def export(self, **kw): try: current = dt.now() dateStr = current.strftime("%Y%m%d") fileDir = os.path.join(config.get("public_dir"), "report", 'inventory', dateStr) if not os.path.exists(fileDir): os.makedirs(fileDir) templatePath = os.path.join(config.get("public_dir"), 'TEMPLATE', "INVENTORY_TEMPLATE_AE.xlsx") if in_group('Buyer'): templatePath = os.path.join(config.get("public_dir"), 'TEMPLATE', "INVENTORY_TEMPLATE.xlsx") tempFileName = os.path.join(fileDir, "tmp_%s.xlsx" % current.strftime("%Y%m%d%H%M%S")) realFileName = os.path.join(fileDir, "report_%s.xlsx" % current.strftime("%Y%m%d%H%M%S")) shutil.copy(templatePath, tempFileName) report_xls = InventoryExcel(templatePath=tempFileName, destinationPath=realFileName) data = [] if kw: if in_group('Buyer'): data = self._query_buyer_result(kw) else: data = self._query_ae_result(kw) report_xls.inputData(data=data) report_xls.outputData() try: os.remove(tempFileName) except: pass return serveFile(unicode(realFileName)) except: traceback.print_exc() flash("Export Fail.") redirect("/inventory/report")
def is_admin(bquser=None): 'return whether current user has admin priveledges' if bquser: groups = bquser.get_groups() return any((g.group_name == 'admin' or g.group_name == 'admins') for g in groups) return in_group('admins').is_met( request.environ) or in_group('admin').is_met(request.environ)
def _query_result(self, kw): try: conditions = [] if kw.get("orderNO", False): conditions.append(OrderInfoHeader.orderNO == kw.get("orderNO", "")) if kw.get("orderDate", False): b_date = dt.strptime(kw.get("orderDate", '2009-12-1200:00:00') + "00:00:00", "%Y-%m-%d%H:%M:%S") conditions.append(OrderInfoHeader.orderDate >= b_date) if kw.get("vendorPO", False): conditions.append(OrderInfoHeader.vendorPO.op("ILIKE")("%%%s%%" % kw.get("vendorPO", "").strip())) if kw.get("item_no", False): item = DBSession.query(Item)\ .filter(Item.item_number == kw.get("item_no", "").strip())\ .first() dtlHeaderIDs = DBSession.query(OrderInfoDetail.headerID).filter(OrderInfoDetail.itemID == item.id).all() conditions.append(OrderInfoHeader.id.in_([id[0] for id in dtlHeaderIDs])) if len(conditions): order = DBSession.query(OrderInfoHeader).filter(OrderInfoHeader.status != 0) for condition in conditions: order = order.filter(condition) if in_group("AE") or in_group("Admin"): result = order.order_by(desc(OrderInfoHeader.orderDate)).all() else: result = order.filter(OrderInfoHeader.issuedBy == request.identity['user'])\ .order_by(desc(OrderInfoHeader.orderDate)).all() else: if in_group("AE") or in_group("Admin"): result=DBSession.query(OrderInfoHeader)\ .filter(OrderInfoHeader.status != 0)\ .order_by(desc(OrderInfoHeader.orderDate))\ .all() else: result=DBSession.query(OrderInfoHeader)\ .filter(OrderInfoHeader.status != 0)\ .filter(OrderInfoHeader.issuedBy == request.identity['user'])\ .order_by(desc(OrderInfoHeader.orderDate))\ .all() return result except: traceback.print_exc()
def protect_obj_modify(protected_obj=None): p = protected_obj if p: if not Any(is_user(p.user.user_name), has_permission('dmirr_admin'), in_group(p.group.group_name)): raise NotAuthorizedError
def protect_product_release_obj(protected_obj=None): p = protected_obj if p: if not Any(is_user(p.product.project.user.user_name), has_permission('dmirr_admin'), in_group(p.product.project.group.group_name)): raise NotAuthorizedError
def search(self,id=None,page=1): identity = request.environ.get('repoze.who.identity') c.menu_items = h.top_menu(self.menu_items,_('Shop online')) action = request.params.getone('action') values = dict(request.params) del values['action'] if is_met(in_group('customer')): schema = InvoiceSearchCustomer() try: result = schema.to_python(dict(request.params), c) except Invalid, e: html = render('/derived/invoice/customer/index.html') return htmlfill.render(html, defaults=values, errors=variabledecode.variable_encode( e.unpack_errors() or {}, add_repetitions=False )) querystr = "Session.query(Invoice).filter_by(deleted=False).join(Invoice.customer).filter(User.user_name == '%s')"%identity['user'].user_name products = result['contains_product'] if products : querystr += ".join(Invoice.invoice_items).join(Invoice_item.product)" if len(products)>1: querystr += ".filter(and_(" for item in products: querystr += "," querystr += "Product.name.like('%%%s%%')"%item querystr += "))" else: querystr += ".filter(Product.name.like('%%%s%%'))"%products[0]
def application(environ, start_response): req = Request(environ) resp = Response() resp.content_type = 'text/plain' resp.body = 'anonymous' if req.path_info == '/auth' and not environ.get('repoze.what.credentials'): return exc.HTTPUnauthorized()(environ, start_response) if req.path_info == '/secure': ident = environ.get('repoze.who.identity', {}) body = 'repoze.who.identity = {\n' for k, v in ident.items(): if k.lower() != 'password': body += ' %r: %r,\n' % (k, v) body += '}\n\n' cred = environ.get('repoze.what.credentials', {}) body += 'repoze.what.credentials = {\n' for k, v in cred.items(): body += ' %r: %r,\n' % (k, v) body += '}\n\n' for group in ('svn', 'bureau', 'other'): body += 'in_group(%r) == %s\n' % (group, in_group(group).is_met(environ)) for perm in ('read', 'write'): body += 'has_permision(%r) == %s\n' % ( perm, has_permission(perm).is_met(environ)) resp.body = body return resp(environ, start_response)
def evaluate(self, environ, credentials): if hasattr(tmpl_context, 'user') and hasattr(tmpl_context, 'project'): userid = credentials.get('repoze.what.userid') if tmpl_context.user in tmpl_context.project.admins: return elif in_group('administrators'): return self.unmet()
class SecurePanel(WSGIController): """Mock Pylons secure controller""" def index(self): return 'you are in the panel' @ActionProtector(in_group('developers')) def commit(self): return 'you can commit'
def index(self, mb=None, id=None, folder='INBOX', to=None, busy=None, unavail=None, greet=None): ''' List messages ''' log.debug('mb=%s, id=%s, folder=%s, to=%s, busy=%s, unavail=%s, greet=%s' % ( mb, id, folder, to, busy, unavail, greet)) grid = MyJqGrid( id='grid', url='fetch', caption=u"%s" % folders[folder], sortname='id', sortorder='asc', colNames = [u'Action', u'Extension', u'Message', u'De', u'Date', u'Ecoute' ], colModel = [ { 'width': 60, 'align': 'center', 'sortable': False }, { 'name': 'mb', 'width': 60 }, { 'name': 'id', 'width': 60 }, { 'name': 'callerid', 'width': 100 }, { 'name': 'origdate', 'width': 100 }, { 'width': 60, 'align': 'center', 'sortable': False }, ], navbuttons_options = {'view': False, 'edit': False, 'add': False, 'del': False, 'search': False, 'refresh': True}, postData = {'folder': folder}, ) tmpl_context.grid = grid tmpl_context.form2 = None if in_group('admin') else \ TableForm( 'messages_form', name = 'messages_form', fields = [ Label(text = u'Nouveaux messages personnalisés :'), FileField('greet', validator=FieldStorageUploadConverter(not_empty=False), label_text=u'Nom', # help_text=u'Fichier au format WAV' ), FileField('unavail', validator=FieldStorageUploadConverter(not_empty=False), label_text=u'Indisponible', # help_text=u'Fichier au format WAV' ), FileField('busy', validator=FieldStorageUploadConverter(not_empty=False), label_text=u'Occupé', # help_text=u'Fichier au format WAV' ), ], submit_text = u'Valider...', action = 'custom_messages', # hover_help = True ) tmpl_context.form = folder_form return dict( title=u"Messages vocaux", debug='', values={'folder': folder}, values2={'greet': 'Mon nom', 'unavail': 'Indisponible', 'busy': 'Occupé'})
def query_silences(self): """ Retourne une requête SQLAlchemy interrogeant la table des mises en silence """ # Si l'utilisateur fait partie du groupe 'managers', on récupère la # liste de tous les supitems de la base de données if in_group('managers').is_met(request.environ): lls_query = DBSession.query( LowLevelService.idservice.label('idsupitem'), LowLevelService.servicename.label("servicename"), Host.name.label('hostname') ).join((Host, Host.idhost == LowLevelService.idhost)) host_query = DBSession.query( Host.idhost.label('idsupitem'), "NULL", Host.name.label('hostname') ) supitems = lls_query.union(host_query).subquery() # Sinon on ne récupère que les supitems auxquels l'utilisateurs a accès else: user_name = request.identity['repoze.who.userid'] supitems = DBSession.query( UserSupItem.idsupitem.label('idsupitem'), UserSupItem.servicename.label("servicename"), UserSupItem.hostname.label('hostname') ).filter( UserSupItem.username == user_name ).distinct().subquery() # On interroge la base pour avoir la liste des règles de mise en silence # correspondant à ces supitems. states = DBSession.query( StateName.statename, SILENCE_STATE_TABLE.c.idsilence, ).join((SILENCE_STATE_TABLE, StateName.idstatename == SILENCE_STATE_TABLE.c.idstate) ).order_by(StateName.statename ).subquery() states = DBSession.query( states.c.idsilence, group_concat(states.c.statename, ', ').label('states'), ).group_by(states.c.idsilence ).subquery() silences = DBSession.query( Silence, supitems.c.hostname, supitems.c.servicename, states.c.states ).join((supitems, supitems.c.idsupitem == Silence.idsupitem) ).join((states, states.c.idsilence == Silence.idsilence)) return silences
class SecurePanel(TGController): """Mock TG2 secure controller""" @expose() def index(self): return 'you are in the panel' @expose() @ActionProtector(in_group('developers')) def commit(self): return 'you can commit'
def update(self): ftype = request.params.get('type',False) if ftype == 'selected': pass else: if is_met(has_permission(u'edit_invoice')): return self._admin_update(request) elif is_met(in_group('customer')): h.flash(_('You can only delete an unconfirmed invoices. If you want to change anything in a shipping order contact us by phone')) return redirect(controller='invoice',action='index')
class BasicPylonsController(WSGIController): """Mock Pylons controller""" sub1 = SubController1() panel = SecurePanel() def index(self, **kwargs): return 'hello world' @ActionProtector(in_group('admins')) def admin(self, *args, **kwargs): return 'got to admin' def troll_detected(reason): # Let's ignore the reason return 'Trolls are banned' @ActionProtector(All(not_anonymous(), Not(is_user('sballmer'))), denial_handler=troll_detected) def leave_comment(self): return 'Comment accepted' @special_require(not_anonymous()) def logout(self): return 'You have been logged out' @special_require(All(not_anonymous(), Not(is_user('sballmer'))), denial_handler=troll_detected) def start_thread(self): return 'You have started a thread' @ActionProtector(Not(not_anonymous())) def get_parameter(self, something): # Checking that parameters are received return 'Parameter received: %s' % something def boolean_predicate(self): p = not_anonymous() return 'The predicate is %s' % bool(p) def is_met_util(self): if is_met(not_anonymous()): return 'You are not anonymous' return 'You are anonymous' def not_met_util(self): if not_met(not_anonymous()): return 'You are anonymous' return 'You are not anonymous'
def application(environ, start_response): req = Request(environ) resp = Response() resp.content_type = 'text/plain' resp.body = 'anonymous' if req.path_info == '/secure': body = '' cred = environ.get('repoze.what.credentials', {}) for k, v in cred.items(): body += '%s: %s\n' % (k, v) for group in ('admin', 'others'): body += 'in_group(%r): %s\n' % (group, in_group(group).is_met(environ)) for perm in ('read', 'write'): body += 'has_permision(%r): %s\n' % (perm, has_permission(perm).is_met(environ)) resp.body = body return resp(environ, start_response)
def application(environ, start_response): req = Request(environ) resp = Response() resp.content_type = 'text/plain' resp.body = 'anonymous' if req.path_info == '/secure': body = '' cred = environ.get('repoze.what.credentials', {}) for k, v in cred.items(): body += '%s: %s\n' % (k, v) for group in ('admin', 'others'): body += 'in_group(%r): %s\n' % (group, in_group(group).is_met(environ)) for perm in ('read', 'write'): body += 'has_permision(%r): %s\n' % ( perm, has_permission(perm).is_met(environ)) resp.body = body return resp(environ, start_response)
class RootController(BaseController): def index(self): return render('index.mako') @ActionProtector(is_user('test')) def user(self): return render('loggedin.mako') @ActionProtector(is_user('nottest')) def notuser(self): return render('loggedin.mako') @ActionProtector(in_group('admin')) def admin(self): return render('loggedin.mako') @ActionProtector(has_permission('edit')) def edit(self): return render('loggedin.mako')
