diff --git a/modules/webaccess/lib/access_control_config.py b/modules/webaccess/lib/access_control_config.py
index 2760006ef..4b9a801cb 100644
--- a/modules/webaccess/lib/access_control_config.py
+++ b/modules/webaccess/lib/access_control_config.py
@@ -1,136 +1,136 @@
## $Id$
##
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""CDS Invenio Access Control Config. """
__version__ = "$Id$"
## global configuration parameters:
from invenio.config import *
## local configuration parameters:
from invenio.external_authentication import *
# VALUES TO BE EXPORTED
# CURRENTLY USED BY THE FILES access_control_engine.py access_control_admin.py webaccessadmin_lib.py
# name of the role giving superadmin rights
SUPERADMINROLE = 'superadmin'
# name of the webaccess webadmin role
WEBACCESSADMINROLE = 'webaccessadmin'
# name of the action allowing roles to access the web administrator interface
WEBACCESSACTION = 'cfgwebaccess'
# name of the action allowing roles to delegate the rights to other roles
# ex: libraryadmin to delegate libraryworker
DELEGATEADDUSERROLE = 'accdelegaterole'
# max number of users to display in the drop down selects
MAXSELECTUSERS = 25
# max number of users to display in a page (mainly for user area)
MAXPAGEUSERS = 25
# Use external source for access control?
# Atleast one must be added
# Adviced not to change the name, since it is used to identify the account
# Format is: System name: (System class, Default True/Flase), atleast one must be default
CFG_EXTERNAL_AUTHENTICATION = {"%s (internal)" % cdsname: (None, True)}
#CFG_EXTERNAL_AUTHENTICATION = {"%s (internal)" % cdsname: (None, True), "CERN NICE (external)": (external_auth_nice(), False)}
# default data for the add_default_settings function
# roles
# name description
def_roles = ((SUPERADMINROLE, 'superuser with all rights'),
('photoadmin', 'Photo collection administrator'),
(WEBACCESSADMINROLE, 'WebAccess administrator'))
# users
# list of e-mail addresses
def_users = []
# actions
# name desc allowedkeywords optional
def_actions = (
('cfgwebsearch', 'configure WebSearch', '', 'no'),
('cfgbibformat', 'configure BibFormat', '', 'no'),
('cfgwebsubmit', 'configure WebSubmit', '', 'no'),
('runbibindex', 'run BibIndex', '', 'no'),
('runbibupload', 'run BibUpload', '', 'no'),
('runwebcoll', 'run webcoll', 'collection', 'yes'),
('runbibformat', 'run BibFormat', 'format', 'yes'),
(WEBACCESSACTION, 'configure WebAccess', '', 'no'),
(DELEGATEADDUSERROLE, 'delegate subroles inside WebAccess', 'role', 'no'),
('runbibtaskex', 'run BibTaskEx example', '', 'no'),
('referee', 'referee document type doctype/category categ', 'doctype,categ', 'yes'),
('submit', 'use webSubmit', 'doctype,act', 'yes'),
('runbibrank', 'run BibRank', '', 'no'),
('cfgbibrank', 'configure BibRank', '', 'no'),
('cfgbibharvest', 'configure BibHarvest', '', 'no'),
('runoaiharvest', 'run oaiharvest task', '', 'no'),
('cfgwebcomment', 'configure WebComment', '', 'no'),
)
# authorizations
# role action arglistid optional arguments
def_auths = (
(SUPERADMINROLE, 'cfgwebsearch', -1, 0, {}),
(SUPERADMINROLE, 'cfgbibformat', -1, 0, {}),
(SUPERADMINROLE, 'cfgwebsubmit', -1, 0, {}),
(SUPERADMINROLE, 'runbibindex', -1, 0, {}),
(SUPERADMINROLE, 'runbibupload', -1, 0, {}),
(SUPERADMINROLE, 'runbibformat', -1, 1, {}),
(SUPERADMINROLE, WEBACCESSACTION, -1, 0, {}),
('photoadmin', 'runwebcoll', -1, 0, {'collection': 'Pictures'}),
(WEBACCESSADMINROLE,WEBACCESSACTION, -1, 0, {}),
(SUPERADMINROLE, 'runtaskex', -1, 0, {}),
(SUPERADMINROLE, 'referee', -1, 1, {}),
(SUPERADMINROLE, 'submit', -1, 1, {}),
(SUPERADMINROLE, 'runbibrank', -1, 0, {}),
(SUPERADMINROLE, 'cfgbibrank', -1, 0, {}),
(SUPERADMINROLE, 'cfgbibharvest', -1, 0, {}),
(SUPERADMINROLE, 'runoaiharvest', -1, 0, {}),
(SUPERADMINROLE, 'cfgwebcomment', -1, 0, {}),
)
cfg_webaccess_msgs = {
- 0: 'Try to <a href="%s/youraccount.py/login?referer=%s/admin/%s">login</a> with another account.' % (weburl, weburl, "%s"),
+ 0: 'Try to <a href="%s/youraccount.py/login?referer=%s/admin/%s">login</a> with another account.' % (sweburl, sweburl, "%s"),
1: '<br>If you think this is not correct, please contact: <a href="mailto:%s">%s</a>' % (supportemail, supportemail),
2: '<br>If you have any questions, please write to <a href="mailto:%s">%s</a>' % (supportemail, supportemail),
- 3: 'Guest users are not allowed, please <a href="%s/youraccount.py/login">login</a>.' % weburl,
+ 3: 'Guest users are not allowed, please <a href="%s/youraccount.py/login">login</a>.' % sweburl,
4: 'The site is temporarily closed for maintenance. Please come back soon.',
5: 'Authorization failure',
6: '%s temporarily closed' % cdsname,
7: 'This functionality is temporarily closed due to server maintenance. Please use only the search engine in the meantime.',
8: 'Functionality temporarily closed'
}
cfg_webaccess_warning_msgs = {
0: 'Authorization granted',
1: 'Error(1): You are not authorized to perform this action.',
2: 'Error(2): You are not authorized to perform any action.',
3: 'Error(3): The action %s does not exist.',
4: 'Error(4): Unexpected error occurred.',
5: 'Error(5): Missing mandatory keyword argument(s) for this action.',
6: 'Error(6): Guest accounts are not authorized to perform this action.',
7: 'Error(7): Not enough arguments, user ID and action name required.',
8: 'Error(8): Incorrect keyword argument(s) for this action.',
9: """Error(9): Account '%s' is not yet activated.""",
10: """Error(10): You were not authorized by the authentication method '%s'.""",
11: """Error(11): The selected login method '%s' is not the default method for this account, please try another one.""",
12: """Error(12): Selected login method '%s' does not exist.""",
13: """Error(13): Could not register '%s' account.""",
14: """Error(14): Could not login using '%s', because this user is unknown.""",
15: """Error(15): Could not login using your '%s' account, because you have introduced a wrong password."""
}
diff --git a/modules/webaccess/lib/webaccessadmin_lib.py b/modules/webaccess/lib/webaccessadmin_lib.py
index 6e5765d09..775e89f9a 100644
--- a/modules/webaccess/lib/webaccessadmin_lib.py
+++ b/modules/webaccess/lib/webaccessadmin_lib.py
@@ -1,3430 +1,3430 @@
## $Id$
## Administrator interface for WebAccess
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""CDS Invenio WebAccess Administrator Interface."""
__lastupdated__ = """$Date$"""
## fill config variables:
import cgi
import re
import random
import MySQLdb
import string
import smtplib
from mod_python import apache
import invenio.access_control_engine as acce
import invenio.access_control_admin as acca
from invenio.bibrankadminlib import adderrorbox,addadminbox,tupletotable,tupletotable_onlyselected,addcheckboxes,createhiddenform
from invenio.access_control_config import *
from invenio.dbquery import run_sql
from invenio.config import *
from invenio.webpage import page, pageheaderonly, pagefooteronly
from invenio.webuser import getUid, get_email, page_not_authorized
from invenio.search_engine import print_record
from invenio.webuser import checkemail, get_user_preferences, set_user_preferences
__version__ = "$Id$"
def index(req, title='', body='', subtitle='', adminarea=2, authorized=0):
"""main function to show pages for webaccessadmin.
1. if user not logged in and administrator, show the mustlogin page
2. if used without body argument, show the startpage
3. show admin page with title, body, subtitle and navtrail.
adminarea - number codes that tell what extra info to put in the navtrail
0 - nothing extra
1 - add Delegate Rights
2 - add Manage WebAccess
maybe add:
3: role admin
4: action admin
5: user area
6: reset area
authorized - if 1, don't check if the user is allowed to be webadmin """
navtrail_previous_links = """<a class=navtrail href="%s/admin/">Admin Area</a> > <a class=navtrail href="%s/admin/webaccess/">WebAccess Admin</a> """ % (weburl, weburl)
if body:
if adminarea == 1: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py/delegate_startarea>Delegate Rights</a> ' % (weburl, )
if adminarea >= 2 and adminarea < 7: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py>Manage WebAccess</a> ' % (weburl, )
if adminarea == 3: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py/rolearea>Role Administration</a> ' % (weburl, )
elif adminarea == 4: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py/actionarea>Action Administration</a> ' % (weburl, )
elif adminarea == 5: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py/userarea>User Administration</a> ' % (weburl, )
elif adminarea == 6: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py/resetarea>Reset Authorizations</a> ' % (weburl, )
elif adminarea == 7: navtrail_previous_links += '> <a class=navtrail href=%s/admin/webaccess/webaccessadmin.py/manageaccounts>Manage Accounts</a> ' % (weburl, )
id_user = getUid(req)
(auth_code, auth_message) = is_adminuser(req)
if not authorized and auth_code != 0: return mustloginpage(req, auth_message)
elif not body:
title = 'Manage WebAccess'
body = startpage()
elif type(body) != str: body = addadminbox(subtitle, datalist=body)
return page(title=title,
uid=id_user,
body=body,
navtrail=navtrail_previous_links,
lastupdated=__lastupdated__)
def mustloginpage(req, message):
"""show a page asking the user to login."""
navtrail_previous_links = """<a class=navtrail href="%s/admin/">Admin Area</a> > <a class=navtrail href="%s/admin/webaccess/">WebAccess Admin</a> """ % (weburl, weburl)
return page_not_authorized(req=req, text=message, navtrail=navtrail_previous_links)
def is_adminuser(req):
"""check if user is a registered administrator. """
id_user = getUid(req)
return acce.acc_authorize_action(id_user, WEBACCESSACTION)
def perform_rolearea(req):
"""create the role area menu page."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
header = ['id', 'name', 'description', 'users', 'authorizations / actions', 'role', '']
roles = acca.acc_getAllRoles()
roles2 = []
for (id, name, desc) in roles:
if len(desc) > 30: desc = desc[:30] + '...'
roles2.append([id, name, desc])
for col in [(('add', 'adduserrole'),
('remove', 'deleteuserrole')),
(('add', 'addauthorization'),
('modify', 'modifyauthorizations'),
('remove', 'deleteroleaction')),
(('delete', 'deleterole'), ),
(('show details', 'showroledetails'), )]:
roles2[-1].append('<a href="%s?id_role=%s">%s</a>' % (col[0][1], id, col[0][0]))
for (str, function) in col[1:]:
roles2[-1][-1] += ' / <a href="%s?id_role=%s">%s</a>' % (function, id, str)
output = """
<dl>
<dt>Users:</dt>
<dd>add or remove users from the access to a role and its priviliges.</dd>
<dt>Authorizations/Actions:</dt>
<dd>these terms means almost the same, but an authorization is a <br>
connection between a role and an action (possibly) containing arguments.</dd>
<dt>Roles:</dt>
<dd>see all the information attached to a role and decide if you want to<br>delete it.</dd>
</dl>
"""
output += tupletotable(header=header, tuple=roles2)
extra = """
<dl>
<dt><a href="addrole">Create new role</a></dt>
<dd>go here to add a new role.</dd>
<dt><a href="addaction">Create new action</a></dt>
<dd>go here to add a new action.</dd>
</dl>
"""
return index(req=req,
title='Role Administration',
subtitle='administration with roles as access point',
body=[output, extra],
adminarea=2)
def perform_actionarea(req):
"""create the action area menu page."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
header = ['id', 'name', 'authorizations/roles', 'action', '']
actions = acca.acc_getAllActions()
actions2 = []
roles2 = []
for (id, name, dontcare) in actions:
actions2.append([id, name])
for col in [(('add', 'addauthorization'),
('modify', 'modifyauthorizations'),
('remove', 'deleteroleaction')),
(('delete', 'deleteaction'), ),
(('show details', 'showactiondetails'), )]:
actions2[-1].append('<a href="%s?id_action=%s&reverse=1">%s</a>' % (col[0][1], id, col[0][0]))
for (str, function) in col[1:]:
actions2[-1][-1] += ' / <a href="%s?id_action=%s&reverse=1">%s</a>' % (function, id, str)
output = """
<dl>
<dt>Authorizations/Roles:</dt>
<dd>these terms means almost the same, but an authorization is a <br>
connection between a role and an action (possibly) containing arguments.</dd>
<dt>Actions:</dt>
<dd>see all the information attached to an action and decide if you want to<br>delete it.</dd>
</dl>
"""
output += tupletotable(header=header, tuple=actions2)
extra = """
<dl>
<dt><a href="addrole">Create new role</a>
<dd>go here to add a new role.
<dt><a href="addaction">Create new action</a>
<dd>go here to add a new action.
</dl>
"""
return index(req=req,
title='Action Administration',
subtitle='administration with actions as access point',
body=[output, extra],
adminarea=2)
def perform_userarea(req, email_user_pattern=''):
"""create area to show info about users. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = 'step 1 - search for users'
output = """
<p>
search for users to display.
</p> """
# remove letters not allowed in an email
email_user_pattern = cleanstring_email(email_user_pattern)
text = ' <span class="adminlabel">1. search for user</span>\n'
text += ' <input class="admin_wvar" type="text" name="email_user_pattern" value="%s" />\n' % (email_user_pattern, )
output += createhiddenform(action="userarea",
text=text,
button="search for users")
if email_user_pattern:
users1 = run_sql("""SELECT id, email FROM user WHERE email RLIKE '%s' ORDER BY email LIMIT %s""" % (email_user_pattern, MAXPAGEUSERS+1))
if not users1:
output += '<p>no matching users</p>'
else:
subtitle = 'step 2 - select what to do with user'
users = []
for (id, email) in users1[:MAXPAGEUSERS]:
users.append([id, email])
for col in [(('add', 'addroleuser'),
('remove', 'deleteuserrole')),
(('show details', 'showuserdetails'), )]:
users[-1].append('<a href="%s?email_user_pattern=%s&id_user=%s">%s</a>' % (col[0][1], email_user_pattern, id, col[0][0]))
for (str, function) in col[1:]:
users[-1][-1] += ' / <a href="%s?email_user_pattern=%s&id_user=%s&reverse=1">%s</a>' % (function, email_user_pattern, id, str)
output += '<p>found <strong>%s</strong> matching users:</p>' % (len(users1), )
output += tupletotable(header=['id', 'email', 'roles', ''], tuple=users)
if len(users1) > MAXPAGEUSERS:
output += '<p><strong>only showing the first %s users, narrow your search...</strong></p>' % (MAXPAGEUSERS, )
return index(req=req,
title='User Administration',
subtitle=subtitle,
body=[output],
adminarea=2)
def perform_resetarea(req):
"""create the reset area menu page."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
output = """
<dl>
<dt><a href="resetdefaultsettings">Reset to Default Authorizations</a>
<dd>remove all changes that has been done to the roles and <br>
add only the default authorization settings.
<dt><a href="adddefaultsettings">Add Default Authorizations</a>
<dd>keep all changes and add the default authorization settings.
</dl>
"""
return index(req=req,
title='Reset Authorizations',
subtitle='reseting to or adding default authorizations',
body=[output],
adminarea=2)
def perform_resetdefaultsettings(req, superusers=[], confirm=0):
"""delete all roles, actions and authorizations presently in the database
and add only the default roles.
only selected users will be added to superadmin, rest is blank """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
# cleaning input
if type(superusers) == str: superusers = [superusers]
# remove not valid e-mails
for email in superusers:
if not check_email(email): superusers.remove(email)
# instructions
output = """
<p>
before you reset the settings, we need some users<br>
to connect to <strong>%s</strong>.<br>
enter as many e-mail adresses you want and press <strong>reset</strong>.<br>
<strong>confirm reset settings</strong> when you have added enough e-mails.<br>
<strong>%s</strong> is added as default.
</p>""" % (SUPERADMINROLE, supportemail)
# add more superusers
output += """
<p>enter user e-mail addresses: </p>
<form action="resetdefaultsettings" method="POST">"""
for email in superusers:
output += ' <input type="hidden" name="superusers" value="%s" />' % (email, )
output += """
<span class="adminlabel">e-mail</span>
<input class="admin_wvar" type="text" name="superusers" />
<input class="adminbutton" type="submit" value="add e-mail" />
</form>"""
if superusers:
# remove emails
output += """
<form action="resetdefaultsettings" method="POST">
have you entered wrong data?
<input class="adminbutton" type="submit" value="remove all e-mails" />
</form>
"""
# superusers confirm table
start = '<form action="resetdefaultsettings" method="POST">'
extra = ' <input type="hidden" name="confirm" value="1" />'
for email in superusers:
extra += '<input type="hidden" name="superusers" value="%s" />' % (email, )
extra += ' <input class="adminbutton" type="submit" value="confirm to reset settings" />'
end = '</form>'
output += '<p><strong>reset default settings</strong> with the users below? </p>'
output += tupletotable(header=['e-mail address'],
tuple=superusers,
start=start,
extracolumn=extra,
end=end)
if confirm in [1, "1"]:
res = acca.acc_reset_default_settings(superusers)
if res:
output += '<p>successfully reset default settings</p>'
else:
output += '<p>sorry, could not reset default settings</p>'
return index(req=req,
title='Reset Default Settings',
subtitle='reset settings',
body=[output],
adminarea=6)
def perform_adddefaultsettings(req, superusers=[], confirm=0):
"""add the default settings, and keep everything else.
probably nothing will be deleted, except if there has been made changes to the defaults."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
# cleaning input
if type(superusers) == str: superusers = [superusers]
# remove not valid e-mails
for email in superusers:
if not check_email(email): superusers.remove(email)
# instructions
output = """
<p>
before you add the settings, we need some users<br>
to connect to <strong>%s</strong>.<br>
enter as many e-mail adresses you want and press <strong>add</strong>.<br>
<strong>confirm add settings</strong> when you have added enough e-mails.<br>
<strong>%s</strong> is added as default.
</p>""" % (SUPERADMINROLE, supportemail)
# add more superusers
output += """
<p>enter user e-mail addresses: </p>
<form action="adddefaultsettings" method="POST">"""
for email in superusers:
output += ' <input type="hidden" name="superusers" value="%s" />' % (email, )
output += """
<span class="adminlabel">e-mail</span>
<input class="admin_wvar" type="text" name="superusers" />
<input class="adminbutton" type="submit" value="add e-mail" />
</form>
"""
if superusers:
# remove emails
output += """
<form action="adddefaultsettings" method="POST">
have you entered wrong data?
<input class="adminbutton" type="submit" value="remove all e-mails" />
</form>
"""
# superusers confirm table
start = '<form action="adddefaultsettings" method="POST">'
extra = ' <input type="hidden" name="confirm" value="1" />'
for email in superusers:
extra += '<input type="hidden" name="superusers" value="%s" />' % (email, )
extra += ' <input class="adminbutton" type="submit" value="confirm to add settings" />'
end = '</form>'
output += '<p><strong>add default settings</strong> with the users below? </p>'
output += tupletotable(header=['e-mail address'],
tuple=superusers,
start=start,
extracolumn=extra,
end=end)
if confirm in [1, "1"]:
res = acca.acc_add_default_settings(superusers)
if res:
output += '<p>successfully added default settings</p>'
else:
output += '<p>sorry, could not add default settings</p>'
return index(req=req,
title='Add Default Settings',
subtitle='add settings',
body=[output],
adminarea=6)
def perform_manageaccounts(req, mtype='', content='', confirm=0):
"""start area for managing accounts."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = 'Overview'
fin_output = ''
fin_output += """
<table>
<tr>
<td><b>Menu</b></td>
</tr>
<tr>
<td>0. <small><a href="%s/admin/webaccess/webaccessadmin.py/manageaccounts?mtype=perform_showall">Show all</a></small></td>
<td>1. <small><a href="%s/admin/webaccess/webaccessadmin.py/manageaccounts?mtype=perform_accesspolicy#1">Access policy</a></
small></td>
<td>2. <small><a href="%s/admin/webaccess/webaccessadmin.py/manageaccounts?mtype=perform_accountoverview#2">Account overview</a></
small></td>
<td>3. <small><a href="%s/admin/webaccess/webaccessadmin.py/manageaccounts?mtype=perform_createaccount#3">Create account</a></
small></td>
<td>4. <small><a href="%s/admin/webaccess/webaccessadmin.py/manageaccounts?mtype=perform_modifyaccounts#4">Edit accounts</a></small></
td>
</tr>
</table>
""" % (weburl, weburl, weburl, weburl, weburl)
if mtype == "perform_accesspolicy" and content:
fin_output += content
elif mtype == "perform_accesspolicy" or mtype == "perform_showall":
fin_output += perform_accesspolicy(req, callback='')
fin_output += "<br>"
if mtype == "perform_accountoverview" and content:
fin_output += content
elif mtype == "perform_accountoverview" or mtype == "perform_showall":
fin_output += perform_accountoverview(req, callback='')
fin_output += "<br>"
if mtype == "perform_createaccount" and content:
fin_output += content
elif mtype == "perform_createaccount" or mtype == "perform_showall":
fin_output += perform_createaccount(req, callback='')
fin_output += "<br>"
if mtype == "perform_modifyaccounts" and content:
fin_output += content
elif mtype == "perform_modifyaccounts" or mtype == "perform_showall":
fin_output += perform_modifyaccounts(req, callback='')
fin_output += "<br>"
return index(req=req,
title='Manage Accounts',
subtitle=subtitle,
body=[fin_output],
adminarea=0,
authorized=1)
def perform_accesspolicy(req, callback='yes', confirm=0):
"""Modify default behaviour of a guest user or if new accounts should automatically/manually be modified."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="1"></a>1. Access policy.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
account_policy = {}
account_policy[0] = "Users can register new accounts. New accounts automatically activated."
account_policy[1] = "Users can register new accounts. Admin users must activate the accounts."
account_policy[2] = "Only admin can register new accounts. User cannot edit email address."
account_policy[3] = "Only admin can register new accounts. User cannot edit email address or password."
account_policy[4] = "Only admin can register new accounts. User cannot edit email address,password or login method."
site_policy = {}
site_policy[0] = "Normal operation of the site."
site_policy[1] = "Read-only site, all write operations temporarily closed."
site_policy[2] = "Site fully closed."
output = "(Modifications must be done in access_control_config.py)<br>"
output += "<br><b>Current settings:</b><br>"
output += "Site status: %s<br>" % (site_policy[CFG_ACCESS_CONTROL_LEVEL_SITE])
output += "Guest accounts allowed: %s<br>" % (CFG_ACCESS_CONTROL_LEVEL_GUESTS == 0 and "Yes" or "No")
output += "Account policy: %s<br>" % (account_policy[CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS])
output += "Allowed email addresses limited: %s<br>" % (CFG_ACCESS_CONTROL_LIMIT_REGISTRATION_TO_DOMAIN and CFG_ACCESS_CONTROL_LIMIT_REGISTRATION_TO_DOMAIN or "Not limited")
output += "Send email to admin when new account: %s<br>" % (CFG_ACCESS_CONTROL_NOTIFY_ADMIN_ABOUT_NEW_ACCOUNTS == 1 and "Yes" or "No")
output += "Send email to user after creating new account: %s<br>" % (CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT == 1 and "Yes" or "No")
output += "Send email to user when account is activated: %s<br>" % (CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_ACTIVATION == 1 and "Yes" or "No")
output += "Send email to user when account is deleted/rejected: %s<br>" % (CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_DELETION == 1 and "Yes" or "No")
output += "<br>"
output += "<b>Available 'login via' methods:</b><br>"
methods = CFG_EXTERNAL_AUTHENTICATION.keys()
methods.sort()
for system in methods:
output += """%s %s<br>""" % (system, (CFG_EXTERNAL_AUTHENTICATION[system][1] and "(Default)" or ""))
output += "<br><b>Changing the settings:</b><br>"
output += "Currently, all changes must be done using your favourite editor, and the webserver restarted for changes to take effect. For the settings to change, either look in the guide or in access_control_config.py ."
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_manageaccounts(req, "perform_accesspolicy", addadminbox(subtitle, body))
else:
return addadminbox(subtitle, body)
def perform_accountoverview(req, callback='yes', confirm=0):
"""Modify default behaviour of a guest user or if new accounts should automatically/manually be modified."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="2"></a>2. Account overview.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
output = ""
res = run_sql("SELECT COUNT(*) FROM user WHERE email=''")
output += "Guest accounts: %s<br>" % res[0][0]
res = run_sql("SELECT COUNT(*) FROM user WHERE email!=''")
output += "Registered accounts: %s<br>" % res[0][0]
res = run_sql("SELECT COUNT(*) FROM user WHERE email!='' AND note='0' OR note IS NULL")
output += "Inactive accounts: %s " % res[0][0]
if res[0][0] > 0:
output += ' [<a href="modifyaccounts?email_user_pattern=&limit_to=disabled&maxpage=25&page=1">Activate/Reject accounts</a>]'
res = run_sql("SELECT COUNT(*) FROM user")
output += "<br>Total nr of accounts: %s<br>" % res[0][0]
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_manageaccounts(req, "perform_accountoverview", addadminbox(subtitle, body))
else:
return addadminbox(subtitle, body)
def perform_createaccount(req, email='', password='', callback='yes', confirm=0):
"""Modify default behaviour of a guest user or if new accounts should automatically/manually be modified."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="3"></a>3. Create account.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
output = ""
text = ' <span class="adminlabel">Email:</span>\n'
text += ' <input class="admin_wvar" type="text" name="email" value="%s" /><br>' % (email, )
text += ' <span class="adminlabel">Password:</span>\n'
text += ' <input class="admin_wvar" type="text" name="password" value="%s" /><br>' % (password, )
output += createhiddenform(action="createaccount",
text=text,
confirm=1,
button="Create")
if confirm in [1, "1"] and email and checkemail(email):
res = run_sql("SELECT * FROM user WHERE email='%s'" % MySQLdb.escape_string(email))
if not res:
res = run_sql("INSERT INTO user (email,password, note) values('%s','%s', '1')" % (MySQLdb.escape_string(email), MySQLdb.escape_string(password)))
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT == 1:
emailsent = sendNewUserAccountWarning(email, email, password)
if password:
output += '<b><span class="info">Account created with password and activated.</span></b>'
else:
output += '<b><span class="info">Account created without password and activated.</span></b>'
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT == 1:
if emailsent:
output += '<br><b><span class="info">An email has been sent to the owner of the account.</span></b>'
else:
output += '<br><b><span class="important">Could not send an email to the owner of the account.</span></b>'
else:
output += '<b><span class="info">An account with the same email already exists.</span></b>'
elif confirm in [1, "1"]:
output += '<b><span class="info">Please specify an valid email-address.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_manageaccounts(req, "perform_createaccount", addadminbox(subtitle, body))
else:
return addadminbox(subtitle, body)
def perform_modifyaccountstatus(req, userID, email_user_pattern, limit_to, maxpage, page, callback='yes', confirm=0):
"""set a disabled account to enabled and opposite"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
res = run_sql("SELECT id, email, note, password FROM user WHERE id=%s" % userID)
output = ""
if res:
if res[0][2] in [0, "0", None]:
res2 = run_sql("UPDATE user SET note=1 WHERE id=%s" % userID)
output += """<b><span class="info">The account '%s' has been activated.</span></b>""" % res[0][1]
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_ACTIVATION == 1:
emailsent = sendAccountActivatedMessage(res[0][1], res[0][1], res[0][3])
if emailsent:
output += """<br><b><span class="info">An email has been sent to the owner of the account.</span></b>"""
else:
output += """<br><b><span class="info">Could not send an email to the owner of the account.</span></b>"""
elif res[0][2] in [1, "1"]:
res2 = run_sql("UPDATE user SET note=0 WHERE id=%s" % userID)
output += """<b><span class="info">The account '%s' has been set inactive.</span></b>""" % res[0][1]
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_modifyaccounts(req, email_user_pattern, limit_to, maxpage, page, content=output, callback='yes')
else:
return addadminbox(subtitle, body)
def perform_editaccount(req, userID, mtype='', content='', callback='yes', confirm=-1):
"""form to modify an account. this method is calling other methods which again is calling this and sending back the output of the method.
if callback, the method will call perform_editcollection, if not, it will just return its output.
userID - id of the user
mtype - the method that called this method.
content - the output from that method."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
res = run_sql("SELECT id, email FROM user WHERE id=%s" % userID)
if not res:
if mtype == "perform_deleteaccount":
text = """<b><span class="info">The selected account has been deleted, to continue editing, go back to 'Manage Accounts'.</span></b>"""
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_DELETION == 1:
text += """<br><b><span class="info">An email has been sent to the owner of the account.</span></b>"""
else:
text = """<b><span class="info">The selected accounts does not exist, please go back and select an account to edit.</span></b>"""
return index(req=req,
title='Edit Account',
subtitle="Edit account",
body=[text],
adminarea=7,
authorized=1)
fin_output = """
<table>
<tr>
<td><b>Menu</b></td>
</tr>
<tr>
<td>0. <small><a href="%s/admin/webaccess/webaccessadmin.py/editaccount?userID=%s">Show all</a></small></td>
<td>1. <small><a href="%s/admin/webaccess/webaccessadmin.py/editaccount?userID=%s&mtype=perform_modifylogindata">Modify login-data</a></small></td>
<td>2. <small><a href="%s/admin/webaccess/webaccessadmin.py/editaccount?userID=%s&mtype=perform_modifybasket">Modify baskets</a></small></td>
<td>3. <small><a href="%s/admin/webaccess/webaccessadmin.py/editaccount?userID=%s&mtype=perform_modifyalerts">Modify alerts</a></small></td>
<td>4. <small><a href="%s/admin/webaccess/webaccessadmin.py/editaccount?userID=%s&mtype=perform_modifypreferences">Modify preferences</a></small></td>
</tr><tr>
<td>5. <small><a href="%s/admin/webaccess/webaccessadmin.py/editaccount?userID=%s&mtype=perform_deleteaccount">Delete account</a></small></td>
</tr>
</table>
""" % (weburl, userID, weburl, userID, weburl, userID, weburl, userID, weburl, userID, weburl, userID)
if mtype == "perform_modifylogindata" and content:
fin_output += content
elif mtype == "perform_modifylogindata" or not mtype:
fin_output += perform_modifylogindata(req, userID, callback='')
if mtype == "perform_modifybasket" and content:
fin_output += content
elif mtype == "perform_modifybasket" or not mtype:
fin_output += perform_modifybasket(req, userID, callback='')
if mtype == "perform_modifypreferences" and content:
fin_output += content
elif mtype == "perform_modifypreferences" or not mtype:
fin_output += perform_modifypreferences(req, userID, callback='')
if mtype == "perform_modifyalerts" and content:
fin_output += content
elif mtype == "perform_modifyalerts" or not mtype:
fin_output += perform_modifyalerts(req, userID, callback='')
if mtype == "perform_deleteaccount" and content:
fin_output += content
elif mtype == "perform_deleteaccount" or not mtype:
fin_output += perform_deleteaccount(req, userID, callback='')
return index(req=req,
title='Edit Account',
subtitle="Edit account '%s'" % res[0][1],
body=[fin_output],
adminarea=7,
authorized=1)
def perform_modifybasket(req, userID, callback='yes', confirm=0):
"""modify email and password of an account"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="2"></a>2. Modify baskets.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
res = run_sql("SELECT id, email, password FROM user WHERE id=%s" % userID)
output = ""
if res:
text = """To modify the baskets for this account, you have to login as the user."""
