def pageInit(subHeading=None, formJS=0): table_data = declarations.define_tables() print "<HTML>" print "<HEAD>" if formJS: pmt_utils.generate_form_javascript(table_data, 'inventory', 'inv_admin', 0) else: pmt_utils.javaScript("inv_admin") pmt_utils.title("Inventory") print "</HEAD>" pmt_utils.bodySetup() pmt_utils.mainHeading('Inventory') if subHeading != None: pmt_utils.subHeading(subHeading) pmt_utils.formSetup("inv_admin", declarations.pmt_info['db_name'], "inv_admin", "return submitForm(document.inv_admin)") dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status'] != 'success': db = None status = dbResult['message'] else: db = dbResult['result'] status = 'success' return status, table_data, db
def doDelete(): dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status'] != 'success': onQueryLoad = 'displayWindow("Could not connect to the database")' message = "Could not connect to the database.\n%s" % dbResult['message'] exit(message) db = dbResult['result'] status, details = db_authentication.password_valid(db, crypt_salt=db_name, username=username, password=password) if status != 'success': exit(details) sqlStatement = "DELETE FROM inventory WHERE id = '%s'" % ( form["key_id"].value) dbResult = pmt_utils.executeSQL(db, sqlStatement) if dbResult['status'] != 'success': onQueryLoad = "return displayWindow('Could not delete item data')" else: onQueryLoad = "return displayWindow('Item data successfully deleted')" db.close() query_inventory(1)
def verifyUserPass(): db = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) # could not connect to db if db['status'] != 'success': message= "Can not connect to database,\n" + db['message'] pmt_utils.alertsArea(form,message) displayLogin(form) sys.exit(1) status, details = db_authentication.password_valid(db['result'], crypt_salt=db_name, username=username, password=password) if status != 'success': displayLogin(form,details) sys.exit(1) cvs_web_priv=pmt_utils.hasPriv(db['result'],username,'cvs_web') cvs_export_priv=pmt_utils.hasPriv(db['result'],username,'cvs_export') if cvs_web_priv==0 and cvs_export_priv==0: message='User %s does not have access to CVS' % username displayLogin(form, message) sys.exit() return cvs_web_priv,cvs_export_priv
def dbInit(): dbResult=pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status']!='success': print "Error while connecting to database<BR>" return "error",None return 'success',dbResult['result']
def db_table_to_data_file(filename): dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) # could not connect to db if dbResult['status'] != 'success': print 'Could not connect to database', sys.exit(1) pmt_utils.exec_sql_file(db, filename)
def doDelete(): dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status'] != 'success': message='Could not connect to the database.\n%s' % dbResult['message'] onQueryLoad = "displayWindow('%s')" % message exit(message) db = dbResult['result'] sql = "SELECT member_username FROM project_members " sql=sql+"WHERE id = '%s'" % (form['key_id'].value) dbResult = pmt_utils.executeSQL(db, sql) if dbResult['status'] != 'success': messsage='Could not delete project member data' onQueryLoad = "return displayWindow('%s')" % message exit(message) result = dbResult['result'] username = string.strip(result[0]['member_username']) sql="DELETE FROM project_members WHERE id = '%s'" % (form["key_id"].value) dbResult = pmt_utils.executeSQL(db, sql) msg='/var/www/admin/%s.passwd' % (db_name) deleteUserStatus, output=authentication.delete_pwd_entry(msg,username) if (dbResult['status'] !='success') or (deleteUserStatus !='success'): message='Could not delete project member data' onQueryLoad = "return displayWindow('%s')" % message exit(message) sql = "DELETE FROM priviledges WHERE member_username='******'" % username pmt_utils.executeSQL(db,sql) message='Project member data successfully deleted' onQueryLoad = "return displayWindow('%s')" % message db.close() query_project_members(1)
