liquid_feedback_frontend

annotate model/member.lua @ 224:bf735d8095aa

find changesets by author, revision, files, or words in the commit message
Fixed security related bug, security tokens were exposed through trace output.
author bsw
date Tue May 17 03:23:16 2011 +0200 (2011-05-17)
parents 5e35add677ee
children 7196685f9dd7 a34142b39bd8
rev   line source
bsw/jbe@0 1 Member = mondelefant.new_class()
bsw/jbe@0 2 Member.table = 'member'
bsw/jbe@0 3
bsw/jbe@0 4 Member:add_reference{
bsw@9 5 mode = "1m",
bsw@9 6 to = "MemberHistory",
bsw@9 7 this_key = 'id',
bsw@9 8 that_key = 'member_id',
bsw@9 9 ref = 'history_entries',
bsw@9 10 back_ref = 'member'
bsw@9 11 }
bsw@9 12
bsw@9 13 Member:add_reference{
bsw/jbe@4 14 mode = '1m',
bsw@2 15 to = "MemberImage",
bsw@2 16 this_key = 'id',
bsw@2 17 that_key = 'member_id',
bsw/jbe@4 18 ref = 'images',
bsw@2 19 back_ref = 'member'
bsw@2 20 }
bsw@2 21
bsw@2 22 Member:add_reference{
bsw/jbe@0 23 mode = '1m',
bsw/jbe@0 24 to = "Contact",
bsw/jbe@0 25 this_key = 'id',
bsw/jbe@0 26 that_key = 'member_id',
bsw/jbe@0 27 ref = 'contacts',
bsw/jbe@0 28 back_ref = 'member',
bsw/jbe@0 29 default_order = '"other_member_id"'
bsw/jbe@0 30 }
bsw/jbe@0 31
bsw/jbe@0 32 Member:add_reference{
bsw/jbe@0 33 mode = '1m',
bsw/jbe@0 34 to = "Contact",
bsw/jbe@0 35 this_key = 'id',
bsw/jbe@0 36 that_key = 'member_id',
bsw/jbe@0 37 ref = 'foreign_contacts',
bsw/jbe@0 38 back_ref = 'other_member',
bsw/jbe@0 39 default_order = '"member_id"'
bsw/jbe@0 40 }
bsw/jbe@0 41
bsw/jbe@0 42 Member:add_reference{
bsw/jbe@0 43 mode = '1m',
bsw/jbe@0 44 to = "Session",
bsw/jbe@0 45 this_key = 'id',
bsw/jbe@0 46 that_key = 'member_id',
bsw/jbe@0 47 ref = 'sessions',
bsw/jbe@0 48 back_ref = 'member',
bsw/jbe@0 49 default_order = '"ident"'
bsw/jbe@0 50 }
bsw/jbe@0 51
bsw/jbe@0 52 Member:add_reference{
bsw/jbe@0 53 mode = '1m',
bsw/jbe@0 54 to = "Draft",
bsw/jbe@0 55 this_key = 'id',
bsw/jbe@0 56 that_key = 'author_id',
bsw/jbe@0 57 ref = 'drafts',
bsw/jbe@0 58 back_ref = 'author',
bsw/jbe@0 59 default_order = '"id"'
bsw/jbe@0 60 }
bsw/jbe@0 61
bsw/jbe@0 62 Member:add_reference{
bsw/jbe@0 63 mode = '1m',
bsw/jbe@0 64 to = "Suggestion",
bsw/jbe@0 65 this_key = 'id',
bsw/jbe@0 66 that_key = 'author_id',
bsw/jbe@0 67 ref = 'suggestions',
bsw/jbe@0 68 back_ref = 'author',
bsw/jbe@0 69 default_order = '"id"'
bsw/jbe@0 70 }
bsw/jbe@0 71
bsw/jbe@0 72 Member:add_reference{
bsw/jbe@0 73 mode = '1m',
bsw/jbe@0 74 to = "Membership",
bsw/jbe@0 75 this_key = 'id',
bsw/jbe@0 76 that_key = 'member_id',
bsw/jbe@0 77 ref = 'memberships',
bsw/jbe@0 78 back_ref = 'member',
bsw/jbe@0 79 default_order = '"area_id"'
bsw/jbe@0 80 }
bsw/jbe@0 81
bsw/jbe@0 82 Member:add_reference{
bsw/jbe@0 83 mode = '1m',
bsw/jbe@0 84 to = "Interest",
bsw/jbe@0 85 this_key = 'id',
bsw/jbe@0 86 that_key = 'member_id',
bsw/jbe@0 87 ref = 'interests',
bsw/jbe@0 88 back_ref = 'member',
bsw/jbe@0 89 default_order = '"id"'
bsw/jbe@0 90 }
bsw/jbe@0 91
bsw/jbe@0 92 Member:add_reference{
bsw/jbe@0 93 mode = '1m',
bsw/jbe@0 94 to = "Initiator",
bsw/jbe@0 95 this_key = 'id',
bsw/jbe@0 96 that_key = 'member_id',
