12 files changed, 195 insertions, 30 deletions
diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
index d2809fcea..6e04fa249 100644
--- a/module/database/UserDatabase.py
+++ b/module/database/UserDatabase.py
@@ -36,7 +36,7 @@ class ROLE:
 
 def has_permission(current, perms):
     # bytewise or perms before if needed
-    return current == (current & perms)
+    return perms == (current & perms)
 
 class UserMethods():
     @style.queue
@@ -69,18 +69,32 @@ class UserMethods():
             c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password))
 
 
-    @style.queue
-    def setPermission(db, userid, perms):
-        db.c.execute("UPDATE users SET permission=? WHERE id=?", (perms, userid))
-    
+    @style.async
+    def setPermission(db, user, perms):
+        db.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user))
+
+    @style.async
+    def setRole(db, user, role):
+        db.c.execute("UPDATE users SET role=? WHERE name=?", (role, user))
+
+
     @style.queue
     def listUsers(db):
-        c = db.c
-        c.execute('SELECT name FROM users')
+        db.c.execute('SELECT name FROM users')
         users = []
-        for row in c.fetchall():
+        for row in db.c:
             users.append(row[0])
         return users
+
+    @style.queue
+    def getAllUserData(db):
+        db.c.execute("SELECT name, permission, role FROM users")
+        user = {}
+        for r in db.c:
+            user[r[0]] = {"permission" : r[1], "role" : r[2]}
+            
+        return user
+
     
     @style.queue
     def removeUser(db, user):
diff --git a/module/gui/Collector.py b/module/gui/Collector.py
index 75f693323..725960dee 100644
--- a/module/gui/Collector.py
+++ b/module/gui/Collector.py
@@ -406,7 +406,7 @@ class Link(object):
             "forrmat_size": f.format_size,
             "status": f.status,
             "statusmsg": f.statusmsg,
-            "package": f.package,
+            "package": f.packageID,
             "error": f.error,
             "order": f.order,
             "progress": f.progress
diff --git a/module/plugins/hoster/BasePlugin.py b/module/plugins/hoster/BasePlugin.py
index 0248ca624..d9ba3c166 100644
--- a/module/plugins/hoster/BasePlugin.py
+++ b/module/plugins/hoster/BasePlugin.py
@@ -32,6 +32,8 @@ class BasePlugin(Hoster):
 #
 #        return
 
+        self.decryptCaptcha("http://localhost:9000/captcha")
+
         if pyfile.url.startswith("http"):
 
             pyfile.name = re.findall("([^/=]+)", pyfile.url)[-1]
diff --git a/module/remote/RemoteManager.py b/module/remote/RemoteManager.py
index 941aac6e8..b102d549e 100644
--- a/module/remote/RemoteManager.py
+++ b/module/remote/RemoteManager.py
@@ -19,6 +19,8 @@
 from threading import Thread
 from traceback import print_exc
 
+from module.database.UserDatabase import ROLE
+
 class BackendBase(Thread):
     def __init__(self, manager):
         Thread.__init__(self)
@@ -83,4 +85,9 @@ class RemoteManager():
             return True
         if self.core.startedInGui and remoteip == "127.0.0.1":
             return True
-        return self.core.db.checkAuth(user, password)
+
+        user = self.core.db.checkAuth(user, password)
+        if user["role"] == ROLE.ADMIN:
+            return user
+        else:
+            return {}
diff --git a/module/setup.py b/module/setup.py
index 6316e295e..9be040b4e 100644
--- a/module/setup.py
+++ b/module/setup.py
@@ -291,7 +291,7 @@ class Setup():
         print ""
         print _("## SSL Setup ##")
         print ""
-        print _("Execute these commands from pyLoad folder to make ssl certificates:")
+        print _("Execute these commands from pyLoad config folder to make ssl certificates:")
         print ""
         print "openssl genrsa -out ssl.key 1024"
         print "openssl req -new -key ssl.key -out ssl.csr"
@@ -318,7 +318,7 @@ class Setup():
                 print _("2 - List users")
                 print _("3 - Remove user")
                 print _("4 - Quit")
-                action = raw_input("[1]/2/3/4 ")
+                action = raw_input("[1]/2/3/4: ")
                 if not action in ("1", "2", "3", "4"):
                     continue
                 elif action == "1":
diff --git a/module/web/json_app.py b/module/web/json_app.py
index 428abaee7..ac1f3ec9c 100644
--- a/module/web/json_app.py
+++ b/module/web/json_app.py
@@ -242,8 +242,6 @@ def add_package():
         data = {"password": pw}
         PYLOAD.set_package_data(pack, data)
 