def validUserPass(username, password): dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) # could not connect to db if dbResult['status'] != 'success': pmt_utils.htmlContentType() print '<html>' pmt_utils.alertsArea(form, "Can not connect to database") sys.exit(1) else: db = dbResult['result'] status, details = db_authentication.password_valid(db, crypt_salt=db_name, username=username, password=password) return status
def verifyUserPass(): db = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) # could not connect to db if db['status'] != 'success': displayLogin("Can not connect to database,\n" + db['message']) sys.exit(1) status, details = db_authentication.password_valid(db['result'], crypt_salt=db_name, username=username, password=password) if status != 'success': displayLogin(details) sys.exit(1) if pmt_utils.hasPriv(db['result'],username,'upload')==0: displayLogin('User %s does not have upload privileges' % username) sys.exit()
def create_db(self): import declarations dbResult = pmt_utils.connectDB(self.postgres_username, self.postgres_password, self.db_name) # could not connect to db if dbResult['status'] != 'success': # database does not exist so we do not have to backup # table data from previous version of this database print 'Could not connect to %s database, no db backup to perform.' % ( self.db_name), else: # else there is a database that exists with this name db = dbResult['result'] # backup all tables to dat files #pmt_utils.exec_sql_file(db, '%s_tables.backup' % (self.db_name)) db.close() # destroy the previous version of this database os.system('dropdb %s' % (self.db_name)) # connect to template database to get maximum user # id in use at this time dbResult = pmt_utils.connectDB(self.postgres_username, self.postgres_password, 'template1') if dbResult['status'] != "success": print dbResult['message'] sys.exit(1) db = dbResult['result'] queryResult = pmt_utils.executeSQL( db, "SELECT MAX(usesysid) FROM pg_user") if queryResult["status"] != 'success': print queryResult["status"] sys.exit(1) result = queryResult['result'] user_id = result[0]['max'] user_id = user_id + 1 db.close() # create database os.system("createdb %s" % (self.db_name)) os.system("/usr/bin/destroyuser " + self.db_admin_username) # print "Answer NO to the next prompt" os.system("/usr/bin/createuser -D -A %s" % (self.db_admin_username)) user_id = user_id + 1 os.system("/usr/bin/destroyuser " + self.visitor_username) # print "Answer NO to the next prompt" os.system("/usr/bin/createuser -D -A %s" % (self.visitor_username)) dbResult = pmt_utils.connectDB(self.postgres_username, self.postgres_password, self.db_name) if dbResult['status'] != "success": print dbResult['message'] sys.exit(1) db = dbResult['result'] # queryResult = pmt_utils.executeSQL(db, "DELETE FROM pg_group WHERE groname = 'admins'") # queryResult = pmt_utils.executeSQL(db, "INSERT INTO pg_group (groname, grosysid, grolist) VALUES ('admins', '1', '{1000}')") #if queryResult["status"] != 'success': # print queryResult["status"] # sys.exit(1) # queryResult = pmt_utils.executeSQL(db, "DELETE FROM pg_group WHERE groname = 'users'") # queryResult = pmt_utils.executeSQL(db, "INSERT INTO pg_group (groname, grosysid, grolist) VALUES ('users', '2', '{2000}')") # if queryResult["status"] != 'success': # print queryResult["status"] # sys.exit(1) queryResult = pmt_utils.executeSQL( db, "ALTER USER postgres WITH PASSWORD '%s'" % (self.postgres_password)) if queryResult["status"] != 'success': print queryResult['message'] sys.exit(1) queryResult = pmt_utils.executeSQL( db, "ALTER USER %s WITH PASSWORD '%s'" % (self.db_admin_username, self.db_admin_password)) if queryResult["status"] != 'success': print queryResult['message'] sys.exit(1) queryResult = pmt_utils.executeSQL( db, "ALTER USER %s WITH