Changeset 12926

Timestamp:

12 May 2015, 15:19:10 (10 years ago)

Author:

Henrik Bettermann

Message:

Enable temporary suspension of officer accounts. Plugins must be updated after restart.

Location:

main/waeup.kofa/trunk

Files:

• CHANGES.txt (modified) (1 diff)
• docs/source/userdocs/testing.rst (modified) (2 diffs)
• docs/source/userdocs/users.rst (modified) (1 diff)
• src/waeup/kofa/app.py (modified) (1 diff)
• src/waeup/kofa/authentication.py (modified) (2 diffs)
• src/waeup/kofa/browser/pages.py (modified) (4 diffs)
• src/waeup/kofa/browser/templates/usereditformpage.pt (modified) (1 diff)
• src/waeup/kofa/browser/templates/userscontainerpage.pt (modified) (1 diff)
• src/waeup/kofa/browser/tests/test_browser.py (modified) (2 diffs)
• src/waeup/kofa/interfaces.py (modified) (3 diffs)
• src/waeup/kofa/students/authentication.py (modified) (1 diff)

main/waeup.kofa/trunk/CHANGES.txt

@@ -4 +4 @@
 1.3.2.dev0 (unreleased)
 =======================
+
+* Enable temporary suspension of officer accounts. Plugins must be
+  updated after restart.
 
 * Rename 'Portal Users' 'Officers'.

main/waeup.kofa/trunk/docs/source/userdocs/testing.rst

@@ -17 +17 @@
 functionality. Why *automated* testing? Simply because no developer
 likes to click around the user interface to check tons of
-functionality. In Kofa more than 1100 tests, with dozens of actions
+functionality. In Kofa more than 1300 tests, with dozens of actions
 per test, are being executed each time when the testrunner is
 started. This job can't be done manually.
@@ -30 +30 @@
 interacting with the portal as a user would. That implies that
 functional testing has to make use of a test browser. A test browser
-does the same job as normal web browser do, except for visualizing
+does the same job as normal web browser does, except for visualizing
 the rendered html code.
 

main/waeup.kofa/trunk/docs/source/userdocs/users.rst

@@ -52 +52 @@
    :ref:`Officers Doctests <userscontainer_txt>`
 
-Officers are users with a dedicated user account object stored in
-the ``users`` container (of type :py:class:`UsersContainer
-<waeup.kofa.userscontainer.UsersContainer>`) which is located in
-Kofa's root container. The officer account object has two more
-attributes than the principal instance which is created from the
-account data: (1) a `roles` attribute which is a list of global role
-names assigned to the officer, and (2) a private `_local_roles`
-attribute. The latter maps local role names to lists of objects the
-respective local role applies to. This information is important
-because local role assignment is originally stored only with the
-objects the role applies to and not with the user who got the role.
-When removing a user, Kofa iterates over the mapping and the list of
-objects in order to remove all these local role assignments denoted
-in the mapping.
+Officers are users with a dedicated user account object stored in the
+``users`` container (of type :py:class:`UsersContainer
+<waeup.kofa.userscontainer.UsersContainer>`) which is located in Kofa's root
+container. The account object has three more attributes than the principal
+instance which is created from the account data: (1) a `suspended` attribute
+which allows to deactivate an account, (2) a `roles` attribute which is a list
+of global role names assigned to the officer, and (3) a private `_local_roles`
+attribute which maps local role names to lists of objects the respective local
+role applies to. This information is important because local role assignment
+is originally stored only with the objects the role applies to and not with
+the user who got the role. When removing an officer, Kofa iterates over the
+mapping and the list of objects in order to remove all these local role
+assignments denoted in the mapping.
 
 The management of portal officers is done in the 'Officers' section
-of Kofa. The management page shoes all officers registered in the
+of Kofa. The management page shows all officers registered in the
 portal together with their global and local roles. The table can be
-easily sorted or filtered.
+easily sorted or filtered. Deactivated officer accounst are marked
+``(suspended)``.
 
