tailbone/tailbone/views/users.py

# -*- coding: utf-8 -*-
################################################################################
#
#  Rattail -- Retail Software Framework
#  Copyright © 2010-2016 Lance Edgar
#
#  This file is part of Rattail.
#
#  Rattail is free software: you can redistribute it and/or modify it under the
#  terms of the GNU Affero General Public License as published by the Free
#  Software Foundation, either version 3 of the License, or (at your option)
#  any later version.
#
#  Rattail is distributed in the hope that it will be useful, but WITHOUT ANY
#  WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
#  FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for
#  more details.
#
#  You should have received a copy of the GNU Affero General Public License
#  along with Rattail.  If not, see <http://www.gnu.org/licenses/>.
#
################################################################################
"""
User Views
"""

from __future__ import unicode_literals, absolute_import

from sqlalchemy import orm

from rattail.db import model
from rattail.db.auth import guest_role, authenticated_role, set_user_password

import formalchemy
from formalchemy.fields import SelectFieldRenderer
from webhelpers.html import HTML, tags

from tailbone import forms
from tailbone.db import Session
from tailbone.views import MasterView
from tailbone.views.continuum import VersionView, version_defaults


def unique_username(value, field):
    user = field.parent.model
    query = Session.query(model.User).filter(model.User.username == value)
    if user.uuid:
        query = query.filter(model.User.uuid != user.uuid)
    if query.count():
        raise formalchemy.ValidationError("Username must be unique.")


def passwords_match(value, field):
    if field.parent.confirm_password.value != value:
        raise formalchemy.ValidationError("Passwords do not match")
    return value


class PasswordFieldRenderer(formalchemy.PasswordFieldRenderer):

    def render(self, **kwargs):
        return tags.password(self.name, value='', maxlength=self.length, **kwargs)


class PasswordField(formalchemy.Field):

    def __init__(self, *args, **kwargs):
        kwargs.setdefault('value', lambda x: x.password)
        kwargs.setdefault('renderer', PasswordFieldRenderer)
        kwargs.setdefault('validate', passwords_match)
        super(PasswordField, self).__init__(*args, **kwargs)

    def sync(self):
        if not self.is_readonly():
            password = self.renderer.deserialize()
            if password:
                set_user_password(self.model, password)


def RolesFieldRenderer(request):

    class RolesFieldRenderer(SelectFieldRenderer):

        def render_readonly(self, **kwargs):
            roles = Session.query(model.Role)
            html = ''
            for uuid in self.value:
                role = roles.get(uuid)
                link = tags.link_to(
                    role.name, request.route_url('roles.view', uuid=role.uuid))
                html += HTML.tag('li', c=link)
            html = HTML.tag('ul', c=html)
            return html

    return RolesFieldRenderer


class RolesField(formalchemy.Field):

    def __init__(self, name, **kwargs):
        kwargs.setdefault('value', self.get_value)
        kwargs.setdefault('options', self.get_options())
        kwargs.setdefault('multiple', True)
        super(RolesField, self).__init__(name, **kwargs)

    def get_value(self, user):
        return [x.uuid for x in user.roles]

    def get_options(self):
        return Session.query(model.Role.name, model.Role.uuid)\
            .filter(model.Role.uuid != guest_role(Session()).uuid)\
            .filter(model.Role.uuid != authenticated_role(Session()).uuid)\
            .order_by(model.Role.name)\
            .all()

    def sync(self):
        if not self.is_readonly():
            user = self.model
            roles = Session.query(model.Role)
            data = self.renderer.deserialize()
            user.roles = [roles.get(x) for x in data]
                

class UsersView(MasterView):
    """
    Master view for the User model.
    """
    model_class = model.User

    def query(self, session):
        return session.query(model.User)\
                      .options(orm.joinedload(model.User.person))

    def configure_grid(self, g):
        g.joiners['person'] = lambda q: q.outerjoin(model.Person)