PASSWORD '%s'" % (self.visitor_username, self.visitor_password)) if queryResult["status"] != 'success': print queryResult['message'] sys.exit(1) queryResult = pmt_utils.create_tables(db, declarations.define_tables(), 1) if queryResult["status"] != 'success': print queryResult['message'] sys.exit(1) pmt_utils.exec_sql_file(db, self.db_name + '.tables') grantList = [] privileges = declarations.table_privileges() for table_name in privileges.keys(): for user_name in privileges[table_name].keys(): grantStatement = "GRANT " for privilege in privileges[table_name][user_name]: grantStatement = grantStatement + privilege + ", " grantStatement = grantStatement[: -2] + " ON " + table_name + " TO " + user_name grantList.append(grantStatement) # grant all privileges to the db admin grantList.append("GRANT ALL ON " + table_name + " TO " + self.db_admin_username) queryResult = pmt_utils.executeSqlItemList(db, grantList, 1) if queryResult["status"] != 'success': print "Failed to execute all GRANTS" sys.exit(1)
def add_user(self, username, password): self.username = username self.password = password if self.prompt and username == None: while 1: print "Enter the new username: "******"": break else: print "You must enter a username" else: if username != None: self.username = string.strip(username) if self.prompt and self.password == None: while 1: self.password = getpass.getpass( prompt='Enter the password for the new user: '******'error' dbResult = pmt_utils.connectDB(self.postgres_username, self.postgres_password, self.db_name) if dbResult['status'] != "success": print dbResult['message'] return 'error' self.db = dbResult['result'] queryResult = pmt_utils.executeSQL( self.db, "SELECT count(*) FROM pg_user WHERE usename = '%s'" % (self.username)) result = queryResult['result'] rows_which_match = result[0]["count"] if rows_which_match != 0: print 'User already exists' return 'Error' if queryResult["status"] != 'success': print queryResult["status"] return 'error' queryResult = pmt_utils.executeSQL( self.db, "SELECT MAX(usesysid) FROM pg_user") if queryResult["status"] != 'success': print queryResult["status"] return 'error' result = queryResult['result'] user_id = result[0]['max'] user_id = user_id + 1 self.db.close() print "Answer NO to the next prompt" os.system("/usr/bin/createuser -i %d -D -U %s" % (user_id, self.username)) dbResult = pmt_utils.connectDB(self.postgres_username, self.postgres_password, self.db_name) if dbResult['status'] != "success": print dbResult['message'] return 'error' self.db = dbResult['result'] queryResult = pmt_utils.executeSQL( self.db, "ALTER USER %s WITH PASSWORD %s" % (self.username, self.password)) if queryResult["status"] != 'success': print queryResult['message'] return 'error' grantList = [] privileges = declarations.table_privileges() for table_name in privileges.keys(): for user_name in privileges[table_name].keys(): grantStatement = "GRANT " for privilege in privileges[table_name][user_name]: grantStatement = grantStatement + privilege + ", " grantStatement = grantStatement[: -2] + " ON " + table_name + " TO " + self.username grantList.append(grantStatement) grantList.append("GRANT ALL ON pai_id_seq TO %s" % (self.username)) grantList.append("GRANT ALL ON project_members_id_seq TO %s" % (self.username)) queryResult = pmt_utils.executeSqlItemList(self.db, grantList, 1) if queryResult["status"] != 'success': print "Failed to execute all GRANTS" return 'error' self.db.close() return 'success'
form = pmt_utils.getFormData() db_name=declarations.pmt_info['db_name'] username,password=pmt_utils.getUserPass(form) print "<HTML>" print "<HEAD>" pmt_utils.title("Edit Project Options") print "</HEAD>" pmt_utils.bodySetup() pmt_utils.mainHeading("Project Option Manager") pmt_utils.subHeading("Add/Delete Options") if username!=None: dbResult=pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status'] != 'success': message="Can not connect to database,\n" + dbResult['message'] pmt_utils.alertsArea(form,message) sys.exit() db=dbResult['result'] verifyUserPass(db) message='' if form.has_key('add'): message=addOption(db)
