Startsida Utforska Hjälp
Logga in
bux
/
tracim
Bevaka 1
Stjärnmärk 0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Activity
458 Incheckningar
1 Grenar
Träd: 3eaf8a4e4d
Grenar Taggar
${ item.name }
Create branch ${ searchTerm }
from '3eaf8a4e4d'
${ noResults }
tracim/tracim/tracim/controllers/user.py

user.py 7.1KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211 
  1. # -*- coding: utf-8 -*-

  2. from webob.exc import HTTPForbidden

  3. 

  4. from tracim import model  as pm

  5. 

  6. from sprox.tablebase import TableBase

  7. from sprox.formbase import EditableForm, AddRecordForm

  8. from sprox.fillerbase import TableFiller, EditFormFiller

  9. from tw2 import forms as tw2f

  10. import tg

  11. from tg import tmpl_context

  12. from tg.i18n import ugettext as _, lazy_ugettext as l_

  13. 

  14. from sprox.widgets import PropertyMultipleSelectField

  15. from sprox._compat import unicode_text

  16. 

  17. from formencode import Schema

  18. from formencode.validators import FieldsMatch

  19. 

  20. from tracim.controllers import TIMRestController

  21. from tracim.lib import helpers as h

  22. from tracim.lib.user import UserApi

  23. from tracim.lib.group import GroupApi

  24. from tracim.lib.user import UserStaticApi

  25. from tracim.lib.userworkspace import RoleApi

  26. from tracim.lib.workspace import WorkspaceApi

  27. 

  28. from tracim.model import DBSession

  29. from tracim.model.auth import Group, User

  30. from tracim.model.serializers import Context, CTX, DictLikeClass

  31. 

  32. 

  33. class UserWorkspaceRestController(TIMRestController):

  34. 

  35.     def _before(self, *args, **kw):

  36.         """

  37.         Instantiate the current workspace in tg.tmpl_context

  38.         :param args:

  39.         :param kw:

  40.         :return:

  41.         """

  42.         super(self.__class__, self)._before(args, kw)

  43. 

  44.         api = UserApi(tg.tmpl_context.current_user)

  45.         user_id = tmpl_context.current_user_id

  46.         user = tmpl_context.current_user

  47. 

  48.     @tg.expose()

  49.     def enable_notifications(self, workspace_id, next_url=None):

  50.         workspace_id = int(workspace_id)

  51.         api = WorkspaceApi(tg.tmpl_context.current_user)

  52. 

  53.         workspace = api.get_one(workspace_id)

  54.         api.enable_notifications(tg.tmpl_context.current_user, workspace)

  55.         tg.flash(_('Notification enabled for workspace {}').format(workspace.label))

  56. 

  57.         if next_url:

  58.             tg.redirect(tg.url(next_url))

  59.         tg.redirect(self.parent_controller.url(None, 'me'))

  60. 

  61.     @tg.expose()

  62.     def disable_notifications(self, workspace_id, next_url=None):

  63.         workspace_id = int(workspace_id)

  64.         api = WorkspaceApi(tg.tmpl_context.current_user)

  65. 

  66.         workspace = api.get_one(workspace_id)

  67.         api.disable_notifications(tg.tmpl_context.current_user, workspace)

  68.         tg.flash(_('Notification disabled for workspace {}').format(workspace.label))

  69. 

  70.         if next_url:

  71.             tg.redirect(tg.url(next_url))

  72.         tg.redirect(self.parent_controller.url(None, 'me'))

  73. 

  74. 

  75. class UserPasswordRestController(TIMRestController):

  76.     """

  77.      CRUD Controller allowing to manage password of a given user

  78.      TODO: do not duplicate this controller between admin and "standard user" interfaces

  79.     """

  80. 

  81.     def _before(self, *args, **kw):

  82.         """

  83.         Instantiate the current workspace in tg.tmpl_context

  84.         :param args:

  85.         :param kw:

  86.         :return:

  87.         """

  88.         super(self.__class__, self)._before(args, kw)

  89. 

  90.         api = UserApi(tg.tmpl_context.current_user)

  91.         user_id = tmpl_context.current_user_id

  92.         user = tmpl_context.current_user

  93. 

  94. 

  95.     @tg.expose('tracim.templates.user_password_edit_me')

  96.     def edit(self):

  97.         if not tg.config.get('auth_is_internal'):

  98.             raise HTTPForbidden()

  99. 

  100.         dictified_user = Context(CTX.USER).toDict(tmpl_context.current_user, 'user')

  101.         return DictLikeClass(result = dictified_user)

  102. 

