diff --git a/modules/websession/lib/webaccount.py b/modules/websession/lib/webaccount.py index c19694913..b64403c53 100644 --- a/modules/websession/lib/webaccount.py +++ b/modules/websession/lib/webaccount.py @@ -1,421 +1,415 @@ ## $Id$ ## CDSware User account information implementation. Useful for youraccount pages. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## $Id$ ## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES. ## read config variables: #include "config.wml" #include "configbis.wml" import sys import string import cgi from config import * from webpage import page from dbquery import run_sql from webuser import getUid,isGuestUser, get_user_preferences, set_user_preferences from access_control_admin import acc_findUserRoleActions from access_control_config import CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS, CFG_EXTERNAL_AUTHENTICATION imagesurl = "%s/img" % weburl # perform_info(): display the main features of CDS personalize def perform_info(req): out = "" uid = getUid(req) out += """

The CDS Search offers you a possibility to personalize the interface, to set up your own personal library of documents, or to set up an automatic alert query that would run periodically and would notify you of search results by email.

Your Settings
Set or change your account Email address or password. Specify your preferences about the way the interface looks like.
Your Searches
View all the searches you performed during the last 30 days.
Your Baskets
With baskets you can define specific collections of items, store interesting records you want to access later or share with others.""" if isGuestUser(uid): out+= warning_guest_user(type="baskets") out += """
Your Alerts
Subscribe to a search which will be run periodically by our service. The result can be sent to you via Email or stored in one of your baskets.""" if isGuestUser(uid): out+= warning_guest_user(type="alerts") if cfg_cern_site: out += """
Your Loans
Check out book you have on load, submit borrowing requests, etc. Requires CERN ID.""" out += """
""" return out def perform_youradminactivities(uid): """Return text for the `Your Admin Activities' box. Analyze whether user UID has some admin roles, and if yes, then print suitable links for the actions he can do. If he's not admin, print a simple non-authorized message.""" if isGuestUser(uid): return """You seem to be the guest user. You have to login first.""" out = "" your_role_actions = acc_findUserRoleActions(uid) your_roles = [] your_admin_activities = [] for (role, action) in your_role_actions: if role not in your_roles: your_roles.append(role) if not your_roles: out += "

You are not authorized to access administrative functions." else: out += "

You seem to be %s. " % string.join(your_roles, ", ") out += "Here are some interesting web admin links for you:" # add actions found by the RBAC: for (role, action) in your_role_actions: if action not in your_admin_activities: your_admin_activities.append(action) # add all actions if user is superadmin, to make sure he'll see all # (since it is not necessary for the superadmin to be connected to actions in RBAC tables): if "superadmin" in your_roles: for action in ["cfgbibformat", "cfgbibrank", "cfgbibindex", "cfgwebaccess", "cfgwebsearch", "cfgwebsubmit"]: if action not in your_admin_activities: your_admin_activities.append(action) # print proposed links: for action in your_admin_activities: if action == "cfgbibformat": out += """
    Configure BibFormat""" % weburl if action == "cfgbibrank": out += """
    Configure BibRank""" % weburl if action == "cfgbibindex": out += """
    Configure BibIndex""" % weburl if action == "cfgwebaccess": out += """
    Configure WebAccess""" % weburl if action == "cfgwebsearch": out += """
    Configure WebSearch""" % weburl if action == "cfgwebsubmit": out += """
    Configure WebSubmit""" % weburl out += """
For more admin-level activities, see the complete Admin Area.""" % weburl return out # perform_display_account(): display a dynamic page that shows the user's account def perform_display_account(req,data,bask,aler,sear): uid = getUid(req) #your account if isGuestUser(uid): user ="guest" accBody = """You are logged in as guest. You may want to login as a regular user

""" bask=aler="""The guest users need to register first""" sear="No queries found" else: user = data[0] accBody ="""You are logged in as %s. You may want to a) logout; b) edit your account settings.