def doUpload(): email_msg=html_msg='' dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) # could not connect to db if dbResult['status'] != 'success': upload_results('Can not verify you as a valid user<BR>', 'Can not verify you as a valid user', form) sys.exit() db = dbResult['result'] # check for valid login status, details =db_authentication.password_valid(db, crypt_salt=db_name, username=username, password=password) if status != 'success': pmt_utils.bodySetup() pmt_utils.alerts(form, 'Can not verify username/password') print '<hr><form method=post action=/%s-cgi-bin/upload.pyc>' % db_name print '<input name=back value="Back to Upload" type=submit>' print '</body>' sys.exit() if pmt_utils.hasPriv(db, username, 'upload')!=1: pmt_utils.bodySetup() pmt_utils.alerts(form, 'User %s does not have upload privileges' % username) print '<hr><form method=post action=/%s-cgi-bin/upload.pyc>' % db_name print '<input name=back value="Back to Upload" type=submit>' print '</body>' sys.exit() # check for valid upload site if not os.path.exists('/home/%s' % db_name): html_msg=html_msg+"Upload site %s does not exist.<BR>" % db_name html_msg=html_msg+"No archive file was uploaded.<BR>" email_msg=email_msg+"Upload site %s does not exist.\n" % db_name email_msg=email_msg+"No archive file was uploaded.\n" upload_results(html_msg, email_msg, form) sys.exit() # format destination for upload if not form.has_key('folder'): destination = '' else: if form['folder'].value == '/': destination = '' else: destination = form['folder'].value + '/' if form.has_key('archive'): # check for filesize is within allowable range archive_size = len(form['archive'].value) if archive_size == 0: msg="Suspicious archive file size of 0. Upload aborted." email_msg=email_msg+msg html_msg=html_msg+msg+"<BR>" upload_results(html_msg,email_msg,form) sys.exit() if archive_size > upload_ceiling: html_msg = 'Archive file size exceeds maximum upload limit ' html_msg = html_msg + 'of %d bytes.<BR>' % (upload_ceiling) html_msg = html_msg + 'Archive file size is %d bytes.<BR>' % (archive_size) html_msg = html_msg + 'No archive file was uploaded.<BR>' email_msg=string.replace(html_msg,"<BR>",'\n') upload_results(html_msg, email_msg,form) sys.exit() archive_name = form['archive'].filename archive_name = string.strip(archive_name) # strip off leading \\,/,: if string.rfind(archive_name,"\\") >= 0: archive_name = archive_name[string.rfind(archive_name,"\\")+1:] if string.rfind(archive_name,"/") >= 0: archive_name = archive_name[string.rfind(archive_name,"/")+1:] if string.rfind(archive_name,":") >= 0: archive_name = archive_name[string.rfind(archive_name,":")+1:] full_path='/home/' + db_name + '/documents/' + destination full_path_name=full_path + archive_name # write the archive to the website try: archive_file = open(full_path_name, "wb") except IOError, exception_details: html_msg = "No permissions to upload file to the website %s. " % db_name html_msg = html_msg+"Uploaded aborted.<BR>" html_msg = html_msg + 'File: '+full_path_name email_msg=string.replace(html_msg,"<BR>",'\n') email_msg=email_msg+'\nReason: ' + exception_details[1] + '\n\n' upload_results(html_msg,email_msg,form) sys.exit() archive_file.write(form['archive'].value) archive_file.close() status, type_of_archive, icon = os_utils.file_type(full_path_name) createDetails(archive_name, full_path) # extract archive if form.has_key('extract'): if status == 'success': archive_output=extract(type_of_archive, full_path_name,full_path, email_msg,html_msg) else: html_msg = 'Uploading unknown file type, in most cases this' html_msg = html_msg+'is alright but the file should be checked' email_msg='Upload