##// END OF EJS Templates
admin: Use error message from UserCreationError when updating a user....
johbo -
r231:b3a11d63 default
parent child Browse files
Show More
@@ -1,717 +1,719 b''
1 # -*- coding: utf-8 -*-
1 # -*- coding: utf-8 -*-
2
2
3 # Copyright (C) 2010-2016 RhodeCode GmbH
3 # Copyright (C) 2010-2016 RhodeCode GmbH
4 #
4 #
5 # This program is free software: you can redistribute it and/or modify
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
7 # (only), as published by the Free Software Foundation.
8 #
8 #
9 # This program is distributed in the hope that it will be useful,
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
12 # GNU General Public License for more details.
13 #
13 #
14 # You should have received a copy of the GNU Affero General Public License
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
16 #
17 # This program is dual-licensed. If you wish to learn more about the
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
20
21 """
21 """
22 Users crud controller for pylons
22 Users crud controller for pylons
23 """
23 """
24
24
25 import logging
25 import logging
26 import formencode
26 import formencode
27
27
28 from formencode import htmlfill
28 from formencode import htmlfill
29 from pylons import request, tmpl_context as c, url, config
29 from pylons import request, tmpl_context as c, url, config
30 from pylons.controllers.util import redirect
30 from pylons.controllers.util import redirect
31 from pylons.i18n.translation import _
31 from pylons.i18n.translation import _
32
32
33 from rhodecode.authentication.plugins import auth_rhodecode
33 from rhodecode.authentication.plugins import auth_rhodecode
34 from rhodecode.lib.exceptions import (
34 from rhodecode.lib.exceptions import (
35 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
35 DefaultUserException, UserOwnsReposException, UserOwnsRepoGroupsException,
36 UserOwnsUserGroupsException, UserCreationError)
36 UserOwnsUserGroupsException, UserCreationError)
37 from rhodecode.lib import helpers as h
37 from rhodecode.lib import helpers as h
38 from rhodecode.lib import auth
38 from rhodecode.lib import auth
39 from rhodecode.lib.auth import (
39 from rhodecode.lib.auth import (
40 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
40 LoginRequired, HasPermissionAllDecorator, AuthUser, generate_auth_token)
41 from rhodecode.lib.base import BaseController, render
41 from rhodecode.lib.base import BaseController, render
42 from rhodecode.model.auth_token import AuthTokenModel
42 from rhodecode.model.auth_token import AuthTokenModel
43
43
44 from rhodecode.model.db import (
44 from rhodecode.model.db import (
45 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
45 PullRequestReviewers, User, UserEmailMap, UserIpMap, RepoGroup)
46 from rhodecode.model.forms import (
46 from rhodecode.model.forms import (
47 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
47 UserForm, UserPermissionsForm, UserIndividualPermissionsForm)
48 from rhodecode.model.user import UserModel
48 from rhodecode.model.user import UserModel
49 from rhodecode.model.meta import Session
49 from rhodecode.model.meta import Session
50 from rhodecode.model.permission import PermissionModel
50 from rhodecode.model.permission import PermissionModel
51 from rhodecode.lib.utils import action_logger
51 from rhodecode.lib.utils import action_logger
52 from rhodecode.lib.ext_json import json
52 from rhodecode.lib.ext_json import json
53 from rhodecode.lib.utils2 import datetime_to_time, safe_int
53 from rhodecode.lib.utils2 import datetime_to_time, safe_int
54
54
55 log = logging.getLogger(__name__)
55 log = logging.getLogger(__name__)
56
56
57
57
58 class UsersController(BaseController):
58 class UsersController(BaseController):
59 """REST Controller styled on the Atom Publishing Protocol"""
59 """REST Controller styled on the Atom Publishing Protocol"""
60
60
61 @LoginRequired()
61 @LoginRequired()
62 def __before__(self):
62 def __before__(self):
63 super(UsersController, self).__before__()
63 super(UsersController, self).__before__()
64 c.available_permissions = config['available_permissions']
64 c.available_permissions = config['available_permissions']
65 c.allowed_languages = [
65 c.allowed_languages = [
66 ('en', 'English (en)'),
66 ('en', 'English (en)'),
67 ('de', 'German (de)'),
67 ('de', 'German (de)'),
68 ('fr', 'French (fr)'),
68 ('fr', 'French (fr)'),
69 ('it', 'Italian (it)'),
69 ('it', 'Italian (it)'),
70 ('ja', 'Japanese (ja)'),
70 ('ja', 'Japanese (ja)'),
71 ('pl', 'Polish (pl)'),
71 ('pl', 'Polish (pl)'),
72 ('pt', 'Portuguese (pt)'),
72 ('pt', 'Portuguese (pt)'),
73 ('ru', 'Russian (ru)'),
73 ('ru', 'Russian (ru)'),
74 ('zh', 'Chinese (zh)'),
74 ('zh', 'Chinese (zh)'),
75 ]
75 ]
76 PermissionModel().set_global_permission_choices(c, translator=_)
76 PermissionModel().set_global_permission_choices(c, translator=_)
77
77
78 @HasPermissionAllDecorator('hg.admin')
78 @HasPermissionAllDecorator('hg.admin')
79 def index(self):
79 def index(self):
80 """GET /users: All items in the collection"""
80 """GET /users: All items in the collection"""
81 # url('users')
81 # url('users')
82
82
83 from rhodecode.lib.utils import PartialRenderer
83 from rhodecode.lib.utils import PartialRenderer
84 _render = PartialRenderer('data_table/_dt_elements.html')
84 _render = PartialRenderer('data_table/_dt_elements.html')
85
85
86 def grav_tmpl(user_email, size):
86 def grav_tmpl(user_email, size):
87 return _render("user_gravatar", user_email, size)
87 return _render("user_gravatar", user_email, size)
88
88
89 def username(user_id, username):
89 def username(user_id, username):
90 return _render("user_name", user_id, username)
90 return _render("user_name", user_id, username)
91
91
92 def user_actions(user_id, username):
92 def user_actions(user_id, username):
93 return _render("user_actions", user_id, username)
93 return _render("user_actions", user_id, username)
94
94
95 # json generate
95 # json generate
96 c.users_list = User.query()\
96 c.users_list = User.query()\
97 .filter(User.username != User.DEFAULT_USER) \
97 .filter(User.username != User.DEFAULT_USER) \
98 .all()
98 .all()
99
99
100 users_data = []
100 users_data = []
101 for user in c.users_list:
