diff --git a/k4ever/api2/handlers.py b/k4ever/api2/handlers.py index 60a31fb..2fba599 100644 --- a/k4ever/api2/handlers.py +++ b/k4ever/api2/handlers.py @@ -6,6 +6,7 @@ from django.contrib.auth.decorators import user_passes_test from django.contrib.auth.models import Group from django.core.exceptions import MultipleObjectsReturned from decorators import * +from main.helper import getUserFromAuthblob from collections import Iterable from decimal import Decimal, InvalidOperation from helper import * @@ -387,14 +388,13 @@ class AuthUserHandler(BaseHandler): if not request.plugin.uniqueAuthblob: return getError(rc.BAD_REQUEST, "This plugin does not support unique auth blobs, therefore we can't identify a user uniquely by their authblob") - if not request.GET.has_key('authblob'): + if not request.GET.has_key('authblob') or request.GET['authblob'] == '': return rc.BAD_REQUEST - try: - perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob']) - return perm.user - except PluginPermission.DoesNotExist: - return rc.NOT_FOUND + user = getUserFromAuthblob(request.GET['authblob'], request.plugin) + if user: + return user + return rc.NOT_FOUND class ConfigHandler(BaseHandler): """ Handler for API configuration values diff --git a/k4ever/main/models.py b/k4ever/main/models.py index b415d18..6ec828e 100644 --- a/k4ever/main/models.py +++ b/k4ever/main/models.py @@ -45,6 +45,8 @@ class Plugin(models.Model): # plugin config uniqueAuthblob = models.BooleanField(default=False) userCanWriteAuthblob = models.BooleanField(default=True) + maxLinesPerAuthblob = models.IntegerField(default=0) + # automatically set when write is allowed userCanReadAuthblob = models.BooleanField(default=True) pluginCanWriteAuthblob = models.BooleanField(default=False) diff --git a/k4ever/main/views.py b/k4ever/main/views.py index 2feb413..73da4df 100644 --- a/k4ever/main/views.py +++ b/k4ever/main/views.py @@ -7,6 +7,7 @@ from django.http import HttpResponseRedirect from main.models import Plugin, PluginPermission from django.contrib.auth.forms import PasswordChangeForm from buyable.models import Purchase, Buyable, BuyableType +from main.helper import getUserFromAuthblob @login_required def startpage(request): @@ -115,6 +116,8 @@ def pluginAuthblob(request, pluginId): """ View to edit the users :attr:`authblob `. """ if request.method != "POST": return HttpResponseRedirect("/user/settings/") + + # find plugin plugin = None try: plugin = Plugin.objects.get(id=pluginId) @@ -123,6 +126,7 @@ def pluginAuthblob(request, pluginId): d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht" return render_to_response("settings/settings.html", d, RequestContext(request)) + # find plugin permission for user p = None try: p = PluginPermission.objects.get(user=request.user, plugin=plugin) @@ -130,22 +134,45 @@ def pluginAuthblob(request, pluginId): d = getPluginDict(request) d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden" return render_to_response("settings/settings.html", d, RequestContext(request)) - + + # has the user write access to the authblob? if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"): d = getPluginDict(request) d['pluginerror'] = "Der Authblob darf für dieses Plugin nicht vom User verändert werden (oder der Authblob war kaputt)" return render_to_response("settings/settings.html", d, RequestContext(request)) - pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, authblob=request.POST["authblob"]) - if p.plugin.uniqueAuthblob and pluginsWithAuthblob.count() > 0: + # clean authblob \r\n ==> \n + authblob = request.POST["authblob"].replace("\r\n", "\n") + + # is the authblob too long (too many lines)? + if p.plugin.maxLinesPerAuthblob > 0 and (authblob.rstrip().count("\n") + 1) > p.plugin.maxLinesPerAuthblob: + d = getPluginDict(request) + d['pluginerror'] = "Der Authblob darf maximal %d Zeilen haben" % (p.plugin.maxLinesPerAuthblob,) + return render_to_response("settings/settings.html", d, RequestContext(request)) + + # check, if this is equal to the old users plugin + pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, user=request.user, authblob=authblob) + if pluginsWithAuthblob.count() > 0: d = getPluginDict(request) - if pluginsWithAuthblob[0].user == request.user: - d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest." - else: - d['pluginerror'] = "Achtung! Dein Authblob wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!" + d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest." return render_to_response("settings/settings.html", d, RequestContext(request)) - p.authblob = request.POST['authblob'] + # check for every authblob-line, if there is somebody who has it (if unique) + if p.plugin.uniqueAuthblob: + print authblob.split("\n") + for line in authblob.split("\n"): + print "'%s'" % (line,), " <-- " + usr = getUserFromAuthblob(line, plugin) + if usr: + if usr == request.user: + # we know this one + continue + else: + d = getPluginDict(request) + d['pluginerror'] = "Achtung! Dein Authblob (bzw. eine der Zeile davon) wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!" + return render_to_response("settings/settings.html", d, RequestContext(request)) + + p.authblob = authblob p.save() d = getPluginDict(request) d['pluginmsg'] = "Authblob erfolgreich geändert"