to %s of an unknown file type.' % db_name upload_results(html_msg,email_msg,form) sys.exit() else: archive_output='' status='success' html_msg = '<TABLE BORDER=0>' if os.environ.has_key('REMOTE_ADDR'): html_msg = html_msg +'<TR><TD>Your IP Address:</TD>' html_msg = html_msg +'<TD>%s</TD></TR>'%(os.environ['REMOTE_ADDR']) html_msg = html_msg + '<TR><TD>Your browser I.D.:</TD>' html_msg = html_msg + '<TD><B>%s</B></TD></TR>' % (browser) fileSize=os.stat(full_path_name)[6] if type_of_archive == 'TAR' or type_of_archive == 'ZIP': html_msg = html_msg + '<TR><TD>Archive name is: </TD>' html_msg = html_msg + '<TD>%s</TD></TR>' % (archive_name) html_msg = html_msg + '<TR><TD>Archive file size (bytes): </TD>' html_msg = html_msg + '<TD>%d</TD></TR></TABLE>' %(fileSize) else: html_msg = html_msg + '<TR><TD>Filename is: </TD>' html_msg = html_msg + '<TD>%s</TD></TR>' % (archive_name) html_msg = html_msg + '<TR><TD>File size (bytes): </TD>' html_msg = html_msg + '<TD>%s</TD></TR></TABLE>' %(fileSize) if type_of_archive == 'TAR' or type_of_archive == 'ZIP': html_msg = html_msg + '<PRE>' html_msg = html_msg + archive_output html_msg = html_msg + '</PRE>' if form.has_key('extract'): html_msg=html_msg+'<CENTER><B>Your archive file has been uploaded ' html_msg = html_msg + 'and extracted successfully.</B></CENTER>' else: html_msg = html_msg + '<CENTER><B>Your file has been successfully ' html_msg = html_msg + 'uploaded.</B></CENTER>' html_msg = html_msg+'<HR><CENTER><FONT SIZE="-1">' html_msg = html_msg+"<form method=post action=/%s-cgi-bin/list_docs.pyc>" %db_name html_msg=html_msg+'<input name=project_name type=hidden value="%s">'%db_name html_msg = html_msg+"<input name=directory type=hidden " html_msg = html_msg+'value="%s">' % form['folder'].value html_msg = html_msg+'<input name=submit type=submit value="View Data Items">' html_msg = html_msg+"</form>" link = "http://%s" % (declarations.pmt_info['domain_name']) html_msg = html_msg+'<CENTER><FONT SIZE="-1"><A HREF="%s">' % link html_msg = html_msg+'%s</A></FONT></CENTER>'% declarations.pmt_info['domain_name'] if type_of_archive == 'TAR' or type_of_archive == 'ZIP': email_msg=email_msg+'Archive file was uploaded to %s.\n' % db_name email_msg=email_msg+'Archive file size (bytes): %d'%os.stat(full_path_name)[6] email_msg=email_msg+'\nArchive file location: %s' % form['folder'].value email_msg=email_msg+'\nArchive filename: %s\n' % archive_name email_msg=email_msg+archive_output + '\n' else: email_msg = email_msg+'File was uploaded to %s.\n' % db_name email_msg = email_msg+'File size (bytes): %d\n' % os.stat(full_path_name)[6] email_msg = email_msg+'Filename: %s\n' % archive_name email_msg = email_msg+"File location: %s\n" % form['folder'].value email_msg = email_msg+archive_output + '\n' if form.has_key('extract'): os.remove(full_path_name)
def display_form(display_files=0,alerts=None): print "<HTML>" print "<HEAD>" pmt_utils.javaScript("doc_maintenance") pmt_utils.title("Documentation Maintenance") print "</HEAD>" pmt_utils.bodySetup() pmt_utils.mainHeading('Documentation Maintenance') pmt_utils.subHeading('Create and Delete Folders/Files') pmt_utils.formSetup("doc_maintenance",db_name,"doc_maintenance",None) dbResult=pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status']!='success': exit(dbResult['message']) db=dbResult['result'] status,details = db_authentication.password_valid(db, crypt_salt=db_name, username=username, password=password) if status!