Back to index

moin  1.9.0~rc2
suid.py
Go to the documentation of this file.
00001 # -*- coding: iso-8859-1 -*-
00002 """
00003     MoinMoin - switch user form
00004 
00005     @copyright: 2001-2004 Juergen Hermann <jh@web.de>,
00006                 2003-2007 MoinMoin:ThomasWaldmann
00007                 2007      MoinMoin:JohannesBerg
00008     @license: GNU GPL, see COPYING for details.
00009 """
00010 
00011 from MoinMoin import user, util, wikiutil
00012 from MoinMoin.widget import html
00013 from MoinMoin.userprefs import UserPrefBase
00014 
00015 
00016 class Settings(UserPrefBase):
00017 
00018     def __init__(self, request):
00019         """ Initialize setuid settings form. """
00020         UserPrefBase.__init__(self, request)
00021         self.request = request
00022         self._ = request.getText
00023         self.cfg = request.cfg
00024         _ = self._
00025         self.title = _("Switch user")
00026         self.name = 'suid'
00027 
00028     def allowed(self):
00029         return (self.request.user.auth_method in self.request.cfg.auth_can_logout and
00030                UserPrefBase.allowed(self) and self.request.user.isSuperUser())
00031 
00032     def handle_form(self):
00033         _ = self._
00034         form = self.request.form
00035 
00036         if 'cancel' in form:
00037             return
00038 
00039         if (wikiutil.checkTicket(self.request, self.request.form['ticket'])
00040             and self.request.method == 'POST'):
00041             uid = form.get('selected_user', '')
00042             if not uid:
00043                 return 'error', _("No user selected")
00044             theuser = user.User(self.request, uid, auth_method='setuid')
00045             if not theuser or not theuser.exists():
00046                 return 'error', _("No user selected")
00047             # set valid to True so superusers can even switch
00048             # to disable accounts
00049             theuser.valid = True
00050             self.request._setuid_real_user = self.request.user
00051             # now continue as the other user
00052             self.request.user = theuser
00053             return  _("You can now change the settings of the selected user account; log out to get back to your account.")
00054         else:
00055             return None
00056 
00057     def _user_select(self):
00058         options = []
00059         users = user.getUserList(self.request)
00060         current_uid = self.request.user.id
00061         for uid in users:
00062             if uid != current_uid:
00063                 name = user.User(self.request, id=uid).name
00064                 options.append((uid, name))
00065         options.sort(lambda x, y: cmp(x[1].lower(), y[1].lower()))
00066 
00067         if not options:
00068             _ = self._
00069             self._only = True
00070             return _("You are the only user.")
00071 
00072         self._only = False
00073         size = min(10, len(options))
00074         return util.web.makeSelection('selected_user', options, current_uid, size=size)
00075 
00076     def create_form(self):
00077         """ Create the complete HTML form code. """
00078         _ = self._
00079         form = self.make_form(html.Text(_('As a superuser, you can temporarily '
00080                                           'assume the identity of another user.')))
00081 
00082         ticket = wikiutil.createTicket(self.request)
00083         self.make_row(_('Select User'), [self._user_select()], valign="top")
00084         form.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
00085         if not self._only:
00086             buttons = [html.INPUT(type="submit", name="select_user",
00087                                   value=_('Select User')),
00088                        ' ', ]
00089         else:
00090             buttons = []
00091         buttons.append(html.INPUT(type="submit", name="cancel",
00092                                   value=_('Cancel')))
00093         self.make_row('', buttons)
00094         return unicode(form)