101 for user in c.users_list:
102 users_data.append({
102 users_data.append({
103 "gravatar": grav_tmpl(user.email, 20),
103 "gravatar": grav_tmpl(user.email, 20),
104 "username": h.link_to(
104 "username": h.link_to(
105 user.username, h.url('user_profile', username=user.username)),
105 user.username, h.url('user_profile', username=user.username)),
106 "username_raw": user.username,
106 "username_raw": user.username,
107 "email": user.email,
107 "email": user.email,
108 "first_name": h.escape(user.name),
108 "first_name": h.escape(user.name),
109 "last_name": h.escape(user.lastname),
109 "last_name": h.escape(user.lastname),
110 "last_login": h.format_date(user.last_login),
110 "last_login": h.format_date(user.last_login),
111 "last_login_raw": datetime_to_time(user.last_login),
111 "last_login_raw": datetime_to_time(user.last_login),
112 "last_activity": h.format_date(
112 "last_activity": h.format_date(
113 h.time_to_datetime(user.user_data.get('last_activity', 0))),
113 h.time_to_datetime(user.user_data.get('last_activity', 0))),
114 "last_activity_raw": user.user_data.get('last_activity', 0),
114 "last_activity_raw": user.user_data.get('last_activity', 0),
115 "active": h.bool2icon(user.active),
115 "active": h.bool2icon(user.active),
116 "active_raw": user.active,
116 "active_raw": user.active,
117 "admin": h.bool2icon(user.admin),
117 "admin": h.bool2icon(user.admin),
118 "admin_raw": user.admin,
118 "admin_raw": user.admin,
119 "extern_type": user.extern_type,
119 "extern_type": user.extern_type,
120 "extern_name": user.extern_name,
120 "extern_name": user.extern_name,
121 "action": user_actions(user.user_id, user.username),
121 "action": user_actions(user.user_id, user.username),
122 })
122 })
123
123
124
124
125 c.data = json.dumps(users_data)
125 c.data = json.dumps(users_data)
126 return render('admin/users/users.html')
126 return render('admin/users/users.html')
127
127
128 @HasPermissionAllDecorator('hg.admin')
128 @HasPermissionAllDecorator('hg.admin')
129 @auth.CSRFRequired()
129 @auth.CSRFRequired()
130 def create(self):
130 def create(self):
131 """POST /users: Create a new item"""
131 """POST /users: Create a new item"""
132 # url('users')
132 # url('users')
133 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
133 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
134 user_model = UserModel()
134 user_model = UserModel()
135 user_form = UserForm()()
135 user_form = UserForm()()
136 try:
136 try:
137 form_result = user_form.to_python(dict(request.POST))
137 form_result = user_form.to_python(dict(request.POST))
138 user = user_model.create(form_result)
138 user = user_model.create(form_result)
139 Session().flush()
139 Session().flush()
140 username = form_result['username']
140 username = form_result['username']
141 action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
141 action_logger(c.rhodecode_user, 'admin_created_user:%s' % username,
142 None, self.ip_addr, self.sa)
142 None, self.ip_addr, self.sa)
143
143
144 user_link = h.link_to(h.escape(username),
144 user_link = h.link_to(h.escape(username),
145 url('edit_user',
145 url('edit_user',
146 user_id=user.user_id))
146 user_id=user.user_id))
147 h.flash(h.literal(_('Created user %(user_link)s')
147 h.flash(h.literal(_('Created user %(user_link)s')
148 % {'user_link': user_link}), category='success')
148 % {'user_link': user_link}), category='success')
149 Session().commit()
149 Session().commit()
150 except formencode.Invalid as errors:
150 except formencode.Invalid as errors:
151 return htmlfill.render(
151 return htmlfill.render(
152 render('admin/users/user_add.html'),
152 render('admin/users/user_add.html'),
153 defaults=errors.value,
153 defaults=errors.value,
154 errors=errors.error_dict or {},
154 errors=errors.error_dict or {},
155 prefix_error=False,
155 prefix_error=False,
156 encoding="UTF-8",
156 encoding="UTF-8",
157 force_defaults=False)
157 force_defaults=False)
158 except UserCreationError as e:
158 except UserCreationError as e:
159 h.flash(e, 'error')
159 h.flash(e, 'error')
160 except Exception:
160 except Exception:
161 log.exception("Exception creation of user")
161 log.exception("Exception creation of user")
162 h.flash(_('Error occurred during creation of user %s')
162 h.flash(_('Error occurred during creation of user %s')
163 % request.POST.get('username'), category='error')
163 % request.POST.get('username'), category='error')
164 return redirect(url('users'))
164 return redirect(url('users'))
165
165
166 @HasPermissionAllDecorator('hg.admin')
166 @HasPermissionAllDecorator('hg.admin')
167 def new(self):
167 def new(self):
168 """GET /users/new: Form to create a new item"""
168 """GET /users/new: Form to create a new item"""
169 # url('new_user')
169 # url('new_user')
170 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
170 c.default_extern_type = auth_rhodecode.RhodeCodeAuthPlugin.name
171 return render('admin/users/user_add.html')
171 return render('admin/users/user_add.html')
172
172
173 @HasPermissionAllDecorator('hg.admin')
173 @HasPermissionAllDecorator('hg.admin')
174 @auth.CSRFRequired()
174 @auth.CSRFRequired()
175 def update(self, user_id):
175 def update(self, user_id):
176 """PUT /users/user_id: Update an existing item"""
176 """PUT /users/user_id: Update an existing item"""
177 # Forms posted to this method should contain a hidden field:
177 # Forms posted to this method should contain a hidden field:
178 # <input type="hidden" name="_method" value="PUT" />
178 # <input type="hidden" name="_method" value="PUT" />
179 # Or using helpers:
179 # Or using helpers:
180 # h.form(url('update_user', user_id=ID),
180 # h.form(url('update_user', user_id=ID),
181 # method='put')
181 # method='put')
182 # url('user', user_id=ID)
182 # url('user', user_id=ID)
183 user_id = safe_int(user_id)
183 user_id = safe_int(user_id)
184 c.user = User.get_or_404(user_id)
184 c.user = User.get_or_404(user_id)
185 c.active = 'profile'
185 c.active = 'profile'
186 c.extern_type = c.user.extern_type
186 c.extern_type = c.user.extern_type
187 c.extern_name = c.user.extern_name
187 c.extern_name = c.user.extern_name
188 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
188 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
