Пример #1
0
def login(request):
    
    user = request.context.user
    userIsAdmin = 'admins' in getUser(request.authenticated_userid).getGroupList()
    print "userIsAdmin:", userIsAdmin
    id = user.id
    if 'form.submitted' in request.params:
        print request.params
        user.fullname = request.params['fullname']
        user.email = request.params['email']
        if 'changepw' in request.params:
            user.password = bcrypt.hashpw(request.params['password'].strip().encode('ascii', 'ignore'), bcrypt.gensalt())
        if ('admins' in getUser(request.authenticated_userid).getGroupList()):
            user.username = request.params['username']
            user.groups = request.params['groups']
        DBSession.add(user)
        if (user.id is None):
            user = DBSession.query(User).filter_by(id = request.params['username']).first()
        else:
            user = DBSession.query(User).filter_by(id = id).first()

    rd = {'user': user, 'logged_in' : request.authenticated_userid}
    if (userIsAdmin == True):
        rd['userIsAdmin'] = 'yes'
    return rd
Пример #2
0
def main(global_config, **settings):
    """ This function returns a Pyramid WSGI application.
    """
    engine = engine_from_config(settings, 'sqlalchemy.')
    DBSession.configure(bind=engine)
    Base.metadata.bind = engine
    authentication_secret = settings['auth.secret']
    authn_policy = AuthTktAuthenticationPolicy(authentication_secret,
                                               callback=getGroups,
                                               hashalg='sha512')
    authz_policy = ACLAuthorizationPolicy()

    config = Configurator(settings=settings, root_factory=Root)
    config.set_authentication_policy(authn_policy)
    config.set_authorization_policy(authz_policy)
    config.add_request_method(getUserFromRequest, 'user', reify=True)
    config.include('pyramid_chameleon')
    config.include('pyramid_jinja2')
    config.add_static_view('static', 'static', cache_max_age=3600)
    config.add_route('login', '/login')
    config.add_route('home', '/')

    config.add_route('logout', '/logout')

    config.scan()
    Base.metadata.create_all()
    return config.make_wsgi_app()
Пример #3
0
def main(global_config, **settings):
    """ This function returns a Pyramid WSGI application.
    """
    engine = engine_from_config(settings, 'sqlalchemy.')
    DBSession.configure(bind=engine)
    Base.metadata.bind = engine
    authentication_secret = settings['auth.secret']
    authn_policy = AuthTktAuthenticationPolicy(authentication_secret, callback=getGroups, hashalg='sha512')
    authz_policy = ACLAuthorizationPolicy()

    config = Configurator(settings=settings, root_factory=Root)
    config.set_authentication_policy(authn_policy)
    config.set_authorization_policy(authz_policy)
    config.add_request_method(getUserFromRequest, 'user', reify=True)
    config.include('pyramid_chameleon')
    config.include('pyramid_jinja2')
    config.add_static_view('static', 'static', cache_max_age=3600)
    config.add_route('login', '/login')
    config.add_route('landing', '/')
    config.add_route('home', "/home")
    config.add_route('logout', '/logout')

    config.scan()
    Base.metadata.create_all()
    return config.make_wsgi_app()
Пример #4
0
def PostOrder(request):
    print "serving request context: ", request.context.__name__
    if (request.json_body is None):
        return NotFound()

    # we're doing the toal ourselves, don't trust the client
    currentTotal = 0
    ProcessErrorCode = 0

    currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
    temp_order = Order(getUser(request.authenticated_userid), currentTimeStamp,
                       0)

    for item in request.json_body['items']:
        saleitem = DBSession.query(SaleItem).filter_by(id=item['id']).first()
        if (saleitem is None):
            ProcessErrorCode = 5
            break
        else:
            item_count = int(item['count'])
            temp_order.orderLineItems.append(
                OrderLineItem(saleitem, item_count))
            currentTotal += int(item['count']) * saleitem.value

            if (saleitem.stockCount != -1):
                if (saleitem.stockCount - item_count < 0):
                    ProcessErrorCode = 1
                    break

                saleitem.stockCount = saleitem.stockCount - item_count

    if (ProcessErrorCode == 0):

        temp_order.orderTotal = currentTotal
        DBSession.add(temp_order)
        committedOrder = DBSession.query(Order).filter_by(
            commitDate=currentTimeStamp).one()
        print "committed transaction #", committedOrder.id
        return {
            'status':
            ProcessErrorCode,
            'redirect':
            request.application_url + '/app/orders/' + str(committedOrder.id)
        }

