307 lines
9.7 KiB
Python
307 lines
9.7 KiB
Python
# -*- coding: utf8 -*-
|
|
from pyramid.response import Response
|
|
from pyramid.renderers import render, get_renderer
|
|
from pyramid.view import (
|
|
view_config,
|
|
forbidden_view_config,
|
|
)
|
|
from pyramid.security import (
|
|
authenticated_userid,
|
|
remember,
|
|
forget,
|
|
)
|
|
from pyramid.httpexceptions import (
|
|
HTTPFound,
|
|
HTTPNotFound,
|
|
HTTPForbidden,
|
|
)
|
|
from pyramid_mailer import get_mailer
|
|
from pyramid_mailer.message import Message, Attachment
|
|
from datetime import *
|
|
import hashlib
|
|
|
|
from sqlalchemy.exc import DBAPIError
|
|
from ..security import groupfinder
|
|
|
|
import json
|
|
|
|
from ..models.default import *
|
|
|
|
def to_decimal(x):
|
|
import decimal
|
|
return decimal.Decimal(str(x))
|
|
|
|
def to_euro(x):
|
|
"""Takes a float and returns a string"""
|
|
#if x == 0:
|
|
# return ""
|
|
#else:
|
|
return (u"%.2f €" % x).replace('.', ',')
|
|
|
|
def to_int(x):
|
|
try:
|
|
number = int(x.replace(',', '.'))
|
|
return number
|
|
except ValueError:
|
|
return 0
|
|
|
|
def to_percent(x):
|
|
"""Takes a float and returns a string"""
|
|
return (u"%.2f " % x).replace('.', ',') + "%"
|
|
|
|
|
|
@view_config(route_name='home', renderer='../templates/home.pt', permission='view')
|
|
def home(request):
|
|
return {
|
|
'page_title': 'Bienvenue',
|
|
'project': 'mondumas',
|
|
}
|
|
|
|
@view_config(route_name='envoyer_mdp', renderer='../templates/envoyer_mdp.pt')
|
|
def envoyer_mdp(request):
|
|
url = request.route_url('envoyer_mdp')
|
|
message = u''
|
|
|
|
if 'form.submitted' in request.params:
|
|
login = request.params['login']
|
|
member = get_member_by_id(request, login)
|
|
if member:
|
|
# Fabrication du corps du email_passwordMessage
|
|
lien = update_membre_mdp_oublie(request, login)
|
|
body = u"""
|
|
|
|
Le lien suivant vous dirigera vers une page où vous pourrez ré-initialiser votre mot de passe d'accès à « gestion.entreprise-dumas.com » :
|
|
|
|
|
|
%s
|
|
|
|
(Ce lien est valide pendant 168 heures.)
|
|
|
|
|
|
""" % (request.route_url('redefinir_mdp', lien=lien))
|
|
envoyerMail(request, member.email, u"Demande de ré-initialisation du mot de passe", body)
|
|
request.session.flash(u"Votre demande de ré-initialisation de mot de passe vous a été envoyée à %s." % member.email)
|
|
return HTTPFound(location=request.route_url('login'))
|
|
else:
|
|
message = u"Le mot de passe fourni est incorrect."
|
|
return {
|
|
'page_title': u"Changer mon mot de passe",
|
|
'url': url,
|
|
'message': message,
|
|
}
|
|
|
|
@view_config(route_name='changer_mdp', renderer='../templates/changer_mdp.pt', permission='view')
|
|
def changer_mdp(request):
|
|
url = request.route_url('changer_mdp')
|
|
logged_in = authenticated_userid(request)
|
|
message = ''
|
|
|
|
member = get_member_by_id(request, logged_in)
|
|
if member:
|
|
if 'form.submitted' in request.params:
|
|
old_password = request.params['old_password']
|
|
new_password = request.params['new_password1']
|
|
if member.mdp == hashlib.sha1(old_password).hexdigest():
|
|
update_membre_mdp(request, logged_in, new_password)
|
|
request.session.flash(u"Votre mot de passe a été mis à jour avec succès.")
