def post( self, name: str, email: str, password: str, is_tracim_manager: str = 'off', is_tracim_admin: str = 'off', send_email: str = 'off', ): is_tracim_manager = h.on_off_to_boolean(is_tracim_manager) is_tracim_admin = h.on_off_to_boolean(is_tracim_admin) send_email = h.on_off_to_boolean(send_email) current_user = tmpl_context.current_user if current_user.profile.id < Group.TIM_ADMIN: # A manager can't give large rights is_tracim_manager = False is_tracim_admin = False api = UserApi(current_user) if api.user_with_email_exists(email): tg.flash( _('A user with email address "{}" already exists.').format( email), CST.STATUS_ERROR) tg.redirect(self.url()) user = api.create_user() user.email = email user.display_name = name if password: user.password = password elif send_email: # Setup a random password to send email at user password = self.generate_password() user.password = password user.webdav_left_digest_response_hash = '%s:/:%s' % (email, password) api.save(user) # Now add the user to related groups group_api = GroupApi(current_user) user.groups.append(group_api.get_one(Group.TIM_USER)) if is_tracim_manager: user.groups.append(group_api.get_one(Group.TIM_MANAGER)) if is_tracim_admin: user.groups.append(group_api.get_one(Group.TIM_ADMIN)) api.save(user) if send_email: email_manager = get_email_manager() email_manager.notify_created_account(user, password=password) api.execute_created_user_actions(user) tg.flash( _('User {} created.').format(user.get_display_name()), CST.STATUS_OK) tg.redirect(self.url())
def test_unit__get_all_manageable(self): admin = DBSession.query(User) \ .filter(User.email == '*****@*****.**').one() uapi = UserApi(admin) # Checks a case without workspaces. wapi = WorkspaceApi(current_user=admin) eq_([], wapi.get_all_manageable()) # Checks an admin gets all workspaces. w4 = wapi.create_workspace(label='w4') w3 = wapi.create_workspace(label='w3') w2 = wapi.create_workspace(label='w2') w1 = wapi.create_workspace(label='w1') eq_([w1, w2, w3, w4], wapi.get_all_manageable()) # Checks a regular user gets none workspace. gapi = GroupApi(None) u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True) wapi = WorkspaceApi(current_user=u) rapi = RoleApi(current_user=u) off = 'off' rapi.create_one(u, w4, UserRoleInWorkspace.READER, off) rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, off) rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, off) rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, off) eq_([], wapi.get_all_manageable()) # Checks a manager gets only its own workspaces. u.groups.append(gapi.get_one(Group.TIM_MANAGER)) rapi.delete_one(u.user_id, w2.workspace_id) rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, off) eq_([w1, w2], wapi.get_all_manageable())
def test_unit__get_all_manageable(self): admin = DBSession.query(User) \ .filter(User.email == '*****@*****.**').one() uapi = UserApi(admin) # Checks a case without workspaces. wapi = WorkspaceApi(current_user=admin) eq_([], wapi.get_all_manageable()) # Checks an admin gets all workspaces. w4 = wapi.create_workspace(label='w4') w3 = wapi.create_workspace(label='w3') w2 = wapi.create_workspace(label='w2') w1 = wapi.create_workspace(label='w1') eq_([w1, w2, w3, w4], wapi.get_all_manageable()) # Checks a regular user gets none workspace. gapi = GroupApi(None) u = uapi.create_user('[email protected]', [gapi.get_one(Group.TIM_USER)], True) wapi = WorkspaceApi(current_user=u) rapi = RoleApi(current_user=u) rapi.create_one(u, w4, UserRoleInWorkspace.READER, False) rapi.create_one(u, w3, UserRoleInWorkspace.CONTRIBUTOR, False) rapi.create_one(u, w2, UserRoleInWorkspace.CONTENT_MANAGER, False) rapi.create_one(u, w1, UserRoleInWorkspace.WORKSPACE_MANAGER, False) eq_([], wapi.get_all_manageable()) # Checks a manager gets only its own workspaces. u.groups.append(gapi.get_one(Group.TIM_MANAGER)) rapi.delete_one(u.user_id, w2.workspace_id) rapi.create_one(u, w2, UserRoleInWorkspace.WORKSPACE_MANAGER, False) eq_([w1, w2], wapi.get_all_manageable())
def post( self, name: str, email: str, password: str, is_tracim_manager: str='off', is_tracim_admin: str='off', send_email: str='off', ): is_tracim_manager = h.on_off_to_boolean(is_tracim_manager) is_tracim_admin = h.on_off_to_boolean(is_tracim_admin) send_email = h.on_off_to_boolean(send_email) current_user = tmpl_context.current_user if current_user.profile.id < Group.TIM_ADMIN: # A manager can't give large rights is_tracim_manager = False is_tracim_admin = False api = UserApi(current_user) if api.user_with_email_exists(email): tg.flash(_('A user with email address "{}" already exists.').format(email), CST.STATUS_ERROR) tg.redirect(self.url()) user = api.create_user() user.email = email user.display_name = name if password: user.password = password elif send_email: # Setup a random password to send email at user password = str(uuid.uuid4()) user.password = password user.webdav_left_digest_response_hash = '%s:/:%s' % (email, password) api.save(user) # Now add the user to related groups group_api = GroupApi(current_user) user.groups.append(group_api.get_one(Group.TIM_USER)) if is_tracim_manager: user.groups.append(group_api.get_one(Group.TIM_MANAGER)) if is_tracim_admin: user.groups.append(group_api.get_one(Group.TIM_ADMIN)) api.save(user) if send_email: email_manager = get_email_manager() email_manager.notify_created_account(user, password=password) tg.flash(_('User {} created.').format(user.get_display_name()), CST.STATUS_OK) tg.redirect(self.url())
