Skip to content

GitLab

Commit a563516e authored by David Haynes's avatar David Haynes
Browse files

Merge branch 'issue7'

parents 3f77c5c4 3b7eb4cb
Hide whitespace changes
Inline Side-by-side
go/go/admin.py
View file @ a563516e
# Django Imports
from django.contrib import admin
from django.contrib.auth.admin import UserAdmin
from django.contrib.auth.models import User
# App Imports
from go.models import URL, RegisteredUser
# Define what attributes display in the URL Admin
class URLAdmin(admin.ModelAdmin):
list_display = ("target", "short", "owner", "clicks", "date_created", "expires")
# Define an inline admin descriptor for User model
class RegisteredUserInline(admin.StackedInline):
model = RegisteredUser
can_delete = False
class RegisteredUserAdmin(admin.ModelAdmin):
list_display = ("username", "full_name", "organization", "approved")
# Define a new User admin
class UserAdmin(UserAdmin):
inlines = (RegisteredUserInline, )
# Register URLAdmin and modify User to use new UserAdmin
admin.site.register(URL, URLAdmin)
admin.site.register(RegisteredUser, RegisteredUserAdmin)
admin.site.unregister(User)
admin.site.register(User, UserAdmin)
go/go/cas_callbacks.py
View file @ a563516e
from __future__ import absolute_import, print_function
# Django Imports
# core django imports
from django.contrib.auth.models import User
from django.conf import settings
# Other Imports
from django.contrib import messages
# third party imports
import requests
def pfparse(pf_name_result):
# name comes in format of Anderson, Nicholas J
print(pf_name_result)
name_list = pf_name_result.split(',')
# there's random whitespace with the first name
first_name_section = name_list[1].strip()
......@@ -22,10 +22,10 @@ def pfparse(pf_name_result):
new_name_list = [first_name, name_list[0]]
return new_name_list
def pfinfo(uname):
base_url = settings.PF_URL
url = base_url + "basic/all/" + str(uname)
print("Using url %s", url)
try:
metadata = requests.get(url, timeout=5)
print("Retrieving information from the peoplefinder api.")
......@@ -38,50 +38,22 @@ def pfinfo(uname):
pfjson = metadata.json()
try:
if len(pfjson['results']) == 1:
return pfparse(pfjson['results'][0]['name'])
name_str = pfjson['results'][0]['name']
name = pfparse(name_str)
return name
else:
return pfparse(pfjson['results'][1]['name'])
name_str = pfjson['results'][1]['name']
name = pfparse(name_str)
return name
# if the name is not in peoplefinder, return empty first and last name
except IndexError:
print("Name not found in peoplefinder.")
return [u'', u'']
return [u'',u'']
except Exception as e:
print("Unknown peoplefinder error:", e)
print("Returning empty user info tuple.")
return [u'', u'']
def create_user_dud(tree):
print("Parsing CAS information.")
try:
username = tree[0][0].text
user, user_created = User.objects.get_or_create(username=username)
except Exception as e:
print("CAS callback unsuccessful:", e)
info_name = pfinfo(username)
try:
if user_created:
print("Created user object %s!" % username)
user.email = "%s@%s" % (username, settings.ORGANIZATION_EMAIL_DOMAIN)
# Password is a required User object field, though doesn't matter for our
# purposes because all user auth is handled through CAS, not Django's login.
user.set_password("cas_used_instead")
# a list of empty strings is False
if not info_name:
user.first_name = info_name[0]
user.last_name = info_name[1]
print("Added user's name, %s %s." % (info_name[0], info_name[1]))
else:
print("Unable to add user %s's name." % username)
user.save()
else:
print("User %s already exists" % username)
except Exception as e:
print("Unhandled user creation error:", e)
def create_user(tree):
......@@ -100,7 +72,7 @@ def create_user(tree):
print("Created user object %s." % username)
# set and save the user's email
email_str = "%s@%s" % (username, settings.ORGANIZATION_EMAIL_DOMAIN)
email_str = "%s%s" % (username, settings.EMAIL_DOMAIN)
user.email = email_str
# Password is a required User object field, though doesn't matter for our
# purposes because all user auth is handled through CAS, not Django's login.
......@@ -108,13 +80,10 @@ def create_user(tree):
user.save()
print("Added user's email, %s." % email_str)
if len(info_name[0]) > 0:
user.first_name = info_name[0]
user.last_name = info_name[1]
user.save()
print("Added user's name, %s %s." % (info_name[0], info_name[1]))
else:
print("Unable to add user's name.")
