def test_one_user_group_write_and_publish(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
g = Group(name='usergroup')
g.save()
g.set_users([u.id])
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
f.grant('Write', group=g)
f.grant('Publish', group=g)
f = Feed.get(id=f.id)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [g])
self.assertEqual(f.publisher_groups(), [g])
self.assertTrue(f.user_can_write(u))
self.assertTrue(f.user_can_publish(u))
def test_one_user_group_read_only(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
g = Group(name='usergroup')
g.set_users([u.id])
g.save()
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
f.grant('Read', group=g)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
def test_admin_cannot_create_unnamed_group(self):
self.assertFalse(self.group_exists())
self.login(ADMINNAME, ADMINPASS)
resp = self.post_create_group(name='')
self.assertFalse(self.group_exists())
with self.assertRaises(Group.DoesNotExist):
Group.get(name='')
def test_admin_cannot_create_unnamed_group(self):
self.assertFalse(self.group_exists())
self.login(ADMINNAME, ADMINPASS)
resp = self.post_create_group(name='')
self.assertFalse(self.group_exists())
with self.assertRaises(Group.DoesNotExist):
Group.get(name='')
def test_user_with_one_feed_via_group(self):
u = User(passwordhash='123')
g = Group(name='group_with_a_name')
f = Feed()
u.save()
f.save()
g.save()
g.set_users([u.id])
f.grant('Write', group=g)
self.assertEqual(u.writeable_feeds(), [f])
def users_and_groups():
''' list of all users and groups (HTML page). '''
if request.method == 'POST':
action = request.form.get('action', 'creategroup')
if action == 'creategroup':
if not request.form.get('name', '').strip():
flash("I'm not making you an un-named group!")
return redirect(url_for('users_and_groups'))
Group.create(name=request.form.get('name', 'blank').strip())
return render_template('users_and_groups.html',
users=User.select(),
groups=Group.select())
def group(groupid):
''' edit one user group. '''
try:
thisgroup = Group.get(id=groupid)
except:
flash('Invalid group ID')
return redirect(request.referrer if request.referrer else '/')
if request.method == 'POST':
if request.form.get('action', 'none') == 'delete':
UserGroup.delete().where(UserGroup.group == thisgroup).execute()
thisgroup.delete_instance()
flash('group:'+ thisgroup.name +' deleted.')
return redirect(url_for('users_and_groups'))
if request.form.get('action', 'none') == 'update':
thisgroup.name = request.form.get('groupname', thisgroup.name)
thisgroup.save()
groupusers = request.form.getlist('groupusers')
thisgroup.set_users(groupusers)
flash('saved')
return render_template('group.html', group=thisgroup, allusers=User.select())
def group(groupid):
''' edit one user group. '''
try:
thisgroup = Group.get(id=groupid)
except:
flash('Invalid group ID')
return redirect(request.referrer if request.referrer else '/')
if request.method == 'POST':
if request.form.get('action', 'none') == 'delete':
UserGroup.delete().where(UserGroup.group == thisgroup).execute()
thisgroup.delete_instance()
flash('group:' + thisgroup.name + ' deleted.')
return redirect(url_for('users_and_groups'))
if request.form.get('action', 'none') == 'update':
thisgroup.name = request.form.get('groupname', thisgroup.name)
thisgroup.save()
groupusers = request.form.getlist('groupusers')
thisgroup.set_users(groupusers)
flash('saved')
return render_template('group.html',
group=thisgroup,
allusers=User.select())
def users_and_groups():
''' list of all users and groups (HTML page). '''
if request.method == 'POST':
action = request.form.get('action', 'creategroup')
if action == 'creategroup':
if not request.form.get('name', '').strip():
flash("I'm not making you an un-named group!")