189 available_languages = [x[0] for x in c.allowed_languages]
189 available_languages = [x[0] for x in c.allowed_languages]
190 _form = UserForm(edit=True, available_languages=available_languages,
190 _form = UserForm(edit=True, available_languages=available_languages,
191 old_data={'user_id': user_id,
191 old_data={'user_id': user_id,
192 'email': c.user.email})()
192 'email': c.user.email})()
193 form_result = {}
193 form_result = {}
194 try:
194 try:
195 form_result = _form.to_python(dict(request.POST))
195 form_result = _form.to_python(dict(request.POST))
196 skip_attrs = ['extern_type', 'extern_name']
196 skip_attrs = ['extern_type', 'extern_name']
197 # TODO: plugin should define if username can be updated
197 # TODO: plugin should define if username can be updated
198 if c.extern_type != "rhodecode":
198 if c.extern_type != "rhodecode":
199 # forbid updating username for external accounts
199 # forbid updating username for external accounts
200 skip_attrs.append('username')
200 skip_attrs.append('username')
201
201
202 UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
202 UserModel().update_user(user_id, skip_attrs=skip_attrs, **form_result)
203 usr = form_result['username']
203 usr = form_result['username']
204 action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
204 action_logger(c.rhodecode_user, 'admin_updated_user:%s' % usr,
205 None, self.ip_addr, self.sa)
205 None, self.ip_addr, self.sa)
206 h.flash(_('User updated successfully'), category='success')
206 h.flash(_('User updated successfully'), category='success')
207 Session().commit()
207 Session().commit()
208 except formencode.Invalid as errors:
208 except formencode.Invalid as errors:
209 defaults = errors.value
209 defaults = errors.value
210 e = errors.error_dict or {}
210 e = errors.error_dict or {}
211
211
212 return htmlfill.render(
212 return htmlfill.render(
213 render('admin/users/user_edit.html'),
213 render('admin/users/user_edit.html'),
214 defaults=defaults,
214 defaults=defaults,
215 errors=e,
215 errors=e,
216 prefix_error=False,
216 prefix_error=False,
217 encoding="UTF-8",
217 encoding="UTF-8",
218 force_defaults=False)
218 force_defaults=False)
219 except UserCreationError as e:
220 h.flash(e, 'error')
219 except Exception:
221 except Exception:
220 log.exception("Exception updating user")
222 log.exception("Exception updating user")
221 h.flash(_('Error occurred during update of user %s')
223 h.flash(_('Error occurred during update of user %s')
222 % form_result.get('username'), category='error')
224 % form_result.get('username'), category='error')
223 return redirect(url('edit_user', user_id=user_id))
225 return redirect(url('edit_user', user_id=user_id))
224
226
225 @HasPermissionAllDecorator('hg.admin')
227 @HasPermissionAllDecorator('hg.admin')
226 @auth.CSRFRequired()
228 @auth.CSRFRequired()
227 def delete(self, user_id):
229 def delete(self, user_id):
228 """DELETE /users/user_id: Delete an existing item"""
230 """DELETE /users/user_id: Delete an existing item"""
229 # Forms posted to this method should contain a hidden field:
231 # Forms posted to this method should contain a hidden field:
230 # <input type="hidden" name="_method" value="DELETE" />
232 # <input type="hidden" name="_method" value="DELETE" />
231 # Or using helpers:
233 # Or using helpers:
232 # h.form(url('delete_user', user_id=ID),
234 # h.form(url('delete_user', user_id=ID),
233 # method='delete')
235 # method='delete')
234 # url('user', user_id=ID)
236 # url('user', user_id=ID)
235 user_id = safe_int(user_id)
237 user_id = safe_int(user_id)
236 c.user = User.get_or_404(user_id)
238 c.user = User.get_or_404(user_id)
237
239
238 _repos = c.user.repositories
240 _repos = c.user.repositories
239 _repo_groups = c.user.repository_groups
241 _repo_groups = c.user.repository_groups
240 _user_groups = c.user.user_groups
242 _user_groups = c.user.user_groups
241
243
242 handle_repos = None
244 handle_repos = None
243 handle_repo_groups = None
245 handle_repo_groups = None
244 handle_user_groups = None
246 handle_user_groups = None
245 # dummy call for flash of handle
247 # dummy call for flash of handle
246 set_handle_flash_repos = lambda: None
248 set_handle_flash_repos = lambda: None
247 set_handle_flash_repo_groups = lambda: None
249 set_handle_flash_repo_groups = lambda: None
248 set_handle_flash_user_groups = lambda: None
250 set_handle_flash_user_groups = lambda: None
249
251
250 if _repos and request.POST.get('user_repos'):
252 if _repos and request.POST.get('user_repos'):
251 do = request.POST['user_repos']
253 do = request.POST['user_repos']
252 if do == 'detach':
254 if do == 'detach':
253 handle_repos = 'detach'
255 handle_repos = 'detach'
254 set_handle_flash_repos = lambda: h.flash(
256 set_handle_flash_repos = lambda: h.flash(
255 _('Detached %s repositories') % len(_repos),
257 _('Detached %s repositories') % len(_repos),
256 category='success')
258 category='success')
257 elif do == 'delete':
259 elif do == 'delete':
258 handle_repos = 'delete'
260 handle_repos = 'delete'
259 set_handle_flash_repos = lambda: h.flash(
261 set_handle_flash_repos = lambda: h.flash(
260 _('Deleted %s repositories') % len(_repos),
262 _('Deleted %s repositories') % len(_repos),
261 category='success')
263 category='success')
262
264
263 if _repo_groups and request.POST.get('user_repo_groups'):
265 if _repo_groups and request.POST.get('user_repo_groups'):
264 do = request.POST['user_repo_groups']
266 do = request.POST['user_repo_groups']
265 if do == 'detach':
267 if do == 'detach':
266 handle_repo_groups = 'detach'
268 handle_repo_groups = 'detach'
267 set_handle_flash_repo_groups = lambda: h.flash(
269 set_handle_flash_repo_groups = lambda: h.flash(
268 _('Detached %s repository groups') % len(_repo_groups),
270 _('Detached %s repository groups') % len(_repo_groups),
269 category='success')
271 category='success')
270 elif do == 'delete':
272 elif do == 'delete':
271 handle_repo_groups = 'delete'
273 handle_repo_groups = 'delete'
272 set_handle_flash_repo_groups = lambda: h.flash(
274 set_handle_flash_repo_groups = lambda: h.flash(
273 _('Deleted %s repository groups') % len(_repo_groups),
275 _('Deleted %s repository groups') % len(_repo_groups),
