diff --git a/mia_core/models.py b/mia_core/models.py index 43fb124..1cb31d0 100644 --- a/mia_core/models.py +++ b/mia_core/models.py @@ -18,10 +18,14 @@ """The data models of the Mia core application. """ -from dirtyfields import DirtyFieldsMixin -from django.db import models, connection, OperationalError +import hashlib -from mia_core.utils import get_multi_lingual_attr, set_multi_lingual_attr +from dirtyfields import DirtyFieldsMixin +from django.conf import settings +from django.db import models, connection, OperationalError, transaction + +from mia_core.utils import get_multi_lingual_attr, set_multi_lingual_attr, \ + new_pk class Country(DirtyFieldsMixin, models.Model): @@ -113,10 +117,33 @@ class User(DirtyFieldsMixin, models.Model): return "%s (%s)" % ( self.name.__str__(), self.login_id.__str__()) + def save(self, current_user=None, force_insert=False, force_update=False, + using=None, update_fields=None): + if self.pk is None: + self.pk = new_pk(User) + if current_user is not None: + self.created_by = current_user + if current_user is not None: + self.updated_by = current_user + with transaction.atomic(): + super(User, self).save( + force_insert=force_insert, force_update=force_update, + using=using, update_fields=update_fields) + class Meta: db_table = "users" app_label = "mia_core" + def set_digest_password(self, login_id, password): + self.password = self.md5( + F"{login_id}:{settings.DIGEST_REALM}:{password}") + + @staticmethod + def md5(value): + m = hashlib.md5() + m.update(value.encode("utf-8")) + return m.hexdigest() + def is_in_use(self): """Returns whether this user is in use. diff --git a/mia_core/urls.py b/mia_core/urls.py index bdd1773..6ddb07e 100644 --- a/mia_core/urls.py +++ b/mia_core/urls.py @@ -28,12 +28,10 @@ app_name = "mia_core" urlpatterns = [ path("users", views.UserListView.as_view(), name="users"), path("users/create", views.user_form, name="users.create"), - # TODO: To be done. - path("users/store", views.todo, name="users.store"), + path("users/store", views.user_store, name="users.store"), path("users/", views.UserView.as_view(), name="users.detail"), path("users//edit", views.user_form, name="users.edit"), - # TODO: To be done. - path("users//update", views.todo, name="users.update"), + path("users//update", views.user_store, name="users.update"), # TODO: To be done. path("users//delete", views.todo, name="users.delete"), # TODO: To be done. diff --git a/mia_core/views.py b/mia_core/views.py index 829e6c8..0ca57c2 100644 --- a/mia_core/views.py +++ b/mia_core/views.py @@ -23,7 +23,9 @@ from django.contrib.auth import logout as logout_user from django.contrib.messages.views import SuccessMessageMixin from django.http import HttpResponse, JsonResponse from django.shortcuts import redirect, render +from django.urls import reverse from django.utils.decorators import method_decorator +from django.utils.translation import gettext_noop from django.views.decorators.http import require_POST, require_GET from django.views.generic import DeleteView as CoreDeleteView, ListView, \ DetailView @@ -32,6 +34,7 @@ from . import stored_post from .digest_auth import login_required from .forms import UserForm from .models import User +from .utils import strip_post class DeleteView(SuccessMessageMixin, CoreDeleteView): @@ -105,6 +108,44 @@ def user_form(request, user=None): }) +def user_store(request, user=None): + """The view to store a user. + + Args: + request (HttpRequest): The request. + user (Account): The user. + + Returns: + HttpResponseRedirect: The response. + """ + post = request.POST.dict() + strip_post(post) + form = UserForm(post) + form.user = user + form.current_user = request.user + if not form.is_valid(): + if user is None: + url = reverse("mia_core:users.create") + else: + url = reverse("mia_core:users.edit", args=(user,)) + return stored_post.error_redirect(request, url, post) + if user is None: + user = User() + user.login_id = form["login_id"].value() + if form["password"].value() is not None: + user.set_digest_password( + form["login_id"].value(), form["password"].value()) + user.name = form["name"].value() + user.is_disabled = form["is_disabled"].value() + if not user.is_dirty(): + message = gettext_noop("This user account was not modified.") + else: + user.save(current_user=request.user) + message = gettext_noop("This user account was saved successfully.") + messages.success(request, message) + return redirect("mia_core:users.detail", user) + + def api_users_exists(request, login_id): """The view to check whether a user with a log in ID exists.