Пример #1
0
def view_user(request):

    user = get_user(request)
    page_title = 'User Data'
    subtitle = user['first_last']
    change_pw = False

    if user['auth_mode'] != 'ldap':

        if 'form.submitted' in request.POST:
            user_name = request.POST['user_name']
            first_name = request.POST['first_name']
            last_name = request.POST['last_name']
            email_address = request.POST['email_address']
            password = request.POST['password']

            # FIXME: Need some security checking here
            if user_name != user['login']:
                log.error('Bad person attemting to do bad things to:' %
                          user_name)
            else:

                # Update
                log.info(
                    'UPDATE: user_name=%s,first_name=%s,last_name=%s,email_address=%s,password=%s'
                    % (user_name, first_name, last_name, email_address,
                       '<redacted>'))
                try:
                    user = DBSession.query(User).filter(
                        User.user_name == user_name).one()
                    user.first_name = first_name
                    user.last_name = last_name
                    user.email_address = email_address
                    if password:
                        log.info(
                            'Changing password for: user_name=%s password=<redacted>'
                            % user_name)
                        salt = sha512_crypt.genconfig()[17:33]
                        encrypted_password = sha512_crypt.encrypt(password,
                                                                  salt=salt)
                        user.salt = salt
                        user.password = encrypted_password
                        DBSession.flush()
                        return_url = '/logout?message=Your password has been changed successfully. Please log in again.'
                        return HTTPFound(return_url)

                    DBSession.flush()

                except Exception, e:
                    pass
                    log.error("%s (%s)" % (Exception, e))

        user = get_user(request)
Пример #2
0
def view_cp_user(request):

    page_title = 'Control Panel - Users'
    user = get_user(request)
    users = DBSession.query(User).all()
    groups = DBSession.query(Group).all()

    params = {
        'mode': None,
        'commit': None,
        'user_id': None,
    }
    for p in params:
        try:
            params[p] = request.params[p]
        except:
            pass

    mode = params['mode']
    commit = params['commit']
    user_id = params['user_id']
    error_msg = None
    this_user = None
    this_groups = None
    subtitle = 'Users'

    if mode == 'add':

        subtitle = 'Add a new user'

        if commit:

            user_names = request.POST.getall('user_name')
            first_names = request.POST.getall('first_name')
            last_names = request.POST.getall('last_name')
            email_addresses = request.POST.getall('email_address')
            passwords = request.POST.getall('password')

            try:
                utcnow = datetime.utcnow()
                for u in range(len(user_names)):
                    salt = sha512_crypt.genconfig()[17:33]
                    encrypted_password = sha512_crypt.encrypt(passwords[u],
                                                              salt=salt)
                    create = User(user_name=user_names[u],
                                  first_name=first_names[u],
                                  last_name=last_names[u],
                                  email_address=email_addresses[u],
                                  salt=salt,
                                  password=encrypted_password,
                                  updated_by=user['login'],
                                  created=utcnow,
                                  updated=utcnow)
                    DBSession.add(create)
                    DBSession.flush()
                    user_id = create.user_id

                    group_assignments = request.POST.getall(
                        'group_assignments')

                    for a in group_assignments:
                        g = DBSession.query(Group).filter(
                            Group.group_name == a).one()
                        create = UserGroupAssignment(group_id=g.group_id,
                                                     user_id=user_id,
                                                     updated_by=user['login'],
                                                     created=utcnow,
                                                     updated=utcnow)
                        DBSession.add(create)

                        DBSession.flush()

                return_url = '/cp/user'
                return HTTPFound(return_url)

            except Exception as ex:
                if type(ex).__name__ == 'IntegrityError':
                    log.error(
                        'User already exists in the db, please edit instead.')
                    # Rollback
                    DBSession.rollback()
                    # FIXME: Return a nice page
                    return HTTPConflict(
                        'User already exists in the db, please edit instead.')
                else:
                    raise
                    # FIXME not trapping correctly
                    DBSession.rollback()
                    error_msg = ("Failed to create user (%s)" % (ex))
                    log.error(error_msg)

    if mode == 'edit':

        subtitle = 'Edit user'

        if not commit:
            try:
                q = DBSession.query(User)
                q = q.filter(User.user_id == user_id)
                this_user = q.one()

