Mercurial > avadmin > converted

changeset 456:8649b836b7ff

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Use securitycheck() (Logical change 1.133)
author home!jeffpc
date Thu, 01 Jan 2004 20:46:28 +0000
parents b60f8e4f7c79
children c113e7b720fd
files eq_edit.py eq_image.py eq_log.py eq_ls.py eq_rm.py eq_view.py eq_vimg.py log.py log_pdf.py mess_ls.py mess_read.py mess_rm.py room_edit.py room_ls.py rules_ls.py rules_rm.py sec_log.py settings_edit.py settings_ls.py sys_log.py template.py user_log.py user_ls.py work_log.py
diffstat 24 files changed, 124 insertions(+), 111 deletions(-) [+]
line wrap: on
line diff
--- a/eq_edit.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_edit.py	Thu Jan 01 20:46:28 2004 +0000
@@ -40,11 +40,8 @@
 print conn.html.header(prefix + "Equipment")
 print conn.html.heading(prefix + "Equipment")
 
-if ((not conn.user.getPERM()["eq"]) and ((not(conn.user.getPERM()["eqm"]) and (conn.validatestring(eqn,caps=0,lower=0))) or (not(conn.user.getPERM()["eqa"]) and (add)) or (not(conn.user.getPERM()["eqr"]) and (conn.validatestring(eqn,caps=0,lower=0))))):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck((conn.user.getPERM()["eq"] and ((conn.user.getPERM()["eqm"]) or (conn.user.getPERM()["eqa"] and add)))
+,loglevel=av_log.SECLOG)
 
 eqv = {"featid": 1, "name": "", "sn": "", "func": 0, "note": "", "submit": "Add"}
 
--- a/eq_image.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_image.py	Thu Jan 01 20:46:28 2004 +0000
@@ -29,12 +29,7 @@
 
 eqn = conn.getparam("eqn") # FIXME: Validate this number
 
-if (not(conn.user.getPERM()["eq"])):
-	print conn.html.content("text/plain")
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["eq"],loglevel=av_log.SECLOG)
 
 dbid = conn.db.newid()
 dbid.execute("SELECT `imagetype`, `image` FROM `equip` WHERE `id` = " + str(eqn) + ";")
--- a/eq_log.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_log.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Equipment Log")
 print conn.html.heading("Equipment Log")
 
-if (not(conn.user.getPERM()["eql"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["eql"],loglevel=av_log.SECLOG)
 
 print "This page does not do anything, yet."
 
--- a/eq_ls.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_ls.py	Thu Jan 01 20:46:28 2004 +0000
@@ -32,11 +32,7 @@
 print conn.html.header("Equipment")
 print conn.html.heading("Equipment")
 
-if (not(conn.user.getPERM()["eq"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["eq"],loglevel=av_log.SECLOG)
 
 # FIXME: make me pretty looking
 
--- a/eq_rm.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_rm.py	Thu Jan 01 20:46:28 2004 +0000
@@ -35,11 +35,7 @@
 print conn.html.header("Remove Equipment")
 print conn.html.heading("Remove Equipment")
 
-if (not(conn.user.getPERM()["eqr"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["eqr"],loglevel=av_log.SECLOG)
 
 eq = av_eq.Equip(conn,eqn)
 
--- a/eq_view.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_view.py	Thu Jan 01 20:46:28 2004 +0000
@@ -36,11 +36,7 @@
 print conn.html.header("View Equipment")
 print conn.html.heading("View Equipment")
 
-if (not conn.user.getPERM()["eq"]):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["eq"],loglevel=av_log.SECLOG)
 
 eq = av_eq.Equip(conn,eqn)
 
--- a/eq_vimg.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/eq_vimg.py	Thu Jan 01 20:46:28 2004 +0000
@@ -0,0 +1,49 @@
+#!/usr/bin/python
+
+#/*
+# * AV Admin - Helps to manage an AV department
+# *
+# * Copyright (C) 2003 Josef "Jeff" Sipek
+# *
+# * This program is free software; you can redistribute it and/or modify
+# * it under the terms of the GNU General Public License as published by
+# * the Free Software Foundation; either version 2 of the License, or
+# * (at your option) any later version.
+# *
+# * This program is distributed in the hope that it will be useful,
+# * but WITHOUT ANY WARRANTY; without even the implied warranty of
+# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# * GNU General Public License for more details.
+# *
+# * You should have received a copy of the GNU General Public License
+# * along with this program; if not, write to the Free Software
+# * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# *
+# * $Id$
+# */
+
+
+import av_conn
+import av_eq
+import av_room
+import av_log
+
+conn = av_conn.Conn()
+
+eqn = conn.getparam("eqn") # FIXME: Validate this number
+
+print conn.html.content("text/html")
+print conn.html.header("Equipment Image")
+print conn.html.heading("Equipment Image")
+
+conn.securitycheck(conn.user.getPERM()["eq"],loglevel=av_log.SECLOG)
+
+eq = av_eq.Equip(conn,eqn)
+
+# Image size work-around; FIXME: make this nicer
+if (eq.getImgT().__len__()):
+	print "<img src=\"" + conn.makeURL("eq_image.py",params={"eqn":eqn}) + "\" alt=\"[photo of " + eq.getName() + "]\" />\n"
+else:
+	print eq.getName() + " does not have a photo."
+
+print conn.html.footer()
--- a/log.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/log.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Logs")
 print conn.html.heading("Logs")
 