user.first_name = info_name[0]
user.last_name = info_name[1]
user.save()
print("Added user's name, %s %s." % (info_name[0], info_name[1]))
print("User object creation process completed.")
......@@ -124,4 +93,3 @@ def create_user(tree):
print("CAS callback successful.")
except Exception as e:
print("Unhandled user creation error:", e)
# mail the administrators
go/go/forms.py
View file @ a563516e
......@@ -168,30 +168,6 @@ class URLForm(forms.ModelForm):
class SignupForm(forms.ModelForm):
def validate_username(username):
try:
registered = RegisteredUser.objects.get(username=username)
raise ValidationError('Username "%s" is already in use.' % username)
except RegisteredUser.DoesNotExist:
return
def clean_username(self):
# Prevent hax: (non-staff) Users cannot signup for other users
data_username = self.cleaned_data.get("username")
if not self.request.user.is_staff:
if self.request.user.username not in data_username:
raise ValidationError('username', "This is not your NetID!")
return data_username
username = forms.CharField(
required=True,
label='Mason NetID (Required)',
max_length=30,
validators=[validate_username],
widget=forms.TextInput(attrs={
}),
)
full_name = forms.CharField(
required=True,
label='Full Name (Required)',
......@@ -213,7 +189,8 @@ class SignupForm(forms.ModelForm):
widget=forms.Textarea(attrs={
}),
)
tos_box = forms.BooleanField(
# A user becomes registered when they agree to the TOS
registered = forms.BooleanField(
required=True,
# Need to add a Terms of Service Page and replace the href below
label = mark_safe('Do you accept the <a href="#" target="_blank">Terms of Service</a>?'),
......@@ -233,11 +210,10 @@ class SignupForm(forms.ModelForm):
Div(
# Place in form fields
Div(
'username',
'full_name',
'organization',
'description',
'tos_box',
'registered',
css_class='well'),
# Extras at bottom
......@@ -245,4 +221,5 @@ class SignupForm(forms.ModelForm):
css_class='col-md-6')))
class Meta:
model = RegisteredUser
fields = '__all__'
fields = ('full_name', 'organization', 'description', 'registered',)
exclude = ('user',)
go/go/models.py
View file @ a563516e
......@@ -3,14 +3,55 @@ from django.db import models
from django.contrib.auth.models import User
from django.utils import timezone
from django.core.cache import cache
from django.db.models.signals import post_save
from django.dispatch import receiver
# Other Imports
import string
from hashids import Hashids
hashids = Hashids(salt="srct.gmu.edu", alphabet=(string.ascii_lowercase + string.digits))
class RegisteredUser(models.Model):
"""
This is simply a wrapper model which, if an object exists, indicates
that that user is registered.
"""
# Let's associate a User to this RegisteredUser
user = models.OneToOneField(User)
# What is your name?
full_name = models.CharField(
blank=False,
max_length=100,
)
# What organization are you associated with?
organization = models.CharField(
blank=False,
max_length=100,
)
# Why do you want to use Go?
description = models.TextField(blank=True)
# Have you filled out the registration form?
registered = models.BooleanField(default=False)
# Are you approved to use Go?
approved = models.BooleanField(default=False)
# print(RegisteredUser)
def __unicode__(self):
return '<Registered User: %s - Approval Status: %s>' % (self.user, self.approved)
# When a post_save is called on a User object (and it is newly created), this is
# called to create an associated RegisteredUser
@receiver(post_save, sender=User)
def handle_regUser_creation(sender, instance, created, **kwargs):
if created:
RegisteredUser.objects.create(user=instance)
class URL(models.Model):
"""
......@@ -19,7 +60,7 @@ class URL(models.Model):
date.