        del g.filters['password']
        del g.filters['salt']
        g.filters['username'].default_active = True
        g.filters['username'].default_verb = 'contains'
        g.filters['active'].default_active = True
        g.filters['active'].default_verb = 'is_true'
        g.filters['person'] = g.make_filter('person', model.Person.display_name, label="Person's Name",
                                            default_active=True, default_verb='contains')
        g.filters['password'] = g.make_filter('password', model.User.password,
                                              verbs=['is_null', 'is_not_null'])

        g.sorters['person'] = lambda q, d: q.order_by(getattr(model.Person.display_name, d)())
        g.default_sortkey = 'username'

        g.person.set(label="Person's Name")
        g.configure(
            include=[
                g.username,
                g.person,
            ],
            readonly=True)

    def configure_fieldset(self, fs):
        fs.username.set(renderer=forms.renderers.StrippedTextFieldRenderer, validate=unique_username)
        fs.person.set(options=[])
        fs.person.set(renderer=forms.renderers.PersonFieldLinkRenderer)
        fs.append(PasswordField('password', label="Set Password"))
        fs.password.attrs(autocomplete='off')
        fs.append(formalchemy.Field('confirm_password', renderer=PasswordFieldRenderer))
        fs.confirm_password.attrs(autocomplete='off')
        fs.append(RolesField('roles', renderer=RolesFieldRenderer(self.request)))
        fs.configure(
            include=[
                fs.username,
                fs.person,
                fs.active,
                fs.password,
                fs.confirm_password,
                fs.roles,
            ])
        if self.viewing:
            permissions = self.request.registry.settings.get('tailbone_permissions', {})
            renderer = forms.renderers.PermissionsFieldRenderer(permissions,
                                                                include_guest=True,
                                                                include_authenticated=True)
            fs.append(formalchemy.Field('permissions', renderer=renderer))
        if self.viewing or self.deleting:
            del fs.password
            del fs.confirm_password


class UserVersionView(VersionView):
    """
    View which shows version history for a user.
    """
    parent_class = model.User
    route_model_view = 'users.view'


def includeme(config):
    UsersView.defaults(config)
    version_defaults(config, UserVersionView, 'user')
Add "active" filter to users view; enable it by default. 2014-08-05 23:23:55 -05:00			`# -- coding: utf-8 --`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00			`################################################################################`
			`#`
			`# Rattail -- Retail Software Framework`
Add 'password is/not null' filter to users list view. 2016-02-01 16:11:24 -06:00			`# Copyright © 2010-2016 Lance Edgar`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00			`#`
			`# This file is part of Rattail.`
			`#`
			`# Rattail is free software: you can redistribute it and/or modify it under the`
			`# terms of the GNU Affero General Public License as published by the Free`
			`# Software Foundation, either version 3 of the License, or (at your option)`
			`# any later version.`
			`#`
			`# Rattail is distributed in the hope that it will be useful, but WITHOUT ANY`
			`# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS`
			`# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for`
			`# more details.`
			`#`
			`# You should have received a copy of the GNU Affero General Public License`
			`# along with Rattail. If not, see <http://www.gnu.org/licenses/>.`
			`#`
			`################################################################################`
			`"""`
Rebranded to Tailbone. 2013-09-01 09:27:47 -05:00			`User Views`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00			`"""`

Add 'password is/not null' filter to users list view. 2016-02-01 16:11:24 -06:00			`from __future__ import unicode_literals, absolute_import`
Add "active" filter to users view; enable it by default. 2014-08-05 23:23:55 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`from sqlalchemy import orm`