='success': exit(details) if not pmt_utils.hasPriv(db,username,'folder_admin'): msg="User %s does not have folder maintenance priviledges" % username exit(msg) print '<hr><br><CENTER><B>Delete Folders/Files</B></CENTER>' stripped_db=string.lower(string.strip(db_name)) os.chdir(os.path.join('/home',stripped_db,'documents')) file_list = os_utils.walk_list_files( directory_name='.', list_only_files=0, exclude_list = [], include_file_type=1) if len(file_list) > 25: list_size = 25 else: list_size = len(file_list) print '<BLINK><B>WARNING:</B></BLINK><br>' print 'Any folders or files that you select for deletion are ' print 'permanently deleted. You should have a local backup of ' print 'any folders/files you delete in case you really did not mean ' print 'to delete. Backups are crucial. You have been warned.' print '<p>Selecting a folder will delete the folder and all files ' print 'under it including sub folders. ' print 'Select folder names with caution.' print '<p>Your deletes will not be confirmed. ' print 'When you press [Delete Folders/Files] your files are deleted.' print '<BR><CENTER><B>Select folders/files to delete</B>:<BR>' print '<SELECT NAME="files_to_remove" SIZE="8" MULTIPLE>' for curfile in file_list: print '<OPTION>%s' % (curfile) print "</SELECT><br>" java_call="return execute('delete_folder','1')" print '<input name="delete_folder" type="button" ' print 'value=" Delete Folders/Files " onClick="%s">' % java_call print '<input name ="website_name_hidden" ' print 'type="hidden" value="%s">' % (db_name) print "<hr><BR><BR>" print '<CENTER><B>Create Folder</B></CENTER><BR>' print '<B>Folder Name</B>: ' print '<input name="folder" type="text" size="50" maxlength="100"><BR>' java_call="return execute('create','1')" print '<input name="create" type="button" ' print 'value=" Create Folder " onClick="%s">' % java_call print '<input name ="website_name_hidden" ' print 'type="hidden" value="%s"><hr>' % (db_name) if alerts != None: pmt_utils.alertsArea(form,alerts) print '</CENTER>' pmt_utils.textbox(None, 'action', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'key_id', '1', '10', '10', None, None,'hidden') print '</form>' print '<p align="right">' print '<A HREF="mailto:[email protected]">Contact Support Team</a>' print "</body></html>"
def doSave(): table_data = declarations.define_tables() print "<HTML>" print "<HEAD>" pmt_utils.generate_form_javascript(table_data, 'project_info', 'project_admin', 0) pmt_utils.title("Project Info Administration") print "</HEAD>" pmt_utils.bodySetup() pmt_utils.mainHeading('Project Info Administration') pmt_utils.subHeading('Edit Project Info') pmt_utils.formSetup("project_admin", db_name, "project_admin", "return submitForm(document.project_admin)") dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status'] != 'success': msg = "Project Info could not be saved, could not connect to db\n" pmt_utils.alertsArea(form, msg + dbResult['message']) # generate function button row project_adminButtons('save') # generate hidden fields for form pmt_utils.textbox(None, 'key_id', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'action', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'item_no', '', '8', '8', None, None, 'hidden') print "</FORM>" pmt_utils.trailer(table_data, db) db.close() print "</BODY>" print "</HTML>" return db = dbResult['result'] # save the Form dbResult = pmt_utils.saveForm(table_data, db, None, "project_info", " WHERE id = '1'", form) # if the form was not successfully saved if dbResult['status'] != 'success': msg = "Project Info could not be saved due to an error during save,\n" pmt_utils.alertsArea(form, msg + dbResult['message']) else: table_data = declarations.define_tables() table_data = pmt_utils.formToTableData(table_data, 'project_info', form) table_data['project_info']['id']['value'] = '1' pmt_utils.display_form(table_data, 'project_info', 1, 'useValues', 1, db) pmt_utils.alertsArea(form, "Project Info successfully saved") # generate function button row project_adminButtons('save') # generate hidden fields for form pmt_utils.textbox(None, 'key_id', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'action', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'item_no', '', '8', '8', None, None, 'hidden') print "</FORM>" pmt_utils.trailer(table_data, db) db.close() print "</BODY>" print "</HTML>"