def index(self,id=None,page=1): identity = request.environ.get('repoze.who.identity') c.menu_items = h.top_menu(self.menu_items,_('Shop online')) if is_met(in_group('customer')): if session.has_key('invoice_querystr'): invoices2 = eval(session['invoice_querystr']+".order_by(desc(Invoice.date_time))") #invoices = Session.query(Invoice).filter_by(customer=identity['user']).filter_by(deleted=False).order_by(Invoice.date_time) c.paginator = paginate.Page(invoices2, page=int(request.params.get('page',page)), items_per_page=10) html = render('/derived/invoice/customer/index.html') return htmlfill.render(html, defaults=session['invoice_search_values'], errors={}) else: invoices = Session.query(Invoice).filter_by(customer=identity['user']).filter_by(deleted=False).order_by(desc(Invoice.date_time)) c.paginator = paginate.Page(invoices, page=int(request.params.get('page',page)), items_per_page=10) return render('/derived/invoice/customer/index.html') else: h.flash(_('Please take a few moments to %s\n')%(h.link_to(_("register"),url(controller="user", action="new")))) return redirect(url(controller='home',action='index'))
def tocancel(self, **kw): headerID = kw.get('headerID') reHeader = getOr404(ReceiveItemHeader, headerID) twenty_minutes = timedelta(minutes=20) if dt.now() > reHeader.createTime + twenty_minutes and not in_group('Admin'): flash("More than twenty minutes, So can not cancel!", "warn") redirect('/receive/view?recid=%s' % headerID) try: reHeader.active = 1 reHeader.remark += ' Cancel' reHeader.lastModifyTime = dt.now() reHeader.lastModifyBy = request.identity["user"] DBSession.query(ReceiveItem).filter(and_(ReceiveItem.headerID == reHeader.id, ReceiveItem.active == 0)).update({ReceiveItem.active: 1, ReceiveItem.lastModifyTime: dt.now(), ReceiveItem.lastModifyById: request.identity["user"].user_id}) except: transaction.doom() traceback.print_exc() flash("The service is not avaiable now!", "warn") redirect('/receive/view?recid=%s' % headerID) else: flash("Cancel successfully!") redirect('/receive/index')
class RolesController(BaseController): allow_only = authorize.not_anonymous() @expose('sapns/roles/users.html') @require(p.in_group(u'managers')) @add_language def users(self, id_role, **kw): logger = logging.getLogger('RolesController.roles') try: role = dbs.query(SapnsRole).get(int(id_role)) users = [] for u in dbs.query(SapnsUser): has_role = dbs.query(SapnsUserRole).\ filter(and_(SapnsUserRole.role_id == role.group_id, SapnsUserRole.user_id == u.user_id, )).\ first() users.append( dict( id=u.user_id, name=u.user_name, selected=has_role != None, )) return dict(page='Role users', came_from=kw.get('came_from'), role=dict(id=role.group_id, name=role.group_name), users=users) except Exception, e: logger.error(e)
row_id=i, who=user.user_id, what=_('delete'), ) dbs.flush() # success! return dict(status=True) except Exception, e: logger.error(e) return dict(status=False, message=str(e), rel_tables=rel_tables) @expose('sapns/order/insert.html') @require(p.in_group(u'managers')) @add_language def ins_order(self, cls, came_from='/'): user = dbs.query(SapnsUser).get(request.identity['user'].user_id) # check privilege on this class if not user.has_privilege(cls): redirect( url('/message', params=dict(message=_( 'Sorry, you do not have privilege on this class'), came_from=came_from))) class_ = SapnsClass.by_name(cls)
def is_admin(self): return in_group('admins').is_met(self.environ)
class AdminController(ServiceController): """ The admin controller is a central point for adminstrative tasks such as monitoring, data, user management, etc. """ service_type = "admin" allow_only = Any(in_group("admin"), in_group('admins')) #allow_only = is_user('admin') #admin = BisqueAdminController([User, Group], DBSession) @expose("bq.admin_service.templates.manager") def manager(self): return dict() @expose(content_type='text/xml') def _default(self, *arg, **kw): """ Returns some command information """ log.info('admin/index') index_xml = etree.Element('resource', uri=str(request.url)) users_xml = etree.SubElement(index_xml, 'command', name='user', value='Lists all the users') users_xml = etree.SubElement(index_xml, 'command', name='user/RESOURCE_UNIQ', value='Lists the particular user') users_xml = etree.SubElement(index_xml, 'command', name='user/RESOURCE_UNIQ/login', value='Log in as user') etree.SubElement(index_xml, 'command', name='notify_users', value='sends message to all users') etree.SubElement(index_xml, 'command', name='message_variables', value='returns available message variables') return etree.tostring(index_xml) @expose(content_type='text/xml') def notify_users(self, *arg, **kw): """ Sends message to all system users """ log.info("notify_users") if request.method.upper() == 'POST' and request.body is not None: try: resource = etree.fromstring(request.body) message = resource.find('tag[@name="message"]').get('value') userlist = resource.find('tag[@name="users"]').get('value') self.do_notify_users(userlist, message) return '<resource type="message" value="sent" />' except Exception: log.exception("processing message") return abort(400, 'Malformed request document') abort(400, 'The request must contain message body') @expose(content_type='text/xml') def message_variables(self, **kw): """ Sends message to all system users """ log.info("message_variables") variables = self.get_variables() resp = etree.Element('resource', name='message_variables') for n, v in variables.iteritems(): etree.SubElement(resp, 'tag', name=n, value=v) return etree.tostring(resp) def add_admin_info2node(self, user_node, view=None): """ adds email and password tags and remove the email value """ if view and 'short' not in view: tg_user = User.by_user_name(user_node.get('name')) email = user_node.attrib.get('value', '') etree.SubElement(user_node, 'tag', name='email', value=email) if tg_user is None: log.error("No tg_user was found for %s", user_node.get('name')) else: if 'password' in view: password = tg_user.password else: password = '******' etree.SubElement(user_node, 'tag', name='password', value=password) etree.SubElement(user_node, 'tag', name="groups", value=",".join(g.group_name for g in tg_user.groups if tg_user)) etree.SubElement(user_node, 'tag', name='user_name', value=tg_user.user_name) #try to remove value from user node user_node.attrib.pop('value', None) return user_node #@expose(content_type='text/json') @expose() def loggers(self, *arg, **kw): """ Set logging level dynamically post /admin/loggers """ view = kw.pop('view', 'short') fmt = kw.pop('format', 'xml') #filter = kw.pop ('filter', 'bq.') if fmt == 'json': response.headers['Content-Type'] = 'text/json' elif fmt == 'xml': response.headers['Content-Type'] = 'text/xml' if request.method == 'GET': loggers = [ { 'name': ln, 'level': logging.getLevelName(lv.level) } for ln, lv in logging.Logger.manager.loggerDict.items() if hasattr(lv, 'level') #and lv.level != logging.NOTSET ] # filter and sort loggers loggers.sort(key=lambda x: x['name']) if fmt == 'json': return json.dumps(loggers) elif fmt == 'xml': xml = etree.Element('resource', name='loggers', uri='/admin/loggers') for l in loggers: etree.SubElement(xml, 'logger', name=l.get('name'), value=l.get('level')) return etree.tostring(xml) elif request.method in ('POST', 'PUT'): if request.headers['Content-Type'] == 'text/json': loggers = json.loads(request.body) else: xml = etree.fromstring(request.body) loggers = [{ 'name': l.get('name'), 'level': l.get('value') } for l in xml.xpath('logger')] for l in loggers: ln = l.get('name') lv = l.get('level') log.debug("Changing log level of %s to %s", ln, lv) lg = logging.getLogger(ln) lg.setLevel(lv) return "" @expose() def logs(self, *arg, **kw): """ get /admin/logs/config or /admin/logs - log config, this will return a local or a remote url get /admin/logs/read - read local log lines, by default 1000 last lines get /admin/logs/read/172444095 - read local log lines starting from a given time stamp """ # TODO dima: add timestamp based read #log.info ("STARTING table (%s): %s", datetime.now().isoformat(), request.url) path = request.path_qs.split('/') path = [unquote(p) for p in path if len(p) > 0] operation = path[2] if len(path) > 2 else '' log_url = config.get('bisque.logger') if operation == 'config' or operation == '': # dima: here we have to identify what kind of logs we are using if log_url is not None: log_url = urlutil.urljoin(request.url, log_url) xml = etree.Element('log', name='log', uri=log_url, type='remote') else: xml = etree.Element('log', name='log', uri='/admin/logs/read', type='local') response.headers['Content-Type'] = 'text/xml' return etree.tostring(xml) elif operation == 'read': # dima, this will only work for local logger if log_url is not None: redirect(log_url) try: fn = logging.getLoggerClass().root.handlers[0].stream.filename logs = tail(fn, 1000) response.headers['Content-Type'] = 'text/plain' return ''.join(logs) except Exception: abort(500, 'Error while reading the log') abort(400, 'not a supported operation') @expose(content_type='text/xml') def cache(self, *arg, **kw): """ Deletes system cache DELETE cache """ if request.method == 'DELETE': return self.clearcache() return '<resource/>' @expose(content_type='text/xml') def user(self, *arg, **kw): """ Main user expose Merges the shadow user with the normal user for admins easy access to the password columns GET user: returns list of all users in xml info see get_all_users for format GET user/uniq: returns user in xml info see get_user for format GET user/uniq/login: logins in the admin as the user resource provided POST user: creates new user, see post_user for format PUT user/uniq: update info on user see put_user for format DELETE user/uniq: deletes user, see delete user for format DELETE user/uniq/image Deletes only the users image data and not the user itself """ http_method = request.method.upper() if len(arg) == 1: if http_method == 'GET': return self.get_user(arg[0], **kw) elif http_method == 'PUT': if request.body: return self.put_user(arg[0], request.body, **kw) elif request.method == 'DELETE': return self.delete_user(arg[0]) else: abort(400) elif len(arg) == 2: if arg[1] == 'login': if http_method == 'GET': return self.loginasuser(arg[0]) elif arg[1] == 'image': if http_method == 'DELETE': uniq = arg[0] bquser = data_service.resource_load(uniq=uniq) #bquser = DBSession.query(BQUser).filter(BQUser.resource_uniq == uniq).first() if bquser: self.deleteimages(bquser.get('name'), will_redirect=False) return '<resource name="delete_images" value="Successful">' else: abort(404) else: if http_method == 'GET': return self.get_all_users(*arg, **kw) elif http_method == 'POST': if request.body: return self.post_user(request.body, **kw) abort(400) def get_all_users(self, *arg, **kw): """ Returns a list of all users in xml with password and diplay name. (Note: may be removed in version 0.6 due to redundant functionality of data_service) Limited command support, does not have view=deep,clean.. document format: <resource> <user name="user" owner="/data_service/00-aYnhJQA5BJVm4GDpuexc2G" permission="published" resource_uniq="00-aYnhJQA5BJVm4GDpuexc2G" ts="2015-01-30T02:23:18.414000" uri="admin/user/00-aYnhJQA5BJVm4GDpuexc2G"> <tag name="email" value="*****@*****.**"/> <tag name="display_name" value="user"/> </user> <user>... </resource> """ kw['wpublic'] = 1 users = data_service.query(resource_type='user', **kw) view = kw.pop('view', None) resource = etree.Element('resource', uri=str(request.url)) for u in users: user = self.add_admin_info2node(u, view) resource.append(user) return etree.tostring(resource) def get_user(self, uniq, **kw): """ Returns requested user in xml with password and diplay name. (Note: may be removed in version 0.6 due to redundant functionality of data_service) document format: <user name="user" owner="/data_service/00-aYnhJQA5BJVm4GDpuexc2G" permission="published" resource_uniq="00-aYnhJQA5BJVm4GDpuexc2G" ts="2015-01-30T02:23:18.414000" uri="/data_service/00-aYnhJQA5BJVm4GDpuexc2G"> <tag name="email" value="*****@*****.