'''Staff management.'''import timefrom sqlalchemy.sql import case, or_, an

1. '''Staff management.'''
2.  
3. import time
4. from sqlalchemy.sql import case, or_, and_, select, func, null
5.  
6. import strings
7. import model
8. import misc
9. import staff_interface
10. import config, config_defaults
11. from util import WakaError, local
12. from template import Template
13.  
14. # TODO: Synchronized cache of staff personnel objects.
15. # _staff = {}
16.  
17. # Staff class types.
18. ADMIN = 'admin'
19. GLOBAL_MOD = 'globmod'
20. MODERATOR = 'mod'
21. CLASSES = (ADMIN, GLOBAL_MOD, MODERATOR)
22.  
23. # Login cookie expire times (in seconds).
24. SAVED_LOGIN_EXPIRE = 365 * 24 * 3600
25. UNSAVED_LOGIN_EXPIRE = 3600
26.  
27. # Staff Accounts and Logins
28. class LoginData(object):
29.     '''Class for interfacing with prefetched login data.'''
30.  
31.     def ___init___(self, user, addr):
32.         self.addr = addr
33.         self.crypt = misc.hide_critical_data\
34.                        (','.join((user.password, remote)), config.SECRET)
35.         self.username = user.username
36.         self.cookie_str = ','.join((self.username, self.crypt))
37.  
38.     def make_cookie(self, save_login=False):
39.         misc.make_cookies(admin=self._cstring)
40.  
41.         if save_login:
42.             misc.make_cookies(wakaadminsave='1', wakaadmin=self.crypt,
43.                               expires=time.time()+SAVED_LOGIN_EXPIRE)
44.         else:
45.             misc.make_cookies(wakaadminsave='0', wakaadmin=self.crypt,
46.                               expires=time.time()+UNSAVED_LOGIN_EXPIRE)
47.  
48. # Class for representing staff
49. class StaffMember(object):
50.     '''A staff object for acquiring and updating personnel account
51.    information. Use the class factory method to initialize:
52.    
53.    >> StaffMember.get('SirDerpDeeDoo')
54.    
55.    To create new staff accounts, use the add_staff() function instead.'''
56.  
57.     def __init__(self, username):
58.         session = model.Session()
59.         table = model.account
60.         sql = table.select().where(table.c.username == username)
61.         row = session.execute(sql).fetchone()
62.         self._table = table
63.  
64.         if row is None:
65.             raise LoginError('Staff not found.')
66.  
67.         # Grab parameters from database. Password is pre-encrypted.
68.         self.username = username
69.         self._password = row.password
70.         self._class = row.account
71.         self._reign = row.reign.split(',')
72.         self._disabled = row.disabled
73.         self._update_dict = {}
74.  
75.         # Not logged in yet.
76.         self._login_data = None
77.  
78.     def _update_db(self, **kwargs):
79.         self._update_dict.update(kwargs)
80.  
81.     @property
82.     def password(self):
83.         return self._password
84.  
85.     @password.setter
86.     def password(self, new):
87.         table = self._table
88.         # TODO: Sanity checks
89.  
90.         self._update_db(password=new)
91.         self._password = new
92.  
93.     @property
94.     def reign(self):
95.         return self._reign
96.  
97.     @reign.setter
98.     def reign(self, board_list):
99.         reign_str = ','.join(board_list)
100.         self._update_db(reign=reign_str)
101.  
102.         self._reign = board_list
103.  
104.     @property
105.     def account(self):
106.         return self._class
107.  
108.     @account.setter
109.     def account(self, new):
110.         if new in CLASSES:
111.             self._update_db(account=new)
112.             self._class = new
113.         else:
114.             raise WakaError('Invalid class name %s' % new)
115.  
116.     @property
117.     def login_data(self):
118.         return self._login_data
119.  
120.     @property
121.     def disabled(self):
122.         return self._disabled
123.  
124.     @disabled.setter
125.     def disabled(self, disable):
126.         self._disabled = disable
127.         self._update_db(disabled=int(disable))
128.  
129.     def login_host(self, ip):
130.         login_data = LoginData(self.username, ip)
131.         self._login_data = login_data
132.         return login_data
133.  
134.     def logout_user(self):
135.         self._login_data = None
136.  
137.     def flush_db(self):
138.         session = model.Session()
139.         table = self._table
140.  
141.         if len(self._update_dict) > 0:
142.             db_update = table.update().where(self.username == username)\
143.                              .values(**self._update_dict)
144.             session.execute(db_update)
145.  