-if (not(conn.user.getPERM()["eql"] and conn.user.getPERM()["userl"] and conn.user.getPERM()["workl"] and conn.user.getPERM()["secl"] and conn.user.getPERM()["sysl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck((conn.user.getPERM()["eql"] and conn.user.getPERM()["userl"] and conn.user.getPERM()["workl"] and conn.user.getPERM()["secl"] and conn.user.getPERM()["sysl"]),loglevel=av_log.SECLOG)
 
 # FIXME: make me pretty looking
 	
--- a/log_pdf.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/log_pdf.py	Thu Jan 01 20:46:28 2004 +0000
@@ -34,11 +34,7 @@
 print conn.html.header("Logs - PDF")
 print conn.html.heading("Logs - PDF")
 
-if (not(conn.user.getPERM()["eql"] and conn.user.getPERM()["userl"] and conn.user.getPERM()["workl"] and conn.user.getPERM()["secl"] and conn.user.getPERM()["sysl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck((conn.user.getPERM()["eql"] and conn.user.getPERM()["userl"] and conn.user.getPERM()["workl"] and conn.user.getPERM()["secl"] and conn.user.getPERM()["sysl"]),loglevel=av_log.SECLOG)
 
 # FIXME: make me pretty looking
 # FIXME: need exception handling in many places
--- a/mess_ls.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/mess_ls.py	Thu Jan 01 20:46:28 2004 +0000
@@ -32,11 +32,7 @@
 print conn.html.header("Messages")
 print conn.html.heading("Messages")
 
-if (not(conn.user.getPERM()["mess"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["mess"],loglevel=av_log.SECLOG)
 
 if (av_message.totalMessages(conn)):
 	print "<table class=\"plain\">\n"
--- a/mess_read.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/mess_read.py	Thu Jan 01 20:46:28 2004 +0000
@@ -32,11 +32,7 @@
 print conn.html.header("Read Message")
 print conn.html.heading("Read Message")
 
-if (not(conn.user.getPERM()["mess"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["mess"],loglevel=av_log.SECLOG)
 
 messid = conn.getparam("messid") # FIXME: check this number
 
--- a/mess_rm.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/mess_rm.py	Thu Jan 01 20:46:28 2004 +0000
@@ -32,11 +32,7 @@
 print conn.html.header("Delete Message")
 print conn.html.heading("Delete Message")
 
-if (not(conn.user.getPERM()["mess"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["mess"],loglevel=av_log.SECLOG)
 
 messid = conn.getparam("messid") # FIXME: check this number
 conf = conn.getparam("confirmed") # FIXME: Validate this
--- a/room_edit.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/room_edit.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Room Editor")
 print conn.html.heading("Room Editor")
 
-if (not(conn.user.getPERM()["room"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["room"],loglevel=av_log.SECLOG)
 	
 room = conn.getparam("room")
 
--- a/room_ls.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/room_ls.py	Thu Jan 01 20:46:28 2004 +0000
@@ -33,11 +33,7 @@
 print conn.html.header("Rooms")
 print conn.html.heading("Rooms")
 
-if (not(conn.user.getPERM()["room"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["room"],loglevel=av_log.SECLOG)
 
 # FIXME: make me pretty looking
 
--- a/rules_ls.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/rules_ls.py	Thu Jan 01 20:46:28 2004 +0000
@@ -32,11 +32,7 @@
 print conn.html.header("Rules")
 print conn.html.heading("Rules")
 
-if ((not av_settings.getSetting(conn,"showrules")) and (not conn.user.getPERM()["rules"])):
-	print "Sorry, but the rules cannot be displayed."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but rules have been deactivated")
-	conn.exit()
+conn.securitycheck((av_settings.getSetting(conn,"showrules") or conn.user.getPERM()["rules"]),loglevel=av_log.SECLOG,printtext="Sorry, but the rules cannot be displayed.",logmessage="User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but rules have been deactivated")
 
