liquid_feedback_frontend
annotate model/member.lua @ 9:0ee1e0c42d4c
Version beta5
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.
Changing of name and login is possible while a history of these changes is written and accessible by all users.
Statistics shown in area list
Trimming of user input also converts multiple whitespaces to single space character.
| author | bsw |
|---|---|
| date | Mon Jan 04 12:00:00 2010 +0100 (2010-01-04) |
| parents | 8d91bccab0bf |
| children | 72c5e0ee7c98 |
| rev | line source |
|---|---|
| bsw/jbe@0 | 1 Member = mondelefant.new_class() |
| bsw/jbe@0 | 2 Member.table = 'member' |
| bsw/jbe@0 | 3 |
| bsw/jbe@0 | 4 Member:add_reference{ |
| bsw@9 | 5 mode = "1m", |
| bsw@9 | 6 to = "MemberHistory", |
| bsw@9 | 7 this_key = 'id', |
| bsw@9 | 8 that_key = 'member_id', |
| bsw@9 | 9 ref = 'history_entries', |
| bsw@9 | 10 back_ref = 'member' |
| bsw@9 | 11 } |
| bsw@9 | 12 |
| bsw@9 | 13 Member:add_reference{ |
| bsw/jbe@4 | 14 mode = '1m', |
| bsw@2 | 15 to = "MemberImage", |
| bsw@2 | 16 this_key = 'id', |
| bsw@2 | 17 that_key = 'member_id', |
| bsw/jbe@4 | 18 ref = 'images', |
| bsw@2 | 19 back_ref = 'member' |
| bsw@2 | 20 } |
| bsw@2 | 21 |
| bsw@2 | 22 Member:add_reference{ |
| bsw/jbe@0 | 23 mode = '1m', |
| bsw/jbe@0 | 24 to = "Contact", |
| bsw/jbe@0 | 25 this_key = 'id', |
| bsw/jbe@0 | 26 that_key = 'member_id', |
| bsw/jbe@0 | 27 ref = 'contacts', |
| bsw/jbe@0 | 28 back_ref = 'member', |
| bsw/jbe@0 | 29 default_order = '"other_member_id"' |
| bsw/jbe@0 | 30 } |
| bsw/jbe@0 | 31 |
| bsw/jbe@0 | 32 Member:add_reference{ |
| bsw/jbe@0 | 33 mode = '1m', |
| bsw/jbe@0 | 34 to = "Contact", |
| bsw/jbe@0 | 35 this_key = 'id', |
| bsw/jbe@0 | 36 that_key = 'member_id', |
| bsw/jbe@0 | 37 ref = 'foreign_contacts', |
| bsw/jbe@0 | 38 back_ref = 'other_member', |
| bsw/jbe@0 | 39 default_order = '"member_id"' |
| bsw/jbe@0 | 40 } |
| bsw/jbe@0 | 41 |
| bsw/jbe@0 | 42 Member:add_reference{ |
| bsw/jbe@0 | 43 mode = '1m', |
| bsw/jbe@0 | 44 to = "Session", |
| bsw/jbe@0 | 45 this_key = 'id', |
| bsw/jbe@0 | 46 that_key = 'member_id', |
| bsw/jbe@0 | 47 ref = 'sessions', |
| bsw/jbe@0 | 48 back_ref = 'member', |
| bsw/jbe@0 | 49 default_order = '"ident"' |
| bsw/jbe@0 | 50 } |
| bsw/jbe@0 | 51 |
| bsw/jbe@0 | 52 Member:add_reference{ |
| bsw/jbe@0 | 53 mode = '1m', |
| bsw/jbe@0 | 54 to = "Draft", |
| bsw/jbe@0 | 55 this_key = 'id', |
| bsw/jbe@0 | 56 that_key = 'author_id', |
| bsw/jbe@0 | 57 ref = 'drafts', |
| bsw/jbe@0 | 58 back_ref = 'author', |
| bsw/jbe@0 | 59 default_order = '"id"' |
| bsw/jbe@0 | 60 } |
| bsw/jbe@0 | 61 |
| bsw/jbe@0 | 62 Member:add_reference{ |
