witten
/
luminotes
Archived
1
0
Fork 0
This repository has been archived on 2023-12-16. You can view files and clone it, but cannot push or open issues or pull requests.
luminotes/model/User.py

524 lines
19 KiB
Python

import sha
import random
from copy import copy
from Persistent import Persistent, quote
from Notebook import Notebook
class User( Persistent ):
"""
A Luminotes user.
"""
SALT_CHARS = [ chr( c ) for c in range( ord( "!" ), ord( "~" ) + 1 ) if c != ord( "\\" ) ]
SALT_SIZE = 12
def __init__( self, object_id, revision = None, username = None, salt = None, password_hash = None,
email_address = None, storage_bytes = None, rate_plan = None ):
"""
Create a new user with the given credentials and information.
@type object_id: unicode
@param object_id: id of the user
@type revision: datetime or NoneType
@param revision: revision timestamp of the object (optional, defaults to now)
@type username: unicode or NoneType
@param username: unique user identifier for login purposes (optional)
@type salt: unicode or NoneType
@param salt: salt to use when hashing the password (optional, defaults to random)
@type password_hash: unicode or NoneType
@param password_hash: cryptographic hash of secret password for login purposes (optional)
@type email_address: unicode or NoneType
@param email_address: a hopefully valid email address (optional)
@type storage_bytes: int or NoneType
@param storage_bytes: count of bytes that the user is currently using for storage (optional)
@type rate_plan: int or NoneType
@param rate_plan: index into the rate plan array in config/Common.py (optional, defaults to 0)
@rtype: User
@return: newly created user
"""
Persistent.__init__( self, object_id, revision )
self.__username = username
self.__salt = salt
self.__password_hash = password_hash
self.__email_address = email_address
self.__storage_bytes = storage_bytes or 0
self.__group_storage_bytes = 0
self.__rate_plan = rate_plan or 0
@staticmethod
def create( object_id, username = None, password = None, email_address = None, rate_plan = None ):
"""
Convenience constructor for creating a new user.
@type object_id: unicode
@param object_id: id of the user
@type username: unicode or NoneType
@param username: unique user identifier for login purposes (optional)
@type password: unicode or NoneType
@param password: secret password for login purposes (optional)
@type email_address: unicode or NoneType
@param email_address: a hopefully valid email address (optional)
@type rate_plan: int or NoneType
@param rate_plan: index into the rate plan array in config/Common.py (optional, defaults to 0)
@rtype: User
@return: newly created user
"""
salt = User.__create_salt()
password_hash = User.__hash_password( salt, password )
return User( object_id, None, username, salt, password_hash, email_address, rate_plan = rate_plan )
@staticmethod
def __create_salt():
return "".join( [ random.choice( User.SALT_CHARS ) for i in range( User.SALT_SIZE ) ] )
@staticmethod
def __hash_password( salt, password ):
if password is None or len( password ) == 0:
return None
return sha.new( ( salt + password ).encode( "utf8" ) ).hexdigest()
def check_password( self, password ):
"""
Check that the given password matches this user's password.
@type password: unicode
@param password: password to check
@rtype: bool
@return: True if the password matches
"""
if self.__password_hash == None:
return False
hash = User.__hash_password( self.__salt, password )
if hash == self.__password_hash:
return True
return False
@staticmethod
def sql_load( object_id, revision = None ):
if revision:
return "select * from luminotes_user where id = %s and revision = %s;" % ( quote( object_id ), quote( revision ) )
return "select * from luminotes_user_current where id = %s;" % quote( object_id )
@staticmethod
def sql_id_exists( object_id, revision = None ):
if revision:
return "select id from luminotes_user where id = %s and revision = %s;" % ( quote( object_id ), quote( revision ) )
return "select id from luminotes_user_current where id = %s;" % quote( object_id )
def sql_exists( self ):
return User.sql_id_exists( self.object_id, self.revision )
def sql_create( self ):
return \
"insert into luminotes_user ( id, revision, username, salt, password_hash, email_address, storage_bytes, rate_plan ) " + \
"values ( %s, %s, %s, %s, %s, %s, %s, %s );" % \
( quote( self.object_id ), quote( self.revision ), quote( self.__username ),
quote( self.__salt ), quote( self.__password_hash ), quote( self.__email_address ),
self.__storage_bytes, self.__rate_plan )
def sql_update( self ):
return self.sql_create()
@staticmethod
def sql_load_by_username( username ):
return "select * from luminotes_user_current where username = %s;" % quote( username )
@staticmethod
def sql_load_by_email_address( email_address ):
return "select * from luminotes_user_current where email_address = %s;" % quote( email_address )
def sql_load_notebooks( self, parents_only = False, undeleted_only = False, read_write = False,
tag_name = None, tag_value = None, notebook_id = None,
exclude_notebook_name = None, start = 0, count = None, reverse = False ):
"""
Return a SQL string to load a list of the notebooks to which this user has access.