**"/> <tag name="display_name" value="user"/> <tag name="password" value="******"/> //everything will be served in plan text no password will be returned ... </user> """ view = kw.pop('view', 'short') user = data_service.resource_load(uniq, view=view) if user is not None and user.tag == 'user': user = self.add_admin_info2node(user, view) return etree.tostring(user) else: abort(403) def _update_groups(self, tg_user, groups): """ @param tg_user : a tg User @param a list of group names """ tg_user.groups = [] for grp_name in groups: if not grp_name: continue grp = DBSession.query(Group).filter_by(group_name=grp_name).first() if grp is None: log.error("Unknown group %s used ", grp_name) continue tg_user.groups.append(grp) log.debug("updated groups %s", tg_user.groups) def post_user(self, doc, **kw): """ Creates new user with tags, the owner of the tags is assigned to the user document format: <user name="user"> <tag name="password" value="12345"/> <tag name="email" value="*****@*****.**"/> <tag name="display_name" value="user"/> </user> """ userxml = etree.fromstring(doc) required_tags = ['user_name', 'password', 'email', 'display_name'] tags = {} if userxml.tag == 'user': user_name = userxml.attrib['name'] if user_name: tags['user_name'] = user_name for t in userxml.xpath('tag'): tags[t.get('name')] = t.get('value') #if (t.attrib['name']=='password') or (t.attrib['name']=='email'): if t.get('name') in REMOVE_TAGS: t.getparent().remove(t) #removes email and password if t.attrib['name'] == 'email': userxml.attrib['value'] = t.attrib[ 'value'] #set it as value of the user if all(k in tags for k in required_tags): log.debug("ADMIN: Adding user: %s", str(user_name)) u = User(user_name=tags['user_name'], password=tags['password'], email_address=tags['email'], display_name=tags['display_name']) DBSession.add(u) self._update_groups(u, tags.get('groups', '').split(',')) try: transaction.commit() except IntegrityError: abort( 405, 'Another user already has this user name or email address' ) #r = BQUser.query.filter(BQUser.resource_name == tags['user_name']).first() r = data_service.query(resource_type='user', name=tags['user_name'], wpublic=1) if len(r) > 0: admin = get_username() #get admin user set_current_user( tags['user_name'] ) #change document as user so that all changes are owned by the new user r = data_service.update_resource( '/data_service/%s' % r[0].attrib.get('resource_uniq'), new_resource=userxml) set_current_user(admin) #set back to admin user return self.get_user( '%s' % r.attrib.get('resource_uniq'), **kw) else: abort(400) abort(400) def put_user(self, uniq, doc, **kw): """ update user @param: uniq - resource uniq for the user @param: doc - document in the format shown below document format: <user name="user" resource_uniq="00-1235218954"> <tag name="password" value="12345"/> or <tag name="password" value="******"/> <tag name="email" value="*****@*****.**"/> <tag name="display_name" value="user"/> </user> """ userxml = etree.fromstring(doc) required_tags = ['user_name', 'password', 'email', 'display_name'] tags = {} if userxml.tag == 'user': user_name = userxml.attrib.get('name') if user_name: #tags['user_name'] = user_name for t in userxml.xpath('tag'): tags[t.get('name')] = t.get('value') #if t.attrib['name'] == 'password' or t.attrib['name']=='email': if t.get('name') in REMOVE_TAGS: t.getparent().remove(t) #removes email and password if t.attrib['name'] == 'email': userxml.attrib['value'] = t.attrib.get( 'value') #set it as value of the user if all(k in tags for k in required_tags ): #checks to see if all required tags are present #update tg_user #tg_user = DBSession.query(User).filter(User.user_name == tags.get('user_name')).first() #tg_user = User.by_user_name(tags.get('user_name')) tg_user = User.by_user_name(user_name) if not tg_user: log.debug( 'No user was found with name of %s. Please check core tables?', user_name) abort(404) #reset values on tg user tg_user.email_address = tags.get("email", tg_user.email_address) if tags['password'] and tags['password'].count('*') != len( tags['password'] ): #no password and ***.. not allowed passwords tg_user.password = tags.get( "password", tg_user.password ) #just set it as itself if nothing is provided #else: # tags.pop("password", None) #remove the invalid password tg_user.display_name = tags.get("display_name", tg_user.display_name) self._update_groups(tg_user, tags.get('groups', '').split(',')) if tags.get('user_name') != user_name: tg_user.user_name = tags.get('user_name') userxml.set('name', tags['user_name']) #del tags['user_name'] log.debug("ADMIN: Updated user: %s", str(user_name)) transaction.commit() ### ALL loaded variables are detached #userxml.attrib['resource_uniq'] = r.attrib['resource_uniq'] #reset BQUser admin = get_username() #get admin user set_current_user( tags['user_name'] ) #change document as user so that all changes are owned by the new user r = data_service.update_resource(resource=userxml, new_resource=userxml, replace=True) log.debug("Sent XML %s", etree.tostring(userxml)) set_current_user(admin) #set back to admin user #DBSession.flush() return self.get_user(r.attrib['resource_uniq'], **kw) abort(400) def delete_user(self, uniq): """ Deletes user @param uniq - resource uniq for the user """ # Remove the user from the system for most purposes, but # leave the id for statistics purposes. bquser = DBSession.query(BQUser).filter( BQUser.resource_uniq == uniq).first() if bquser: log.debug("ADMIN: Deleting user: %s", str(bquser)) user = DBSession.query(User).filter( User.user_name == bquser.resource_name).first() log.debug("Renaming internal user %s", str(user)) if user: DBSession.delete(user) # delete the access permission for p in DBSession.query(TaggableAcl).filter_by( user_id=bquser.id): log.debug("KILL ACL %s", str(p)) DBSession.delete(p) self.deleteimages(bquser.resource_name, will_redirect=False) #DBSession.delete(bquser) #transaction.commit() data_service.del_resource(bquser) return '<resource>Delete User</resource>' abort(400) def deleteimage(self, imageid=None, **kw): log.debug("image: %s ", str(imageid)) image = DBSession.query(Image).filter(Image.id == imageid).first() DBSession.delete(image) transaction.commit() redirect(request.headers.get("Referer", "/")) def deleteuser(self, username=None, **kw): #DBSession.autoflush = False # Remove the user from the system for most purposes, but # leave the id for statistics purposes. user = DBSession.query(User).filter(User.user_name == username).first() log.debug("Renaming internal user %s", str(user)) if user: DBSession.delete(user) #user.display_name = ("(R)" + user.display_name)[:255] #user.user_name = ("(R)" + user.user_name)[:255] #user.email_address = ("(R)" + user.email_address)[:16] user = DBSession.query(BQUser).filter( BQUser.resource_name == username).first() log.debug("ADMIN: Deleting user: %s", str(user)) # delete the access permission for p in DBSession.query(TaggableAcl).filter_by(user_id=user.id): log.debug("KILL ACL %s", str(p)) DBSession.delete(p) #DBSession.flush() self.deleteimages(username, will_redirect=False) DBSession.delete(user) transaction.commit() redirect('/admin/users') def deleteimages(self, username=None, will_redirect=True, **kw): user = DBSession.query(BQUser).filter( BQUser.resource_name == username).first() log.debug("ADMIN: Deleting all images of: %s", str(user)) images = DBSession.query(Image).filter(Image.owner_id == user.id).all() for i in images: log.debug("ADMIN: Deleting image: %s", str(i)) DBSession.delete(i) if will_redirect: transaction.commit() redirect('/admin/users') return dict() def loginasuser(self, uniq): log.debug('forcing login as user') user = DBSession.query(BQUser).filter( BQUser.resource_uniq == uniq).first() if user: response.headers = request.environ['repoze.who.plugins'][ 'friendlyform'].remember(request.environ, {'repoze.who.userid': user.name}) redirect("/client_service") else: abort(404) def clearcache(self): log.info("CLEARING CACHE") def clearfiles(folder): for the_file in os.listdir(folder): file_path = os.path.join(folder, the_file) try: if os.path.isfile(file_path): os.unlink(file_path) except OSError as e: log.debug("unlinking failed: %s", file_path) except Exception as e: log.exception('while removing %s' % file_path) server_cache = data_path('server_cache') clearfiles(server_cache) log.info("CLEARED CACHE") return '<resource name="cache_clear" value="finished">' def get_variables(self): #bisque_root = config.get ('bisque.root') bisque_root = request.application_url bisque_organization = config.get('bisque.organization', 'BisQue') bisque_email = config.get('bisque.admin_email', 'info@bisque') variables = { 'service_name': bisque_organization, 'service_url': '<a href="%s">%s</a>' % (bisque_root, bisque_organization), 'user_name': 'username', 'email': 'user@email', 'display_name': 'First Last', 'bisque_email': bisque_email, } return variables def do_notify_users(self, userlist, message): log.debug(message) variables = self.get_variables() #for users users = data_service.query(resource_type='user', wpublic='true', view='full') for u in users: variables['user_name'] = u.get('name') variables['email'] = u.get('value') variables['display_name'] = u.find( 'tag[@name="display_name"]').get('value') if variables['email'] not in userlist: continue msg = copy.deepcopy(message) msg = string.Template(msg).safe_substitute(variables) #for v,t in variables.iteritems(): # msg = msg.replace('$%s'%v, t) # send log.info('Sending message to: %s', variables['email']) log.info('Message:\n%s', msg) try: notify_service.send_mail( variables['bisque_email'], variables['email'], 'Notification from %s service' % variables['service_name'], msg, ) except Exception: log.exception("Mail not sent") @expose(content_type='text/xml') def group(self, *args, **kw): """ GET /admin/group: returns list of all groups <resource> <group name="a" /> <group ... /> </resource> POST /admin/group: creates new group, <group name="new_group" /> or <resource> <group ..> <group ../> </resource> shortcut: POST /group/new_group with no body PUT /admin/group : same as POST DELETE /admin/group/group_name : delete the group """ log.debug("GROUP %s %s", args, kw) reqformat = kw.pop('format', None) http_method = request.method.upper() if http_method == 'GET': resource = self.get_groups(*args, **kw) elif http_method == 'DELETE': resource = self.delete_group(*args, **kw) elif http_method in ('PUT', 'POST'): resource = self.new_group(*args, **kw) else: abort(400, "bad request") accept_header = request.headers.get('accept') formatter, content_type = find_formatter(reqformat, accept_header) response.headers['Content-Type'] = content_type return formatter(resource) def get_groups(self, *args, **kw): resource = etree.Element('resource') for group in DBSession.query(Group): etree.SubElement(resource, 'group', name=group.group_name) return resource def delete_group(self, *args, **kw): if len(args): group_name = args[0] else: content_type = request.headers.get('Content-Type') inputer = find_inputer(content_type) body = request.body_file.read() log.debug("DELETE content %s", body) els = inputer(body) group_name = els.xpath('//group/@name')[0] resource = etree.Element('resource') group = DBSession.query(Group).filter_by(group_name=group_name).first() if group: etree.SubElement(resource, 'group', name=group.group_name) DBSession.delete(group) return resource def new_group(self, *args, **kw): if len(args): group_names = args else: content_type = request.headers.get('Content-Type') inputer = find_inputer(content_type) els = inputer(request.body_file) group_names = els.xpath('//group/@name') resource = etree.Element('resource') for nm in group_names: g = Group(group_name=nm) DBSession.add(g) etree.SubElement(resource, 'group', name=nm) try: transaction.commit() except (IntegrityError, InvalidRequestError) as e: transaction.abort() abort(400, "Bad request %s" % e) return resource