bsw/jbe@0 97 ref = 'initiators',
bsw@10 98 back_ref = 'member'
bsw/jbe@0 99 }
bsw/jbe@0 100
bsw/jbe@0 101 Member:add_reference{
bsw/jbe@0 102 mode = '1m',
bsw/jbe@0 103 to = "Supporter",
bsw/jbe@0 104 this_key = 'id',
bsw/jbe@0 105 that_key = 'member_id',
bsw/jbe@0 106 ref = 'supporters',
bsw@2 107 back_ref = 'member'
bsw/jbe@0 108 }
bsw/jbe@0 109
bsw/jbe@0 110 Member:add_reference{
bsw/jbe@0 111 mode = '1m',
bsw/jbe@0 112 to = "Opinion",
bsw/jbe@0 113 this_key = 'id',
bsw/jbe@0 114 that_key = 'member_id',
bsw/jbe@0 115 ref = 'opinions',
bsw/jbe@0 116 back_ref = 'member',
bsw/jbe@0 117 default_order = '"id"'
bsw/jbe@0 118 }
bsw/jbe@0 119
bsw/jbe@0 120 Member:add_reference{
bsw/jbe@0 121 mode = '1m',
bsw/jbe@0 122 to = "Delegation",
bsw/jbe@0 123 this_key = 'id',
bsw/jbe@0 124 that_key = 'truster_id',
bsw/jbe@0 125 ref = 'outgoing_delegations',
bsw/jbe@0 126 back_ref = 'truster',
bsw/jbe@0 127 default_order = '"id"'
bsw/jbe@0 128 }
bsw/jbe@0 129
bsw/jbe@0 130 Member:add_reference{
bsw/jbe@0 131 mode = '1m',
bsw/jbe@0 132 to = "Delegation",
bsw/jbe@0 133 this_key = 'id',
bsw/jbe@0 134 that_key = 'trustee_id',
bsw/jbe@0 135 ref = 'incoming_delegations',
bsw/jbe@0 136 back_ref = 'trustee',
bsw/jbe@0 137 default_order = '"id"'
bsw/jbe@0 138 }
bsw/jbe@0 139
bsw/jbe@0 140 Member:add_reference{
bsw/jbe@0 141 mode = '1m',
bsw/jbe@0 142 to = "DirectVoter",
bsw/jbe@0 143 this_key = 'id',
bsw/jbe@0 144 that_key = 'member_id',
bsw/jbe@0 145 ref = 'direct_voter',
bsw/jbe@0 146 back_ref = 'member',
bsw/jbe@0 147 default_order = '"issue_id"'
bsw/jbe@0 148 }
bsw/jbe@0 149
bsw/jbe@0 150 Member:add_reference{
bsw/jbe@0 151 mode = '1m',
bsw/jbe@0 152 to = "Vote",
bsw/jbe@0 153 this_key = 'id',
bsw/jbe@0 154 that_key = 'member_id',
bsw/jbe@0 155 ref = 'vote',
bsw/jbe@0 156 back_ref = 'member',
bsw/jbe@0 157 default_order = '"issue_id", "initiative_id"'
bsw/jbe@0 158 }
bsw/jbe@0 159
bsw/jbe@0 160 Member:add_reference{
bsw/jbe@0 161 mode = 'mm',
bsw/jbe@0 162 to = "Member",
bsw/jbe@0 163 this_key = 'id',
bsw/jbe@0 164 that_key = 'id',
bsw/jbe@0 165 connected_by_table = 'contact',
bsw/jbe@0 166 connected_by_this_key = 'member_id',
bsw/jbe@0 167 connected_by_that_key = 'other_member_id',
bsw/jbe@0 168 ref = 'saved_members',
bsw/jbe@0 169 }
bsw/jbe@0 170
bsw/jbe@0 171 Member:add_reference{
bsw/jbe@0 172 mode = 'mm',
bsw/jbe@0 173 to = "Member",
bsw/jbe@0 174 this_key = 'id',
bsw/jbe@0 175 that_key = 'id',
bsw/jbe@0 176 connected_by_table = 'contact',
bsw/jbe@0 177 connected_by_this_key = 'other_member_id',
bsw/jbe@0 178 connected_by_that_key = 'member_id',
bsw/jbe@0 179 ref = 'saved_by_members',
bsw/jbe@0 180 }
bsw/jbe@0 181
bsw/jbe@0 182 Member:add_reference{
bsw/jbe@0 183 mode = 'mm',
bsw/jbe@0 184 to = "Area",
bsw/jbe@0 185 this_key = 'id',
bsw/jbe@0 186 that_key = 'id',
bsw/jbe@0 187 connected_by_table = 'membership',
bsw/jbe@0 188 connected_by_this_key = 'member_id',
bsw/jbe@0 189 connected_by_that_key = 'area_id',
bsw/jbe@0 190 ref = 'areas'
bsw/jbe@0 191 }
bsw/jbe@0 192
bsw/jbe@0 193 Member:add_reference{
bsw/jbe@0 194 mode = 'mm',
bsw/jbe@0 195 to = "Issue",
bsw/jbe@0 196 this_key = 'id',