"""
if parents_only:
parents_only_clause = " and trash_id is not null"
else:
parents_only_clause = ""
if undeleted_only:
undeleted_only_clause = " and deleted = 'f'"
else:
undeleted_only_clause = ""
if read_write:
read_write_clause = " and user_notebook.read_write = 't'"
else:
read_write_clause = ""
if tag_name:
tag_tables = ", tag_notebook, tag"
tag_clause = \
"""
and tag_notebook.tag_id = tag.id and tag_notebook.user_id = %s and
tag_notebook.notebook_id = notebook_current.id and tag.name = %s
""" % ( quote( self.object_id ), quote( tag_name ) )
if tag_value:
tag_clause += " and tag_notebook.value = %s" % quote( tag_value )
else:
tag_tables = ""
tag_clause = ""
# useful for loading just a single notebook that the user has access to
if notebook_id:
notebook_id_clause = " and notebook_current.id = %s" % quote( notebook_id )
else:
notebook_id_clause = ""
if exclude_notebook_name:
notebook_name_clause = " and not notebook_current.name = %s" % quote( exclude_notebook_name )
else:
notebook_name_clause = ""
if reverse:
ordering = u"desc"
else:
ordering = u"asc"
if count is not None:
limit_clause = " limit %s" % count
else:
limit_clause = ""
if start:
offset_clause = " offset %s" % start
else:
offset_clause = ""
return \
"""
select
notebook_current.*, user_notebook.read_write, user_notebook.owner, user_notebook.rank, user_notebook.own_notes_only,
( select count( note_current.id )
from note_current
where note_current.notebook_id = notebook_current.id and
note_current.deleted_from_id is null )
from
user_notebook, notebook_current%s
where
user_notebook.user_id = %s%s%s%s%s%s%s and
user_notebook.notebook_id = notebook_current.id
order by user_notebook.rank, notebook_current.revision %s%s%s;
""" % ( tag_tables, quote( self.object_id ), parents_only_clause, undeleted_only_clause,
read_write_clause, tag_clause, notebook_id_clause, notebook_name_clause, ordering,
limit_clause, offset_clause )
def sql_count_notebooks( self, parents_only = False, undeleted_only = False, read_write = False,
tag_name = None, tag_value = None, exclude_notebook_name = None ):
"""
Return a SQL string to count the number notebooks to which this user has access.
"""
if parents_only:
parents_only_clause = " and trash_id is not null"
else:
parents_only_clause = ""
if undeleted_only:
undeleted_only_clause = " and deleted = 'f'"
else:
undeleted_only_clause = ""
if read_write:
read_write_clause = " and user_notebook.read_write = 't'"
else:
read_write_clause = ""
if tag_name:
tag_tables = ", tag_notebook, tag"
tag_clause = \
"""
and tag_notebook.tag_id = tag.id and tag_notebook.user_id = %s and
tag_notebook.notebook_id = notebook_current.id and tag.name = %s
""" % ( quote( self.object_id ), quote( tag_name ) )
if tag_value:
tag_clause += " and tag_notebook.value = %s" % quote( tag_value )
else:
tag_tables = ""
tag_clause = ""
if exclude_notebook_name:
notebook_name_clause = " and not notebook_current.name = %s" % quote( exclude_notebook_name )
else:
notebook_name_clause = ""
return \
"""
select
count( notebook_current.id )
from
user_notebook, notebook_current%s
where
user_notebook.user_id = %s%s%s%s%s%s and
user_notebook.notebook_id = notebook_current.id;
""" % ( tag_tables, quote( self.object_id ), parents_only_clause, undeleted_only_clause,
read_write_clause, tag_clause, notebook_name_clause )
def sql_save_notebook( self, notebook_id, read_write = True, owner = True, rank = None, own_notes_only = False ):
"""
Return a SQL string to save the id of a notebook to which this user has access.