274 category='success')
276 category='success')
275
277
276 if _user_groups and request.POST.get('user_user_groups'):
278 if _user_groups and request.POST.get('user_user_groups'):
277 do = request.POST['user_user_groups']
279 do = request.POST['user_user_groups']
278 if do == 'detach':
280 if do == 'detach':
279 handle_user_groups = 'detach'
281 handle_user_groups = 'detach'
280 set_handle_flash_user_groups = lambda: h.flash(
282 set_handle_flash_user_groups = lambda: h.flash(
281 _('Detached %s user groups') % len(_user_groups),
283 _('Detached %s user groups') % len(_user_groups),
282 category='success')
284 category='success')
283 elif do == 'delete':
285 elif do == 'delete':
284 handle_user_groups = 'delete'
286 handle_user_groups = 'delete'
285 set_handle_flash_user_groups = lambda: h.flash(
287 set_handle_flash_user_groups = lambda: h.flash(
286 _('Deleted %s user groups') % len(_user_groups),
288 _('Deleted %s user groups') % len(_user_groups),
287 category='success')
289 category='success')
288
290
289 try:
291 try:
290 UserModel().delete(c.user, handle_repos=handle_repos,
292 UserModel().delete(c.user, handle_repos=handle_repos,
291 handle_repo_groups=handle_repo_groups,
293 handle_repo_groups=handle_repo_groups,
292 handle_user_groups=handle_user_groups)
294 handle_user_groups=handle_user_groups)
293 Session().commit()
295 Session().commit()
294 set_handle_flash_repos()
296 set_handle_flash_repos()
295 set_handle_flash_repo_groups()
297 set_handle_flash_repo_groups()
296 set_handle_flash_user_groups()
298 set_handle_flash_user_groups()
297 h.flash(_('Successfully deleted user'), category='success')
299 h.flash(_('Successfully deleted user'), category='success')
298 except (UserOwnsReposException, UserOwnsRepoGroupsException,
300 except (UserOwnsReposException, UserOwnsRepoGroupsException,
299 UserOwnsUserGroupsException, DefaultUserException) as e:
301 UserOwnsUserGroupsException, DefaultUserException) as e:
300 h.flash(e, category='warning')
302 h.flash(e, category='warning')
301 except Exception:
303 except Exception:
302 log.exception("Exception during deletion of user")
304 log.exception("Exception during deletion of user")
303 h.flash(_('An error occurred during deletion of user'),
305 h.flash(_('An error occurred during deletion of user'),
304 category='error')
306 category='error')
305 return redirect(url('users'))
307 return redirect(url('users'))
306
308
307 @HasPermissionAllDecorator('hg.admin')
309 @HasPermissionAllDecorator('hg.admin')
308 @auth.CSRFRequired()
310 @auth.CSRFRequired()
309 def reset_password(self, user_id):
311 def reset_password(self, user_id):
310 """
312 """
311 toggle reset password flag for this user
313 toggle reset password flag for this user
312
314
313 :param user_id:
315 :param user_id:
314 """
316 """
315 user_id = safe_int(user_id)
317 user_id = safe_int(user_id)
316 c.user = User.get_or_404(user_id)
318 c.user = User.get_or_404(user_id)
317 try:
319 try:
318 old_value = c.user.user_data.get('force_password_change')
320 old_value = c.user.user_data.get('force_password_change')
319 c.user.update_userdata(force_password_change=not old_value)
321 c.user.update_userdata(force_password_change=not old_value)
320 Session().commit()
322 Session().commit()
321 if old_value:
323 if old_value:
322 msg = _('Force password change disabled for user')
324 msg = _('Force password change disabled for user')
323 else:
325 else:
324 msg = _('Force password change enabled for user')
326 msg = _('Force password change enabled for user')
325 h.flash(msg, category='success')
327 h.flash(msg, category='success')
326 except Exception:
328 except Exception:
327 log.exception("Exception during password reset for user")
329 log.exception("Exception during password reset for user")
328 h.flash(_('An error occurred during password reset for user'),
330 h.flash(_('An error occurred during password reset for user'),
329 category='error')
331 category='error')
330
332
331 return redirect(url('edit_user_advanced', user_id=user_id))
333 return redirect(url('edit_user_advanced', user_id=user_id))
332
334
333 @HasPermissionAllDecorator('hg.admin')
335 @HasPermissionAllDecorator('hg.admin')
334 @auth.CSRFRequired()
336 @auth.CSRFRequired()
335 def create_personal_repo_group(self, user_id):
337 def create_personal_repo_group(self, user_id):
336 """
338 """
337 Create personal repository group for this user
339 Create personal repository group for this user
338
340
339 :param user_id:
341 :param user_id:
340 """
342 """
341 from rhodecode.model.repo_group import RepoGroupModel
343 from rhodecode.model.repo_group import RepoGroupModel
342
344
343 user_id = safe_int(user_id)
345 user_id = safe_int(user_id)
344 c.user = User.get_or_404(user_id)
346 c.user = User.get_or_404(user_id)
345
347
346 try:
348 try:
347 desc = RepoGroupModel.PERSONAL_GROUP_DESC % {
349 desc = RepoGroupModel.PERSONAL_GROUP_DESC % {
348 'username': c.user.username}
350 'username': c.user.username}
349 if not RepoGroup.get_by_group_name(c.user.username):
351 if not RepoGroup.get_by_group_name(c.user.username):
350 RepoGroupModel().create(group_name=c.user.username,
352 RepoGroupModel().create(group_name=c.user.username,
351 group_description=desc,
353 group_description=desc,
352 owner=c.user.username)
354 owner=c.user.username)
353
355
354 msg = _('Created repository group `%s`' % (c.user.username,))
356 msg = _('Created repository group `%s`' % (c.user.username,))
355 h.flash(msg, category='success')
357 h.flash(msg, category='success')
356 except Exception:
358 except Exception:
357 log.exception("Exception during repository group creation")
359 log.exception("Exception during repository group creation")
358 msg = _(
360 msg = _(
359 'An error occurred during repository group creation for user')
361 'An error occurred during repository group creation for user')
360 h.flash(msg, category='error')
362 h.flash(msg, category='error')
361
363
362 return redirect(url('edit_user_advanced', user_id=user_id))
364 return redirect(url('edit_user_advanced', user_id=user_id))
363
365
364 @HasPermissionAllDecorator('hg.admin')
366 @HasPermissionAllDecorator('hg.admin')
365 def show(self, user_id):
367 def show(self, user_id):