| bsw/jbe@0 | 63 mode = '1m', |
| bsw/jbe@0 | 64 to = "Suggestion", |
| bsw/jbe@0 | 65 this_key = 'id', |
| bsw/jbe@0 | 66 that_key = 'author_id', |
| bsw/jbe@0 | 67 ref = 'suggestions', |
| bsw/jbe@0 | 68 back_ref = 'author', |
| bsw/jbe@0 | 69 default_order = '"id"' |
| bsw/jbe@0 | 70 } |
| bsw/jbe@0 | 71 |
| bsw/jbe@0 | 72 Member:add_reference{ |
| bsw/jbe@0 | 73 mode = '1m', |
| bsw/jbe@0 | 74 to = "Membership", |
| bsw/jbe@0 | 75 this_key = 'id', |
| bsw/jbe@0 | 76 that_key = 'member_id', |
| bsw/jbe@0 | 77 ref = 'memberships', |
| bsw/jbe@0 | 78 back_ref = 'member', |
| bsw/jbe@0 | 79 default_order = '"area_id"' |
| bsw/jbe@0 | 80 } |
| bsw/jbe@0 | 81 |
| bsw/jbe@0 | 82 Member:add_reference{ |
| bsw/jbe@0 | 83 mode = '1m', |
| bsw/jbe@0 | 84 to = "Interest", |
| bsw/jbe@0 | 85 this_key = 'id', |
| bsw/jbe@0 | 86 that_key = 'member_id', |
| bsw/jbe@0 | 87 ref = 'interests', |
| bsw/jbe@0 | 88 back_ref = 'member', |
| bsw/jbe@0 | 89 default_order = '"id"' |
| bsw/jbe@0 | 90 } |
| bsw/jbe@0 | 91 |
| bsw/jbe@0 | 92 Member:add_reference{ |
| bsw/jbe@0 | 93 mode = '1m', |
| bsw/jbe@0 | 94 to = "Initiator", |
| bsw/jbe@0 | 95 this_key = 'id', |
| bsw/jbe@0 | 96 that_key = 'member_id', |
| bsw/jbe@0 | 97 ref = 'initiators', |
| bsw/jbe@0 | 98 back_ref = 'member', |
| bsw/jbe@0 | 99 default_order = '"id"' |
| bsw/jbe@0 | 100 } |
| bsw/jbe@0 | 101 |
| bsw/jbe@0 | 102 Member:add_reference{ |
| bsw/jbe@0 | 103 mode = '1m', |
| bsw/jbe@0 | 104 to = "Supporter", |
| bsw/jbe@0 | 105 this_key = 'id', |
| bsw/jbe@0 | 106 that_key = 'member_id', |
| bsw/jbe@0 | 107 ref = 'supporters', |
| bsw@2 | 108 back_ref = 'member' |
| bsw/jbe@0 | 109 } |
| bsw/jbe@0 | 110 |
| bsw/jbe@0 | 111 Member:add_reference{ |
| bsw/jbe@0 | 112 mode = '1m', |
| bsw/jbe@0 | 113 to = "Opinion", |
| bsw/jbe@0 | 114 this_key = 'id', |
| bsw/jbe@0 | 115 that_key = 'member_id', |
| bsw/jbe@0 | 116 ref = 'opinions', |
| bsw/jbe@0 | 117 back_ref = 'member', |
| bsw/jbe@0 | 118 default_order = '"id"' |
| bsw/jbe@0 | 119 } |
| bsw/jbe@0 | 120 |
| bsw/jbe@0 | 121 Member:add_reference{ |
| bsw/jbe@0 | 122 mode = '1m', |
| bsw/jbe@0 | 123 to = "Delegation", |
| bsw/jbe@0 | 124 this_key = 'id', |
| bsw/jbe@0 | 125 that_key = 'truster_id', |
| bsw/jbe@0 | 126 ref = 'outgoing_delegations', |
| bsw/jbe@0 | 127 back_ref = 'truster', |
| bsw/jbe@0 | 128 default_order = '"id"' |
| bsw/jbe@0 | 129 } |
| bsw/jbe@0 | 130 |
| bsw/jbe@0 | 131 Member:add_reference{ |
| bsw/jbe@0 | 132 mode = '1m', |
| bsw/jbe@0 | 133 to = "Delegation", |
| bsw/jbe@0 | 134 this_key = 'id', |
| bsw/jbe@0 | 135 that_key = 'trustee_id', |
| bsw/jbe@0 | 136 ref = 'incoming_delegations', |
| bsw/jbe@0 | 137 back_ref = 'trustee', |
