def user_profile():
if request.method == "GET":
current_user = g.user
return render_template("user/profile.html", **locals())
if request.method == "POST":
ret = {"msg":""}
cnname = request.form.get("cnname", "")
email = request.form.get("email", "")
im = request.form.get("im", "")
phone = request.form.get("phone", "")
qq = request.form.get("qq", "")
d = {
"cnname": cnname,
"email": email,
"im": im,
"phone": phone,
"qq": qq,
}
try:
User.update_user_profile(d)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def admin_user_edit(user_id):
if request.method == "GET":
if not (g.user.is_admin() or g.user.is_root()):
abort(403, "no such privilege")
user = User.get_by_id(user_id)
if not user:
abort(404, "no such user where id=%s" % user_id)
return render_template("user/edit.html", **locals())
if request.method == "POST":
ret = {"msg":""}
if not (g.user.is_admin() or g.user.is_root()):
ret["msg"] = "no such privilege"
return json.dumps(ret)
user_id = request.form.get("id", "")
cnname = request.form.get("cnname", "")
email = request.form.get("email", "")
phone = request.form.get("phone", "")
im = request.form.get("im", "")
qq = request.form.get("qq", "")
d = {
"user_id": int(user_id), "cnname": cnname, "email": email, "phone": phone, "im": im, "qq": qq,
}
try:
User.admin_update_user_profile(d)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def user_create():
if request.method == "GET":
return render_template("user/create.html", **locals())
if request.method == "POST":
ret = {"msg":""}
name = request.form.get("name", "")
cnname = request.form.get("cnname", "")
password = request.form.get("password", "")
email = request.form.get("email", "")
phone = request.form.get("phone", "")
im = request.form.get("im", "")
qq = request.form.get("qq", "")
if not name or not cnname or not password or not email:
ret["msg"] = "not all form item entered"
return json.dumps(ret)
try:
User.create_user(name, cnname, password, email, phone, im, qq)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def admin_user_delete(user_id):
if request.method == "POST":
ret = {"msg": ""}
if not (g.user.is_admin or g.user.is_root()):
ret["msg"] = "you do not have permissions"
return json.dumps(ret)
try:
User.admin_delete_user(user_id)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def user_list():
if request.method == "GET":
query_term = request.args.get("query", "")
limit = g.limit or 20
page = g.page or 1
users = User.get_users(query_term, limit, page)
return render_template("user/list.html", **locals())
def get_teams(cls, query_term, limit=20, page=1):
if not query_term:
query_term = "."
d = {
"q": query_term,
"limit": limit,
"page": page,
}
h = {"Content-type": "application/json"}
r = corelib.auth_requests("GET", "%s/team" \
%(config.API_ADDR,), params=d, headers=h)
log.debug("%s:%s" % (r.status_code, r.text))
if r.status_code != 200:
raise Exception("%s %s" % (r.status_code, r.text))
teams = []
for j in r.json():
users = [
User(x["id"], x["name"], x["cnname"], x["email"], x["phone"],
x["im"], x["qq"], x["role"]) for x in j['users']
]
t = Team(j["team"]["id"], j["team"]["name"], j["team"]["resume"],
j["team"]["creator"], j['creator_name'], users)
teams.append(t)
return teams
def writable(self, login_user):
# login_user can be str or User obj
if isinstance(login_user, str):
login_user = User.get_by_name(login_user)
if not login_user:
return False
if login_user.is_admin() or login_user.is_root():
return True
if self.create_user == login_user.name:
return True
if login_user.name in MAINTAINERS:
return True
a = self.action
if not a:
return False
if not a.uic:
return False
return login_user.in_teams(a.uic)
def get_current_user_profile(user_token):
# log.debug("get_current_user_profile_%s"%str(user_token))
if not user_token:
return
# red = redis_conn()
#
# sig_expired=3600*24*30
# red_key="user_sig_%s"%user_token.name
# log.debug("get_redis_key:%s"%red_key)
# res=None
# try:
# res = json.loads(red.get(red_key))
# except Exception as e:
# log.error("get_current_user_profile_from_redis got error",e)
# if not res:
# return
h = {"Content-type": "application/json"}