"""
owner = models.ForeignKey(User)
owner = models.ForeignKey(RegisteredUser)
date_created = models.DateTimeField(default=timezone.now)
target = models.URLField(max_length=1000)
......@@ -32,7 +73,7 @@ class URL(models.Model):
expires = models.DateTimeField(blank=True, null=True)
def __unicode__(self):
return '<%s : %s>' % (self.owner.username, self.target)
return '<%s : %s>' % (self.owner.user, self.target)
class Meta:
ordering = ['short']
......@@ -52,32 +93,3 @@ class URL(models.Model):
except URL.DoesNotExist:
return short
return None
class RegisteredUser(models.Model):
"""
This is simply a wrapper model which, if an object exists, indicates
that that user is registered.
"""
username = models.CharField(
blank=False,
max_length=30,
primary_key=True
)
full_name = models.CharField(
blank=False,
max_length=100,
)
organization = models.CharField(
blank=False,
max_length=100,
)
description = models.TextField(blank=True)
approved = models.BooleanField()
def __unicode__(self):
return '<Registered User: %s - Approval Status: %s>' % (self.username, self.approved)
go/go/templates/admin/useradmin.html
View file @ a563516e
......@@ -44,8 +44,8 @@ SRCT Go - Administration Panel
{% for unapproved in need_approval %}
<tr>
<td><input type="checkbox" name="username" value={{ unapproved.username }}></td>
<td>{{ unapproved.username }}</td>
<td><input type="checkbox" name="username" value={{ unapproved.user }}></td>
<td>{{ unapproved.user }}</td>
<td>{{ unapproved.full_name }}</td>
<td>{{ unapproved.description|default:"No description provided" }}</td>
</tr>
......
go/go/templates/core/index.html
View file @ a563516e
......@@ -2,7 +2,7 @@
{% load crispy_forms_tags %}
{% block title %}
SCT Go - A University Branded URL Shortener
SRCT Go - A University Branded URL Shortener
{% endblock %}
{% block content %}
......
go/go/templates/layouts/navigation.html
View file @ a563516e
......@@ -12,8 +12,10 @@
<ul class="nav navbar-nav navbar-left">
<li><a href="{% url 'about' %}">About</a></li>
{% if user.is_authenticated %}
{% if user.registereduser.approved %}
<li><a href="{% url 'my_links' %}">My Links</a></li>
{% if not user|is_registered %}
{% endif %}
{% if not user.registereduser.registered %}
<li><a href="{% url 'signup' %}">Register</a></li>
{% endif %}
{% endif %}
......@@ -24,12 +26,11 @@
{% else %}
<li><a href="{% url 'go_login' %}">Log In <i class="fa fa-sign-in fa-fw"></i></a></li>
{% endif %}
{% if user.is_staff and user|is_approved %}
{% if user.is_staff %}
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Administration <i class="fa fa-caret-down fa-fw"></i></a>
<ul class="dropdown-menu dropdown-menu-left">
<li><a href="{% url 'useradmin' %}">User Moderation <i class="fa fa-users fa-fw"></i></a></li>
<li><a href="{% url 'signup' %}">Signup New Users <i class="fa fa-user-plus fa-fw"></i></a></li>
</ul>
</li>
{% endif %}
......
go/go/templates/link_box.html
View file @ a563516e
......@@ -31,7 +31,7 @@
<a href="{{url.target}}">{{url.target}}</a>
<br />
{% if url.owner == request.user and request.user|is_registered %}
{% if url.owner == request.user.registereduser and request.user.registereduser.approved == True %}
<strong>Clicks:</strong>
{{url.clicks}}
<br />
......