- output += createhiddenform(action="%s/youraccount.py/login?" % weburl,
+ output += createhiddenform(action="%s/youraccount.py/login?" % sweburl,
text=text,
p_email=res[0][1],
p_pw=res[0][2],
referer="%s/yourbaskets.py/display" % weburl,
button="Login")
output += "Remember that you will be logged out as the current user."
#baskets = run_sql("SELECT basket.id, basket.name, basket.public FROM basket, user_basket WHERE id_user=%s and user_basket.id_basket=basket.id" % userID)
#output += "<table><tr>"
#for (id, name, public) in baskets:
# output += "<tr><td>%s<br>Public: %s</td></tr>" % (name, (public=="y" and "Yes" or "No"))
# basket_records = run_sql("SELECT id_record, nb_order FROM basket_record WHERE id_basket=%s" % id)
# for (id_record, nb_order) in basket_records:
# output += "<tr><td></td><td>"
# output += print_record(id_record)
# output += "</td></tr>"
#
#output += "</tr></table>"
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_editaccount(req, userID, mtype='perform_modifybasket', content=addadminbox(subtitle, body), callback='yes')
else:
return addadminbox(subtitle, body)
def perform_modifylogindata(req, userID, email='', password='', callback='yes', confirm=0):
"""modify email and password of an account"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="1"></a>1. Edit login-data.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
res = run_sql("SELECT id, email, password FROM user WHERE id=%s" % userID)
output = ""
if res:
if not email and not password:
email = res[0][1]
password = res[0][2]
text = ' <span class="adminlabel">Account id:</span>%s<br>\n' % userID
text += ' <span class="adminlabel">Email:</span>\n'
text += ' <input class="admin_wvar" type="text" name="email" value="%s" /><br>' % (email, )
text += ' <span class="adminlabel">Password:</span>\n'
text += ' <input class="admin_wvar" type="text" name="password" value="%s" /><br>' % (password, )
output += createhiddenform(action="modifylogindata",
text=text,
userID=userID,
confirm=1,
button="Modify")
if confirm in [1, "1"] and email and checkemail(email):
res = run_sql("UPDATE user SET email='%s' WHERE id=%s" % (MySQLdb.escape_string(email), userID))
res = run_sql("UPDATE user SET password='%s' WHERE id=%s" % (MySQLdb.escape_string(password), userID))
output += '<b><span class="info">Email and/or password modified.</span></b>'
elif confirm in [1, "1"]:
output += '<b><span class="info">Please specify an valid email-address.</span></b>'
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_editaccount(req, userID, mtype='perform_modifylogindata', content=addadminbox(subtitle, body), callback='yes')
else:
return addadminbox(subtitle, body)
def perform_modifyalerts(req, userID, callback='yes', confirm=0):
"""modify email and password of an account"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="3"></a>3. Modify alerts.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
res = run_sql("SELECT id, email, password FROM user WHERE id=%s" % userID)
output = ""
if res:
text = """To modify the alerts for this account, you have to login as the user."""
- output += createhiddenform(action="%s/youraccount.py/login?" % weburl,
+ output += createhiddenform(action="%s/youraccount.py/login?" % sweburl,
text=text,
p_email=res[0][1],
p_pw=res[0][2],
referer="%s/youralerts.py/display" % weburl,
button="Login")
output += "Remember that you will be logged out as the current user."
res= """ SELECT q.id, q.urlargs, a.id_basket,
a.alert_name, a.frequency, a.notification,
DATE_FORMAT(a.date_creation,'%%d %%b %%Y'),
DATE_FORMAT(a.date_lastrun,'%%d %%b %%Y')
FROM query q, user_query_basket a
WHERE a.id_user='%s' AND a.id_query=q.id
ORDER BY a.alert_name ASC """ % userID
#res = run_sql(res)
#for (qID, qurlargs, id_basket, alertname, frequency, notification, date_creation, date_lastrun) in res:
# output += "%s - %s - %s - %s - %s - %s - %s<br>" % (qID, id_basket, alertname, frequency, notification, date_creation, date_lastrun)
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_editaccount(req, userID, mtype='perform_modifyalerts', content=addadminbox(subtitle, body), callback='yes')
else:
return addadminbox(subtitle, body)
def perform_modifypreferences(req, userID, login_method='', callback='yes', confirm=0):
"""modify email and password of an account"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="4"></a>4. Modify preferences.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
res = run_sql("SELECT id, email, password FROM user WHERE id=%s" % userID)
output = ""
if res:
user_pref = get_user_preferences(userID)
if confirm in [1, "1"]:
if login_method:
user_pref['login_method'] = login_method
set_user_preferences(userID, user_pref)
output += "Select default login method:<br>"
text = ""
methods = CFG_EXTERNAL_AUTHENTICATION.keys()
methods.sort()
for system in methods:
text += """<input type="radio" name="login_method" value="%s" %s>%s<br>""" % (system, (user_pref['login_method'] == system and "checked" or ""), system)
output += createhiddenform(action="modifypreferences",
text=text,
confirm=1,
userID=userID,
button="Select")
if confirm in [1, "1"]:
if login_method:
output += """<b><span class="info">The login method has been changed</span></b>"""
else:
output += """<b><span class="info">Nothing to update</span></b>"""
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_editaccount(req, userID, mtype='perform_modifypreferences', content=addadminbox(subtitle, body), callback='yes')
else:
return addadminbox(subtitle, body)
def perform_deleteaccount(req, userID, callback='yes', confirm=0):
"""delete account"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="5"></a>5. Delete account.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
res = run_sql("SELECT id, email, password FROM user WHERE id=%s" % userID)
output = ""
if res:
if confirm in [0, "0"]:
text = '<b><span class="important">Are you sure you want to delete the account with email: "%s"?</span></b>' % res[0][1]
output += createhiddenform(action="deleteaccount",
text=text,
userID=userID,
confirm=1,
button="Delete")
elif confirm in [1, "1"]:
res2 = run_sql("DELETE FROM user WHERE id=%s" % userID)
output += '<b><span class="info">Account deleted.</span></b>'
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_DELETION == 1:
emailsent = sendAccountDeletedMessage(res[0][1], res[0][1])
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_editaccount(req, userID, mtype='perform_deleteaccount', content=addadminbox(subtitle, body), callback='yes')
else:
return addadminbox(subtitle, body)
def perform_rejectaccount(req, userID, email_user_pattern, limit_to, maxpage, page, callback='yes', confirm=0):
"""Delete account and send an email to the owner."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
res = run_sql("SELECT id, email, password, note FROM user WHERE id=%s" % userID)
output = ""
if res:
res2 = run_sql("DELETE FROM user WHERE id=%s" % userID)
output += '<b><span class="info">Account rejected and deleted.</span></b>'
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_DELETION == 1:
if not res[0][3] or res[0][3] == "0":
emailsent = sendAccountRejectedMessage(res[0][1], res[0][1])
elif res[0][3] == "1":
emailsent = sendAccountDeletedMessage(res[0][1], res[0][1])
if emailsent:
output += """<br><b><span class="info">An email has been sent to the owner of the account.</span></b>"""
else:
output += """<br><b><span class="info">Could not send an email to the owner of the account.</span></b>"""
else:
output += '<b><span class="info">The account id given does not exist.</span></b>'
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_modifyaccounts(req, email_user_pattern, limit_to, maxpage, page, content=output, callback='yes')
else:
return addadminbox(subtitle, body)
def perform_modifyaccounts(req, email_user_pattern='', limit_to=-1, maxpage=MAXPAGEUSERS, page=1, content='', callback='yes', confirm=0):
"""Modify default behaviour of a guest user or if new accounts should automatically/manually be modified."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
subtitle = """<a name="4"></a>4. Edit accounts.   <small>[<a title="See guide" href="%s/admin/webaccess/guide.html#4">?</a>]</small>""" % weburl
output = ""
# remove letters not allowed in an email
email_user_pattern = cleanstring_email(email_user_pattern)
try:
maxpage = int(maxpage)
except:
maxpage = MAXPAGEUSERS
try:
page = int(page)
if page < 1:
page = 1
except:
page = 1
text = ' <span class="adminlabel">Email (part of):</span>\n'
text += ' <input class="admin_wvar" type="text" name="email_user_pattern" value="%s" /><br>' % (email_user_pattern, )
text += """<span class="adminlabel">Limit to:</span>
<select name="limit_to" class="admin_w200">
<option value="all" %s>All accounts</option>
<option value="enabled" %s>Active accounts</option>
<option value="disabled" %s>Inactive accounts</option>
</select><br>""" % ((limit_to=="all" and "selected" or ""), (limit_to=="enabled" and "selected" or ""), (limit_to=="disabled" and "selected" or ""))
text += """<span class="adminlabel">Accounts per page:</span>
<select name="maxpage" class="admin_wvar">
<option value="25" %s>25</option>
<option value="50" %s>50</option>
<option value="100" %s>100</option>
<option value="250" %s>250</option>
<option value="500" %s>500</option>
<option value="1000" %s>1000</option>
</select><br>""" % ((maxpage==25 and "selected" or ""), (maxpage==50 and "selected" or ""), (maxpage==100 and "selected" or ""), (maxpage==250 and "selected" or ""), (maxpage==500 and "selected" or ""), (maxpage==1000 and "selected" or ""))
output += createhiddenform(action="modifyaccounts",
text=text,
button="search for accounts")
if limit_to not in [-1, "-1"] and maxpage:
users1 = "SELECT id,email,note FROM user WHERE "
if limit_to == "enabled":
users1 += " email!='' AND note=1"
elif limit_to == "disabled":
users1 += " email!='' AND note=0 OR note IS NULL"
elif limit_to == "guest":
users1 += " email=''"
else:
users1 += " email!=''"
if email_user_pattern:
users1 += " AND email RLIKE '%s'" % (email_user_pattern)
users1 += " ORDER BY email LIMIT %s" % (maxpage * page + 1)
users1 = run_sql(users1)
if not users1:
output += '<b><span class="info">There are no accounts matching the email given.</span></b>'
else:
users = []
if maxpage * (page - 1) > len(users1):
page = len(users1) / maxpage + 1
for (id, email, note) in users1[maxpage * (page - 1):(maxpage * page)]:
users.append(['', id, email, (note=="1" and '<strong class="info">Active</strong>' or '<strong class="important">Inactive</strong>')])
for col in [(((note=="1" and 'Inactivate' or 'Activate'), 'modifyaccountstatus'), ((note == "0" and 'Reject' or 'Delete'), 'rejectaccount'), ),
(('Edit account', 'editaccount'), ),]:
users[-1].append('<a href="%s?userID=%s&email_user_pattern=%s&limit_to=%s&maxpage=%s&page=%s&rand=%s">%s</a>' % (col[0][1], id, email_user_pattern, limit_to, maxpage, page, random.randint(0,1000), col[0][0]))
for (str, function) in col[1:]:
users[-1][-1] += ' / <a href="%s?userID=%s&email_user_pattern=%s&limit_to=%s&maxpage=%s&page=%s&rand=%s">%s</a>' % (function, id, email_user_pattern, limit_to, maxpage, page, random.randint(0,1000), str)
last = ""
next = ""
if len(users1) > maxpage:
if page > 1:
last += '<b><span class="info"><a href="modifyaccounts?email_user_pattern=%s&limit_to=%s&maxpage=%s&page=%s">Last Page</a></span></b>' % (email_user_pattern, limit_to, maxpage, (page - 1))
if len(users1[maxpage * (page - 1):(maxpage * page)]) == maxpage:
next += '<b><span class="info"><a href="modifyaccounts?email_user_pattern=%s&limit_to=%s&maxpage=%s&page=%s">Next page</a></span></b>' % (email_user_pattern, limit_to, maxpage, (page + 1))
output += '<b><span class="info">Showing accounts %s-%s:</span></b>' % (1 + maxpage * (page - 1), maxpage * page)
else:
output += '<b><span class="info">%s matching account(s):</span></b>' % len(users1)
output += tupletotable(header=[last, 'id', 'email', 'Status', '', '',next], tuple=users)
else:
output += '<b><span class="info">Please select which accounts to find and how many to show per page.</span></b>'
if content:
output += "<br>%s" % content
try:
body = [output, extra]
except NameError:
body = [output]
if callback:
return perform_manageaccounts(req, "perform_modifyaccounts", addadminbox(subtitle, body))
else:
return addadminbox(subtitle, body)
def perform_delegate_startarea(req):
"""start area for lower level delegation of rights."""
subtitle = 'select what to do'
output = ''
if is_adminuser(req)[0] == 0:
output += """
<p>
You are also allowed to be in the <a href="../webaccessadmin.py">Main Admin Area</a> which gives you<br>
the access to the full functionality of WebAccess.
</p>
"""
output += """
<dl>
<dt><a href="delegate_adduserrole">Connect users to roles</a></dt>
<dd>add users to the roles you have delegation rights to.</dd>
<dt><a href="delegate_deleteuserrole">Remove users from roles</a></dt>
<dd>remove users from the roles you have delegation rights to.</dd>
</dl>
<dl>
<dt><a href="delegate_adminsetup">Set up delegation rights</a></dt>
<dd>spesialized area to set up the delegation rights used in the areas above. <br>
you need to be a web administrator to access the area.</dd>
</dl>
"""
return index(req=req,
title='Delegate Rights',
subtitle=subtitle,
body=[output],
adminarea=0,
authorized=1)
def perform_delegate_adminsetup(req, id_role_admin=0, id_role_delegate=0, confirm=0):
"""lets the webadmins set up the delegation rights for the other roles
id_role_admin - the role to be given delegation rights
id_role_delegate - the role over which the delegation rights are given
confirm - make the connection happen """
subtitle = 'step 1 - select admin role'
admin_roles = acca.acc_getAllRoles()
output = """
<p>
This is a specialized area to handle a task that also can be handled<br>
from the "add authorization" interface.
</p>
<p>
By handling the delegation rights here you get the advantage of<br>
not having to select the correct action <i>(%s)</i> or<br>
remembering the names of available roles.
</p>
""" % (DELEGATEADDUSERROLE, )
output += createroleselect(id_role=id_role_admin,
step=1,
button='select admin role',
name='id_role_admin',
action='delegate_adminsetup',
roles=admin_roles)
if str(id_role_admin) != '0':
subtitle = 'step 2 - select delegate role'
name_role_admin = acca.acc_getRoleName(id_role=id_role_admin)
delegate_roles_old = acca.acc_find_delegated_roles(id_role_admin=id_role_admin)
delegate_roles = []
delegate_roles_old_names = []
for role in admin_roles:
if (role,) not in delegate_roles_old:
delegate_roles.append(role)
else:
delegate_roles_old_names.append(role[1])
if delegate_roles_old_names:
delegate_roles_old_names.sort()
names_str = ''
for name in delegate_roles_old_names:
if names_str: names_str += ', '
names_str += name
output += '<p>previously selected roles: <strong>%s</strong>.</p>' % (names_str, )
extra = """
<dl>
<dt><a href="modifyauthorizations?id_role=%s&id_action=%s">Remove delegated roles</a></dt>
<dd>use the standard administration area to remove delegation rights
you no longer want to be available.</dd>
</dl>
""" % (id_role_admin, acca.acc_getActionId(name_action=DELEGATEADDUSERROLE))
else:
output += '<p>no previously selected roles.</p>'
output += createroleselect(id_role=id_role_delegate,
step=2,
button='select delegate role',
name='id_role_delegate',
action='delegate_adminsetup',
roles=delegate_roles,
id_role_admin=id_role_admin)
if str(id_role_delegate) != '0':
subtitle = 'step 3 - confirm to add delegation right'
name_role_delegate = acca.acc_getRoleName(id_role=id_role_delegate)
output += """
<p>
<span class="warning"><strong>Warning:</strong> don't hand out delegation rights that can harm the system (e.g. delegating superrole).</span>
</p> """
output += createhiddenform(action="delegate_adminsetup",
text='let role <strong>%s</strong> delegate rights over role <strong>%s</strong>?' % (name_role_admin, name_role_delegate),
id_role_admin=id_role_admin,
id_role_delegate=id_role_delegate,
confirm=1)
if int(confirm):
subtitle = 'step 4 - confirm delegation right added'
# res1 = acca.acc_addRoleActionArguments_names(name_role=name_role_admin,
# name_action=DELEGATEADDUSERROLE,
# arglistid=-1,
# optional=0,
# role=name_role_delegate)
res1 = acca.acc_addAuthorization(name_role=name_role_admin,
name_action=DELEGATEADDUSERROLE,
optional=0,
role=name_role_delegate)
if res1:
output += '<p>confirm: role <strong>%s</strong> delegates role <strong>%s</strong>.' % (name_role_admin, name_role_delegate)
else: output += '<p>sorry, delegation right could not be added,<br>it probably already exists.</p>'
# see if right hand menu is available
try: body = [output, extra]
except NameError: body = [output]
return index(req=req,
title='Delegate Rights',
subtitle=subtitle,
body=body,
adminarea=1)
def perform_delegate_adduserrole(req, id_role=0, email_user_pattern='', id_user=0, confirm=0):
"""let a lower level web admin add users to a limited set of roles.
id_role - the role to connect to a user
id_user - the user to connect to a role
confirm - make the connection happen """
# finding the allowed roles for this user
id_admin = getUid(req)
id_action = acca.acc_getActionId(name_action=DELEGATEADDUSERROLE)
actions = acca.acc_findPossibleActionsUser(id_user=id_admin, id_action=id_action)
allowed_roles = []
allowed_id_roles = []
for (id, arglistid, name_role_help) in actions[1:]:
id_role_help = acca.acc_getRoleId(name_role=name_role_help)
if id_role_help and [id_role_help, name_role_help, ''] not in allowed_roles:
allowed_roles.append([id_role_help, name_role_help, ''])
allowed_id_roles.append(str(id_role_help))
output = ''
if not allowed_roles:
subtitle = 'no delegation rights'
output += """
<p>
You do not have the delegation rights over any roles.<br>
If you think you should have such rights, contact a WebAccess Administrator.
</p>"""
extra = ''
else:
subtitle = 'step 1 - select role'
output += """
<p>
Lower level delegation of access rights to roles.<br>
An administrator with all rights have to give you these rights.
</p>"""
email_out = acca.acc_getUserEmail(id_user=id_user)
name_role = acca.acc_getRoleName(id_role=id_role)
output += createroleselect(id_role=id_role, step=1, name='id_role',
action='delegate_adduserrole', roles=allowed_roles)
if str(id_role) != '0' and str(id_role) in allowed_id_roles:
subtitle = 'step 2 - search for users'
# remove letters not allowed in an email
email_user_pattern = cleanstring_email(email_user_pattern)
text = ' <span class="adminlabel">2. search for user </span>\n'
text += ' <input class="admin_wvar" type="text" name="email_user_pattern" value="%s" />\n' % (email_user_pattern, )
output += createhiddenform(action="delegate_adduserrole",
text=text,
button="search for users",
id_role=id_role)
# pattern is entered
if email_user_pattern:
# users with matching email-address
users1 = run_sql("""SELECT id, email FROM user WHERE email RLIKE '%s' ORDER BY email """ % (email_user_pattern, ))
# users that are connected
users2 = run_sql("""SELECT DISTINCT u.id, u.email
FROM user u LEFT JOIN user_accROLE ur ON u.id = ur.id_user
WHERE ur.id_accROLE = '%s' AND u.email RLIKE '%s'
ORDER BY u.email """ % (id_role, email_user_pattern))
# no users that match the pattern
if not (users1 or users2):
output += '<p>no qualified users, try new search.</p>'
# too many matching users
elif len(users1) > MAXSELECTUSERS:
output += '<p><strong>%s hits</strong>, too many qualified users, specify more narrow search. (limit %s)</p>' % (len(users1), MAXSELECTUSERS)
# show matching users
else:
subtitle = 'step 3 - select a user'
users = []
extrausers = []
for (id, email) in users1:
if (id, email) not in users2: users.append([id,email,''])
for (id, email) in users2:
extrausers.append([-id, email,''])
output += createuserselect(id_user=id_user,
action="delegate_adduserrole",
step=3,
users=users,
extrausers=extrausers,
button="add this user",
id_role=id_role,
email_user_pattern=email_user_pattern)
try: id_user = int(id_user)
except ValueError: pass
# user selected already connected to role
if id_user < 0:
output += '<p>users in brackets are already attached to the role, try another one...</p>'
# a user is selected
elif email_out:
subtitle = "step 4 - confirm to add user"
output += createhiddenform(action="delegate_adduserrole",
text='add user <strong>%s</strong> to role <strong>%s</strong>?' % (email_out, name_role),
id_role=id_role,
email_user_pattern=email_user_pattern,
id_user=id_user,
confirm=1)
# it is confirmed that this user should be added
if confirm:
# add user
result = acca.acc_addUserRole(id_user=id_user, id_role=id_role)
if result and result[2]:
subtitle = 'step 5 - confirm user added'
output += '<p>confirm: user <strong>%s</strong> added to role <strong>%s</strong>.</p>' % (email_out, name_role)
else:
subtitle = 'step 5 - user could not be added'
output += '<p>sorry, but user could not be added.</p>'
extra = """
<dl>
<dt><a href="delegate_deleteuserrole?id_role=%s">Remove users from role</a></dt>
<dd>remove users from the roles you have delegating rights to.</dd>
</dl>
""" % (id_role, )
return index(req=req,
title='Connect users to roles',
subtitle=subtitle,
body=[output, extra],
adminarea=1,
authorized=1)
def perform_delegate_deleteuserrole(req, id_role=0, id_user=0, confirm=0):
"""let a lower level web admin remove users from a limited set of roles.
id_role - the role to connect to a user
id_user - the user to connect to a role
confirm - make the connection happen """
subtitle = 'in progress...'
output = '<p>in progress...</p>'
# finding the allowed roles for this user
id_admin = getUid(req)
id_action = acca.acc_getActionId(name_action=DELEGATEADDUSERROLE)
actions = acca.acc_findPossibleActionsUser(id_user=id_admin, id_action=id_action)
output = ''
if not actions:
subtitle = 'no delegation rights'
output += """
<p>
You do not have the delegation rights over any roles.<br>
If you think you should have such rights, contact a WebAccess Administrator.
</p>"""
extra = ''
else:
subtitle = 'step 1 - select role'
output += """
<p>
Lower level delegation of access rights to roles.<br>
An administrator with all rights have to give you these rights.
</p>"""
email_out = acca.acc_getUserEmail(id_user=id_user)
name_role = acca.acc_getRoleName(id_role=id_role)
# create list of allowed roles
allowed_roles = []
allowed_id_roles = []
for (id, arglistid, name_role_help) in actions[1:]:
id_role_help = acca.acc_getRoleId(name_role=name_role_help)
if id_role_help and [id_role_help, name_role_help, ''] not in allowed_roles:
allowed_roles.append([id_role_help, name_role_help, ''])
allowed_id_roles.append(str(id_role_help))
output += createroleselect(id_role=id_role, step=1,
action='delegate_deleteuserrole', roles=allowed_roles)
if str(id_role) != '0' and str(id_role) in allowed_id_roles:
subtitle = 'step 2 - select user'
users = acca.acc_getRoleUsers(id_role)
output += createuserselect(id_user=id_user,
step=2,
action='delegate_deleteuserrole',
users=users,
id_role=id_role)
if str(id_user) != '0':
subtitle = 'step 3 - confirm delete of user'
email_user = acca.acc_getUserEmail(id_user=id_user)
output += createhiddenform(action="delegate_deleteuserrole",
text='delete user %s from %s?'
% (headerstrong(user=id_user), headerstrong(role=id_role)),
id_role=id_role,
id_user=id_user,
confirm=1)
if confirm:
res = acca.acc_deleteUserRole(id_user=id_user, id_role=id_role)
if res:
subtitle = 'step 4 - confirm user deleted from role'
output += '<p>confirm: deleted user <strong>%s</strong> from role <strong>%s</strong>.</p>' % (email_user, name_role)
else:
subtitle = 'step 4 - user could not be deleted'
output += 'sorry, but user could not be deleted<br>user is probably already deleted.'
extra = """
<dl>
<dt><a href="delegate_adduserrole?id_role=%s">Connect users to role</a></dt>
<dd>add users to the roles you have delegating rights to.</dd>
</dl>
""" % (id_role, )
return index(req=req,
title='Remove users from roles',
subtitle=subtitle,
body=[output, extra],
adminarea=1,
authorized=1)
def perform_addaction(req, name_action='', arguments='', optional='no', description='put description here.', confirm=0):
"""form to add a new action with these values:
name_action - name of the new action
arguments - allowedkeywords, separated by whitespace
description - optional description of the action"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
name_action = cleanstring(name_action)
arguments = cleanstring(arguments, comma=1)
title = 'Add Action'
subtitle = 'step 1 - give values to the requested fields'
output = """
<form action="addaction" method="POST">
<span class="adminlabel">action name </span>
<input class="admin_wvar" type="text" name="name_action" value="%s" /> <br>
<span class="adminlabel">arguments </span>
<input class="admin_wvar" type="text" name="arguments" value="%s" />
<small>keywords for arguments, separate with comma, no whitespace.</small> <br>
<span class="adminlabel">optional arguments</span>
<select name="optional" class="admin_w200">
<option value="no" selected="selected">no, not allowed</option>
<option value="yes" %s>yes, allowed</option>
</select><br>
<span class="adminlabel">description </span>
<textarea class="admin_wvar" rows="6" cols="30" name="description">%s</textarea>
<input class="adminbutton" type="submit" value="add action" />
</form>
""" % (name_action, arguments, optional == 'yes' and 'selected="selected"' or '', description)
if name_action:
# description must be changed before it is submitted
if description == 'put description here.': internaldesc = ''
else: internaldesc = description
if arguments:
subtitle = 'step 2 - confirm to add action with %s arguments' % (optional == 'yes' and 'optional' or '', )
arguments = arguments.replace(' ', '')
text = 'add action with: <br>\n'
text += 'name: <strong>%s</strong><br>\n' % (name_action, )
if internaldesc:
text += 'description: <strong>%s</strong><br>\n' % (description, )
text += '%sarguments: <strong>%s</strong><br>' % (optional == 'yes' and 'optional ' or '', arguments)
text += 'optional: <strong>%s</strong>?' % (optional, )
else:
optional = 'no'
subtitle = 'step 2 - confirm to add action without arguments'
text = 'add action <strong>%s</strong> without arguments' % (name_action, )
if internaldesc: text += '<br>\nand description: <strong>%s</strong>?\n' % (description, )
else: text += '?\n'
output += createhiddenform(action="addaction",
text=text,
name_action=name_action,
arguments=arguments,
optional=optional,
description=description,
confirm=1)
if confirm not in ["0", 0]:
arguments = arguments.split(',')
result = acca.acc_addAction(name_action,
internaldesc,
optional,
*arguments)
if result:
subtitle = 'step 3 - action added'
output += '<p>action added:</p>'
output += tupletotable(header=['id', 'action name', 'description', 'allowedkeywords', 'optional'],
tuple=[result])
else:
subtitle = 'step 3 - action could not be added'
output += '<p>sorry, could not add action, <br>action with the same name probably exists.</p>'
extra = """
<dl>
<dt><a href="addauthorization?id_action=%s&reverse=1">Add authorization</a></dt>
<dd>start adding new authorizations to action %s.</dd>
</dl> """ % (acca.acc_getActionId(name_action=name_action), name_action)
try: body = [output, extra]
except NameError: body = [output]
return index(req=req,
title=title,
body=body,
subtitle=subtitle,
adminarea=4)
def perform_deleteaction(req, id_action="0", confirm=0):
"""show all roles connected, and ask for confirmation.