-    return {"response" : "success"}
-
 
 @route("/json/remove_package/:id")
 @validate(id=int)
diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py
index 160346ebd..179cf4cfc 100644
--- a/module/web/pyload_app.py
+++ b/module/web/pyload_app.py
@@ -35,7 +35,7 @@ from bottle import route, static_file, request, response, redirect, HTTPError, e
 
 from webinterface import PYLOAD, PROJECT_DIR, SETUP
 
-from utils import render_to_response, parse_permissions, parse_userdata, login_required
+from utils import render_to_response, parse_permissions, parse_userdata, login_required, get_permission, set_permission
 from filters import relpath, unquotepath
 
 from module.utils import formatSize, decode
@@ -445,9 +445,63 @@ def logs(item=-1):
                               [pre_processor])
 
 @route("/admin")
-@login_required("settings")
+@route("/admin", method="POST")
+@login_required("is_admin")
 def admin():
-    return base(["Comming Soon."])
+
+    user = PYLOAD.get_user_data()
+    for data in user.itervalues():
+        data["perms"] = {}
+        get_permission(data["perms"], data["permission"])
+        data["perms"]["admin"] = True if data["role"] is 0 else False
+
+    s = request.environ.get('beaker.session')
+    if request.environ.get('REQUEST_METHOD', "GET") == "POST":
+        for name in user:
+            if request.POST.get("%s|admin" % name, False):
+                user[name]["role"] = 0
+                user[name]["perms"]["admin"] = True
+            elif name != s["name"]:
+                user[name]["role"] = 1
+                user[name]["perms"]["admin"] = False
+
+            if request.POST.get("%s|add" % name, False):
+                user[name]["perms"]["add"] = True
+            else:
+                user[name]["perms"]["add"] = False
+
+            if request.POST.get("%s|delete" % name, False):
+                user[name]["perms"]["delete"] = True
+            else:
+                user[name]["perms"]["delete"] = False
+
+            if request.POST.get("%s|status" % name, False):
+                user[name]["perms"]["status"] = True
+            else:
+                user[name]["perms"]["status"] = False
+
+            if request.POST.get("%s|see_downloads" % name, False):
+                user[name]["perms"]["see_downloads"] = True
+            else:
+                user[name]["perms"]["see_downloads"] = False
+
+            if request.POST.get("%s|download" % name, False):
+                user[name]["perms"]["download"] = True
+            else:
+                user[name]["perms"]["download"] = False
+
+            if request.POST.get("%s|settings" % name, False):
+                user[name]["perms"]["settings"] = True
+            else:
+                user[name]["perms"]["settings"] = False
+
+
+            user[name]["permission"] = set_permission(user[name]["perms"])
+
+            PYLOAD.set_user_permission(name, user[name]["permission"], user[name]["role"])
+
+
+    return render_to_response("admin.html", {"users": user} ,[pre_processor])
 
 
 @route("/setup")
diff --git a/module/web/templates/default/admin.html b/module/web/templates/default/admin.html
new file mode 100644
index 000000000..5b6be26eb
--- /dev/null
+++ b/module/web/templates/default/admin.html
@@ -0,0 +1,59 @@
+{% extends 'default/base.html' %}
+
+{% block title %}{{ _("Administrate User") }} - {{ super() }} {% endblock %}
+{% block subtitle %}{{ _("Administrate User") }}{% endblock %}
+
+{% block content %}
+
+{{ _("Note: You can only change permissions for webinterface.") }} {{ _("To add user or change passwords use:") }} <b>python pyLoadCore.py -u</b><br>
+{{ _("Important: Admin user have always all permissions! Only Admin user can use other clients like CLI and GUI.") }}
+
+<form action="" method="POST">
+<table class="settable wide">
+    <thead style="font-size: 11px">
+    <th>
+        {{ _("Name") }}
+    </th>
+    <th>
+        {{ _("Admin") }}
+    </th>
+    <th>
+        {{ _("Add downloads") }}
+    </th>
+    <th>
+        {{ _("Delete downloads") }}
+    </th>
+    <th>
+        {{ _("Change server status") }}
+    </th>
+    <th>
+        {{ _("See queue/collector") }}
+    </th>
+    <th>
+        {{ _("Download from webinterface") }}
+    </th>
+    <th>
+        {{ _("Change settings") }}
+    </th>
+    </thead>
+
+{% for name, data in users.iteritems() %}
+    <tr>
+        <td>{{name}}</td>
+        <td><input name="{{ name }}|admin" type="checkbox" {% if data.perms.admin %} checked="True" {% endif %}"></td>
+        <td><input name="{{ name }}|add" type="checkbox" {% if data.perms.add %} checked="True" {% endif %}"></td>
+        <td><input name="{{ name }}|delete" type="checkbox" {% if data.perms.delete %} checked="True" {% endif %}"></td>
+        <td><input name="{{ name }}|status" type="checkbox" {% if data.perms.status %} checked="True" {% endif %}"></td>
+        <td><input name="{{ name }}|see_downloads" type="checkbox" {% if data.perms.see_downloads %} checked="True" {% endif %}"></td>
+        <td><input name="{{ name }}|download" type="checkbox" {% if data.perms.download %} checked="True" {% endif %}"></td>
+        <td><input name="{{ name }}|settings" type="checkbox" {% if data.perms.settings %} checked="True" {% endif %}"></td>
+    </tr>
+{% endfor %}
+
+
+</table>
+
+<button class="styled_button" type="submit">{{ _("Submit") }}</button>
+</form>
+
+{% endblock %}
+\ No newline at end of file
diff --git a/module/web/templates/default/base.html b/module/web/templates/default/base.html
index 77774daf7..323f38b66 100644
--- a/module/web/templates/default/base.html
+++ b/module/web/templates/default/base.html
@@ -228,7 +228,7 @@ function AddBox()
 <img src="/media/default/img/head-login.png" alt="User:" style="vertical-align:middle; margin:2px" /><span style="padding-right: 2px;">{{user.name}}</span>
 	<ul id="user-actions">
 		<li><a href="/logout"  class="action logout" rel="nofollow">{{_("Logout")}}</a></li>
-		{% if user.is_staff %}
+		{% if user.is_admin %}
 		<li><a href="/admin" class="action profile" rel="nofollow">{{_("Administrate")}}</a></li>
 		{% endif %}
 