return redirect(url_for('users_and_groups'))
Group.create(name=request.form.get('name', 'blank').strip())
return render_template('users_and_groups.html',
users=User.select(),
groups=Group.select())
def feedpage(feedid):
''' the back end settings for one feed. '''
try:
feed = Feed.get(id=feedid)
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
except:
flash('invalid feed id! (' + str(feedid) + ')')
return redirect(url_for('feeds'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('feeds'))
if not user.is_admin:
flash('Sorry! Only Admins can change these details.')
return redirect(request.referrer)
action = request.form.get('action', 'none')
if action == 'edit':
feed.name = request.form.get('title', feed.name).strip()
inlist = request.form.getlist
feed.post_types = ', '.join(inlist('post_types'))
feed.set_authors(by_id(User, inlist('authors')))
feed.set_publishers(by_id(User, inlist('publishers')))
feed.set_author_groups(by_id(Group, inlist('author_groups')))
feed.set_publisher_groups(by_id(Group, inlist('publisher_groups')))
feed.save()
flash('Saved')
elif action == 'delete':
for post in feed.posts:
post_type_module = post_types.load(post.type)
delete_post_and_run_callback(post, post_type_module)
feed.delete_instance(True, True) # cascade/recursive delete.
flash('Deleted')
return redirect(url_for('feeds'))
return render_template('feed.html',
feed=feed,
user=user,
all_posttypes=post_types.types(),
allusers=User.select(),
allgroups=Group.select()
)
def feedpage(feedid):
''' the back end settings for one feed. '''
try:
feed = Feed.get(id=feedid)
user = user_session.get_user()
except user_session.NotLoggedIn:
user = User()
except:
flash('invalid feed id! (' + str(feedid) + ')')
return redirect(url_for('feeds'))
if request.method == 'POST':
if not user_session.logged_in():
flash("You're not logged in!")
return redirect(url_for('feeds'))
if not user.is_admin:
flash('Sorry! Only Admins can change these details.')
return redirect(request.referrer)
action = request.form.get('action', 'none')
if action == 'edit':
feed.name = request.form.get('title', feed.name).strip()
inlist = request.form.getlist
feed.post_types = ', '.join(inlist('post_types'))
feed.set_authors(by_id(User, inlist('authors')))
feed.set_publishers(by_id(User, inlist('publishers')))
feed.set_author_groups(by_id(Group, inlist('author_groups')))
feed.set_publisher_groups(by_id(Group, inlist('publisher_groups')))
feed.save()
flash('Saved')
elif action == 'delete':
for post in feed.posts:
post_type_module = post_types.load(post.type)
delete_post_and_run_callback(post, post_type_module)
feed.delete_instance(True, True) # cascade/recursive delete.
flash('Deleted')
return redirect(url_for('feeds'))
return render_template('feed.html',
feed=feed,
user=user,
all_posttypes=post_types.types(),
allusers=User.select(),
allgroups=Group.select()
)
def test_one_user_group_write_and_publish(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
g = Group(name='usergroup')
g.save()
g.set_users([u.id])
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
f.grant('Write', group=g)
f.grant('Publish', group=g)
f = Feed.get(id=f.id)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [g])
self.assertEqual(f.publisher_groups(), [g])
self.assertTrue(f.user_can_write(u))
self.assertTrue(f.user_can_publish(u))
def test_one_user_group_read_only(self):
f = Feed(name='123')
f.save()
u = User(passwordhash='123')
u.save()
g = Group(name='usergroup')
g.set_users([u.id])
g.save()
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
f.grant('Read', group=g)
self.assertEqual(f.authors(), [])
self.assertEqual(f.publishers(), [])
self.assertEqual(f.author_groups(), [])
self.assertEqual(f.publisher_groups(), [])
self.assertFalse(f.user_can_write(u))
self.assertFalse(f.user_can_publish(u))
def test_user_with_one_feed_via_group(self):
u = User(passwordhash='123')
g = Group(name='group_with_a_name')
f = Feed()
u.save()
f.save()
g.save()
g.set_users([u.id])
f.grant('Write', group=g)
self.assertEqual(u.writeable_feeds(), [f])
def create_group(self, name):
g = Group(name=name)
g.save()
return g
def user_edit(userid=-1):
''' edit one user. Admins can edit any user, but other users
can only edit themselves. if userid is -1, create a new user. '''
try:
current_user = user_session.get_user()
except user_session.NotLoggedIn as e:
flash("Sorry, you're not logged in!")