 

main/waeup.kofa/trunk/src/waeup/kofa/app.py

@@ -81 +81 @@
         """Lookup all plugins and call their `update()` method.
         """
-        # XXX: TBD: Remove update() in all plugins but documents
+        # XXX: TBD: Remove update() in all plugins but documents and users
         getUtility(IKofaPluggable, name='documents').update(
+            self, 'documents', self.logger)
+        getUtility(IKofaPluggable, name='users').update(
             self, 'documents', self.logger)
         return

main/waeup.kofa/trunk/src/waeup/kofa/authentication.py

@@ -210 +210 @@
         self.phone = phone
         self.public_name = public_name
+        self.suspended = False
         self.setPassword(password)
         self.setSiteRolesForPrincipal(roles)
@@ -226 +227 @@
         if not self.password:
             # unset/empty passwords do never match
+            return False
+        if self.suspended == True:
             return False
         passwordmanager = getUtility(IPasswordManager, 'SSHA')

main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py

@@ -333 +333 @@
                                    type='warning')
                     return
+            # Display appropriate flash message if credentials are correct
+            # but officer has been deactivated.
+            login = self.request.form['form.login']
+            if login in grok.getSite()['users']:
+                user = grok.getSite()['users'][login]
+                password = self.request.form['form.password']
+                passwordmanager = getUtility(IPasswordManager, 'SSHA')
+                if user.password is not None and \
+                    passwordmanager.checkPassword(user.password, password):
+                    self.flash(_('Your user name and password are correct '
+                                 'but yor account has been temporarily '
+                                 'deactivated.'),
+                               type='warning')
+                    return
             self.flash(_('You entered invalid credentials.'), type='danger')
             return
@@ -578 +592 @@
     grok.name('add')
     grok.template('usereditformpage')
-    form_fields = grok.AutoFields(IUserAccount)
+    form_fields = grok.AutoFields(IUserAccount).omit('suspended')
     label = _('Add officer')
 
@@ -624 +638 @@
 
     def label(self):
-        return _("Edit user ${a}", mapping = {'a':self.context.__name__})
+        return _("Edit officer ${a}", mapping = {'a':self.context.__name__})
 
     def setUpWidgets(self, ignore_request=False):
@@ -703 +717 @@
     grok.require('waeup.editUser')
     form_fields = grok.AutoFields(IUserAccount).omit(
-        'name', 'description', 'roles')
+        'name', 'description', 'roles', 'suspended')
     label = _(u"My Preferences")
 

main/waeup.kofa/trunk/src/waeup/kofa/browser/templates/usereditformpage.pt

@@ +1 @@
+<p class="alert alert-danger"  i18n:domain="waeup.kofa"
+   i18n:translate="officer_suspended_warning"
+   tal:condition="python: getattr(context, 'suspended', False)">
+  <strong>ATTENTION:</strong>
+  This account has been suspended. The officer can't login.
+</p>
+
 <form action="." tal:attributes="action request/URL" method="post"
       i18n:domain="waeup.kofa" enctype="multipart/form-data"

main/waeup.kofa/trunk/src/waeup/kofa/browser/templates/userscontainerpage.pt

@@ -12 +12 @@
     <tr tal:repeat="account context/values">
       <td tal:content="account/name">USERNAME</td>
-      <td tal:content="account/title">TITLE</td>
+      <td>
+        <span tal:content="account/title">TITLE</span>
+        <span style="color:red" tal:condition="account/suspended">(suspended)</span>
+      </td>
       <td nowrap tal:content="structure python:view.getSiteRoles(account)">SITE ROLES</td>
       <td tal:content="structure python:view.getLocalRoles(account)">LOCAL ROLES</td>