r = corelib.auth_requests(
"GET",
"%s/user/current/" % (config.API_ADDR),
headers=h,
)
if r.status_code != 200:
return
j = r.json()
return User(j["id"], j["name"], j["cnname"], j["email"], j["phone"],
j["im"], j["qq"], j["role"])
def writable(self, login_user):
#login_user can be str or User obj
if isinstance(login_user, str):
login_user = User.get_by_name(login_user)
if not login_user:
return False
if login_user.is_admin() or login_user.is_root():
return True
if self.create_user == login_user.name:
return True
if login_user.name in MAINTAINERS:
return True
a = self.action
if not a:
return False
if not a.uic:
return False
return login_user.in_teams(a.uic)
def api_user_in_teams(user_id, team_names):
u = User.get_by_id(user_id)
if not u:
return jsonify(data=False)
team_list = team_names.split(",") or []
if u.in_teams(team_list):
return jsonify(data=True)
else:
return jsonify(data=False)
def api_user_in_teams(user_id, team_names):
u = User.get_by_id(user_id)
if not u:
return jsonify(data=False)
team_list = team_names.split(",") or []
if u.in_teams(team_list):
return jsonify(data=True)
else:
return jsonify(data=False)
def admin_user_change_password(user_id):
if request.method == "POST":
ret = {"msg": ""}
if not (g.user.is_admin or g.user.is_root()):
ret["msg"] = "you do not have permissions"
return json.dumps(ret)
password = request.form.get("password")
if not password:
ret["msg"] = "no password entered"
return json.dumps(ret)
try:
User.admin_change_user_passwd(user_id, password)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def admin_user_change_role(user_id):
if request.method == "POST":
ret = {"msg": ""}
if not (g.user.is_admin or g.user.is_root()):
ret["msg"] = "you do not have permissions"
return json.dumps(ret)
role = str(request.form.get("role", ""))
if not role or role not in ['1', '0']:
ret["msg"] = "invalid role"
return json.dumps(ret)
admin = "yes" if role == '1' else "no"
try:
User.admin_change_user_role(user_id, admin)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def get_current_user_profile(user_token):
if not user_token:
return
h = {"Content-type": "application/json"}
r = corelib.auth_requests("GET", "%s/user/current" %config.API_ADDR, headers=h)
if r.status_code != 200:
return
j = r.json()
return User(j["id"], j["name"], j["cnname"], j["email"], j["phone"], j["im"], j["qq"], j["role"])
def writable(self, user):
# user can be str or User obj
if isinstance(user, str):
user = User.get_by_name(user)
if not user:
return False
if self.create_user == user.name or user.name in MAINTAINERS or user.is_admin() or user.is_root():
return True
return False
def user_change_passwd():
if request.method == "POST":
ret = {"msg": ""}
old_password = request.form.get("old_password", "")
new_password = request.form.get("new_password", "")
repeat_password = request.form.get("repeat_password", "")
if not (old_password and new_password and repeat_password):
ret["msg"] = "some form item missing"
return json.dumps(ret)
if new_password != repeat_password:
ret["msg"] = "repeat and new password not equal"
return json.dumps(ret)
try:
User.change_user_passwd(old_password, new_password)
except Exception as e:
ret['msg'] = str(e)
return json.dumps(ret)
def writable(self, user):
#user can be str or User obj
if isinstance(user, str):
user = User.get_by_name(user)
if not user:
return False
if self.create_user == user.name or user.name in MAINTAINERS or user.is_admin() or user.is_root():
return True
return False
def user_query():
if request.method == "GET":
query_term = request.args.get("query", "")
limit = g.limit or 20
page = g.page or 1
ret = {"users":[], "msg":""}
try:
users = User.get_users(query_term, limit, page)
ret['users'] = [u.dict() for u in users]
except Exception as e:
ret['msg'] = str(e)
logging.error(str(e))
return json.dumps(ret)
def user_info_by_name(user_name):
if request.method == "GET":
user = User.get_by_name(user_name)
return render_template("user/about.html", **locals())
