'''Staff management.'''import timefrom sqlalchemy.sql import case, or_, an

1. '''Staff management.'''
2.  
3. import time
4. from sqlalchemy.sql import case, or_, and_, select, func, null
5.  
6. import strings
7. import model
8. import misc
9. import staff_interface
10. import config, config_defaults
11. from util import WakaError, local
12. from template import Template
13.  
14. # TODO: Synchronized cache of staff personnel objects.
15. # _staff = {}
16.  
17. # Staff class types.
18. ADMIN = 'admin'
19. GLOBAL_MOD = 'globmod'
20. MODERATOR = 'mod'
21. CLASSES = (ADMIN, GLOBAL_MOD, MODERATOR)
22.  
23. # Login cookie expire times (in seconds).
24. SAVED_LOGIN_EXPIRE = 365 * 24 * 3600
25. UNSAVED_LOGIN_EXPIRE = 3600
26.  
27. # Staff Accounts and Logins
28. class LoginData(object):
29.     '''Class for interfacing with prefetched login data.'''
30.  
31.     def ___init___(self, user, addr):
32.         self.addr = addr
33.         self.crypt = misc.hide_critical_data\
34.                        (','.join((user.password, remote)), config.SECRET)
35.         self.username = user.username
36.         self.cookie_str = ','.join((self.username, self.crypt))
37.  
38.     def make_cookie(self, save_login=False):
39.         misc.make_cookies(admin=self._cstring)
40.  
41.         if save_login:
42.             misc.make_cookies(wakaadminsave='1', wakaadmin=self.crypt,
43.                               expires=time.time()+SAVED_LOGIN_EXPIRE)
44.         else:
45.             misc.make_cookies(wakaadminsave='0', wakaadmin=self.crypt,
46.                               expires=time.time()+UNSAVED_LOGIN_EXPIRE)
47.  
48. # Class for representing staff
49. class StaffMember(object):
50.     '''A staff object for acquiring and updating personnel account
51.    information. Use the class factory method to initialize:
52.    
53.    >> StaffMember.get('SirDerpDeeDoo')
54.    
55.    To create new staff accounts, use the add_staff() function instead.'''
56.  
57.     def __init__(self, username):
58.         session = model.Session()
59.         table = model.account
60.         table.create(bind=model.engine, checkfirst=True)
61.         sql = table.select().where(table.c.username == username)
62.         row = session.execute(sql).fetchone()
63.         self._table = table
64.  
65.         if row is None:
66.             raise LoginError('Staff not found.')
67.  
68.         # Grab parameters from database. Password is pre-encrypted.
69.         self.username = username
70.         self._password = row.password
71.         self._class = row.account
72.         self._reign = row.reign.split(',')
73.         self._disabled = row.disabled
74.         self._update_dict = {}
75.  
76.         # Not logged in yet.
77.         self._login_data = None
78.  
79.     def _update_db(self, **kwargs):
80.         self._update_dict += kwargs
81.  
82.     @property
83.     def password(self):
84.         return self._password
85.  
86.     @password.setter
87.     def password(self, new):
88.         table = self._table
89.         # TODO: Sanity checks
90.  
91.         kwargs = {'password' : new}
92.         self._update_db(**kwargs)
93.         self._password = new
94.  
95.     @property
96.     def reign(self):
97.         return self._reign
98.  
99.     @reign.setter
100.     def reign(self, board_list):
101.         reign_str = ','.join(board_list)
102.         kwargs = {'reign' : reign_str}
103.         self._update_db(**kwargs)
104.  
105.         self._reign = board_list
106.  
107.     @property
108.     def account(self):
109.         return self._class
110.  
111.     @account.setter
112.     def account(self, new):
113.         if new in CLASSES:
114.             kwargs = {'account' : new}
115.             self._update_db(**kwargs)
116.             self._class = new
117.         else:
118.             raise WakaError('Invalid class name %s' % new)
119.  
120.     @property
121.     def login_data(self):
122.         return self._login_data
123.  
124.     @property
125.     def disabled(self):
126.         return self._disabled
127.  
128.     @disabled.setter
129.     def disabled(self, disable):
130.         kwargs = {'disabled' : int(disable)}
131.         self._disabled = disable
132.  
133.         self._update_db(**kwargs)
134.  
135.     def login_host(self, ip):
136.         login_data = LoginData(self.username, ip)
137.         self._login_data = login_data
138.         return login_data
139.  
140.     def logout_user(self):
141.         self._login_data = None
142.  
143.     def flush_db(self):
144.         session = model.Session()
145.         table = self._table
146.  