id_action - id of action to delete """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
title='Delete action'
subtitle='step 1 - select action to delete'
name_action = acca.acc_getActionName(id_action=id_action)
output = createactionselect(id_action=id_action,
action="deleteaction",
step=1,
actions=acca.acc_getAllActions(),
button="delete action")
if id_action != "0" and name_action:
subtitle = 'step 2 - confirm the delete'
output += actiondetails(id_action=id_action)
if acca.acc_getActionRoles(id_action=id_action):
output += createhiddenform(action="deleteroleaction",
text="""rather delete only connection between action %s
and a selected role?""" % (name_action, ),
id_action=id_action,
reverse=1,
button='go there')
output += createhiddenform(action="deleteaction",
text=' delete action <strong>%s</strong> and all connections?' % (name_action, ),
confirm=1,
id_action=id_action)
if confirm:
subtitle = 'step 3 - confirm delete of action'
res = acca.acc_deleteAction(id_action=id_action)
if res:
output += '<p>confirm: action <strong>%s</strong> deleted.<br>\n' % (name_action, )
output += '%s entries deleted all in all.</p>\n' % (res, )
else:
output += '<p>sorry, action could not be deleted.</p>\n'
elif id_action != "0":
output += '<p>the action has been deleted...</p>'
return index(req=req,
title=title,
subtitle=subtitle,
body=[output],
adminarea=4)
def perform_showactiondetails(req, id_action):
"""show the details of an action. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
output = createactionselect(id_action=id_action,
action="showactiondetails",
step=1,
actions=acca.acc_getAllActions(),
button="select action")
if id_action not in [0, '0']:
output += actiondetails(id_action=id_action)
extra = """
<dl>
<dt><a href="addauthorization?id_action=%s&reverse=1">Add new authorization</a></dt>
<dd>add an authorization.</dd>
<dt><a href="modifyauthorizations?id_action=%s&reverse=1">Modify authorizations</a></dt>
<dd>modify existing authorizations.</dd>
<dt><a href="deleteroleaction?id_action=%s&reverse=1">Remove role</a></dt>
<dd>remove all authorizations from action and a role.</dd>
</dl>
""" % (id_action, id_action, id_action)
body = [output, extra]
else:
output += '<p>no details to show</p>'
body = [output]
return index(req=req,
title='Show Action Details',
subtitle='show action details',
body=body,
adminarea=4)
def actiondetails(id_action=0):
"""show details of given action. """
output = ''
if id_action not in [0, '0']:
name_action = acca.acc_getActionName(id_action=id_action)
output += '<p>action details:</p>'
output += tupletotable(header=['id', 'name', 'description', 'allowedkeywords', 'optional'],
tuple=[acca.acc_getActionDetails(id_action=id_action)])
roleshlp = acca.acc_getActionRoles(id_action=id_action)
if roleshlp:
roles = []
for (id, name, dontcare) in roleshlp:
roles.append([id, name,
'<a href="simpleauthorization?id_role=%s&id_action=%s">show authorization details</a>'
% (id, id_action),
'<a href="showroleusers?id_role=%s">show connected users</a>' % (id, )])
roletable = tupletotable(header=['id', 'name', '', ''], tuple=roles)
output += '<p>roles connected to %s:</p>\n' % (headerstrong(action=name_action, query=0), )
output += roletable
else:
output += '<p>no roles connected to %s.</p>\n' % (headerstrong(action=name_action, query=0), )
else:
output += '<p>no details to show</p>'
return output
def perform_addrole(req, name_role='', description='put description here.', confirm=0):
"""form to add a new role with these values:
name_role - name of the new role
description - optional description of the role """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
name_role = cleanstring(name_role)
title='Add Role'
subtitle = 'step 1 - give values to the requested fields'
output = """
<form action="addrole" method="POST">
<span class="adminlabel">role name </span>
<input class="admin_wvar" type="text" name="name_role" value="%s" /> <br>
<span class="adminlabel">description </span>
<textarea class="admin_wvar" rows="6" cols="30" name="description">%s</textarea>
<input class="adminbutton" type="submit" value="add role" />
</form>
""" % (name_role, description)
if name_role:
# description must be changed before submitting
subtitle = 'step 2 - confirm to add role'
internaldesc = ''
if description != 'put description here.':
internaldesc = description
text = """
add role with: <br>\n
name: <strong>%s</strong> <br>""" % (name_role, )
if internaldesc:
text += 'description: <strong>%s</strong>?\n' % (description, )
output += createhiddenform(action="addrole",
text=text,
name_role=name_role,
description=description,
confirm=1)
if confirm not in ["0", 0]:
result = acca.acc_addRole(name_role=name_role,
description=internaldesc)
if result:
subtitle = 'step 3 - role added'
output += '<p>role added: </p>'
output += tupletotable(header=['id', 'action name', 'description', 'allowedkeywords'],
tuple=[result])
else:
subtitle = 'step 3 - role could not be added'
output += '<p>sorry, could not add role, <br>role with the same name probably exists.</p>'
id_role = acca.acc_getRoleId(name_role=name_role)
extra = """
<dl>
<dt><a href="addauthorization?id_role=%s">Add authorization</a></dt>
<dd>start adding new authorizations to role %s.</dd>
</dl>
<dt><a href="adduserrole?id_role=%s">Connect user</a></dt>
<dd>connect a user to role %s.</dd>
<dl>
</dl>""" % (id_role, name_role, id_role, name_role)
try: body = [output, extra]
except NameError: body = [output]
return index(req=req,
title=title,
body=body,
subtitle=subtitle,
adminarea=3)
def perform_deleterole(req, id_role="0", confirm=0):
"""select a role and show all connected information,
users - users that can access the role.
actions - actions with possible authorizations."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
title = 'Delete role'
subtitle = 'step 1 - select role to delete'
name_role = acca.acc_getRoleName(id_role=id_role)
output = createroleselect(id_role=id_role,
action="deleterole",
step=1,
roles=acca.acc_getAllRoles(),
button="delete role")
if id_role != "0" and name_role:
subtitle = 'step 2 - confirm delete of role'
output += roledetails(id_role=id_role)
output += createhiddenform(action="deleterole",
text='delete role <strong>%s</strong> and all connections?' % (name_role, ),
id_role=id_role,
confirm=1)
if confirm:
res = acca.acc_deleteRole(id_role=id_role)
subtitle = 'step 3 - confirm role deleted'
if res:
output += "<p>confirm: role <strong>%s</strong> deleted.<br>" % (name_role, )
output += "<strong>%s</strong> entries were removed.</p>" % (res, )
else:
output += "<p>sorry, the role could not be deleted.</p>"
elif id_role != "0":
output += '<p>the role has been deleted...</p>'
return index(req=req,
title=title,
subtitle=subtitle,
body=[output],
adminarea=3)
def perform_showroledetails(req, id_role):
"""show the details of a role."""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
output = createroleselect(id_role=id_role,
action="showroledetails",
step=1,
roles=acca.acc_getAllRoles(),
button="select role")
if id_role not in [0, '0']:
name_role = acca.acc_getRoleName(id_role=id_role)
output += roledetails(id_role=id_role)
extra = """
<dl>
<dt><a href="addauthorization?id_role=%s">Add new authorization</a></dt>
<dd>add an authorization.</dd>
<dt><a href="modifyauthorizations?id_role=%s">Modify authorizations</a></dt>
<dd>modify existing authorizations.</dd>
</dl>
<dl>
<dt><a href="adduserrole?id_role=%s">Connect user</a></dt>
<dd>connect a user to role %s.</dd>
<dt><a href="deleteuserrole?id_role=%s">Remove user</a></dt>
<dd>remove a user from role %s.</dd>
</dl>
""" % (id_role, id_role, id_role, name_role, id_role, name_role)
body = [output, extra]
else:
output += '<p>no details to show</p>'
body = [output]
return index(req=req,
title='Show Role Details',
subtitle='show role details',
body=body,
adminarea=3)
def roledetails(id_role=0):
"""create the string to show details about a role. """
name_role = acca.acc_getRoleName(id_role=id_role)
usershlp = acca.acc_getRoleUsers(id_role)
users = []
for (id, email, dontcare) in usershlp:
users.append([id, email, '<a href="showuserdetails?id_user=%s">show user details</a>' % (id, )])
usertable = tupletotable(header=['id', 'email'], tuple=users)
actionshlp = acca.acc_getRoleActions(id_role)
actions = []
for (id, name, dontcare) in actionshlp:
actions.append([id, name,
'<a href="showactiondetails?id_role=%s&id_action=%s">show action details</a>' % (id_role, id),
'<a href="simpleauthorization?id_role=%s&id_action=%s">show authorization details</a>' % (id_role, id)])
actiontable = tupletotable(header=['id', 'name', '', ''], tuple=actions)
# show role details
details = '<p>role details:</p>'
details += tupletotable(header=['id', 'name', 'description'],
tuple=[acca.acc_getRoleDetails(id_role=id_role)])
# show connected users
details += '<p>users connected to %s:</p>' % (headerstrong(role=name_role, query=0), )
if users:
details += usertable
else:
details += '<p>no users connected.</p>'
# show connected authorizations
details += '<p>authorizations for %s:</p>' % (headerstrong(role=name_role, query=0), )
if actions:
details += actiontable
else:
details += '<p>no authorizations connected</p>'
return details
def perform_adduserrole(req, id_role='0', email_user_pattern='', id_user='0', confirm=0):
"""create connection between user and role.
id_role - id of the role to add user to
email_user_pattern - search for users using this pattern
id_user - id of user to add to the role. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
email_out = acca.acc_getUserEmail(id_user=id_user)
name_role = acca.acc_getRoleName(id_role=id_role)
title = 'Connect user to role '
subtitle = 'step 1 - select a role'
output = createroleselect(id_role=id_role,
action="adduserrole",
step=1,
roles=acca.acc_getAllRoles())
# role is selected
if id_role != "0":
title += name_role
subtitle = 'step 2 - search for users'
# remove letters not allowed in an email
email_user_pattern = cleanstring_email(email_user_pattern)
text = ' <span class="adminlabel">2. search for user </span>\n'
text += ' <input class="admin_wvar" type="text" name="email_user_pattern" value="%s" />\n' % (email_user_pattern, )
output += createhiddenform(action="adduserrole",
text=text,
button="search for users",
id_role=id_role)
# pattern is entered
if email_user_pattern:
# users with matching email-address
users1 = run_sql("""SELECT id, email FROM user WHERE email RLIKE '%s' ORDER BY email """ % (email_user_pattern, ))
# users that are connected
users2 = run_sql("""SELECT DISTINCT u.id, u.email
FROM user u LEFT JOIN user_accROLE ur ON u.id = ur.id_user
WHERE ur.id_accROLE = '%s' AND u.email RLIKE '%s'
ORDER BY u.email """ % (id_role, email_user_pattern))
# no users that match the pattern
if not (users1 or users2):
output += '<p>no qualified users, try new search.</p>'
elif len(users1) > MAXSELECTUSERS:
output += '<p><strong>%s hits</strong>, too many qualified users, specify more narrow search. (limit %s)</p>' % (len(users1), MAXSELECTUSERS)
# show matching users
else:
subtitle = 'step 3 - select a user'
users = []
extrausers = []
for (id, email) in users1:
if (id, email) not in users2: users.append([id,email,''])
for (id, email) in users2:
extrausers.append([-id, email,''])
output += createuserselect(id_user=id_user,
action="adduserrole",
step=3,
users=users,
extrausers=extrausers,
button="add this user",
id_role=id_role,
email_user_pattern=email_user_pattern)
try: id_user = int(id_user)
except ValueError: pass
# user selected already connected to role
if id_user < 0:
output += '<p>users in brackets are already attached to the role, try another one...</p>'
# a user is selected
elif email_out:
subtitle = "step 4 - confirm to add user"
output += createhiddenform(action="adduserrole",
text='add user <strong>%s</strong> to role <strong>%s</strong>?' % (email_out, name_role),
id_role=id_role,
email_user_pattern=email_user_pattern,
id_user=id_user,
confirm=1)
# it is confirmed that this user should be added
if confirm:
# add user
result = acca.acc_addUserRole(id_user=id_user, id_role=id_role)
if result and result[2]:
subtitle = 'step 5 - confirm user added'
output += '<p>confirm: user <strong>%s</strong> added to role <strong>%s</strong>.</p>' % (email_out, name_role)
else:
subtitle = 'step 5 - user could not be added'
output += '<p>sorry, but user could not be added.</p>'
extra = """
<dl>
<dt><a href="addrole">Create new role</a></dt>
<dd>go here to add a new role.</dd>
</dl>
"""
if str(id_role) != "0":
extra += """
<dl>
<dt><a href="deleteuserrole?id_role=%s">Remove users</a></dt>
<dd>remove users from role %s.</dd>
<dt><a href="showroleusers?id_role=%s">Connected users</a></dt>
<dd>show all users connected to role %s.</dd>
</dl>
<dl>
<dt><a href="addauthorization?id_role=%s">Add authorization</a></dt>
<dd>start adding new authorizations to role %s.</dd>
</dl>
""" % (id_role, name_role, id_role, name_role, id_role, name_role)
return index(req=req,
title=title,
subtitle=subtitle,
body=[output, extra],
adminarea=3)
def perform_addroleuser(req, email_user_pattern='', id_user='0', id_role='0', confirm=0):
"""delete connection between role and user.
id_role - id of role to disconnect
id_user - id of user to disconnect. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
email_out = acca.acc_getUserEmail(id_user=id_user)
name_role = acca.acc_getRoleName(id_role=id_role)
# used to sort roles, and also to determine right side links
con_roles = []
not_roles = []
title = 'Connect user to roles'
subtitle = 'step 1 - search for users'
# clean email search string
email_user_pattern = cleanstring_email(email_user_pattern)
text = ' <span class="adminlabel">1. search for user </span>\n'
text += ' <input class="admin_wvar" type="text" name="email_user_pattern" value="%s" />\n' % (email_user_pattern, )
output = createhiddenform(action='addroleuser',
text=text,
button='search for users',
id_role=id_role)
if email_user_pattern:
subtitle = 'step 2 - select user'
users1 = run_sql("""SELECT id, email FROM user WHERE email RLIKE '%s' ORDER BY email """ % (email_user_pattern, ))
users = []
for (id, email) in users1: users.append([id, email, ''])
# no users
if not users:
output += '<p>no qualified users, try new search.</p>'
# too many users
elif len(users) > MAXSELECTUSERS:
output += '<p><strong>%s hits</strong>, too many qualified users, specify more narrow search. (limit %s)</p>' % (len(users), MAXSELECTUSERS)
# ok number of users
else:
output += createuserselect(id_user=id_user,
action='addroleuser',
step=2,
users=users,
button='select user',
email_user_pattern=email_user_pattern)
if int(id_user):
subtitle = 'step 3 - select role'
# roles the user is connected to
role_ids = acca.acc_getUserRoles(id_user=id_user)
# all the roles, lists are sorted on the background of these...
all_roles = acca.acc_getAllRoles()
# sort the roles in connected and not connected roles
for (id, name, description) in all_roles:
if (id, ) in role_ids: con_roles.append([-id, name, description])
else: not_roles.append([id, name, description])
# create roleselect
output += createroleselect(id_role=id_role,
action='addroleuser',
step=3,
roles=not_roles,
extraroles=con_roles,
extrastamp='(connected)',
button='add this role',
email_user_pattern=email_user_pattern,
id_user=id_user)
if int(id_role) < 0:
name_role = acca.acc_getRoleName(id_role=-int(id_role))
output += '<p>role %s already connected to the user, try another one...<p>' % (name_role, )
elif int(id_role):
subtitle = 'step 4 - confirm to add role to user'
output += createhiddenform(action='addroleuser',
text='add role <strong>%s</strong> to user <strong>%s</strong>?' % (name_role, email_out),
email_user_pattern=email_user_pattern,
id_user=id_user,
id_role=id_role,
confirm=1)
if confirm:
# add role
result = acca.acc_addUserRole(id_user=id_user, id_role=id_role)
if result and result[2]:
subtitle = 'step 5 - confirm role added'
output += '<p>confirm: role <strong>%s</strong> added to user <strong>%s</strong>.</p>' % (name_role, email_out)
else:
subtitle = 'step 5 - role could not be added'
output += '<p>sorry, but role could not be added</p>'
extra = """
<dl>
<dt><a href="addrole">Create new role</a></dt>
<dd>go here to add a new role.</dd>
"""
if int(id_user) and con_roles:
extra += """
</dl>
<dl>
<dt><a href="deleteuserrole?id_user=%s&reverse=1">Remove roles</a></dt>
<dd>disconnect roles from user %s.</dd>
</dl>
""" % (id_user, email_out)
if int(id_role):
if int(id_role) < 0: id_role = -int(id_role)
extra += """
<dl>
<dt><a href="deleteuserrole?id_role=%s">Remove users</a></dt>
<dd>disconnect users from role %s.<dd>
</dl>
""" % (id_role, name_role)
return index(req=req,
title=title,
subtitle=subtitle,
body=[output, extra],
adminarea=5)
def perform_deleteuserrole(req, id_role='0', id_user='0', reverse=0, confirm=0):
"""delete connection between role and user.
id_role - id of role to disconnect
id_user - id of user to disconnect. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
title = 'Remove user from role'
email_user = acca.acc_getUserEmail(id_user=id_user)
name_role = acca.acc_getRoleName(id_role=id_role)
output = ''
if reverse in [0, '0']:
adminarea = 3
subtitle = 'step 1 - select the role'
output += createroleselect(id_role=id_role,
action="deleteuserrole",
step=1,
roles=acca.acc_getAllRoles())
if id_role != "0":
subtitle = 'step 2 - select the user'
output += createuserselect(id_user=id_user,
action="deleteuserrole",
step=2,
users=acca.acc_getRoleUsers(id_role=id_role),
id_role=id_role)
else:
adminarea = 5
# show only if user is connected to a role, get users connected to roles
users = run_sql("""SELECT DISTINCT(u.id), u.email, u.note
FROM user u LEFT JOIN user_accROLE ur
ON u.id = ur.id_user
WHERE ur.id_accROLE != 'NULL' AND u.email != ''
ORDER BY u.email """)
has_roles = 1
# check if the user is connected to any roles
for (id, email, note) in users:
if str(id) == str(id_user): break
# user not connected to a role
else:
subtitle = 'step 1 - user not connected'
output += '<p>no need to remove roles from user <strong>%s</strong>,<br>user is not connected to any roles.</p>' % (email_user, )
has_roles, id_user = 0, '0' # stop the rest of the output below...
# user connected to roles
if has_roles:
output += createuserselect(id_user=id_user,
action="deleteuserrole",
step=1,
users=users,
reverse=reverse)
if id_user != "0":
subtitle = 'step 2 - select the role'
role_ids = acca.acc_getUserRoles(id_user=id_user)
all_roles = acca.acc_getAllRoles()
roles = []
for (id, name, desc) in all_roles:
if (id, ) in role_ids: roles.append([id, name, desc])
output += createroleselect(id_role=id_role,
action="deleteuserrole",
step=2,
roles=roles,
id_user=id_user,
reverse=reverse)
if id_role != '0' and id_user != '0':
subtitle = 'step 3 - confirm delete of user'
output += createhiddenform(action="deleteuserrole",
text='delete user %s from %s?' % (headerstrong(user=id_user), headerstrong(role=id_role)),
id_role=id_role,
id_user=id_user,
reverse=reverse,
confirm=1)
if confirm:
res = acca.acc_deleteUserRole(id_user=id_user, id_role=id_role)
if res:
subtitle = 'step 4 - confirm delete of user'
output += '<p>confirm: deleted user <strong>%s</strong> from role <strong>%s</strong>.</p>' % (email_user, name_role)
else:
subtitle = 'step 4 - user could not be deleted'
output += 'sorry, but user could not be deleted<br>user is probably already deleted.'
extra = ''
if str(id_role) != "0":
extra += """
<dl>
<dt><a href="adduserrole?id_role=%s">Connect user</a></dt>
<dd>add users to role %s.</dd>
""" % (id_role, name_role)
if int(reverse):
extra += """
<dt><a href="deleteuserrole?id_role=%s">Remove user</a></dt>
<dd>remove users from role %s.</dd> """ % (id_role, name_role)
extra += '</dl>'
if str(id_user) != "0":
extra += """
<dl>
<dt><a href="addroleuser?email_user_pattern=%s&id_user=%s">Connect role</a></dt>
<dd>add roles to user %s.</dd>
""" % (email_user, id_user, email_user)
if not int(reverse):
extra += """
<dt><a href="deleteuserrole?id_user=%s&email_user_pattern=%s&reverse=1">Remove role</a></dt>
<dd>remove roles from user %s.</dd> """ % (id_user, email_user, email_user)
extra += '</dl>'
if extra: body = [output, extra]
else: body = [output]
return index(req=req,
title=title,
subtitle=subtitle,
body=body,
adminarea=adminarea)
def perform_showuserdetails(req, id_user=0):
"""show the details of a user. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
if id_user not in [0, '0']:
output = userdetails(id_user=id_user)
email_user = acca.acc_getUserEmail(id_user=id_user)
extra = """
<dl>
<dt><a href="addroleuser?id_user=%s&email_user_pattern=%s">Connect role</a></dt>
<dd>connect a role to user %s.</dd>
<dt><a href="deleteuserrole?id_user=%s&reverse=1">Remove role</a></dt>
<dd>remove a role from user %s.</dd>
</dl>
""" % (id_user, email_user, email_user, id_user, email_user)
body = [output, extra]
else:
body = ['<p>no details to show</p>']
return index(req=req,
title='Show User Details',
subtitle='show user details',
body=body,
adminarea=5)
def userdetails(id_user=0):
"""create the string to show details about a user. """
# find necessary details
email_user = acca.acc_getUserEmail(id_user=id_user)
userroles = acca.acc_getUserRoles(id_user=id_user)
conn_roles = []
# find connected roles
for (id, name, desc) in acca.acc_getAllRoles():
if (id, ) in userroles:
conn_roles.append([id, name, desc])
conn_roles[-1].append('<a href="showroledetails?id_role=%s">show details</a>' % (id, ))
if conn_roles:
# print details
details = '<p>roles connected to user <strong>%s</strong></p>' % (email_user, )
details += tupletotable(header=['id', 'name', 'description', ''], tuple=conn_roles)
else:
details = '<p>no roles connected to user <strong>%s</strong>.</p>' % (email_user, )
return details
def perform_addauthorization(req, id_role="0", id_action="0", optional=0, reverse="0", confirm=0, **keywords):
""" form to add new connection between user and role:
id_role - role to connect
id_action - action to connect
reverse - role or action first? """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
# values that might get used
name_role = acca.acc_getRoleName(id_role=id_role) or id_role
name_action = acca.acc_getActionName(id_action=id_action) or id_action
optional = optional == 'on' and 1 or int(optional)
extra = """
<dl>
<dt><a href="addrole">Create new role</a></dt>
<dd>go here to add a new role.</dd>
<dt><a href="addaction">Create new action</a></dt>
<dd>go here to add a new action.</dd>
</dl>
"""
# create the page according to which step the user is on
# role -> action -> arguments
if reverse in ["0", 0]:
adminarea = 3
subtitle = 'step 1 - select role'
output = createroleselect(id_role=id_role,
action="addauthorization",
step=1,
roles=acca.acc_getAllRoles(),
reverse=reverse)
if str(id_role) != "0":
subtitle = 'step 2 - select action'
rolacts = acca.acc_getRoleActions(id_role)
allhelp = acca.acc_getAllActions()
allacts = []
for r in allhelp:
if r not in rolacts: allacts.append(r)
output += createactionselect(id_action=id_action,
action="addauthorization",
step=2,
actions=rolacts,
extraactions=allacts,
id_role=id_role,
reverse=reverse)
# action -> role -> arguments
else:
adminarea = 4
subtitle = 'step 1 - select action'
output = createactionselect(id_action=id_action,
action="addauthorization",
step=1,
actions=acca.acc_getAllActions(),
reverse=reverse)
if str(id_action) != "0":
subtitle = 'step 2 - select role'
actroles = acca.acc_getActionRoles(id_action)
allhelp = acca.acc_getAllRoles()
allroles = []
for r in allhelp:
if r not in actroles: allroles.append(r)
output += createroleselect(id_role=id_role,
action="addauthorization",
step=2,
roles=actroles,
extraroles=allroles,
id_action=id_action,
reverse=reverse)
# ready for step 3 no matter which direction we took to get here
if id_action != "0" and id_role != "0":
# links to adding authorizations in the other direction
if str(reverse) == "0":
extra += """
<dl>
<dt><a href="addauthorization?id_action=%s&reverse=1">Add authorization</a></dt>
<dd>add authorizations to action %s.</dd>
</dl> """ % (id_action, name_action)
else:
extra += """
<dl>
<dt><a href="addauthorization?id_role=%s">Add authorization</a></dt>
<dd>add authorizations to role %s.</dd>
</dl> """ % (id_role, name_role)
subtitle = 'step 3 - enter values for the keywords\n'
output += """
<form action="addauthorization" method="POST">
<input type="hidden" name="id_role" value="%s">
<input type="hidden" name="id_action" value="%s">
<input type="hidden" name="reverse" value="%s">
""" % (id_role, id_action, reverse)
# the actions argument keywords
res_keys = acca.acc_getActionKeywords(id_action=id_action)
# res used to display existing authorizations
# res used to determine if showing "create connection without arguments"
res_auths = acca.acc_findPossibleActions(id_role, id_action)
if not res_keys:
# action without arguments
if not res_auths:
output += """
<input type="hidden" name="confirm" value="1">
create connection between %s?
<input class="adminbutton" type="submit" value="confirm">
</form>
""" % (headerstrong(role=name_role, action=name_action, query=0), )
else:
output += '<p><strong>connection without arguments is already created.</strong></p>'
else:
# action with arguments
optionalargs = acca.acc_getActionIsOptional(id_action=id_action)
output += '<span class="adminlabel">3. authorized arguments</span><br>'
if optionalargs:
# optional arguments
output += """
<p>
<input type="radio" name="optional" value="1" %s />
connect %s to %s for any arguments <br>
<input type="radio" name="optional" value="0" %s />
connect %s to %s for only these argument cases:
</p>
""" % (optional and 'checked="checked"' or '', name_role, name_action, not optional and 'checked="checked"' or '', name_role, name_action)
# list the arguments
allkeys = 1
for key in res_keys:
output += '<span class="adminlabel" style="margin-left: 30px;">%s </span>\n <input class="admin_wvar" type="text" name="%s"' % (key, key)
try:
val = keywords[key] = cleanstring_argumentvalue(keywords[key])
if val: output += 'value="%s" ' % (val, )
else: allkeys = 0
except KeyError: allkeys = 0
output += ' /> <br>\n'
output = output[:-5] + ' <input class="adminbutton" type="submit" value="create authorization -->" />\n'
output += '</form>\n'
# ask for confirmation
if str(allkeys) != "0" or optional:
keys = keywords.keys()
keys.reverse()
subtitle = 'step 4 - confirm add of authorization\n'
text = """
create connection between <br>
%s <br>
""" % (headerstrong(role=name_role, action=name_action, query=0), )
if optional:
text += 'withouth arguments'
keywords = {}
else:
for key in keys:
text += '<strong>%s</strong>: %s \n' % (key, keywords[key])
output += createhiddenform(action="addauthorization",
text=text,
id_role=id_role,
id_action=id_action,
reverse=reverse,
confirm=1,
optional=optional,
**keywords)
# show existing authorizations, found authorizations further up in the code...
# res_auths = acca.acc_findPossibleActions(id_role, id_action)
output += '<p>existing authorizations:</p>'
if res_auths:
output += tupletotable(header=res_auths[0], tuple=res_auths[1:])
# shortcut to modifying authorizations
extra += """
<dl>
<dt><a href="modifyauthorizations?id_role=%s&id_action=%s&reverse=%s">Modify authorizations</a></dt>
<dd>modify the existing authorizations.</dd>
</dl> """ % (id_role, id_action, reverse)
else: output += '<p>no details to show</p>'
# user confirmed to add entries
if confirm:
subtitle = 'step 5 - confirm authorization added'
res1 = acca.acc_addAuthorization(name_role=name_role,
name_action=name_action,
optional=optional,
**keywords)
if res1:
res2 = acca.acc_findPossibleActions(id_role, id_action)
arg = res1[0][3] # the arglistid
new = [res2[0]]
for row in res2[1:]:
if int(row[0]) == int(arg): new.append(row)
newauths = tupletotable(header=new[0], tuple=new[1:])
newentries = tupletotable(header=['role id', 'action id', 'argument id', '#'], tuple=res1)
st = 'style="vertical-align: top"'
output += """
<p>new authorization and entries:</p>
<table><tr>
<td class="admintd" %s>%s</td>
<td class="admintd" %s>%s</td>
</tr></table> """ % (st, newauths, st, newentries)
else: output += '<p>sorry, authorization could not be added,<br>it probably already exists</p>'
# trying to put extra link on the right side
try: body = [output, extra]
except NameError: body = [output]
return index(req=req,
title = 'Create entry for new authorization',
subtitle=subtitle,
body=body,
adminarea=adminarea)
def perform_deleteroleaction(req, id_role="0", id_action="0", reverse=0, confirm=0):
"""delete all connections between a role and an action.
id_role - id of the role
id_action - id of the action
reverse - 0: ask for role first
1: ask for action first"""
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
title = 'Remove action from role '
if reverse in ["0", 0]:
# select role -> action
adminarea = 3
subtitle = 'step 1 - select a role'
output = createroleselect(id_role=id_role,
action="deleteroleaction",
step=1,
roles=acca.acc_getAllRoles(),
reverse=reverse)
if id_role != "0":
rolacts = acca.acc_getRoleActions(id_role=id_role)
subtitle = 'step 2 - select the action'
output += createactionselect(id_action=id_action,
action="deleteroleaction",
step=2,
actions=rolacts,
reverse=reverse,
id_role=id_role,
button="remove connection and all authorizations")
else:
# select action -> role
adminarea = 4
subtitle = 'step 1 - select an action'
output = createactionselect(id_action=id_action,
action="deleteroleaction",
step=1,
actions=acca.acc_getAllActions(),
reverse=reverse)
if id_action != "0":
actroles = acca.acc_getActionRoles(id_action=id_action)
subtitle = 'step 2 - select the role'
output += createroleselect(id_role=id_role,
action="deleteroleaction",
step=2,
roles=actroles,
button="remove connection and all authorizations",
id_action=id_action,
reverse=reverse)
if id_action != "0" and id_role != "0":
subtitle = 'step 3 - confirm to remove authorizations'
# ask for confirmation
res = acca.acc_findPossibleActions(id_role, id_action)
if res:
output += '<p>authorizations that will be deleted:</p>'
output += tupletotable(header=res[0], tuple=res[1:])
output += createhiddenform(action="deleteroleaction",
text='remove %s from %s' % (headerstrong(action=id_action), headerstrong(role=id_role)),
confirm=1,
id_role=id_role,
id_action=id_action,
reverse=reverse)
else:
output += 'no authorizations'
# confirmation is given
if confirm:
subtitle = 'step 4 - confirm authorizations removed '
res = acca.acc_deleteRoleAction(id_role=id_role, id_action=id_action)
if res:
output += '<p>confirm: removed %s from %s<br>' % (headerstrong(action=id_action), headerstrong(role=id_role))
output += '<strong>%s</strong> entries were removed.</p>' % (res, )
else:
output += '<p>sorry, no entries could be removed.</p>'
return index(req=req,
title=title,
subtitle=subtitle,
body=[output],
adminarea=adminarea)
def perform_modifyauthorizations(req, id_role="0", id_action="0", reverse=0, confirm=0, errortext='', sel='', authids=[]):
"""given ids of a role and an action, show all possible action combinations
with checkboxes and allow user to access other functions.
id_role - id of the role
id_action - id of the action
reverse - 0: ask for role first
1: ask for action first
sel - which button and modification that is selected
errortext - text to print when no connection exist between role and action
authids - ids of checked checkboxes """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
name_role = acca.acc_getRoleName(id_role)
name_action = acca.acc_getActionName(id_action)
output = ''
try: id_role, id_action, reverse = int(id_role), int(id_action), int(reverse)
except ValueError: pass
extra = """
<dl>
<dt><a href="addrole">Create new role</a></dt>
<dd>go here to add a new role.</dd>
<dt><a href="addaction">Create new action</a></dt>
<dd>go here to add a new action.</dd>
</dl>
"""
if id_role or id_action:
extra += '\n<dl>\n'
if id_role and id_action:
extra += """
<dt><a href="addauthorization?id_role=%s&id_action=%s&reverse=%s">Add authorizations</a></dt>
<dd>add an authorization to the existing ones.</dd> """ % (id_role, id_action, reverse)
if id_role:
extra += """
<dt><a href="addauthorization?id_role=%s">Add authorizations</a></dt>
<dd>add to role %s.</dd> """ % (id_role, name_role)
if id_action:
extra += """
<dt><a href="addauthorization?id_action=%s&reverse=1">Add authorizations</a></dt>
<dd>add to action %s.</dd> """ % (id_action, name_action)
extra += '\n</dl>\n'
if not reverse:
# role -> action
adminarea = 3
subtitle = 'step 1 - select the role'
output += createroleselect(id_role=str(id_role),
action="modifyauthorizations",
step=1,
roles=acca.acc_getAllRoles(),
reverse=reverse)
if id_role:
rolacts = acca.acc_getRoleActions(id_role=id_role)
subtitle = 'step 2 - select the action'
output += createactionselect(id_action=str(id_action),
action="modifyauthorizations",
step=2,
actions=rolacts,
id_role=id_role,
reverse=reverse)
else:
adminarea = 4
# action -> role
subtitle = 'step 1 - select the action'
output += createactionselect(id_action=str(id_action),
action="modifyauthorizations",
step=1,
actions=acca.acc_getAllActions(),
reverse=reverse)
if id_action:
actroles = acca.acc_getActionRoles(id_action=id_action)
subtitle = 'step 2 - select the role'
output += createroleselect(id_role=str(id_role),
action="modifyauthorizations",
step=2,
roles=actroles,
id_action=id_action,
reverse=reverse)
if errortext: output += '<p>%s</p>' % (errortext, )
if id_role and id_action:
# adding to main area
if type(authids) is not list: authids = [authids]
subtitle = 'step 3 - select groups and modification'
# get info
res = acca.acc_findPossibleActions(id_role, id_action)
# clean the authids
hiddenids = []
if sel in ['delete selected']:
hiddenids = authids[:]
elif sel in ['split groups', 'merge groups']:
for authid in authids:
arghlp = res[int(authid)][0]
if authid not in hiddenids and arghlp not in [-1, '-1', 0, '0']: hiddenids.append(authid)
authids = hiddenids[:]
if confirm:
# do selected modification and output with new authorizations
if sel == 'split groups':
res = splitgroups(id_role, id_action, authids)
elif sel == 'merge groups':
res = mergegroups(id_role, id_action, authids)
elif sel == 'delete selected':
res = deleteselected(id_role, id_action, authids)
authids = []
res = acca.acc_findPossibleActions(id_role, id_action)
output += 'authorizations after <strong>%s</strong>.<br>\n' % (sel, )
elif sel and authids:
output += 'confirm choice of authorizations and modification.<br>\n'
else:
output += 'select authorizations and perform modification.<br>\n'
if not res:
errortext='all connections deleted, try different '
if reverse in ["0", 0]:
return perform_modifyauthorizations(req=req, id_role=id_role, errortext=errortext + 'action.')
else:
return perform_modifyauthorizations(req=req, id_action=id_action, reverse=reverse, errortext=errortext + 'role.')
