21
21
import formencode.validators
22
22
from genshi.filters import HTMLFormFiller
24
from ivle.webapp import ApplicationRoot
25
24
from ivle.webapp.base.rest import JSONRESTView, require_permission
26
25
from ivle.webapp.base.xhtml import XHTMLView
27
26
from ivle.webapp.base.plugins import ViewPlugin, MediaPlugin
28
from ivle.webapp.admin.publishing import root_to_user, user_url
29
from ivle.database import User
27
from ivle.webapp.errors import NotFound, Unauthorized
30
28
import ivle.database
35
class UsersView(XHTMLView):
36
"""A list of all IVLE users."""
37
template = 'templates/users.html'
39
breadcrumb_text = 'Users'
41
def authorize(self, req):
42
return req.user and req.user.admin
44
def populate(self, req, ctx):
46
ctx['users'] = req.store.find(User).order_by(User.login)
49
32
# List of fields returned as part of the user JSON dictionary
50
33
# (as returned by the get_user action)
51
34
user_fields_list = (
59
42
A REST interface to the user object.
44
def __init__(self, req, login):
45
super(UserRESTView, self).__init__(self, req, login)
46
self.context = ivle.database.User.get_by_login(req.store, login)
47
if self.context is None:
62
50
@require_permission('view')
63
51
def GET(self, req):
79
67
class UserEditView(XHTMLView):
80
68
"""A form to change a user's details."""
81
69
template = 'templates/user-edit.html'
83
71
permission = 'edit'
73
def __init__(self, req, login):
74
self.context = ivle.database.User.get_by_login(req.store, login)
75
if self.context is None:
85
78
def filter(self, stream, ctx):
86
79
return stream | HTMLFormFiller(data=ctx['data'])
115
108
class UserAdminSchema(formencode.Schema):
116
109
admin = formencode.validators.StringBoolean(if_missing=False)
117
disabled = formencode.validators.StringBoolean(if_missing=False)
118
110
fullname = formencode.validators.UnicodeString(not_empty=True)
119
111
studentid = formencode.validators.UnicodeString(not_empty=False,
123
115
class UserAdminView(XHTMLView):
124
116
"""A form for admins to change more of a user's details."""
125
117
template = 'templates/user-admin.html'
120
def __init__(self, req, login):
121
self.context = ivle.database.User.get_by_login(req.store, login)
122
if self.context is None:
128
125
def authorize(self, req):
129
126
"""Only allow access if the requesting user is an admin."""
130
return req.user and req.user.admin
127
return req.user.admin
132
129
def filter(self, stream, ctx):
133
130
return stream | HTMLFormFiller(data=ctx['data'])
139
136
validator = UserAdminSchema()
140
137
data = validator.to_python(data, state=req)
142
if self.context is req.user:
143
# Admin checkbox is disabled -- assume unchanged
144
data['admin'] = self.context.admin
145
data['disabled'] = self.context.state == u'disabled'
147
self.context.admin = data['admin']
148
if self.context.state in (u'enabled', u'disabled'):
149
self.context.state = (u'disabled' if data['disabled']
139
self.context.admin = data['admin']
151
140
self.context.fullname = data['fullname'] \
152
141
if data['fullname'] else None
153
142
self.context.studentid = data['studentid'] \
158
147
errors = e.unpack_errors()
160
149
data = {'admin': self.context.admin,
161
'disabled': self.context.state == u'disabled',
162
150
'fullname': self.context.fullname,
163
151
'studentid': self.context.studentid,
168
156
ctx['user'] = self.context
169
# Disable the Admin checkbox if editing oneself
170
ctx['disable_admin'] = self.context is req.user
171
157
ctx['data'] = data
172
158
ctx['errors'] = errors
174
160
class PasswordChangeView(XHTMLView):
175
161
"""A form to change a user's password, with knowledge of the old one."""
176
162
template = 'templates/user-password-change.html'
178
164
permission = 'edit'
166
def __init__(self, req, login):
167
self.context = ivle.database.User.get_by_login(req.store, login)
168
if self.context is None:
180
171
def authorize(self, req):
181
172
"""Only allow access if the requesting user holds the permission,
182
173
and the target user has a password set. Otherwise we might be
208
199
class PasswordResetView(XHTMLView):
209
200
"""A form to reset a user's password, without knowledge of the old one."""
210
201
template = 'templates/user-password-reset.html'
204
def __init__(self, req, login):
205
self.context = ivle.database.User.get_by_login(req.store, login)
206
if self.context is None:
213
209
def authorize(self, req):
214
210
"""Only allow access if the requesting user is an admin."""
215
return req.user and req.user.admin
211
return req.user.admin
217
213
def populate(self, req, ctx):
235
231
The Plugin class for the user plugin.
238
forward_routes = (root_to_user,)
239
reverse_routes = (user_url,)
240
views = [(ApplicationRoot, 'users', UsersView),
241
(ivle.database.User, '+index', UserEditView),
242
(ivle.database.User, '+admin', UserAdminView),
243
(ivle.database.User, '+changepassword', PasswordChangeView),
244
(ivle.database.User, '+resetpassword', PasswordResetView),
245
(ivle.database.User, '+index', UserRESTView, 'api'),
249
('users', 'Users', 'Display and edit all users',
250
'users.png', 'users', 90, True)
233
# Magic attribute: urls
234
# Sequence of pairs/triples of
235
# (regex str, handler class, kwargs dict)
236
# The kwargs dict is passed to the __init__ of the view object
238
('~:login/+edit', UserEditView),
239
('~:login/+admin', UserAdminView),
240
('~:login/+changepassword', PasswordChangeView),
241
('~:login/+resetpassword', PasswordResetView),
242
('api/~:login', UserRESTView),
253
public_forward_routes = forward_routes
254
public_reverse_routes = reverse_routes
256
245
media = 'user-media'
added
removed
ivle/webapp/admin/user.py
