from json import loads as loadJson import Activity import FilePaths import status_mod # Fake globals for syntax check if False: response = None request = None session = None db = None USER_VISIBLE_MIN_ID = 10 status_mod.sessionUserMgr.setLastVisit(session, request) def _convertToBool(input): return input == 'T' def _convertFromBool(input): return 'T' if input else 'F' # ----------------------- # Users # ----------------------- @auth.requires(request.ajax==True, requires_login=True) def getusers(): users = [{'id':r[0], 'username':r[1], 'firstname':r[2], 'lastname':r[3], 'email':r[4], 'active': _convertToBool(r[5]) } for r in db.executesql('SELECT id, username, first_name, last_name, email, active FROM auth_user WHERE id> {0}'.format(USER_VISIBLE_MIN_ID))] return response.json(users) @auth.requires(request.ajax==True, requires_login=True) def getCurrentUser(): current_user = {'username': '-', 'firstname': '-', 'lastname': '-', 'email': '-'} if session.auth: auth = session.auth current_user['userId'] = auth.user.id current_user['username'] = auth.user.username current_user['firstname'] = auth.user.first_name current_user['lastname'] = auth.user.last_name current_user['email'] = auth.user.email return response.json(current_user) @auth.requires(request.ajax==True, requires_login=True) def isSpecialUser(): ret = 'no' if session.auth: auth = session.auth group_id = auth.user_groups.keys()[0] perm = db.executesql("SELECT id FROM permission_list WHERE controller in ('PermissionsCtrl')") id = perm[0][0] groups_access = db.executesql("SELECT group_id, access FROM auth_permission WHERE perm_id='{0}'".format(id)) for gid, access in groups_access: if gid == group_id and access == 'w': ret = "su_perm" if auth.user.id == 1 or auth.user.id == 2 or auth.user.id == 9: ret = 'yes' return ret @auth.requires(request.ajax==True, requires_login=True) def changeOwnPassword(): import base64 oldPwd = base64.b64decode(request.vars.oldPwd) newPwd = base64.b64decode(request.vars.pwd) if session.auth: userId = session.auth.user.id else: return 'FAIL' entry = db(db.auth_user.id == userId) newPwd = db.auth_user['password'].validate(newPwd)[0] oldPwd = db.auth_user['password'].validate(oldPwd)[0] # CR10793 (cf. CR10648): empty password is allowed #if newPwd: if oldPwd == session.auth.user.password: entry.update(password=newPwd) session.auth.user.password = newPwd res = 'OK' Activity.LOG(session, Activity.PASSWORD_CHANGED) else: res = 'OLD_PWD_NO_MATCH' #else: # res = 'FAIL' return res @auth.requires(request.ajax==True, requires_login=True) def exportUserToSD(): ret = {'success': True, 'msg': ""} if session.auth: user_id = session.auth.user.id user_name = session.auth.user.username + "_sd" user_pwd = session.auth.user.password first_name = session.auth.user.first_name last_name = session.auth.user.last_name else: ret['success'] = False ret['msg'] = 'Failed to acquire current user credentials' obj = {"id": user_id, "username": user_name, "pwd": user_pwd, "first_name": first_name, "last_name": last_name} FilePaths.write_credentials_to_SD(request.vars.path, obj, ret) return response.json(ret) @auth.requires(request.ajax==True, requires_login=True) def changeuser(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: entry['active'] = _convertFromBool(entry['active']) db.executesql(u"UPDATE auth_user SET username='{username}',first_name='{firstname}',last_name='{lastname}',email='{email}', active='{active}' WHERE id={id}".format(**entry)) entry['active'] = _convertToBool(entry['active']) Activity.LOG(session, Activity.USER_CHANGED, entry['username']) return response.json(data) @auth.requires(request.ajax==True, requires_login=True) def createuser(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: import base64 newPwd = base64.b64decode(entry['password']) #newPwd = entry['password'] entry['active'] = _convertFromBool(entry['active']) entry['password'] = db.auth_user['password'].validate(newPwd)[0] db.executesql(u"INSERT INTO auth_user (username,first_name,last_name,email, password, active) VALUES ('{username}','{firstname}','{lastname}','{email}', '{password}', '{active}')".format(**entry)) entry['id'] = db.executesql("SELECT last_insert_rowid()")[0][0] entry['active'] = _convertToBool(entry['active']) Activity.LOG(session, Activity.USER_CREATED, entry['username']) return response.json(data) @auth.requires(request.ajax==True, requires_login=True) def removeuser(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: db.executesql("DELETE FROM auth_user WHERE id={id}".format(**entry)) db.executesql("DELETE FROM auth_membership WHERE user_id={id}".format(**entry)) Activity.LOG(session, Activity.USER_REMOVED, entry['username']) return response.json(data) # ----------------------- # Groups # ----------------------- @auth.requires(request.ajax==True, requires_login=True) def getgroups(): groups = [{'id':r[0],'name':r[1],'desc':r[2]} for r in db.executesql('SELECT id,role,description FROM auth_group') if r[0] > USER_VISIBLE_MIN_ID] currentUser = auth.user.id if auth.user else 0 accountPerm = 12 # permission for group in groups: group['hasCurrentUser'] = bool(db.executesql('SELECT id FROM auth_membership WHERE group_id={0} AND user_id={1}'.format(group['id'], currentUser))) group['hasAccountPerm'] = bool(db.executesql('SELECT id FROM auth_permission WHERE group_id={0} AND perm_id={1} AND