 if (not int(av_settings.getSetting(conn,"showrules"))):
 	print "<b>Warning!</b> Rules are deactivated.<br /><br />"
--- a/rules_rm.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/rules_rm.py	Thu Jan 01 20:46:28 2004 +0000
@@ -0,0 +1,52 @@
+#!/usr/bin/python
+
+#/*
+# * AV Admin - Helps to manage an AV department
+# *
+# * Copyright (C) 2003 Josef "Jeff" Sipek
+# *
+# * This program is free software; you can redistribute it and/or modify
+# * it under the terms of the GNU General Public License as published by
+# * the Free Software Foundation; either version 2 of the License, or
+# * (at your option) any later version.
+# *
+# * This program is distributed in the hope that it will be useful,
+# * but WITHOUT ANY WARRANTY; without even the implied warranty of
+# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# * GNU General Public License for more details.
+# *
+# * You should have received a copy of the GNU General Public License
+# * along with this program; if not, write to the Free Software
+# * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+# *
+# * $Id$
+# */
+
+import av_conn
+import av_settings
+import av_log
+
+conn = av_conn.Conn()
+
+print conn.html.content("text/html")
+print conn.html.header("Rules")
+print conn.html.heading("Rules")
+
+conn.securitycheck((av_settings.getSetting(conn,"showrules") or conn.user.getPERM()["rules"]),loglevel=av_log.SECLOG,printtext="Sorry, but the rules cannot be displayed.",logmessage="User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but rules have been deactivated")
+
+conf = conn.getparam("confirmed") # FIXME: Validate these
+rulen = conn.getparam("rulen")
+
+recs = conn.db.execSQL("SELECT `rule`, `ruleid` FROM `rules` WHERE `id` = " + str(rulen) + ";")
+# FIXME: make sure we get only one
+
+rule = recs[0][0]
+ruleid = recs[0][1]
+
+if (not conf):
+	print conn.html.areyousure((conn.makeURL("rules_rm.py",params={"rulen":rulen,"confirmed":"1"}),conn.makeURL("rules_ls.py",)),"Are you sure you want to delete rule #" + str(ruleid) + " (&quot;" + rule + "&quot;)?")
+else:
+	conn.db.execSQL("DELETE FROM `rules` WHERE `id` = " + str(rulen) + ";") # FIXME: add error checking
+	print "Rule # " + str(ruleid) + " has been successfully removed!"
+
+print conn.html.footer()
--- a/sec_log.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/sec_log.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Security Log")
 print conn.html.heading("Security Log")
 
-if (not(conn.user.getPERM()["secl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["secl"],loglevel=av_log.SECLOG)
 
 print "This page does not do anything, yet."
 
--- a/settings_edit.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/settings_edit.py	Thu Jan 01 20:46:28 2004 +0000
@@ -37,11 +37,7 @@
 	print conn.html.header("Edit Settings")
 	print conn.html.heading("Edit Settings")
 
-if (not(conn.user.getPERM()["settings"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["settings"],loglevel=av_log.SECLOG)
 
 setid = conn.getparam("setid") # FIXME: check this for validity
 
--- a/settings_ls.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/settings_ls.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Settings")
 print conn.html.heading("Settings")
 
-if (not(conn.user.getPERM()["settings"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["settings"],loglevel=av_log.SECLOG)
 
 # FIXME: log access to this page
 
--- a/sys_log.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/sys_log.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("System Log")
 print conn.html.heading("System Log")
 
-if (not(conn.user.getPERM()["sysl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["sysl"],loglevel=av_log.SECLOG)
 
 print "This page does not do anything, yet."
 
--- a/template.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/template.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Template")
 print conn.html.heading("Template")
 
-if (not(conn.user.getPERM()["userl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["userl"],loglevel=av_log.SECLOG)
 
 print "This page does not do anything, yet."
 
--- a/user_log.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/user_log.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("User Log")
 print conn.html.heading("User Log")
 
-if (not(conn.user.getPERM()["userl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["userl"],loglevel=av_log.SECLOG)
 
 print "This page does not do anything, yet."
 
--- a/user_ls.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/user_ls.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Users")
 print conn.html.heading("Users")
 
-if (not(conn.user.getPERM()["user"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["user"],loglevel=av_log.SECLOG)
 
 # FIXME: make me pretty looking
 
--- a/work_log.py	Thu Jan 01 20:46:28 2004 +0000
+++ b/work_log.py	Thu Jan 01 20:46:28 2004 +0000
@@ -31,11 +31,7 @@
 print conn.html.header("Work Log")
 print conn.html.heading("Work Log")
 
-if (not(conn.user.getPERM()["workl"])):
-	print "Sorry, but you don't have the necesarry priveledges to view this page."
-	print conn.html.footer()
-	av_log.seclog(conn,"User \"" + conn.user.UID2User() + "\" tried to access " + conn.currentscript() + " but lacks the necessary priv.")
-	conn.exit()
+conn.securitycheck(conn.user.getPERM()["workl"],loglevel=av_log.SECLOG)
 
 print "This page does not do anything, yet."