|
|
return HTTPFound(location=request.route_url('home'))
|
|
else:
|
|
message = u"Le mot de passe actuel n'est pas correct."
|
|
|
|
return {
|
|
'page_title': u"Changer mon mot de passe",
|
|
'url': url,
|
|
'member': member,
|
|
'message': message,
|
|
}
|
|
|
|
@view_config(route_name='redefinir_mdp', renderer='../templates/redefinir_mdp.pt')
|
|
def redefinir_mdp(request):
|
|
lien = request.matchdict["lien"]
|
|
url = request.route_url('redefinir_mdp', lien=lien)
|
|
|
|
# tester si le champ "motdepasse_oublie" est encore valide
|
|
membre = get_member_by_mdp_oublie(request, lien)
|
|
if membre:
|
|
if 'form.submitted' in request.params:
|
|
login = request.params["login"]
|
|
mdp = request.params["new_password1"]
|
|
if login == membre.cd_uti:
|
|
update_membre_mdp(request, login, mdp)
|
|
request.session.flash(u"Votre mot de passe a été modifié avec succès.", 'success')
|
|
return HTTPFound(location=request.route_url('login'))
|
|
else:
|
|
request.session.flash(u"Identifiant incorrect.", 'danger')
|
|
return HTTPFound(location=request.route_url('login'))
|
|
else:
|
|
request.session.flash(u"Le lien n'est plus valable.", 'warning')
|
|
return HTTPFound(location=request.route_url('login'))
|
|
return {
|
|
'page_title': u"Définissez votre mot de passe",
|
|
'url': url,
|
|
}
|
|
|
|
|
|
@view_config(route_name='login', renderer='../templates/login.pt', permission='view')
|
|
@forbidden_view_config(renderer='../templates/login.pt')
|
|
def login(request):
|
|
|
|
current_route_path = request.current_route_path()
|
|
login = ''
|
|
login_url = request.route_url('login')
|
|
|
|
referrer = request.url
|
|
if referrer == login_url:
|
|
referrer = '/' # never use the login form itself as came_from
|
|
|
|
came_from = request.params.get('came_from', referrer)
|
|
password = u''
|
|
message = u''
|
|
if 'form.submitted' in request.params:
|
|
login = request.params['login']
|
|
password = request.params['password']
|
|
record = get_member_by_id(request, login)
|
|
if record :
|
|
# mot de passe hash valide ?
|
|
if record.mdp == hashlib.sha1(password).hexdigest():
|
|
update_last_connection(request, login)
|
|
# force le commit car il ne se fait pas automatiquement après l'update
|
|
transaction.commit()
|
|
|
|
headers = remember(request, login)
|
|
return HTTPFound(location=came_from, headers=headers)
|
|
|
|
message = u"Email et mot de passe invalides. La connexion a échoué."
|
|
|
|
return {
|
|
'page_title': u"",
|
|
'url': login_url,
|
|
'came_from': came_from,
|
|
'login': login,
|
|
'message': message,
|
|
}
|
|
|
|
@view_config(route_name='users_list', renderer='../templates/users_list.pt', permission='manage')
|
|
def users_list(request):
|
|
# lire les utilisateurs
|
|
items = get_member_by_id(request, '0')
|
|
|
|
# construire la liste
|
|
liste=[]
|
|
for item in items:
|
|
if item.dern_cnx_le:
|
|
der_cnx_le = item.dern_cnx_le.strftime('%d/%m/%Y - %H:%M')
|
|
else:
|
|
der_cnx_le = ""
|
|
|
|
if item.actif == 0:
|
|
etat = 'Inactif'
|
|
else:
|
|
etat = ''
|
|
|
|
if item.access == 0:
|
|
role = ''
|
|
elif item.access == 8:
|
|
role = 'Compta'
|
|
elif item.access == 9:
|
|
role = 'Admin'
|
|
else:
|
|
role = 'Gestion'
|
|
|
|
d = (item.CD_UTI, item.NOM, item.email, item.agenda, role, der_cnx_le, etat)
|
|
liste.append(d)
|
|
|
|
return {
|
|
'page_title': u'Liste des utilisateurs',
|
|
'dt_data': json.dumps(liste),
|
|
}
|
|
|
|
|
|
@view_config(route_name='logout')
|
|
def logout(request):
|
|
request.session.invalidate()
|
|
headers = forget(request)
|
|
request.session.flash(u"Vous avez bien été déconnecté.")
