Allows multiple Authblobs (Fixes #22)
This commit is contained in:
parent
70766bba44
commit
e87b8e6ca1
|
@ -6,6 +6,7 @@ from django.contrib.auth.decorators import user_passes_test
|
|||
from django.contrib.auth.models import Group
|
||||
from django.core.exceptions import MultipleObjectsReturned
|
||||
from decorators import *
|
||||
from main.helper import getUserFromAuthblob
|
||||
from collections import Iterable
|
||||
from decimal import Decimal, InvalidOperation
|
||||
from helper import *
|
||||
|
@ -387,14 +388,13 @@ class AuthUserHandler(BaseHandler):
|
|||
if not request.plugin.uniqueAuthblob:
|
||||
return getError(rc.BAD_REQUEST, "This plugin does not support unique auth blobs, therefore we can't identify a user uniquely by their authblob")
|
||||
|
||||
if not request.GET.has_key('authblob'):
|
||||
if not request.GET.has_key('authblob') or request.GET['authblob'] == '':
|
||||
return rc.BAD_REQUEST
|
||||
|
||||
try:
|
||||
perm = PluginPermission.objects.get(plugin=request.plugin, authblob=request.GET['authblob'])
|
||||
return perm.user
|
||||
except PluginPermission.DoesNotExist:
|
||||
return rc.NOT_FOUND
|
||||
user = getUserFromAuthblob(request.GET['authblob'], request.plugin)
|
||||
if user:
|
||||
return user
|
||||
return rc.NOT_FOUND
|
||||
|
||||
class ConfigHandler(BaseHandler):
|
||||
""" Handler for API configuration values
|
||||
|
|
|
@ -45,6 +45,8 @@ class Plugin(models.Model):
|
|||
# plugin config
|
||||
uniqueAuthblob = models.BooleanField(default=False)
|
||||
userCanWriteAuthblob = models.BooleanField(default=True)
|
||||
maxLinesPerAuthblob = models.IntegerField(default=0)
|
||||
|
||||
# automatically set when write is allowed
|
||||
userCanReadAuthblob = models.BooleanField(default=True)
|
||||
pluginCanWriteAuthblob = models.BooleanField(default=False)
|
||||
|
|
|
@ -7,6 +7,7 @@ from django.http import HttpResponseRedirect
|
|||
from main.models import Plugin, PluginPermission
|
||||
from django.contrib.auth.forms import PasswordChangeForm
|
||||
from buyable.models import Purchase, Buyable, BuyableType
|
||||
from main.helper import getUserFromAuthblob
|
||||
|
||||
@login_required
|
||||
def startpage(request):
|
||||
|
@ -115,6 +116,8 @@ def pluginAuthblob(request, pluginId):
|
|||
""" View to edit the users :attr:`authblob <PluginPermission.authblob>`. """
|
||||
if request.method != "POST":
|
||||
return HttpResponseRedirect("/user/settings/")
|
||||
|
||||
# find plugin
|
||||
plugin = None
|
||||
try:
|
||||
plugin = Plugin.objects.get(id=pluginId)
|
||||
|
@ -123,6 +126,7 @@ def pluginAuthblob(request, pluginId):
|
|||
d['pluginerror'] = "Ein Plugin mit der angegebenen ID existiert nicht"
|
||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||
|
||||
# find plugin permission for user
|
||||
p = None
|
||||
try:
|
||||
p = PluginPermission.objects.get(user=request.user, plugin=plugin)
|
||||
|
@ -131,21 +135,44 @@ def pluginAuthblob(request, pluginId):
|
|||
d['pluginerror'] = "Vor dem editieren vom Authblob muss das Plugin ersteinmal erlaubt werden"
|
||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||
|
||||
# has the user write access to the authblob?
|
||||
if not p.plugin.userCanWriteAuthblob or not request.POST.has_key("authblob"):
|
||||
d = getPluginDict(request)
|
||||
d['pluginerror'] = "Der Authblob darf für dieses Plugin nicht vom User verändert werden (oder der Authblob war kaputt)"
|
||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||
|
||||
pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, authblob=request.POST["authblob"])
|
||||
if p.plugin.uniqueAuthblob and pluginsWithAuthblob.count() > 0:
|
||||
# clean authblob \r\n ==> \n
|
||||
authblob = request.POST["authblob"].replace("\r\n", "\n")
|
||||
|
||||
# is the authblob too long (too many lines)?
|
||||
if p.plugin.maxLinesPerAuthblob > 0 and (authblob.rstrip().count("\n") + 1) > p.plugin.maxLinesPerAuthblob:
|
||||
d = getPluginDict(request)
|
||||
if pluginsWithAuthblob[0].user == request.user:
|
||||
d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
|
||||
else:
|
||||
d['pluginerror'] = "Achtung! Dein Authblob wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!"
|
||||
d['pluginerror'] = "Der Authblob darf maximal %d Zeilen haben" % (p.plugin.maxLinesPerAuthblob,)
|
||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||
|
||||
p.authblob = request.POST['authblob']
|
||||
# check, if this is equal to the old users plugin
|
||||
pluginsWithAuthblob = PluginPermission.objects.filter(plugin=plugin, user=request.user, authblob=authblob)
|
||||
if pluginsWithAuthblob.count() > 0:
|
||||
d = getPluginDict(request)
|
||||
d['pluginerror'] = "Das ist der gleiche Authblob, den du vorher auch hattest."
|
||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||
|
||||
# check for every authblob-line, if there is somebody who has it (if unique)
|
||||
if p.plugin.uniqueAuthblob:
|
||||
print authblob.split("\n")
|
||||
for line in authblob.split("\n"):
|
||||
print "'%s'" % (line,), " <-- "
|
||||
usr = getUserFromAuthblob(line, plugin)
|
||||
if usr:
|
||||
if usr == request.user:
|
||||
# we know this one
|
||||
continue
|
||||
else:
|
||||
d = getPluginDict(request)
|
||||
d['pluginerror'] = "Achtung! Dein Authblob (bzw. eine der Zeile davon) wird bereits von einer anderen Person benutzt. Bitte wähle einen anderen (eindeutigen) Authblob!"
|
||||
return render_to_response("settings/settings.html", d, RequestContext(request))
|
||||
|
||||
p.authblob = authblob
|
||||
p.save()
|
||||
d = getPluginDict(request)
|
||||
d['pluginmsg'] = "Authblob erfolgreich geändert"
|
||||
|
|
Loading…
Reference in New Issue