access="w"'.format(group['id'], accountPerm))) return response.json(groups) @auth.requires(request.ajax==True, requires_login=True) def changegroup(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: db.executesql("UPDATE auth_group SET role='{name}',description='{desc}' WHERE id={id}".format(**entry)) Activity.LOG(session, Activity.GROUP_CHANGED, entry['name']) return response.json(data) @auth.requires(request.ajax==True, requires_login=True) def creategroup(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: db.executesql("INSERT INTO auth_group (role,description) VALUES ('{name}','{desc}')".format(**entry)) entry['id'] = db.executesql("SELECT last_insert_rowid()")[0][0] Activity.LOG(session, Activity.GROUP_CREATED, entry['name']) return response.json(data) @auth.requires(request.ajax==True, requires_login=True) def removegroup(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: db.executesql("DELETE FROM auth_group WHERE id={id}".format(**entry)) db.executesql("DELETE FROM auth_membership WHERE group_id={id}".format(**entry)) db.executesql("DELETE FROM auth_permission WHERE group_id={id}".format(**entry)) Activity.LOG(session, Activity.GROUP_REMOVED, entry['name']) return response.json(data) # ----------------------- # Permissions # ----------------------- @auth.requires(request.ajax==True, requires_login=True) def permissions(): # exclude service views so no one could change permissions for these views permissions = db.executesql( """SELECT id,name,controller FROM permission_list WHERE controller not in ('FccTestModeCtrl', 'TextEditorCtrl', 'HardwareCtrl', 'TypePlateCtrl', 'UpdateCtrl')""" ) res = [] #permId = 1 existentCtrls = FilePaths.get_existent_ctrls() for permId, permName, permCtrl in permissions: if permCtrl in existentCtrls: data = {'id': permId, 'name': permName, 'ctrl': permCtrl} #groups = [r[0] for r in db.executesql("SELECT group_id, access FROM auth_permission WHERE perm_id='{0}'".format(permId))] groups_access = db.executesql("SELECT group_id, access FROM auth_permission WHERE perm_id='{0}'".format(permId)) #print permCtrl, db.executesql("SELECT group_id, access FROM auth_permission WHERE perm_id='{0}'".format(permId)) for group, access in groups_access: data[group] = access res.append(data) #permId +=1 return response.json(res) @auth.requires(request.ajax==True, requires_login=True) def setpermissions(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: permId = entry['id'] permName = entry['name'] # CR20050 save names by key to activity, prevent writing translated name in db ctrlName = db.executesql("SELECT name FROM permission_list WHERE id={0}".format(permId)) if ctrlName: permName, = ctrlName[0] for groupId, access in entry.iteritems(): if groupId in ['id', 'name']: continue query = db.executesql("SELECT id,access FROM auth_permission WHERE group_id={0} AND perm_id='{1}'".format(groupId,permId)) if query: apId, prevAccess = query[0] if access != prevAccess: groupName = db.executesql('SELECT role FROM auth_group WHERE id={0}'.format(groupId))[0][0] if access == '': db.executesql("DELETE FROM auth_permission WHERE id={0}".format(apId)) Activity.LOG(session, Activity.PERMISSION_CHANGED, permName, groupName, prevAccess+' -> none', ) else: db.executesql("UPDATE auth_permission SET access='{0}' WHERE id={1}".format(access, apId)) Activity.LOG(session, Activity.PERMISSION_CHANGED, permName, groupName, prevAccess+' -> '+access ) else: if access != '': db.executesql("INSERT INTO auth_permission (group_id,perm_id,access) VALUES ({0},'{1}','{2}')".format(groupId,permId,access)) groupName = db.executesql('SELECT role FROM auth_group WHERE id={0}'.format(groupId))[0][0] Activity.LOG(session, Activity.PERMISSION_CHANGED, permName, groupName, 'none -> '+access) return response.json(data) # ----------------------- # Membership # ----------------------- @auth.requires(request.ajax==True, requires_login=True) def membership(): users = db.executesql('SELECT id,username FROM auth_user') res = [] mbsId = 1 for userId, username in users: if userId < USER_VISIBLE_MIN_ID: continue data = {'id': mbsId, 'username': username} groups = [r[0] for r in db.executesql("SELECT group_id FROM auth_membership WHERE user_id={0}".format(userId))] for group in groups: data[group] = True res.append(data) mbsId += 1 return response.json(res) @auth.requires(request.ajax==True, requires_login=True) def setmembership(): data = loadJson(request.body.read()) if not isinstance(data, list): data = [data] for entry in data: userId = db.executesql("SELECT id FROM auth_user WHERE username='{username}'".format(**entry))[0][0] for groupId, isMember in entry.iteritems(): if groupId in ['id', 'username']: continue query = db.executesql("SELECT id FROM auth_membership WHERE group_id={0} AND user_id={1}".format(groupId, userId)) if query: if not isMember: db.executesql("DELETE FROM auth_membership WHERE id={0}".format(query[0][0])) groupName = db.executesql('SELECT role FROM auth_group WHERE id={0}'.format(groupId))[0][0] Activity.LOG(session, Activity.MEMBERSHIP_REMOVED, entry['username'], groupName) else: if isMember: db.executesql("INSERT INTO auth_membership (group_id,user_id) VALUES ({0},{1})".format(groupId,userId)) groupName = db.executesql('SELECT role FROM auth_group WHERE id={0}'.format(groupId))[0][0] Activity.LOG(session, Activity.MEMBERSHIP_ADDED, entry['username'], groupName) return response.json(data)