  103.     @tg.expose()

  104.     def put(self, current_password, new_password1, new_password2):

  105.         if not tg.config.get('auth_is_internal'):

  106.             raise HTTPForbidden()

  107. 

  108.         # FIXME - Allow only self password or operation for managers

  109.         current_user = tmpl_context.current_user

  110. 

  111.         redirect_url = tg.lurl('/home')

  112. 

  113.         if not current_password or not new_password1 or not new_password2:

  114.             tg.flash(_('Empty password is not allowed.'))

  115.             tg.redirect(redirect_url)

  116. 

  117.         if current_user.validate_password(current_password) is False:

  118.             tg.flash(_('The current password you typed is wrong'))

  119.             tg.redirect(redirect_url)

  120. 

  121.         if new_password1!=new_password2:

  122.             tg.flash(_('New passwords do not match.'))

  123.             tg.redirect(redirect_url)

  124. 

  125.         current_user.password = new_password1

  126.         pm.DBSession.flush()

  127. 

  128.         tg.flash(_('Your password has been changed'))

  129.         tg.redirect(redirect_url)

  130. 

  131. 

  132. class UserRestController(TIMRestController):

  133.     """

  134.      CRUD Controller allowing to manage Users

  135.     """

  136. 

  137.     password = UserPasswordRestController()

  138.     workspaces = UserWorkspaceRestController()

  139. 

  140.     @classmethod

  141.     def current_item_id_key_in_context(cls):

  142.         return 'user_id'

  143. 

  144.     @tg.expose('tracim.templates.user_get_all')

  145.     def get_all(self, *args, **kw):

  146.         tg.redirect(self.url(None, 'me'))

  147.         pass

  148. 

  149.     @tg.expose()

  150.     def post(self, name, email, password, is_tracim_manager='off', is_pod_admin='off'):

  151.         pass

  152. 

  153.     @tg.expose('tracim.templates.user_get_me')

  154.     def get_one(self, user_id):

  155.         user_id = tmpl_context.current_user.user_id

  156. 

  157.         current_user = tmpl_context.current_user

  158.         assert user_id==current_user.user_id

  159.         api = UserApi(current_user)

  160.         current_user = api.get_one(current_user.user_id)

  161.         dictified_user = Context(CTX.USER).toDict(current_user, 'user')

  162.         current_user_content = Context(CTX.CURRENT_USER).toDict(tmpl_context.current_user)

  163.         fake_api_content = DictLikeClass(current_user=current_user_content)

  164.         fake_api = Context(CTX.WORKSPACE).toDict(fake_api_content)

  165. 

  166.         return DictLikeClass(result=dictified_user, fake_api=fake_api)

  167. 

  168.     @tg.expose('tracim.templates.user_edit_me')

  169.     def edit(self, id, next_url=None):

  170.         id = tmpl_context.current_user.user_id

  171.         current_user = tmpl_context.current_user

  172.         assert id==current_user.user_id

  173. 

  174.         dictified_user = Context(CTX.USER).toDict(current_user, 'user')

  175.         fake_api = DictLikeClass(next_url=next_url)

  176.         return DictLikeClass(result=dictified_user, fake_api=fake_api)

  177. 

  178.     @tg.expose('tracim.templates.workspace.edit')

  179.     def put(self, user_id, name, email, next_url=None):

  180.         user_id = tmpl_context.current_user.user_id

  181.         current_user = tmpl_context.current_user

  182.         assert user_id==current_user.user_id

  183. 

  184.         # Only keep allowed field update

  185.         updated_fields = self._clean_update_fields({

  186.             'name': name,

  187.             'email': email

  188.         })

  189. 

  190.         api = UserApi(tmpl_context.current_user)

  191.         api.update(current_user, do_save=True, **updated_fields)

  192.         tg.flash(_('profile updated.'))

  193.         if next_url:

  194.             tg.redirect(tg.url(next_url))

  195.         tg.redirect(self.url())

  196. 

  197.     def _clean_update_fields(self, fields: dict):

  198.         """

  199.         Remove field key who are not allowed to be updated

  200.         :param fields: dict with field name key to be cleaned

  201.         :rtype fields: dict

  202.         :return:

  203.         """

  204.         auth_instance = tg.config.get('auth_instance')

  205.         if not auth_instance.is_internal:

  206.             externalized_fields_names = auth_instance.managed_fields

  207.             for externalized_field_name in externalized_fields_names:

  208.                 if externalized_field_name in fields:

  209.                     fields.pop(externalized_field_name)

  210.         return fields