# display
output += modifyauthorizationsmenu(id_role, id_action, header=res[0], tuple=res[1:], checked=authids, reverse=reverse)
if sel and authids:
subtitle = 'step 4 - confirm to perform modification'
# form with hidden authids
output += '<form action="%s" method="POST">\n' % ('modifyauthorizations', )
for hiddenid in hiddenids:
output += '<input type="hidden" name="authids" value="%s" />\n' % (hiddenid, )
# choose what to do
if sel == 'split groups':
output += '<p>split groups containing:</p>'
elif sel == 'merge groups':
output += '<p>merge groups containing:</p>'
elif sel == 'delete selected':
output += '<p>delete selected entries:</p>'
extracolumn = '<input type="checkbox" name="confirm" value="1" />\n'
extracolumn += '<input class="adminbutton" type="submit" value="confirm" />\n'
# show the entries here...
output += tupletotable_onlyselected(header=res[0],
tuple=res[1:],
selected=hiddenids,
extracolumn=extracolumn)
output += '<input type="hidden" name="id_role" value="%s" />\n' % (id_role, )
output += '<input type="hidden" name="id_action" value="%s" />\n' % (id_action, )
output += '<input type="hidden" name="sel" value="%s" />\n' % (sel, )
output += '<input type="hidden" name="reverse" value="%s" />\n' % (reverse, )
output += '</form>'
# tried to perform modification without something selected
elif sel and not authids and not confirm:
output += '<p>no valid groups selected</p>'
# trying to put extra link on the right side
try: body = [output, extra]
except NameError: body = [output]
# Display the page
return index(req=req,
title='Modify Authorizations',
subtitle=subtitle,
body=body,
adminarea=adminarea)
def modifyauthorizationsmenu(id_role, id_action, tuple=[], header=[], checked=[], reverse=0):
"""create table with header and checkboxes, used for multiple choice.
makes use of tupletotable to add the actual table
id_role - selected role, hidden value in the form
id_action - selected action, hidden value in the form
tuple - all rows to be put in the table (with checkboxes)
header - column headers, empty strings added at start and end
checked - ids of rows to be checked """
if not tuple:
return 'no authorisations...'
argnum = len(acca.acc_getActionKeywords(id_action=id_action))
tuple2 = []
for t in tuple: tuple2.append(t[:])
tuple2 = addcheckboxes(datalist=tuple2, name='authids', startindex=1, checked=checked)
hidden = '<input type="hidden" name="id_role" value="%s" /> \n' % (id_role, )
hidden += '<input type="hidden" name="id_action" value="%s" /> \n' % (id_action, )
hidden += '<input type="hidden" name="reverse" value="%s" /> \n' % (reverse, )
button = '<input type="submit" class="adminbutton" value="delete selected" name="sel" />\n'
if argnum > 1:
button += '<input type="submit" class="adminbutton" value="split groups" name="sel" />\n'
button += '<input type="submit" class="adminbutton" value="merge groups" name="sel" />\n'
hdrstr = ''
for h in [''] + header + ['']: hdrstr += ' <th class="adminheader">%s</th>\n' % (h, )
if hdrstr: hdrstr = ' <tr>\n%s\n </tr>\n' % (hdrstr, )
output = '<form action="modifyauthorizations" method="POST">\n'
output += '<table class="admin_wvar_nomargin"> \n'
output += hdrstr
output += '<tr><td>%s</td></tr>\n' % (hidden, )
align = ['admintdleft'] * len(tuple2[0])
try: align[1] = 'admintdright'
except IndexError: pass
output += '<tr>'
for i in range(len(tuple2[0])): output += '<td class="%s">%s</td>\n' % (align[i], tuple2[0][i])
output += '<td rowspan="%s" style="vertical-align: bottom">\n%s\n</td>\n' % (len(tuple2), button)
output += '</tr>\n'
for row in tuple2[1:]:
output += ' <tr>\n'
for i in range(len(row)): output += '<td class="%s">%s</td>\n' % (align[i], row[i])
output += ' </tr>\n'
output += '</table>\n</form>\n'
return output
def splitgroups(id_role=0, id_action=0, authids=[]):
"""get all the old ones, gather up the arglistids find a list of
arglistidgroups to be split, unique get all actions in groups outside
of the old ones, (old arglistid is allowed).
show them like in showselect. """
if not id_role or not id_action or not authids:
return 0
# find all the actions
datalist = acca.acc_findPossibleActions(id_role, id_action)
if type(authids) is str: authids = [authids]
for i in range(len(authids)): authids[i] = int(authids[i])
# argumentlistids of groups to be split
splitgrps = []
for authid in authids:
hlp = datalist[authid][0]
if hlp not in splitgrps and authid in range(1,len(datalist)):
splitgrps.append(hlp)
# split groups and return success or failure
result = 1
for splitgroup in splitgrps:
result = 1 and acca.acc_splitArgumentGroup(id_role, id_action, splitgroup)
return result
def mergegroups(id_role=0, id_action=0, authids=[]):
"""get all the old ones, gather up the argauthids find a list
of arglistidgroups to be split, unique get all actions in groups
outside of the old ones, (old arglistid is allowed).
show them like in showselect."""
if not id_role or not id_action or not authids:
return 0
datalist = acca.acc_findPossibleActions(id_role, id_action)
if type(authids) is str: authids = [authids]
for i in range(len(authids)): authids[i] = int(authids[i])
# argumentlistids of groups to be merged
mergegroups = []
for authid in authids:
hlp = datalist[authid][0]
if hlp not in mergegroups and authid in range(1, len(datalist)):
mergegroups.append(hlp)
# merge groups and return success or failure
if acca.acc_mergeArgumentGroups(id_role, id_action, mergegroups):
return 1
else:
return 0
def deleteselected(id_role=0, id_action=0, authids=[]):
"""delete checked authorizations/possible actions, ids in authids.
id_role - role to delete from
id_action - action to delete from
authids - listids for which possible actions to delete."""
if not id_role or not id_action or not authids:
return 0
if type(authids) in [str, int]: authids = [authids]
for i in range(len(authids)): authids[i] = int(authids[i])
result = acca.acc_deletePossibleActions(id_role=id_role,
id_action=id_action,
authids=authids)
return result
def headeritalic(**ids):
"""transform keyword=value pairs to string with value in italics.
**ids - a dictionary of pairs to create string from """
output = ''
value = ''
table = ''
for key in ids.keys():
if key in ['User', 'user']:
value, table = 'email', 'user'
elif key in ['Role', 'role']:
value, table = 'name', 'accROLE'
elif key in ['Action', 'action']:
value, table = 'name', 'accACTION'
else:
if output: output += ' and '
output += ' %s <i>%s</i>' % (key, ids[key])
continue
res = run_sql("""SELECT %s FROM %s WHERE id = %s""" % (value, table, ids[key]))
if res:
if output: output += ' and '
output += ' %s <i>%s</i>' % (key, res[0][0])
return output
def headerstrong(query=1, **ids):
"""transform keyword=value pairs to string with value in strong text.
**ids - a dictionary of pairs to create string from
query - 1 -> try to find names to ids of role, user and action.
0 -> do not try to find names, use the value passed on """
output = ''
value = ''
table = ''
for key in ids.keys():
if key in ['User', 'user']:
value, table = 'email', 'user'
elif key in ['Role', 'role']:
value, table = 'name', 'accROLE'
elif key in ['Action', 'action']:
value, table = 'name', 'accACTION'
else:
if output: output += ' and '
output += ' %s <strong>%s</strong>' % (key, ids[key])
continue
if query:
res = run_sql("""SELECT %s FROM %s WHERE id = %s""" % (value, table, ids[key]))
if res:
if output: output += ' and '
output += ' %s <strong>%s</strong>' % (key, res[0][0])
else:
if output: output += ' and '
output += ' %s <strong>%s</strong>' % (key, ids[key])
return output
def startpage():
"""create the menu for the startpage"""
body = """
<table class="admin_wvar" width="100%" summary="">
<thead>
<tr>
<th class="adminheaderleft">selection for WebAccess Admin</th>
</tr>
</thead>
<tbody>
<tr>
<td>
<dl>
<dt><a href="webaccessadmin.py/rolearea">Role Area</a>
<dd>main area to configure administration rights and authorization rules.
<dt><a href="webaccessadmin.py/actionarea">Action Area</a>
<dd>configure administration rights with the actions as starting point.
<dt><a href="webaccessadmin.py/userarea">User Area</a>
<dd>configure administration rights with the users as starting point.
<dt><a href="webaccessadmin.py/resetarea">Reset Area</a>
<dd>reset roles, actions and authorizations.
</dl>
</td>
</tr>
</tbody>
</table>"""
return body
def rankarea():
return "Rankmethod area"
def perform_simpleauthorization(req, id_role=0, id_action=0):
"""show a page with simple overview of authorizations between a
connected role and action. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
res = acca.acc_findPossibleActions(id_role, id_action)
if res:
extra = createhiddenform(action='modifyauthorizations',
button='modify authorizations',
id_role=id_role,
id_action=id_action)
output = '<p>authorizations for %s:</p>' % (headerstrong(action=id_action, role=id_role), )
output += tupletotable(header=res[0], tuple=res[1:], extracolumn=extra)
else:
output = 'no details to show'
return index(req=req,
title='Simple authorization details',
subtitle='simple authorization details',
body=[output],
adminarea=3)
def perform_showroleusers(req, id_role=0):
"""show a page with simple overview of a role and connected users. """
(auth_code, auth_message) = is_adminuser(req)
if auth_code != 0: return mustloginpage(req, auth_message)
res = acca.acc_getRoleUsers(id_role=id_role)
name_role = acca.acc_getRoleName(id_role=id_role)
if res:
users = []
for (id, name, dontcare) in res: users.append([id, name, '<a href="showuserdetails?id_user=%s">show user details</a>'
% (id, )])
output = '<p>users connected to %s:</p>' % (headerstrong(role=id_role), )
output += tupletotable(header=['id', 'name', ''], tuple=users)
else:
output = 'no users connected to role <strong>%s</strong>' % (name_role, )
extra = """
<dl>
<dt><a href="adduserrole?id_role=%s">Connect user</a></dt>
<dd>connect users to the role.</dd>
</dl>
""" % (id_role, )
return index(req=req,
title='Users connected to role %s' % (name_role, ),
subtitle='simple details',
body=[output, extra],
adminarea=3)
def createselect(id_input="0", label="", step=0, name="",
action="", list=[], extralist=[], extrastamp='',
button="", **hidden):
"""create form with select and hidden values
id - the one to choose as selected if exists
label - label shown to the left of the select
name - the name of the select on which to reference it
list - primary list to select from
extralist - list of options to be put in paranthesis
extrastamp - stamp extralist entries with this if not ''
usually paranthesis around the entry
button - the value/text to be put on the button
**hidden - name=value pairs to be put as hidden in the form. """
step = step and '%s. ' % step or ''
output = '<form action="%s" method="POST">\n' % (action, )
output += ' <span class="adminlabel">%s</span>\n' % (step + label, )
output += ' <select name="%s" class="admin_w200">\n' % (name, )
if not list and not extralist:
output += ' <option value="0">*** no %ss to select from ***</option>\n' % (label.split()[-1], )
else:
output += ' <option value="0">*** %s ***</option>\n' % (label, )
for (id, email, dontcare) in list:
if str(id) == id_input: output += ' <option value="%s" selected="selected">%s</option>\n' % (id, email)
else: output += ' <option value="%s">%s</option>\n' % (id, email)
for (id, email, dontcare) in extralist:
if str(id) == id_input:
if not extrastamp: output += ' <option value="%s" selected="selected">(%s)</option>\n' % (id, email)
else: output += ' <option value="%s">%s %s</option>\n' % (id, email, extrastamp)
elif not extrastamp: output += ' <option value="%s">(%s)</option>\n' % (id, email)
else: output += ' <option value="%s">%s %s</option>\n' % (id, email, extrastamp)
output += ' </select>\n'
for key in hidden.keys():
output += ' <input type="hidden" name="%s" value="%s" />\n' % (key, hidden[key])
output += ' <input class="adminbutton" type="submit" value="%s" />\n' % (button, )
output += '</form>\n'
return output
def createactionselect(id_action="0", label="select action", step=0, name="id_action",
action="", actions=[], extraactions=[], extrastamp='',
button="select action", **hidden):
"""create a select for roles in a form. see createselect."""
return createselect(id_input=id_action, label=label, step=step, name=name,
action=action, list=actions, extralist=extraactions, extrastamp=extrastamp,
button=button, **hidden)
def createroleselect(id_role="0", label="select role", step=0, name="id_role",
action="", roles=[], extraroles=[], extrastamp='',
button="select role", **hidden):
"""create a select for roles in a form. see createselect."""
return createselect(id_input=id_role, label=label, step=step, name=name,
action=action, list=roles, extralist=extraroles, extrastamp=extrastamp,
button=button, **hidden)
def createuserselect(id_user="0", label="select user", step=0, name="id_user",
action="", users=[], extrausers=[], extrastamp='(connected)',
button="select user", **hidden):
"""create a select for users in a form.see createselect."""
return createselect(id_input=id_user, label=label, step=step, name=name,
action=action, list=users, extralist=extrausers, extrastamp=extrastamp,
button=button, **hidden)
def cleanstring(str='', comma=0):
"""clean all the strings before submitting to access control admin.
remove characters not letter, number or underscore, also remove leading
underscores and numbers. return cleaned string.
str - string to be cleaned
comma - 1 -> allow the comma to divide multiple arguments
0 -> wash commas as well """
# remove not allowed characters
str = re.sub(r'[^a-zA-Z0-9_,]', '', str)
# split string on commas
items = str.split(',')
str = ''
for item in items:
if not item: continue
if comma and str: str += ','
# create valid variable names
str += re.sub(r'^([0-9_])*', '', item)
return str
def cleanstring_argumentvalue(str=''):
"""clean the value of an argument before submitting it.
allowed characters: a-z A-Z 0-9 _ and space
str - string to be cleaned """
# remove not allowed characters
str = re.sub(r'[^a-zA-Z0-9_ .]', '', str)
# trim leading and ending spaces
str = re.sub(r'^ *| *$', '', str)
return str
def cleanstring_email(str=''):
"""clean the string and return a valid email address.
str - string to be cleaned """
# remove not allowed characters
str = re.sub(r'[^a-zA-Z0-9_.@-]', '', str)
return str
def check_email(str=''):
"""control that submitted emails are correct.
this little check is not very good, but better than nothing. """
r = re.compile(r'(.)+\@(.)+\.(.)+')
return r.match(str) and 1 or 0
def sendAccountActivatedMessage(AccountEmail, sendTo, password, ln=cdslang):
"""Send an email to the address given by sendTo about the new activated account."""
fromaddr = "From: %s" % supportemail
toaddrs = "To: %s" % sendTo
to = toaddrs + "\n"
sub = "Subject: Your account on '%s' has been activated\n\n" % cdsname
body = "Your account earlier created on '%s' has been activated:\n\n" % cdsname
body += " Username/Email: %s\n" % AccountEmail
body += " Password: %s\n" % ("*" * len(password))
body += "\n---------------------------------"
body += "\n%s" % cdsname
body += "\nContact: %s" % supportemail
msg = to + sub + body
server = smtplib.SMTP('localhost')
server.set_debuglevel(1)
try:
server.sendmail(fromaddr, toaddrs, msg)
except smtplib.SMTPRecipientsRefused,e:
return 0
server.quit()
return 1
def sendNewUserAccountWarning(newAccountEmail, sendTo, password, ln=cdslang):
"""Send an email to the address given by sendTo about the new account newAccountEmail."""
fromaddr = "From: %s" % supportemail
toaddrs = "To: %s" % sendTo
to = toaddrs + "\n"
sub = "Subject: Account created on '%s'\n\n" % cdsname
body = "An account has been created for you on '%s':\n\n" % cdsname
body += " Username/Email: %s\n" % newAccountEmail
body += " Password: %s\n" % ("*" * len(password))
body += "\n---------------------------------"
body += "\n%s" % cdsname
body += "\nContact: %s" % supportemail
msg = to + sub + body
server = smtplib.SMTP('localhost')
server.set_debuglevel(1)
try:
server.sendmail(fromaddr, toaddrs, msg)
except smtplib.SMTPRecipientsRefused,e:
return 0
server.quit()
return 1
def sendAccountRejectedMessage(newAccountEmail, sendTo, ln=cdslang):
"""Send an email to the address given by sendTo about the new account newAccountEmail."""
fromaddr = "From: %s" % supportemail
toaddrs = "To: %s" % sendTo
to = toaddrs + "\n"
sub = "Subject: Account rejected on '%s'\n\n" % cdsname
body = "Your request for an account has been rejected on '%s':\n\n" % cdsname
body += " Username/Email: %s\n" % newAccountEmail
body += "\n---------------------------------"
body += "\n%s" % cdsname
body += "\nContact: %s" % supportemail
msg = to + sub + body
server = smtplib.SMTP('localhost')
server.set_debuglevel(1)
try:
server.sendmail(fromaddr, toaddrs, msg)
except smtplib.SMTPRecipientsRefused,e:
return 0
server.quit()
return 1
def sendAccountDeletedMessage(newAccountEmail, sendTo, ln=cdslang):
"""Send an email to the address given by sendTo about the new account newAccountEmail."""
fromaddr = "From: %s" % supportemail
toaddrs = "To: %s" % sendTo
to = toaddrs + "\n"
sub = "Subject: Account deleted on '%s'\n\n" % cdsname
body = "Your account on '%s' has been deleted:\n\n" % cdsname
body += " Username/Email: %s\n" % newAccountEmail
body += "\n---------------------------------"
body += "\n%s" % cdsname
body += "\nContact: %s" % supportemail
msg = to + sub + body
server = smtplib.SMTP('localhost')
server.set_debuglevel(1)
try:
server.sendmail(fromaddr, toaddrs, msg)
except smtplib.SMTPRecipientsRefused,e:
return 0
server.quit()
return 1
diff --git a/modules/webalert/web/youralerts.py b/modules/webalert/web/youralerts.py
index bbd914138..b735916fe 100644
--- a/modules/webalert/web/youralerts.py
+++ b/modules/webalert/web/youralerts.py
@@ -1,226 +1,226 @@
## $Id$
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""PERSONAL FEATURES - YOUR ALERTS"""
__lastupdated__ = """<: print `date +"%d %b %Y %H:%M:%S %Z"`; :>"""
import sys
import time
import zlib
import urllib
import time
from mod_python import apache
-from invenio.config import weburl, cdslang, cdsname
+from invenio.config import weburl, sweburl, cdslang, cdsname
from invenio.webpage import page
from invenio import webalert
from invenio.webuser import getUid, page_not_authorized
from invenio.access_control_config import CFG_ACCESS_CONTROL_LEVEL_SITE
from invenio.messages import gettext_set_language
import invenio.template
webalert_templates = invenio.template.load('webalert')
def relative_redirect( req, relative_url, **args ):
tmp = []
for param in args.keys():
#ToDo: url encoding of the params
tmp.append( "%s=%s"%( param, args[param] ) )
req.err_headers_out.add("Location", "%s/%s?%s" % (weburl, relative_url, "&".join( tmp ) ))
raise apache.SERVER_RETURN, apache.HTTP_MOVED_PERMANENTLY
### CALLABLE INTERFACE
def display(req, p="n", ln = cdslang):
uid = getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/display")
return page(title=_("Display searches"),
body=webalert.perform_display(p,uid, ln = ln),
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Display searches",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def input(req, idq, name="", freq="week", notif="y", idb=0, error_msg="", ln = cdslang):
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/input")
# load the right message language
_ = gettext_set_language(ln)
html = webalert.perform_input_alert("add", idq, name, freq, notif, idb,uid, ln = ln)
if error_msg != "":
html = webalert_templates.tmpl_errorMsg(
ln = ln,
error_msg = error_msg,
rest = html,
)
return page(title=_("Set a new alert"),
body=html,
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Set a new alert",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def modify(req, idq, old_idb, name="", freq="week", notif="y", idb=0, error_msg="", ln = cdslang):
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/modify")
# load the right message language
_ = gettext_set_language(ln)
html = webalert.perform_input_alert("update", idq, name, freq, notif, idb, uid, old_idb, ln = ln)
if error_msg != "":
html = webalert_templates.tmpl_errorMsg(
ln = ln,
error_msg = error_msg,
rest = html,
)
return page(title=_("Modify alert settings"),
body=html,
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Modify alert settings",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def list(req, ln = cdslang):
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/list")
# load the right message language
_ = gettext_set_language(ln)
return page(title=_("Display alerts"),
body=webalert.perform_list_alerts(uid, ln = ln),
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Display alerts",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def add(req, name, freq, notif, idb, idq, ln = cdslang):
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/add")
# load the right message language
_ = gettext_set_language(ln)
try:
html=webalert.perform_add_alert(name, freq, notif, idb, idq, uid, ln = ln)
except webalert.AlertError, e:
return input(req, idq, name, freq, notif, idb, e, ln = ln)
return page(title=_("Display alerts"),
body=html,
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Display alerts",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def update(req, name, freq, notif, idb, idq, old_idb, ln = cdslang):
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/update")
# load the right message language
_ = gettext_set_language(ln)
try:
html=webalert.perform_update_alert(name, freq, notif, idb, idq, old_idb,uid, ln = ln)
except webalert.AlertError, e:
return modify(req, idq, old_idb, name, freq, notif, idb, e, ln = ln)
return page(title=_("Display alerts"),
body=html,
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Display alerts",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def remove(req, name, idu, idq, idb, ln = cdslang):
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../youralerts.py/remove")
# load the right message language
_ = gettext_set_language(ln)
return page(title=_("Display alerts"),
body=webalert.perform_remove_alert(name, idu, idq, idb, uid, ln = ln),
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
description="CDS Personalize, Display alerts",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def errorMsg(title, req, c=cdsname, ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDS Invenio, Internal Error" % c,
language=ln,
urlargs=req.args)
diff --git a/modules/webcomment/lib/webcomment_templates.py b/modules/webcomment/lib/webcomment_templates.py
index 11701b226..046bdad3d 100644
--- a/modules/webcomment/lib/webcomment_templates.py
+++ b/modules/webcomment/lib/webcomment_templates.py
@@ -1,1308 +1,1309 @@
# -*- coding: utf-8 -*-
## $Id$
## Comments and reviews for records.
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""HTML Templates for commenting features """
__lastupdated__ = """$Date$"""
# non CDS Invenio imports
import string
# CDS Invenio imports
from invenio.webuser import get_user_info
from invenio.dateutils import convert_datetext_to_dategui
from invenio.webmessage_mailutils import email_quoted_txt2html
from invenio.config import weburl, \
+ sweburl, \
cdslang, \
cdsnameintl,\
cfg_webcomment_nb_reviews_in_detailed_view, \
cfg_webcomment_allow_reviews, \
cfg_webcomment_allow_comments, \
cfg_webcomment_nb_comments_in_detailed_view
from invenio.messages import gettext_set_language
from invenio.textutils import indent_text
class Template:
"""templating class, refer to webcomment.py for examples of call"""
def tmpl_get_first_comments_without_ranking(self, recID, ln, comments, nb_comments_total, warnings):
"""
@param recID: record id
@param ln: language
@param comments: tuple as returned from webcomment.py/query_retrieve_comments_or_remarks
@param nb_comments_total: total number of comments for this record
@param warnings: list of warning tuples (warning_msg, arg1, arg2, ...)
@return html of comments
"""
# load the right message language
_ = gettext_set_language(ln)
# naming data fields of comments
c_nickname = 0
c_user_id = 1
c_date_creation = 2
c_body = 3
c_id = 4
warnings = self.tmpl_warnings(warnings, ln)
report_link = '%s/comments.py/report?recid=%s&ln=%s&comid=%%(comid)s&reviews=0' % (weburl, recID, ln)
# comments
comment_rows = ''
for comment in comments:
if comment[c_nickname]:
nickname = comment[c_nickname]
display = nickname
else:
(uid, nickname, display) = get_user_info(comment[c_user_id])
messaging_link = self.create_messaging_link(nickname, display, ln)
comment_rows += """
<tr>
<td>"""
comment_rows += self.tmpl_get_comment_without_ranking(ln, messaging_link, comment[c_date_creation], comment[c_body])
comment_rows += """
<br><br>
</td>
</tr>"""
# write button
write_button_label = _("Write a comment")
write_button_link = '%s/comments.py/add' % (weburl,)
write_button_form = """ <input type="hidden" name="recid" value="%s"/>
<input type="hidden" name="ln" value="%s"/>
<input type="hidden" name="reviews" value="0"/>""" % (recID, ln)
write_button_form = self.createhiddenform(action=write_button_link, method="Get", text=write_button_form, button=write_button_label)
# output
if nb_comments_total > 0:
out = warnings
comments_label = cfg_webcomment_nb_comments_in_detailed_view and \
cfg_webcomment_nb_comments_in_detailed_view>1 and \
_("Showing the latest %i comments:")% cfg_webcomment_nb_comments_in_detailed_view or ""
out += """
<table>
<tr>
<td class="blocknote">%(comment_title)s</td>
</tr>
</table>
%(comments_label)s<br />
<table border="0" cellspacing="5" cellpadding="5" width="100%%">
%(comment_rows)s
</table>
%(view_all_comments_link)s
<br />
<br />
%(write_button_form)s<br />""" % \
{'comment_title': _("Discuss this document:"),
'comments_label': comments_label,
'nb_comments_total' : nb_comments_total,
'recID': recID,
'comment_rows': comment_rows,
'tab': ' '*4,
'weburl': weburl,
's': cfg_webcomment_nb_comments_in_detailed_view>1 and 's' or "",
'view_all_comments_link': nb_comments_total>0 and '''<a href="%s/comments.py/display?recid=%s&reviews=0">View all %s comments</a>''' \
% (weburl, recID, nb_comments_total) or "",
'write_button_form': write_button_form,
'nb_comments': cfg_webcomment_nb_comments_in_detailed_view>1 and cfg_webcomment_nb_comments_in_detailed_view or ""
}
else:
out = """
<!-- comments title table -->
<table>
<tr>
<td class="blocknote">%(discuss_label)s:</td>
</tr>
</table>
%(detailed_info)s
<br />
%(form)s
<br />""" % {'form': write_button_form,
'discuss_label': _("Discuss this document"),
'detailed_info': _("Start a discussion about any aspect of this document.")
}
return out
def tmpl_record_not_found(self, status='missing', recID="", ln=cdslang):
"""
Displays a page when bad or missing record ID was given.