366 """GET /users/user_id: Show a specific item"""
368 """GET /users/user_id: Show a specific item"""
367 # url('user', user_id=ID)
369 # url('user', user_id=ID)
368 User.get_or_404(-1)
370 User.get_or_404(-1)
369
371
370 @HasPermissionAllDecorator('hg.admin')
372 @HasPermissionAllDecorator('hg.admin')
371 def edit(self, user_id):
373 def edit(self, user_id):
372 """GET /users/user_id/edit: Form to edit an existing item"""
374 """GET /users/user_id/edit: Form to edit an existing item"""
373 # url('edit_user', user_id=ID)
375 # url('edit_user', user_id=ID)
374 user_id = safe_int(user_id)
376 user_id = safe_int(user_id)
375 c.user = User.get_or_404(user_id)
377 c.user = User.get_or_404(user_id)
376 if c.user.username == User.DEFAULT_USER:
378 if c.user.username == User.DEFAULT_USER:
377 h.flash(_("You can't edit this user"), category='warning')
379 h.flash(_("You can't edit this user"), category='warning')
378 return redirect(url('users'))
380 return redirect(url('users'))
379
381
380 c.active = 'profile'
382 c.active = 'profile'
381 c.extern_type = c.user.extern_type
383 c.extern_type = c.user.extern_type
382 c.extern_name = c.user.extern_name
384 c.extern_name = c.user.extern_name
383 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
385 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
384
386
385 defaults = c.user.get_dict()
387 defaults = c.user.get_dict()
386 defaults.update({'language': c.user.user_data.get('language')})
388 defaults.update({'language': c.user.user_data.get('language')})
387 return htmlfill.render(
389 return htmlfill.render(
388 render('admin/users/user_edit.html'),
390 render('admin/users/user_edit.html'),
389 defaults=defaults,
391 defaults=defaults,
390 encoding="UTF-8",
392 encoding="UTF-8",
391 force_defaults=False)
393 force_defaults=False)
392
394
393 @HasPermissionAllDecorator('hg.admin')
395 @HasPermissionAllDecorator('hg.admin')
394 def edit_advanced(self, user_id):
396 def edit_advanced(self, user_id):
395 user_id = safe_int(user_id)
397 user_id = safe_int(user_id)
396 user = c.user = User.get_or_404(user_id)
398 user = c.user = User.get_or_404(user_id)
397 if user.username == User.DEFAULT_USER:
399 if user.username == User.DEFAULT_USER:
398 h.flash(_("You can't edit this user"), category='warning')
400 h.flash(_("You can't edit this user"), category='warning')
399 return redirect(url('users'))
401 return redirect(url('users'))
400
402
401 c.active = 'advanced'
403 c.active = 'advanced'
402 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
404 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
403 c.personal_repo_group = RepoGroup.get_by_group_name(user.username)
405 c.personal_repo_group = RepoGroup.get_by_group_name(user.username)
404 c.first_admin = User.get_first_admin()
406 c.first_admin = User.get_first_admin()
405 defaults = user.get_dict()
407 defaults = user.get_dict()
406
408
407 # Interim workaround if the user participated on any pull requests as a
409 # Interim workaround if the user participated on any pull requests as a
408 # reviewer.
410 # reviewer.
409 has_review = bool(PullRequestReviewers.query().filter(
411 has_review = bool(PullRequestReviewers.query().filter(
410 PullRequestReviewers.user_id == user_id).first())
412 PullRequestReviewers.user_id == user_id).first())
411 c.can_delete_user = not has_review
413 c.can_delete_user = not has_review
412 c.can_delete_user_message = _(
414 c.can_delete_user_message = _(
413 'The user participates as reviewer in pull requests and '
415 'The user participates as reviewer in pull requests and '
414 'cannot be deleted. You can set the user to '
416 'cannot be deleted. You can set the user to '
415 '"inactive" instead of deleting it.') if has_review else ''
417 '"inactive" instead of deleting it.') if has_review else ''
416
418
417 return htmlfill.render(
419 return htmlfill.render(
418 render('admin/users/user_edit.html'),
420 render('admin/users/user_edit.html'),
419 defaults=defaults,
421 defaults=defaults,
420 encoding="UTF-8",
422 encoding="UTF-8",
421 force_defaults=False)
423 force_defaults=False)
422
424
423 @HasPermissionAllDecorator('hg.admin')
425 @HasPermissionAllDecorator('hg.admin')
424 def edit_auth_tokens(self, user_id):
426 def edit_auth_tokens(self, user_id):
425 user_id = safe_int(user_id)
427 user_id = safe_int(user_id)
426 c.user = User.get_or_404(user_id)
428 c.user = User.get_or_404(user_id)
427 if c.user.username == User.DEFAULT_USER:
429 if c.user.username == User.DEFAULT_USER:
428 h.flash(_("You can't edit this user"), category='warning')
430 h.flash(_("You can't edit this user"), category='warning')
429 return redirect(url('users'))
431 return redirect(url('users'))
430
432
431 c.active = 'auth_tokens'
433 c.active = 'auth_tokens'
432 show_expired = True
434 show_expired = True
433 c.lifetime_values = [
435 c.lifetime_values = [
434 (str(-1), _('forever')),
436 (str(-1), _('forever')),
435 (str(5), _('5 minutes')),
437 (str(5), _('5 minutes')),
436 (str(60), _('1 hour')),
438 (str(60), _('1 hour')),
437 (str(60 * 24), _('1 day')),
439 (str(60 * 24), _('1 day')),
438 (str(60 * 24 * 30), _('1 month')),
440 (str(60 * 24 * 30), _('1 month')),
439 ]
441 ]
440 c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
442 c.lifetime_options = [(c.lifetime_values, _("Lifetime"))]
441 c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))
443 c.role_values = [(x, AuthTokenModel.cls._get_role_name(x))
442 for x in AuthTokenModel.cls.ROLES]
444 for x in AuthTokenModel.cls.ROLES]
443 c.role_options = [(c.role_values, _("Role"))]
445 c.role_options = [(c.role_values, _("Role"))]
444 c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
446 c.user_auth_tokens = AuthTokenModel().get_auth_tokens(
445 c.user.user_id, show_expired=show_expired)
447 c.user.user_id, show_expired=show_expired)
446 defaults = c.user.get_dict()
448 defaults = c.user.get_dict()
447 return htmlfill.render(
449 return htmlfill.render(
448 render('admin/users/user_edit.html'),
450 render('admin/users/user_edit.html'),
449 defaults=defaults,
451 defaults=defaults,
450 encoding="UTF-8",
452 encoding="UTF-8",
451 force_defaults=False)
453 force_defaults=False)
452
454
453 @HasPermissionAllDecorator('hg.admin')
455 @HasPermissionAllDecorator('hg.admin')