Add initial versioning support with SQLAlchemy-Continuum. 2015-02-09 15:33:16 -06:00			`from rattail.db import model`
Add awareness of special 'Authenticated' role, in permissions UI etc. 2016-06-15 12:51:10 -05:00			`from rattail.db.auth import guest_role, authenticated_role, set_user_password`
Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
			`import formalchemy`
Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00			`from formalchemy.fields import SelectFieldRenderer`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`from webhelpers.html import HTML, tags`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Add permissions field when viewing user details About damn time I'm sure... 2016-08-12 01:58:07 -05:00			`from tailbone import forms`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`from tailbone.db import Session`
			`from tailbone.views import MasterView`
			`from tailbone.views.continuum import VersionView, version_defaults`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def unique_username(value, field):`
			`user = field.parent.model`
			`query = Session.query(model.User).filter(model.User.username == value)`
			`if user.uuid:`
			`query = query.filter(model.User.uuid != user.uuid)`
			`if query.count():`
			`raise formalchemy.ValidationError("Username must be unique.")`
Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00

Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def passwords_match(value, field):`
			`if field.parent.confirm_password.value != value:`
			`raise formalchemy.ValidationError("Passwords do not match")`
			`return value`


			`class PasswordFieldRenderer(formalchemy.PasswordFieldRenderer):`

			`def render(self, **kwargs):`
			`return tags.password(self.name, value='', maxlength=self.length, **kwargs)`


			`class PasswordField(formalchemy.Field):`

			`def __init__(self, args, *kwargs):`
			`kwargs.setdefault('value', lambda x: x.password)`
			`kwargs.setdefault('renderer', PasswordFieldRenderer)`
			`kwargs.setdefault('validate', passwords_match)`
			`super(PasswordField, self).__init__(args, *kwargs)`
Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00
			`def sync(self):`
			`if not self.is_readonly():`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`password = self.renderer.deserialize()`
			`if password:`
			`set_user_password(self.model, password)`

Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00
			`def RolesFieldRenderer(request):`

			`class RolesFieldRenderer(SelectFieldRenderer):`

			`def render_readonly(self, **kwargs):`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`roles = Session.query(model.Role)`
Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00			`html = ''`
			`for uuid in self.value:`
			`role = roles.get(uuid)`
			`link = tags.link_to(`
Convert Roles to use master view. Also tweak the grid API here and there. 2015-08-11 15:01:21 -05:00			`role.name, request.route_url('roles.view', uuid=role.uuid))`
Major overhaul for standalone operation. This removes some of the `edbob` reliance, as well as borrowing some templates and styling etc. from Dtail. 2013-09-01 17:31:50 -05:00			`html += HTML.tag('li', c=link)`
			`html = HTML.tag('ul', c=html)`
			`return html`

			`return RolesFieldRenderer`


Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`class RolesField(formalchemy.Field):`
Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def __init__(self, name, **kwargs):`
			`kwargs.setdefault('value', self.get_value)`
			`kwargs.setdefault('options', self.get_options())`
			`kwargs.setdefault('multiple', True)`
			`super(RolesField, self).__init__(name, **kwargs)`
Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def get_value(self, user):`
			`return [x.uuid for x in user.roles]`
Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def get_options(self):`
			`return Session.query(model.Role.name, model.Role.uuid)\`
			`.filter(model.Role.uuid != guest_role(Session()).uuid)\`
Add awareness of special 'Authenticated' role, in permissions UI etc. 2016-06-15 12:51:10 -05:00			`.filter(model.Role.uuid != authenticated_role(Session()).uuid)\`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`.order_by(model.Role.name)\`
			`.all()`
Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
			`def sync(self):`
			`if not self.is_readonly():`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`user = self.model`
			`roles = Session.query(model.Role)`
			`data = self.renderer.deserialize()`
			`user.roles = [roles.get(x) for x in data]`

Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`class UsersView(MasterView):`
			`"""`
			`Master view for the User model.`
			`"""`
			`model_class = model.User`
Remove some edbob, unicode tweak, etc. In particular it was noticed that edbob has been configuring FormAlchemy all this time, whoops. That's still partially the case but now at least it's explicit. 2015-01-19 00:45:26 -06:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def query(self, session):`
			`return session.query(model.User)\`
			`.options(orm.joinedload(model.User.person))`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def configure_grid(self, g):`
			`g.joiners['person'] = lambda q: q.outerjoin(model.Person)`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`del g.filters['password']`
			`del g.filters['salt']`
			`g.filters['username'].default_active = True`
			`g.filters['username'].default_verb = 'contains'`
			`g.filters['active'].default_active = True`
			`g.filters['active'].default_verb = 'is_true'`
			`g.filters['person'] = g.make_filter('person', model.Person.display_name, label="Person's Name",`
			`default_active=True, default_verb='contains')`
Add 'password is/not null' filter to users list view. 2016-02-01 16:11:24 -06:00			`g.filters['password'] = g.make_filter('password', model.User.password,`
			`verbs=['is_null', 'is_not_null'])`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`g.sorters['person'] = lambda q, d: q.order_by(getattr(model.Person.display_name, d)())`
			`g.default_sortkey = 'username'`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`g.person.set(label="Person's Name")`
			`g.configure(`
			`include=[`
			`g.username,`
			`g.person,`
			`],`
			`readonly=True)`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`def configure_fieldset(self, fs):`
Strip whitespace from username field when editing User Otherwise can be a gotcha, if user doesn't know their username "has a space" etc. 2016-10-10 10:58:49 -05:00			`fs.username.set(renderer=forms.renderers.StrippedTextFieldRenderer, validate=unique_username)`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`fs.person.set(options=[])`
Add permissions field when viewing user details About damn time I'm sure... 2016-08-12 01:58:07 -05:00			`fs.person.set(renderer=forms.renderers.PersonFieldLinkRenderer)`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`fs.append(PasswordField('password', label="Set Password"))`
Disable autocomplete for password fields when editing user Er, at least try. Didn't seem to work in my local test though. 2016-05-06 11:40:25 -05:00			`fs.password.attrs(autocomplete='off')`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`fs.append(formalchemy.Field('confirm_password', renderer=PasswordFieldRenderer))`
Disable autocomplete for password fields when editing user Er, at least try. Didn't seem to work in my local test though. 2016-05-06 11:40:25 -05:00			`fs.confirm_password.attrs(autocomplete='off')`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`fs.append(RolesField('roles', renderer=RolesFieldRenderer(self.request)))`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00			`fs.configure(`
			`include=[`
			`fs.username,`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`fs.person,`
			`fs.active,`
			`fs.password,`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00			`fs.confirm_password,`
			`fs.roles,`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`])`
			`if self.viewing:`
Add permissions field when viewing user details About damn time I'm sure... 2016-08-12 01:58:07 -05:00			`permissions = self.request.registry.settings.get('tailbone_permissions', {})`
			`renderer = forms.renderers.PermissionsFieldRenderer(permissions,`
			`include_guest=True,`
			`include_authenticated=True)`
			`fs.append(formalchemy.Field('permissions', renderer=renderer))`
Fix template bug when deleting user 2016-10-25 18:14:43 -05:00			`if self.viewing or self.deleting:`
			`del fs.password`
			`del fs.confirm_password`
Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00

Add initial versioning support with SQLAlchemy-Continuum. 2015-02-09 15:33:16 -06:00			`class UserVersionView(VersionView):`
			`"""`
			`View which shows version history for a user.`
			`"""`
			`parent_class = model.User`
Fix some route names. 2015-12-08 16:18:29 -06:00			`route_model_view = 'users.view'`
Add initial versioning support with SQLAlchemy-Continuum. 2015-02-09 15:33:16 -06:00

Added Person autocomplete view and User CRUD views. 2013-05-07 19:41:58 -05:00			`def includeme(config):`
Convert User pages to use master view. And of course make some more tweaks to new grids etc. 2015-08-11 23:19:41 -05:00			`UsersView.defaults(config)`
Add initial versioning support with SQLAlchemy-Continuum. 2015-02-09 15:33:16 -06:00			`version_defaults(config, UserVersionView, 'user')`