Allows multiple Authblobs (Fixes #22)

k4ever/api2/handlers.py

@@ -6,6 +6,7 @@ from django.contrib.auth.decorators import user_passes_test
 from django.contrib.auth.models import Group
 from django.core.exceptions import MultipleObjectsReturned
 from decorators import *
+from main.helper import getUserFromAuthblob
 from collections import Iterable
 from decimal import Decimal, InvalidOperation
 from helper import *
@@ -387,14 +388,13 @@ class AuthUserHandler(BaseHandler):
 		if not request.plugin.uniqueAuthblob:
 			return getError(rc.BAD_REQUEST, "This plugin does not support unique auth blobs, therefore we can't identify a user uniquely by their authblob")
 
-		if not request.GET.has_key('authblob'):
+		if not request.GET.has_key('authblob') or request.GET['authblob'] == '':
 			return rc.BAD_REQUEST
 		
-		try:
-			perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob'])
-			return perm.user
-		except PluginPermission.DoesNotExist:
-			return rc.NOT_FOUND
+		user = getUserFromAuthblob(request.GET['authblob'], request.plugin)
+		if user:
+			return user
+		return rc.NOT_FOUND
 
 class ConfigHandler(BaseHandler):
 	""" Handler for API configuration values

k4ever/main/models.py

@@ -45,6 +45,8 @@ class Plugin(models.Model):
 	# plugin config
 	uniqueAuthblob = models.BooleanField(default=False)
 	userCanWriteAuthblob = models.BooleanField(default=True)
+	maxLinesPerAuthblob = models.IntegerField(default=0)
+	
 	# automatically set when write is allowed
 	userCanReadAuthblob = models.BooleanField(default=True)
 	pluginCanWriteAuthblob = models.BooleanField(default=False)

k4ever/main/views.py

@@ -7,6 +7,7 @@ from django.http import HttpResponseRedirect
 from main.models import Plugin, PluginPermission
 from django.contrib.auth.forms import PasswordChangeForm
 from buyable.models import Purchase, Buyable, BuyableType
+from main.helper import getUserFromAuthblob
 
 @login_required
 def startpage(request):
@@ -115,6 +116,8 @@ def pluginAuthblob(request, pluginId):
 	""" View to edit the users :attr:`authblob <PluginPermission.authblob>`. """
 	if request.method != "POST":
 		return HttpResponseRedirect("/user/settings/")
+	
+	# find plugin
 	plugin = None
 	try:
 		plugin = Plugin.objects.get(id=pluginId)
@@ -123,6 +126,7 @@ def pluginAuthblob(request, pluginId):
 		d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	
+	# find plugin permission for user
 	p = None
 	try:
 		p = PluginPermission.objects.get(user=request.user, plugin=plugin)
@@ -130,22 +134,45 @@ def pluginAuthblob(request, pluginId):
 		d = getPluginDict(request)
 		d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
-
+	
+	# has the user write access to the authblob?
 	if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
 		d = getPluginDict(request)
 		d['pluginerror'] = "Der Authblob darf f&uuml;r dieses Plugin nicht vom User ver&auml;ndert werden (oder der Authblob war kaputt)"
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	
-	pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, authblob=request.POST["authblob"])
-	if p.plugin.uniqueAuthblob and pluginsWithAuthblob.count() > 0:
+	# clean authblob \r\n ==> \n
+	authblob = request.POST["authblob"].replace("\r\n", "\n")
+	
+	# is the authblob too long (too many lines)?
+	if p.plugin.maxLinesPerAuthblob > 0 and (authblob.rstrip().count("\n") + 1) > p.plugin.maxLinesPerAuthblob:
 		d = getPluginDict(request)
-		if pluginsWithAuthblob[0].user == request.user:
-			d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
-		else:
-			d['pluginerror'] = "Achtung! Dein Authblob wird bereits von einer anderen Person benutzt. Bitte w&auml;hle einen anderen (eindeutigen) Authblob!"
+		d['pluginerror'] = "Der Authblob darf maximal %d Zeilen haben" % (p.plugin.maxLinesPerAuthblob,)
 		return render_to_response("settings/settings.html", d, RequestContext(request))
 	
-	p.authblob = request.POST['authblob']
+	# check, if this is equal to the old users plugin
+	pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, user=request.user, authblob=authblob)
+	if pluginsWithAuthblob.count() > 0:
+		d = getPluginDict(request)
+		d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
+		return render_to_response("settings/settings.html", d, RequestContext(request))
+	
+	# check for every authblob-line, if there is somebody who has it (if unique)
+	if p.plugin.uniqueAuthblob:
+		print authblob.split("\n")
+		for line in authblob.split("\n"):
+			print "'%s'" % (line,), " <-- "
+			usr = getUserFromAuthblob(line, plugin)
+			if usr:
+				if usr == request.user:
+					# we know this one
+					continue
+				else:
+					d = getPluginDict(request)
+					d['pluginerror'] = "Achtung! Dein Authblob (bzw. eine der Zeile davon) wird bereits von einer anderen Person benutzt. Bitte w&auml;hle einen anderen (eindeutigen) Authblob!"
+					return render_to_response("settings/settings.html", d, RequestContext(request))
+	
+	p.authblob = authblob
 	p.save()
 	d = getPluginDict(request)
 	d['pluginmsg'] = "Authblob erfolgreich ge&auml;ndert"