def create_database(site_name, pg_password): # Import the new declarations file # Create the database # Create the db user and set password # Connect to the database as the new user and create the tables # Set permissions # Customize and run pmt_site.tables file print "Creating %s database" % site_name import declarations db_name = declarations.pmt_info['db_name'] username = declarations.pmt_info['browser_username'] password = declarations.pmt_info['browser_password'] os.system('createdb -U postgres -q %s >> log.txt 2>> log.txt' % db_name) os.system('createuser -U postgres -q -D -A %s >> log.txt 2>> log.txt' % username) db = pmt_utils.connectDB('postgres', pg_password, db_name) sqlStatement = "ALTER USER %s WITH PASSWORD '%s'" % (username, password) pmt_utils.executeSQL(db['result'], sqlStatement) db = pmt_utils.connectDB(username, password, db_name) if db['status'] != 'success': print dbResult['message'] sys.exit(1) db = db['result'] dbCreate = pmt_utils.create_tables(db, declarations.define_tables(), 0) if dbCreate['status'] != 'success': print 'Could not create DB' sys.exit() # Create sequences seqList = ['project', 'pai', 'task', 'spr', 'ecp', 'project_members'] for seq in seqList: sqlStatement = "CREATE SEQUENCE %s_id_seq START 1" % seq pmt_utils.executeSQL(db, sqlStatement) # Grant privileges specified in declarations privs = declarations.table_privileges() for table_name in privs.keys(): sqlStatement = "GRANT " for user in privs[table_name].keys(): for privilege in privs[table_name][user]: sqlStatement = sqlStatement + privilege + ', ' sqlStatement = sqlStatement[:-2] + ' ON ' + table_name + ' TO ' + user #print sqlStatement pmt_utils.executeSQL(db, sqlStatement) # Customize file, run it, then change it back os.system('vi -c %s/pmt_usr/%s/g -c wq pmt_site.tables' % ('%s', username)) os.system("psql %s %s -f 'pmt_site.tables' >> log.txt" % (db_name, username)) #pmt_utils.exec_sql_file(db,'pmt_site.tables') os.system('vi -c %s/%s/pmt_usr/g -c wq pmt_site.tables' % ('%s', username)) return db
def doEdit(): table_data = declarations.define_tables() print "<HTML>" print "<HEAD>" pmt_utils.generate_form_javascript(table_data, 'project_info', 'project_admin', 0) pmt_utils.title("Project Info Administration") print "</HEAD>" pmt_utils.bodySetup() pmt_utils.mainHeading('Project Info Administration') pmt_utils.subHeading('Edit Project Info') pmt_utils.formSetup("project_admin", db_name, "project_admin", "return submitForm(document.project_admin)") dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) if dbResult['status'] != 'success': msg = "Could not connect to the database\n" pmt_utils.alertsArea(form, msg + dbResult['message']) sys.exit() db = dbResult['result'] status, details = db_authentication.password_valid(db, crypt_salt=db_name, username=username, password=password) if status != 'success': print '<form method=post action=/%s-cgi-bin/project_admin.pyc>' % db_name pmt_utils.usernamePasswordDisplay(username) pmt_utils.alertsArea(form, 'Can not verify you as a valid user') print '<hr><input name=reload type=submit value="Query">' print '<input name=action value=edit type=hidden>' print '</form>' sys.exit() if pmt_utils.hasPriv(db, username, 'project_data') != 1: print '<form method=post action=/%s-cgi-bin/project_admin.pyc>' % db_name pmt_utils.usernamePasswordDisplay(username) msg = 'User %s does not have project admin privileges' % username pmt_utils.alertsArea(form, msg) print '<hr><input name=reload type=submit value="Query">' print '<input name=action value=edit type=hidden>' print '</form>' sys.exit() sqlStatement = pmt_utils.selectAllColumnsSqlStatement( table_data, 'project_info', '1') dbResult = pmt_utils.executeSQL(db, sqlStatement) if dbResult['status'] != 'success': msg = "Could not retrieve project info to edit\n" pmt_utils.alertsArea(form, msg + dbResult['message']) else: result = dbResult['result'] table_data = pmt_utils.dbToTableData(table_data, 'project_info', result[0]) table_data['project_info']['id']['value'] = '1' pmt_utils.display_form(table_data, 'project_info', 1, 'useValues', 1, db) pmt_utils.alertsArea(form, "Project Info retrieved successfully") project_adminButtons('save') pmt_utils.textbox(None, 'key_id', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'action', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'item_no', '', '8', '8', None, None, 'hidden') print "</FORM>" pmt_utils.trailer(table_data, db) db.close() print "</BODY>" print "</HTML>"
def edit_project_info(performDbQuery=0, onLoad=None, queryFields=None): table_data = declarations.define_tables() print "<HTML>" print "<HEAD>" pmt_utils.javaScript("project_admin") pmt_utils.title("Project Administration") print "</HEAD>" pmt_utils.bodySetup(onLoad) pmt_utils.mainHeading('Project Administration') pmt_utils.subHeading('Project Info') pmt_utils.formSetup("project_admin", db_name, "project_admin", "return submitForm(document.project_admin)") if username == None: pmt_utils.usernamePasswordDisplay() project_adminButtons(button_name='edit') pmt_utils.textbox(None, 'key_id', '1', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'action', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'item_no', '', '8', '8', None, None, 'hidden') print "</FORM>" try: pmt_utils.trailer(table_data, db) db.close() except NameError: pass print "</BODY>" print "</HTML>" return dbResult = pmt_utils.connectDB(declarations.pmt_info['browser_username'], declarations.pmt_info['browser_password'], declarations.pmt_info['db_name']) # could not connect to db if dbResult['status'] != 'success': pmt_utils.alertsArea( form, "Can not connect to database,\n" + dbResult['message']) project_adminButtons() print "</FORM>" try: pmt_utils.trailer(table_data, db) db.close() except NameError: pass print "</BODY>" print "</HTML>" return db = dbResult['result'] status, details = db_authentication.password_valid(db, crypt_salt=db_name, username=username, password=password) if status != 'success': print '<form method=post action=/%s-cgi-bin/project_admin.pyc>' % db_name pmt_utils.usernamePasswordDisplay(username) pmt_utils.alertsArea(form, 'Can not verify you as a valid user') print '<hr><input name=reload type=submit value="Query">' print '<input name=action value=edit type=hidden>' print '</form>' sys.exit() if pmt_utils.hasPriv(db, username, 'project_data') != 1: print '<form method=post action=/%s-cgi-bin/project_admin.pyc>' % db_name pmt_utils.usernamePasswordDisplay(username) msg = 'User %s does not have project admin privileges>' % username pmt_utils.alertsArea(form, msg) print '<hr><input name=reload type=submit value="Query">' print '<input name=action value=edit type=hidden>' print '</form>' sys.exit() if form.has_key('key_id'): key_id = form['key_id'].value else: key_id = '1' sqlStatement = pmt_utils.selectAllColumnsSqlStatement( table_data, 'project_info', key_id) dbResult = pmt_utils.executeSQL(db, sqlStatement) if dbResult['status'] != 'success': msg = "Could not retrieve project information\n" + dbResult['message'] pmt_utils.alertsArea(form, msg) else: result = dbResult['result'] table_data = pmt_utils.dbToTableData(table_data, 'project_info', result[0]) table_data['project_info']['id']['value'] = '1' pmt_utils.display_form(table_data, 'project_info', 1, 'useValues', 1, db) pmt_utils.alertsArea(form, "Project Information retrieved successfully") project_adminButtons(button_name='save') pmt_utils.textbox(None, 'key_id', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'action', '', '10', '10', None, None, 'hidden') pmt_utils.textbox(None, 'item_no', '', '8', '8', None, None, 'hidden') print "</FORM>" try: pmt_utils.trailer(table_data, db) db.close() except NameError: pass print "</BODY>" print "</HTML>"