bsw/jbe@0 197 that_key = 'id',
bsw/jbe@0 198 connected_by_table = 'interest',
bsw/jbe@0 199 connected_by_this_key = 'member_id',
bsw/jbe@0 200 connected_by_that_key = 'issue_id',
bsw/jbe@0 201 ref = 'issues'
bsw/jbe@0 202 }
bsw/jbe@0 203
bsw/jbe@0 204 Member:add_reference{
bsw/jbe@0 205 mode = 'mm',
bsw/jbe@0 206 to = "Initiative",
bsw/jbe@0 207 this_key = 'id',
bsw/jbe@0 208 that_key = 'id',
bsw/jbe@0 209 connected_by_table = 'initiator',
bsw/jbe@0 210 connected_by_this_key = 'member_id',
bsw/jbe@0 211 connected_by_that_key = 'initiative_id',
bsw/jbe@0 212 ref = 'initiated_initiatives'
bsw/jbe@0 213 }
bsw/jbe@0 214
bsw/jbe@0 215 Member:add_reference{
bsw/jbe@0 216 mode = 'mm',
bsw/jbe@0 217 to = "Initiative",
bsw/jbe@0 218 this_key = 'id',
bsw/jbe@0 219 that_key = 'id',
bsw/jbe@0 220 connected_by_table = 'supporter',
bsw/jbe@0 221 connected_by_this_key = 'member_id',
bsw/jbe@0 222 connected_by_that_key = 'initiative_id',
bsw/jbe@0 223 ref = 'supported_initiatives'
bsw/jbe@0 224 }
bsw/jbe@0 225
bsw@199 226 Member:new_selector()
bsw@199 227 :add_order_by("member.name")
bsw@199 228 :exec()
bsw@199 229
bsw@193 230 function Member:build_selector(args)
bsw@193 231 local selector = self:new_selector()
bsw@193 232 if args.active ~= nil then
bsw@193 233 selector:add_where{ "member.active = ?", args.active }
bsw@193 234 end
bsw@199 235 if args.is_contact_of_member_id then
bsw@199 236 selector:join("contact", "__model_member__contact", "member.id = __model_member__contact.other_member_id")
bsw@199 237 selector:add_where{ "__model_member__contact.member_id = ?", args.is_contact_of_member_id }
bsw@199 238 end
bsw@193 239 if args.order then
bsw@193 240 if args.order == "id" then
bsw@193 241 selector:add_order_by("id")
bsw@193 242 elseif args.order == "login" then
bsw@193 243 selector:add_order_by("login")
bsw@193 244 elseif args.order == "name" then
bsw@193 245 selector:add_order_by("name")
bsw@193 246 else
bsw@193 247 error("invalid order")
bsw@193 248 end
bsw@193 249 end
bsw@193 250 return selector
bsw@193 251 end
bsw@193 252
bsw/jbe@0 253 function Member.object:set_password(password)
bsw/jbe@0 254 local hash = os.crypt(
bsw/jbe@0 255 password,
bsw/jbe@0 256 "$1$" .. multirand.string(
bsw/jbe@0 257 8,
bsw/jbe@0 258 "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"
bsw/jbe@0 259 )
bsw/jbe@0 260 )
bsw/jbe@0 261 assert(hash, "os.crypt failed")
bsw/jbe@0 262 self.password = hash
bsw/jbe@0 263 end
bsw/jbe@0 264
bsw/jbe@0 265 function Member.object:check_password(password)
bsw/jbe@0 266 if type(password) == "string" and type(self.password) == "string" then
bsw/jbe@0 267 return os.crypt(password, self.password) == self.password
bsw/jbe@0 268 else
bsw/jbe@0 269 return false
bsw/jbe@0 270 end
bsw/jbe@0 271 end
bsw/jbe@0 272
bsw/jbe@0 273 function Member.object_get:published_contacts()
bsw/jbe@0 274 return Member:new_selector()
bsw/jbe@0 275 :join('"contact"', nil, '"contact"."other_member_id" = "member"."id"')
bsw/jbe@0 276 :add_where{ '"contact"."member_id" = ?', self.id }
bsw/jbe@0 277 :add_where("public")
bsw/jbe@0 278 :exec()
bsw/jbe@0 279 end
bsw/jbe@0 280