454 @auth.CSRFRequired()
456 @auth.CSRFRequired()
455 def add_auth_token(self, user_id):
457 def add_auth_token(self, user_id):
456 user_id = safe_int(user_id)
458 user_id = safe_int(user_id)
457 c.user = User.get_or_404(user_id)
459 c.user = User.get_or_404(user_id)
458 if c.user.username == User.DEFAULT_USER:
460 if c.user.username == User.DEFAULT_USER:
459 h.flash(_("You can't edit this user"), category='warning')
461 h.flash(_("You can't edit this user"), category='warning')
460 return redirect(url('users'))
462 return redirect(url('users'))
461
463
462 lifetime = safe_int(request.POST.get('lifetime'), -1)
464 lifetime = safe_int(request.POST.get('lifetime'), -1)
463 description = request.POST.get('description')
465 description = request.POST.get('description')
464 role = request.POST.get('role')
466 role = request.POST.get('role')
465 AuthTokenModel().create(c.user.user_id, description, lifetime, role)
467 AuthTokenModel().create(c.user.user_id, description, lifetime, role)
466 Session().commit()
468 Session().commit()
467 h.flash(_("Auth token successfully created"), category='success')
469 h.flash(_("Auth token successfully created"), category='success')
468 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
470 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
469
471
470 @HasPermissionAllDecorator('hg.admin')
472 @HasPermissionAllDecorator('hg.admin')
471 @auth.CSRFRequired()
473 @auth.CSRFRequired()
472 def delete_auth_token(self, user_id):
474 def delete_auth_token(self, user_id):
473 user_id = safe_int(user_id)
475 user_id = safe_int(user_id)
474 c.user = User.get_or_404(user_id)
476 c.user = User.get_or_404(user_id)
475 if c.user.username == User.DEFAULT_USER:
477 if c.user.username == User.DEFAULT_USER:
476 h.flash(_("You can't edit this user"), category='warning')
478 h.flash(_("You can't edit this user"), category='warning')
477 return redirect(url('users'))
479 return redirect(url('users'))
478
480
479 auth_token = request.POST.get('del_auth_token')
481 auth_token = request.POST.get('del_auth_token')
480 if request.POST.get('del_auth_token_builtin'):
482 if request.POST.get('del_auth_token_builtin'):
481 user = User.get(c.user.user_id)
483 user = User.get(c.user.user_id)
482 if user:
484 if user:
483 user.api_key = generate_auth_token(user.username)
485 user.api_key = generate_auth_token(user.username)
484 Session().add(user)
486 Session().add(user)
485 Session().commit()
487 Session().commit()
486 h.flash(_("Auth token successfully reset"), category='success')
488 h.flash(_("Auth token successfully reset"), category='success')
487 elif auth_token:
489 elif auth_token:
488 AuthTokenModel().delete(auth_token, c.user.user_id)
490 AuthTokenModel().delete(auth_token, c.user.user_id)
489 Session().commit()
491 Session().commit()
490 h.flash(_("Auth token successfully deleted"), category='success')
492 h.flash(_("Auth token successfully deleted"), category='success')
491
493
492 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
494 return redirect(url('edit_user_auth_tokens', user_id=c.user.user_id))
493
495
494 @HasPermissionAllDecorator('hg.admin')
496 @HasPermissionAllDecorator('hg.admin')
495 def edit_global_perms(self, user_id):
497 def edit_global_perms(self, user_id):
496 user_id = safe_int(user_id)
498 user_id = safe_int(user_id)
497 c.user = User.get_or_404(user_id)
499 c.user = User.get_or_404(user_id)
498 if c.user.username == User.DEFAULT_USER:
500 if c.user.username == User.DEFAULT_USER:
499 h.flash(_("You can't edit this user"), category='warning')
501 h.flash(_("You can't edit this user"), category='warning')
500 return redirect(url('users'))
502 return redirect(url('users'))
501
503
502 c.active = 'global_perms'
504 c.active = 'global_perms'
503
505
504 c.default_user = User.get_default_user()
506 c.default_user = User.get_default_user()
505 defaults = c.user.get_dict()
507 defaults = c.user.get_dict()
506 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
508 defaults.update(c.default_user.get_default_perms(suffix='_inherited'))
507 defaults.update(c.default_user.get_default_perms())
509 defaults.update(c.default_user.get_default_perms())
508 defaults.update(c.user.get_default_perms())
510 defaults.update(c.user.get_default_perms())
509
511
510 return htmlfill.render(
512 return htmlfill.render(
511 render('admin/users/user_edit.html'),
513 render('admin/users/user_edit.html'),
512 defaults=defaults,
514 defaults=defaults,
513 encoding="UTF-8",
515 encoding="UTF-8",
514 force_defaults=False)
516 force_defaults=False)
515
517
516 @HasPermissionAllDecorator('hg.admin')
518 @HasPermissionAllDecorator('hg.admin')
517 @auth.CSRFRequired()
519 @auth.CSRFRequired()
518 def update_global_perms(self, user_id):
520 def update_global_perms(self, user_id):
519 """PUT /users_perm/user_id: Update an existing item"""
521 """PUT /users_perm/user_id: Update an existing item"""
520 # url('user_perm', user_id=ID, method='put')
522 # url('user_perm', user_id=ID, method='put')
521 user_id = safe_int(user_id)
523 user_id = safe_int(user_id)
522 user = User.get_or_404(user_id)
524 user = User.get_or_404(user_id)
523 c.active = 'global_perms'
525 c.active = 'global_perms'
524 try:
526 try:
525 # first stage that verifies the checkbox
527 # first stage that verifies the checkbox
526 _form = UserIndividualPermissionsForm()
528 _form = UserIndividualPermissionsForm()
527 form_result = _form.to_python(dict(request.POST))
529 form_result = _form.to_python(dict(request.POST))
528 inherit_perms = form_result['inherit_default_permissions']
530 inherit_perms = form_result['inherit_default_permissions']
529 user.inherit_default_permissions = inherit_perms
531 user.inherit_default_permissions = inherit_perms
530 Session().add(user)
532 Session().add(user)
531
533
532 if not inherit_perms:
534 if not inherit_perms:
533 # only update the individual ones if we un check the flag
535 # only update the individual ones if we un check the flag
534 _form = UserPermissionsForm(
536 _form = UserPermissionsForm(
535 [x[0] for x in c.repo_create_choices],
537 [x[0] for x in c.repo_create_choices],
536 [x[0] for x in c.repo_create_on_write_choices],
538 [x[0] for x in c.repo_create_on_write_choices],