"""%user out ="" out +=template_account("Your Account",accBody) #your baskets out +=template_account("Your Baskets",bask) out +=template_account("Your Alert Searches",aler) out +=template_account("Your Searches",sear) out +=template_account("Your Submissions", """You can consult the list of your submissions and inquire about their status.""" % weburl) out +=template_account("Your Approvals", """You can consult the list of your approvals with the documents you approved or refereed.""" % weburl) out +=template_account("Your Administrative Activities", perform_youradminactivities(uid)) return out # template_account() : it is a template for print each of the options from the user's account def template_account(title,body): out ="" out +="""
%s
%s
""" % (title, body) return out # warning_guest_user(): It returns an alert message,showing that the user is a guest user and should log into the system def warning_guest_user(type): msg="""You are logged in as a guest user, so your %s will disappear at the end of the current session. If you wish you can login or register here. """%type return """
%s
""" % msg ## perform_delete():delete the account of the user, not implement yet def perform_delete(): out = """

Deleting your account""" return out ## perform_set(email,password): edit your account parameters, email and password. def perform_set(email,password): uid = run_sql("SELECT id FROM user where email=%s", (email,)) prefs = get_user_preferences(uid[0][0]) CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS if CFG_EXTERNAL_AUTHENTICATION.has_key(prefs['login_method']) and CFG_EXTERNAL_AUTHENTICATION[prefs['login_method']][1] != True: CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3 text = """

Edit parameters

If you want to change your email address or password, please set new values in the form below.
New email address:
(mandatory)
Example: johndoe@example.com
New password:
(optional)
Note: The password phrase may contain punctuation, spaces, etc.
Retype password:
   

""" % (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2 and "disabled" or "", email, CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3 and "disabled" or "",password, CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3 and "disabled" or "", "") if len(CFG_EXTERNAL_AUTHENTICATION) >= 1: uid = run_sql("SELECT id FROM user where email=%s", (email,)) prefs = get_user_preferences(uid[0][0]) current_login_method = prefs['login_method'] text += """
""" text += """Which login method would you like to use as default?
(Only the selected account can be used to login)

Select account:""" methods = CFG_EXTERNAL_AUTHENTICATION.keys() methods.sort() for system in methods: text += """%s
""" % (system, (current_login_method == system and "checked" or ""), CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4 and "disabled" or "", system) text += """
""" return text ## create_register_page_box(): register a new account def create_register_page_box(referer=''): text = "" if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1: text += """Please enter the values of your preference and choose the register button.""" if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS == 1: text += "The account will not be possible to use before it has been verified and activated." elif CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 2: text += """It is not possible to create an account yourself. Contact if you want an account.""" text += """
""" % (cgi.escape(referer)) if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1: text += """""" text += """
Email address:
(mandatory)
Example: johndoe@example.com
Password:
(optional)
Note: The password phrase may contain punctuation, spaces, etc.
Retype Password:

Note: Please do not use valuable passwords such as your Unix, AFS or NICE passwords with this service. Your email address will stay strictly confidential and will not be disclosed to any third party. It will be used to identify you for personal services of %s. For example, you may set up an automatic alert search that will look for new preprints and will notify you daily of new arrivals by email. """ % (cdsname) return text ## create_login_page_box(): ask for the user's email and password, for login into the system def create_login_page_box(referer=''): text = "" text += """

If you already have an account, please log in by choosing the login button below.
""" internal = None for system in CFG_EXTERNAL_AUTHENTICATION.keys(): if not CFG_EXTERNAL_AUTHENTICATION[system][0]: internal = system break if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1 and internal: text += """If you don't own an account yet, please register an internal account.""" else: text += """It is not possible to create an account yourself. Contact if you want an account.""" text += """""" if len(CFG_EXTERNAL_AUTHENTICATION) > 1: logmethtext = """" else: for system in CFG_EXTERNAL_AUTHENTICATION.keys(): logmethtext = """%s""" % (system, system) text += """ - - - - -
Login via: - %s -
Username:
Password:
""" % (logmethtext, cgi.escape(referer)) + """ % (cgi.escape(referer)) if internal: text += """   (Lost your password?)""" text += """
""" text += "

" return text # perform_logout: display the message of not longer authorized, def perform_logout(req): out ="" out+=""" You are no longer recognized. If you wish you can login here. """ return out #def perform_lost: ask the user for his email, in order to send him the lost password def perform_lost(): out ="" out +="""
If you have lost password for your CERN Document Server internal account, then please enter your email address below and the lost password will be emailed to you.
Note that if you have been using an external login system (such as CERN NICE), then we cannot do anything and you have to ask there. Alternatively, you can ask to change your login system from external to internal.