| bsw/jbe@0 | 138 default_order = '"id"' |
| bsw/jbe@0 | 139 } |
| bsw/jbe@0 | 140 |
| bsw/jbe@0 | 141 Member:add_reference{ |
| bsw/jbe@0 | 142 mode = '1m', |
| bsw/jbe@0 | 143 to = "DirectVoter", |
| bsw/jbe@0 | 144 this_key = 'id', |
| bsw/jbe@0 | 145 that_key = 'member_id', |
| bsw/jbe@0 | 146 ref = 'direct_voter', |
| bsw/jbe@0 | 147 back_ref = 'member', |
| bsw/jbe@0 | 148 default_order = '"issue_id"' |
| bsw/jbe@0 | 149 } |
| bsw/jbe@0 | 150 |
| bsw/jbe@0 | 151 Member:add_reference{ |
| bsw/jbe@0 | 152 mode = '1m', |
| bsw/jbe@0 | 153 to = "Vote", |
| bsw/jbe@0 | 154 this_key = 'id', |
| bsw/jbe@0 | 155 that_key = 'member_id', |
| bsw/jbe@0 | 156 ref = 'vote', |
| bsw/jbe@0 | 157 back_ref = 'member', |
| bsw/jbe@0 | 158 default_order = '"issue_id", "initiative_id"' |
| bsw/jbe@0 | 159 } |
| bsw/jbe@0 | 160 |
| bsw/jbe@0 | 161 Member:add_reference{ |
| bsw/jbe@0 | 162 mode = 'mm', |
| bsw/jbe@0 | 163 to = "Member", |
| bsw/jbe@0 | 164 this_key = 'id', |
| bsw/jbe@0 | 165 that_key = 'id', |
| bsw/jbe@0 | 166 connected_by_table = 'contact', |
| bsw/jbe@0 | 167 connected_by_this_key = 'member_id', |
| bsw/jbe@0 | 168 connected_by_that_key = 'other_member_id', |
| bsw/jbe@0 | 169 ref = 'saved_members', |
| bsw/jbe@0 | 170 } |
| bsw/jbe@0 | 171 |
| bsw/jbe@0 | 172 Member:add_reference{ |
| bsw/jbe@0 | 173 mode = 'mm', |
| bsw/jbe@0 | 174 to = "Member", |
| bsw/jbe@0 | 175 this_key = 'id', |
| bsw/jbe@0 | 176 that_key = 'id', |
| bsw/jbe@0 | 177 connected_by_table = 'contact', |
| bsw/jbe@0 | 178 connected_by_this_key = 'other_member_id', |
| bsw/jbe@0 | 179 connected_by_that_key = 'member_id', |
| bsw/jbe@0 | 180 ref = 'saved_by_members', |
| bsw/jbe@0 | 181 } |
| bsw/jbe@0 | 182 |
| bsw/jbe@0 | 183 Member:add_reference{ |
| bsw/jbe@0 | 184 mode = 'mm', |
| bsw/jbe@0 | 185 to = "Area", |
| bsw/jbe@0 | 186 this_key = 'id', |
| bsw/jbe@0 | 187 that_key = 'id', |
| bsw/jbe@0 | 188 connected_by_table = 'membership', |
| bsw/jbe@0 | 189 connected_by_this_key = 'member_id', |
| bsw/jbe@0 | 190 connected_by_that_key = 'area_id', |
| bsw/jbe@0 | 191 ref = 'areas' |
| bsw/jbe@0 | 192 } |
| bsw/jbe@0 | 193 |
| bsw/jbe@0 | 194 Member:add_reference{ |
| bsw/jbe@0 | 195 mode = 'mm', |
| bsw/jbe@0 | 196 to = "Issue", |
| bsw/jbe@0 | 197 this_key = 'id', |
| bsw/jbe@0 | 198 that_key = 'id', |
| bsw/jbe@0 | 199 connected_by_table = 'interest', |
| bsw/jbe@0 | 200 connected_by_this_key = 'member_id', |
| bsw/jbe@0 | 201 connected_by_that_key = 'issue_id', |
| bsw/jbe@0 | 202 ref = 'issues' |
| bsw/jbe@0 | 203 } |
| bsw/jbe@0 | 204 |
| bsw/jbe@0 | 205 Member:add_reference{ |
| bsw/jbe@0 | 206 mode = 'mm', |