@param status: 'missing' : no recID was given
'inexistant': recID doesn't have an entry in the database
'nan' : recID is not a number
'invalid' : recID is an error code, i.e. in the interval [-99,-1]
@param return: body of the page
"""
_ = gettext_set_language(ln)
if status == 'inexistant':
body = _("Sorry, the record %s does not seem to exist.") % (recID,)
elif status == 'nan':
body = _("Sorry, the record %s does not seem to be a number.") % (recID,)
elif status == 'invalid':
body = _("Sorry, the record %s is not a valid ID value.") % (recID,)
else:
body = _("Sorry, no record ID was provided.")
body += "<br /><br />"
link = "<a href=\"%s?ln=%s\">%s</a>." % (weburl, ln, cdsnameintl[ln])
body += _("You may want to start browsing from &s") % link
return body
def tmpl_get_first_comments_with_ranking(self, recID, ln, comments=None, nb_comments_total=None, avg_score=None, warnings=[]):
"""
@param recID: record id
@param ln: language
@param comments: tuple as returned from webcomment.py/query_retrieve_comments_or_remarks
@param nb_comments_total: total number of comments for this record
@param avg_score: average score of all reviews
@param warnings: list of warning tuples (warning_msg, arg1, arg2, ...)
@return html of comments
"""
# load the right message language
_ = gettext_set_language(ln)
# naming data fields of comments
c_nickname = 0
c_user_id = 1
c_date_creation = 2
c_body = 3
c_nb_votes_yes = 4
c_nb_votes_total = 5
c_star_score = 6
c_title = 7
c_id = 8
warnings = self.tmpl_warnings(warnings, ln)
#stars
if avg_score > 0:
avg_score_img = 'stars-' + str(avg_score).split('.')[0] + '-' + str(avg_score).split('.')[1] + '.png'
else:
avg_score_img = "stars-0-0.png"
# voting links
useful_dict = { 'weburl' : weburl,
'recID' : recID,
'ln' : ln,
'yes_img' : 'smchk_gr.gif', #'yes.gif',
'no_img' : 'iconcross.gif' #'no.gif'
}
link = '<a href="%(weburl)s/comments.py/vote?recid=%(recID)s&ln=%(ln)s&comid=%%(comid)s&reviews=1' % useful_dict
useful_yes = link + '&com_value=1">' + _("Yes") + '</a>'
useful_no = link + '&com_value=-1">' + _("No") + '</a>'
report_link = '%(weburl)s/comments.py/report?recid=%(recID)s&ln=%(ln)s&comid=%%(comid)s&reviews=1' % useful_dict
#comment row
comment_rows = ' '
for comment in comments:
if comment[c_nickname]:
nickname = comment[c_nickname]
display = nickname
else:
(uid, nickname, display) = get_user_info(comment[c_user_id])
messaging_link = self.create_messaging_link(nickname, display, ln)
comment_rows += '''
<tr>
<td>'''
comment_rows += self.tmpl_get_comment_with_ranking(ln, messaging_link, comment[c_date_creation], comment[c_body], comment[c_nb_votes_total], comment[c_nb_votes_yes], comment[c_star_score], comment[c_title])
comment_rows += '''
%s %s / %s<br />''' % (_("Was this review helpful?"), useful_yes % {'comid':comment[c_id]}, useful_no % {'comid':comment[c_id]})
comment_rows += '''
<br />
</td>
</tr>'''
# write button
write_button_link = '''%s/comments.py/add''' % (weburl,)
write_button_form = ''' <input type="hidden" name="recid" value="%s"/>
<input type="hidden" name="ln" value="%s"/>
<input type="hidden" name="reviews" value="1"/>''' % (recID, ln )
write_button_form = self.createhiddenform(action=write_button_link, method="Get", text=write_button_form, button=_("Write a review"))
if nb_comments_total > 0:
score = _("Average review score: %s based on %s reviews")
score %= ('</b><img src="%(weburl)s/img/%(avg_score_img)s" alt="%(avg_score)s" />',
'%(nb_comments_total)s')
score %= {'weburl': weburl,
'avg_score_img': avg_score_img,
'avg_score': avg_score,
'nb_comments_total': nb_comments_total}
useful_label = _("Readers found the following %s reviews to be most helpful.")
useful_label %= cfg_webcomment_nb_reviews_in_detailed_view > 1 and cfg_webcomment_nb_reviews_in_detailed_view or ""
view_all_comments_link ='<a href="%s/comments.py/display?recid=%s&ln=%s&do=hh&reviews=1">' % (weburl, recID, ln)
view_all_comments_link += _("View all %s reviews") % nb_comments_total
view_all_comments_link += '</a><br />'
out = warnings + """
<!-- review title table -->
<table>
<tr>
<td class="blocknote">%(comment_title)s:</td>
</tr>
</table>
<b>%(score_label)s<br />
%(useful_label)s
<!-- review table -->
<table style="border: 0px; border-collapse: separate; border-spacing: 5px; padding: 5px; width: 100%%">
%(comment_rows)s
</table>
%(view_all_comments_link)s
%(write_button_form)s<br>
""" % \
{ 'comment_title' : _("Rate this document"),
'score_label' : score,
'useful_label' : useful_label,
'recID' : recID,
'view_all_comments' : _("view all %s reviews") % (nb_comments_total,),
'write_comment' : _("write a review"),
'comment_rows' : comment_rows,
'tab' : ' '*4,
'weburl' : weburl,
'view_all_comments_link': nb_comments_total>0 and view_all_comments_link or "",
'write_button_form' : write_button_form
}
else:
out = '''
<!-- review title table -->
<table>
<tr>
<td class="blocknote">%s:</td>
</tr>
</table>
%s<br />
%s
<br>''' % (_("Rate this document"),
_("Be the first to review this document."),
write_button_form)
return out
def tmpl_get_comment_without_ranking(self, ln, nickname, date_creation, body, reply_link=None, report_link=None):
"""
private function
@param ln: language
@param nickname: nickname
@param date_creation: date comment was written
@param body: comment body
@param reply_link: if want reply and report, give the http links
@param repot_link: if want reply and report, give the http links
@return html table of comment
"""
# load the right message language
_ = gettext_set_language(ln)
date_creation = convert_datetext_to_dategui(date_creation)
out = ''
final_body = email_quoted_txt2html(body)
title = nickname + ' ' + _("wrote on") + ' <i>' + date_creation + '</i>'
links = '<a href="%s">' + _("Reply") +'</a>'
links += ' | '
links += '<a href="%s">' + _("Report abuse") + '</a>'
out += """
<table style="width: 100%%">
<tr>
<td>%(title)s</td>
<td align=right>%(links)s</td>
</tr>
<tr>
<td class="commentbox" colspan="2">
%(body)s
</td>
</tr>
</table>""" % \
{'title' : title,
'body' : indent_text(final_body, 3),
'links' : (report_link!=None and reply_link!=None) and links % (reply_link, report_link) or ""
}
return out
def tmpl_get_comment_with_ranking(self, ln, nickname, date_creation, body, nb_votes_total, nb_votes_yes, star_score, title):
"""
private function
@param ln: language
@param nickname: nickname
@param date_creation: date comment was written
@param body: comment body
@param nb_votes_total: total number of votes for this review
@param nb_votes_yes: number of positive votes for this record
@param star_score: star score for this record
@param title: title of review
@return html table of review
"""
# load the right message language
_ = gettext_set_language(ln)
if star_score > 0:
star_score_img = 'stars-' + str(star_score) + '-0.png'
else:
star_score_img = 'stars-0-0.png'
out = ""
date_creation = convert_datetext_to_dategui(date_creation)
reviewed_label = _("Reviewed by %s on %s") % (nickname, date_creation)
useful_label = _("%i out of %i people found this review useful")
useful_label %= (nb_votes_yes, nb_votes_total)
out += """
<table width="100%%">
<tr>
<td>
<img src="%(weburl)s/img/%(star_score_img)s" alt="%(star_score)s" style="margin-right:10px;"/><b>%(title)s</b><br />
%(reviewed_label)s<br />
%(useful_label)s
</td>
</tr>
<tr>
<td>
<blockquote>
%(body)s
</blockquote>
</td>
</tr>
</table>""" % {'weburl' : weburl,
'star_score_img': star_score_img,
'star_score' : star_score,
'title' : title,
'reviewed_label': reviewed_label,
'useful_label' : useful_label,
'body' : indent_text(body, 4)
}
return out
def tmpl_get_comments(self, recID, ln,
nb_per_page, page, nb_pages,
display_order, display_since,
cfg_webcomment_allow_reviews,
comments, total_nb_comments,
avg_score,
warnings,
border=0, reviews=0):
"""
Get table of all comments
@param recID: record id
@param ln: language
@param nb_per_page: number of results per page
@param page: page number
@param display_order: hh = highest helpful score, review only
lh = lowest helpful score, review only
hs = highest star score, review only
ls = lowest star score, review only
od = oldest date
nd = newest date
@param display_since: all= no filtering by date
nd = n days ago
nw = n weeks ago
nm = n months ago
ny = n years ago
where n is a single digit integer between 0 and 9
@param cfg_webcomment_allow_reviews: is ranking enable, get from config.py/cfg_webcomment_allow_reviews
@param comments: tuple as returned from webcomment.py/query_retrieve_comments_or_remarks
@param total_nb_comments: total number of comments for this record
@param avg_score: average score of reviews for this record
@param warnings: list of warning tuples (warning_msg, color)
@param border: boolean, active if want to show border around each comment/review
@param reviews: booelan, enabled for reviews, disabled for comments
"""
# load the right message language
_ = gettext_set_language(ln)
# naming data fields of comments
if reviews:
c_nickname = 0
c_user_id = 1
c_date_creation = 2
c_body = 3
c_nb_votes_yes = 4
c_nb_votes_total = 5
c_star_score = 6
c_title = 7
c_id = 8
else:
c_nickname = 0
c_user_id = 1
c_date_creation = 2
c_body = 3
c_id = 4
# voting links
useful_dict = { 'weburl' : weburl,
'recID' : recID,
'ln' : ln,
'do' : display_order,
'ds' : display_since,
'nb' : nb_per_page,
'p' : page,
'reviews' : reviews
}
useful_yes = '<a href="%(weburl)s/comments.py/vote?recid=%(recID)s&ln=%(ln)s&comid=%%(comid)s&com_value=1&do=%(do)s&ds=%(ds)s&nb=%(nb)s&p=%(p)s&reviews=%(reviews)s&referer=%(weburl)s/comments.py/display">' + _("Yes") + '</a>'
useful_yes %= useful_dict
useful_no = '<a href="%(weburl)s/comments.py/vote?recid=%(recID)s&ln=%(ln)s&comid=%%(comid)s&com_value=-1&do=%(do)s&ds=%(ds)s&nb=%(nb)s&p=%(p)s&reviews=%(reviews)s&referer=%(weburl)s/comments.py/display">' + _("No") + '</a>'
useful_no %= useful_dict
warnings = self.tmpl_warnings(warnings, ln)
## record details
from search_engine import print_record
record_details = print_record(recID=recID, format='hb')
link_dic = { 'weburl' : weburl,
'module' : 'comments.py',
'function' : 'index',
'arguments' : 'recid=%s&do=%s&ds=%s&nb=%s&reviews=%s' % (recID, display_order, display_since, nb_per_page, reviews),
'arg_page' : '&p=%s' % page,
'page' : page }
## comments table
comments_rows = ''
for comment in comments:
if comment[c_nickname]:
nickname = comment[c_nickname]
display = nickname
else:
(uid, nickname, display) = get_user_info(comment[c_user_id])
messaging_link = self.create_messaging_link(nickname, display, ln)
# do NOT delete the HTML comment below. It is used for parsing... (I plead unguilty!)
comments_rows += """
<!-- start comment row -->
<tr>
<td>"""
if not reviews:
report_link = '%(weburl)s/comments.py/report?recid=%(recID)s&ln=%(ln)s&comid=%%(comid)s&do=%(do)s&ds=%(ds)s&nb=%(nb)s&p=%(p)s&reviews=%(reviews)s&referer=%(weburl)s/comments.py/display' % useful_dict % {'comid':comment[c_id]}
reply_link = '%(weburl)s/comments.py/add?recid=%(recID)s&ln=%(ln)s&action=REPLY&comid=%%(comid)s' % useful_dict % {'comid':comment[c_id]}
comments_rows += indent_text(self.tmpl_get_comment_without_ranking(ln, messaging_link, comment[c_date_creation], comment[c_body], reply_link, report_link), 2)
else:
report_link = '%(weburl)s/comments.py/report?recid=%(recID)s&ln=%(ln)s&comid=%%(comid)s&do=%(do)s&ds=%(ds)s&nb=%(nb)s&p=%(p)s&reviews=%(reviews)s&referer=%(weburl)s/comments.py/display' % useful_dict % {'comid': comment[c_id]}
comments_rows += indent_text(self.tmpl_get_comment_with_ranking(ln, messaging_link, comment[c_date_creation], comment[c_body], comment[c_nb_votes_total], comment[c_nb_votes_yes], comment[c_star_score], comment[c_title]), 2)
helpful_label = _("Was this review helpful?")
report_abuse_label = _("(Report abuse)")
comments_rows += """
<table>
<tr>
<td>%(helpful_label)s %(tab)s</td>
<td> %(yes)s </td>
<td> / </td>
<td> %(no)s </td>
<td class="reportabuse">%(tab)s%(tab)s<a href="%(report)s">%(report_abuse_label)s</a></td>
</tr>
</table>""" \
% {'helpful_label': helpful_label,
'yes' : useful_yes % {'comid':comment[c_id]},
'no' : useful_no % {'comid':comment[c_id]},
'report' : report_link % {'comid':comment[c_id]},
'report_abuse_label': report_abuse_label,
'tab' : ' '*2}
# do NOT remove HTML comment below. It is used for parsing...
comments_rows += """
</td>
</tr>
<!-- end comment row -->"""
## page links
page_links = ''
# Previous
if page != 1:
link_dic['arg_page'] = 'p=%s' % (page - 1)
page_links += '<a href=\"%(weburl)s/%(module)s/%(function)s?%(arguments)s&%(arg_page)s\"><<</a> ' % link_dic
else:
page_links += ' %s ' % (' '*(len(_('< Previous'))+7))
# Page Numbers
for i in range(1, nb_pages+1):
link_dic['arg_page'] = 'p=%s' % i
link_dic['page'] = '%s' % i
if i != page:
page_links += '''
<a href=\"%(weburl)s/%(module)s/%(function)s?%(arguments)s&%(arg_page)s\">%(page)s</a> ''' % link_dic
else:
page_links += ''' <b>%s</b> ''' % i
# Next
if page != nb_pages:
link_dic['arg_page'] = 'p=%s' % (page + 1)
page_links += '''
<a href=\"%(weburl)s/%(module)s/%(function)s?%(arguments)s&%(arg_page)s\">>></a> ''' % link_dic
else:
page_links += '%s' % (' '*(len(_('< Next'))+7))
## stuff for ranking if enabled
if reviews:
comments_or_reviews = _('review')
if avg_score > 0:
avg_score_img = 'stars-' + str(avg_score).split('.')[0] + '-' + str(avg_score).split('.')[1] + '.png'
else:
avg_score_img = "stars-0-0.png"
ranking_average = '<br /><b>' + _("Average review score")
ranking_average +=': </b><img src="%(weburl)s/img/%(avg_score_img)s" alt="%(avg_score)s" /> '
ranking_average += _("based on %(nb_comments_total)s reviews") + '<br />'
ranking_average %= { 'weburl' : weburl,
'avg_score' : avg_score,
'avg_score_img' : avg_score_img,
'nb_comments_total' : total_nb_comments }
else:
ranking_average = ""
comments_or_reviews = _('comment')
write_button_link = '''%s/comments.py/add''' % (weburl, )
write_button_form = ''' <input type="hidden" name="recid" value="%s"/>
<input type="hidden" name="ln" value="%s"/>
<input type="hidden" name="reviews" value="%s"/>''' % (recID, ln, reviews)
write_button_form = self.createhiddenform(action=write_button_link, method="Get", text=write_button_form, button=_('Write a %s') % comments_or_reviews)
cmts_label = comments_or_reviews
if comments_or_reviews == _("comment"):
if total_nb_comments > 1:
cmts_label = _("comments")
else:
if total_nb_comments > 1:
cmts_label = _("reviews")
total_label = _("There is a total of %s %s") % (total_nb_comments, cmts_label)
# do NOT remove the HTML comments below. Used for parsing
body = """
<table style="width: 100%%;">
<tr>
<td>
<h1>%(record_label)s %(recid)s</h1>
</td>
<td style="vertical-align:top; align=right" class="backtosearch">
<a href="%(weburl)s/search.py?recid=%(recid)s&ln=%(ln)s">%(back_label)s</a>
</td>
</tr>
</table>
<br />
%(record_details)s
<h2>%(comments_or_reviews_title)s</h2>
%(total_label)s %(ranking_avg)s<br />
%(write_button_form)s<br />
<!-- start comments table -->
<table style="border: %(border)spx solid black; width: 100%%">
%(comments_rows)s
</table>
<!-- end comments table -->
<table style="width:100%%">
<tr>
<td>%(write_button_form_again)s</td>
<td style="align:right;" class="reportabuse">
<a href="%(weburl)s/search.py?recid=%(recid)s&ln=%(ln)s">%(back_label)s</a>
</td>
</tr>
</table>
<br />""" % \
{ 'record_label': _("Record"),
'back_label': _("(Back to search results)"),
'total_label': total_label,
'record_details': record_details,
'write_button_form' : write_button_form,
'write_button_form_again' : total_nb_comments>3 and write_button_form or "",
'comments_rows' : indent_text(comments_rows, 1),
'total_nb_comments' : total_nb_comments,
'comments_or_reviews' : comments_or_reviews,
'comments_or_reviews_title' : comments_or_reviews[0].upper() + comments_or_reviews[1:],
'weburl' : weburl,
'module' : "comments.py",
'recid' : recID,
'ln' : ln,
'border' : border,
'ranking_avg' : ranking_average }
# form is not currently used. reserved for an eventual purpose
#form = """
# Display <select name="nb" size="1"> per page
# <option value="all">All</option>
# <option value="10">10</option>
# <option value="25">20</option>
# <option value="50">50</option>
# <option value="100" selected="selected">100</option>
# </select>
# comments per page that are <select name="ds" size="1">
# <option value="all" selected="selected">Any age</option>
# <option value="1d">1 day old</option>
# <option value="3d">3 days old</option>
# <option value="1w">1 week old</option>
# <option value="2w">2 weeks old</option>
# <option value="1m">1 month old</option>
# <option value="3m">3 months old</option>
# <option value="6m">6 months old</option>
# <option value="1y">1 year old</option>
# </select>
# and sorted by <select name="do" size="1">
# <option value="od" selected="selected">Oldest first</option>
# <option value="nd">Newest first</option>
# %s
# </select>
# """ % \
# (reviews==1 and '''
# <option value=\"hh\">most helpful</option>
# <option value=\"lh\">least helpful</option>
# <option value=\"hs\">highest star ranking</option>
# <option value=\"ls\">lowest star ranking</option>
# </select>''' or '''
# </select>''')
#
#form_link = "%(weburl)s/%(module)s/%(function)s" % link_dic
#form = self.createhiddenform(action=form_link, method="Get", text=form, button='Go', recid=recID, p=1)
pages = """
<br />
%(v_label)s %(comments_or_reviews)s %(results_nb_lower)s-%(results_nb_higher)s <br />
%(page_links)s <br />
""" % \
{'v_label': _("Viewing"),
'page_links': _("Page: ") + page_links ,
'comments_or_reviews': cmts_label,
'results_nb_lower': len(comments)>0 and ((page-1) * nb_per_page)+1 or 0,
'results_nb_higher': page == nb_pages and (((page-1) * nb_per_page) + len(comments)) or (page * nb_per_page) }
if nb_pages > 1:
#body = warnings + body + form + pages
body = warnings + body + pages
else:
body = warnings + body
return body
def create_messaging_link(self, to, display_name, ln=cdslang):
"""prints a link to the messaging system"""
link = "%s/yourmessages.py/write?msg_to=%s&ln=%s" % (weburl, to, ln)
if to:
return '<a href="%s" class="maillink">%s</a>' % (link, display_name)
else:
return display_name
def createhiddenform(self, action="", method="Get", text="", button="confirm", cnfrm='', **hidden):
"""
create select with hidden values and submit button
@param action: name of the action to perform on submit
@param method: 'get' or 'post'
@param text: additional text, can also be used to add non hidden input
@param button: value/caption on the submit button
@param cnfrm: if given, must check checkbox to confirm
@param **hidden: dictionary with name=value pairs for hidden input
@return html form
"""
output = """
<form action="%s" method="%s">""" % (action, string.lower(method).strip() in ['get','post'] and method or 'Get')
output += """
<table>
<tr>
<td style="vertical-align: top">
"""
output += indent_text(text + '\n', 4)
if cnfrm:
output += """
<input type="checkbox" name="confirm" value="1" />"""
for key in hidden.keys():
if type(hidden[key]) is list:
for value in hidden[key]:
output += """
<input type="hidden" name="%s" value="%s" />""" % (key, value)
else:
output += """
<input type="hidden" name="%s" value="%s" />""" % (key, hidden[key])
output += """
</td>
</tr>
<tr>
<td>"""
output += """
<input class="adminbutton" type="submit" value="%s" />""" % (button, )
output += """
</td>
</tr>
</table>
</form>"""
return output
def tmpl_warnings(self, warnings, ln=cdslang):
"""
Prepare the warnings list
@param warnings: list of warning tuples (warning_msg, arg1, arg2, etc)
@return html string of warnings
"""
red_text_warnings = ['WRN_WEBCOMMENT_FEEDBACK_NOT_RECORDED',
'WRN_WEBCOMMENT_ALREADY_VOTED']
green_text_warnings = ['WRN_WEBCOMMENT_FEEDBACK_RECORDED']
from invenio.errorlib import get_msgs_for_code_list
span_class = 'important'
out = ""
if type(warnings) is not list:
warnings = [warnings]
if len(warnings) > 0:
warnings_parsed = get_msgs_for_code_list(warnings, 'warning', ln)
for (warning_code, warning_text) in warnings_parsed:
if not warning_code.startswith('WRN'):
#display only warnings that begin with WRN to user
continue
if warning_code in red_text_warnings:
span_class = 'important'
elif warning_code in green_text_warnings:
span_class = 'exampleleader'
else:
span_class = 'important'
out += '''
<span class="%(span_class)s">%(warning)s</span><br>''' % \
{ 'span_class' : span_class,
'warning' : warning_text }
return out
else:
return ""
def tmpl_add_comment_form(self, recID, uid, nickname, ln, msg, warnings):
"""
Add form for comments
@param recID: record id
@param uid: user id
@param ln: language
@param msg: comment body contents for when refreshing due to warning
@param warnings: list of warning tuples (warning_msg, color)
@return html add comment form
"""
_ = gettext_set_language(ln)
link_dic = { 'weburl' : weburl,
'module' : 'comments.py',
'function' : 'add',
'arguments' : 'recid=%s&ln=%s&action=%s&reviews=0' % (recID, ln, 'SUBMIT') }
if nickname:
note = _("Note: Your nickname, <i>%s</i>, will be displayed as author of this comment") % nickname
else:
(uid, nickname, display) = get_user_info(uid)
- link = '<a href="%s/youraccount.py/edit">' % weburl
+ link = '<a href="%s/youraccount.py/edit">' % sweburl
note = _("Note: you currently haven't %sdefined a nickname%s.<br /><i>%s</i> will temporarly be displayed as author of this comment.")
note %= (link, '</a>', display)
from invenio.search_engine import print_record
record_details = print_record(recID=recID, format='hb')
warnings = self.tmpl_warnings(warnings, ln)
form = """
<table width="100%%">
<tr><td>%(record_label)s</td></tr>
<tr><td><blockquote>%(record)s<br><br></blockquote></td></tr>
<tr><td>%(comment_label)s</td></tr>
<tr><td><textarea name="msg" rows="20" cols="80">%(msg)s</textarea></td></tr>
<tr><td class="reportabuse">%(note)s</td></tr>
</table>
<br><br>""" % {'msg': msg,
'note': note,
'record': record_details,
'record_label': _("Article:"),
'comment_label': _("Comment:")}
form_link = "%(weburl)s/%(module)s/%(function)s?%(arguments)s" % link_dic
form = self.createhiddenform(action=form_link, method="Post", text=form, button='Add comment')
return warnings + form
def tmpl_add_comment_form_with_ranking(self, recID, uid, nickname, ln, msg, score, note, warnings):
"""
Add form for reviews
@param recID: record id
@param uid: user id
@param ln: language
@param msg: comment body contents for when refreshing due to warning
@param score: review score
@param note: review title
@param warnings: list of warning tuples (warning_msg, color)
@return html add review form
"""
_ = gettext_set_language(ln)
link_dic = { 'weburl' : weburl,
'module' : 'comments.py',
'function' : 'add',
'arguments' : 'recid=%s&ln=%s&action=%s&reviews=1' % (recID, ln, 'SUBMIT') }
warnings = self.tmpl_warnings(warnings, ln)
from search_engine import print_record
record_details = print_record(recID=recID, format='hb')
note_label = _("Note: Your nickname, <i>%s</i>, will be displayed as the author of this review")
note_label %= nickname
form = """
<table style="width: 100%%">
<tr>
<td>%(article_label)s: </td>
</tr>
<tr>
<td>
<blockquote>%(record)s<br />
<br />
</blockquote>
</td>
</tr>
<tr>
<td style="padding-bottom: 10px;">%(rate_label)s:
<select name=\"score\" size=\"1\">
<option value=\"0\" selected>-%(select_label)s-</option>
<option value=\"5\">***** (best)</option>
<option value=\"4\">****</option>
<option value=\"3\">***</option>
<option value=\"2\">**</option>
<option value=\"1\">* (worst)</option>
</select>
</td>
</tr>
<tr>
<td>%(title_label)s:</td>
</tr>
<tr>
<td style="padding-bottom: 10px;">
<input type="text" name="note" size="80" maxlength="250" value="%(note)s" />
</td>
</tr>
<tr>
<td>%(write_label)s:</td>
</tr>
<tr>
<td>
<textarea name="msg" rows="20" cols="80">%(msg)s</textarea>
</td>
</tr>
<tr>
<td class="reportabuse">%(note_label)s</td></tr>
</table>
<br /><br />
""" % {'article_label': _('Article'),
'rate_label': _("Rate this article"),
'select_label': _("Select a score"),
'title_label': _("Give a title to your review"),
'write_label': _("Write your review"),
'note_label': note_label,
'note' : note!='' and note or "",
'msg' : msg!='' and msg or "",
'record' : record_details }
form_link = "%(weburl)s/%(module)s/%(function)s?%(arguments)s" % link_dic
form = self.createhiddenform(action=form_link, method="Post", text=form, button=_('Add Review'))
return warnings + form
def tmpl_add_comment_successful(self, recID, ln, reviews):
"""
@param recID: record id
@param ln: language
@return html page of successfully added comment/review
"""
_ = gettext_set_language(ln)
link_dic = { 'weburl' : weburl,
'module' : 'comments.py',
'function' : 'display',
'arguments' : 'recid=%s&ln=%s&do=od&reviews=%s' % (recID, ln, reviews) }
link = "%(weburl)s/%(module)s/%(function)s?%(arguments)s" % link_dic
out = _("Your %s was successfully added") + '<br /><br />'
out += '<a href="%s">' % link
out += _('Back to record') + '</a>'
out %= (reviews==1 and _('review') or _('comment'))
return out
def tmpl_create_multiple_actions_form(self,
form_name="",
form_action="",
method="GET",
action_display={},
action_field_name="",
button_label="",
button_name="",
content="",
**hidden):
""" Creates an HTML form with a multiple choice of actions and a button to select it.
@param form_action: link to the receiver of the formular
@param form_name: name of the HTML formular
@param method: either 'GET' or 'POST'
@param action_display: dictionary of actions.
action is HTML name (name of action)
display is the string provided in the popup
@param action_field_name: html name of action field
@param button_label: what's written on the button
@param button_name: html name of the button
@param content: what's inside te formular
@param **hidden: dictionary of name/value pairs of hidden fields.