Email address:
""" return out # perform_emailSent(email): confirm that the password has been emailed to 'email' address def perform_emailSent(email): out ="" out +="Okay, password has been emailed to %s"%email return out # peform_emailMessage : display a error message when the email introduced is not correct, and sugest to try again def perform_emailMessage(eMsg): out ="" out +=""" %s Try again """%eMsg return out # perform_back(): template for return to a previous page, used for login,register and setting def perform_back(mess,act,linkname=''): if not linkname: linkname = act out ="" out+="""
%s %s
"""%(mess,act,linkname) return out diff --git a/modules/websession/lib/webaccount.py.wml b/modules/websession/lib/webaccount.py.wml index c19694913..b64403c53 100644 --- a/modules/websession/lib/webaccount.py.wml +++ b/modules/websession/lib/webaccount.py.wml @@ -1,421 +1,415 @@ ## $Id$ ## CDSware User account information implementation. Useful for youraccount pages. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## $Id$ ## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES. ## read config variables: #include "config.wml" #include "configbis.wml" import sys import string import cgi from config import * from webpage import page from dbquery import run_sql from webuser import getUid,isGuestUser, get_user_preferences, set_user_preferences from access_control_admin import acc_findUserRoleActions from access_control_config import CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS, CFG_EXTERNAL_AUTHENTICATION imagesurl = "%s/img" % weburl # perform_info(): display the main features of CDS personalize def perform_info(req): out = "" uid = getUid(req) out += """

The CDS Search offers you a possibility to personalize the interface, to set up your own personal library of documents, or to set up an automatic alert query that would run periodically and would notify you of search results by email.

Your Settings
Set or change your account Email address or password. Specify your preferences about the way the interface looks like.
Your Searches
View all the searches you performed during the last 30 days.
Your Baskets
With baskets you can define specific collections of items, store interesting records you want to access later or share with others.""" if isGuestUser(uid): out+= warning_guest_user(type="baskets") out += """
Your Alerts
Subscribe to a search which will be run periodically by our service. The result can be sent to you via Email or stored in one of your baskets.""" if isGuestUser(uid): out+= warning_guest_user(type="alerts") if cfg_cern_site: out += """
Your Loans
Check out book you have on load, submit borrowing requests, etc. Requires CERN ID.""" out += """
""" return out def perform_youradminactivities(uid): """Return text for the `Your Admin Activities' box. Analyze whether user UID has some admin roles, and if yes, then print suitable links for the actions he can do. If he's not admin, print a simple non-authorized message.""" if isGuestUser(uid): return """You seem to be the guest user. You have to login first.""" out = "" your_role_actions = acc_findUserRoleActions(uid) your_roles = [] your_admin_activities = [] for (role, action) in your_role_actions: if role not in your_roles: your_roles.append(role) if not your_roles: out += "

You are not authorized to access administrative functions." else: out += "

You seem to be %s. " % string.join(your_roles, ", ") out += "Here are some interesting web admin links for you:" # add actions found by the RBAC: for (role, action) in your_role_actions: if action not in your_admin_activities: your_admin_activities.append(action) # add all actions if user is superadmin, to make sure he'll see all # (since it is not necessary for the superadmin to be connected to actions in RBAC tables): if "superadmin" in your_roles: for action in ["cfgbibformat", "cfgbibrank", "cfgbibindex", "cfgwebaccess", "cfgwebsearch", "cfgwebsubmit"]: if action not in your_admin_activities: your_admin_activities.append(action) # print proposed links: for action in your_admin_activities: if action == "cfgbibformat": out += """
    Configure BibFormat""" % weburl if action == "cfgbibrank": out += """
    Configure BibRank""" % weburl if action == "cfgbibindex": out += """
    Configure BibIndex""" % weburl if action == "cfgwebaccess": out += """
    Configure WebAccess""" % weburl if action == "cfgwebsearch": out += """
    Configure WebSearch""" % weburl if action == "cfgwebsubmit": out += """
    Configure WebSubmit""" % weburl out += """
For more admin-level activities, see the complete Admin Area.""" % weburl return out # perform_display_account(): display a dynamic page that shows the user's account def perform_display_account(req,data,bask,aler,sear): uid = getUid(req) #your account if isGuestUser(uid): user ="guest" accBody = """You are logged in as guest. You may want to login as a regular user

""" bask=aler="""The guest users need to register first""" sear="No queries found" else: user = data[0] accBody ="""You are logged in as %s. You may want to a) logout; b) edit your account settings.

