Allows multiple Authblobs (Fixes #22)
This commit is contained in:
parent
70766bba44
commit
e87b8e6ca1
|
@ -6,6 +6,7 @@ from django.contrib.auth.decorators import user_passes_test
|
||||||
from django.contrib.auth.models import Group
|
from django.contrib.auth.models import Group
|
||||||
from django.core.exceptions import MultipleObjectsReturned
|
from django.core.exceptions import MultipleObjectsReturned
|
||||||
from decorators import *
|
from decorators import *
|
||||||
|
from main.helper import getUserFromAuthblob
|
||||||
from collections import Iterable
|
from collections import Iterable
|
||||||
from decimal import Decimal, InvalidOperation
|
from decimal import Decimal, InvalidOperation
|
||||||
from helper import *
|
from helper import *
|
||||||
|
@ -387,14 +388,13 @@ class AuthUserHandler(BaseHandler):
|
||||||
if not request.plugin.uniqueAuthblob:
|
if not request.plugin.uniqueAuthblob:
|
||||||
return getError(rc.BAD_REQUEST, "This plugin does not support unique auth blobs, therefore we can't identify a user uniquely by their authblob")
|
return getError(rc.BAD_REQUEST, "This plugin does not support unique auth blobs, therefore we can't identify a user uniquely by their authblob")
|
||||||
|
|
||||||
if not request.GET.has_key('authblob'):
|
if not request.GET.has_key('authblob') or request.GET['authblob'] == '':
|
||||||
return rc.BAD_REQUEST
|
return rc.BAD_REQUEST
|
||||||
|
|
||||||
try:
|
user = getUserFromAuthblob(request.GET['authblob'], request.plugin)
|
||||||
perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob'])
|
if user:
|
||||||
return perm.user
|
return user
|
||||||
except PluginPermission.DoesNotExist:
|
return rc.NOT_FOUND
|
||||||
return rc.NOT_FOUND
|
|
||||||
|
|
||||||
class ConfigHandler(BaseHandler):
|
class ConfigHandler(BaseHandler):
|
||||||
""" Handler for API configuration values
|
""" Handler for API configuration values
|
||||||
|
|
|
@ -45,6 +45,8 @@ class Plugin(models.Model):
|
||||||
# plugin config
|
# plugin config
|
||||||
uniqueAuthblob = models.BooleanField(default=False)
|
uniqueAuthblob = models.BooleanField(default=False)
|
||||||
userCanWriteAuthblob = models.BooleanField(default=True)
|
userCanWriteAuthblob = models.BooleanField(default=True)
|
||||||
|
maxLinesPerAuthblob = models.IntegerField(default=0)
|
||||||
|
|
||||||
# automatically set when write is allowed
|
# automatically set when write is allowed
|
||||||
userCanReadAuthblob = models.BooleanField(default=True)
|
userCanReadAuthblob = models.BooleanField(default=True)
|
||||||
pluginCanWriteAuthblob = models.BooleanField(default=False)
|
pluginCanWriteAuthblob = models.BooleanField(default=False)
|
||||||
|
|
|
@ -7,6 +7,7 @@ from django.http import HttpResponseRedirect
|
||||||
from main.models import Plugin, PluginPermission
|
from main.models import Plugin, PluginPermission
|
||||||
from django.contrib.auth.forms import PasswordChangeForm
|
from django.contrib.auth.forms import PasswordChangeForm
|
||||||
from buyable.models import Purchase, Buyable, BuyableType
|
from buyable.models import Purchase, Buyable, BuyableType
|
||||||
|
from main.helper import getUserFromAuthblob
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
def startpage(request):
|
def startpage(request):
|
||||||
|
@ -115,6 +116,8 @@ def pluginAuthblob(request, pluginId):
|
||||||
""" View to edit the users :attr:`authblob <PluginPermission.authblob>`. """
|
""" View to edit the users :attr:`authblob <PluginPermission.authblob>`. """
|
||||||
if request.method != "POST":
|
if request.method != "POST":
|
||||||
return HttpResponseRedirect("/user/settings/")
|
return HttpResponseRedirect("/user/settings/")
|
||||||
|
|
||||||
|
# find plugin
|
||||||
plugin = None
|
plugin = None
|
||||||
try:
|
try:
|
||||||
plugin = Plugin.objects.get(id=pluginId)
|
plugin = Plugin.objects.get(id=pluginId)
|
||||||
|
@ -123,6 +126,7 @@ def pluginAuthblob(request, pluginId):
|
||||||
d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
|
d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
|
||||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||||
|
|
||||||
|
# find plugin permission for user
|
||||||
p = None
|
p = None
|
||||||
try:
|
try:
|
||||||
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
|
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
|
||||||
|
@ -130,22 +134,45 @@ def pluginAuthblob(request, pluginId):
|
||||||
d = getPluginDict(request)
|
d = getPluginDict(request)
