Mercurial > moin > 1.9
view MoinMoin/userprefs/suid.py @ 4468:fad2936d33a7 1.8.1
added dummy mig script for 1.8.1, bumped version number
| author | Thomas Waldmann <tw AT waldmann-edv DOT de> |
|---|---|
| date | Wed, 24 Dec 2008 16:32:46 +0100 |
| parents | 7bfd4232cfb7 |
| children | 126559845d4b df2301035a3c b29b47f681dd |
line wrap: on
line source
# -*- coding: iso-8859-1 -*- """ MoinMoin - switch user form @copyright: 2001-2004 Juergen Hermann <jh@web.de>, 2003-2007 MoinMoin:ThomasWaldmann 2007 MoinMoin:JohannesBerg @license: GNU GPL, see COPYING for details. """ from MoinMoin import user, util, wikiutil from MoinMoin.widget import html from MoinMoin.userprefs import UserPrefBase class Settings(UserPrefBase): def __init__(self, request): """ Initialize setuid settings form. """ UserPrefBase.__init__(self, request) self.request = request self._ = request.getText self.cfg = request.cfg _ = self._ self.title = _("Switch user") self.name = 'suid' def allowed(self): return (UserPrefBase.allowed(self) and self.request.user.isSuperUser() or (not self.request._setuid_real_user is None and (self.request._setuid_real_user.isSuperUser()))) def handle_form(self): _ = self._ form = self.request.form if 'cancel' in form: return if (wikiutil.checkTicket(self.request, self.request.form['ticket'][0]) and self.request.request_method == 'POST'): uid = form.get('selected_user', [''])[0] if not uid: return 'error', _("No user selected") theuser = user.User(self.request, uid, auth_method='setuid') if not theuser or not theuser.exists(): return 'error', _("No user selected") # set valid to True so superusers can even switch # to disable accounts theuser.valid = True self.request.session['setuid'] = uid self.request._setuid_real_user = self.request.user # now continue as the other user self.request.user = theuser return _("You can now change the settings of the selected user account; log out to get back to your account.") else: return None def _user_select(self): options = [] users = user.getUserList(self.request) realuid = None if hasattr(self.request, '_setuid_real_user') and self.request._setuid_real_user: realuid = self.request._setuid_real_user.id else: realuid = self.request.user.id for uid in users: if uid != realuid: name = user.User(self.request, id=uid).name options.append((uid, name)) options.sort(lambda x, y: cmp(x[1].lower(), y[1].lower())) size = min(5, len(options)) current_user = self.request.user.id if not options: _ = self._ self._only = True return _("You are the only user.") self._only = False return util.web.makeSelection('selected_user', options, current_user, size=size) def create_form(self): """ Create the complete HTML form code. """ _ = self._ form = self.make_form(html.Text(_('As a superuser, you can temporarily ' 'assume the identity of another user.'))) ticket = wikiutil.createTicket(self.request) self.make_row('Select User', [self._user_select()], valign="top") form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket)) if not self._only: buttons = [html.INPUT(type="submit", name="select_user", value=_('Select User')), ' ', ] else: buttons = [] buttons.append(html.INPUT(type="submit", name="cancel", value=_('Cancel'))) self.make_row('', buttons) return unicode(form)