def post(self, name, email, password, is_tracim_manager='off', is_tracim_admin='off'): is_tracim_manager = h.on_off_to_boolean(is_tracim_manager) is_tracim_admin = h.on_off_to_boolean(is_tracim_admin) current_user = tmpl_context.current_user if current_user.profile.id < Group.TIM_ADMIN: # A manager can't give large rights is_tracim_manager = False is_tracim_admin = False api = UserApi(current_user) if api.user_with_email_exists(email): tg.flash(_('A user with email address "{}" already exists.').format(email), CST.STATUS_ERROR) tg.redirect(self.url()) user = api.create_user() user.email = email user.display_name = name if password: user.password = password api.save(user) # Now add the user to related groups group_api = GroupApi(current_user) user.groups.append(group_api.get_one(Group.TIM_USER)) if is_tracim_manager: user.groups.append(group_api.get_one(Group.TIM_MANAGER)) if is_tracim_admin: user.groups.append(group_api.get_one(Group.TIM_ADMIN)) api.save(user) tg.flash(_('User {} created.').format(user.get_display_name()), CST.STATUS_OK) tg.redirect(self.url())
def put(self, new_profile): # FIXME - Allow only self password or operation for managers current_user = tmpl_context.current_user user = tmpl_context.user group_api = GroupApi(current_user) if current_user.user_id == user.user_id: tg.flash(_('You can\'t change your own profile'), CST.STATUS_ERROR) tg.redirect(self.parent_controller.url()) redirect_url = self.parent_controller.url(skip_id=True) if new_profile not in self.allowed_profiles: tg.flash(_('Unknown profile'), CST.STATUS_ERROR) tg.redirect(redirect_url) pod_user_group = group_api.get_one(Group.TIM_USER) pod_manager_group = group_api.get_one(Group.TIM_MANAGER) pod_admin_group = group_api.get_one(Group.TIM_ADMIN) # this is the default value ; should never appear flash_message = _('User updated.') if new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_USER: if pod_user_group not in user.groups: user.groups.append(pod_user_group) try: user.groups.remove(pod_manager_group) except: pass try: user.groups.remove(pod_admin_group) except: pass flash_message = _('User {} is now a basic user').format(user.get_display_name()) elif new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_MANAGER: if pod_user_group not in user.groups: user.groups.append(pod_user_group) if pod_manager_group not in user.groups: user.groups.append(pod_manager_group) try: user.groups.remove(pod_admin_group) except: pass flash_message = _('User {} can now workspaces').format(user.get_display_name()) elif new_profile == UserProfileAdminRestController._ALLOWED_PROFILE_ADMIN: if pod_user_group not in user.groups: user.groups.append(pod_user_group) if pod_manager_group not in user.groups: user.groups.append(pod_manager_group) if pod_admin_group not in user.groups: user.groups.append(pod_admin_group) flash_message = _('User {} is now an administrator').format(user.get_display_name()) else: error_msg = \ 'Trying to change user {} profile with unexpected profile {}' logger.error(self, error_msg.format(user.user_id, new_profile)) tg.flash(_('Unknown profile'), CST.STATUS_ERROR) tg.redirect(redirect_url) DBSession.flush() tg.flash(flash_message, CST.STATUS_OK) tg.redirect(redirect_url)
def put(self, new_profile): # FIXME - Allow only self password or operation for managers current_user = tmpl_context.current_user user = tmpl_context.user group_api = GroupApi(current_user) if current_user.user_id==user.user_id: tg.flash(_('You can\'t change your own profile'), CST.STATUS_ERROR) tg.redirect(self.parent_controller.url()) redirect_url = self.parent_controller.url(skip_id=True) if new_profile not in self.allowed_profiles: tg.flash(_('Unknown profile'), CST.STATUS_ERROR) tg.redirect(redirect_url) pod_user_group = group_api.get_one(Group.TIM_USER) pod_manager_group = group_api.get_one(Group.TIM_MANAGER) pod_admin_group = group_api.get_one(Group.TIM_ADMIN) flash_message = _('User updated.') # this is the default value ; should never appear if new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_USER: if pod_user_group not in user.groups: user.groups.append(pod_user_group) try: user.groups.remove(pod_manager_group) except: pass try: user.groups.remove(pod_admin_group) except: pass flash_message = _('User {} is now a basic user').format(user.get_display_name()) elif new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_MANAGER: if pod_user_group not in user.groups: user.groups.append(pod_user_group) if pod_manager_group not in user.groups: user.groups.append(pod_manager_group) try: user.groups.remove(pod_admin_group) except: pass flash_message = _('User {} can now workspaces').format(user.get_display_name()) elif new_profile==UserProfileAdminRestController._ALLOWED_PROFILE_ADMIN: if pod_user_group not in user.groups: user.groups.append(pod_user_group) if pod_manager_group not in user.groups: user.groups.append(pod_manager_group) if pod_admin_group not in user.groups: user.groups.append(pod_admin_group) flash_message = _('User {} is now an administrator').format(user.get_display_name()) else: logger.error(self, 'Trying to change user {} profile with unexpected profile {}'.format(user.user_id, new_profile)) tg.flash(_('Unknown profile'), CST.STATUS_ERROR) tg.redirect(redirect_url) DBSession.flush() tg.flash(flash_message, CST.STATUS_OK) tg.redirect(redirect_url)