146.     @classmethod
147.     def get(cls, username):
148. #        if username in _staff:
149. #            return _staff[username]
150.  
151.         staff_obj = cls(username)
152. #       _staff[username] = staff_obj
153.         return staff_obj
154.  
155. def add_staff(username, pt_password, account, reign):
156.     session = model.Session()
157.     table = model.account
158.     password = misc.hide_critical_data(pt_password, config.SECRET)
159.     reign_str = ','.join(reign)
160.  
161.     sql = table.insert().values(username=username, password=password,
162.                                 account=account, reign=reign_str,
163.                                 disabled=0)
164.     session.execute(sql)
165.  
166. def del_staff(username):
167.     session = model.Session()
168.     table = model.account
169.     sql = table.delete(table.c.username == username)
170.     session.execute(sql)
171.  
172. #    try:
173. #        del _staff[username]
174. #    except AttributeError:
175. #        pass
176.  
177. def edit_staff(mpass, username, clear_pass=None, new_class=None,
178.                reign=None):
179.  
180.     staff_obj = StaffMember.get(username)
181.    
182.     if clear_pass:
183.         staff_obj.password = misc.hide_critical_data(clear_pass,
184.                                                      config.SECRET)
185.  
186.     if new_class and new_class in CLASSES:
187.         staff_obj.account = new_class
188.  
189.     if reign:
190.         staff_obj.reign = reign
191.  
192.     staff_obj.flush_db()
193.  
194. def staff_exist():
195.     session = model.Session()
196.     table = model.account
197.     table.create(bind=model.engine, checkfirst=True)
198.     sql = select([func.count()], table)
199.     row = session.execute(sql).fetchone()
200.  
201.     return row[0] != 0
202.  
203. def clear_login_cookies():
204.     misc.make_cookies(wakaadmin='', wakaadminsave='0', expires=0)
205.  
206. def do_login(username=None, password=None, save_login=False,
207.              admin_cookie=None, nexttask='mpanel'):
208.  
209.     bad_pass = False
210.     staff_entry = None
211.  
212.     if not staff_exist():
213.         return staff_interface.make_first_time_setup_gateway()
214.     elif username and password:
215.         # Login via login form entry.
216.         try:
217.             staff_entry = StaffMember.get(username)
218.         except LoginError:
219.             # Bad username.
220.             bad_pass = True
221.         else:
222.             crypt_pass = misc.hide_critical_data(staff_entry.password,
223.                                                  config.SECRET)
224.             if crypt_pass == staff_entry.password:
225.                 staff_entry.login_host(remote)
226.             else:
227.                 bad_pass = True
228.     elif admin_cookie:
229.         # Attempt automatic login.
230.         try:
231.             staff_entry = check_password(admin_cookie)
232.         except LoginError:
233.             clear_login_cookies()
234.             bad_pass = True
235.     else:
236.         # No login credentials given.
237.         bad_pass = True
238.  
239.     if bad_pass:
240.         return staff_interface.make_login_panel()
241.     else:
242.         login = staff_entry.login_data
243.         login.make_cookie(save_login=save_login)
244.         return staff_interface.make_admin_panel(login.cookie, nexttask)
245.  
246. def do_logout(admin):
247.     # Clear login cache.
248.     try:
249.         user = check_password(admin)
250.         user.logout_user()
251.     except LoginError:
252.         pass
253.  
254.     clear_login_cookies()
255.  
256. def check_password(cookie_str, editing=None):
257.     (username, crypt) = cookie_str.split(',')
258.     staff_entry = StaffMember.get(username)
259.     cache = staff_entry.login_data
260.  
261.     if cache and cache.addr == remote:
262.         # The host is already logged in.
263.         pass
264.     elif crypt != misc.hide_critical_data(','.join([staff_entry.password,
265.                                                     remote]), config.SECRET):
266.         raise LoginError(S_WRONGPASS)
267.     else:
268.         # NOTE: This will overwrite the current network address login.
269.         staff_entry.login_host(remote)
270.  
271.     return staff_entry
272.  
273. def crypt_pass(cleartext):
274.     remote = local.environ['REMOTE_ADDR']
275.     return misc.hide_critical_data(','.join((cleartext, remote)),
276.                                             config.SECRET)
277.  
278. class LoginError(WakaError):
279.     '''WakaError subclass to discriminate login-related exceptions (bad
280.    password/username combinations).'''
281.     pass