class RootController(BaseController): """ The root controller for the IS2SAP application. """ #secc = SecureController() admin = AdminController(model, DBSession) item = ItemController() relacion = RelacionController() otros = OtrosController() error = ErrorController() @expose('is2sap.templates.index') def index(self): """Handle the front-page.""" return dict(page='index') @expose('is2sap.templates.despedida') def despedida(self): """Handle the front-page.""" return dict(page='despedida') @expose('is2sap.templates.configura') def configura(self): """Handle the 'about' page.""" return dict(page='config') @expose('is2sap.templates.desa') def desa(self): """Display some information about auth* on this application.""" return dict(page='desa') @expose('is2sap.templates.otros') def otras_op(self): """Display some information about auth* on this application.""" return dict(page='otros') @expose('is2sap.templates.index') @require( predicates.has_permission('administracion', msg=l_('Solo para el Administrador'))) #@require(predicates.in_group('Administrador', msg=l_('Solo para el administrador'))) def manage_permission_only(self, **kw): """Illustrate how a page for managers only works.""" return dict(page='managers stuff') @expose('is2sap.templates.index') @require(predicates.in_group('editor', msg=l_('Solo para editores'))) def editor_user_only(self, **kw): """Illustrate how a page exclusive for the editor works.""" return dict(page='editor stuff') @expose('is2sap.templates.login') def login(self, came_from=url('/')): """Start the user login.""" login_counter = request.environ['repoze.who.logins'] if login_counter > 0: flash(_('Wrong credentials'), 'warning') return dict(page='login', login_counter=str(login_counter), came_from=came_from) @expose() def post_login(self, came_from='/'): """ Redirect the user to the initially requested page on successful authentication or redirect her back to the login page if login failed. """ if not request.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect('/login', came_from=came_from, __logins=login_counter) userid = request.identity['repoze.who.userid'] flash(_('Bienvenido, %s!') % userid) redirect("/index") @expose() def post_logout(self, came_from=url('/')): """ Redirect the user to the initially requested page on logout and say goodbye as well. """ #flash(_('Hasta luego!')) redirect("/despedida")
def test_user_doesnt_belong_to_group(self): environ = make_environ('gustavo', ['developers', 'admins']) p = predicates.in_group('designers') self.eval_unmet_predicate( p, environ, 'The current user must belong to the group "designers"')
return 'hello sub1' def in_group(self): return 'in group' class SecurePanel(WSGIController): """Mock Pylons secure controller""" def index(self): return 'you are in the panel' @ActionProtector(in_group('developers')) def commit(self): return 'you can commit' SecurePanel = ControllerProtector(in_group('admins'))(SecurePanel) class SecurePanelWithHandler(WSGIController): """Mock Pylons secure controller""" def index(self): return 'you are in the panel with handler' @staticmethod def sorry(reason): response.status = 200 return 'what are you doing here? %s' % reason SecurePanelWithHandler = ControllerProtector( in_group('admins'), 'sorry')(SecurePanelWithHandler)
class ProyectoController(BaseController): allow_only = not_anonymous( msg='Solo usuarios registrados pueden acceder a los proyectos') @expose() def index(self, **named): """Handle the front-page.""" redirect('/proyecto/lista') @expose(template='gestionitem.templates.proyectoTmpl.lista') def lista(self, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] expresion = named.get('expresion') orden = named.get('submit') proyectos = [] id = identity['user'] for grupo in id.groups: if (grupo.group_name == 'Administrador'): if (orden == None or orden == 'Listar Todos'): proyectos = DBSession.query(Proyecto).filter( Proyecto.estado != 4).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): proyectoxlider = DBSession.query(Proyecto).join( (User, Proyecto.lider)).filter( User.user_name.like('%' + expresion + '%')).filter( Proyecto.estado != 4).all() proyectoxdescripcion = DBSession.query(Proyecto).filter( Proyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectoxestado = DBSession.query(Proyecto).join( (EstadoProyecto, Proyecto.estadoObj)).filter( EstadoProyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectos = proyectoxdescripcion + proyectoxlider + proyectoxestado muestraBoton = "true" if (grupo.group_name == 'LiderProyecto'): if (orden == None or orden == 'Listar Todos'): proyectosLider = DBSession.query(Proyecto).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): proyectoxlider = DBSession.query(Proyecto).join( (User, Proyecto.lider)).filter( User.user_name.like('%' + expresion + '%')).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() proyectoxdescripcion = DBSession.query(Proyecto).filter( Proyecto.descripcion.like('%' + expresion + '%') ).filter(Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() proyectoxestado = DBSession.query(Proyecto).join( (EstadoProyecto, Proyecto.estadoObj)).filter( EstadoProyecto.descripcion.like( '%' + expresion + '%')).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() proyectosLider = proyectoxdescripcion + proyectoxlider + proyectoxestado muestraBoton = "true" elif (orden): proyectosLider = DBSession.query(Proyecto).filter( Proyecto.id_lider == id.user_id).filter( Proyecto.estado != 4).all() muestraBoton = "false" for proyect in proyectosLider: if (proyect in proyectos): proyect.setDefinir() proyect.setmostrarFases() indice = proyectos.index(proyect) proyectos[indice] = proyect else: proyect.setDefinir() proyect.setmostrarFases() proyectos.append(proyect) if (grupo.group_name == 'Desarrollador' or grupo.group_name == 'Aprobador'): proyectosDesarrollador = [] ufrs = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.user_id == id.user_id).all() if (orden == None or orden == 'Listar Todos'): for ufr in ufrs: try: fase = DBSession.query(Fase).join( (Proyecto, Fase.proyectoObj)).filter( Fase.id == ufr.fase_id).filter( Proyecto.estado != 4).one() proyectosDesarrollador.append(fase.proyectoObj) except: pass proyectosDesarrolladorset = set(proyectosDesarrollador) proyectosDesarrollador = list(proyectosDesarrolladorset) muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): proyectoxlider = DBSession.query(Proyecto).join( (User, Proyecto.lider)).filter( User.user_name.like('%' + expresion + '%')).filter( Proyecto.estado != 4).all() proyectoxdescripcion = DBSession.query(Proyecto).filter( Proyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectoxestado = DBSession.query(Proyecto).join( (EstadoProyecto, Proyecto.estadoObj)).filter( EstadoProyecto.descripcion.like( '%' + expresion + '%')).filter(Proyecto.estado != 4).all() proyectosaux = proyectoxlider + proyectoxdescripcion + proyectoxestado proyectosauxset = set(proyectosaux) proyectosaux = list(proyectosauxset) for ufr in ufrs: if ufr.fase.proyectoObj in proyectosaux: proyectosDesarrollador.append(ufr.fase.proyectoObj) proyectosDesarrolladorset = set(proyectosDesarrollador) proyectosDesarrollador = list(proyectosDesarrolladorset) muestraBoton = "true" if proyectos.__len__() > 0: for proyecto1 in proyectosDesarrollador: if proyecto1 in proyectos: proyecto1.setmostrarFases() else: proyecto1.setmostrarFases() proyectos.append(proyecto1) else: proyectos = proyectosDesarrollador for proyecto12 in proyectos: proyecto12.setmostrarFases() proset = set(proyectos) proyectos = list(proset) from webhelpers import paginate count = proyectos.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( proyectos, page, item_count=count, items_per_page=5, ) proyectos = currentPage.items return dict(page='Lista de proyectos', proyectos=proyectos, subtitulo='Proyectos', user=user, muestraBoton=muestraBoton, currentPage=currentPage) @expose('gestionitem.templates.proyectoTmpl.nuevo') @require( All(in_group('Administrador'), has_permission('crear proyecto'), msg='Debe poseer Rol "Administrador" para crear nuevos proyectos')) def nuevo(self): """Handle the front-page.""" identity = request.environ.get('repoze.who.identity') user = identity['user'] lideres = DBSession.query(User).join( (Rol, User.groups)).filter(Rol.group_name == 'LiderProyecto').all() nombreProyectos = [] proyectos = DBSession.query(Proyecto).all() for proyecto in proyectos: nombreProyectos.append(proyecto.descripcion) nombreProyectos.append(",") return dict(page='Nuevo Proyecto', lideres=lideres, nombreProyectos=nombreProyectos, user=user) @expose() @require( All(in_group('Administrador'), has_permission('crear proyecto'), msg='Debe poseer Rol "Administrador" para crear nuevos proyectos')) def add_proyecto(self, descripcion, lider, **named): """Registra un proyecto nuevo """ new = Proyecto( descripcion=descripcion, id_lider=lider, estado=1, ) DBSession.add(new) flash('''Proyecto Registrado: %s''' % (descripcion, )) redirect('./index') @expose(template="gestionitem.templates.proyectoTmpl.editar") @require( All(in_group('Administrador'), has_permission('editar proyecto'), msg='Debe poseer Rol "Administrador" editar proyectos')) def editar(self, id): identity = request.environ.get('repoze.who.identity') user = identity['user'] proyecto = DBSession.query(Proyecto).filter_by(id=id).one() if proyecto.lider != None: usuarios = DBSession.query(User).join((Rol, User.groups)).filter( Rol.group_name == 'LiderProyecto').filter( User.user_id != proyecto.lider.user_id).all() else: usuarios = DBSession.query(User).join( (Rol, User.groups)).filter(Rol.group_name == 'LiderProyecto') return dict(page='Editar Proyecto', id=id, proyecto=proyecto, subtitulo='ABM-Proyecto', user=user, usuarios=usuarios) @expose() @require( All(in_group('Administrador'), has_permission('editar proyecto'), msg='Debe poseer Rol "Administrador" editar proyectos')) def actualizar(self, id, descripcion, id_user, submit): """Create a new movie record""" proyecto = DBSession.query(Proyecto).filter_by(id=id).one() proyecto.descripcion = descripcion proyecto.id_lider = id_user DBSession.flush() redirect('/proyecto') @expose() @require( in_group('Administrador', msg='Debe poseer Rol "Administrador" eliminar proyectos')) @require( All(in_group('Administrador'), has_permission('eliminar proyecto'), msg='Debe poseer Rol "Administrador" eliminar proyectos')) def eliminar(self, id): proyecto = DBSession.query(Proyecto).filter_by(id=id).one() proyecto.estado = 4 redirect('/proyecto') @expose(template='gestionitem.templates.proyectoTmpl.avisoEliminarProyecto' ) def avisoEliminarProyecto(self, id, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] proyecto = DBSession.query(Proyecto).filter_by(id=id).one() return dict(page='Aviso Editar Item', user=user, fases=proyecto.fases, proyecto=proyecto, subtitulo='Aviso') @expose() def cambiarEstado(self, id, estado, **named): proyecto = DBSession.query(Proyecto).filter_by(id=id).one() proyecto.estado = estado DBSession.flush() redirect('/proyecto') @expose(template="gestionitem.templates.proyectoTmpl.proyectoDef") @require( All(in_group('LiderProyecto'), has_permission('definir proyecto'), msg='Debe poseer Rol "LiderProyecto" para definir proyectos')) def proyectoDef(self, id, **named): fases = DBSession.query(Fase).filter(Fase.proyecto_id == id) proyecto_id = id return dict(page='Definir Proyecto', proyecto_id=proyecto_id, subtitulo='Definir Proyecto') @expose(template="gestionitem.templates.proyectoTmpl.faseList") @require( All(in_group('LiderProyecto'), has_permission('definir proyecto'), msg='Debe poseer Rol "LiderProyecto" para definir fases')) def definir_fase(self, id, **named): identity = request.environ.get('repoze.who.identity') fases = [] expresion = named.get('expresion') orden = named.get('submit') iduser = identity['user'] proyecto = DBSession.query(Proyecto).filter(Proyecto.id == id).one() proyectoEstado = proyecto.estado for grupo in iduser.groups: if (grupo.group_name == 'LiderProyecto'): if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'): fases = DBSession.query(Fase).filter( Fase.proyecto_id == id).order_by( Fase.numero_fase).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): fasesxdescripcion = DBSession.query(Fase).filter( Fase.proyecto_id == id).filter( Fase.descripcion.like('%' + expresion + '%')).all() fasesxestado = DBSession.query(Fase).join( (EstadoFase, Fase.estadoObj)).filter( Fase.proyecto_id == id).filter( EstadoFase.descripcion.like('%' + expresion + '%')).all() fases = fasesxdescripcion + fasesxestado muestraBoton = "true" elif (grupo.group_name == 'Desarrollador' or grupo.group_name == 'Aprobador'): ufrs = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.user_id == iduser.user_id).all() for ufr in ufrs: if (str(ufr.fase.proyecto_id) == id): fasetot = [] if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'): fase1 = DBSession.query(Fase).filter( Fase.id == ufr.fase_id).one() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): fase1xdescripcion = DBSession.query(Fase).filter( Fase.id == ufr.fase_id).filter( Fase.descripcion.like('%' + expresion + '%')).all() fase1xestado = DBSession.query(Fase).join( (EstadoFase, Fase.estadoObj )).filter(Fase.id == ufr.fase_id).filter( EstadoFase.descripcion.like('%' + expresion + '%')).all() fasetot = fase1xdescripcion + fase1xestado muestraBoton = "true" for fase1 in fasetot: if (fase1 in fases): pass else: fases.append(fase1) faseset = set(fases) fases = list(faseset) fases = sorted(fases, key=lambda Fase: Fase.numero_fase) proyecto_id = id from webhelpers import paginate count = fases.