user.py 4.67 KB
Newer Older
Marc Duez's avatar
Marc Duez committed
1
import gluon.contrib.simplejson
RyanHerb's avatar
RyanHerb committed
2
import re
3
from controller_utils import error_message
Marc Duez's avatar
Marc Duez committed
4 5 6 7
if request.env.http_origin:
    response.headers['Access-Control-Allow-Origin'] = request.env.http_origin  
    response.headers['Access-Control-Allow-Credentials'] = 'true'
    response.headers['Access-Control-Max-Age'] = 86400
RyanHerb's avatar
RyanHerb committed
8 9

ACCESS_DENIED = 'access denied'
Marc Duez's avatar
Marc Duez committed
10
        
11 12
## return user list
def index():
13 14
    
    query = db(db.auth_user).select()
15

16
    for row in query :
Marc Duez's avatar
Marc Duez committed
17 18
        row.created = db( db.patient.creator == row.id ).count()
        
19
        row.access = ''
20
        if auth.can_create_patient(user=row.id): row.access += 'c'
21

22 23 24 25
        q = [g.group_id for g in db(db.auth_membership.user_id==row.id).select()]
        q.sort()
        row.groups = ' '.join([str(g) for g in q])

Marc Duez's avatar
Marc Duez committed
26 27 28 29 30 31 32
        row.size = 0
        row.files = 0
        query_size = db( db.sequence_file.provider == row.id ).select()
        
        for row2 in query_size:
            row.files += 1
            row.size += row2.size_file
33

34 35 36 37 38
        last_logins = db((db.auth_event.user_id==row.id)
                        &(db.auth_event.description=='User ' + str(row.id) + ' Logged-in')
                        &(db.auth_event.origin=='auth')).select(db.auth_event.time_stamp,
                                                                orderby=~db.auth_event.time_stamp)
        
39
        row.first_login = str(last_logins[-1].time_stamp) if len(last_logins) > 0 else '-'
40
        row.last_login = str(last_logins[0].time_stamp) if len(last_logins) > 0 else '-'
41

42 43 44 45 46
    ##sort query
    reverse = False
    if request.vars["reverse"] == "true" :
        reverse = True
    if request.vars["sort"] == "files" :
47
        query = sorted(query, key = lambda row : row.size, reverse=reverse)
48 49
    elif request.vars["sort"] == "patients" :
        query = sorted(query, key = lambda row : row.created, reverse=reverse)
50 51
    elif request.vars["sort"] == "login" :
        query = sorted(query, key = lambda row : row.last_login, reverse=reverse)
52 53 54
    else:
        query = sorted(query, key = lambda row : row.id, reverse=False)

55
    log.info("view user list", extra={'user_id': auth.user.id, 'record_id': None, 'table_name': 'auth_user'})
56 57
    return dict(query=query,
    			reverse=reverse)
58

RyanHerb's avatar
RyanHerb committed
59
def edit():
60
    if auth.is_admin():
RyanHerb's avatar
RyanHerb committed
61
        user = db.auth_user[request.vars["id"]]
62 63
        log.info("load edit form for user",
                extra={'user_id': auth.user.id, 'record_id': request.vars['id'], 'table_name': 'auth_user'})
RyanHerb's avatar
RyanHerb committed
64 65 66 67
        return dict(message=T("Edit user"), user=user)
    return error_message(ACCESS_DENIED)

def edit_form():
68 69
    if auth.is_admin():
        error = ""
RyanHerb's avatar
RyanHerb committed
70
        if request.vars["first_name"] == "" :
71
            error += "first name needed, "
RyanHerb's avatar
RyanHerb committed
72
        if request.vars["last_name"] == "" :
73
            error += "last name needed, "
RyanHerb's avatar
RyanHerb committed
74
        if request.vars["email"] == "":
75
            error += "email cannot be empty"
RyanHerb's avatar
RyanHerb committed
76
        elif not re.match(r"[^@]+@[^@]+\.[^@]+", request.vars["email"]):
77
            error += "incorrect email format"
RyanHerb's avatar
RyanHerb committed
78

79 80
        if request.vars["password"] != "":
            if request.vars["confirm_password"] != request.vars["password"]:
81
                error += "password fields must match"
82 83 84
            else:
                password = db.auth_user.password.validate(request.vars["password"])[0]

85
        if error == "":
86
            data = dict(first_name = request.vars["first_name"],
RyanHerb's avatar
RyanHerb committed
87 88
                                                    last_name = request.vars["last_name"],
                                                    email = request.vars["email"])
89 90 91 92 93
            if 'password' in vars():
                data["password"] = password

            db.auth_user[request.vars['id']] = data
            db.commit()
RyanHerb's avatar
RyanHerb committed
94 95
            res = {"redirect": "back",
                    "message": "%s (%s) user edited" % (request.vars["email"], request.vars["id"])}
96 97
            log.info(res,
                extra={'user_id': auth.user.id, 'record_id': request.vars['id'], 'table_name': 'auth_user'})
RyanHerb's avatar
RyanHerb committed
98 99 100
            return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

        else :
101
            res = {"success" : "false", "message" : error}
RyanHerb's avatar
RyanHerb committed
102 103 104 105 106 107 108
            log.error(res)
            return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
    else :
        res = {"message": ACCESS_DENIED}
        log.error(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

109 110 111
## return user information
## need ["id"]
def info():
112 113
    if "id" not in request.vars:
        request.vars["id"] = db().select(db.auth_user.ALL, orderby=~db.auth_user.id)[0].id
114 115
    log.info("view info for user (%d)" % int(request.vars['id']),
            extra={'user_id': auth.user.id, 'record_id': request.vars['id'], 'table_name': 'auth_user'})
116
    return dict(message=T('user info'))