"""%user out ="" out +=template_account("Your Account",accBody) #your baskets out +=template_account("Your Baskets",bask) out +=template_account("Your Alert Searches",aler) out +=template_account("Your Searches",sear) out +=template_account("Your Submissions", """You can consult the list of your submissions and inquire about their status.""" % weburl) out +=template_account("Your Approvals", """You can consult the list of your approvals with the documents you approved or refereed.""" % weburl) out +=template_account("Your Administrative Activities", perform_youradminactivities(uid)) return out # template_account() : it is a template for print each of the options from the user's account def template_account(title,body): out ="" out +="""
%s
%s
""" % (title, body) return out # warning_guest_user(): It returns an alert message,showing that the user is a guest user and should log into the system def warning_guest_user(type): msg="""You are logged in as a guest user, so your %s will disappear at the end of the current session. If you wish you can login or register here. """%type return """
%s
""" % msg ## perform_delete():delete the account of the user, not implement yet def perform_delete(): out = """

Deleting your account""" return out ## perform_set(email,password): edit your account parameters, email and password. def perform_set(email,password): uid = run_sql("SELECT id FROM user where email=%s", (email,)) prefs = get_user_preferences(uid[0][0]) CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS if CFG_EXTERNAL_AUTHENTICATION.has_key(prefs['login_method']) and CFG_EXTERNAL_AUTHENTICATION[prefs['login_method']][1] != True: CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3 text = """

Edit parameters

If you want to change your email address or password, please set new values in the form below.
New email address:
(mandatory)
Example: johndoe@example.com
New password:
(optional)
Note: The password phrase may contain punctuation, spaces, etc.
Retype password:
   

""" % (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2 and "disabled" or "", email, CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3 and "disabled" or "",password, CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3 and "disabled" or "", "") if len(CFG_EXTERNAL_AUTHENTICATION) >= 1: uid = run_sql("SELECT id FROM user where email=%s", (email,)) prefs = get_user_preferences(uid[0][0]) current_login_method = prefs['login_method'] text += """
""" text += """Which login method would you like to use as default?
(Only the selected account can be used to login)

Select account:""" methods = CFG_EXTERNAL_AUTHENTICATION.keys() methods.sort() for system in methods: text += """%s
""" % (system, (current_login_method == system and "checked" or ""), CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4 and "disabled" or "", system) text += """
""" return text ## create_register_page_box(): register a new account def create_register_page_box(referer=''): text = "" if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1: text += """Please enter the values of your preference and choose the register button.""" if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS == 1: text += "The account will not be possible to use before it has been verified and activated." elif CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 2: text += """It is not possible to create an account yourself. Contact if you want an account.""" text += """
""" % (cgi.escape(referer)) if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1: text += """""" text += """
Email address:
(mandatory)
Example: johndoe@example.com
Password:
(optional)
Note: The password phrase may contain punctuation, spaces, etc.
Retype Password:

Note: Please do not use valuable passwords such as your Unix, AFS or NICE passwords with this service. Your email address will stay strictly confidential and will not be disclosed to any third party. It will be used to identify you for personal services of %s. For example, you may set up an automatic alert search that will look for new preprints and will notify you daily of new arrivals by email. """ % (cdsname) return text ## create_login_page_box(): ask for the user's email and password, for login into the system def create_login_page_box(referer=''): text = "" text += """

If you already have an account, please log in by choosing the login button below.
""" internal = None for system in CFG_EXTERNAL_AUTHENTICATION.keys(): if not CFG_EXTERNAL_AUTHENTICATION[system][0]: internal = system break if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1 and internal: text += """If you don't own an account yet, please register an internal account.""" else: text += """It is not possible to create an account yourself. Contact if you want an account.""" text += """""" if len(CFG_EXTERNAL_AUTHENTICATION) > 1: logmethtext = """" else: for system in CFG_EXTERNAL_AUTHENTICATION.keys(): logmethtext = """%s""" % (system, system) text += """ - - - - -
Login via: - %s -
Username:
Password:
""" % (logmethtext, cgi.escape(referer)) + """ % (cgi.escape(referer)) if internal: text += """   (Lost your password?)""" text += """
""" text += "

" return text # perform_logout: display the message of not longer authorized, def perform_logout(req): out ="" out+=""" You are no longer recognized. If you wish you can login here. """ return out #def perform_lost: ask the user for his email, in order to send him the lost password def perform_lost(): out ="" out +="""
If you have lost password for your CERN Document Server internal account, then please enter your email address below and the lost password will be emailed to you.
Note that if you have been using an external login system (such as CERN NICE), then we cannot do anything and you have to ask there. Alternatively, you can ask to change your login system from external to internal.

Email address:
""" return out # perform_emailSent(email): confirm that the password has been emailed to 'email' address def perform_emailSent(email): out ="" out +="Okay, password has been emailed to %s"%email return out # peform_emailMessage : display a error message when the email introduced is not correct, and sugest to try again def perform_emailMessage(eMsg): out ="" out +=""" %s Try again """%eMsg return out # perform_back(): template for return to a previous page, used for login,register and setting def perform_back(mess,act,linkname=''): if not linkname: linkname = act out ="" out+="""
%s %s
"""%(mess,act,linkname) return out