wcs/wcs/qommon/myspace.py

# w.c.s. - web application for online forms
# Copyright (C) 2005-2010  Entr'ouvert
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.

from quixote import get_publisher, get_request, redirect, get_response, get_session_manager
from quixote.directory import Directory
from quixote.html import htmltext, TemplateIO

from . import _, N_
from . import template
from .form import *
from . import get_cfg
from . import errors

from .ident.password_accounts import PasswordAccount

from wcs.qommon.admin.texts import TextsDirectory

# This module depends upon the following protocol from the user class:
#
# protocol User:
#   def can_go_in_admin(self): User -> boolean
#   def can_go_in_backoffice(self): User -> boolean
#   def get_formdef(self): User -> an object responding to the FormDef protocol
#
# protocol FormDef:
#    fields = list of object responding to the Field protocol
#    def add_field_to_form(self, form, form_data): FormDef -> quixote.form.Form -> dict -> void
#       "add the fields in the form definition to a Quixote HTML form"
#
# protocol Field:
#    id = identifier of the field in an HTML form
#
class MyspaceDirectory(Directory):
    _q_exports = ['', 'profile', 'new', 'password', 'remove']

    def _q_traverse(self, path):
        get_response().breadcrumb.append(('myspace/', _('My Space')))
        return Directory._q_traverse(self, path)

    def _q_index(self):
        user = get_request().user
        if not user:
            raise errors.AccessUnauthorizedError()

        template.html_top(_('My Space'))
        r = TemplateIO(html=True)

        if user.can_go_in_admin() or user.can_go_in_backoffice():
            root_url = get_publisher().get_root_url()
            r += htmltext('<p id="profile-links">')
            r += htmltext('<a href="%sbackoffice/">%s</a>') % (root_url, _('back office'))
            r += htmltext('</p>')

        ident_methods = get_cfg('identification', {}).get('methods', ['idp']) or []
        passwords_cfg = get_cfg('passwords', {})

        formdef = user.get_formdef()
        if formdef:
            r += htmltext('<h3>%s</h3>') % _('My Profile')

            r += TextsDirectory.get_html_text('top-of-profile')

            if user.form_data:
                r += htmltext('<ul>')
                for field in formdef.fields:
                    if not hasattr(field, str('get_view_value')):
                        continue
                    value = user.form_data.get(field.id)
                    r += htmltext('<li>')
                    r += field.label
                    r += ' : '
                    r += field.get_view_value(value)
                    r += htmltext('</li>')
                r += htmltext('</ul>')
            else:
                r += htmltext('<p>%s</p>') % _('Empty profile')

        r += htmltext('<p class="command"><a href="profile" rel="popup">%s</a></p>') % _('Edit My Profile')

        if 'password' in ident_methods and passwords_cfg.get('can_change', False):
            r += htmltext('<p class="command"><a href="password" rel="popup">%s</a></p>') % _('Change My Password')

        r += htmltext('<p class="command"><a href="remove" rel="popup">%s</a></p>') % _('Remove My Account')

        return r.getvalue()

    def profile(self):
        user = get_request().user
        if not user:
            raise errors.AccessUnauthorizedError()

        form = Form(enctype = 'multipart/form-data')
        formdef = user.get_formdef()
        formdef.add_fields_to_form(form, form_data = user.form_data)

        form.add_submit('submit', _('Apply Changes'))
        form.add_submit('cancel', _('Cancel'))

        if form.get_submit() == 'cancel':
            return redirect('.')

        if form.is_submitted() and not form.has_errors():
            self.profile_submit(form, formdef)
            return redirect('.')

        template.html_top(_('Edit Profile'))
        return form.render()

    def profile_submit(self, form, formdef):
        user = get_request().user
        data = formdef.get_data(form)

        user.set_attributes_from_formdata(data)
        user.form_data = data

        user.store()

    def password(self):
        ident_methods = get_cfg('identification', {}).get('methods', ['idp']) or []
        if not 'password' in ident_methods:
            raise errors.TraversalError()

        user = get_request().user
        if not user:
            raise errors.AccessUnauthorizedError()

        form = Form(enctype = 'multipart/form-data')
        form.add(PasswordWidget, 'new_password', title = _('New Password'),
                required=True)
        form.add(PasswordWidget, 'new2_password', title = _('New Password (confirm)'),
                required=True)

        form.add_submit('submit', _('Change Password'))
        form.add_submit('cancel', _('Cancel'))

        if form.get_submit() == 'cancel':
            return redirect('.')

        if form.is_submitted() and not form.has_errors():
            from .qommon.ident.password import check_password
            check_password(form, 'new_password')
            new_password = form.get_widget('new_password').parse()
            new2_password = form.get_widget('new2_password').parse()
            if new_password != new2_password:
                form.set_error('new2_password', _('Passwords do not match'))

        if form.is_submitted() and not form.has_errors():
            passwords_cfg = get_cfg('passwords', {})
            account = PasswordAccount.get(get_session().username)
            account.hashing_algo = passwords_cfg.get('hashing_algo')
            account.set_password(new_password)
            account.store()
            return redirect('.')

        template.html_top(_('Change Password'))
        return form.render()

    def remove(self):
        user = get_request().user
        if not user:
            raise errors.AccessUnauthorizedError()

        form = Form(enctype = 'multipart/form-data')
        form.widgets.append(HtmlWidget('<p>%s</p>' % _(
                        'Are you really sure you want to remove your account?')))
        form.add_submit('submit', _('Remove my account'))
        form.add_submit('cancel', _('Cancel'))

        if form.get_submit() == 'cancel':
            return redirect('.')

        if form.is_submitted() and not form.has_errors():
            user = get_request().user
            try:
                account = PasswordAccount.get_on_index(user.id, str('user_id'))
                account.remove_self()
            except KeyError:
                pass
            get_session_manager().expire_session()
            return redirect(get_publisher().get_root_url())

        template.html_top(_('Removing Account'))
        return form.render()

TextsDirectory.register('top-of-profile',
        N_('Text on top of the profile page'))