"""
output = """
<form action="%s" method="%s">""" % (form_action, method)
output += """
<table>
<tr>
<td style="vertical-align: top" colspan="2">
"""
output += indent_text(content + '\n', 4)
for key in hidden.keys():
if type(hidden[key]) is list:
for value in hidden[key]:
output += """
<input type="hidden" name="%s" value="%s" />""" % (key, value)
else:
output += """
<input type="hidden" name="%s" value="%s" />""" % (key, hidden[key])
output += """
</td>
</tr>
<tr>
<td style="text-align:right;">"""
if type(action_display) is dict and len(action_display.keys()):
output += """
<select name="%s">""" % action_field_name
for (key, value) in action_display.items():
output += """
<option value="%s">%s</option>""" % (key, value)
output += """
</select>"""
output += """
</td>
<td style="text-align:left;">
<input class="adminbutton" type="submit" value="%s" name="%s"/>""" % (button_label, button_name)
output += """
</td>
</tr>
</table>
</form>"""
return output
def tmpl_admin_index(self, ln):
"""
"""
# load the right message language
_ = gettext_set_language(ln)
out = '<ol>'
if cfg_webcomment_allow_comments or cfg_webcomment_allow_reviews:
if cfg_webcomment_allow_comments:
out += '''
<li><a href="%(weburl)s/admin/webcomment/webcommentadmin.py/comments?ln=%(ln)s&reviews=0">%(reported_cmt_label)s</a></li>'''
if cfg_webcomment_allow_reviews:
out += '''
<li><a href="%(weburl)s/admin/webcomment/webcommentadmin.py/comments?ln=%(ln)s&reviews=1">%(reported_rev_label)s</a></li>'''
out += '''
<li><a href="%(weburl)s/admin/webcomment/webcommentadmin.py/delete?ln=%(ln)s&comid=-1">%(delete_label)s</a></small></li>
<li><a href="%(weburl)s/admin/webcomment/webcommentadmin.py/users?ln=%(ln)s">%(view_users)s</a></li>
'''
out = out % { 'weburl' : weburl,
'reported_cmt_label': _("View all reported comments"),
'reported_rev_label': _("View all reported reviews"),
'delete_label': _("Delete a specific comment/review (by ID)"),
'view_users': _("View all users who have been reported"),
'ln' : ln }
else:
out += _("Comments and reviews are disabled") + '<br />'
out += '</ol>'
from invenio.bibrankadminlib import addadminbox
return addadminbox('<b>%s</b>'%_("Menu"), [out])
def tmpl_admin_delete_form(self, ln, warnings):
"""
@param warnings: list of warning_tuples where warning_tuple is (warning_message, text_color)
see tmpl_warnings, color is optional
"""
# load the right message language
_ = gettext_set_language(ln)
warnings = self.tmpl_warnings(warnings, ln)
out = '''
<br />
%s<br />
<br />'''%_("Please enter the ID of the comment/review so that you can view it before deciding to delete it or not")
form = '''
<table>
<tr>
<td>%s:</td>
<td><input type=text name="comid" size="10" maxlength="10" value="" /></td>
</tr>
<tr>
<td><br /></td>
<tr>
</table>
<br />
''' %_("Comment ID")
form_link = "%s/admin/webcomment/webcommentadmin.py/delete?ln=%s" % (weburl, ln)
form = self.createhiddenform(action=form_link, method="Get", text=form, button=_('View Comment'))
return warnings + out + form
def tmpl_admin_users(self, ln, users_data):
"""
@param users_data: tuple of ct, i.e. (ct, ct, ...)
where ct is a tuple (total_number_reported, total_comments_reported, total_reviews_reported, total_nb_votes_yes_of_reported,
total_nb_votes_total_of_reported, user_id, user_email, user_nickname)
sorted by order of ct having highest total_number_reported
"""
_ = gettext_set_language(ln)
u_reports = 0
u_comment_reports = 1
u_reviews_reports = 2
u_nb_votes_yes = 3
u_nb_votes_total = 4
u_uid = 5
u_email = 6
u_nickname = 7
if not users_data:
return self.tmpl_warnings([_(("There have been no reports so far."), 'green')])
user_rows = ""
for utuple in users_data:
com_label = _("View all %s reported comments") % utuple[u_comment_reports]
com_link = '''<a href="%s/admin/webcomment/webcommentadmin.py/comments?ln=%s&uid=%s&reviews=0">%s</a><br />''' % \
(weburl, ln, utuple[u_uid], com_label)
rev_label = _("View all %s reported reviews") % utuple[u_reviews_reports]
rev_link = '''<a href="%s/admin/webcomment/webcommentadmin.py/comments?ln=%s&uid=%s&reviews=1">%s</a>''' % \
(weburl, ln, utuple[u_uid], rev_label)
if not utuple[u_nickname]:
user_info = get_user_info(utuple[u_uid])
nickname = user_info[2]
else:
nickname = utuple[u_nickname]
if cfg_webcomment_allow_reviews:
review_row = """
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>"""
review_row %= (utuple[u_nb_votes_yes],
utuple[u_nb_votes_total] - utuple[u_nb_votes_yes],
utuple[u_nb_votes_total])
review_row = indent_text(review_row, 1)
else:
review_row = ''
user_rows += """
<tr>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%(nickname)s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%(email)s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%(uid)s</td>%(review_row)s
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray; font-weight: bold;">%(reports)s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%(com_link)s%(rev_link)s</td>
</tr>""" % { 'nickname' : nickname,
'email' : utuple[u_email],
'uid' : utuple[u_uid],
'reports' : utuple[u_reports],
'review_row': review_row,
'weburl' : weburl,
'ln' : ln,
'com_link' : cfg_webcomment_allow_comments and com_link or "",
'rev_link' : cfg_webcomment_allow_reviews and rev_link or ""
}
out = "<br />"
out += _("Here is a list, sorted by total number of reports, of all users who have had at least one report to one of their comments.")
out += """
<br />
<br />
<table class="admin_wvar" style="width: 100%%;">
<thead>
<tr class="adminheaderleft">
<th>"""
out += _("Nickname") + '</th>\n'
out += indent_text('<th>' + _("Email") + '</th>\n', 3)
out += indent_text('<th>' + _("User ID") + '</th>\n', 3)
if cfg_webcomment_allow_reviews > 0:
out += indent_text('<th>' + _("Number positive votes") + '</th>\n', 3)
out += indent_text('<th>' + _("Number negative votes") + '</th>\n', 3)
out += indent_text('<th>' + _("Total number votes") + '</th>\n', 3)
out += indent_text('<th>' + _("Total number of reports") + '</th>\n', 3)
out += indent_text('<th>' + _("View all user's reported comments/reviews") + '</th>\n', 3)
out += """
</tr>
</thead>
<tbody>%s
</tbody>
</table>
""" % indent_text(user_rows, 2)
return out
def tmpl_admin_select_comment_checkbox(self, cmt_id):
""" outputs a checkbox named "comidXX" where XX is cmt_id """
return '<input type="checkbox" name="comid%i" />' % int(cmt_id)
def tmpl_admin_user_info(self, ln, nickname, uid, email):
""" prepares informations about a user"""
_ = gettext_set_language(ln)
out = """
%(nickname_label)s: %(messaging)s<br />
%(uid_label)s: %(uid)i<br />
%(email_label)s: <a href="mailto:%(email)s">%(email)s</a>"""
out %= {'nickname_label': _("Nickname"),
'messaging': self.create_messaging_link(uid, nickname, ln),
'uid_label': _("User ID"),
'uid': int(uid),
'email_label': _("email"),
'email': email}
return out
def tmpl_admin_review_info(self, ln, reviews, nb_reports, cmt_id, rec_id):
""" outputs information about a review """
_ = gettext_set_language(ln)
reported_label = _("This %s has been reported %i times")
reported_label %= (reviews and _("review") or _("comment"), int(nb_reports))
out = """
%(reported_label)s<br />
<a href="%(weburl)s/search.py?recid=%(rec_id)i&ln=%(ln)s">%(rec_id_label)s</a><br />
%(cmt_id_label)s"""
out %= {'reported_label': reported_label,
'rec_id_label': _("Record #%s")% str(rec_id),
'weburl': weburl,
'rec_id': int(rec_id),
'cmt_id_label': _("Comment #%s") % str(cmt_id),
'ln': ln}
return out
def tmpl_admin_comments(self, ln, uid, comID, comment_data, reviews):
"""
@param comment_data: same type of tuple as that
which is returned by webcomment.py/query_retrieve_comments_or_remarks i.e.
tuple of comment where comment is
tuple (nickname,
date_creation,
body,
id) if ranking disabled or
tuple (nickname,
date_creation,
body,
nb_votes_yes,
nb_votes_total,
star_score,
title,
id)
"""
_ = gettext_set_language(ln)
comments = []
comments_info = []
checkboxes = []
users = []
for (cmt_tuple, meta_data) in comment_data:
if reviews:
comments.append(self.tmpl_get_comment_with_ranking(ln,
cmt_tuple[0],#nickname
cmt_tuple[2],#date_creation
cmt_tuple[3],#body
cmt_tuple[5],#nb_votes_total
cmt_tuple[4],#nb_votes_yes
cmt_tuple[6],#star_score
cmt_tuple[7]))#title
else:
comments.append(self.tmpl_get_comment_without_ranking(ln,
cmt_tuple[0],#nickname
cmt_tuple[2],#date_creation
cmt_tuple[3],#body
None, #reply_link
None)) #report_link
users.append(self.tmpl_admin_user_info(ln,
meta_data[0], #nickname
meta_data[1], #uid
meta_data[2]))#email
comments_info.append(self.tmpl_admin_review_info(ln,
reviews,
meta_data[5], # nb abuse reports
meta_data[3], # cmt_id
meta_data[4]))# rec_id
checkboxes.append(self.tmpl_admin_select_comment_checkbox(meta_data[3]))
form_link = "%s/admin/webcomment/webcommentadmin.py/del_com?ln=%s" % (weburl, ln)
out = """
<table class="admin_wvar" style="width:100%%;">
<thead>
<tr class="adminheaderleft">
<th>%(review_label)s</th>
<th>%(written_by_label)s</th>
<th>%(review_info_label)s</th>
<th>%(select_label)s</th>
</tr>
</thead>
<tbody>""" % {'review_label': reviews and _("Review") or _("Comment"),
'written_by_label': _("Written by"),
'review_info_label': _("General informations"),
'select_label': _("Select")}
for i in range (0, len(comments)):
out += """
<tr>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintd" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
</tr>
</tbody>""" % (comments[i], users[i], comments_info[i], checkboxes[i])
out += """
</table>"""
reviews = reviews and _('reviews') or _('comments')
action_display = {
'delete': _('Delete selected %s') % reviews,
'unreport': _('Suppress selected abuse report')
}
form = self.tmpl_create_multiple_actions_form(form_name="admin_comment",
form_action=form_link,
method="POST",
action_display=action_display,
action_field_name='action',
button_label=_("Ok"),
button_name="okbutton",
content=out)
if uid > 0:
header = '<br />'
header += _("Here are the reported %s of user %s") % (reviews>0 and _("reviews") or _("comments"), uid)
header += '<br /><br />'
if comID > 0:
header = '<br />' +_("Here is comment/review %s")% comID + '<br /><br />'
if uid > 0 and comID > 0:
header = '<br />' + _("Here is comment/review %s written by user %s") % (comID, uid)
header += '<br/ ><br />'
if uid == 0 and comID == 0:
header = '<br />'
header += _("Here are all reported %s sorted by most reported")
header %= (reviews>0 and _("reviews") or _("comments"))
header += "<br /><br />"
return header + form
def tmpl_admin_del_com(self, del_res, ln=cdslang):
"""
@param del_res: list of the following tuple (comment_id, was_successfully_deleted),
was_successfully_deleted is boolean (0=false, >0=true
"""
_ = gettext_set_language(ln)
table_rows = ''
for deltuple in del_res:
table_rows += """
<tr>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
</tr>""" % (deltuple[0], deltuple[1]>0 and _("Yes") or "<span class=\"important\">" +_("No") + "</span>")
out = """
<table class="admin_wvar">
<tr class="adminheaderleft">
<td style="padding-right:10px;">%s</td>
<td>%s</td>
</tr>%s
<table>""" % (_("comment ID"), _("successfully deleted"), table_rows)
return out
def tmpl_admin_suppress_abuse_report(self, del_res, ln=cdslang):
"""
@param del_res: list of the following tuple (comment_id, was_successfully_deleted),
was_successfully_deleted is boolean (0=false, >0=true
"""
_ = gettext_set_language(ln)
table_rows = ''
for deltuple in del_res:
table_rows += """
<tr>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
<td class="admintdleft" style="padding: 5px; border-bottom: 1px solid lightgray;">%s</td>
</tr>""" % (deltuple[0], deltuple[1]>0 and _("Yes") or "<span class=\"important\">" +_("No") + "</span>")
out = """
<table class="admin_wvar">
<tr class="adminheaderleft">
<td style ="padding-right: 10px;">%s</td>
<td>%s</td>
</tr>%s
<table>""" % (_("comment ID"), _("successfully suppressed abuse report"), table_rows)
return out
diff --git a/modules/websearch/web/admin/websearchadmin.py b/modules/websearch/web/admin/websearchadmin.py
index ceb667fc1..78f0a9a97 100644
--- a/modules/websearch/web/admin/websearchadmin.py
+++ b/modules/websearch/web/admin/websearchadmin.py
@@ -1,1054 +1,1054 @@
## $Id$
##
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""CDS Invenio WebSearch Administrator Interface."""
__lastupdated__ = """$Date$"""
import sys
import invenio.websearchadminlib as wsc
#reload(wsc)
from invenio.webpage import page, create_error_box
-from invenio.config import weburl,cdslang
+from invenio.config import weburl, sweburl, cdslang
from invenio.webuser import getUid, page_not_authorized
from invenio.messages import gettext_set_language
__version__ = "$Id$"
def switchfmtscore(req, colID, type, id_1, id_2, ln=cdslang):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_switchfmtscore(colID=colID,
ln=ln,
type=type,
id_1=id_1,
id_2=id_2),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def switchfldscore(req, colID, id_1, id_2, fmeth, ln=cdslang):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_switchfldscore(colID=colID,
ln=ln,
id_1=id_1,
id_2=id_2,
fmeth=fmeth),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def switchfldvaluescore(req, colID, id_1, id_fldvalue_1, id_fldvalue_2, ln=cdslang):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_switchfldvaluescore(colID=colID,
ln=ln,
id_1=id_1,
id_fldvalue_1=id_fldvalue_1,
id_fldvalue_2=id_fldvalue_2),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def runwebcoll(req, colID, ln=cdslang, confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Collection Management",
body=wsc.perform_checkwebcollstatus(colID=colID,
ln=ln,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def switchpbxscore(req, colID, id_1, id_2, sel_ln,ln=cdslang):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_switchpbxscore(colID=colID,
ln=ln,
id_1=id_1,
id_2=id_2,
sel_ln=sel_ln),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifydbquery(req, colID, ln=cdslang, dbquery='', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifydbquery(colID=colID,
ln=ln,
dbquery=dbquery,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def showtree(req, colID, ln=cdslang):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Collection tree",
body=wsc.perform_showtree(colID=colID,
ln=ln),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifyrestricted(req, colID, ln=cdslang, rest='', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifyrestricted(colID=colID,
ln=ln,
rest=rest,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifytranslations(req, colID, ln=cdslang, sel_type='', trans = [], confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifytranslations(colID=colID,
ln=ln,
sel_type=sel_type,
trans=trans,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addcollectiontotree(req, colID, ln=cdslang, add_dad='', add_son='', rtype='', mtype='', callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Collection Management",
body=wsc.perform_addcollectiontotree(colID=colID,
ln=cdslang,
add_dad=add_dad,
add_son=add_son,
rtype=rtype,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
navtrail = navtrail_previous_links,
urlargs=req.args,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addcollection(req, colID, ln=cdslang, colNAME='', dbquery='', rest='', callback="yes", confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Collection Management",
body=wsc.perform_addcollection(colID=colID,
ln=cdslang,
colNAME=colNAME,
dbquery=dbquery,
rest=rest,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
navtrail = navtrail_previous_links,
urlargs=req.args,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifyrankmethods(req, colID, ln=cdslang, func='', rnkID='', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifyrankmethods(colID=colID,
ln=ln,
func=func,
rnkID=rnkID,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def deletecollection(req, colID, ln=cdslang, confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_deletecollection(colID=colID,
ln=ln,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def editcollection(req, colID=1, ln=cdslang, mtype=''):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_editcollection(colID=colID,
ln=ln,
mtype=mtype),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addoutputformat(req, colID, ln=cdslang, code='', name='', callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addoutputformat(colID=colID,
ln=ln,
code=code,
name=name,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def showoutputformats(req, colID, ln=cdslang, callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_showoutputformats(colID=colID,
ln=ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addexistingoutputformat(req, colID, ln=cdslang, fmtID=-1, callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addexistingoutputformat(colID=colID,
ln=ln,
fmtID=fmtID,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def deleteoutputformat(req, colID, ln=cdslang, fmtID=-1, callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_deleteoutputformat(colID=colID,
ln=ln,
fmtID=fmtID,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def removeoutputformat(req, colID, ln=cdslang, fmtID='', callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_removeoutputformat(colID=colID,
ln=ln,
fmtID=fmtID,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def removefieldvalue(req, colID, ln=cdslang, fldID='', fldvID='', fmeth='', callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_removefieldvalue(colID=colID,
ln=ln,
fldID=fldID,
fldvID=fldvID,
fmeth=fmeth,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def removefield(req, colID, ln=cdslang, fldID='', fldvID='', fmeth='', callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_removefield(colID=colID,
ln=ln,
fldID=fldID,
fldvID=fldvID,
fmeth=fmeth,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifyfield(req, colID, fldID, fldvID='', ln=cdslang, callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifyfield(colID=colID,
fldID=fldID,
fldvID=fldvID,
ln=ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifyoutputformat(req, colID, ln=cdslang, fmtID=-1, sel_type='', trans=[], confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifyoutputformat(colID=colID,
ln=ln,
fmtID=fmtID,
sel_type=sel_type,
trans=trans,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def showsearchoptions(req, colID, ln=cdslang, callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_showsearchoptions(colID=colID,
ln=ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addexistingfield(req, colID, ln=cdslang, fldID=-1, fldvID=-1, fmeth='', callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addexistingfield(colID=colID,
ln=ln,
fldID=fldID,
fldvID=fldvID,
fmeth=fmeth,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page(title='Authorization failure',
uid=uid,
body=wsc.adderrorbox('try to login first',
datalist=["""You are not a user authorized to perform admin tasks, try to
- <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (weburl, weburl)]),
+ <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (sweburl, weburl)]),
navtrail= navtrail_previous_links,
lastupdated=__lastupdated__)
def rearrangefield(req, colID, ln=cdslang, fmeth='', callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_rearrangefield(colID=colID,
ln=ln,
fmeth=fmeth,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page(title='Authorization failure',
uid=uid,
body=wsc.adderrorbox('try to login first',
datalist=["""You are not a user authorized to perform admin tasks, try to
- <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (weburl, weburl)]),
+ <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (sweburl, weburl)]),
navtrail= navtrail_previous_links,
lastupdated=__lastupdated__)
def addexistingfieldvalue(req, colID, fldID, ln=cdslang, callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addexistingfieldvalue(colID=colID,
ln=ln,
fldID=fldID,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page(title='Authorization failure',
uid=uid,
body=wsc.adderrorbox('try to login first',
datalist=["""You are not a user authorized to perform admin tasks, try to
- <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (weburl, weburl)]),
+ <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (sweburl, weburl)]),
navtrail= navtrail_previous_links,
lastupdated=__lastupdated__)
def rearrangefieldvalue(req, colID, fldID, ln=cdslang, callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_rearrangefieldvalue(colID=colID,
ln=ln,
fldID=fldID,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page(title='Authorization failure',
uid=uid,
body=wsc.adderrorbox('try to login first',
datalist=["""You are not a user authorized to perform admin tasks, try to
- <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (weburl, weburl)]),
+ <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (sweburl, weburl)]),
navtrail= navtrail_previous_links,
lastupdated=__lastupdated__)
def addnewfieldvalue(req, colID, fldID, ln=cdslang, name='', value='', callback="yes", confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addnewfieldvalue(colID=colID,
fldID=fldID,
ln=cdslang,
name=name,
value=value,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
navtrail = navtrail_previous_links,
urlargs=req.args,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifyfieldvalue(req, colID, fldID, fldvID, ln=cdslang, name='', value='', callback="yes", confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifyfieldvalue(colID=colID,
fldID=fldID,
fldvID=fldvID,
ln=cdslang,
name=name,
value=value,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
navtrail = navtrail_previous_links,
urlargs=req.args,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def showsearchfields(req, colID, ln=cdslang, callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_showsearchfields(colID=colID,
ln=ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def showsortoptions(req, colID, ln=cdslang, callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_showsortoptions(colID=colID,
ln=ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifyportalbox(req, colID, ln=cdslang, pbxID=-1, score='', position='', sel_ln='', title='', body='', callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_modifyportalbox(colID=colID,
ln=ln,
pbxID=pbxID,
score=score,
position=position,
sel_ln=sel_ln,
title=title,
body=body,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def removeportalbox(req, colID, ln=cdslang, pbxID='', sel_ln='', callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_removeportalbox(colID=colID,
ln=ln,
pbxID=pbxID,
sel_ln=sel_ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addexistingportalbox(req, colID, ln=cdslang, pbxID=-1, score=0, position='', sel_ln='', callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addexistingportalbox(colID=colID,
ln=ln,
pbxID=pbxID,
score=score,
position=position,
sel_ln=sel_ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page(title='Authorization failure',
uid=uid,
body=wsc.adderrorbox('try to login first',
datalist=["""You are not a user authorized to perform admin tasks, try to
- <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (weburl, weburl)]),
+ <a href="%s/youraccount.py/login?referer=%s/admin/websearch/">login</a> with another account.""" % (sweburl, weburl)]),
navtrail= navtrail_previous_links,
lastupdated=__lastupdated__)
def deleteportalbox(req, colID, ln=cdslang, pbxID=-1, callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_deleteportalbox(colID=colID,
ln=ln,
pbxID=pbxID,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def showportalboxes(req, colID, ln=cdslang, callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_showportalboxes(colID=colID,
ln=ln,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def addportalbox(req, colID, ln=cdslang, title='', body='', callback='yes', confirm=-1):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Edit Collection",
body=wsc.perform_addportalbox(colID=colID,
ln=ln,
title=title,
body=body,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def modifycollectiontree(req, colID, ln=cdslang, move_up='', move_down='', move_from='', move_to='', delete='', rtype='', callback='yes', confirm=0):
navtrail_previous_links = wsc.getnavtrail() + """> <a class=navtrail href="%s/admin/websearch/websearchadmin.py/">Collection Management</a> """ % (weburl)
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Collection Management",
body=wsc.perform_modifycollectiontree(colID=colID,
ln=ln,
move_up=move_up,
move_down=move_down,
move_from=move_from,
move_to=move_to,
delete=delete,
rtype=rtype,
callback=callback,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def index(req, colID=1, ln=cdslang, mtype='', content='', confirm=0):
navtrail_previous_links = wsc.getnavtrail()
try:
uid = getUid(req)
except MySQLdb.Error, e:
return error_page(req)
auth = wsc.check_user(uid,'cfgwebsearch')
if not auth[0]:
return page(title="Collection Management",
body=wsc.perform_index(colID=colID,
ln=ln,
mtype=mtype,
content=content,
confirm=confirm),
uid=uid,
language=ln,
urlargs=req.args,
navtrail = navtrail_previous_links,
lastupdated=__lastupdated__)
else:
return page_not_authorized(req=req, text=auth[1], navtrail=navtrail_previous_links)
def error_page(req, ln = cdslang):
_ = gettext_set_language(ln)
return page(title=_("Internal Error"),
body = create_error_box(req, verbose=verbose, ln=ln),
description="%s - Internal Error" % cdsname,
keywords="%s, CDS Invenio, Internal Error" % cdsname,
language=ln,
urlargs=req.args)
diff --git a/modules/websession/lib/websession_templates.py b/modules/websession/lib/websession_templates.py
index 24193be87..0756c0fb1 100644
--- a/modules/websession/lib/websession_templates.py
+++ b/modules/websession/lib/websession_templates.py
@@ -1,816 +1,817 @@
## $Id$
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
import urllib
import time
import cgi
import gettext
import string
import locale
from invenio.config import *
from invenio.messages import gettext_set_language
class Template:
def tmpl_lost_password_message(self, ln, supportemail):
"""
Defines the text that will be displayed on the 'lost password' page
Parameters:
- 'ln' *string* - The language to display the interface in
- 'supportemail' *string* - The email of the support team
"""
# load the right message language
_ = gettext_set_language(ln)
return _("If you have lost password for your CDS Invenio internal account, then please enter your email address below and the lost password will be emailed to you.") +\
"<br /><br />" +\
_("Note that if you have been using an external login system (such as CERN NICE), then we cannot do anything and you have to ask there.") +\
_("Alternatively, you can ask %s to change your login system from external to internal.") % ("""<a href="mailto:%(email)s">%(email)s</a>""" % { 'email' : supportemail }) +\
"<br><br>"
def tmpl_back_form(self, ln, message, act, link):
"""
A standard one-message-go-back-link page.
Parameters:
- 'ln' *string* - The language to display the interface in
- 'message' *string* - The message to display
- 'act' *string* - The action to accomplish when going back
- 'link' *string* - The link text
"""
out = """
<table>
<tr>
<td align=center>%(message)s
<A href="./%(act)s">%(link)s</A></td>
</tr>
</table>
"""% {
'message' : message,
'act' : act,
'link' : link
}
return out
def tmpl_user_preferences(self, ln, email, email_disabled, password, password_disabled):
"""
Displays a form for the user to change his email/password.
Parameters:
- 'ln' *string* - The language to display the interface in
- 'email' *string* - The email of the user
- 'email_disabled' *boolean* - If the user has the right to edit his email
- 'password' *string* - The password of the user
- 'password_disabled' *boolean* - If the user has the right to edit his password
"""
# load the right message language
_ = gettext_set_language(ln)
out = """
<p><big><strong class="headline">Edit parameters</strong></big></p>
<form method="post" action="%(sweburl)s/youraccount.py/change">
<p>%(change_user_pass)s</p>
<table>
<tr><td align="right"><strong>
%(new_email)s:</strong><br/>
<small class="important">(%(mandatory)s)</small>
</td><td>
<input type="text" size="25" name="email" %(email_disabled)s value="%(email)s"><br>
<small><span class="quicknote">%(example)s:</span>
<span class="example">johndoe@example.com</span>
</small>
</td>
<td></td>
</tr>
<tr>
<td align="right"><strong>%(new_password)s:</strong><br>
<small class="quicknote">(%(optional)s)</small>
</td><td align="left">
<input type="password" size="25" name="password" %(password_disabled)s value="%(password)s"><br>
<small><span class=quicknote>%(note)s:</span>
%(password_note)s
</small>
</td>
</tr>
<tr>
<td align="right"><strong>%(retype_password)s:</strong></td>
<td align="left">
<input type="password" size="25" name="password2" %(password_disabled)s value="">
</td>
<td><input type="hidden" name="action" value="edit"></td>
</tr>
<tr><td align="center" colspan="3">
<code class="blocknote"><input class="formbutton" type="submit" value="%(set_values)s"></code>
</td></tr>
</table>
</form>
""" % {
'change_user_pass' : _("If you want to change your email address or password, please set new values in the form below."),
'new_email' : _("New email address"),
'mandatory' : _("mandatory"),
'example' : _("Example"),
'new_password' : _("New password"),
'optional' : _("optional"),
'note' : _("Note"),
'password_note' : _("The password phrase may contain punctuation, spaces, etc."),
'retype_password' : _("Retype password"),
'set_values' : _("Set new values"),
'email' : email,
'email_disabled' : email_disabled and "disabled" or "",
'password' : password,
'password_disabled' : password_disabled and "disabled" or "",
'sweburl': sweburl,
}
return out
def tmpl_user_external_auth(self, ln, methods, current, method_disabled):
"""
Displays a form for the user to change his authentication method.
Parameters:
- 'ln' *string* - The language to display the interface in
- 'methods' *array* - The methods of authentication
- 'method_disabled' *boolean* - If the user has the right to change this
- 'current' *string* - The currently selected method
"""
# load the right message language
_ = gettext_set_language(ln)
out = """
<form method="post" action="%(sweburl)s/youraccount.py/change">
<big><strong class="headline">%(edit_method)s</strong></big>
<p>%(explain_method)s:</p>
<table>
<tr><td valign="top"><b>%(select_method)s:</b></td><td>
""" % {
'edit_method' : _("Edit login method"),
'explain_method' : _("Please select which login method you would like to use to authenticate yourself"),
'select_method' : _("Select method"),
'sweburl': sweburl,
}
for system in methods:
out += """<input type="radio" name="login_method" value="%(system)s" %(disabled)s %(selected)s>%(system)s<br>""" % {
'system' : system,
'disabled' : method_disabled and "disabled" or "",
'selected' : current == system and "disabled" or "",
}
out += """ </td><td></td></tr>
<tr><td></td>
<td><input class="formbutton" type="submit" value="%(select_method)s"></td></tr></table>
</form>""" % {
'select_method' : _("Select method"),
}
return out
def tmpl_lost_password_form(self, ln, msg):
"""
Displays a form for the user to ask for his password sent by email.
Parameters:
- 'ln' *string* - The language to display the interface in
- 'msg' *string* - Explicative message on top of the form.
"""
# load the right message language
_ = gettext_set_language(ln)
out = """
<form method="post" action="../youraccount.py/send_email">
%(msg)s
<table>
<tr>
<td align="right"><strong>%(email)s:</strong></td>
<td><input type="text" size="25" name="p_email" value=""></td>
<td><input type="hidden" name="action" value="lost"></td>
</tr>
<tr><td></td>
<td><code class="blocknote"><input class="formbutton" type="submit" value="%(send)s"></code></td>
</tr>
</table>
</form>
""" % {
'msg' : msg,
'email' : _("Email address"),
'send' : _("Send lost password"),
}
return out
def tmpl_account_info(self, ln, uid, guest, cfg_cern_site):
"""
Displays the account information
Parameters:
- 'ln' *string* - The language to display the interface in
- 'uid' *string* - The user id
- 'guest' *boolean* - If the user is guest
- 'cfg_cern_site' *boolean* - If the site is a CERN site
"""
# load the right message language
_ = gettext_set_language(ln)
out = """<P>%(account_offer)s</P>
<blockquote>
<dl>
""" % {
'account_offer' : _("The CDS Search offers you a possibility to personalize the interface, to set up your own personal library of documents, or to set up an automatic alert query that would run periodically and would notify you of search results by email."),
}
if not guest:
out += """
<dt>
<A href="./edit?ln=%(ln)s">%(your_settings)s</A>
<dd>%(change_account)s""" % {
'ln' : ln,
'your_settings' : _("Your Settings"),
'change_account' : _("Set or change your account Email address or password. Specify your preferences about the way the interface looks like.")