"""
if rank is None: rank = quote( None )
return \
"insert into user_notebook ( user_id, notebook_id, read_write, owner, rank, own_notes_only ) values " + \
"( %s, %s, %s, %s, %s, %s );" % (
quote( self.object_id ),
quote( notebook_id ),
quote( read_write and 't' or 'f' ),
quote( owner and 't' or 'f' ),
rank,
quote( own_notes_only and 't' or 'f' ),
)
def sql_remove_notebook( self, notebook_id ):
"""
Return a SQL string to remove this user's access to a particular notebook.
"""
return \
"delete from user_notebook where user_id = %s and notebook_id = %s;" % ( quote( self.object_id ), quote( notebook_id ) )
def sql_has_access( self, notebook_id, read_write = False, owner = False ):
"""
Return a SQL string to determine whether this user has access to the given notebook.
"""
if read_write is True and owner is True:
return \
"select user_id from user_notebook where user_id = %s and notebook_id = %s and read_write = 't' and owner = 't';" % \
( quote( self.object_id ), quote( notebook_id ) )
elif read_write is True:
return \
"select user_id from user_notebook where user_id = %s and notebook_id = %s and read_write = 't';" % \
( quote( self.object_id ), quote( notebook_id ) )
elif owner is True:
return \
"select user_id from user_notebook where user_id = %s and notebook_id = %s and owner = 't';" % \
( quote( self.object_id ), quote( notebook_id ) )
else:
return \
"select user_id from user_notebook where user_id = %s and notebook_id = %s;" % \
( quote( self.object_id ), quote( notebook_id ) )
def sql_update_access( self, notebook_id, read_write = Notebook.READ_ONLY, owner = False ):
"""
Return a SQL string to update the user's notebook access to the given read_write and owner level.
"""
return \
"update user_notebook set read_write = %s, owner = %s, own_notes_only = %s where user_id = %s and notebook_id = %s;" % (
quote( ( read_write not in ( Notebook.READ_ONLY, False ) ) and 't' or 'f' ),
quote( owner and 't' or 'f' ),
quote( ( read_write == Notebook.READ_WRITE_FOR_OWN_NOTES ) and 't' or 'f' ),
quote( self.object_id ),
quote( notebook_id ),
)
def sql_save_notebook_tag( self, notebook_id, tag_id, value = None ):
"""
Return a SQL string to associate a tag with a notebook of this user.
"""
return \
"insert into tag_notebook ( notebook_id, tag_id, value, user_id ) values " + \
"( %s, %s, %s, %s );" % ( quote( notebook_id ), quote( tag_id ), quote( value ), quote( self.object_id ) )
def sql_update_notebook_rank( self, notebook_id, rank ):
"""
Return a SQL string to update the user's rank for the given notebook.
"""
return \
"update user_notebook set rank = %s where user_id = %s and notebook_id = %s;" % \
( quote( rank ), quote( self.object_id ), quote( notebook_id ) )
def sql_highest_notebook_rank( self ):
"""
Return a SQL string to determine the highest numbered rank of all notebooks the user has access to."
"""
return "select coalesce( max( rank ), -1 ) from user_notebook where user_id = %s;" % quote( self.object_id )
def sql_load_groups( self ):
"""
Return a SQL string to load a list of the groups to which this user has membership.
"""
return \
"""
select
luminotes_group_current.*, user_group.admin
from
user_group, luminotes_group_current
where
user_group.user_id = %s and
user_group.group_id = luminotes_group_current.id
order by luminotes_group_current.name;
""" % quote( self.object_id )
def sql_save_group( self, group_id, admin = False ):
"""
Return a SQL string to save the id of a group to which this user has membership.
"""
return \
"insert into user_group ( user_id, group_id, admin ) values " + \
"( %s, %s, %s );" % ( quote( self.object_id ), quote( group_id ), quote( admin and 't' or 'f' ) )
def sql_remove_group( self, group_id ):
"""
Return a SQL string to remove this user's membership to a particular group.
"""
return \
"delete from user_group where user_id = %s and group_id = %s;" % ( quote( self.object_id ), quote( group_id ) )
def sql_in_group( self, group_id, admin = False ):
"""
Return a SQL string to determine whether this has membership to the given group.