| bsw/jbe@0 | 207 to = "Initiative", |
| bsw/jbe@0 | 208 this_key = 'id', |
| bsw/jbe@0 | 209 that_key = 'id', |
| bsw/jbe@0 | 210 connected_by_table = 'initiator', |
| bsw/jbe@0 | 211 connected_by_this_key = 'member_id', |
| bsw/jbe@0 | 212 connected_by_that_key = 'initiative_id', |
| bsw/jbe@0 | 213 ref = 'initiated_initiatives' |
| bsw/jbe@0 | 214 } |
| bsw/jbe@0 | 215 |
| bsw/jbe@0 | 216 Member:add_reference{ |
| bsw/jbe@0 | 217 mode = 'mm', |
| bsw/jbe@0 | 218 to = "Initiative", |
| bsw/jbe@0 | 219 this_key = 'id', |
| bsw/jbe@0 | 220 that_key = 'id', |
| bsw/jbe@0 | 221 connected_by_table = 'supporter', |
| bsw/jbe@0 | 222 connected_by_this_key = 'member_id', |
| bsw/jbe@0 | 223 connected_by_that_key = 'initiative_id', |
| bsw/jbe@0 | 224 ref = 'supported_initiatives' |
| bsw/jbe@0 | 225 } |
| bsw/jbe@0 | 226 |
| bsw/jbe@0 | 227 function Member.object:set_password(password) |
| bsw/jbe@0 | 228 local hash = os.crypt( |
| bsw/jbe@0 | 229 password, |
| bsw/jbe@0 | 230 "$1$" .. multirand.string( |
| bsw/jbe@0 | 231 8, |
| bsw/jbe@0 | 232 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./" |
| bsw/jbe@0 | 233 ) |
| bsw/jbe@0 | 234 ) |
| bsw/jbe@0 | 235 assert(hash, "os.crypt failed") |
| bsw/jbe@0 | 236 self.password = hash |
| bsw/jbe@0 | 237 end |
| bsw/jbe@0 | 238 |
| bsw/jbe@0 | 239 function Member.object:check_password(password) |
| bsw/jbe@0 | 240 if type(password) == "string" and type(self.password) == "string" then |
| bsw/jbe@0 | 241 return os.crypt(password, self.password) == self.password |
| bsw/jbe@0 | 242 else |
| bsw/jbe@0 | 243 return false |
| bsw/jbe@0 | 244 end |
| bsw/jbe@0 | 245 end |
| bsw/jbe@0 | 246 |
| bsw/jbe@0 | 247 function Member.object_get:published_contacts() |
| bsw/jbe@0 | 248 return Member:new_selector() |
| bsw/jbe@0 | 249 :join('"contact"', nil, '"contact"."other_member_id" = "member"."id"') |
| bsw/jbe@0 | 250 :add_where{ '"contact"."member_id" = ?', self.id } |
| bsw/jbe@0 | 251 :add_where("public") |
| bsw/jbe@0 | 252 :exec() |
| bsw/jbe@0 | 253 end |
| bsw/jbe@0 | 254 |
| bsw/jbe@0 | 255 function Member:by_login_and_password(login, password) |
| bsw/jbe@0 | 256 local selector = self:new_selector() |
| bsw/jbe@5 | 257 selector:add_where{'"login" = ?', login } |
| bsw/jbe@0 | 258 selector:add_where('"active"') |
| bsw/jbe@0 | 259 selector:optional_object_mode() |
| bsw/jbe@0 | 260 local member = selector:exec() |
| bsw/jbe@0 | 261 if member and member:check_password(password) then |
| bsw/jbe@0 | 262 return member |
| bsw/jbe@0 | 263 else |
| bsw/jbe@0 | 264 return nil |
| bsw/jbe@0 | 265 end |
| bsw/jbe@0 | 266 end |
| bsw/jbe@0 | 267 |
| bsw/jbe@5 | 268 function Member:by_login(login) |