return permission_denied("You're not logged in!")
userid = int(userid)
if userid != -1:
try:
user = User.get(id=userid)
except User.DoesNotExist:
return not_found(title="User doesn't exist",
message="Sorry, that user does not exist!")
else:
if not current_user.is_admin:
flash('Sorry! Only admins can create new users!')
return permission_denied("Admins only!")
try:
user = User.get(loginname=request.form.get('loginname', ''))
return permission_denied("Username already exists!")
except peewee.DoesNotExist:
pass
user = User() #pylint: disable=no-value-for-parameter
if request.method == 'POST':
if current_user != user and not current_user.is_admin:
return permission_denied("Sorry, you may not edit this user.")
update_user(user, request.form, current_user)
# save:
try:
user.save()
if userid == -1:
flash('New user created.')
return redirect(url_for('user_edit', userid=user.id))
else:
flash('Saved')
except peewee.IntegrityError as err:
flash('Cannot Save:' + str(err))
elif request.method == 'DELETE':
if not current_user.is_admin:
return 'Sorry, only admins can delete users', 403
if user.id == current_user.id:
return 'Sorry! You cannot delete yourself!', 403
user.delete_instance(recursive=True)
return 'User: %s deleted. (And all their posts)' % user.displayname
users_posts = Post.select().where(Post.author == user) \
.order_by(Post.write_date.desc()) \
.limit(10)
return render_template('user.html',
allgroups=Group.select(),
posts=users_posts,
user=user)
def user_edit(userid=-1):
''' edit one user. Admins can edit any user, but other users
can only edit themselves. if userid is -1, create a new user. '''
try:
current_user = user_session.get_user()
except user_session.NotLoggedIn as e:
flash("Sorry, you're not logged in!")
return permission_denied("You're not logged in!")
userid = int(userid)
if userid != -1:
try:
user = User.get(id=userid)
except User.DoesNotExist:
return not_found(title="User doesn't exist",
message="Sorry, that user does not exist!")
else:
if not current_user.is_admin:
flash('Sorry! Only admins can create new users!')
return permission_denied("Admins only!")
try:
user = User.get(loginname=request.form['loginname'])
return permission_denied("Username already exists!")
except peewee.DoesNotExist:
pass
user = User() #pylint: disable=no-value-for-parameter
if request.method == 'POST':
if current_user != user and not current_user.is_admin:
return permission_denied("Sorry, you may not edit this user.")
update_user(user, request.form, current_user)
# save:
try:
user.save()
if userid == -1:
flash('New user created.')
return redirect(url_for('user_edit', userid=user.id))
else:
flash('Saved')
except peewee.IntegrityError as err:
flash('Cannot Save:' + str(err))
elif request.method == 'DELETE':
if not current_user.is_admin:
return 'Sorry, only admins can delete users', 403
if user.id == current_user.id:
return 'Sorry! You cannot delete yourself!', 403
user.delete_instance(recursive=True)
return 'User: %s deleted. (And all their posts)' % user.displayname
users_posts = Post.select().where(Post.author == user) \
.order_by(Post.write_date.desc()) \
.limit(10)
return render_template('user.html',
allgroups=Group.select(),
posts=users_posts, user=user)
def group_exists(self, name='new group'):
try:
Group.get(name=name)
return True
except Group.DoesNotExist:
return False
def create_group(self, name):
g = Group(name=name)
g.save()
return g
def group_exists(self, name='new group'):
try:
Group.get(name=name)
return True
except Group.DoesNotExist:
return False
