Merge branch 'feature-s/misc-auth' into 'dev'

Give more auth information in the logs (for user/group creation/modification), and for the request analysis email.

Closes #2960

See merge request !143

server/web2py/applications/vidjil/controllers/default.py

@@ -673,10 +673,17 @@ def user():
         auth.is_logged_in = lambda: False
         
         def post_register(form):
-            #default values for new user
-            group_id = db(db.auth_group.role == 'public' ).select()[0].id
+            # Set up a new user, after register
+
+            # Default permissions
             add_default_group_permissions(auth, auth.user_group())
+
+            # Appartenance to the public group
+            group_id = db(db.auth_group.role == 'public').select()[0].id
             db.auth_membership.insert(user_id = auth.user.id, group_id = group_id)
+
+            log.admin('User %s <%s> registered, group %s' % (auth.user.id, auth.user.email, auth.user_group()))
+
             #restore admin session after register
             session.auth = admin_auth
             auth.user = session.auth.user

server/web2py/applications/vidjil/controllers/group.py

@@ -79,8 +79,8 @@ def add_form():
         add_default_group_permissions(auth, id)
 
         res = {"redirect": "group/index",
-               "message" : "group '%s' created" % id}
-        log.info(res)
+               "message" : "group '%s' (%s) created" % (id, request.vars["group_name"])}
+        log.admin(res)
         return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
 
     else :
@@ -108,8 +108,8 @@ def edit_form():
                                                description=request.vars["info"])
 
         res = {"redirect": "group/index",
-               "message" : "group '%s' modified" % id}
-        log.info(res)
+               "message" : "group '%s' modified" % request.vars["id"]}
+        log.admin(res)
         return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
 
     else :
@@ -136,7 +136,7 @@ def delete():
     
     res = {"redirect": "group/index",
            "message": "group '%s' deleted" % request.vars["id"]}
-    log.info(res)
+    log.admin(res)
     return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
 
 
@@ -171,7 +171,9 @@ def remove_permission():
         auth.del_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])
 
     res = {"redirect" : "group/permission" ,
-           "args" : { "id" : request.vars["group_id"]} }
+           "args" : { "id" : request.vars["group_id"]},
+           "message": "user '%s' is not anymore owner of the group '%s'" % (request.vars["user_id"], request.vars["group_id"]) 
+    }
     log.info(res)
     return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
 
@@ -182,8 +184,9 @@ def change_permission():
         return error_message("ACCESS_DENIED")
     auth.add_permission(auth.user_group(request.vars["user_id"]), PermissionEnum.admin_group.value, db.auth_group, request.vars["group_id"])
 
-    res = {"redirect" : "group/permission" , "args" : { "id" : request.vars["group_id"]} }
-    log.info(res)
+    res = {"redirect" : "group/permission" , "args" : { "id" : request.vars["group_id"]},
+           "message": "user '%s' is now owner of the group '%s'" % (request.vars["user_id"], request.vars["group_id"]) }
+    log.admin(res)
     return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
     
 ## invite an user to join the group
@@ -195,7 +198,7 @@ def invite():
         res = {"redirect" : "group/info" ,
                "args" : { "id" : request.vars["group_id"]},
                "message" : "user '%s' added to group '%s'" % (request.vars["user_id"], request.vars["group_id"])}
-        log.info(res)
+        log.admin(res)
         return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
 
     else:
@@ -214,7 +217,7 @@ def kick():
         res = {"redirect" : "group/info" ,
                "args" : { "id" : request.vars["group_id"]},
                "message" : "user '%s' removed from group '%s'" % (request.vars["user_id"], request.vars["group_id"])}
-        log.info(res)
+        log.admin(res)
         return gluon.contrib.simplejson.dumps(res, separators=(',',':'))
 
     else:

server/web2py/applications/vidjil/models/VidjilAuth.py

@@ -27,6 +27,7 @@ class VidjilAuth(Auth):
     permissions = {}
 
     def __init__(self, environment=None, db=None):
+        self.log = None
         super(VidjilAuth, self).__init__(environment, db)
 
     def preload(self):
@@ -610,3 +611,17 @@ class VidjilAuth(Auth):
                     (permission.table_name == table)
                     ._select(permission.record_id))
         return query
+
+    def log_event(self, description, vars=None, origin='auth'):
+        if self.log and description:
+            message = description % vars + '.'
+            for (k,v) in vars.iteritems():
+                if 'password' not in k:
+                    message += ' %s' % v 
+            if 'Logged-in' in description:
+                self.log.info(message)
+            else:
+                self.log.debug(message)
+
+    def __str__(self):
+        return "%04d – %s %s" % (self.id, self.first_name, self.last_name)

server/web2py/applications/vidjil/models/db.py

@@ -95,6 +95,9 @@ auth.settings.remember_me_form = False
 auth.settings.logged_url = URL('user', 'info')
 auth.settings.login_next = URL('user', 'info')
 
+auth.settings.create_user_groups = 'user_%(id)04d'
+auth.messages.group_description = 'Group of user %(id)04d - %(first_name)s %(last_name)s'
+
 ## if you need to use OpenID, Facebook, MySpace, Twitter, Linkedin, etc.
 ## register with janrain.com, write your domain:api_key in private/janrain.key
 from gluon.contrib.login_methods.rpx_account import use_janrain
@@ -371,6 +374,7 @@ def _init_log():
 
 log = _init_log()
 
+auth.log = log
 auth.preload()
 
 current.log = log

server/web2py/applications/vidjil/views/sample_set/index.html

@@ -165,7 +165,7 @@
         {{if can_upload: }}
         {{if not auth.can_process_sample_set(request.vars['id']) :}}
   <br /> Once your data are uploaded, please
-  <a href="mailto:support@vidjil.org?Subject=%5Bvidjil%5D%20New%20sequences&Body=%0AHi%2C%0A%0AI%20uploaded%20some%20sequences%20on%20the%20app.vidjil.org%20server.%0ACould%20you%20run%20Vidjil%20on%20these%20data%20%3F%0A%0A">request an analysis</a>.
+  <a href="mailto:support@vidjil.org?Subject=%5Bvidjil%5D%20New%20sequences&Body=%0AHi%2C%0A%0AI%20uploaded%20some%20sequences%20on%20the%20app.vidjil.org%20server%20(set%20{{=request.vars['id']}}).%0ACould%20you%20run%20Vidjil%20on%20these%20data%20%3F%0A%0A">request an analysis</a>.
         {{pass}}
 
         {{pass}}