"""
if admin is True:
return \
"select user_id from user_group where user_id = %s and group_id = %s and admin = 't';" % \
( quote( self.object_id ), quote( group_id ) )
else:
return \
"select user_id from user_group where user_id = %s and group_id = %s;" % \
( quote( self.object_id ), quote( group_id ) )
def sql_update_group_admin( self, group_id, admin = False ):
"""
Return a SQL string to update the user's group membership to have the given admin flag.
"""
return \
"update user_group set admin = %s where user_id = %s and group_id = %s;" % \
( quote( admin and 't' or 'f' ), quote( self.object_id ), quote( group_id ) )
@staticmethod
def sql_revoke_invite_access( notebook_id, trash_id, email_address ):
return \
"""
delete from
user_notebook
where
notebook_id in ( %s, %s ) and
user_notebook.user_id in (
select
redeemed_user_id
from
invite
where
notebook_id = %s and
email_address = %s
);
""" % ( quote( notebook_id ), quote( trash_id ), quote( notebook_id ), quote( email_address ) )
def sql_calculate_storage( self, database_backend ):
"""
Return a SQL string to calculate the total bytes of storage usage by this user. This includes
storage for all the user's notes (including past revisions) and their uploaded files. It does
not include storage for the notebooks themselves.
"""
if database_backend == Persistent.POSTGRESQL_BACKEND:
# this counts bytes for the contents of each column
note_size_clause = "pg_column_size( note.* )"
else:
# this isn't perfect, because length() counts UTF-8 characters instead of bytes.
# some columns are left out because they can be null, which screws up the addition
note_size_clause = \
"""
length( note.id ) + length( note.revision ) + length( note.title ) + length( note.contents ) +
length( note.notebook_id ) + length( note.startup ) + length( note.user_id )
"""
return \
"""
select * from (
select
coalesce( sum( %s ), 0 )
from
user_notebook, note
where
user_notebook.user_id = %s and
user_notebook.owner = 't' and
note.notebook_id = user_notebook.notebook_id
) as note_storage,
(
select
coalesce( sum( file.size_bytes ), 0 )
from
user_notebook, file
where
user_notebook.user_id = %s and
user_notebook.owner = 't' and
file.notebook_id = user_notebook.notebook_id
) as file_storage;
""" % ( note_size_clause, quote( self.object_id ), quote( self.object_id ) )
def sql_calculate_group_storage( self ):
"""
Return a SQL string to calculate the total bytes of storage usage for all groups that this user
is a member of. This includes the cumulative storage of all users in these groups.
"""
return \
"""
select coalesce( sum( storage_bytes ), 0 ) from (
select
distinct user_id, storage_bytes
from
user_group, luminotes_user_current
where
group_id in (
select
group_id
from
user_group
where
user_id = %s
) and
user_id = luminotes_user_current.id
) as sub;
""" % quote( self.object_id )
def to_dict( self ):
d = Persistent.to_dict( self )
d.update( dict(
username = self.username,
email_address = self.__email_address,
storage_bytes = self.__storage_bytes,
group_storage_bytes = self.__group_storage_bytes,
rate_plan = self.__rate_plan,
) )
return d
def __set_email_address( self, email_address ):
self.update_revision()
self.__email_address = email_address
def __set_password( self, password ):
self.update_revision()
self.__salt = User.__create_salt()
self.__password_hash = User.__hash_password( self.__salt, password )
def __set_storage_bytes( self, storage_bytes ):
self.update_revision()
self.__storage_bytes = storage_bytes
def __set_group_storage_bytes( self, group_storage_bytes ):
# The group_storage_bytes member isn't actually saved to the database, so setting it doesn't
# need to call update_revision().
self.__group_storage_bytes = group_storage_bytes
def __set_rate_plan( self, rate_plan ):
self.update_revision()
self.__rate_plan = rate_plan
username = property( lambda self: self.__username )
email_address = property( lambda self: self.__email_address, __set_email_address )
password = property( None, __set_password )
storage_bytes = property( lambda self: self.__group_storage_bytes or self.__storage_bytes, __set_storage_bytes )
group_storage_bytes = property( lambda self: self.__group_storage_bytes, __set_group_storage_bytes )
rate_plan = property( lambda self: self.__rate_plan, __set_rate_plan )