go/go/templates/public_landing.html
View file @ a563516e
......@@ -6,6 +6,9 @@ banner,.page-header,#banner {
border-bottom: none;
margin-bottom: 0;
}
.fix a:link{
color: #FFFFFF;
}
</style>
{% extends 'layouts/base.html' %}
......@@ -83,8 +86,8 @@ SRCT Go - Welcome
</div>
<br />
<hr />
<div class="row">
<br />
<div class="fix" "row">
<div class="col-md-offset-1 col-md-4" "col-md-offset-2 col-md-4">
<a href="{% url 'go_login' %}" class="btn btn-primary btn-block">Log In</a>
</div>
......
go/go/templates/view.html
View file @ a563516e
......@@ -31,4 +31,5 @@ SRCT Go - Link View
<p>Nothing here.</p>
</div>
{% endif %}
</div>
{% endblock %}
go/go/views.py
View file @ a563516e
......@@ -5,6 +5,7 @@ from django.utils import timezone
from django.core.exceptions import PermissionDenied # ValidationError
from django.core.mail import send_mail, EmailMessage
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.contrib.auth.models import User
from django.contrib.auth.decorators import user_passes_test, login_required
from django.shortcuts import render, get_object_or_404, redirect
......@@ -15,44 +16,6 @@ from go.forms import URLForm, SignupForm
# Other Imports
from datetime import timedelta
##############################################################################
"""
Define useful helper methods here.
"""
def is_approved(user):
"""
This function checks if a user account has a corresponding RegisteredUser,
thus checking if the user is approved.
"""
try:
registered = RegisteredUser.objects.get(username=user.username)
return registered.approved
except RegisteredUser.DoesNotExist:
return False
def is_registered(user):
"""
This function checks if a user account has a corresponding RegisteredUser,
thus checking if the user is registered.
"""
try:
registered = RegisteredUser.objects.get(username=user.username)
return True
except RegisteredUser.DoesNotExist:
return False
##############################################################################
"""
Define user views here.
"""
def index(request):
"""
This view handles the homepage that the user is presented with when
......@@ -65,9 +28,8 @@ def index(request):
# If the user is not authenticated, show them a public landing page.
if not request.user.is_authenticated():
return render(request, 'public_landing.html')
# If the user isn't registered, don't give them any leeway.
if not is_approved(request.user):
# If the user isn't approved, don't give them any leeway.
elif not request.user.registereduser.approved:
return render(request, 'not_registered.html')
url_form = URLForm(host=request.META.get('HTTP_HOST')) # unbound form
......@@ -79,7 +41,7 @@ def index(request):
# We don't commit the url object yet because we need to add its
# owner, and parse its date field.
url = url_form.save(commit=False)
url.owner = request.user
url.owner = request.user.registereduser
# If the user entered a short url, it's already been validated,
# so accept it. If they did not, however, then generate a
......@@ -151,10 +113,10 @@ def my_links(request):
obviously need to be logged in to view your URLs.
"""
if not is_approved(request.user):
if not request.user.registereduser.approved:
return render(request, 'not_registered.html')
urls = URL.objects.filter(owner=request.user)
urls = URL.objects.filter(owner=request.user.registereduser)
domain = "%s://%s" % (request.scheme, request.META.get('HTTP_HOST')) + "/"
......@@ -172,11 +134,11 @@ def delete(request, short):
logged in and registered, and must also be the owner of the URL.
"""
if not is_approved(request.user):
if not request.user.registereduser.approved:
return render(request, 'not_registered.html')
url = get_object_or_404(URL, short__iexact=short)
if url.owner == request.user:
if url.owner == request.user.registereduser:
url.delete()
return redirect('my_links')
else:
......@@ -186,54 +148,35 @@ def delete(request, short):
@login_required
def signup(request):
"""
This view presents the user with a registration form. You can register
yourself, or another person.
This view presents the user with a registration form. You can register yourself.