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( fases, page, item_count=count, items_per_page=5, ) fases = currentPage.items return dict(page='Lista de fases', fases=fases, proyecto_id=proyecto_id, subtitulo='fases', user=iduser, proyectoEstado=proyectoEstado, muestraBoton=muestraBoton, proyecto=proyecto, currentPage=currentPage) @expose(template="gestionitem.templates.proyectoTmpl.agregar_fase") @require( All(in_group('LiderProyecto'), has_permission('crear fase'), msg='Debe poseer Rol "LiderProyecto" para agregar fases')) def agregar_fase(self, id): identity = request.environ.get('repoze.who.identity') user = identity['user'] proyecto = DBSession.query(Proyecto).filter(Proyecto.id == id).one() fase = DBSession.query(Fase).filter( Fase.proyecto_id == proyecto.id).all() codigos = [] for i, cod in enumerate(fase): codigos.append(cod.codigo_fase) codigos.append(",") return dict(page='Nueva Fase', proyecto=proyecto, user=user, codigos=codigos) @expose() @require( All(in_group('LiderProyecto'), has_permission('crear fase'), msg='Debe poseer Rol "LiderProyecto" para agregar fases')) def save_fase(self, id, descripcion_proyecto, nombre_fase, codFase, submit): fases = DBSession.query(Fase).filter(Fase.proyecto_id == id) num = fases.count() + 1 new = Fase(descripcion=nombre_fase, proyecto_id=id, numero_fase=num, estado_id=3, codigo_fase=codFase) DBSession.add(new) flash('''Fase Registrada: %s''' % (nombre_fase, )) redirect('/proyecto/definir_fase/' + id) @expose("gestionitem.templates.proyectoTmpl.editar_fase") @require( All(in_group('LiderProyecto'), has_permission('editar fase'), msg='Debe poseer Rol "LiderProyecto" para editar fases')) def editar_fase(self, id): identity = request.environ.get('repoze.who.identity') user = identity['user'] fase = DBSession.query(Fase).filter(Fase.id == id).one() fases = DBSession.query(Fase).filter( Fase.proyecto_id == fase.proyecto_id).all() codigos = [] for i, cod in enumerate(fases): codigos.append(cod.codigo_fase) codigos.append(",") return dict(page='Editar fase', id=id, fase=fase, user=user, codigos=codigos, subtitulo='ABM-Fase') @expose() @require( All(in_group('LiderProyecto'), has_permission('editar fase'), msg='Debe poseer Rol "LiderProyecto" para editar fases')) def actualizar_fase(self, id, descripcion_proyecto, nombre_fase, numero_fase, submit): fase = DBSession.query(Fase).filter(Fase.id == id).one() fase.descripcion = nombre_fase fase.numero_fase = numero_fase # fase.codigo_fase = codFase DBSession.flush() redirect('/proyecto/definir_fase/' + str(fase.proyecto_id)) @expose() @require( All(in_group('LiderProyecto'), has_permission('eliminar fase'), msg='Debe poseer Rol "LiderProyecto" para eliminar fases')) def eliminar_fase(self, id): fase = DBSession.query(Fase).filter(Fase.id == id).one() id_proyecto = fase.proyecto_id ufrs = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == id).all() for ufr in ufrs: DBSession.delete(ufr) DBSession.flush() # itemusuarios = DBSession.query(TipoItemUsuario).filter(TipoItemUsuario.fase_id == id).all() DBSession.delete(fase) fases = DBSession.query(Fase).filter( Fase.proyecto_id == id_proyecto).order_by(Fase.id).all() for i, fase in enumerate(fases): fase.numero_fase = i + 1 DBSession.flush() redirect('/proyecto/definir_fase/' + str(id_proyecto)) @expose("gestionitem.templates.proyectoTmpl.usuario_faseList") @require( in_group('LiderProyecto', msg='Debe poseer Rol "LiderProyecto" para listar usuarios')) def usuario_faseList(self, id, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] expresion = named.get('expresion') orden = named.get('submit') usuarioFaseRols = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == id).all() for ufr in usuarioFaseRols: if ufr.usuario == None: DBSession.delete(ufr) DBSession.flush() if (orden == None or orden == 'Listar Todos' or orden == 'Cancelar'): usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == id).all() muestraBoton = "false" elif (orden == 'Buscar' and expresion != None): usuarioxnombre = DBSession.query(UsuarioFaseRol).join( (User, UsuarioFaseRol.usuario)).filter( UsuarioFaseRol.fase_id == id).filter( User.user_name.like('%' + expresion + '%')).order_by( User.user_name).all() usuarioxrol = DBSession.query(UsuarioFaseRol).join( (Rol, UsuarioFaseRol.rol)).filter( UsuarioFaseRol.fase_id == id).filter( Rol.group_name.like('%' + expresion + '%')).all() usuarioFaseRol1 = usuarioxnombre + usuarioxrol usuarioFaseRol = set(usuarioFaseRol1) usuarioFaseRol = list(usuarioFaseRol) muestraBoton = "true" fase = DBSession.query(Fase).filter(Fase.id == id).one() from webhelpers import paginate count = usuarioFaseRol.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( usuarioFaseRol, page, item_count=count, items_per_page=5, ) usuarioFaseRol = currentPage.items descripcion = fase.descripcion proyecto = DBSession.query(Proyecto).filter( Proyecto.id == fase.proyecto_id).one() return dict(page='Usuarios de fase ' + descripcion, usuariofaserol=usuarioFaseRol, descripcion=descripcion, fase_id=id, subtitulo='Usuarios de fase', proyecto_id=fase.proyecto_id, user=user, muestraBoton=muestraBoton, proyecto=proyecto, currentPage=currentPage) @expose("gestionitem.templates.proyectoTmpl.agregarUsuarioFase") @require( All(in_group('LiderProyecto'), has_permission('asignar desarrollador'), msg='LiderProyecto" para agregar usuarios')) def agregar_usuario_fase(self, id, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] usuarios = DBSession.query(User).join((Rol, User.groups)).filter( or_(Rol.group_name == 'Aprobador', Rol.group_name == 'Desarrollador')).all() roles = DBSession.query(Rol).filter( or_(Rol.group_name == 'Aprobador', Rol.group_name == 'Desarrollador')).all() fase = DBSession.query(Fase).filter(Fase.id == id).one() # usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter(UsuarioFaseRol.fase_id == id).all() return dict(page='Asignar Usuario a fase ' + fase.descripcion, usuarios=usuarios, roles=roles, proyecto_id=id, user=user, fase=fase) @expose() @require( All(in_group('LiderProyecto'), has_permission('asignar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para agregar usuarios')) def save_usuario_fase(self, fase, user, rol, **named): try: rol = int(rol) try: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol) DBSession.add(new) except: for rol1 in rol: try: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol1).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol1) DBSession.add(new) CambiarEstadoFase = DBSession.query(Fase).filter(Fase.id == fase).one() CambiarEstadoFase.estado_id = 1 redirect('/proyecto/usuario_faseList/' + fase) @expose() @require( All(in_group('LiderProyecto'), has_permission('eliminar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para eliminar usuarios')) def eliminar_usuario_fase(self, ufr): usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() fase = usuarioFaseRol.fase_id DBSession.delete(usuarioFaseRol) usuarioFaseRolcantidad = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).all() if usuarioFaseRolcantidad.__len__() == 0: faseCambiarEstado = DBSession.query(Fase).filter( Fase.id == fase).one() faseCambiarEstado.estado_id = 3 DBSession.flush() redirect('/proyecto/usuario_faseList/' + str(fase)) @expose("gestionitem.templates.proyectoTmpl.editarUsuarioFase") @require( All(in_group('LiderProyecto'), has_permission('editar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para editar usuarios')) def editar_usuario_fase(self, ufr, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() fase = DBSession.query(Fase).filter( Fase.id == usuarioFaseRol.fase_id).one() usuario = DBSession.query(User).filter( User.user_id == usuarioFaseRol.user_id).one() rol = DBSession.query(Rol).filter( Rol.group_id == usuarioFaseRol.rol_id).one() roles = DBSession.query(Rol).filter( or_(Rol.group_name == 'Aprobador', Rol.group_name == 'Desarrollador')).all() return dict(page='Editar Usuario de fase' + fase.descripcion, fase=fase, usuario=usuario, roles=roles, rol=rol, user=user, ufr=usuarioFaseRol) @expose() @require( All(in_group('LiderProyecto'), has_permission('editar desarrollador'), msg='Debe poseer Rol "LiderProyecto" para editar usuarios')) def actualizar_usuario_fase(self, fase, ufr, submit, **named): rol = named.get('rol') usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() user = usuarioFaseRol.user_id if rol == None: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.id == ufr).one() DBSession.delete(usuarioFaseRol) else: try: rol = int(rol) try: usuarioFaseRol = DBSession.query(UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol) DBSession.add(new) except: for rol1 in rol: try: usuarioFaseRol = DBSession.query( UsuarioFaseRol).filter( UsuarioFaseRol.fase_id == fase).filter( UsuarioFaseRol.user_id == user).filter( UsuarioFaseRol.rol_id == rol1).one() DBSession.delete(usuarioFaseRol) except: pass new = UsuarioFaseRol(user_id=user, fase_id=fase, rol_id=rol1) DBSession.add(new) redirect('/proyecto/usuario_faseList/' + fase)
class AdminController(TGController): """ A basic controller that handles User Groups and Permissions for a TG application. """ allow_only = in_group('managers') def __init__(self, models, session, config_type=None, translations=None): super(AdminController, self).__init__() if translations is None: translations = {} if config_type is None: config = AdminConfig(models, translations) else: config = config_type(models, translations) if config.allow_only: self.allow_only = config.allow_only self.config = config self.session = session self.default_index_template = ':'.join( (tg_config.default_renderer, self.index.decoration.engines.get('text/html')[1])) if self.config.default_index_template: self.default_index_template = self.config.default_index_template @with_trailing_slash @expose('tgext.admin.templates.index') def index(self): #overrides the template for this method original_index_template = self.index.decoration.engines['text/html'] new_engine = self.default_index_template.split(':') new_engine.extend(original_index_template[2:]) self.index.decoration.engines['text/html'] = new_engine return dict( models=[model.__name__ for model in self.config.models.values()]) def _make_controller(self, config, session): m = config.model Controller = config.defaultCrudRestController class ModelController(Controller): model = m table = config.table_type(session) table_filler = config.table_filler_type(session) new_form = config.new_form_type(session) new_filler = config.new_filler_type(session) edit_form = config.edit_form_type(session) edit_filler = config.edit_filler_type(session) allow_only = config.allow_only menu_items = None if self.config.include_left_menu: menu_items = self.config.models return ModelController(session, menu_items) @expose() def _lookup(self, model_name, *args): model_name = model_name[:-1] try: model = self.config.models[model_name] except KeyError: raise HTTPNotFound().exception config = self.config.lookup_controller_config(model_name) controller = self._make_controller(config, self.session) return controller, args @expose() def lookup(self, model_name, *args): return self._lookup(model_name, *args)
class PaymentsController(BaseController): def index(self): payments = self.user.payments c.forms = [] for payment in payments: fs = PaymentForm.bind(payment) fs.readonly = True c.forms.append(fs) c.user = self.user return render('/payments.mako') @ActionProtector(predicates.in_group('bureau')) def edit(self, id, paymentDate=None, message=None): id = str(id) c.user = ldap.getUser(id) # forms payments = c.user.payments c.forms = [] for payment in payments: if request.POST and paymentDate: if paymentDate in payment._dn: fs = PaymentForm.bind(payment, data=request.POST or None) if fs.validate(): fs.sync() payment.save() ldap.updateExpirationDate(user) fs = PaymentForm.bind(payment) c.forms.append(fs) # add form now = datetime.now() new_date = now payments = [p for p in payments if p.paymentAmount] if payments: last_payment = payments[-1] d = h.to_python(h.to_string(last_payment.paymentDate), datetime) if d + timedelta(365) < now - timedelta(90): new_date = d + timedelta(365) payment = ldap.Payment() payment.paymentDate = new_date payment.paymentObject = ldap.PERSONNAL_MEMBERSHIP c.new = NewPaymentForm.bind(payment, request.POST or None) c.message = message return render('/edit_payments.mako') @ActionProtector(predicates.in_group('bureau')) def delete(self, id, paymentDate): user = ldap.getUser(id) for p in user.payments: if paymentDate in p._dn: user._conn.delete(p) ldap.updateExpirationDate(user) break ldap.updateExpirationDate(user) message = 'Supprimer a %s' % datetime.now().strftime('%H:%M:%S') return self.edit(id, message=message) @ActionProtector(predicates.in_group('bureau')) def add(self, id): id = str(id) payment = ldap.Payment() fs = NewPaymentForm.bind(payment, data=request.POST) if fs.validate(): fs.sync() user = ldap.getUser(id) user.append(payment) payment.save() message = 'Ajouter a %s' % datetime.now().strftime('%H:%M:%S') else: message = 'Erreur a %s' % datetime.now().strftime('%H:%M:%S') return self.edit(id, message=message)
