« back to all changes in this revision
Viewing changes to www/apps/userservice/__init__.py
- browse files at revision 550
- compare with another revision
- download diff
- download tarball
- view history from revision 550
- Committer: mattgiuca
- Date: 2008-02-22 06:26:59 UTC
- Revision ID: svn-v3-trunk0:2b9c9e99-6f39-0410-b283-7f802c844ae2:trunk:550
userservice: Added error messages.
- files modified:
- www/apps/userservice/__init__.py
added
removed
www/apps/userservice/__init__.py
101
101
"""Handler for the Console Service AJAX backend application."""
102
102
if req.user is None:
103
103
# Not logged in
104
req.throw_error(req.HTTP_FORBIDDEN)
104
req.throw_error(req.HTTP_FORBIDDEN,
105
"You are not logged in to IVLE.")
105
106
if len(req.path) > 0 and req.path[-1] == os.sep:
106
107
path = req.path[:-1]
107
108
else:
111
112
try:
112
113
func = actions_map[req.path]
113
114
except KeyError:
114
req.throw_error(req.HTTP_BAD_REQUEST)
115
req.throw_error(req.HTTP_BAD_REQUEST,
116
"%s is not a valid userservice action." % repr(req.path))
115
117
func(req, fields)
116
118
117
119
def handle_activate_me(req, fields):
135
137
db = common.db.DB()
136
138
try:
137
139
if req.method != "POST":
138
req.throw_error(req.HTTP_METHOD_NOT_ALLOWED)
140
req.throw_error(req.HTTP_METHOD_NOT_ALLOWED,
141
"Only POST requests are valid methods to activate_me.")
139
142
try:
140
143
declaration = fields.getfirst('declaration')
141
144
except AttributeError:
142
req.throw_error(req.HTTP_BAD_REQUEST)
145
declaration = None # Will fail next test
143
146
if declaration != USER_DECLARATION:
144
req.throw_error(req.HTTP_BAD_REQUEST)
147
req.throw_error(req.HTTP_BAD_REQUEST,
148
"Please use the Terms of Service form instead of talking to "
149
"this service directly.")
145
150
146
151
# Make sure the user's status is "no_agreement", and set status to
147
152
# pending, within the one transaction. This ensures we only do this
154
159
# (Both to avoid redundant calls, and to stop disabled users from
155
160
# re-enabling their accounts).
156
161
if user_details.state != "no_agreement":
157
req.throw_error(req.HTTP_BAD_REQUEST)
162
req.throw_error(req.HTTP_BAD_REQUEST,
163
"You have already agreed to the terms.")
158
164
# Write state "pending" to ensure we don't try this again
159
165
db.update_user(req.user.login, state="pending")
160
166
except:
194
200
allows the user to accept an agreement.
195
201
"""
196
202
if req.method != "POST":
197
req.throw_error(req.HTTP_METHOD_NOT_ALLOWED)
203
req.throw_error(req.HTTP_METHOD_NOT_ALLOWED,
204
"Only POST requests are valid methods to create_user.")
198
205
# Check if this user has CAP_UPDATEUSER
199
206
if not req.user.hasCap(caps.CAP_UPDATEUSER):
200
req.throw_error(req.HTTP_FORBIDDEN)
207
req.throw_error(req.HTTP_FORBIDDEN,
208
"You do not have permission to create users.")
201
209
202
210
# Make a dict of fields to create
203
211
create = {}
206
214
if val is not None:
207
215
create[f] = val
208
216
else:
209
req.throw_error(req.HTTP_BAD_REQUEST)
217
req.throw_error(req.HTTP_BAD_REQUEST,
218
"Required field %s missing." % repr(f))
210
219
for f in create_user_fields_optional:
211
220
val = fields.getfirst(f)
212
221
if val is not None:
236
245
or with full powers by a user with CAP_UPDATEUSER on any account.
237
246
"""
238
247
if req.method != "POST":
239
req.throw_error(req.HTTP_METHOD_NOT_ALLOWED)
248
req.throw_error(req.HTTP_METHOD_NOT_ALLOWED,
249
"Only POST requests are valid methods to create_user.")
240
250
241
251
# Only give full powers if this user has CAP_UPDATEUSER
242
252
fullpowers = req.user.hasCap(caps.CAP_UPDATEUSER)
248
258
login = fields.getfirst('login')
249
259
if not fullpowers and login != req.user.login:
250
260
# Not allowed to edit other users
251
req.throw_error(req.HTTP_FORBIDDEN)
261
req.throw_error(req.HTTP_FORBIDDEN,
262
"You do not have permission to update another user.")
252
263
except AttributeError:
253
264
# If login not specified, update yourself
254
265
login = req.user.login
Loggerhead is a web-based interface for Breezy
Version: 2.0.1