Browse Source

Allows multiple Authblobs (Fixes #22)

master
Sebastian Lohff 11 years ago
parent
commit
e87b8e6ca1
  1. 12
      k4ever/api2/handlers.py
  2. 2
      k4ever/main/models.py
  3. 43
      k4ever/main/views.py

12
k4ever/api2/handlers.py

@ -6,6 +6,7 @@ from django.contrib.auth.decorators import user_passes_test @@ -6,6 +6,7 @@ from django.contrib.auth.decorators import user_passes_test
from django.contrib.auth.models import Group
from django.core.exceptions import MultipleObjectsReturned
from decorators import *
from main.helper import getUserFromAuthblob
from collections import Iterable
from decimal import Decimal, InvalidOperation
from helper import *
@ -387,14 +388,13 @@ class AuthUserHandler(BaseHandler): @@ -387,14 +388,13 @@ class AuthUserHandler(BaseHandler):
if not request.plugin.uniqueAuthblob:
return getError(rc.BAD_REQUEST, "This plugin does not support unique auth blobs, therefore we can't identify a user uniquely by their authblob")
if not request.GET.has_key('authblob'):
if not request.GET.has_key('authblob') or request.GET['authblob'] == '':
return rc.BAD_REQUEST
try:
perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob'])
return perm.user
except PluginPermission.DoesNotExist:
return rc.NOT_FOUND
user = getUserFromAuthblob(request.GET['authblob'], request.plugin)
if user:
return user
return rc.NOT_FOUND
class ConfigHandler(BaseHandler):
""" Handler for API configuration values

2
k4ever/main/models.py

@ -45,6 +45,8 @@ class Plugin(models.Model): @@ -45,6 +45,8 @@ class Plugin(models.Model):
# plugin config
uniqueAuthblob = models.BooleanField(default=False)
userCanWriteAuthblob = models.BooleanField(default=True)
maxLinesPerAuthblob = models.IntegerField(default=0)
# automatically set when write is allowed
userCanReadAuthblob = models.BooleanField(default=True)
pluginCanWriteAuthblob = models.BooleanField(default=False)

43
k4ever/main/views.py

@ -7,6 +7,7 @@ from django.http import HttpResponseRedirect @@ -7,6 +7,7 @@ from django.http import HttpResponseRedirect
from main.models import Plugin, PluginPermission
from django.contrib.auth.forms import PasswordChangeForm
from buyable.models import Purchase, Buyable, BuyableType
from main.helper import getUserFromAuthblob
@login_required
def startpage(request):
@ -115,6 +116,8 @@ def pluginAuthblob(request, pluginId): @@ -115,6 +116,8 @@ def pluginAuthblob(request, pluginId):
""" View to edit the users :attr:`authblob <PluginPermission.authblob>`. """
if request.method != "POST":
return HttpResponseRedirect("/user/settings/")
# find plugin
plugin = None
try:
plugin = Plugin.objects.get(id=pluginId)
@ -123,6 +126,7 @@ def pluginAuthblob(request, pluginId): @@ -123,6 +126,7 @@ def pluginAuthblob(request, pluginId):
d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
return render_to_response("settings/settings.html", d, RequestContext(request))
# find plugin permission for user
p = None
try:
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
@ -130,22 +134,45 @@ def pluginAuthblob(request, pluginId): @@ -130,22 +134,45 @@ def pluginAuthblob(request, pluginId):
d = getPluginDict(request)
d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
return render_to_response("settings/settings.html", d, RequestContext(request))
# has the user write access to the authblob?
if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
d = getPluginDict(request)
d['pluginerror'] = "Der Authblob darf f&uuml;r dieses Plugin nicht vom User ver&auml;ndert werden (oder der Authblob war kaputt)"
return render_to_response("settings/settings.html", d, RequestContext(request))
pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, authblob=request.POST["authblob"])
if p.plugin.uniqueAuthblob and pluginsWithAuthblob.count() > 0:
# clean authblob \r\n ==> \n
authblob = request.POST["authblob"].replace("\r\n", "\n")
# is the authblob too long (too many lines)?
if p.plugin.maxLinesPerAuthblob > 0 and (authblob.rstrip().count("\n") + 1) > p.plugin.maxLinesPerAuthblob:
d = getPluginDict(request)
d['pluginerror'] = "Der Authblob darf maximal %d Zeilen haben" % (p.plugin.maxLinesPerAuthblob,)
return render_to_response("settings/settings.html", d, RequestContext(request))
# check, if this is equal to the old users plugin
pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, user=request.user, authblob=authblob)
if pluginsWithAuthblob.count() > 0:
d = getPluginDict(request)
if pluginsWithAuthblob[0].user == request.user:
d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
else:
d['pluginerror'] = "Achtung! Dein Authblob wird bereits von einer anderen Person benutzt. Bitte w&auml;hle einen anderen (eindeutigen) Authblob!"
d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
return render_to_response("settings/settings.html", d, RequestContext(request))
p.authblob = request.POST['authblob']
# check for every authblob-line, if there is somebody who has it (if unique)
if p.plugin.uniqueAuthblob:
print authblob.split("\n")
for line in authblob.split("\n"):
print "'%s'" % (line,), " <-- "
usr = getUserFromAuthblob(line, plugin)
if usr:
if usr == request.user:
# we know this one
continue
else:
d = getPluginDict(request)
d['pluginerror'] = "Achtung! Dein Authblob (bzw. eine der Zeile davon) wird bereits von einer anderen Person benutzt. Bitte w&auml;hle einen anderen (eindeutigen) Authblob!"
return render_to_response("settings/settings.html", d, RequestContext(request))
p.authblob = authblob
p.save()
d = getPluginDict(request)
d['pluginmsg'] = "Authblob erfolgreich ge&auml;ndert"

Loading…
Cancel
Save