# result in readonly fs = NewUserForm.bind(user) fs2 = NewPaymentForm.bind(payment) fs.readonly = True fs2.readonly = True message = 'Utilisateur ajouté et son mot de passe envoyé par courriel' c.title = 'Inscription de membre' html = h.form(h.url.current(id=None), id="new_user") html += h.literal(fs.render(message=message)) if fs2.readonly: html += h.literal( '<table width="100%" class="payments_listing listing">') html += h.literal(fs2.header()) html += h.literal(fs2.render()) html += h.literal('</table>') else: html += h.literal( '<table width="100%" class="payments_listing listing">') html += h.literal(fs2.header()) html += h.literal('</table>') html += h.literal(fs2.render()) html += h.end_form() c.body = h.literal(html) return render('/generic.mako') AdminController = ControllerProtector( predicates.in_group('bureau'))(AdminController)
def _query_result(self, kw): try: conditions=[] if kw.get("customerPO", False): conditions.append(DBAOrderInfo.po==kw["customerPO"].strip()) if kw.get("sob", False): conditions.append(DBAOrderInfo.sob==kw["sob"].strip()) if kw.get("orderStartDate", False) and kw.get("orderEndDate", False): b_date=dt.strptime(kw.get("orderStartDate", '2009-12-1200:00:00')+"00:00:00", "%Y-%m-%d%H:%M:%S") e_date=dt.strptime(kw.get("orderEndDate", '2009-12-1200:00:00')+"23:59:59", "%Y-%m-%d%H:%M:%S") conditions.append(DBAOrderInfo.create_time>=b_date) conditions.append(DBAOrderInfo.create_time<=e_date) elif kw.get("orderStartDate", False): b_date=dt.strptime(kw.get("orderStartDate", '2009-12-1200:00:00')+"00:00:00", "%Y-%m-%d%H:%M:%S") conditions.append(DBAOrderInfo.create_time>=b_date) elif kw.get("orderEndDate", False): e_date=dt.strptime(kw.get("orderEndDate", '2009-12-1200:00:00')+"23:59:59", "%Y-%m-%d%H:%M:%S") conditions.append(DBAOrderInfo.create_time<=e_date) if kw.get("shipStartDate", False) and kw.get("shipEndDate", False): b_date=date(*time.strptime(kw.get("shipStartDate", '2009-12-12'), '%Y-%m-%d')[:3]) e_date=date(*time.strptime(kw.get("shipEndDate", '2009-12-12'), '%Y-%m-%d')[:3]) conditions.append(DBAOrderInfo.ship_date>=b_date) conditions.append(DBAOrderInfo.ship_date<=e_date) elif kw.get("shipStartDate", False): b_date=date(*time.strptime(kw.get("shipStartDate", '2009-12-12'), '%Y-%m-%d')[:3]) conditions.append(DBAOrderInfo.ship_date>=b_date) elif kw.get("shipEndDate", False): e_date=date(*time.strptime(kw.get("shipEndDate", '2009-12-12'), '%Y-%m-%d')[:3]) conditions.append(DBAOrderInfo.ship_date<=e_date) #add@2011-07-20 if kw.get("deliveryStartDate", False) and kw.get("deliveryEndDate", False): b_date=date(*time.strptime(kw.get("deliveryStartDate", '2009-12-12'), '%Y-%m-%d')[:3]) e_date=date(*time.strptime(kw.get("deliveryEndDate", '2009-12-12'), '%Y-%m-%d')[:3]) conditions.append(DBAOrderInfo.delivery_date>=b_date) conditions.append(DBAOrderInfo.delivery_date<=e_date) elif kw.get("deliveryStartDate", False): b_date=date(*time.strptime(kw.get("deliveryStartDate", '2009-12-12'), '%Y-%m-%d')[:3]) conditions.append(DBAOrderInfo.delivery_date>=b_date) elif kw.get("deliveryEndDate", False): e_date=date(*time.strptime(kw.get("deliveryEndDate", '2009-12-12'), '%Y-%m-%d')[:3]) conditions.append(DBAOrderInfo.delivery_date<=e_date) ############ if kw.get("item_code", False): conditions.append(DBAItem.__table__.c.item_code.op('ilike')("%%%s%%" %kw["item_code"])) if kw.get("category_id", False): conditions.append(DBAItem.category_id==kw["category_id"]) if kw.get("customer_id", False): conditions.append(DBAOrderInfo.customer_id == kw["customer_id"]) if len(conditions): if kw.get("item_code", False) or kw.get("category_id", False): obj=DBSession.query(DBAOrderInfo).join(DBAOrderDetail, DBAItem) else: obj=DBSession.query(DBAOrderInfo) for condition in conditions: obj=obj.filter(condition) if not in_group("Admin") and not in_group("DBA_AE") and not in_group("DBA_BUYER"): obj=obj.filter(DBAOrderInfo.create_by_id==request.identity["user"].user_id) result=obj.filter(DBAOrderInfo.active==0) \ .order_by(desc(DBAOrderInfo.id)) \ .all() else: if not in_group("Admin") and not in_group("DBA_AE") and not in_group("DBA_BUYER"): result=DBSession.query(DBAOrderInfo) \ .filter(DBAOrderInfo.create_by_id==request.identity["user"].user_id) \ .filter(DBAOrderInfo.active==0) \ .order_by(desc(DBAOrderInfo.id)) \ .all() else: result=DBSession.query(DBAOrderInfo) \ .filter(DBAOrderInfo.active==0) \ .order_by(desc(DBAOrderInfo.id)) \ .all() return result except: traceback.print_exc()
result['sell_price'], result['buy_date'], result['brand'], photos, result['tag'] ) product.code = result['code'] product.wholesale_price = result['wholesale_price'] product.deleted = False Session.add(product) Session.commit() h.flash(_('Product added successfully.')) redirect(url(controller='product', action='index')) @ActionProtector(in_group('admin')) def edit(self,id): product = Session.query(Product).filter_by(id=int(id)).one() jd = jcal.gregorian_to_jd(product.buy_date.year, product.buy_date.month, product.buy_date.day) jalali = jcal.jd_to_jalali(jd) jalali = str(jalali[0])+'/'+str(jalali[1])+'/'+str(jalali[2]) values={ 'code':product.code, 'name':product.name, 'brand':product.brand, 'quantity':product.quantity, 'description':product.description, 'buy_price':product.buy_price, 'sell_price':product.sell_price, 'wholesale_price':product.wholesale_price, 'buy_date':jalali,
class AccountsController(BaseController): """Controller for Accounts """ def index(self): """ Default to the account edit for your account? """ abort(404) def login(self): """This is where the login form should be rendered.""" if auth.check(not_anonymous()): # if we're not anonymous then we're logged in and need to be # redirected log.debug('already logged in') redirect(url('/page/test')) # Without the login counter, we won't be able to tell if the user has # tried to log in with the wrong credentials if 'repoze.who.logins' in request.environ: login_counter = request.environ['repoze.who.logins'] else: login_counter = 0 if login_counter > 0: log.debug('Wrong Login credentials') #flash('Wrong credentials') tpl.login_counter = login_counter tpl.came_from = request.params.get('came_from') or url('/') if 'login_failed' in request.params: tpl.login_failed = True else: tpl.login_failed = False return render('/login.mako') def post_login(self): """ Handle logic post a user's login I want to create a login_handler that's redirected to after login. This would check - if user was logged in, if not then send back to login - if user is admin, go to job list - if user can add joblist then go to * - if user is read only go to job list that's trimmed down a bit On the post login page adjust the max age on the existing cookie to XX remember me timeframe """ if auth.check(not_anonymous()): log.debug('checked auth') else: # login failed, redirect back to login log.debug('failed auth') redirect( url(controller="accounts", action="login", login_failed=True)) # expire this cookie into the future ck = request.cookies['authtkt'] response.set_cookie('authtkt', ck, max_age=60 * 60 * 24 * 7, path='/') redirect(url('/page/test')) @ActionProtector(in_group('admin')) def list(self): """ List the user accounts in the system""" user_list = UserMgr.get_list() log.debug(user_list) tpl.user_list = user_list return render('/account/list.mako') @ActionProtector(in_group('admin')) @mijson() def edit(self, user_name): """Load the edit ui for this user""" tpl.user = UserMgr.get(user_name=user_name) tpl.group_list = GroupMgr.get_list() tpl.form_errors = False for g in tpl.group_list: if g in tpl.user.groups: log.debug("IN GROUP") else: log.debug("NOT IN GROUP") self.json.success = True return render('/account/edit.mako') @ActionProtector(in_group('admin')) @mijson() def edit_error(self): """Authenticate the changes to the user account specified Currently the only changes to a user account are to assign permission groups to it. """ user_groups = request.params.getall('groups') user_name = request.params['user_name'] user = UserMgr.get(user_name=user_name) # we're admin so we're allowed to do this regardless of username user.groups = GroupMgr.get_list(user_groups) redirect(url(controller="accounts", action="list")) def new(self): """Add a new user to the auth system """ tpl.group_list = GroupMgr.get_list() tpl.form_errors = False return render('/account/new.mako') @validate(schema=UserFormNew(), form='new', post_only=False, on_get=True, auto_error_formatter=error_formatter, prefix_error=False) def new_errors(self): """Validate a new user account details """ user = User() user.fromdict(request.params) # now make sure we create the group info # this just overwrites the from dict stuff I think user_groups = request.params.getall('groups') user.groups = GroupMgr.get_list(user_groups) try: meta.Session.add(user) #SystemLogger.log_activity('system', # None, # 'Added new user: %s to the system' % user.user_name) except: meta.Session.rollback() # @todo fill in the code to create the queued job to process this # new file we just uploaded with tons of emails to create redirect(url(controller="accounts", action="list")) @ActionProtector(in_group('admin')) @mijson() def delete(self, user_name): """Remove a user from the system if this is an admin :param user_name: the user to remove from the system """ user = UserMgr.get(user_name=user_name) meta.Session.delete(user) redirect(url(controller="accounts", action="list")) @ActionProtector(in_group('admin')) @mijson() def fetch_ldap_user(self, user_name): """ Attempt to find this user in the ldap database and return the user object :param id: string username or email address """ ldap_server = config['app_conf']['auth.ldap_server'] search = LDAPSearch(ldap_server) if user_name is None or user_name == "": self.json.success = False self.json.message = "Please supply a user name or email address" try: # see if this is an email search record = search.find_by_email(user_name) self.json.success = True self.json.payload = {'user': record.attributes} except LDAPNotFound: # if we fail to find the user by their email, just try it on the # cn:username try: record = search.find_by_cn(user_name) self.json.success = True self.json.payload = {'user': record.attributes} except LDAPNotFound: self.json.success = False self.json.message = "User %s not found in ldap system" % \ user_name if self.json.success: self.json.message = "Found user in the system as: %s" % \ record.attributes['fullName'] log.debug(self.json.payload) return self.json.message
row_id=i, who=user.user_id, what=_('delete'), ) dbs.flush() # success! return dict(status=True) except Exception, e: logger.error(e) return dict(status=False, message=str(e), rel_tables=rel_tables) @expose('sapns/order/insert.html') @require(p.in_group(u'managers')) @add_language def ins_order(self, cls, came_from='/'): user = dbs.query(SapnsUser).get(request.identity['user'].user_id) # check privilege on this class if not user.has_privilege(cls): redirect(url('/message', params=dict(message=_('Sorry, you do not have privilege on this class'), came_from=came_from))) class_ = SapnsClass.by_name(cls) return dict(page='insertion order', insertion=class_.insertion(), title=class_.title, came_from=url(came_from))
return 'in group' class SecurePanel(TGController): """Mock TG2 secure controller""" @expose() def index(self): return 'you are in the panel' @expose() @ActionProtector(in_group('developers')) def commit(self): return 'you can commit' SecurePanel = ControllerProtector(in_group('admins'))(SecurePanel) class SecurePanelWithHandler(TGController): """Mock TG2 secure controller""" @expose() def index(self): return 'you are in the panel with handler' @staticmethod def sorry(reason): response.status = 200 return 'what are you doing here? %s' % reason SecurePanelWithHandler = ControllerProtector(in_group('admins'),