                q = DBSession.query(Group)
                q = q.join(UserGroupAssignment,
                           Group.group_id == UserGroupAssignment.group_id)
                q = q.filter(UserGroupAssignment.user_id == this_user.user_id)
                results = q.all()
                this_groups = []
                for r in results:
                    this_groups.append(r.group_name)
            except Exception, e:
                conn_err_msg = e
                return Response(str(conn_err_msg),
                                content_type='text/plain',
                                status_int=500)

        if commit:

            if 'form.submitted' in request.POST:
                user_id = request.POST.get('user_id')
                user_name = request.POST.get('user_name')
                first_name = request.POST.get('first_name')
                last_name = request.POST.get('last_name')
                email_address = request.POST.get('email_address')
                password = request.POST.get('password')
                group_assignments = request.POST.getall('group_assignments')

                # Update the user
                utcnow = datetime.utcnow()
                this_user = DBSession.query(User).filter(
                    User.user_id == user_id).one()
                this_user.user_name = user_name
                this_user.first_name = first_name
                this_user.last_name = last_name
                this_user.email_address = email_address
                if password:
                    salt = sha512_crypt.genconfig()[17:33]
                    encrypted_password = sha512_crypt.encrypt(password,
                                                              salt=salt)
                    this_user.salt = salt
                    this_user.password = encrypted_password
                this_user.updated_by = user['login']
                DBSession.flush()

                for g in groups:
                    if str(g.group_id) in group_assignments:
                        # assign
                        log.debug("Group: %s is in group assignments" %
                                  g.group_name)
                        q = DBSession.query(UserGroupAssignment).filter(
                            UserGroupAssignment.group_id == g.group_id,
                            UserGroupAssignment.user_id == this_user.user_id)
                        check = DBSession.query(q.exists()).scalar()
                        if not check:
                            log.info("Assigning local user %s to group %s" %
                                     (this_user.user_name, g.group_name))
                            update = UserGroupAssignment(
                                group_id=g.group_id,
                                user_id=user_id,
                                updated_by=user['login'],
                                created=utcnow,
                                updated=utcnow)
                            DBSession.add(update)
                            DBSession.flush()
                    else:
                        # delete
                        log.debug(
                            "Checking to see if we need to remove assignment for user: %s in group %s"
                            % (this_user.user_name, g.group_name))
                        q = DBSession.query(UserGroupAssignment).filter(
                            UserGroupAssignment.group_id == g.group_id,
                            UserGroupAssignment.user_id == this_user.user_id)
                        check = DBSession.query(q.exists()).scalar()
                        if check:
                            log.info("Removing local user %s from group %s" %
                                     (this_user.user_name, g.group_name))
                            assignment = DBSession.query(
                                UserGroupAssignment).filter(
                                    UserGroupAssignment.group_id == g.group_id,
                                    UserGroupAssignment.user_id ==
                                    this_user.user_id).one()
                            DBSession.delete(assignment)
                            DBSession.flush()

                return_url = '/cp/user'
                return HTTPFound(return_url)
Пример #3
0
                             (user['login']))

                if valid_time:
                    # Convert the env name to the id
                    env_id = Env.get_env_id(to_env)

                    # Assign
                    utcnow = datetime.utcnow()
                    promote = ArtifactAssignment(deploy_id=deploy_id,
                                                 artifact_id=artifact_id,
                                                 env_id=env_id.env_id,
                                                 lifecycle_id=to_state,
                                                 updated_by=user['login'],
                                                 created=utcnow)
                    DBSession.add(promote)
                    DBSession.flush()

                    return_url = '/deploys?application_id=%s&nodegroup=%s&artifact_id=%s&to_env=%s&to_state=%s&commit=%s' % (
                        app.application_id, app.nodegroup, artifact_id, to_env,
                        to_state, commit)
                    return HTTPFound(return_url)
                else:
                    error = True
                    message = "ACCESS DENIED: You are attempting to promote outside the allowed time window for %s: %s" % (
                        app.application_name, fw)
            except Exception, e:
                log.error("Failed to promote artifact (%s)" % (e))

    return {
        'layout': site_layout(),
        'page_title': page_title,