147.         if len(self._update_dict) > 0:
148.             db_update = table.update().where(self.username == username)\
149.                              .values(**self._update_dict)
150.             session.execute(db_update)
151.  
152.     @classmethod
153.     def get(cls, username):
154. #        if username in _staff:
155. #            return _staff[username]
156.  
157.         staff_obj = cls(username)
158. #       _staff[username] = staff_obj
159.         return staff_obj
160.  
161. def add_staff(username, pt_password, account, reign):
162.     session = model.Session()
163.     table = model.account
164.     password = misc.hide_critical_data(pt_password, config.SECRET)
165.     reign_str = ','.join(reign)
166.  
167.     sql = table.insert().values(username=username, password=password,
168.                                 account=account, reign=reign_str,
169.                                 disabled=0)
170.     session.execute(sql)
171.  
172. def del_staff(username):
173.     session = model.Session()
174.     table = model.account
175.     sql = table.delete(table.c.username == username)
176.     session.execute(sql)
177.  
178. #    try:
179. #        del _staff[username]
180. #    except AttributeError:
181. #        pass
182.  
183. def edit_staff(mpass, username, clear_pass=None, new_class=None,
184.                reign=None):
185.  
186.     staff_obj = StaffMember.get(username)
187.    
188.     if clear_pass:
189.         staff_obj.password = misc.hide_critical_data(clear_pass,
190.                                                      config.SECRET)
191.  
192.     if new_class and new_class in CLASSES:
193.         staff_obj.account = new_class
194.  
195.     if reign:
196.         staff_obj.reign = reign
197.  
198.     staff_obj.flush_db()
199.  
200. def staff_exist():
201.     session = model.Session()
202.     table = model.account
203.     table.create(bind=model.engine, checkfirst=True)
204.     sql = select([func.count()], table)
205.     row = session.execute(sql).fetchone()
206.  
207.     return row[0] != 0
208.  
209. def clear_login_cookies():
210.     misc.make_cookies(wakaadmin='', wakaadminsave='0', expires=0)
211.  
212. def do_login(username=None, password=None, save_login=False,
213.              admin_cookie=None, nexttask='mpanel'):
214.  
215.     bad_pass = False
216.     staff_entry = None
217.  
218.     if not staff_exist():
219.         return staff_interface.make_first_time_setup_gateway()
220.     elif username and password:
221.         # Login via login form entry.
222.         try:
223.             staff_entry = StaffMember.get(username)
224.         except LoginError:
225.             # Bad username.
226.             bad_pass = True
227.         else:
228.             crypt_pass = misc.hide_critical_data(staff_entry.password,
229.                                                  config.SECRET)
230.             if crypt_pass == staff_entry.password:
231.                 staff_entry.login_host(remote)
232.             else:
233.                 bad_pass = True
234.     elif admin_cookie:
235.         # Attempt automatic login.
236.         try:
237.             staff_entry = check_password(admin_cookie)
238.         except LoginError:
239.             clear_login_cookies()
240.             bad_pass = True
241.     else:
242.         # No login credentials given.
243.         bad_pass = True
244.  
245.     if bad_pass:
246.         return staff_interface.make_login_panel()
247.     else:
248.         login = staff_entry.login_data
249.         login.make_cookie(save_login=save_login)
250.         return staff_interface.make_admin_panel(login.cookie, nexttask)
251.  
252. def do_logout(admin):
253.     # Clear login cache.
254.     try:
255.         user = check_password(admin)
256.         user.logout_user()
257.     except LoginError:
258.         pass
259.  
260.     clear_login_cookies()
261.  
262. def check_password(cookie_str, editing=None):
263.     (username, crypt) = cookie_str.split(',')
264.     staff_entry = StaffMember.get(username)
265.     cache = staff_entry.login_data
266.  
267.     if cache and cache.addr == remote:
268.         # The host is already logged in.
269.         pass
270.     elif crypt != misc.hide_critical_data(','.join([staff_entry.password,
271.                                                     remote]), config.SECRET):
272.         raise LoginError(S_WRONGPASS)
273.     else:
274.         # NOTE: This will overwrite the current network address login.
275.         staff_entry.login_host(remote)
276.  
277.     return staff_entry
278.  
279. def crypt_pass(cleartext):
280.     remote = local.environ['REMOTE_ADDR']
281.     return misc.hide_critical_data(','.join((cleartext, remote)),
282.                                             config.SECRET)
283.  
284. class LoginError(WakaError):
285.     '''WakaError subclass to discriminate login-related exceptions (bad
286.    password/username combinations).'''
287.     pass