def get(self, username):
        try:
            asking_user = self.get_current_user()
            if asking_user is None:
                self.validate_user()
                return

            if self.permission_level < constants.PERMISSION_LEVEL_SPOOF:
                raise SpoofError("You don't have permissions to spoof as another user")
            user_to_spoof = User.get_user(username)
            if user_to_spoof is None:
                raise SpoofError("User {} does not exist.".format(username))
            # make sure we're not spoofing as god
            if self.permission_level < user_to_spoof.permission_level:
                raise SpoofError(
                    "You cannot spoof as a user with higher permissions than you. (Then everything WOULD-- nothing wouldn't... what would that even MEAN???)"
                )

            self.set_secure_cookie("spoofing_user", asking_user)
            self.set_secure_cookie("user", user_to_spoof.username)
            self.redirect(constants.SERVICE_URL, permanent=False)
        except SpoofError as e:
            username = self.get_current_user()
            user = User.get_user(username)
            self.render(
                "error.html", debug=constants.DEBUG, user=user, constants=constants, traceback=traceback.format_exc()
            )
示例#2
0
    def open(self):
        self.subscriptions = []
        
        username = self.get_secure_cookie("user")
        
        if username is not None:
            self.user = User.get_user(username)
            
            if self.user is not None:
                # Check if "new" user and create a project dir for them if needed.
                if not os.path.exists(self.user_dir()):
                    os.makedirs(self.user_dir())
                
                if not self.username in self.active_users:
                    self.active_users[self.username] = []
                self.active_users[self.username].append(self)
                
                self.user.on_connect()
                
                result_message = {'type': 'login_success'}
                self.write_message(json.dumps(result_message))
                
                if self.user.current_project is not None:
                    # Send a message to re-open the current project
                    #TODO: fix this hack! this module should not "know" about this method.
                    self.message_handlers["open_project_request"](self, {'id': self.user.current_project})
                
                self.log("info", "User '{}' has connected.".format(self.username))
                return

        self.redirect(CAS_SERVER + "/cas/login?service=" + SERVICE_URL, permanent=False)
        
        self.notify("Session expired. Please login again.", "error")
示例#3
0
    def get(self, action):
        if action == "logout":
            self.logout_user()
        else:
            username = self.get_current_user()

            if username is None:
                self.validate_user()
                return

            user = User.get_user(username)

            if action == "admin" and user.permission_level >= constants.PERMISSION_LEVEL_TA:
                self.render("admin.html",
                            debug=constants.DEBUG,
                            user=user,
                            constants=constants)
            elif user.permission_level >= constants.PERMISSION_LEVEL_USER:
                self.render("index.html",
                            debug=constants.DEBUG,
                            user=user,
                            constants=constants)
            else:
                self.render("denied.html",
                            debug=constants.DEBUG,
                            user=user,
                            constants=constants)
示例#4
0
 def permission_level(self):
     """
     Returns the permission_level associated with this connection.
     """
     username = self.get_current_user()
     user = User.get_user(username)
     
     if user is not None:
         return user.permission_level
     return PERMISSION_LEVEL_NONE
示例#5
0
    def permission_level(self):
        """
        Returns the permission_level associated with this connection.
        """
        username = self.get_current_user()
        user = User.get_user(username)

        if user is not None:
            return user.permission_level
        return PERMISSION_LEVEL_NONE
示例#6
0
 def get(self, action):
     if action == "logout":
         self.logout_user()
     else:
         username = self.get_current_user()
         
         if username is None:
             self.validate_user()
             return
             
         user = User.get_user(username)
             
         if action == "admin" and user.permission_level >= constants.PERMISSION_LEVEL_TA:
             self.render("admin.html", debug=constants.DEBUG, user=user, constants=constants)
         elif user.permission_level >= constants.PERMISSION_LEVEL_USER:
             self.render("index.html", debug=constants.DEBUG, user=user, constants=constants)
         else:
             self.render("denied.html", debug=constants.DEBUG, user=user, constants=constants)
示例#7
0
    def open(self):
        self.subscriptions = []

        username = self.get_secure_cookie("user")

        if username is not None:
            self.user = User.get_user(username)

            if self.user is not None:
                # Check if "new" user and create a project dir for them if needed.
                if not os.path.exists(self.user_dir()):
                    os.makedirs(self.user_dir())

                if not self.username in self.active_users:
                    self.active_users[self.username] = []
                self.active_users[self.username].append(self)

                self.user.on_connect()

                result_message = {'type': 'login_success'}
                self.write_message(json.dumps(result_message))

                if self.user.current_project is not None:
                    # Send a message to re-open the current project
                    #TODO: fix this hack! this module should not "know" about this method.
                    self.message_handlers["open_project_request"](
                        self, {
                            'id': self.user.current_project
                        })

                self.log("info",
                         "User '{}' has connected.".format(self.username))
                return

        self.redirect(CAS_SERVER + "/cas/login?service=" + SERVICE_URL,
                      permanent=False)

        self.notify("Session expired. Please login again.", "error")
#!/usr/bin/python

import os
import sys

system_directory = os.path.dirname(os.path.abspath(__file__))

sys.path.append(system_directory + "/imports")

username = sys.argv[1]
permission_level = int(sys.argv[2])

from rayage.database.User import User
from rayage.database.SessionFactory import SessionFactory

session = SessionFactory()
try:
    user = User.get_user(username)
    user.permission_level = permission_level
    session.add(user)
    session.commit()
    print "Successfully set permission level for user '{}' to {}.".format(user.username, user.permission_level)
finally:
    session.close()

示例#9
0
#!/usr/bin/python

import os
import sys
import random

system_directory = os.path.dirname(os.path.abspath(__file__))

sys.path.append(system_directory + "/imports")

#from names import names as usernames
from names_from_home_directories import names as usernames

from rayage.database.User import User
from rayage.database.SessionFactory import SessionFactory

import constants

session = SessionFactory()
try:
    for username in usernames:
        permission_level = constants.PERMISSION_LEVEL_USER
        user = User(username, permission_level)
        session.add(user)
    session.commit()
finally:
    session.close()

#!/usr/bin/python

import os
import sys

system_directory = os.path.dirname(os.path.abspath(__file__))

sys.path.append(system_directory + "/imports")

username = sys.argv[1]
permission_level = int(sys.argv[2])

from rayage.database.User import User
from rayage.database.SessionFactory import SessionFactory

session = SessionFactory()
try:
    user = User.get_user(username)
    user.permission_level = permission_level
    session.add(user)
    session.commit()
    print "Successfully set permission level for user '{}' to {}.".format(
        user.username, user.permission_level)
finally:
    session.close()