    else:
        print "Process error code: ", ProcessErrorCode
        return {'status': ProcessErrorCode}
Пример #5
0
def GetOrder(request):
    print "serving request context:", request.context.__name__
    order = DBSession.query(Order).filter_by(id = request.context.__name__).first()
    if (order is None):
        return NotFound("No matching order found!")
    else:
            return {'order': order, 'logged_in': request.authenticated_userid}
Пример #6
0
def GetOrder(request):
    print "serving request context:", request.context.__name__
    order = DBSession.query(Order).filter_by(
        id=request.context.__name__).first()
    if (order is None):
        return NotFound("No matching order found!")
    else:
        return {'order': order, 'logged_in': request.authenticated_userid}
Пример #7
0
def getUser(userid):
    print "userid is ", userid
    try:
        user = DBSession().query(User).filter_by(username = userid).first()
    except DBAPIError as err:
        print err
        print "Error connecting to the database!"
        return None
    if (user is None):
        print "Warning: NoneUser returned"
    return user
Пример #8
0
def authenticateUser(userid, password):
    print "authenticating user " + userid
    try:
        user = DBSession().query(User).filter_by(username = userid).first()
    except DBAPIError as err:
        print "Error connecting to the database!"
        print err
        return False
    if (user is None):
        return False
    return (bcrypt.hashpw(password.encode('ascii', 'ignore') ,user.password.encode('ascii', 'ignore')) == user.password)
Пример #9
0
def PostOrder(request):
    print "serving request context: ", request.context.__name__
    if (request.json_body is None):
        return NotFound()

    # we're doing the toal ourselves, don't trust the client
    currentTotal = 0
    ProcessErrorCode = 0

    currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
    temp_order = Order(getUser(request.authenticated_userid), currentTimeStamp, 0)

    for item in request.json_body['items']:
        saleitem = DBSession.query(SaleItem).filter_by(id = item['id']).first()
        if (saleitem is None):
            ProcessErrorCode = 5
            break
        else:
            item_count = int(item['count'])
            temp_order.orderLineItems.append(OrderLineItem(saleitem, item_count ))
            currentTotal += int(item['count']) * saleitem.value

            if (saleitem.stockCount != -1):
                if (saleitem.stockCount - item_count < 0):
                    ProcessErrorCode = 1
                    break

                saleitem.stockCount = saleitem.stockCount - item_count
        
    if (ProcessErrorCode  == 0):
        
        temp_order.orderTotal = currentTotal
        DBSession.add(temp_order)
        committedOrder = DBSession.query(Order).filter_by(commitDate=currentTimeStamp).one()
        print "committed transaction #", committedOrder.id
        return {'status': ProcessErrorCode, 'redirect': request.application_url + '/app/orders/' + str(committedOrder.id)}
    

    else:
        print "Process error code: ", ProcessErrorCode
        return {'status': ProcessErrorCode}
Пример #10
0
def PostProcOrder(request):
    print "serving request context: ", request.context.__name__
    print "request", request
    if (request.json_body is None):
        return NotFound()

    ProcessErrorCode = 0

    currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
    orderUser = getUser(request.json_body['fulfilledBy'])

    if (orderUser is None):
        ProcessErrorCode = 9
    # convert to cents format

    order_total = int(Decimal(request.json_body['orderTotal']) * 100)
    temp_order = ProcurementOrder(orderUser, order_total)

    for item in request.json_body['items']:
        saleitem = DBSession.query(SaleItem).filter_by(id=item['id']).first()
        if (saleitem is None):
            ProcessErrorCode = 5
            break
        else:
            item_count = int(item['count'])
            temp_order.LineItems.append(
                ProcurementOrderItem(saleitem, item_count))
            if (saleitem.stockCount != -1):
                saleitem.stockCount = saleitem.stockCount + item_count
        DBSession.add(saleitem)

    if (ProcessErrorCode == 0):
        temp_order.CommitDate = currentTimeStamp
        DBSession.add(temp_order)

        committedOrder = DBSession.query(ProcurementOrder).filter_by(
            CommitDate=currentTimeStamp).one()
        print "committed transaction #", committedOrder.id
        return {
            'status':
            ProcessErrorCode,
            'redirect':
            request.application_url + '/app/procurements/' +
            str(committedOrder.id)
        }

    else:
        print "Process error code: ", ProcessErrorCode
        return {'status': ProcessErrorCode}
Пример #11
0
def PostProcOrder(request):
    print "serving request context: ", request.context.__name__
    print "request", request
    if (request.json_body is None):
        return NotFound()

    ProcessErrorCode = 0

    currentTimeStamp = strftime("%Y-%m-%d %H:%M:%S")
    orderUser =getUser(request.json_body['fulfilledBy']) 
    
    if (orderUser is None):
        ProcessErrorCode = 9
    # convert to cents format

    order_total = int(Decimal(request.json_body['orderTotal']) * 100)
    temp_order = ProcurementOrder(orderUser, order_total)

    for item in request.json_body['items']:
        saleitem = DBSession.query(SaleItem).filter_by(id = item['id']).first()
        if (saleitem is None):
            ProcessErrorCode = 5
            break
        else:
            item_count = int(item['count'])
            temp_order.LineItems.append(ProcurementOrderItem(saleitem, item_count))
            if (saleitem.stockCount != -1):
                saleitem.stockCount = saleitem.stockCount + item_count; 
        DBSession.add(saleitem)
        

    if (ProcessErrorCode  == 0):
        temp_order.CommitDate = currentTimeStamp      
        DBSession.add(temp_order)

        committedOrder = DBSession.query(ProcurementOrder).filter_by(CommitDate=currentTimeStamp).one()
        print "committed transaction #", committedOrder.id
        return {'status': ProcessErrorCode,'redirect': request.application_url + '/app/procurements/' + str(committedOrder.id)}
    

    else:
        print "Process error code: ", ProcessErrorCode
        return {'status': ProcessErrorCode}