bsw/jbe@0 281 function Member:by_login_and_password(login, password)
bsw/jbe@0 282 local selector = self:new_selector()
bsw/jbe@5 283 selector:add_where{'"login" = ?', login }
bsw@203 284 selector:add_where('NOT "locked"')
bsw/jbe@0 285 selector:optional_object_mode()
bsw/jbe@0 286 local member = selector:exec()
bsw/jbe@0 287 if member and member:check_password(password) then
bsw/jbe@0 288 return member
bsw/jbe@0 289 else
bsw/jbe@0 290 return nil
bsw/jbe@0 291 end
bsw/jbe@0 292 end
bsw/jbe@0 293
bsw/jbe@5 294 function Member:by_login(login)
bsw/jbe@5 295 local selector = self:new_selector()
bsw/jbe@5 296 selector:add_where{'"login" = ?', login }
bsw/jbe@5 297 selector:optional_object_mode()
bsw/jbe@5 298 return selector:exec()
bsw/jbe@5 299 end
bsw/jbe@5 300
bsw/jbe@5 301 function Member:by_name(name)
bsw/jbe@5 302 local selector = self:new_selector()
bsw/jbe@5 303 selector:add_where{'"name" = ?', name }
bsw/jbe@5 304 selector:optional_object_mode()
bsw/jbe@5 305 return selector:exec()
bsw/jbe@5 306 end
bsw/jbe@5 307
bsw@2 308 function Member:get_search_selector(search_string)
bsw/jbe@0 309 return self:new_selector()
bsw@2 310 :add_field( {'"highlight"("member"."name", ?)', search_string }, "name_highlighted")
bsw@2 311 :add_where{ '"member"."text_search_data" @@ "text_search_query"(?)', search_string }
bsw/jbe@0 312 :add_where("active")
bsw/jbe@0 313 end
bsw@2 314
bsw/jbe@6 315 function Member.object:set_notify_email(notify_email)
bsw@224 316 trace.disable()
bsw/jbe@6 317 local expiry = db:query("SELECT now() + '7 days'::interval as expiry", "object").expiry
bsw/jbe@6 318 self.notify_email_unconfirmed = notify_email
bsw/jbe@6 319 self.notify_email_secret = multirand.string( 24, "23456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz" )
bsw/jbe@6 320 self.notify_email_secret_expiry = expiry
bsw/jbe@6 321 local content = slot.use_temporary(function()
bsw/jbe@6 322 slot.put(_"Hello " .. self.name .. ",\n\n")
bsw/jbe@6 323 slot.put(_"Please confirm your email address by clicking the following link:\n\n")
bsw/jbe@6 324 slot.put(config.absolute_base_url .. "index/confirm_notify_email.html?secret=" .. self.notify_email_secret .. "\n\n")
bsw/jbe@6 325 slot.put(_"If this link is not working, please open following url in your web browser:\n\n")
bsw/jbe@6 326 slot.put(config.absolute_base_url .. "index/confirm_notify_email.html\n\n")
bsw/jbe@6 327 slot.put(_"On that page please enter the confirmation code:\n\n")
bsw/jbe@6 328 slot.put(self.notify_email_secret .. "\n\n")
bsw/jbe@6 329 end)
bsw/jbe@6 330 local success = net.send_mail{
bsw/jbe@6 331 envelope_from = config.mail_envelope_from,
bsw/jbe@6 332 from = config.mail_from,
bsw/jbe@6 333 reply_to = config.mail_reply_to,
bsw/jbe@6 334 to = self.notify_email_unconfirmed,
bsw/jbe@6 335 subject = config.mail_subject_prefix .. _"Email confirmation request",
bsw/jbe@6 336 content_type = "text/plain; charset=UTF-8",
bsw/jbe@6 337 content = content
bsw/jbe@6 338 }
bsw@75 339 if success then
bsw@75 340 local lock_expiry = db:query("SELECT now() + '1 hour'::interval AS lock_expiry", "object").lock_expiry