main/waeup.kofa/trunk/src/waeup/kofa/browser/tests/test_browser.py

@@ -30 +30 @@
 from waeup.kofa.testing import FunctionalLayer, FunctionalTestCase
 from waeup.kofa.app import University
-from waeup.kofa.interfaces import IJobManager
+from waeup.kofa.interfaces import IJobManager, IUserAccount
 from waeup.kofa.tests.test_async import FunctionalAsyncTestCase
 from waeup.kofa.university.faculty import Faculty
@@ -445 +445 @@
             'faculties']['fac1']['dep1'].certificates['CERT1'])
         return
+
+    def test_suspended_officer(self):
+        self.app['users'].addUser(
+            'officer', 'secret', title='Bob Officer', email='aa@aa.ng')
+        # Officer can't login if their password is not set
+        self.app['users']['officer'].password = None
+        self.browser.open('http://localhost/app/login')
+        self.browser.getControl(name="form.login").value = 'officer'
+        self.browser.getControl(name="form.password").value = 'secret'
+        self.browser.getControl("Login").click()
+        self.assertTrue(
+            'You entered invalid credentials.' in self.browser.contents)
+        # We set the password again
+        IUserAccount(
+            self.app['users']['officer']).setPassword('secret')
+        # Officers can't login if their account is suspended/deactivated
+        self.app['users']['officer'].suspended = True
+        self.browser.open('http://localhost/app/login')
+        self.browser.getControl(name="form.login").value = 'officer'
+        self.browser.getControl(name="form.password").value = 'secret'
+        self.browser.getControl("Login").click()
+        self.assertMatches(
+            '...but yor account has been temporarily deactivated...',
+            self.browser.contents)
+        self.assertFalse("Bob Officer" in self.browser.contents)
+        self.app['users']['officer'].suspended = False
+        self.browser.open('http://localhost/app/login')
+        self.browser.getControl(name="form.login").value = 'officer'
+        self.browser.getControl(name="form.password").value = 'secret'
+        self.browser.getControl("Login").click()
+        self.assertMatches(
+            '...You logged in...', self.browser.contents)
+        self.assertTrue("Bob Officer" in self.browser.contents)
+        self.browser.getLink("Logout").click()
+        # Suspended accounts are marked
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open('http://localhost/app/users')
+        self.assertFalse('(suspended)' in self.browser.contents)
+        self.app['users']['officer'].suspended = True
+        self.browser.open('http://localhost/app/users')
+        self.assertTrue(
+            '<span style="color:red">(suspended)</span>'
+            in self.browser.contents)
+        self.browser.open('http://localhost/app/users/officer')
+        self.assertTrue(
+            'This account has been suspended.' in self.browser.contents)
+        self.app['users']['officer'].suspended = False
+        self.browser.open('http://localhost/app/users/officer')
+        self.assertFalse(
+            'This account has been suspended.' in self.browser.contents)
+        return

main/waeup.kofa/trunk/src/waeup/kofa/interfaces.py

@@ -549 +549 @@
     """
 
-    failed_logins = Attribute("""FailedLoginInfo for this account""")
+    failed_logins = Attribute('FailedLoginInfo for this account')
 
     name = schema.TextLine(
         title = _(u'User Id'),
-        description = u'Login name of user',
+        description = _(u'Login name of user'),
         required = True,)
 
@@ -562 +562 @@
     public_name = schema.TextLine(
         title = _(u'Public Name'),
-        description = u"Substitute for officer's real name "
-                       "in student object histories.",
+        description = _(u"Substitute for officer's real name "
+                       "in student object histories."),
         required = False,)
 
@@ -589 +589 @@
         )
 
+    suspended = schema.Bool(
+        title = _(u'Account suspended'),
+        description = _(u'If set, the account is immediately blocked.'),
+        default = False,
+        required = False,
+        )
 
 

main/waeup.kofa/trunk/src/waeup/kofa/students/authentication.py

@@ -71 +71 @@
         return self.title
 
+    def suspended(self):
+        return self.context.suspended
+
     @property
     def failed_logins(self):