diff --git a/module/web/templates/default/window.html b/module/web/templates/default/window.html
index b59189a93..49de965a1 100644
--- a/module/web/templates/default/window.html
+++ b/module/web/templates/default/window.html
@@ -13,9 +13,9 @@
 <input id="add_name" name="add_name" type="text" size="20" />
 
 <label for="add_links">{{_("Links")}}
-<span class="small">{{_("Paste your links here")}}</span>
+<span class="small">{{_("Paste your links here or any text and press the filter button.")}}</span>
 <span class="small"> {{ _("Filter urls") }}
-<img alt="URIParsing" Title="Parse Uri" src="/media/default/img/parseUri.png" style="cursor:pointer;" onclick="parseUri()"/>
+<img alt="URIParsing" Title="Parse Uri" src="/media/default/img/parseUri.png" style="cursor:pointer; vertical-align: text-bottom;" onclick="parseUri()"/>
 </span>
 
 </label>
diff --git a/module/web/utils.py b/module/web/utils.py
index c76454c1f..afe5ac60c 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -35,7 +35,8 @@ def parse_permissions(session):
             "status": False,
             "see_downloads": False,
             "download" : False,
-            "settings": False}
+            "settings": False,
+            "is_admin": False}
 
     if not session.get("authenticated", False):
         return perms
@@ -43,20 +44,41 @@ def parse_permissions(session):
     if session.get("role") == ROLE.ADMIN:
         for k in perms.iterkeys():
             perms[k] = True
-    else:
-        p = session.get("permission")
-        perms["add"] = has_permission(p, PERMS.ADD)
-        perms["delete"] = has_permission(p, PERMS.DELETE)
-        perms["status"] = has_permission(p, PERMS.STATUS)
-        perms["see_downloads"] = has_permission(p, PERMS.SEE_DOWNLOADS)
-        perms["download"] = has_permission(p, PERMS.DOWNLOAD)
-        perms["settings"] = has_permission(p, PERMS.SETTINGS)
+
+    elif session.get("perms"):
+        p = session.get("perms")
+        get_permission(perms, p)
 
     return perms
 
+def get_permission(perms, p):
+    perms["add"] = has_permission(p, PERMS.ADD)
+    perms["delete"] = has_permission(p, PERMS.DELETE)
+    perms["status"] = has_permission(p, PERMS.STATUS)
+    perms["see_downloads"] = has_permission(p, PERMS.SEE_DOWNLOADS)
+    perms["download"] = has_permission(p, PERMS.DOWNLOAD)
+    perms["settings"] = has_permission(p, PERMS.SETTINGS)
+
+def set_permission(perms):
+    permission = 0
+    if perms["add"]:
+        permission |= PERMS.ADD
+    if perms["delete"]:
+        permission |= PERMS.DELETE
+    if perms["status"]:
+        permission |= PERMS.STATUS
+    if perms["see_downloads"]:
+        permission |= PERMS.SEE_DOWNLOADS
+    if perms["download"]:
+        permission |= PERMS.DOWNLOAD
+    if perms["settings"]:
+        permission |= PERMS.SETTINGS
+
+    return permission
+
 def parse_userdata(session):
     return {"name": session.get("name", "Anonymous"),
-            "is_staff": True,
+            "is_admin": True if session.get("role", 1) == 0 else False,
             "is_authenticated": session.get("authenticated", False)}
 
 def login_required(perm=None):
diff --git a/pyLoadCore.py b/pyLoadCore.py
index 1bd194f94..fc2ce8e29 100755
--- a/pyLoadCore.py
+++ b/pyLoadCore.py
@@ -839,6 +839,15 @@ class ServerMethods():
     def checkAuth(self, username, password):
         return self.core.db.checkAuth(username, password)
 
+    def get_user_data(self):
+        return self.core.db.getAllUserData()
+
+    def set_user_permission(self, user, permission, role):
+
+        self.core.db.setPermission(user, permission)
+        self.core.db.setRole(user, role)
+
+
 def deamon():
     try:
         pid = os.fork()