537 [x[0] for x in c.repo_group_create_choices],
539 [x[0] for x in c.repo_group_create_choices],
538 [x[0] for x in c.user_group_create_choices],
540 [x[0] for x in c.user_group_create_choices],
539 [x[0] for x in c.fork_choices],
541 [x[0] for x in c.fork_choices],
540 [x[0] for x in c.inherit_default_permission_choices])()
542 [x[0] for x in c.inherit_default_permission_choices])()
541
543
542 form_result = _form.to_python(dict(request.POST))
544 form_result = _form.to_python(dict(request.POST))
543 form_result.update({'perm_user_id': user.user_id})
545 form_result.update({'perm_user_id': user.user_id})
544
546
545 PermissionModel().update_user_permissions(form_result)
547 PermissionModel().update_user_permissions(form_result)
546
548
547 Session().commit()
549 Session().commit()
548 h.flash(_('User global permissions updated successfully'),
550 h.flash(_('User global permissions updated successfully'),
549 category='success')
551 category='success')
550
552
551 Session().commit()
553 Session().commit()
552 except formencode.Invalid as errors:
554 except formencode.Invalid as errors:
553 defaults = errors.value
555 defaults = errors.value
554 c.user = user
556 c.user = user
555 return htmlfill.render(
557 return htmlfill.render(
556 render('admin/users/user_edit.html'),
558 render('admin/users/user_edit.html'),
557 defaults=defaults,
559 defaults=defaults,
558 errors=errors.error_dict or {},
560 errors=errors.error_dict or {},
559 prefix_error=False,
561 prefix_error=False,
560 encoding="UTF-8",
562 encoding="UTF-8",
561 force_defaults=False)
563 force_defaults=False)
562 except Exception:
564 except Exception:
563 log.exception("Exception during permissions saving")
565 log.exception("Exception during permissions saving")
564 h.flash(_('An error occurred during permissions saving'),
566 h.flash(_('An error occurred during permissions saving'),
565 category='error')
567 category='error')
566 return redirect(url('edit_user_global_perms', user_id=user_id))
568 return redirect(url('edit_user_global_perms', user_id=user_id))
567
569
568 @HasPermissionAllDecorator('hg.admin')
570 @HasPermissionAllDecorator('hg.admin')
569 def edit_perms_summary(self, user_id):
571 def edit_perms_summary(self, user_id):
570 user_id = safe_int(user_id)
572 user_id = safe_int(user_id)
571 c.user = User.get_or_404(user_id)
573 c.user = User.get_or_404(user_id)
572 if c.user.username == User.DEFAULT_USER:
574 if c.user.username == User.DEFAULT_USER:
573 h.flash(_("You can't edit this user"), category='warning')
575 h.flash(_("You can't edit this user"), category='warning')
574 return redirect(url('users'))
576 return redirect(url('users'))
575
577
576 c.active = 'perms_summary'
578 c.active = 'perms_summary'
577 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
579 c.perm_user = AuthUser(user_id=user_id, ip_addr=self.ip_addr)
578
580
579 return render('admin/users/user_edit.html')
581 return render('admin/users/user_edit.html')
580
582
581 @HasPermissionAllDecorator('hg.admin')
583 @HasPermissionAllDecorator('hg.admin')
582 def edit_emails(self, user_id):
584 def edit_emails(self, user_id):
583 user_id = safe_int(user_id)
585 user_id = safe_int(user_id)
584 c.user = User.get_or_404(user_id)
586 c.user = User.get_or_404(user_id)
585 if c.user.username == User.DEFAULT_USER:
587 if c.user.username == User.DEFAULT_USER:
586 h.flash(_("You can't edit this user"), category='warning')
588 h.flash(_("You can't edit this user"), category='warning')
587 return redirect(url('users'))
589 return redirect(url('users'))
588
590
589 c.active = 'emails'
591 c.active = 'emails'
590 c.user_email_map = UserEmailMap.query() \
592 c.user_email_map = UserEmailMap.query() \
591 .filter(UserEmailMap.user == c.user).all()
593 .filter(UserEmailMap.user == c.user).all()
592
594
593 defaults = c.user.get_dict()
595 defaults = c.user.get_dict()
594 return htmlfill.render(
596 return htmlfill.render(
595 render('admin/users/user_edit.html'),
597 render('admin/users/user_edit.html'),
596 defaults=defaults,
598 defaults=defaults,
597 encoding="UTF-8",
599 encoding="UTF-8",
598 force_defaults=False)
600 force_defaults=False)
599
601
600 @HasPermissionAllDecorator('hg.admin')
602 @HasPermissionAllDecorator('hg.admin')
601 @auth.CSRFRequired()
603 @auth.CSRFRequired()
602 def add_email(self, user_id):
604 def add_email(self, user_id):
603 """POST /user_emails:Add an existing item"""
605 """POST /user_emails:Add an existing item"""
604 # url('user_emails', user_id=ID, method='put')
606 # url('user_emails', user_id=ID, method='put')
605 user_id = safe_int(user_id)
607 user_id = safe_int(user_id)
606 c.user = User.get_or_404(user_id)
608 c.user = User.get_or_404(user_id)
607
609
608 email = request.POST.get('new_email')
610 email = request.POST.get('new_email')
609 user_model = UserModel()
611 user_model = UserModel()
610
612
611 try:
613 try:
612 user_model.add_extra_email(user_id, email)
614 user_model.add_extra_email(user_id, email)
613 Session().commit()
615 Session().commit()
614 h.flash(_("Added new email address `%s` for user account") % email,
616 h.flash(_("Added new email address `%s` for user account") % email,
615 category='success')
617 category='success')
616 except formencode.Invalid as error:
618 except formencode.Invalid as error:
617 msg = error.error_dict['email']
619 msg = error.error_dict['email']
618 h.flash(msg, category='error')
620 h.flash(msg, category='error')
619 except Exception:
621 except Exception:
620 log.exception("Exception during email saving")
622 log.exception("Exception during email saving")
621 h.flash(_('An error occurred during email saving'),
623 h.flash(_('An error occurred during email saving'),
622 category='error')
624 category='error')
623 return redirect(url('edit_user_emails', user_id=user_id))
625 return redirect(url('edit_user_emails', user_id=user_id))
624
626
625 @HasPermissionAllDecorator('hg.admin')
627 @HasPermissionAllDecorator('hg.admin')
626 @auth.CSRFRequired()
628 @auth.CSRFRequired()
627 def delete_email(self, user_id):
629 def delete_email(self, user_id):
628 """DELETE /user_emails_delete/user_id: Delete an existing item"""
630 """DELETE /user_emails_delete/user_id: Delete an existing item"""
629 # url('user_emails_delete', user_id=ID, method='delete')