}
out += """
<dt><A href="../youralerts.py/display?ln=%(ln)s">%(your_searches)s</A>
<dd>%(search_explain)s
<dt><A href="../yourbaskets.py/display?ln=%(ln)s">%(your_baskets)s</A>
<dd>%(basket_explain)s""" % {
'ln' : ln,
'your_searches' : _("Your Searches"),
'search_explain' : _("View all the searches you performed during the last 30 days."),
'your_baskets' : _("Your Baskets"),
'basket_explain' : _("With baskets you can define specific collections of items, store interesting records you want to access later or share with others."),
}
if guest:
out += self.tmpl_warning_guest_user(ln = ln, type = "baskets")
out += """
<dt><A href="../youralerts.py/list?ln=%s">%(your_alerts)s</A>
<dd>%(explain_alerts)s""" % {
'ln' : ln,
'your_alerts' : _("Your Alerts"),
'explain_alerts' : _("Subscribe to a search which will be run periodically by our service. The result can be sent to you via Email or stored in one of your baskets."),
}
if guest:
out += self.tmpl_warning_guest_user(type="alerts", ln = ln)
if cfg_cern_site:
out += """
<dt><A href="http://weblib.cern.ch/cgi-bin/checkloan?uid=&version=2">%(your_loans)s</A>
<dd>%(explain_loans)s""" % {
'your_loans' : _("Your Loans"),
'explain_loans' : _("Check out book you have on load, submit borrowing requests, etc. Requires CERN ID."),
}
out += """
</dl>
</blockquote>"""
return out
def tmpl_warning_guest_user(self, ln, type):
"""
Displays a warning message about the specified type
Parameters:
- 'ln' *string* - The language to display the interface in
- 'type' *string* - The type of data that will get lost in case of guest account
"""
# load the right message language
_ = gettext_set_language(ln)
msg= _("""You are logged in as a guest user, so your %s will disappear at the end of the current session. If you wish you can
<a href="%s/youraccount.py/login?ln=%s">login or register here</a>.""") % (type, sweburl, ln)
return """<table class="errorbox" summary="">
<thead>
<tr>
<th class="errorboxheader">%s</th>
</tr>
</thead>
</table>""" % msg
def tmpl_account_body(self, ln, user):
"""
Displays the body of the actions of the user
Parameters:
- 'ln' *string* - The language to display the interface in
- 'user' *string* - The user name
"""
# load the right message language
_ = gettext_set_language(ln)
return _("""You are logged in as %(user)s. You may want to a) <A href="%(logout)s">logout</A>; b) edit your <A href="%(edit)s">account settings</a>.""") % {
'user': user,
'logout': '%s/youraccount.py/logout?ln=%s' % (sweburl, ln),
'edit': '%s/youraccount.py/edit?ln=%s' % (sweburl, ln)
} + "<BR><BR>"
def tmpl_account_template(self, title, body, ln):
"""
Displays a block of the your account page
Parameters:
- 'ln' *string* - The language to display the interface in
- 'title' *string* - The title of the block
- 'body' *string* - The body of the block
"""
out =""
out +="""
<table class="searchbox" width="90%%" summary="" >
<thead>
<tr>
<th class="searchboxheader">%s</th>
</tr>
</thead>
<tbody>
<tr>
<td class="searchboxbody">%s</td>
</tr>
</tbody>
</table>""" % (title, body)
return out
def tmpl_account_page(self, ln, weburl, accBody, baskets, alerts, searches, messages, administrative):
"""
Displays the your account page
Parameters:
- 'ln' *string* - The language to display the interface in
- 'weburl' *string* - The URL of CDS Invenio
- 'accBody' *string* - The body of the heading block
- 'baskets' *string* - The body of the baskets block
- 'alerts' *string* - The body of the alerts block
- 'searches' *string* - The body of the searches block
- 'messages' *string* - The body of the messages block
- 'administrative' *string* - The body of the administrative block
"""
# load the right message language
_ = gettext_set_language(ln)
out = ""
out += self.tmpl_account_template(_("Your Account"), accBody, ln)
#your baskets
out += self.tmpl_account_template(_("Your Baskets"), baskets, ln)
out += self.tmpl_account_template(_("Your Messages"), messages, ln)
out += self.tmpl_account_template(_("Your Alert Searches"), alerts, ln)
out += self.tmpl_account_template(_("Your Searches"), searches, ln)
out += self.tmpl_account_template(_("Your Submissions"),
_("You can consult the list of %(your_submissions)s and inquire about their status.") % {
'your_submissions' :
"""<a href="%(weburl)s/yoursubmissions.py?ln=%(ln)s">%(your_sub)s</a>""" % {
'ln' : ln,
'weburl' : weburl,
'your_sub' : _("your submissions")
}
}, ln)
out += self.tmpl_account_template(_("Your Approvals"),
_("You can consult the list of %(your_approvals)s with the documents you approved or refereed.") % {
'your_approvals' :
""" <a href="%(weburl)s/yourapprovals.py?ln=%(ln)s">%(your_app)s</a>""" % {
'ln' : ln,
'weburl' : weburl,
'your_app' : _("your approvals"),
}
}, ln)
out += self.tmpl_account_template(_("Your Administrative Activities"), administrative, ln)
return out
def tmpl_account_emailMessage(self, ln, msg):
"""
Displays a link to retrieve the lost password
Parameters:
- 'ln' *string* - The language to display the interface in
- 'msg' *string* - Explicative message on top of the form.
"""
# load the right message language
_ = gettext_set_language(ln)
out =""
out +="""
<body>
%(msg)s <A href="../youraccount.py/lost?ln=%(ln)s">%(try_again)s</A>
</body>
""" % {
'ln' : ln,
'msg' : msg,
'try_again' : _("Try again")
}
return out
def tmpl_account_emailSent(self, ln, email):
"""
Displays a confirmation message for an email sent
Parameters:
- 'ln' *string* - The language to display the interface in
- 'email' *string* - The email to which the message has been sent
"""
# load the right message language
_ = gettext_set_language(ln)
out =""
out += _("Okay, password has been emailed to %s") % email
return out
def tmpl_account_delete(self, ln):
"""
Displays a confirmation message about deleting the account
Parameters:
- 'ln' *string* - The language to display the interface in
"""
# load the right message language
_ = gettext_set_language(ln)
out = "<p>" + _("""Deleting your account""")
return out
def tmpl_account_logout(self, ln):
"""
Displays a confirmation message about logging out
Parameters:
- 'ln' *string* - The language to display the interface in
"""
# load the right message language
_ = gettext_set_language(ln)
out = ""
out += _("""You are no longer recognized. If you wish you can <A href="./login?ln=%s">login here</A>.""") % ln
return out
def tmpl_login_form(self, ln, referer, internal, register_available, methods, selected_method, supportemail):
"""
Displays a login form
Parameters:
- 'ln' *string* - The language to display the interface in
- 'referer' *string* - The referer URL - will be redirected upon after login
- 'internal' *boolean* - If we are producing an internal authentication
- 'register_available' *boolean* - If users can register freely in the system
- 'methods' *array* - The available authentication methods
- 'selected_method' *string* - The default authentication method
- 'supportemail' *string* - The email of the support team
"""
# load the right message language
_ = gettext_set_language(ln)
out = "<p>%(please_login)s<br>" % {
'please_login' : _("If you already have an account, please login using the form below.")
}
if register_available:
out += _("""If you don't own an account yet, please <a href="../youraccount.py/register?ln=%s">register</a> an internal account.""") % ln
else:
out += _("""It is not possible to create an account yourself. Contact %s if you want an account.""") % (
"""<a href="mailto:%(email)s">%(email)s</a>""" % { 'email' : supportemail }
)
out += """<form method="post" action="../youraccount.py/login">
<table>
"""
if len(methods) > 1:
# more than one method, must make a select
login_select = """<select name="login_method">"""
for method in methods:
login_select += """<option value="%(method)s" %(selected)s>%(method)s</option>""" % {
'method' : method,
'selected' : (method == selected_method and "selected" or "")
}
login_select += "</select>"
out += """
<tr>
<td align="right">%(login_title)s</td>
<td>%(login_select)s</td>
<td></td>
</tr>""" % {
'login_title' : _("Login via:"),
'login_select' : login_select,
}
else:
# only one login method available
out += """<input type="hidden" name="login_method" value="%s">""" % (methods[0])
out += """<tr>
<td align="right">
<input type="hidden" name="ln" value="%(ln)s">
<input type="hidden" name="referer" value="%(referer)s">
<strong>%(username)s:</strong>
</td>
<td><input type="text" size="25" name="p_email" value=""></td>
<td></td>
</tr>
<tr>
<td align="right"><strong>%(password)s:</strong></td>
<td align="left"><input type="password" size="25" name="p_pw" value=""></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="center" colspan="3"><code class="blocknote"><input class="formbutton" type="submit" name="action" value="%(login)s"></code>""" % {
'ln': ln,
'referer' : cgi.escape(referer),
'username' : _("Username"),
'password' : _("Password"),
'login' : _("login"),
}
if internal:
out += """ (<a href="./lost?ln=%(ln)s">%(lost_pass)s</a>)""" % {
'ln' : ln,
'lost_pass' : _("Lost your password?")
}
out += """</td><td></td>
</tr>
</table></form>"""
return out
def tmpl_register_page(self, ln, referer, level, supportemail, cdsname):
"""
Displays a login form
Parameters:
- 'ln' *string* - The language to display the interface in
- 'referer' *string* - The referer URL - will be redirected upon after login
- 'level' *int* - Login level (0 - all access, 1 - accounts activated, 2+ - no self-registration)
- 'supportemail' *string* - The email of the support team
- 'cdsname' *string* - The name of the installation
"""
# load the right message language
_ = gettext_set_language(ln)
out = ""
if level <= 1:
out += _("""Please enter your email address and desired password:""")
if level == 1:
out += _("The account will not be possible to use before it has been verified and activated.")
out += """
<form method="post" action="../youraccount.py/register">
<input type="hidden" name="referer" value="%(referer)s">
<table>
<tr>
<td align="right"><strong>%(email_address)s:</strong><br><small class="important">(%(mandatory)s)</small></td>
<td><input type="text" size="25" name="p_email" value=""><br>
<small><span class="quicknote">%(example)s:</span>
<span class="example">johndoe@example.com</span></small>
</td>
<td></td>
</tr>
<tr>
<td align="right"><strong>%(password)s:</strong><br><small class="quicknote">(%(optional)s)</small></td>
<td align="left"><input type="password" size="25" name="p_pw" value=""><br>
<small><span class="quicknote">%(note)s:</span> %(password_contain)s</small>
</td>
<td></td>
</tr>
<tr>
<td align="right"><strong>%(retype)s:</strong></td>
<td align="left"><input type="password" size="25" name="p_pw2" value=""></td>
<td></td>
</tr>
<tr>
<td></td>
<td align="left" colspan="3"><code class="blocknote"><input class="formbutton" type="submit" name="action" value="%(register)s"></code></td>
</tr>
</table>
<p><strong>%(note)s:</strong> %(explain_acc)s""" % {
'referer' : cgi.escape(referer),
'email_address' : _("Email address"),
'password' : _("Password"),
'mandatory' : _("mandatory"),
'optional' : _("optional"),
'example' : _("Example"),
'note' : _("Note"),
'password_contain' : _("The password phrase may contain punctuation, spaces, etc."),
'retype' : _("Retype Password"),
'register' : _("register"),
'explain_acc' : _("Please do not use valuable passwords such as your Unix, AFS or NICE passwords with this service. Your email address will stay strictly confidential and will not be disclosed to any third party. It will be used to identify you for personal services of %s. For example, you may set up an automatic alert search that will look for new preprints and will notify you daily of new arrivals by email.") % cdsname,
}
return out
def tmpl_account_adminactivities(self, ln, weburl, uid, guest, roles, activities):
"""
Displays the admin activities block for this user
Parameters:
- 'ln' *string* - The language to display the interface in
- 'weburl' *string* - The address of the site
- 'uid' *string* - The used id
- 'guest' *boolean* - If the user is guest
- 'roles' *array* - The current user roles
- 'activities' *array* - The user allowed activities
"""
# load the right message language
_ = gettext_set_language(ln)
out = ""
# guest condition
if guest:
return _("""You seem to be the guest user. You have to <a href="../youraccount.py/login?ln=%s">login</a> first.""") % ln
# no rights condition
if not roles:
return "<p>" + _("You are not authorized to access administrative functions.") + "</p>"
# displaying form
out += "<p>" + _("You seem to be <em>%s</em>.") % string.join(roles, ", ") + " "
out += _("Here are some interesting web admin links for you:")
# print proposed links:
activities.sort(lambda x, y: cmp(string.lower(x), string.lower(y)))
for action in activities:
if action == "cfgbibformat":
out += """<br> <a href="%s/admin/bibformat/?ln=%s">%s</a>""" % (weburl, ln, _("Configure BibFormat"))
if action == "cfgbibharvest":
out += """<br> <a href="%s/admin/bibharvest/bibharvestadmin.py?ln=%s">%s</a>""" % (weburl, ln, _("Configure BibHarvest"))
if action == "cfgbibindex":
out += """<br> <a href="%s/admin/bibindex/bibindexadmin.py?ln=%s">%s</a>""" % (weburl, ln, _("Configure BibIndex"))
if action == "cfgbibrank":
out += """<br> <a href="%s/admin/bibrank/bibrankadmin.py?ln=%s">%s</a>""" % (weburl, ln, _("Configure BibRank"))
if action == "cfgwebaccess":
out += """<br> <a href="%s/admin/webaccess/?ln=%s">%s</a>""" % (weburl, ln, _("Configure WebAccess"))
if action == "cfgwebcomment":
out += """<br> <a href="%s/admin/webcomment/webcommentadmin.py?ln=%s">%s</a>""" % (weburl, ln, _("Configure WebComment"))
if action == "cfgwebsearch":
out += """<br> <a href="%s/admin/websearch/websearchadmin.py?ln=%s">%s</a>""" % (weburl, ln, _("Configure WebSearch"))
if action == "cfgwebsubmit":
out += """<br> <a href="%s/admin/websubmit/?ln=%s">%s</a>""" % (weburl, ln, _("Configure WebSubmit"))
out += "<br>" + _("""For more admin-level activities, see the complete %(admin_area)s""") % {
'admin_area' : """<a href="%s/admin/index.%s.html">%s</a>.""" % (weburl, ln, _("Admin Area"))
}
return out
def tmpl_create_userinfobox(self, ln, weburl, guest, email, submitter, referee, admin):
"""
Displays the user block
Parameters:
- 'ln' *string* - The language to display the interface in
- 'weburl' *string* - The address of the site
- 'guest' *boolean* - If the user is guest
- 'email' *string* - The user email (if known)
- 'submitter' *boolean* - If the user is submitter
- 'referee' *boolean* - If the user is referee
- 'admin' *boolean* - If the user is admin
"""
# load the right message language
_ = gettext_set_language(ln)
out = """<img src="%s/img/head.gif" border="0" alt="">""" % weburl
if guest:
out += """%(guest_msg)s ::
- <a class="userinfo" href="%(weburl)s/youraccount.py/display?ln=%(ln)s">%(session)s</a> ::
+ <a class="userinfo" href="%(sweburl)s/youraccount.py/display?ln=%(ln)s">%(session)s</a> ::
<a class="userinfo" href="%(weburl)s/youralerts.py/list?ln=%(ln)s">%(alerts)s</a> ::
<a class="userinfo" href="%(weburl)s/yourbaskets.py/display?ln=%(ln)s">%(baskets)s</a> ::
<a class="userinfo" href="%(sweburl)s/youraccount.py/login?ln=%(ln)s">%(login)s</a>""" % {
'weburl' : weburl,
'sweburl': sweburl,
'ln' : ln,
'guest_msg' : _("guest"),
'session' : _("session"),
'alerts' : _("alerts"),
'baskets' : _("baskets"),
'login' : _("login"),
}
else:
out += """%(email)s ::
- <a class="userinfo" href="%(weburl)s/youraccount.py/display?ln=%(ln)s">%(account)s</a> ::
+ <a class="userinfo" href="%(sweburl)s/youraccount.py/display?ln=%(ln)s">%(account)s</a> ::
<a class="userinfo" href="%(weburl)s/youralerts.py/list?ln=%(ln)s">%(alerts)s</a> ::
<a class="userinfo" href="%(weburl)s/yourmessages.py/display?ln=%(ln)s">%(messages)s</a> ::
<a class="userinfo" href="%(weburl)s/yourbaskets.py/display?ln=%(ln)s">%(baskets)s</a> :: """ % {
'email' : email,
'weburl' : weburl,
+ 'sweburl' : sweburl,
'ln' : ln,
'account' : _("account"),
'alerts' : _("alerts"),
'messages': _("messages"),
'baskets' : _("baskets"),
}
if submitter:
out += """<a class="userinfo" href="%(weburl)s/yoursubmissions.py?ln=%(ln)s">%(submission)s</a> :: """ % {
'weburl' : weburl,
'ln' : ln,
'submission' : _("submissions"),
}
if referee:
out += """<a class="userinfo" href="%(weburl)s/yourapprovals.py?ln=%(ln)s">%(approvals)s</a> :: """ % {
'weburl' : weburl,
'ln' : ln,
'approvals' : _("approvals"),
}
if admin:
- out += """<a class="userinfo" href="%(weburl)s/youraccount.py/youradminactivities?ln=%(ln)s">%(administration)s</a> :: """ % {
- 'weburl' : weburl,
+ out += """<a class="userinfo" href="%(sweburl)s/youraccount.py/youradminactivities?ln=%(ln)s">%(administration)s</a> :: """ % {
+ 'sweburl' : sweburl,
'ln' : ln,
'administration' : _("administration"),
}
- out += """<a class="userinfo" href="%(weburl)s/youraccount.py/logout?ln=%(ln)s">%(logout)s</a>""" % {
- 'weburl' : weburl,
+ out += """<a class="userinfo" href="%(sweburl)s/youraccount.py/logout?ln=%(ln)s">%(logout)s</a>""" % {
+ 'sweburl' : sweburl,
'ln' : ln,
'logout' : _("logout"),
}
return out
diff --git a/modules/websession/web/youraccount.py b/modules/websession/web/youraccount.py
index 24a916199..5903e336e 100644
--- a/modules/websession/web/youraccount.py
+++ b/modules/websession/web/youraccount.py
@@ -1,410 +1,410 @@
# -*- coding: utf-8 -*-
## $Id$
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
"""CDS Invenio ACCOUNT HANDLING"""
__lastupdated__ = """$Date$"""
import sys
from mod_python import apache
import smtplib
from invenio import webuser
-from invenio.config import weburl, cdsname, cdslang, supportemail
+from invenio.config import weburl, sweburl, cdsname, cdslang, supportemail
from invenio.webpage import page
from invenio import webaccount
from invenio import webbasket
from invenio import webalert
from invenio import webuser
from invenio.webmessage import account_new_mail
from invenio.access_control_config import *
from invenio.access_control_config import CFG_ACCESS_CONTROL_LEVEL_SITE, cfg_webaccess_warning_msgs, CFG_EXTERNAL_AUTHENTICATION
from invenio.messages import gettext_set_language
import invenio.template
websession_templates = invenio.template.load('websession')
def edit(req, ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/set")
data = webuser.getDataUid(req,uid)
email = data[0]
passw = data[1]
return page(title= _("Your Settings"),
body=webaccount.perform_set(email,passw, ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Your Settings",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def change(req,email=None,password=None,password2=None,login_method="",ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/change")
if login_method and CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS < 4:
title = _("Settings edited")
act = "display"
linkname = _("Show account")
prefs = webuser.get_user_preferences(uid)
prefs['login_method'] = login_method
webuser.set_user_preferences(uid, prefs)
mess = _("Login method successfully selected.")
elif login_method and CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4:
return webuser.page_not_authorized(req, "../youraccount.py/change")
elif email:
uid2 = webuser.emailUnique(email)
if (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 2 or (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS <= 1 and webuser.checkemail(email))) and uid2 != -1 and (uid2 == uid or uid2 == 0) and password == password2:
if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS < 3:
change = webuser.updateDataUser(req,uid,email,password)
else:
return webuser.page_not_authorized(req, "../youraccount.py/change")
if change and CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 2:
mess = _("Password successfully edited.")
elif change:
mess = _("Settings successfully edited.")
act = "display"
linkname = _("Show account")
title = _("Settings edited")
elif uid2 == -1 or uid2 != uid and not uid2 == 0:
mess = _("The email address is already in use, please try again.")
act = "edit"
linkname = _("Edit settings")
title = _("Editing settings failed")
elif not webuser.checkemail(email):
mess = _("The email address is not valid, please try again.")
act = "edit"
linkname = _("Edit settings")
title = _("Editing settings failed")
elif password != password2:
mess = _("The passwords do not match, please try again.")
act = "edit"
linkname = _("Edit settings")
title = _("Editing settings failed")
else:
mess = _("Could not update settings.")
act = "edit"
linkname = _("Edit settings")
title = _("Editing settings failed")
return page(title=title,
body=webaccount.perform_back(mess,act, linkname, ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def lost(req, ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/lost")
return page(title=_("Lost your password?"),
body=webaccount.perform_lost(ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def display(req, ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/display")
if webuser.isGuestUser(uid):
return page(title=_("Your Account"),
body=webaccount.perform_info(req, ln),
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
data = webuser.getDataUid(req,uid)
bask = webbasket.account_list_baskets(uid, ln = ln)
aler = webalert.account_list_alerts(uid, ln = ln)
sear = webalert.account_list_searches(uid, ln = ln)
msgs = account_new_mail(uid, ln = ln)
return page(title=_("Your Account"),
body=webaccount.perform_display_account(req,data,bask,aler,sear,msgs,ln),
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def send_email(req, p_email=None, ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/send_email")
user_prefs = webuser.get_user_preferences(webuser.emailUnique(p_email))
if user_prefs:
if CFG_EXTERNAL_AUTHENTICATION.has_key(user_prefs['login_method']) or CFG_EXTERNAL_AUTHENTICATION.has_key(user_prefs['login_method']) and CFG_EXTERNAL_AUTHENTICATION[user_prefs['login_method']][0] != None:
Msg = websession_templates.tmpl_lost_password_message(ln = ln, supportemail = supportemail)
return page(title=_("Your Account"),
body=Msg,
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
passw = webuser.givePassword(p_email)
if passw == -999:
eMsg = _("The entered e-mail address doesn't exist in the database")
return page(title=_("Your Account"),
body=webaccount.perform_emailMessage(eMsg, ln),
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
fromaddr = "From: %s" % supportemail
toaddrs = "To: " + p_email
to = toaddrs + "\n"
sub = "Subject: %s %s\n\n" % (_("Credentials for"), cdsname)
body = "%s %s:\n\n" % (_("Here are your user credentials for"), cdsname)
body += " %s: %s\n %s: %s\n\n" % (_("username"), p_email, _("password"), passw)
- body += "%s %s/youraccount.py/login?ln=%s" % (_("You can login at"), weburl, ln)
+ body += "%s %s/youraccount.py/login?ln=%s" % (_("You can login at"), sweburl, ln)
msg = to + sub + body
server = smtplib.SMTP('localhost')
server.set_debuglevel(1)
try:
server.sendmail(fromaddr, toaddrs, msg)
except smtplib.SMTPRecipientsRefused,e:
eMsg = _("The entered email address is incorrect, please check that it is written correctly (e.g. johndoe@example.com).")
return page(title=_("Incorrect email address"),
body=webaccount.perform_emailMessage(eMsg, ln),
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
server.quit()
return page(title=_("Lost password sent"),
body=webaccount.perform_emailSent(p_email, ln),
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def youradminactivities(req, ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/youradminactivities")
return page(title=_("Your Administrative Activities"),
body=webaccount.perform_youradminactivities(uid, ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def delete(req, ln=cdslang):
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/delete")
return page(title=_("Delete Account"),
body=webaccount.perform_delete(ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def logout(req, ln=cdslang):
uid = webuser.logoutUser(req)
# load the right message language
_ = gettext_set_language(ln)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return webuser.page_not_authorized(req, "../youraccount.py/logout")
return page(title=_("Logout"),
body=webaccount.perform_logout(req, ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
def login(req, p_email=None, p_pw=None, login_method=None, action='login', referer='', ln=cdslang):
if CFG_ACCESS_CONTROL_LEVEL_SITE > 0:
return webuser.page_not_authorized(req, "../youraccount.py/login?ln=%s" % ln)
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
#return action+_("login")
if action == "login" or action == _("login"):
if p_email==None or not login_method:
return page(title=_("Login"),
body=webaccount.create_login_page_box(referer, ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
(iden, p_email, p_pw, msgcode) = webuser.loginUser(req,p_email,p_pw, login_method)
if len(iden)>0:
uid = webuser.update_Uid(req,p_email,p_pw)
uid2 = webuser.getUid(req)
if uid2 == -1:
webuser.logoutUser(req)
return webuser.page_not_authorized(req, "../youraccount.py/login?ln=%s" % ln, uid=uid)
# login successful!
if referer:
req.err_headers_out.add("Location", referer)
raise apache.SERVER_RETURN, apache.HTTP_MOVED_PERMANENTLY
else:
return display(req, ln)
else:
mess = cfg_webaccess_warning_msgs[msgcode] % login_method
if msgcode == 14:
if not webuser.userNotExist(p_email,p_pw) or p_email=='' or p_email==' ':
mess = cfg_webaccess_warning_msgs[15] % login_method
act = "login"
return page(title=_("Login"),
body=webaccount.perform_back(mess,act, _("login"), ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
else:
return "This should have never happened. Please contact %s." % supportemail
def register(req, p_email=None, p_pw=None, p_pw2=None, action='login', referer='', ln=cdslang):
if CFG_ACCESS_CONTROL_LEVEL_SITE > 0:
return webuser.page_not_authorized(req, "../youraccount.py/register?ln=%s" % ln)
uid = webuser.getUid(req)
# load the right message language
_ = gettext_set_language(ln)
if p_email==None:
return page(title=_("Register"),
body=webaccount.create_register_page_box(referer, ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
mess=""
act=""
if p_pw == p_pw2:
ruid = webuser.registerUser(req,p_email,p_pw)
else:
ruid = -2
if ruid == 1:
uid = webuser.update_Uid(req,p_email,p_pw)
mess = _("Your account has been successfully created.")
title = _("Account created")
if CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT == 1:
mess += _(" An email has been sent to the given address with the account information.")
if CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 1:
mess += _(" A second email will be sent when the account has been activated and can be used.")
else:
mess += _(""" You can now access your <a href="%s">account</a>.""") % (
- "%s/youraccount.py/display?ln=%s" % (weburl, ln))
+ "%s/youraccount.py/display?ln=%s" % (sweburl, ln))
elif ruid == -1:
mess = _("The user already exists in the database, please try again.")
act = "register"
title = _("Register failure")
elif ruid == -2:
mess = _("Both passwords must match, please try again.")
act = "register"
title = _("Register failure")
else:
mess = _("The email address given is not valid, please try again.")
act = "register"
title = _("Register failure")
return page(title=title,
body=webaccount.perform_back(mess,act, (act == 'register' and _("register") or ""), ln),
- navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (weburl, ln) + _("Your Account") + """</a>""",
+ navtrail="""<a class="navtrail" href="%s/youraccount.py/display?ln=%s">""" % (sweburl, ln) + _("Your Account") + """</a>""",
description="CDS Personalize, Main page",
keywords="CDS, personalize",
uid=uid,
language=ln,
lastupdated=__lastupdated__)
diff --git a/modules/webstyle/lib/webstyle_templates.py b/modules/webstyle/lib/webstyle_templates.py