class RootController(BaseController): """ The root controller for the GestionItem application. All the other controllers and WSGI applications should be mounted on this controller. For example:: panel = ControlPanelController() another_app = AnotherWSGIApplication() Keep in mind that WSGI applications shouldn't be mounted directly: They must be wrapped around with :class:`tg.controllers.WSGIAppController`. """ item = ItemControler() proyecto = ProyectoController() tipoItems = TipoItemControler() secc = SecureController() lb = LineaBaseController() admin = AdminController([User, Rol, Permission], DBSession, config_type=TGAdminConfig) admin.allow_only = in_group('Administrador') error = ErrorController() dict(subtitulo='') @expose('gestionitem.templates.index') def index(self): identity = request.environ.get('repoze.who.identity') """Handle the front-page.""" return dict(page='Indice', subtitulo='Indice') @expose('gestionitem.templates.prueba.demo') def demo(self): """Handle the front-page.""" return dict(page='Indice', subtitulo='Indice') @expose(template='gestionitem.templates.proyectoList') def proyectoList(self, **named): proyectos = DBSession.query(Proyecto).order_by(Proyecto.id) from webhelpers import paginate count = proyectos.count() page = int(named.get('page', '1')) currentPage = paginate.Page( proyectos, page, item_count=count, items_per_page=3, ) proyectos = currentPage.items return dict(page='proyecto', proyectos=proyectos, subtitulo='Proyectos', currentPage=currentPage) @expose(template="gestionitem.templates.proyectoDef") def proyectoDef(self, id): proyecto = DBSession.query(Proyecto).filter_by(id=id).one() return dict(page='Definir Proyecto', id=id, proyecto=proyecto, subtitulo='Definicion de Proyectos') @expose(template="gestionitem.templates.faseList") def faseList(self, id): fases = DBSession.query(Fase).filter_by(proyecto_id=id).order_by( Fase.id).all() proyecto = DBSession.query(Proyecto).filter_by(id=id).one() return dict(page='Lista de Fases', id=id, fases=fases, proyecto=proyecto, subtitulo='Lista de Fases') @expose(template="gestionitem.templates.faseDef") def faseDef(self, id): fases = DBSession.query(Fase).order_by(Fase.id) proyecto = DBSession.query(Proyecto).filter_by(id=id).one() return dict(page='Lista de Fases', id=id, fases=fases, proyecto=proyecto, subtitulo='Lista de Fases') @expose(template='gestionitem.templates.permiso') def permiso(self, **named): permisos = DBSession.query(Permission).order_by(Permission.description) from webhelpers import paginate count = permisos.count() page = int(named.get('page', '1')) currentPage = paginate.Page( permisos, page, item_count=count, items_per_page=5, ) permisos = currentPage.items return dict(page='permiso', permisos=permisos, subtitulo='ABM-Permisos', currentPage=currentPage) @expose('gestionitem.templates.agregar_permiso') def agregar_permiso(self): permiso = Permission permiso.permission_name = '' permiso.description = '' permisos = DBSession.query(Permission) return dict(page='Nuevo Permiso', permisos=permisos, permiso=permiso, subtitulo='ABM-Permiso') @expose() def save_permiso(self, id, name, descripcion, submit): """Crea un nuevo permiso""" new = Permission( permission_name=name, description=descripcion, ) DBSession.add(new) redirect('./permiso') flash('''Permiso Agregado! %s''') @expose() def eliminar_permiso(self, id): #recurso = DBSession.query(Recurso).filter_by(id=id).delete() #permiso=DBSession.query(Permission).filter_by(id=id).one() DBSession.delete( DBSession.query(Permission).filter_by(permission_id=id).one()) redirect('../permiso') @expose(template="gestionitem.templates.permiso_editar") def permiso_editar(self, id): permiso = DBSession.query(Permission).filter_by(permission_id=id).one() return dict(page='Editar Permiso', id=id, permiso=permiso, subtitulo='ABM-Permiso') @expose() def actualizar_permiso(self, id, name, descripcion, submit): """Create a new movie record""" permiso = DBSession.query(Permission).filter_by(permission_id=id).one() permiso.permission_name = name permiso.description = descripcion DBSession.flush() redirect('./permiso') @expose('gestionitem.templates.about') def about(self): """Handle the 'about' page.""" #aux=Recurso() return dict(page='about', aux='hola', subtitulo='About') @expose('gestionitem.templates.environ') def environ(self): """This method showcases TG's access to the wsgi environment.""" return dict(environment=request.environ, subtitulo='') @expose('gestionitem.templates.data') @expose('json') def data(self, **kw): """This method showcases how you can use the same controller for a data page and a display page""" return dict(params=kw) @expose('gestionitem.templates.authentication') def auth(self): """Display some information about auth* on this application.""" return dict(page='auth', subtitulo='Autenticacion') @expose('gestionitem.templates.index') @require(predicates.has_permission('manage', msg=l_('Only for managers'))) def manage_permission_only(self, **kw): """Illustrate how a page for managers only works.""" return dict(page='managers stuff', subtitulo='') @expose('gestionitem.templates.index') @require(predicates.is_user('editor', msg=l_('Only for the editor'))) def editor_user_only(self, **kw): """Illustrate how a page exclusive for the editor works.""" return dict(page='editor stuff') @expose('gestionitem.templates.login') def login(self, came_from=url('/')): """Start the user login.""" login_counter = request.environ['repoze.who.logins'] if login_counter > 0: flash(_('Error de acceso'), 'warning') return dict(page='login', login_counter=str(login_counter), came_from=came_from, subtitulo='Loguin') @expose() def post_login(self, came_from='/'): """ Redirect the user to the initially requested page on successful authentication or redirect her back to the login page if login failed. """ if not request.identity: login_counter = request.environ['repoze.who.logins'] + 1 redirect('/login', came_from=came_from, __logins=login_counter) userid = request.identity['repoze.who.userid'] flash(_('Bienvenido, %s!') % userid) redirect(came_from) @expose() def post_logout(self, came_from=url('/')): """ Redirect the user to the initially requested page on logout and say goodbye as well. """ flash(_('Hasta pronto!')) redirect('/index')
class ConnoisseurController(ServiceController): #Uncomment this line if your controller requires an authenticated user #allow_only = predicates.not_anonymous() service_type = "connoisseur" allow_only = Any(in_group("admin"), in_group('admins'), in_group(service_type)) def __init__(self, server_url): super(ConnoisseurController, self).__init__(server_url) self.basepath = os.path.dirname(inspect.getfile( inspect.currentframe())) self.workdir = config.get('bisque.connoisseur.models', data_path('connoisseur')) #_mkdir (self.workdir) self.path_models = os.path.join(self.workdir, 'models') self.path_templates = os.path.join(self.workdir, 'templates') self.path_images = os.path.join(self.workdir, 'images') _mkdir(self.path_models) _mkdir(self.path_templates) _mkdir(self.path_images) self.adapters_gobs = PluginManager( 'adapters_gobs', os.path.join(self.basepath, 'adapters_gobs'), AdapterGobjectsBase) self.adapters_pixels = PluginManager( 'adapters_pixels', os.path.join(self.basepath, 'adapters_pixels'), AdapterPixelsBase) # frameworks available in the system self.frameworks = PluginManager( 'frameworks', os.path.join(self.basepath, 'frameworks'), FrameworkBase) # classifiers available to the system, requested with method argument self.classifiers = PluginManager( 'classifiers', os.path.join(self.basepath, 'classifiers'), ClassifierBase) # importers are matched by their input mime and output mime self.importers = PluginManager( 'importers', os.path.join(self.basepath, 'importers'), ImporterBase) self.importers_by_mime = { '%s;%s' % (e.mime_input, e.mime_type): e for k, e in self.importers.plugins.iteritems() } #log.debug('Importers: %s', self.importers_by_mime) # exporters are matched by their input mime and output mime self.exporters = PluginManager( 'exporters', os.path.join(self.basepath, 'exporters'), ExporterBase) self.exporters_by_mime = { '%s;%s' % (e.mime_input, e.mime_type): e for k, e in self.exporters.plugins.iteritems() } #log.debug('Exporters: %s', self.exporters_by_mime) # loaded models hashed by their ID self.models_loaded_max = 10 self.models = {} log.info('Connoisseur service started, using temp space at: %s' % self.workdir) #---------------------------------------------------------------------------------------------- # RESTful API #---------------------------------------------------------------------------------------------- #@expose('bq.connoisseur.templates.index') @expose(content_type='text/xml') def index(self, **kw): """Add your service description here """ self.log_start() try: return self.info() finally: self.log_finish() @expose() @require(predicates.not_anonymous(msg='Requires authenticated users')) def _default(self, *args, **kw): """find export plugin and run export""" self.log_start() path = request.path_qs.replace(self.baseuri, '', 1).split('/') path = [urllib.parse.unquote(p) for p in path if len(p) > 0] log.debug("Path: %s", path) #GET /connoisseur/MODEL_ID/classify:IMAGE_ID #GET /connoisseur/MODEL_ID/classify:IMAGE_ID/points:100 #GET /connoisseur/MODEL_ID/train #GET /connoisseur/MODEL_ID/class:3/sample:1 if len(path) < 1: #abort(responses.BAD_REQUEST, 'resource ID is required as a first parameter, ex: /connoisseur/MODEL_ID/classify:IMAGE_ID' ) return self.info() model_uniq = path.pop(0) # parse URL: read all operations and arguments args = {} while len(path) > 0: o = path.pop(0) try: n, v = o.split(':', 1) args[n.lower()] = v except ValueError: args[o.lower()] = None # operations not requiring model uniq id op = model_uniq.lower() if op in ['info', 'api', 'devices', 'templates', 'template', 'create']: try: if op in ['info', 'api']: return self.info() elif op in ['devices']: return self.devices() elif op in ['templates']: return self.templates(args) elif op in ['template']: return self.template(args) elif op in ['create']: return self.create(args) except ConnoisseurException, e: abort(e.code, e.message) except Exception: log.exception('Error processing %s', op) abort(responses.INTERNAL_SERVER_ERROR, 'Server error') finally:
try: id_repo = get_paramw(kw, 'id_repo', int) r = SapnsDoc.upload(f, id_repo) return sj.dumps(dict(status=True, uploaded_file=r['uploaded_file'], file_name=r['file_name'], file_size=r['file_size'], )) except Exception, e: logger.error(e) return sj.dumps(dict(status=False, message=str(e).decode('utf-8'))) @expose() @require(p.Any(p.in_group('managers'), p.has_any_permission('manage', 'docs'))) def download(self, id_doc): content, mt, file_name = SapnsDoc.download(int(id_doc)) response.content_type = mt.encode('latin1') response.headers['Content-Disposition'] = 'attachment;filename=%s' % file_name return content @expose('json') @require(authorize.has_any_permission('manage', 'docs')) def remove_file(self, **kw): logger = logging.getLogger('DocsController.remove_file') try: file_name = get_paramw(kw, 'file_name', unicode)