|
|
return HTTPFound(location=request.route_url('login', login=''),
|
|
headers=headers)
|
|
|
|
|
|
|
|
def envoyerMail(request, destinataire, objet, corps):
|
|
body = u"""
|
|
|
|
%s
|
|
|
|
Cordialement,
|
|
gestion.entreprise-dumas.com
|
|
|
|
""" % (corps)
|
|
|
|
message = Message(subject=u"[Ent. Dumas] %s" % objet,
|
|
sender=request.registry.settings['mondumas.admin_email'],
|
|
body=body)
|
|
message.add_recipient(destinataire)
|
|
mailer = get_mailer(request)
|
|
|
|
mailer.send_immediately(message)
|
|
|
|
@view_config(route_name='user_edit', renderer='../templates/user_edit.pt', permission='manage')
|
|
def user_edit(request):
|
|
cd_uti = request.matchdict['cd_uti']
|
|
url = request.route_url('user_edit', cd_uti=cd_uti)
|
|
message = ''
|
|
access = ["0 | Production", "5 | Gestion", u"8 | Comptabilité", "9 | Administration"]
|
|
|
|
if cd_uti == '0':
|
|
# nouveau
|
|
individu = {}
|
|
individu['cd_uti'] = 0
|
|
individu['nom'] = ''
|
|
individu['email'] = ''
|
|
individu['access'] = '0 | Production'
|
|
individu['actif'] = 1
|
|
individu['agenda'] = 0
|
|
page_title= 'Nouvelle Fiche'
|
|
else:
|
|
# lire la fiche de l'individu
|
|
individu = get_member_by_id(request, cd_uti)
|
|
if not individu:
|
|
request.session.flash(u"Utilisateur non trouvé : %s" % cd_uti, 'warning')
|
|
return HTTPFound(location=request.route_url('users_list'))
|
|
page_title= u"Fiche de %s" %(individu.NOM)
|
|
|
|
if 'form.submitted' in request.params:
|
|
new_values = {}
|
|
for param, db_value in individu.items():
|
|
if param in request.params and request.params[param] != db_value:
|
|
new_values[param] = request.params[param]
|
|
|
|
# actif coché ?
|
|
if 'actif' in request.params:
|
|
new_values['actif'] = 1
|
|
else:
|
|
new_values['actif'] = 0
|
|
# agenda coché ?
|
|
if 'agenda' in request.params:
|
|
new_values['agenda'] = 1
|
|
else:
|
|
new_values['agenda'] = 0
|
|
|
|
if new_values:
|
|
update_membre(request, cd_uti, new_values)
|
|
request.session.flash(u"La fiche a été mise à jour avec succès.", 'success')
|
|
return HTTPFound(location=request.route_url('users_list'))
|
|
|
|
if 'form.deleted' in request.params:
|
|
delete_membre(request, cd_uti)
|
|
request.session.flash(u"La fiche a été supprimée avec succès.", 'success')
|
|
return HTTPFound(location=request.route_url('users_list'))
|
|
|
|
return {
|
|
'page_title': page_title,
|
|
'url': url,
|
|
'individu': individu,
|
|
'access': access,
|
|
'message': message,
|
|
}
|