index f42ef45b0..5a3b9e7e8 100644
--- a/modules/webstyle/lib/webstyle_templates.py
+++ b/modules/webstyle/lib/webstyle_templates.py
@@ -1,592 +1,594 @@
## $Id$
## CDS Invenio WebStyle templates.
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
import urllib
import time
import cgi
import gettext
import traceback
import sre
import urllib
import sys
from invenio.config import *
from invenio.messages import gettext_set_language, language_list_long
class Template:
def tmpl_navtrailbox_body(self, weburl, ln, title, previous_links, separator, prolog, epilog):
"""Create navigation trail box body
Parameters:
- 'weburl' *string* - The base URL for the site
- 'ln' *string* - The language to display
- 'title' *string* - page title;
- 'previous_links' *string* - the trail content from site title until current page (both ends exlusive)
- 'prolog' *string* - HTML code to prefix the navtrail item with
- 'epilog' *string* - HTML code to suffix the navtrail item with
- 'separator' *string* - HTML code that separates two navtrail items
Output:
- text containing the navtrail
"""
# load the right message language
_ = gettext_set_language(ln)
out = ""
if title != cdsnameintl[ln]:
out += """<a class="navtrail" href="%(weburl)s?ln=%(ln)s">%(msg_home)s</a>""" % {
'weburl' : weburl,
'ln' : ln,
'msg_home' : _("Home")}
if previous_links:
if out:
out += separator
out += previous_links
if title:
if out:
out += separator
if title == cdsnameintl[ln]: # hide site name, print Home instead
out += _("Home")
else:
out += title
return prolog + out + epilog
def tmpl_page(self, weburl, ln, headertitle, sitename = "", supportemail = "", description = "", keywords = "",
userinfobox = "", navtrailbox = "",
pageheaderadd = "", boxlefttop = "", boxlefttopadd = "",
boxleftbottom = "", boxleftbottomadd = "", boxrighttop = "", boxrighttopadd = "",
boxrightbottom = "", boxrightbottomadd = "", titleprologue = "", title = "", titleepilogue = "", body = "",
version = "", lastupdated = None, languagebox = "",
pagefooteradd = "",
uid = 0,
):
"""Creates a complete page
Parameters:
- 'weburl' *string* - The base URL for the site
- 'ln' *string* - The language to display
- 'sitename' *string* - the first part of the page HTML title
- 'headertitle' *string* - the second part of the page HTML title
- 'supportemail' *string* - email of the support team
- 'description' *string* - description goes to the metadata in the header of the HTML page
- 'keywords' *string* - keywords goes to the metadata in the header of the HTML page
- 'userinfobox' *string* - the HTML code for the user information box
- 'navtrailbox' *string* - the HTML code for the navigation trail box
- 'pageheaderadd' *string* - additional page header HTML code
- 'boxlefttop' *string* - left-top box HTML code
- 'boxlefttopadd' *string* - additional left-top box HTML code
- 'boxleftbottom' *string* - left-bottom box HTML code
- 'boxleftbottomadd' *string* - additional left-bottom box HTML code
- 'boxrighttop' *string* - right-top box HTML code
- 'boxrighttopadd' *string* - additional right-top box HTML code
- 'boxrightbottom' *string* - right-bottom box HTML code
- 'boxrightbottomadd' *string* - additional right-bottom box HTML code
- 'title' *string* - the title of the page
- 'body' *string* - the body of the page
- 'version' *string* - the version number of CDS Invenio
- 'lastupdated' *string* - when the page was last updated
- 'languagebox' *string* - the HTML code for the language box
- 'pagefooteradd' *string* - additional page footer HTML code
Output:
- HTML code of the page
"""
# load the right message language
_ = gettext_set_language(ln)
if lastupdated:
msg_lastupdated = _("Last updated:") + " " + lastupdated
else:
msg_lastupdated = ""
out = self.tmpl_pageheader(
weburl = weburl,
ln = ln,
headertitle = headertitle,
sitename = sitename,
supportemail = supportemail,
description = description,
keywords = keywords,
userinfobox = userinfobox,
navtrailbox = navtrailbox,
pageheaderadd = pageheaderadd,
languagebox = languagebox,
) + """
<div class="pagebody">
<div class="pagebodystripeleft">
<div class="pageboxlefttop">%(boxlefttop)s</div>
<div class="pageboxlefttopadd">%(boxlefttopadd)s</div>
<div class="pageboxleftbottomadd">%(boxleftbottomadd)s</div>
<div class="pageboxleftbottom">%(boxleftbottom)s</div>
</div>
<div class="pagebodystriperight">
<div class="pageboxrighttop">%(boxrighttop)s</div>
<div class="pageboxrighttopadd">%(boxrighttopadd)s</div>
<div class="pageboxrightbottomadd">%(boxrightbottomadd)s</div>
<div class="pageboxrightbottom">%(boxrightbottom)s</div>
</div>
<div class="pagebodystripemiddle">
<h1 class="headline">%(title)s</h1>
%(body)s
</div>
</div>
""" % {
'boxlefttop' : boxlefttop,
'boxlefttopadd' : boxlefttopadd,
'boxleftbottom' : boxleftbottom,
'boxleftbottomadd' : boxleftbottomadd,
'boxrighttop' : boxrighttop,
'boxrighttopadd' : boxrighttopadd,
'boxrightbottom' : boxrightbottom,
'boxrightbottomadd' : boxrightbottomadd,
'title' : title,
'body' : body,
} + self.tmpl_pagefooter(
weburl = weburl,
ln = ln,
sitename = sitename,
supportemail = supportemail,
version = version,
lastupdated = lastupdated,
languagebox = languagebox,
pagefooteradd = pagefooteradd
)
return out
def tmpl_pageheader(self, weburl, ln, headertitle = "", sitename = "", supportemail = "", description = "", keywords = "",
userinfobox = "", navtrailbox = "",
pageheaderadd = "", languagebox = "",
uid = 0,
):
"""Creates a page header
Parameters:
- 'weburl' *string* - The base URL for the site
- 'ln' *string* - The language to display
- 'sitename' *string* - the first part of the page HTML title
- 'headertitle' *string* - the second part of the page HTML title
- 'supportemail' *string* - email of the support team
- 'description' *string* - description goes to the metadata in the header of the HTML page
- 'keywords' *string* - keywords goes to the metadata in the header of the HTML page
- 'userinfobox' *string* - the HTML code for the user information box
- 'navtrailbox' *string* - the HTML code for the navigation trail box
- 'pageheaderadd' *string* - additional page header HTML code
- 'languagebox' *string* - the HTML code for the language box
Output:
- HTML code of the page headers
"""
# load the right message language
_ = gettext_set_language(ln)
out = """
<!-- DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDS Invenio SOURCES. LOOK THERE FOR THE COPYRIGHT INFO. -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>%(sitename)s: %(headertitle)s</title>
<link rev="made" href="mailto:%(supportemail)s">
<link rel="stylesheet" href="%(weburl)s/img/cds.css">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" content="%(description)s">
<meta name="keywords" content="%(keywords)s">
</head>
<body>
<div class="pageheader">
<!-- replaced page header -->
<div style="background-image: url(%(weburl)s/img/header_background.gif);">
<table class="headerbox">
<tr>
<td rowspan="2" class="headerboxbodylogo">
%(sitename)s
</td>
<td align="right" class="userinfoboxbody">
%(userinfobox)s
</td>
</tr>
<tr>
<td class="headerboxbody" valign="bottom" align="left">
<table class="headermodulebox">
<tr>
<td class="headermoduleboxbodyblank">
</td>
<td class="headermoduleboxbodyblank">
</td>
<td class="headermoduleboxbody">
<a class=header href="%(weburl)s/?ln=%(ln)s">%(msg_search)s</a>
</td>
<td class="headermoduleboxbodyblank">
</td>
<td class="headermoduleboxbody">
<a class=header href="%(weburl)s/submit.py?ln=%(ln)s">%(msg_submit)s</a>
</td>
<td class="headermoduleboxbodyblank">
</td>
<td class="headermoduleboxbody">
- <a class=header href="%(weburl)s/youraccount.py/display?ln=%(ln)s">%(msg_personalize)s</a>
+ <a class=header href="%(sweburl)s/youraccount.py/display?ln=%(ln)s">%(msg_personalize)s</a>
</td>
<td class="headermoduleboxbodyblank">
</td>
<td class="headermoduleboxbody">
<a class=header href="%(weburl)s/help/index.%(ln)s.html">%(msg_help)s</a>
</td>
<td class="headermoduleboxbodyblank">
</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
<table class="navtrailbox">
<tr>
<td class="navtrailboxbody">
%(navtrailbox)s
</td>
</tr>
</table>
<!-- end replaced page header -->
%(pageheaderadd)s
</div>
""" % {
'weburl' : weburl,
+ 'sweburl' : sweburl,
'ln' : ln,
'sitename' : sitename,
'headertitle' : headertitle,
'supportemail' : supportemail,
'description' : description,
'keywords' : keywords,
'userinfobox' : userinfobox,
'navtrailbox' : navtrailbox,
'pageheaderadd' : pageheaderadd,
'msg_search' : _("Search"),
'msg_submit' : _("Submit"),
'msg_personalize' : _("Personalize"),
'msg_help' : _("Help"),
'languagebox' : languagebox,
}
return out
def tmpl_pagefooter(self, weburl, ln, sitename = "", supportemail = "",
version = "", lastupdated = None, languagebox = "",
pagefooteradd = ""
):
"""Creates a page footer
Parameters:
- 'weburl' *string* - The base URL for the site
- 'ln' *string* - The language to display
- 'sitename' *string* - the first part of the page HTML title
- 'supportemail' *string* - email of the support team
- 'version' *string* - the version number of CDS Invenio
- 'lastupdated' *string* - when the page was last updated
- 'languagebox' *string* - the HTML code for the language box
- 'pagefooteradd' *string* - additional page footer HTML code
Output:
- HTML code of the page headers
"""
# load the right message language
_ = gettext_set_language(ln)
if lastupdated:
msg_lastupdated = _("Last updated:") + " " + lastupdated
else:
msg_lastupdated = ""
out = """
<div class="pagefooter">
%(pagefooteradd)s
<!-- replaced page footer -->
<div class="pagefooterstripeleft">
- %(sitename)s :: <a class="footer" href="%(weburl)s/?ln=%(ln)s">%(msg_search)s</a> :: <a class="footer" href="%(weburl)s/submit.py?ln=%(ln)s">%(msg_submit)s</a> :: <a class="footer" href="%(weburl)s/youraccount.py/display?ln=%(ln)s">%(msg_personalize)s</a> :: <a class="footer" href="%(weburl)s/help/index.%(ln)s.html">%(msg_help)s</a>
+ %(sitename)s :: <a class="footer" href="%(weburl)s/?ln=%(ln)s">%(msg_search)s</a> :: <a class="footer" href="%(weburl)s/submit.py?ln=%(ln)s">%(msg_submit)s</a> :: <a class="footer" href="%(sweburl)s/youraccount.py/display?ln=%(ln)s">%(msg_personalize)s</a> :: <a class="footer" href="%(weburl)s/help/index.%(ln)s.html">%(msg_help)s</a>
<br>
%(msg_poweredby)s <a class="footer" href="http://cdsware.cern.ch/">CDS Invenio</a> v%(version)s
<br>
%(msg_maintainedby)s <a class="footer" href="mailto:%(supportemail)s">%(supportemail)s</a>
<br>
%(msg_lastupdated)s
</div>
<div class="pagefooterstriperight">
%(languagebox)s
</div>
<!-- replaced page footer -->
</div>
</body>
</html>
""" % {
'weburl' : weburl,
+ 'sweburl' : sweburl,
'ln' : ln,
'sitename' : sitename,
'supportemail' : supportemail,
'msg_search' : _("Search"),
'msg_submit' : _("Submit"),
'msg_personalize' : _("Personalize"),
'msg_help' : _("Help"),
'msg_poweredby' : _("Powered by"),
'msg_maintainedby' : _("Maintained by"),
'msg_lastupdated' : msg_lastupdated,
'languagebox' : languagebox,
'version' : version,
'pagefooteradd' : pagefooteradd,
}
return out
def tmpl_language_selection_box(self, urlargs="", language="en"):
"""Take URLARGS and LANGUAGE and return textual language
selection box for the given page.
Parameters:
- 'urlargs' *string* - The url args that helped produce this page
- 'language' *string* - The selected language
"""
# load the right message language
_ = gettext_set_language(language)
out = ""
for (lang, lang_namelong) in language_list_long():
if lang == language:
out += """ <span class="langinfo">%s</span> """ % lang_namelong
else:
if urlargs:
urlargs = sre.sub(r'ln=.*?(&|$)', '', urlargs)
if urlargs:
if urlargs.endswith('&'):
urlargs += "ln=%s" % lang
else:
urlargs += "&ln=%s" % lang
else:
urlargs = "ln=%s" % lang
out += """ <a class="langinfo" href="?%s">%s</a> """ % (urlargs, lang_namelong)
return _("This site is also available in the following languages:") + "<br>" + out
def tmpl_error_box(self, ln, title, verbose, req, supportemail, errors):
"""Produces an error box.
Parameters:
- 'title' *string* - The title of the error box
- 'ln' *string* - The selected language
- 'verbose' *bool* - If lots of information should be displayed
- 'req' *object* - the request object
- 'supportemail' *string* - the supportemail for this installation
- 'errors' list of tuples (error_code, error_message)
- #! todo
"""
# load the right message language
_ = gettext_set_language(ln)
info_not_available = _("N/A")
if title == None:
if errors:
title = _("Error: %s") % errors[0][1]
else:
title = _("Internal Error")
browser_s = _("Browser")
if req:
try:
if req.headers_in.has_key('User-Agent'):
browser_s += ': ' + req.headers_in['User-Agent']
else:
browser_s += ': ' + info_not_available
host_s = req.hostname
page_s = req.unparsed_uri
client_s = req.connection.remote_ip
except:
pass
else:
browser_s += ': ' + info_not_available
host_s = page_s = client_s = info_not_available
error_s = ''
sys_error_s = ''
traceback_s = ''
if verbose >= 1:
if sys.exc_info()[0]:
sys_error_s = _("System Error: %s %s\n") % (sys.exc_info()[0], sys.exc_info()[1])
if errors:
errs = ''
for error_tuple in errors:
try:
errs += "%s%s : %s\n " % (' '*6, error_tuple[0], error_tuple[1])
except:
errs += "%s%s\n" % (' '*6, error_tuple)
errs = errs[6:-2] # get rid of trainling ','
error_s = _("Error: %s")% errs + "\n"
else:
error_s = _("Error") + ': ' + info_not_available
if verbose >= 9:
traceback_s = _("Traceback: \n%s") % string.join(traceback.format_tb(sys.exc_info()[2]),"\n")
out = """
<table class="errorbox">
<thead>
<tr>
<th class="errorboxheader">
<p> %(title)s %(sys1)s %(sys2)s</p>
</th>
</tr>
</thead>
<tbody>
<tr>
<td class="errorboxbody">
<p>%(contact)s</p>
<blockquote><pre>
URI: http://%(host)s%(page)s
%(time_label)s: %(time)s
%(browser)s
%(client_label)s: %(client)s
%(error)s%(sys_error)s%(traceback)s
</pre></blockquote>
</td>
</tr>
<tr>
<td>
<form action="%(weburl)s/error.py/send_report" method="POST">
%(send_error_label)s
<input class="adminbutton" type="submit" value="%(send_label)s" />
<input type="hidden" name="header" value="%(title)s %(sys1)s %(sys2)s" />
<input type="hidden" name="url" value="URI: http://%(host)s%(page)s" />
<input type="hidden" name="time" value="Time: %(time)s" />
<input type="hidden" name="browser" value="%(browser)s" />
<input type="hidden" name="client" value="Client: %(client)s" />
<input type="hidden" name="error" value="%(error)s" />
<input type="hidden" name="sys_error" value="%(sys_error)s" />
<input type="hidden" name="traceback" value="%(traceback)s" />
<input type="hidden" name="referer" value="%(referer)s" />
</form>
</td>
</tr>
</tbody>
</table>
""" % {
'title' : title,
'time_label': _("Time"),
'client_label': _("Client"),
'send_error_label': _("Please send an error report to the Administrator"),
'send_label': _("Send error report"),
'sys1' : sys.exc_info()[0] or '',
'sys2' : sys.exc_info()[1] or '',
'contact' : _("Please contact <a href=\"mailto:%s\">%s</a> quoting the following information:") % (urllib.quote(supportemail), supportemail),
'host' : host_s,
'page' : page_s,
'time' : time.strftime("%d/%b/%Y:%H:%M:%S %z"),
'browser' : browser_s,
'client' : client_s,
'error' : error_s,
'traceback' : traceback_s,
'sys_error' : sys_error_s,
'weburl' : weburl,
'referer' : page_s!=info_not_available and ("http://" + host_s + page_s) or info_not_available
}
return out
diff --git a/modules/websubmit/web/publiline.py b/modules/websubmit/web/publiline.py
index ff1c9a08a..7b28fbc53 100644
--- a/modules/websubmit/web/publiline.py
+++ b/modules/websubmit/web/publiline.py
@@ -1,361 +1,361 @@
## $Id$
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
-from invenio.config import cdsname,cdslang,supportemail,pylibdir
+from invenio.config import cdsname,cdslang,supportemail,pylibdir, sweburl
from invenio.dbquery import run_sql
from invenio.access_control_engine import acc_authorize_action
from invenio.access_control_admin import *
from invenio.webpage import page, create_error_box
from invenio.webuser import getUid, get_email, list_registered_users, page_not_authorized
from invenio.messages import gettext_set_language, wash_language
from invenio.websubmit_config import *
from invenio.search_engine import search_pattern
from invenio.access_control_config import CFG_ACCESS_CONTROL_LEVEL_SITE
execfile("%s/invenio/websubmit_functions/Retrieve_Data.py" % pylibdir)
execfile("%s/invenio/websubmit_functions/mail.py" % pylibdir)
import invenio.template
websubmit_templates = invenio.template.load('websubmit')
def index(req,c=cdsname,ln=cdslang,doctype="",categ="",RN="",send=""):
global uid
ln = wash_language(ln)
# load the right message language
_ = gettext_set_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../publiline.py/index")
uid_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req, ln = ln)
if doctype == "":
t = selectDoctype(ln)
elif categ == "":
t = selectCateg(doctype, ln)
elif RN == "":
t = selectDocument(doctype,categ, ln)
else:
t = displayDocument(doctype,categ,RN,send, ln)
return page(title="publication line",
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def selectDoctype(ln = cdslang):
res = run_sql("select DISTINCT doctype from sbmAPPROVAL")
docs = []
for row in res:
res2 = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (row[0],))
docs.append({
'doctype' : row[0],
'docname' : res2[0][0],
})
t = websubmit_templates.tmpl_publiline_selectdoctype(
ln = ln,
docs = docs,
)
return t
def selectCateg(doctype, ln = cdslang):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s",(doctype,))
title = res[0][0]
sth = run_sql("select * from sbmCATEGORIES where doctype=%s order by lname",(doctype,))
if len(sth) == 0:
categ = "unknown"
return selectDocument(doctype,categ, ln = ln)
categories = []
for arr in sth:
waiting = 0
rejected = 0
approved = 0
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='waiting'", (doctype,arr[1],))
waiting = sth2[0][0]
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='approved'",(doctype,arr[1],))
approved = sth2[0][0]
sth2 = run_sql("select COUNT(*) from sbmAPPROVAL where doctype=%s and categ=%s and status='rejected'",(doctype,arr[1],))
rejected = sth2[0][0]
categories.append({
'waiting' : waiting,
'approved' : approved,
'rejected' : rejected,
'id' : arr[1],
})
t = websubmit_templates.tmpl_publiline_selectcateg(
ln = ln,
categories = categories,
doctype = doctype,
title = title,
images = images,
)
return t
def selectDocument(doctype,categ, ln = cdslang):
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (doctype,))
title = res[0][0]
if categ == "":
categ == "unknown"
docs = []
sth = run_sql("select rn,status from sbmAPPROVAL where doctype=%s and categ=%s order by status DESC,rn DESC",(doctype,categ))
for arr in sth:
docs.append({
'RN' : arr[0],
'status' : arr[1],
})
t = websubmit_templates.tmpl_publiline_selectdocument(
ln = ln,
doctype = doctype,
title = title,
categ = categ,
images = images,
docs = docs,
)
return t
def displayDocument(doctype,categ,RN,send, ln = cdslang):
# load the right message language
_ = gettext_set_language(ln)
t=""
res = run_sql("select ldocname from sbmDOCTYPE where sdocname=%s", (doctype,))
docname = res[0][0]
if categ == "":
categ = "unknown"
sth = run_sql("select rn,status,dFirstReq,dLastReq,dAction,access from sbmAPPROVAL where rn=%s",(RN,))
if len(sth) > 0:
arr = sth[0]
rn = arr[0]
status = arr[1]
dFirstReq = arr[2]
dLastReq = arr[3]
dAction = arr[4]
access = arr[5]
else:
return warningMsg(_("This document has never been requested for approval!") + "<BR> ", ln = ln)
(authors,title,sysno,newrn) = getInfo(doctype,categ,RN)
confirm_send = 0
if send == _("Send Again"):
if authors == "unknown" or title == "unknown":
SendWarning(doctype,categ,RN,title,authors,access, ln = ln)
else:
# @todo - send in different languages
SendEnglish(doctype,categ,RN,title,authors,access,sysno)
run_sql("update sbmAPPROVAL set dLastReq=NOW() where rn=%s",(RN,))
confirm_send = 1
if status == "waiting":
(auth_code, auth_message) = acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ)
else:
(auth_code, auth_message) = (None, None)
t = websubmit_templates.tmpl_publiline_displaydoc(
ln = ln,
docname = docname,
doctype = doctype,
categ = categ,
rn = rn,
status = status,
dFirstReq = dFirstReq,
dLastReq = dLastReq,
dAction = dAction,
access = access,
images = images,
accessurl = accessurl,
confirm_send = confirm_send,
auth_code = auth_code,
auth_message = auth_message,
authors = authors,
title = title,
sysno = sysno,
newrn = newrn,
)
return t
# Retrieve info about document
def getInfo(doctype,categ,RN):
result = getInPending(doctype,categ,RN)
if not result:
result = getInAlice(doctype,categ,RN)
return result
#seek info in pending directory
def getInPending(doctype,categ,RN):
PENDIR="%s/pending" % storage
if os.path.exists("%s/%s/%s/AU" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/AU" % (PENDIR,doctype,RN),"r")
authors=fp.read()
fp.close()
else:
authors = ""
if os.path.exists("%s/%s/%s/TI" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/TI" % (PENDIR,doctype,RN),"r")
title=fp.read()
fp.close()
else:
title = ""
if os.path.exists("%s/%s/%s/SN" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/SN" % (PENDIR,doctype,RN),"r")
sysno=fp.read()
fp.close()
else:
sysno = ""
if title == "" and os.path.exists("%s/%s/%s/TIF" % (PENDIR,doctype,RN)):
fp = open("%s/%s/%s/TIF" % (PENDIR,doctype,RN),"r")
title=fp.read()
fp.close()
if title == "":
return 0
else:
return (authors,title,sysno,"")
#seek info in Alice database
def getInAlice(doctype,categ,RN):
# initialize sysno variable
sysno = ""
searchresults = search_pattern(req=None, p=RN, f="reportnumber").items().tolist()
if len(searchresults) == 0:
return 0
sysno = searchresults[0]
if sysno != "":
title = Get_Field('245__a',sysno)
emailvalue = Get_Field('8560_f',sysno)
authors = Get_Field('100__a',sysno)
authors += "\n%s" % Get_Field('700__a',sysno)
newrn = Get_Field('037__a',sysno)
return (authors,title,sysno,newrn)
else:
return 0
def SendEnglish(doctype,categ,RN,title,authors,access,sysno):
FROMADDR = '%s Submission Engine <%s>' % (cdsname,supportemail)
# retrieve useful information from webSubmit configuration
res = run_sql("select value from sbmPARAMETERS where name='categformatDAM' and doctype=%s", (doctype,))
categformat = res[0][0]
categformat = re.sub("<CATEG>","([^-]*)",categformat)
categs = re.match(categformat,RN)
if categs != None:
categ = categs.group(1)
else:
categ = "unknown"
res = run_sql("select value from sbmPARAMETERS where name='addressesDAM' and doctype=%s",(doctype,))
if len(res) > 0:
otheraddresses = res[0][0]
otheraddresses = otheraddresses.replace("<CATEG>",categ)
else:
otheraddresses = ""
# Build referee's email address
refereeaddress = ""
# Try to retrieve the referee's email from the referee's database
for user in acc_getRoleUsers(acc_getRoleId("referee_%s_%s" % (doctype,categ))):
refereeaddress += user[1] + ","
# And if there are general referees
for user in acc_getRoleUsers(acc_getRoleId("referee_%s_*" % doctype)):
refereeaddress += user[1] + ","
refereeaddress = re.sub(",$","",refereeaddress)
# Creation of the mail for the referee
addresses = ""
if refereeaddress != "":
addresses = refereeaddress + ","
if otheraddresses != "":
addresses += otheraddresses
else:
addresses = re.sub(",$","",addresses)
if addresses=="":
SendWarning(doctype,categ,RN,title,authors,access)
return 0
if authors == "":
authors = "-"
res = run_sql("select value from sbmPARAMETERS where name='directory' and doctype=%s", (doctype,))
directory = res[0][0]
message = """
The document %s has been published as a Communication.
Your approval is requested for it to become an official Note.
Title: %s
Author(s): %s
To access the document(s), select the file(s) from the location:
<%s/getfile.py?recid=%s>
To approve/reject the document, you should go to this URL:
<%s/approve.py?%s>
---------------------------------------------
Best regards.
The submission team.""" % (RN,title,authors,urlpath,sysno,urlpath,access)
# send the mail
body = forge_email(FROMADDR,addresses,adminemail,"Request for Approval of %s" % RN,message)
send_email(FROMADDR,addresses,body,0)
return ""
def SendWarning(doctype,categ,RN,title,authors,access):
FROMADDR = '%s Submission Engine <%s>' % (cdsname,supportemail)
message = "Failed sending approval email request for %s" % RN
# send the mail
body = forge_email(FROMADDR,adminemail,"","Failed sending approval email request",message)
send_email(FROMADDR,adminemail,body,0)
return ""
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDS Invenio, Internal Error" % c,
language=ln,
urlargs=req.args)
def warningMsg(title,req,c=cdsname,ln=cdslang):
return page(title="warning",
body = title,
description="%s - Internal Error" % c,
keywords="%s, CDS Invenio, Internal Error" % c,
language=ln,
urlargs=req.args)
diff --git a/modules/websubmit/web/yourapprovals.py b/modules/websubmit/web/yourapprovals.py
index 8978a1e84..11092abd7 100644
--- a/modules/websubmit/web/yourapprovals.py
+++ b/modules/websubmit/web/yourapprovals.py
@@ -1,113 +1,113 @@
## $Id$
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## import interesting modules:
import os
import sys
-from invenio.config import weburl,cdsname,cdslang
+from invenio.config import weburl, sweburl, cdsname, cdslang
from invenio.dbquery import run_sql
from invenio.access_control_engine import acc_authorize_action
from invenio.access_control_admin import *
from invenio.webpage import page, create_error_box
from invenio.webuser import getUid, get_email, list_registered_users, page_not_authorized
from invenio.messages import gettext_set_language, wash_language
from invenio.websubmit_config import *
from invenio.search_engine import search_pattern
from invenio.access_control_config import CFG_ACCESS_CONTROL_LEVEL_SITE
import invenio.template
websubmit_templates = invenio.template.load('websubmit')
def index(req,c=cdsname,ln=cdslang,order="",doctype="",deletedId="",deletedAction="",deletedDoctype=""):
global uid
ln = wash_language(ln)
# load the right message language
_ = gettext_set_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../yourapprovals.py/index")
u_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value,req, ln = ln)
res = run_sql("select sdocname,ldocname from sbmDOCTYPE")
referees = []
for row in res:
doctype = row[0]
docname = row[1]
reftext = ""
if isReferee(uid,doctype,"*"):
referees.append ({'doctype': doctype,
'docname': docname,
'categories': None})
else:
res2 = run_sql("select sname,lname from sbmCATEGORIES where doctype=%s",(doctype,))
categories = []
for row2 in res2:
category = row2[0]
categname = row2[1]
if isReferee(uid,doctype,category):
categories.append({
'id' : category,
'name' : categname,
})
referees.append({
'doctype' : doctype,
'docname' : docname,
'categories' : categories
})
t = websubmit_templates.tmpl_yourapprovals(
ln = ln,
referees = referees
)
return page(title=_("Your Approvals"),
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def isReferee(uid,doctype="",categ=""):
(auth_code, auth_message) = acc_authorize_action(uid, "referee",verbose=0,doctype=doctype, categ=categ)
if auth_code == 0:
return 1
else:
return 0
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDS Invenio, Internal Error" % c,
language=ln,
urlargs=req.args)
diff --git a/modules/websubmit/web/yoursubmissions.py b/modules/websubmit/web/yoursubmissions.py
index ebcfb6ea4..861f3f8df 100644
--- a/modules/websubmit/web/yoursubmissions.py
+++ b/modules/websubmit/web/yoursubmissions.py
@@ -1,204 +1,204 @@
## $Id$
## This file is part of CDS Invenio.
## Copyright (C) 2002, 2003, 2004, 2005, 2006 CERN.
##
## CDS Invenio is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License as
## published by the Free Software Foundation; either version 2 of the
## License, or (at your option) any later version.
##
## CDS Invenio is distributed in the hope that it will be useful, but
## WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with CDS Invenio; if not, write to the Free Software Foundation, Inc.,
## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
## import interesting modules:
import string
import os
import sys
import time
import types
import re
import MySQLdb
import shutil
import operator
-from invenio.config import weburl,cdsname,cdslang
+from invenio.config import weburl, sweburl, cdsname, cdslang
from invenio.dbquery import run_sql
from invenio.access_control_engine import acc_authorize_action
from invenio.access_control_admin import *
from invenio.webpage import page, create_error_box
from invenio.webuser import getUid, get_email, list_registered_users, page_not_authorized
from invenio.messages import gettext_set_language, wash_language
from invenio.websubmit_config import *
from invenio.search_engine import search_pattern
from invenio.access_control_config import CFG_ACCESS_CONTROL_LEVEL_SITE
import invenio.template
websubmit_templates = invenio.template.load('websubmit')
def index(req,c=cdsname,ln=cdslang,order="",doctype="",deletedId="",deletedAction="",deletedDoctype=""):
global uid
ln = wash_language(ln)
# load the right message language
_ = gettext_set_language(ln)
t=""
# get user ID:
try:
uid = getUid(req)
if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1:
return page_not_authorized(req, "../yoursubmissions.py/index")
u_email = get_email(uid)
except MySQLdb.Error, e:
return errorMsg(e.value, req, ln)
if u_email == "guest" or u_email == "":
return warningMsg(websubmit_templates.tmpl_warning_message(
ln = ln,
msg = _("You first have to login before using this feature. Use the left menu to log in."),
),req, ln = ln)
if deletedId != "":
t += deleteSubmission(deletedId,deletedAction,deletedDoctype,u_email)
# doctypes
res = run_sql("select ldocname,sdocname from sbmDOCTYPE order by ldocname")
doctypes = []
for row in res:
doctypes.append({
'id' : row[1],
'name' : row[0],
'selected' : (doctype == row[1]),
})
# submissions
# request order default value
reqorder = "sbmSUBMISSIONS.md DESC, lactname"
# requested value
if order == "actiondown":
reqorder = "lactname ASC, sbmSUBMISSIONS.md DESC"
elif order == "actionup":
reqorder = "lactname DESC, sbmSUBMISSIONS.md DESC"
elif order == "refdown":
reqorder = "reference ASC, sbmSUBMISSIONS.md DESC, lactname DESC"
elif order == "refup":
reqorder = "reference DESC, sbmSUBMISSIONS.md DESC, lactname DESC"
elif order == "cddown":
reqorder = "sbmSUBMISSIONS.cd DESC, lactname"
elif order == "cdup":
reqorder = "sbmSUBMISSIONS.cd ASC, lactname"
elif order == "mddown":
reqorder = "sbmSUBMISSIONS.md DESC, lactname"
elif order == "mdup":
reqorder = "sbmSUBMISSIONS.md ASC, lactname"
elif order == "statusdown":
reqorder = "sbmSUBMISSIONS.status DESC, lactname"
elif order == "statusup":
reqorder = "sbmSUBMISSIONS.status ASC, lactname"
if doctype != "":
docselect = " and doctype='%s' " % doctype
else:
docselect = ""
res = run_sql("SELECT sbmSUBMISSIONS.* FROM sbmSUBMISSIONS,sbmACTION WHERE sactname=action and email=%s and id!='' "+docselect+" ORDER BY doctype,"+reqorder,(u_email,))
currentdoctype = ""
currentaction = ""
currentstatus = ""
submissions = []
for row in res:
if currentdoctype != row[1]:
currentdoctype = row[1]
currentaction = ""
currentstatus = ""
res2 = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s",(currentdoctype,))
if res2:
ldocname = res2[0][0]
else:
ldocname = """***Unknown Document Type - (%s)""" % (currentdoctype,)
if currentaction != row[2]:
currentaction = row[2]
res2 = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s",(currentaction,))
if res2:
lactname = res2[0][0]
else:
lactname = "\""
else:
lactname = "\""
if currentstatus != row[3]:
currentstatus = row[3]
status=row[3]
else:
status = "\""
submissions.append({
'docname' : ldocname,
'actname' : lactname,
'status' : status,
'cdate' : row[6],
'mdate' : row[7],
'reference' : row[5],
'id' : row[4],
'act' : currentaction,
'doctype' : currentdoctype,
'pending' : (row[3] == "pending")
})
# display
t += websubmit_templates.tmpl_yoursubmissions(
ln = ln,
weburl = weburl,
images = images,
order = order,
doctypes = doctypes,
submissions = submissions,
)
return page(title="Your Submissions",
- navtrail= """<a class="navtrail" href="%(weburl)s/youraccount.py/display">%(account)s</a>""" % {
- 'weburl' : weburl,
+ navtrail= """<a class="navtrail" href="%(sweburl)s/youraccount.py/display">%(account)s</a>""" % {
+ 'sweburl' : sweburl,
'account' : _("Your Account"),
},
body=t,
description="",
keywords="",
uid=uid,
language=ln,
urlargs=req.args)
def deleteSubmission(id, action, doctype, u_email):
global storage
run_sql("delete from sbmSUBMISSIONS WHERE doctype=%s and action=%s and email=%s and status='pending' and id=%s",(doctype,action,u_email,id,))
res = run_sql("select dir from sbmACTION where sactname=%s",(action,))
dir = res[0][0]
if not ('..' in doctype or '..' in id) and id != "":
full = os.path.join(storage, dir, doctype, id)
if os.path.isdir(full):
shutil.rmtree(full)
return ""
def warningMsg(title,req,c=cdsname,ln=cdslang):
return page(title="warning",
body = title,
description="%s - Internal Error" % c,
keywords="%s, CDS Invenio, Internal Error" % c,
language=ln,
urlargs=req.args)
def errorMsg(title,req,c=cdsname,ln=cdslang):
return page(title="error",
body = create_error_box(req, title=title,verbose=0, ln=ln),
description="%s - Internal Error" % c,
keywords="%s, CDS Invenio, Internal Error" % c,
language=ln,
urlargs=req.args)