Merge branch 'feature-s/misc-auth' into 'dev'

Give more auth information in the logs (for user/group creation/modification), and for the request analysis email. Closes #2960 See merge request !143

Merge branch 'feature-s/misc-auth' into 'dev'
Give more auth information in the logs (for user/group creation/modification), and for the request analysis email. Closes #2960 See merge request !143
b7e6ef18 · Mikaël Salson · 4277baff · 5fdf0dbf · b7e6ef18 · b7e6ef18
Commit b7e6ef18 authored Feb 06, 2018 by Mikaël Salson
5 changed files
--- a/server/web2py/applications/vidjil/controllers/default.py
+++ b/server/web2py/applications/vidjil/controllers/default.py
@@ -673,10 +673,17 @@ def user():
        auth.is_logged_in = lambda: False
        
        def post_register(form):
-            #default values for new user
-            group_id = db(db.auth_group.role == 'public' ).select()[0].id
+            # Set up a new user, after register
+
+            # Default permissions
            add_default_group_permissions(auth, auth.user_group())
+
+            # Appartenance to the public group
+            group_id = db(db.auth_group.role == 'public').select()[0].id
            db.auth_membership.insert(user_id = auth.user.id, group_id = group_id)
+
+            log.admin('User %s <%s> registered, group %s' % (auth.user.id, auth.user.email, auth.user_group()))
+
            #restore admin session after register
            session.auth = admin_auth
            auth.user = session.auth.user

--- a/server/web2py/applications/vidjil/controllers/group.py
+++ b/server/web2py/applications/vidjil/controllers/group.py
@@ -79,8 +79,8 @@ def add_form():
        add_default_group_permissions(auth, id)

        res = {"redirect": "group/index",
-               "message" : "group '%s' created" % id}
-        log.info(res)
+               "message" : "group '%s' (%s) created" % (id, request.vars["group_name"])}
+        log.admin(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else :
@@ -108,8 +108,8 @@ def edit_form():
                                               description=request.vars["info"])

        res = {"redirect": "group/index",
-               "message" : "group '%s' modified" % id}
-        log.info(res)
+               "message" : "group '%s' modified" % request.vars["id"]}
+        log.admin(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else :
@@ -136,7 +136,7 @@ def delete():
    
    res = {"redirect": "group/index",
           "message": "group '%s' deleted" % request.vars["id"]}
-    log.info(res)
+    log.admin(res)
    return gluon.contrib.simplejson.dumps(res, separators=(',',':'))


@@ -171,7 +171,9 @@ def remove_permission():
        auth.del_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])

    res = {"redirect" : "group/permission" ,
-           "args" : { "id" : request.vars["group_id"]} }
+           "args" : { "id" : request.vars["group_id"]},
+           "message": "user '%s' is not anymore owner of the group '%s'" % (request.vars["user_id"], request.vars["group_id"]) 
+    }
    log.info(res)
    return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

@@ -182,8 +184,9 @@ def change_permission():
        return error_message("ACCESS_DENIED")
    auth.add_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])

-    res = {"redirect" : "group/permission" , "args" : { "id" : request.vars["group_id"]} }
-    log.info(res)
+    res = {"redirect" : "group/permission" , "args" : { "id" : request.vars["group_id"]},
+           "message": "user '%s' is now owner of the group '%s'" % (request.vars["user_id"], request.vars["group_id"]) }
+    log.admin(res)
    return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
    
 ## invite an user to join the group
@@ -195,7 +198,7 @@ def invite():
        res = {"redirect" : "group/info" ,
               "args" : { "id" : request.vars["group_id"]},
               "message" : "user '%s' added to group '%s'" % (request.vars["user_id"], request.vars["group_id"])}
-        log.info(res)
+        log.admin(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else:
@@ -214,7 +217,7 @@ def kick():
        res = {"redirect" : "group/info" ,
               "args" : { "id" : request.vars["group_id"]},
               "message" : "user '%s' removed from group '%s'" % (request.vars["user_id"], request.vars["group_id"])}
-        log.info(res)
+        log.admin(res)
        return gluon.contrib.simplejson.dumps(res, separators=(',',':'))

    else:

--- a/server/web2py/applications/vidjil/models/VidjilAuth.py
+++ b/server/web2py/applications/vidjil/models/VidjilAuth.py
@@ -27,6 +27,7 @@ class VidjilAuth(Auth):
    permissions = {}

    def __init__(self, environment=None, db=None):
+        self.log = None
        super(VidjilAuth, self).__init__(environment, db)

    def preload(self):
@@ -610,3 +611,17 @@ class VidjilAuth(Auth):
                    (permission.table_name == table)
                    ._select(permission.record_id))
        return query
+
+    def log_event(self, description, vars=None, origin='auth'):
+        if self.log and description:
+            message = description % vars + '.'
+            for (k,v) in vars.iteritems():
+                if 'password' not in k:
+                    message += ' %s' % v 
+            if 'Logged-in' in description:
+                self.log.info(message)
+            else:
+                self.log.debug(message)
+
+    def __str__(self):
+        return "%04d – %s %s" % (self.id, self.first_name, self.last_name)
--- a/server/web2py/applications/vidjil/models/db.py
+++ b/server/web2py/applications/vidjil/models/db.py
@@ -95,6 +95,9 @@ auth.settings.remember_me_form = False
 auth.settings.logged_url = URL('user', 'info')
 auth.settings.login_next = URL('user', 'info')

+auth.settings.create_user_groups = 'user_%(id)04d'
+auth.messages.group_description = 'Group of user %(id)04d - %(first_name)s %(last_name)s'
+
 ## if you need to use OpenID, Facebook, MySpace, Twitter, Linkedin, etc.
 ## register with janrain.com, write your domain:api_key in private/janrain.key
 from gluon.contrib.login_methods.rpx_account import use_janrain
@@ -371,6 +374,7 @@ def _init_log():

 log = _init_log()

+auth.log = log
 auth.preload()

 current.log = log

--- a/server/web2py/applications/vidjil/views/sample_set/index.html
+++ b/server/web2py/applications/vidjil/views/sample_set/index.html
@@ -165,7 +165,7 @@
        {{if can_upload: }}
        {{if not auth.can_process_sample_set(request.vars['id']) :}}
  <br /> Once your data are uploaded, please
-  <a href="mailto:support@vidjil.org?Subject=%5Bvidjil%5D%20New%20sequences&Body=%0AHi%2C%0A%0AI%20uploaded%20some%20sequences%20on%20the%20app.vidjil.org%20server.%0ACould%20you%20run%20Vidjil%20on%20these%20data%20%3F%0A%0A">request an analysis</a>.
+  <a href="mailto:support@vidjil.org?Subject=%5Bvidjil%5D%20New%20sequences&Body=%0AHi%2C%0A%0AI%20uploaded%20some%20sequences%20on%20the%20app.vidjil.org%20server%20(set%20{{=request.vars['id']}}).%0ACould%20you%20run%20Vidjil%20on%20these%20data%20%3F%0A%0A">request an analysis</a>.
        {{pass}}

        {{pass}}