|
||||||
d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
|
d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
|
||||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||||
|
|
||||||
|
# has the user write access to the authblob?
|
||||||
if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
|
if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
|
||||||
d = getPluginDict(request)
|
d = getPluginDict(request)
|
||||||
d['pluginerror'] = "Der Authblob darf für dieses Plugin nicht vom User verändert werden (oder der Authblob war kaputt)"
|
d['pluginerror'] = "Der Authblob darf für dieses Plugin nicht vom User verändert werden (oder der Authblob war kaputt)"
|
||||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||||
|
|
||||||
pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, authblob=request.POST["authblob"])
|
# clean authblob \r\n ==> \n
|
||||||
if p.plugin.uniqueAuthblob and pluginsWithAuthblob.count() > 0:
|
authblob = request.POST["authblob"].replace("\r\n", "\n")
|
||||||
|
|
||||||
|
# is the authblob too long (too many lines)?
|
||||||
|
if p.plugin.maxLinesPerAuthblob > 0 and (authblob.rstrip().count("\n") + 1) > p.plugin.maxLinesPerAuthblob:
|
||||||
d = getPluginDict(request)
|
d = getPluginDict(request)
|
||||||
if pluginsWithAuthblob[0].user == request.user:
|
d['pluginerror'] = "Der Authblob darf maximal %d Zeilen haben" % (p.plugin.maxLinesPerAuthblob,)
|
||||||
d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
|
|
||||||
else:
|
|
||||||
d['pluginerror'] = "Achtung! Dein Authblob wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!"
|
|
||||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||||
|
|
||||||
p.authblob = request.POST['authblob']
|
# check, if this is equal to the old users plugin
|
||||||
|
pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, user=request.user, authblob=authblob)
|
||||||
|
if pluginsWithAuthblob.count() > 0:
|
||||||
|
d = getPluginDict(request)
|
||||||
|
d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
|
||||||
|
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||||
|
|
||||||
|
# check for every authblob-line, if there is somebody who has it (if unique)
|
||||||
|
if p.plugin.uniqueAuthblob:
|
||||||
|
print authblob.split("\n")
|
||||||
|
for line in authblob.split("\n"):
|
||||||
|
print "'%s'" % (line,), " <-- "
|
||||||
|
usr = getUserFromAuthblob(line, plugin)
|
||||||
|
if usr:
|
||||||
|
if usr == request.user:
|
||||||
|
# we know this one
|
||||||
|
continue
|
||||||
|
else:
|
||||||
|
d = getPluginDict(request)
|
||||||
|
d['pluginerror'] = "Achtung! Dein Authblob (bzw. eine der Zeile davon) wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!"
|
||||||
|
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||||
|
|
||||||
|
p.authblob = authblob
|
||||||
p.save()
|
p.save()
|
||||||
d = getPluginDict(request)
|
d = getPluginDict(request)
|
||||||
d['pluginmsg'] = "Authblob erfolgreich geändert"
|
d['pluginmsg'] = "Authblob erfolgreich geändert"
|
||||||
|
|
Loading…
Reference in New Issue