template(self.show_template,
title=self.user_info_title,
widgets=widgets,
appbuilder=self.appbuilder)
LOGMSG_ERR_DBI_EDIT_GENERIC = "Edit record error: {0}"
""" Database edit generic error, format with err message """
LOGMSG_ERR_DBI_DEL_GENERIC = "Delete record error: {0}"
""" Database delete generic error, format with err message """
LOGMSG_WAR_DBI_AVG_ZERODIV = "Zero division on aggregate_avg"
LOGMSG_WAR_FAB_VIEW_EXISTS = "View already exists {0} ignoring"
""" Attempt to add an already added view, format with view name """
LOGMSG_WAR_DBI_ADD_INTEGRITY = "Add record integrity error: {0}"
""" Dabase integrity error, format with err message """
LOGMSG_WAR_DBI_EDIT_INTEGRITY = "Edit record integrity error: {0}"
""" Dabase integrity error, format with err message """
LOGMSG_WAR_DBI_DEL_INTEGRITY = "Delete record integrity error: {0}"
""" Dabase integrity error, format with err message """
LOGMSG_INF_FAB_ADD_VIEW = "Registering class {0} on menu {1}"
""" Inform that view class was added, format with class name, name"""
FLAMSG_ERR_SEC_ACCESS_DENIED = lazy_gettext("Access is Denied")
""" Access denied flash message """
PERMISSION_PREFIX = 'can_'
""" Prefix to be concatenated to permission names, and inserted in the backend """
AUTH_OID = 0
AUTH_DB = 1
AUTH_LDAP = 2
AUTH_REMOTE_USER = 3
AUTH_OAUTH = 4
""" Constants for supported authentication types """
class LoginForm_db(DynamicForm):
username = StringField(lazy_gettext('User Name'),
validators=[DataRequired()])
password = PasswordField(lazy_gettext('Password'),
validators=[DataRequired()])