631 # url('user_emails_delete', user_id=ID, method='delete')
630 user_id = safe_int(user_id)
632 user_id = safe_int(user_id)
631 c.user = User.get_or_404(user_id)
633 c.user = User.get_or_404(user_id)
632 email_id = request.POST.get('del_email_id')
634 email_id = request.POST.get('del_email_id')
633 user_model = UserModel()
635 user_model = UserModel()
634 user_model.delete_extra_email(user_id, email_id)
636 user_model.delete_extra_email(user_id, email_id)
635 Session().commit()
637 Session().commit()
636 h.flash(_("Removed email address from user account"), category='success')
638 h.flash(_("Removed email address from user account"), category='success')
637 return redirect(url('edit_user_emails', user_id=user_id))
639 return redirect(url('edit_user_emails', user_id=user_id))
638
640
639 @HasPermissionAllDecorator('hg.admin')
641 @HasPermissionAllDecorator('hg.admin')
640 def edit_ips(self, user_id):
642 def edit_ips(self, user_id):
641 user_id = safe_int(user_id)
643 user_id = safe_int(user_id)
642 c.user = User.get_or_404(user_id)
644 c.user = User.get_or_404(user_id)
643 if c.user.username == User.DEFAULT_USER:
645 if c.user.username == User.DEFAULT_USER:
644 h.flash(_("You can't edit this user"), category='warning')
646 h.flash(_("You can't edit this user"), category='warning')
645 return redirect(url('users'))
647 return redirect(url('users'))
646
648
647 c.active = 'ips'
649 c.active = 'ips'
648 c.user_ip_map = UserIpMap.query() \
650 c.user_ip_map = UserIpMap.query() \
649 .filter(UserIpMap.user == c.user).all()
651 .filter(UserIpMap.user == c.user).all()
650
652
651 c.inherit_default_ips = c.user.inherit_default_permissions
653 c.inherit_default_ips = c.user.inherit_default_permissions
652 c.default_user_ip_map = UserIpMap.query() \
654 c.default_user_ip_map = UserIpMap.query() \
653 .filter(UserIpMap.user == User.get_default_user()).all()
655 .filter(UserIpMap.user == User.get_default_user()).all()
654
656
655 defaults = c.user.get_dict()
657 defaults = c.user.get_dict()
656 return htmlfill.render(
658 return htmlfill.render(
657 render('admin/users/user_edit.html'),
659 render('admin/users/user_edit.html'),
658 defaults=defaults,
660 defaults=defaults,
659 encoding="UTF-8",
661 encoding="UTF-8",
660 force_defaults=False)
662 force_defaults=False)
661
663
662 @HasPermissionAllDecorator('hg.admin')
664 @HasPermissionAllDecorator('hg.admin')
663 @auth.CSRFRequired()
665 @auth.CSRFRequired()
664 def add_ip(self, user_id):
666 def add_ip(self, user_id):
665 """POST /user_ips:Add an existing item"""
667 """POST /user_ips:Add an existing item"""
666 # url('user_ips', user_id=ID, method='put')
668 # url('user_ips', user_id=ID, method='put')
667
669
668 user_id = safe_int(user_id)
670 user_id = safe_int(user_id)
669 c.user = User.get_or_404(user_id)
671 c.user = User.get_or_404(user_id)
670 user_model = UserModel()
672 user_model = UserModel()
671 try:
673 try:
672 ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
674 ip_list = user_model.parse_ip_range(request.POST.get('new_ip'))
673 except Exception as e:
675 except Exception as e:
674 ip_list = []
676 ip_list = []
675 log.exception("Exception during ip saving")
677 log.exception("Exception during ip saving")
676 h.flash(_('An error occurred during ip saving:%s' % (e,)),
678 h.flash(_('An error occurred during ip saving:%s' % (e,)),
677 category='error')
679 category='error')
678
680
679 desc = request.POST.get('description')
681 desc = request.POST.get('description')
680 added = []
682 added = []
681 for ip in ip_list:
683 for ip in ip_list:
682 try:
684 try:
683 user_model.add_extra_ip(user_id, ip, desc)
685 user_model.add_extra_ip(user_id, ip, desc)
684 Session().commit()
686 Session().commit()
685 added.append(ip)
687 added.append(ip)
686 except formencode.Invalid as error:
688 except formencode.Invalid as error:
687 msg = error.error_dict['ip']
689 msg = error.error_dict['ip']
688 h.flash(msg, category='error')
690 h.flash(msg, category='error')
689 except Exception:
691 except Exception:
690 log.exception("Exception during ip saving")
692 log.exception("Exception during ip saving")
691 h.flash(_('An error occurred during ip saving'),
693 h.flash(_('An error occurred during ip saving'),
692 category='error')
694 category='error')
693 if added:
695 if added:
694 h.flash(
696 h.flash(
695 _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
697 _("Added ips %s to user whitelist") % (', '.join(ip_list), ),
696 category='success')
698 category='success')
697 if 'default_user' in request.POST:
699 if 'default_user' in request.POST:
698 return redirect(url('admin_permissions_ips'))
700 return redirect(url('admin_permissions_ips'))
699 return redirect(url('edit_user_ips', user_id=user_id))
701 return redirect(url('edit_user_ips', user_id=user_id))
700
702
701 @HasPermissionAllDecorator('hg.admin')
703 @HasPermissionAllDecorator('hg.admin')
702 @auth.CSRFRequired()
704 @auth.CSRFRequired()
703 def delete_ip(self, user_id):
705 def delete_ip(self, user_id):
704 """DELETE /user_ips_delete/user_id: Delete an existing item"""
706 """DELETE /user_ips_delete/user_id: Delete an existing item"""
705 # url('user_ips_delete', user_id=ID, method='delete')
707 # url('user_ips_delete', user_id=ID, method='delete')
706 user_id = safe_int(user_id)
708 user_id = safe_int(user_id)
707 c.user = User.get_or_404(user_id)
709 c.user = User.get_or_404(user_id)
708
710
709 ip_id = request.POST.get('del_ip_id')
711 ip_id = request.POST.get('del_ip_id')
710 user_model = UserModel()
712 user_model = UserModel()
711 user_model.delete_extra_ip(user_id, ip_id)
713 user_model.delete_extra_ip(user_id, ip_id)
712 Session().commit()
714 Session().commit()
713 h.flash(_("Removed ip address from user whitelist"), category='success')
715 h.flash(_("Removed ip address from user whitelist"), category='success')
714
716
715 if 'default_user' in request.POST:
717 if 'default_user' in request.POST:
716 return redirect(url('admin_permissions_ips'))
718 return redirect(url('admin_permissions_ips'))
717 return redirect(url('edit_user_ips', user_id=user_id))
719 return redirect(url('edit_user_ips', user_id=user_id))
General Comments 0
You need to be logged in to leave comments. Login now