From 64974b9a18ef08f5a9f65a17af5cb06c1db4295c Mon Sep 17 00:00:00 2001 From: RaNaN Date: Thu, 10 Mar 2011 13:19:36 +0100 Subject: webif user managment --- module/database/UserDatabase.py | 30 +++++++++++----- module/gui/Collector.py | 2 +- module/plugins/hoster/BasePlugin.py | 2 ++ module/remote/RemoteManager.py | 9 ++++- module/setup.py | 4 +-- module/web/json_app.py | 2 -- module/web/pyload_app.py | 60 ++++++++++++++++++++++++++++++-- module/web/templates/default/admin.html | 59 +++++++++++++++++++++++++++++++ module/web/templates/default/base.html | 2 +- module/web/templates/default/window.html | 4 +-- module/web/utils.py | 42 ++++++++++++++++------ 11 files changed, 186 insertions(+), 30 deletions(-) create mode 100644 module/web/templates/default/admin.html (limited to 'module') diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py index d2809fcea..6e04fa249 100644 --- a/module/database/UserDatabase.py +++ b/module/database/UserDatabase.py @@ -36,7 +36,7 @@ class ROLE: def has_permission(current, perms): # bytewise or perms before if needed - return current == (current & perms) + return perms == (current & perms) class UserMethods(): @style.queue @@ -69,18 +69,32 @@ class UserMethods(): c.execute('INSERT INTO users (name, password) VALUES (?, ?)', (user, password)) - @style.queue - def setPermission(db, userid, perms): - db.c.execute("UPDATE users SET permission=? WHERE id=?", (perms, userid)) - + @style.async + def setPermission(db, user, perms): + db.c.execute("UPDATE users SET permission=? WHERE name=?", (perms, user)) + + @style.async + def setRole(db, user, role): + db.c.execute("UPDATE users SET role=? WHERE name=?", (role, user)) + + @style.queue def listUsers(db): - c = db.c - c.execute('SELECT name FROM users') + db.c.execute('SELECT name FROM users') users = [] - for row in c.fetchall(): + for row in db.c: users.append(row[0]) return users + + @style.queue + def getAllUserData(db): + db.c.execute("SELECT name, permission, role FROM users") + user = {} + for r in db.c: + user[r[0]] = {"permission" : r[1], "role" : r[2]} + + return user + @style.queue def removeUser(db, user): diff --git a/module/gui/Collector.py b/module/gui/Collector.py index 75f693323..725960dee 100644 --- a/module/gui/Collector.py +++ b/module/gui/Collector.py @@ -406,7 +406,7 @@ class Link(object): "forrmat_size": f.format_size, "status": f.status, "statusmsg": f.statusmsg, - "package": f.package, + "package": f.packageID, "error": f.error, "order": f.order, "progress": f.progress diff --git a/module/plugins/hoster/BasePlugin.py b/module/plugins/hoster/BasePlugin.py index 0248ca624..d9ba3c166 100644 --- a/module/plugins/hoster/BasePlugin.py +++ b/module/plugins/hoster/BasePlugin.py @@ -32,6 +32,8 @@ class BasePlugin(Hoster): # # return + self.decryptCaptcha("http://localhost:9000/captcha") + if pyfile.url.startswith("http"): pyfile.name = re.findall("([^/=]+)", pyfile.url)[-1] diff --git a/module/remote/RemoteManager.py b/module/remote/RemoteManager.py index 941aac6e8..b102d549e 100644 --- a/module/remote/RemoteManager.py +++ b/module/remote/RemoteManager.py @@ -19,6 +19,8 @@ from threading import Thread from traceback import print_exc +from module.database.UserDatabase import ROLE + class BackendBase(Thread): def __init__(self, manager): Thread.__init__(self) @@ -83,4 +85,9 @@ class RemoteManager(): return True if self.core.startedInGui and remoteip == "127.0.0.1": return True - return self.core.db.checkAuth(user, password) + + user = self.core.db.checkAuth(user, password) + if user["role"] == ROLE.ADMIN: + return user + else: + return {} diff --git a/module/setup.py b/module/setup.py index 6316e295e..9be040b4e 100644 --- a/module/setup.py +++ b/module/setup.py @@ -291,7 +291,7 @@ class Setup(): print "" print _("## SSL Setup ##") print "" - print _("Execute these commands from pyLoad folder to make ssl certificates:") + print _("Execute these commands from pyLoad config folder to make ssl certificates:") print "" print "openssl genrsa -out ssl.key 1024" print "openssl req -new -key ssl.key -out ssl.csr" @@ -318,7 +318,7 @@ class Setup(): print _("2 - List users") print _("3 - Remove user") print _("4 - Quit") - action = raw_input("[1]/2/3/4 ") + action = raw_input("[1]/2/3/4: ") if not action in ("1", "2", "3", "4"): continue elif action == "1": diff --git a/module/web/json_app.py b/module/web/json_app.py index 428abaee7..ac1f3ec9c 100644 --- a/module/web/json_app.py +++ b/module/web/json_app.py @@ -242,8 +242,6 @@ def add_package(): data = {"password": pw} PYLOAD.set_package_data(pack, data) - return {"response" : "success"} - @route("/json/remove_package/:id") @validate(id=int) diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py index 160346ebd..179cf4cfc 100644 --- a/module/web/pyload_app.py +++ b/module/web/pyload_app.py @@ -35,7 +35,7 @@ from bottle import route, static_file, request, response, redirect, HTTPError, e from webinterface import PYLOAD, PROJECT_DIR, SETUP -from utils import render_to_response, parse_permissions, parse_userdata, login_required +from utils import render_to_response, parse_permissions, parse_userdata, login_required, get_permission, set_permission from filters import relpath, unquotepath from module.utils import formatSize, decode @@ -445,9 +445,63 @@ def logs(item=-1): [pre_processor]) @route("/admin") -@login_required("settings") +@route("/admin", method="POST") +@login_required("is_admin") def admin(): - return base(["Comming Soon."]) + + user = PYLOAD.get_user_data() + for data in user.itervalues(): + data["perms"] = {} + get_permission(data["perms"], data["permission"]) + data["perms"]["admin"] = True if data["role"] is 0 else False + + s = request.environ.get('beaker.session') + if request.environ.get('REQUEST_METHOD', "GET") == "POST": + for name in user: + if request.POST.get("%s|admin" % name, False): + user[name]["role"] = 0 + user[name]["perms"]["admin"] = True + elif name != s["name"]: + user[name]["role"] = 1 + user[name]["perms"]["admin"] = False + + if request.POST.get("%s|add" % name, False): + user[name]["perms"]["add"] = True + else: + user[name]["perms"]["add"] = False + + if request.POST.get("%s|delete" % name, False): + user[name]["perms"]["delete"] = True + else: + user[name]["perms"]["delete"] = False + + if request.POST.get("%s|status" % name, False): + user[name]["perms"]["status"] = True + else: + user[name]["perms"]["status"] = False + + if request.POST.get("%s|see_downloads" % name, False): + user[name]["perms"]["see_downloads"] = True + else: + user[name]["perms"]["see_downloads"] = False + + if request.POST.get("%s|download" % name, False): + user[name]["perms"]["download"] = True + else: + user[name]["perms"]["download"] = False + + if request.POST.get("%s|settings" % name, False): + user[name]["perms"]["settings"] = True + else: + user[name]["perms"]["settings"] = False + + + user[name]["permission"] = set_permission(user[name]["perms"]) + + PYLOAD.set_user_permission(name, user[name]["permission"], user[name]["role"]) + + + return render_to_response("admin.html", {"users": user} ,[pre_processor]) @route("/setup") diff --git a/module/web/templates/default/admin.html b/module/web/templates/default/admin.html new file mode 100644 index 000000000..5b6be26eb --- /dev/null +++ b/module/web/templates/default/admin.html @@ -0,0 +1,59 @@ +{% extends 'default/base.html' %} + +{% block title %}{{ _("Administrate User") }} - {{ super() }} {% endblock %} +{% block subtitle %}{{ _("Administrate User") }}{% endblock %} + +{% block content %} + +{{ _("Note: You can only change permissions for webinterface.") }} {{ _("To add user or change passwords use:") }} python pyLoadCore.py -u
+{{ _("Important: Admin user have always all permissions! Only Admin user can use other clients like CLI and GUI.") }} + +
+ + + + + + + + + + + + +{% for name, data in users.iteritems() %} + + + + + + + + + + +{% endfor %} + + +
+ {{ _("Name") }} + + {{ _("Admin") }} + + {{ _("Add downloads") }} + + {{ _("Delete downloads") }} + + {{ _("Change server status") }} + + {{ _("See queue/collector") }} + + {{ _("Download from webinterface") }} + + {{ _("Change settings") }} +
{{name}}
+ + +
+ +{% endblock %} \ No newline at end of file diff --git a/module/web/templates/default/base.html b/module/web/templates/default/base.html index 77774daf7..323f38b66 100644 --- a/module/web/templates/default/base.html +++ b/module/web/templates/default/base.html @@ -228,7 +228,7 @@ function AddBox() User:{{user.name}}