"""
# Do not display signup page to registered or approved users (Staff can still see these pages)
if is_registered(request.user) and not request.user.is_staff:
return render(request, 'core/signup.html', {
'registered': True,
'approved': False,
},
)
elif is_approved(request.user) and not request.user.is_staff:
return render(request, 'core/signup.html', {
'registered': True,
'approved': True,
},
)
signup_form = SignupForm(request, initial={'username': request.user.username})
# Non-staff have the username field read-only and pre-filled
if request.user.is_staff:
signup_form = SignupForm(request)
else:
signup_form = SignupForm(request,
initial={'username': request.user.username, 'full_name': request.user.first_name + " " + request.user.last_name})
signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
# Do not display signup page to registered or approved users
if request.user.registereduser.approved:
return redirect('/')
elif request.user.registereduser.registered:
return redirect('registered')
signup_form = SignupForm(request,
initial={'full_name': request.user.first_name + " " + request.user.last_name})
signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
if request.method == 'POST':
signup_form = SignupForm(request, request.POST,
initial={'approved': False, 'username': request.user.username})
signup_form.fields['username'].widget.attrs['readonly'] = 'readonly'
signup_form = SignupForm(request, request.POST, instance=request.user.registereduser,
initial={'full_name': request.user.first_name + " " + request.user.last_name})
signup_form.fields['full_name'].widget.attrs['readonly'] = 'readonly'
if signup_form.is_valid():
if not request.user.is_staff:
username = request.user.username
else:
username = signup_form.cleaned_data.get('username')
full_name = signup_form.cleaned_data.get('full_name')
description = signup_form.cleaned_data.get('description')
full_name = signup_form.cleaned_data.get('full_name')
organization = signup_form.cleaned_data.get('organization')
registered = signup_form.cleaned_data.get('registered')
# Only send mail if we've defined the mailserver
if settings.EMAIL_HOST and settings.EMAIL_PORT:
user_mail = username + settings.EMAIL_DOMAIN
user_mail = request.user.registereduser.user + settings.EMAIL_DOMAIN
# Email sent to notify Admins
to_admin = EmailMessage(
'Signup from %s' % (request.user.username),
'Signup from %s' % (request.user.registereduser.user),
######################
'%s signed up at %s\n\n'
'Username: %s\n'
......@@ -244,12 +187,12 @@ def signup(request):
'Please head to go.gmu.edu/useradmin to approve or '
'deny this application.'
% (str(full_name), str(timezone.now()).strip(),
str(request.user.username), str(organization), str(description)),
str(request.user.registereduser.user), str(organization), str(description)),
######################
settings.EMAIL_FROM,
[settings.EMAIL_TO],
reply_to=[user_mail]
).send(fail_silently=False)
).send()
# Confirmation email sent to Users
send_mail(
'We have received your Go application!',
......@@ -265,6 +208,7 @@ def signup(request):
settings.EMAIL_FROM,
[user_mail]
)
signup_form.save()
return redirect('registered')
......@@ -315,7 +259,7 @@ def redirection(request, short):
return redirect(url.target)
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='about'):
def staff_member_required(view_func, redirect_field_name=REDIRECT_FIELD_NAME, login_url='/'):
"""
Decorator for views that checks that the user is logged in and is a staff
member, displaying the login page if necessary.
......@@ -337,11 +281,11 @@ def useradmin(request):
userlist = request.POST.getlist('username')
if '_approve' in request.POST:
for name in userlist:
toapprove = RegisteredUser.objects.get(username=name)
toapprove = RegisteredUser.objects.get(user__username__exact=name)
toapprove.approved = True
toapprove.save()
if settings.EMAIL_HOST and settings.EMAIL_PORT:
user_mail = toapprove.username + settings.EMAIL_DOMAIN
user_mail = toapprove.user + settings.EMAIL_DOMAIN
send_mail(
'Your Account has been Approved!',
######################
......@@ -357,9 +301,9 @@ def useradmin(request):
)
elif '_deny' in request.POST:
for name in userlist:
todeny = RegisteredUser.objects.get(username=name)
todeny = RegisteredUser.objects.get(user__username__exact=name)
if settings.EMAIL_HOST and settings.EMAIL_PORT:
user_mail = todeny.username + settings.EMAIL_DOMAIN
user_mail = todeny.user + settings.EMAIL_DOMAIN
send_mail(
'Your Account has been Denied!',
######################
......@@ -374,8 +318,8 @@ def useradmin(request):