class LineaBaseController(BaseController): @expose(template="gestionitem.templates.lineaBase.generar_linea_base") @require( All( in_group( 'LiderProyecto', msg='Debe poseer Rol "LiderProyecto" para generar lineas bases' ), has_permission( 'Gestionar linea base', msg= 'Debe poseer Permiso "Generar linea base" para agregar fases')) ) def generar_linea_base(self, idfase, **named): """ Se utiliza para generar la linea base de un fase indicada en el parametro. @param idfase: identificador de la fase. @type idfase: Integer @return: diccionario de todos los elementos que se obtienen con las consultas para mostrar en la pagina. @rtype: Diccionario. """ expresion = "" itemSeleccionado = DBSession.query(ItemUsuario).filter_by(id=-1) itemselect = named.get('itemselect', '0') fase = DBSession.query(Fase).filter(Fase.id == idfase).one() if (itemselect != 0): try: itemselect = int(itemselect) itemselect = [itemselect] itemSeleccionado = DBSession.query(ItemUsuario).filter( ItemUsuario.id.in_(itemselect)).order_by(ItemUsuario.id) except: itemSeleccionado = DBSession.query(ItemUsuario).filter( ItemUsuario.id.in_(itemselect)).order_by(ItemUsuario.id) submit = named.get('submit') if (submit == "Buscar"): expresion = named.get('filtros') expre_cad = expresion items = DBSession.query(ItemUsuario).filter( ItemUsuario.estado_id == 8).filter( ItemUsuario.fase_id == idfase).filter( or_( ItemUsuario.descripcion.like('%' + str(expre_cad) + '%'), (ItemUsuario.cod_item.like('%' + str(expre_cad) + '%')))).order_by( ItemUsuario.id) else: items = DBSession.query(ItemUsuario).filter( ItemUsuario.fase_id == idfase).filter( ItemUsuario.estado_id == 8).all() return dict(items=items, fase=fase, filtro=expresion, itemSeleccionado=itemSeleccionado) print generar_linea_base.__doc__ @expose() def guardar_linea_base(self, faseid, **named): itemselect = named.get('itemselect') try: itemselect = int(itemselect) itemselect = [itemselect] itemseleccionados = DBSession.query(ItemUsuario).filter( ItemUsuario.id.in_(itemselect)).all() listaIds = DBSession.query(LineaBase).order_by(LineaBase.id) if (listaIds.count() > 0): list = listaIds[-1] id = list.id + 1 else: id = 1 lb = LineaBase(id=int(id), version=1, estado_id=1, fase_id=int(faseid)) DBSession.add(lb) DBSession.flush() for item in itemseleccionados: lbAnterior = item.linea_base_ant itemsEnLbAnterior = DBSession.query(ItemUsuario).filter( ItemUsuario.linea_base_ant == lbAnterior).all() for itemLbAnt in itemsEnLbAnterior: if itemLbAnt.estado_id == 5: itemLbAnt.estado_id = 3 itemLbAnt.linea_base_id = id itemLbAnt.linea_base_ant = id item.estado_id = 3 item.linea_base_id = id item.linea_base_ant = id DBSession.flush() except: itemseleccionados = DBSession.query(ItemUsuario).filter( ItemUsuario.id.in_(itemselect)).all() listaIds = DBSession.query(LineaBase).order_by(LineaBase.id) if (listaIds.count() > 0): list = listaIds[-1] id = list.id + 1 else: id = 1 lb = LineaBase(id=int(id), version=1, estado_id=1, fase_id=int(faseid)) DBSession.add(lb) DBSession.flush() for item in itemseleccionados: lbAnterior = item.linea_base_ant itemsEnLbAnterior = DBSession.query(ItemUsuario).filter( ItemUsuario.linea_base_ant == lbAnterior).all() for itemLbAnt in itemsEnLbAnterior: if itemLbAnt.estado_id == 5: itemLbAnt.estado_id = 3 itemLbAnt.linea_base_id = id itemLbAnt.linea_base_ant = id item.estado_id = 3 item.linea_base_id = id item.linea_base_ant = id DBSession.flush() estados = [1, 2, 3, 4, 5, 8] itemsEnLB = DBSession.query(ItemUsuario).filter( ItemUsuario.fase_id == faseid).filter( ItemUsuario.estado_id.in_(estados)).order_by( ItemUsuario.id).all() faseConLB = 0 for itemP in itemsEnLB: if itemP.estado_id != 3: faseConLB = 1 if faseConLB == 0: fase = DBSession.query(Fase).filter_by(id=faseid).one() fase.estado_id = 4 DBSession.flush() redirect('/item/itemList/' + faseid) @expose(template="gestionitem.templates.lineaBase.lista_linea_base") def listar_linea_base(self, idproyecto, idfase, **named): expresion = "" submit = named.get('submit') if (submit == "Buscar"): expresion = named.get('filtro') if expresion.isdigit(): lista = DBSession.query(LineaBase).filter( LineaBase.estado_id == 1).filter( LineaBase.fase_id == idfase).filter( LineaBase.id == int(expresion)).all() else: lista = DBSession.query(LineaBase).filter( LineaBase.estado_id == 1).filter( LineaBase.fase_id == idfase).all() else: lista = DBSession.query(LineaBase).filter( LineaBase.estado_id == 1).filter( LineaBase.fase_id == idfase).all() fase = DBSession.query(Fase).filter(Fase.id == idfase).one() proyecto = DBSession.query(Proyecto).filter( Proyecto.id == idproyecto).one() from webhelpers import paginate #count = items.count() count = lista.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( lista, page, item_count=count, items_per_page=2, ) lista = currentPage.items return dict(lista=lista, fase=fase, proyecto=proyecto, filtro=expresion, currentPage=currentPage, page=page) @expose(template="gestionitem.templates.lineaBase.lista_items_x_linea_base" ) def items_linea_base(self, lb_id, idfase, **named): expresion = "" submit = named.get('submit') if (submit == "Buscar"): expresion = named.get('filtro') expre_cad = expresion items = DBSession.query(ItemUsuario).filter( ItemUsuario.estado_id == 3).filter( ItemUsuario.linea_base_id == lb_id).filter( or_( ItemUsuario.descripcion.like('%' + str(expre_cad) + '%'), (ItemUsuario.cod_item.like('%' + str(expre_cad) + '%')))).all() else: items = DBSession.query(ItemUsuario).filter( ItemUsuario.linea_base_id == lb_id).all() fase = DBSession.query(Fase).filter(Fase.id == idfase).one() lineabase = DBSession.query(LineaBase).filter( LineaBase.id == lb_id).one() from webhelpers import paginate #count = items.count() count = items.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( items, page, item_count=count, items_per_page=2, ) items = currentPage.items return dict(items=items, fase=fase, filtro=expresion, lineabase=lineabase, page=page, currentPage=currentPage) @expose( template="gestionitem.templates.lineaBase.cerrar_linea_base_abierta") def cerrar_linea_base_abierta(self, idFase, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] #CONSULTA ALA BD lbSolicitadas = DBSession.query(LineaBase).filter( LineaBase.estado_id == 2).filter( LineaBase.fase_id == idFase).all() itemsLBSol = [] for idLB in lbSolicitadas: items = DBSession.query(ItemUsuario).filter( ItemUsuario.linea_base_id == idLB.id).filter( ItemUsuario.estado_id == 5).all() codigosItemsSol = "" for item in items: codigosItemsSol = codigosItemsSol + "|" + item.cod_item + " " itemsLBSol.append(codigosItemsSol) fase = DBSession.query(Fase).filter_by(id=idFase).one() # SI EXISTE FILTROS DE BUSQUEDAS itemSelec = named.get('itemselect', '0') filtro = named.get('filtros', '') if (filtro != ""): if filtro.isdigit(): lbSolicitadas = DBSession.query(LineaBase).filter( LineaBase.estado_id == 2).filter( LineaBase.fase_id == idFase).filter_by( id=filtro).order_by(LineaBase.id).all() else: lbSolicitadas = DBSession.query(LineaBase).filter( LineaBase.estado_id == 2).filter( LineaBase.fase_id == idFase).filter( LineaBase.descripcion.like('%' + str(filtro) + '%')).order_by( LineaBase.id).all() lbIds = [] itemsLB = [] for idLB in lbSolicitadas: lbIds.append(idLB.id) items = DBSession.query(ItemUsuario).filter( ItemUsuario.linea_base_id == idLB.id).all() codigosItems = "" for item in items: codigosItems = codigosItems + "|" + item.cod_item + " " itemsLB.append(codigosItems) proyecto = DBSession.query(Proyecto).filter_by( id=fase.proyecto_id).one() from webhelpers import paginate count = items.__len__() page = int(named.get('page', '1')) currentPage = paginate.Page( items, page, item_count=count, items_per_page=3, ) muestraBoton = "false" return dict(page='Solicitudes de Apertura', user=user, itemsLBSol=itemsLBSol, muestraBoton=muestraBoton, lbSolicitadas=lbSolicitadas, named=named, filtro=filtro, itemSelec=itemSelec, items=items, fase=fase, proyecto=proyecto, currentPage=currentPage, subtitulo='Solicitudes de Apertura') @expose() def accionSolicitud(self, idFase, **named): identity = request.environ.get('repoze.who.identity') user = identity['user'] lbs = DBSession.query(LineaBase).filter_by(fase_id=idFase).filter_by( estado_id=2).all() for lb in lbs: accion = named.get(str(lb.id), '') if (accion != "") and (accion == "Cerrar"): lb.estado_id = 1 DBSession.flush() ###Cambia Estado del Item items = DBSession.query(ItemUsuario).filter_by( linea_base_id=lb.id).all() for item in items: if (item.estado_id == 5): item.estado_id = 3 DBSession.flush estados = [1, 2, 3, 4, 5, 8] itemsEnLB = DBSession.query(ItemUsuario).filter( ItemUsuario.fase_id == idFase).filter( ItemUsuario.estado_id.in_(estados)).order_by( ItemUsuario.id).all() faseConLB = 0 for itemP in itemsEnLB: if itemP.estado_id != 3: faseConLB = 1 if faseConLB == 0: fase = DBSession.query(Fase).filter_by(id=idFase).one() fase.estado_id = 4 DBSession.flush() fase = DBSession.query(Fase).filter_by(id=idFase).one() redirect('/item/itemList/' + str(fase.id)) @expose( template="gestionitem.templates.proyectoTmpl.listar_proyectos_definidos" ) def listar_proyectos_definidos(self, idfaseDestino, **named): submit = named.get('submit') if (submit == "Buscar"): expresion = named.get('filtros') expre_cad = expresion proyectos = DBSession.query(Proyecto).filter( or_(Proyecto.estado == 2, Proyecto.estado == 3)).filter( Proyecto.descripcion.like('%' + str(expre_cad) + '%')).all() else: proyectos = DBSession.query(Proyecto).filter( or_(Proyecto.estado == 2, Proyecto.estado == 3)).all() return dict(proyecto=proyectos, filtro='', proy='1', idfaseDestino=idfaseDestino) @expose( template="gestionitem.templates.proyectoTmpl.listar_fases_definidas") def listar_fases_definidas(self, idfaseDestino, idproyecto, **named): expre_cad = "" proyecto = DBSession.query(Proyecto).filter_by(id=idproyecto).one() submit = named.get('submit') if (submit == "Buscar"): expresion = named.get('filtros') expre_cad = expresion fases = DBSession.query(Fase).filter( Fase.proyecto_id == idproyecto).filter( Fase.descripcion.like('%' + str(expre_cad) + '%')).all() else: fases = DBSession.query(Fase).filter( Fase.proyecto_id == idproyecto).all() return dict(proyecto=proyecto, fases=fases, filtro=expre_cad, idfaseDestino=idfaseDestino) @expose( template="gestionitem.templates.proyectoTmpl.importar_tipoItems_proyecto" ) def importar_tipoItems_proyecto(self, idfaseDestino, idfase, **named): #proyecto= DBSession.query(Proyecto).filter(Proyecto.id == idproyecto).one() itemSeleccionado = DBSession.query(TipoItemUsuario).filter_by(id=-1) itemselect = named.get('itemselect', '0') if (itemselect != 0): try: itemselect = int(itemselect) itemselect = [itemselect] itemSeleccionado = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.id.in_(itemselect)).order_by( TipoItemUsuario.id) except: itemSeleccionado = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.id.in_(itemselect)).order_by( TipoItemUsuario.id) fase = DBSession.query(Fase).filter(Fase.id == idfase).one() proyecto = DBSession.query(Proyecto).filter( Proyecto.id == fase.proyecto_id).one() submit = named.get('submit') if (submit == "Buscar"): expresion = named.get('filtros') expre_cad = expresion itemUsuarios = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.fase_id == idfase).filter( or_( TipoItemUsuario.descripcion.like('%' + str(expre_cad) + '%'), (TipoItemUsuario.codigo.like('%' + str(expre_cad) + '%')))).all() else: itemUsuarios = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.fase_id == idfase).all() return dict(listaItemUser=itemUsuarios, proyecto=proyecto, itemSeleccionado=itemSeleccionado, filtro="", fase=fase, idfaseDestino=idfaseDestino) @expose() def guardar_items_importados(self, idfaseDestino, **named): itemselect = named.get('itemselect') try: itemselect = int(itemselect) itemselect = [itemselect] tipoItemSeleccionado = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.id.in_(itemselect)).all() tipoItemExiste = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.codigo == tipoItemSeleccionado.codigo).filter( TipoItemUsuario.fase_id == idfaseDestino).all() if tipoItemExiste.__len__() == 0: listaIds = DBSession.query(TipoItemUsuario).order_by( TipoItemUsuario.id) if (listaIds.count() > 0): list = listaIds[-1] id = list.id + 1 else: id = 1 ti = TipoItemUsuario( id=int(id), descripcion=tipoItemSeleccionado.descripcion, codigo=tipoItemSeleccionado.codigo, fase_id=idfaseDestino) #el parametro pasado aca debe ir. DBSession.add(ti) DBSession.flush() for atributo in tipoItemSeleccionado.atributos: at = TipoItemUsuarioAtributos( nombre_atributo=atributo.nombre_atributo, tipo_item_id=int(id), tipo_id=atributo.tipo_id) DBSession.add(at) DBSession.flush() except: itemseleccionados = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.id.in_(itemselect)).all() for tipoItemSelect in itemseleccionados: tipoItemExiste = DBSession.query(TipoItemUsuario).filter( TipoItemUsuario.codigo == tipoItemSelect.codigo).filter( TipoItemUsuario.fase_id == idfaseDestino).all() if tipoItemExiste.__len__() == 0: listaIds = DBSession.query(TipoItemUsuario).order_by( TipoItemUsuario.id) if (listaIds.count() > 0): list = listaIds[-1] id = list.id + 1 else: id = 1 ti = TipoItemUsuario( id=int(id), descripcion=tipoItemSelect.descripcion, codigo=tipoItemSelect.codigo, fase_id=idfaseDestino ) #el parametro pasado aca debe ir. DBSession.add(ti) DBSession.flush() for atributo in tipoItemSelect.atributos: at = TipoItemUsuarioAtributos( nombre_atributo=atributo.nombre_atributo, tipo_item_id=int(id), tipo_id=atributo.tipo_id) DBSession.add(at) DBSession.flush() redirect("/tipoItems/tipoItemUsuario/" + idfaseDestino + "/lista")
def test_user_belongs_to_group(self): environ = make_environ('gustavo', ['developers']) p = predicates.in_group('developers') self.eval_met_predicate(p, environ)
def customer(self): c.menu_items = h.top_menu(self.menu_items, _("Customers")) if is_met(in_group("customer")) or is_met(in_group("admin")): user = request.environ.get("repoze.who.identity")["user"] values = create_dict(user) return render_customer_form(self.menu_items, user.id, values)
def is_superuser(self): """Return True if user is a superuser and has admin mode enabled.""" return predicates.in_group("superusers") and self.admin_mode