bsw@75 341 self.notify_email_lock_expiry = lock_expiry
bsw@75 342 end
bsw@75 343 self:save()
bsw/jbe@6 344 return success
bsw/jbe@6 345 end
bsw@11 346
bsw/jbe@19 347 function Member.object:get_setting(key)
bsw@79 348 return Setting:by_pk(self.id, key)
bsw/jbe@19 349 end
bsw/jbe@19 350
bsw/jbe@19 351 function Member.object:get_setting_value(key)
bsw@79 352 local setting = Setting:by_pk(self.id, key)
bsw/jbe@19 353 if setting then
bsw/jbe@19 354 return setting.value
bsw/jbe@19 355 end
bsw@11 356 end
bsw@11 357
bsw@11 358 function Member.object:set_setting(key, value)
bsw/jbe@19 359 local setting = self:get_setting(key)
bsw/jbe@19 360 if not setting then
bsw/jbe@19 361 setting = Setting:new()
bsw@79 362 setting.member_id = self.id
bsw/jbe@19 363 setting.key = key
bsw/jbe@19 364 end
bsw/jbe@19 365 setting.value = value
bsw/jbe@19 366 setting:save()
bsw@11 367 end
bsw@11 368
bsw@11 369 function Member.object:get_setting_maps_by_key(key)
bsw@11 370 return SettingMap:new_selector()
bsw@11 371 :add_where{ "member_id = ?", self.id }
bsw@11 372 :add_where{ "key = ?", key }
bsw@11 373 :add_order_by("subkey")
bsw@11 374 :exec()
bsw@11 375 end
bsw@11 376
bsw@11 377 function Member.object:get_setting_map_by_key_and_subkey(key, subkey)
bsw@11 378 return SettingMap:new_selector()
bsw@11 379 :add_where{ "member_id = ?", self.id }
bsw@11 380 :add_where{ "key = ?", key }
bsw@11 381 :add_where{ "subkey = ?", subkey }
bsw@11 382 :add_order_by("subkey")
bsw@11 383 :optional_object_mode()
bsw@11 384 :exec()
bsw@11 385 end
bsw@11 386
bsw@11 387 function Member.object:set_setting_map(key, subkey, value)
poelzi@144 388 setting_map = self:get_setting_map_by_key_and_subkey(key, subkey)
poelzi@144 389 if not setting_map then
poelzi@144 390 setting_map = SettingMap:new()
poelzi@144 391 setting_map.member_id = self.id
poelzi@144 392 setting_map.key = key
poelzi@144 393 setting_map.subkey = subkey
poelzi@144 394 end
poelzi@144 395 setting_map.value = value
poelzi@144 396 setting_map:save()
bsw@11 397 end
bsw@75 398
bsw@75 399 function Member.object_get:notify_email_locked()
bsw@75 400 return(
bsw@75 401 Member:new_selector()
bsw@75 402 :add_where{ "id = ?", app.session.member.id }
bsw@75 403 :add_where("notify_email_lock_expiry > now()")
bsw@75 404 :count() == 1
bsw@75 405 )
poelzi@134 406 end
poelzi@134 407
poelzi@134 408 function Member.object:ui_field_text(args)
poelzi@134 409 args = args or {}
poelzi@134 410 if app.session.member_id or config.public_access == "pseudonym" then
poelzi@134 411 -- ugly workaround for getting html into a replaced string and to the user
poelzi@134 412 ui.container{label = args.label, label_attr={class="ui_field_label"}, content = function()
poelzi@134 413 slot.put(string.format('<span><a href="%s">%s</a></span>',
poelzi@134 414 encode.url{
poelzi@134 415 module = "member",
poelzi@134 416 view = "show",
poelzi@134 417 id = self.id,
poelzi@134 418 },
poelzi@134 419 encode.html(self.name)))
poelzi@134 420 end
poelzi@134 421 }
poelzi@134 422 else
poelzi@134 423 ui.field.text{ label = args.label, value = _"[not displayed public]" }
poelzi@134 424 end
poelzi@134 425 end

Impressum / About Us