| bsw/jbe@5 | 269 local selector = self:new_selector() |
| bsw/jbe@5 | 270 selector:add_where{'"login" = ?', login } |
| bsw/jbe@5 | 271 selector:optional_object_mode() |
| bsw/jbe@5 | 272 return selector:exec() |
| bsw/jbe@5 | 273 end |
| bsw/jbe@5 | 274 |
| bsw/jbe@5 | 275 function Member:by_name(name) |
| bsw/jbe@5 | 276 local selector = self:new_selector() |
| bsw/jbe@5 | 277 selector:add_where{'"name" = ?', name } |
| bsw/jbe@5 | 278 selector:optional_object_mode() |
| bsw/jbe@5 | 279 return selector:exec() |
| bsw/jbe@5 | 280 end |
| bsw/jbe@5 | 281 |
| bsw@2 | 282 function Member:get_search_selector(search_string) |
| bsw/jbe@0 | 283 return self:new_selector() |
| bsw@2 | 284 :add_field( {'"highlight"("member"."name", ?)', search_string }, "name_highlighted") |
| bsw@2 | 285 :add_where{ '"member"."text_search_data" @@ "text_search_query"(?)', search_string } |
| bsw/jbe@0 | 286 :add_where("active") |
| bsw/jbe@0 | 287 end |
| bsw@2 | 288 |
| bsw/jbe@6 | 289 function Member.object:set_notify_email(notify_email) |
| bsw/jbe@6 | 290 local expiry = db:query("SELECT now() + '7 days'::interval as expiry", "object").expiry |
| bsw/jbe@6 | 291 self.notify_email_unconfirmed = notify_email |
| bsw/jbe@6 | 292 self.notify_email_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" ) |
| bsw/jbe@6 | 293 self.notify_email_secret_expiry = expiry |
| bsw/jbe@6 | 294 local content = slot.use_temporary(function() |
| bsw/jbe@6 | 295 slot.put(_"Hello " .. self.name .. ",\n\n") |
| bsw/jbe@6 | 296 slot.put(_"Please confirm your email address by clicking the following link:\n\n") |
| bsw/jbe@6 | 297 slot.put(config.absolute_base_url .. "index/confirm_notify_email.html?secret=" .. self.notify_email_secret .. "\n\n") |
| bsw/jbe@6 | 298 slot.put(_"If this link is not working, please open following url in your web browser:\n\n") |
| bsw/jbe@6 | 299 slot.put(config.absolute_base_url .. "index/confirm_notify_email.html\n\n") |
| bsw/jbe@6 | 300 slot.put(_"On that page please enter the confirmation code:\n\n") |
| bsw/jbe@6 | 301 slot.put(self.notify_email_secret .. "\n\n") |
| bsw/jbe@6 | 302 end) |
| bsw/jbe@6 | 303 local success = net.send_mail{ |
| bsw/jbe@6 | 304 envelope_from = config.mail_envelope_from, |
| bsw/jbe@6 | 305 from = config.mail_from, |
| bsw/jbe@6 | 306 reply_to = config.mail_reply_to, |
| bsw/jbe@6 | 307 to = self.notify_email_unconfirmed, |
| bsw/jbe@6 | 308 subject = config.mail_subject_prefix .. _"Email confirmation request", |
| bsw/jbe@6 | 309 content_type = "text/plain; charset=UTF-8", |
| bsw/jbe@6 | 310 content = content |
| bsw/jbe@6 | 311 } |
| bsw/jbe@6 | 312 return success |
| bsw/jbe@6 | 313 end |