access.py 2.18 KB
Newer Older
1 2
from gluon.tools import Auth

3
DB_MYSQL = 'mysql://GesProd:Prod_CPPM@maretude.in2p3.fr/GesProd'
4 5 6 7
MIGRATE = False

ID_ADMIN, ADMIN, DEF_ADMIN = 100, 'admin', 'administrators, librairians,...'
ID_USER, USER, DEF_USER = 200, 'user', 'liaisons, team leaders,...'
8 9 10 11

#
# Main database
#
12 13 14 15
#try:
#    db = DAL(DB_MYSQL, migrate=False, pool_size=10)
#except:
#    raise HTTP(500, T("Can't access the MySQL database !!!"))
16

17
db = DAL('sqlite://storage.sqlite', migrate=MIGRATE)
18 19

#
20 21 22 23 24 25
# Force the migrate flag to true when the database is empty
# in order to allow the creation of the tables
#
if not db.tables():
    MIGRATE = True
    
26
#
27 28
# User logging
# Approval is required for newly registered users
29
#
30 31
auth = Auth(db, hmac_key=Auth.get_or_create_key())

32 33
auth.define_tables(migrate=MIGRATE)
auth.settings.create_user_groups = False
34
auth.settings.registration_requires_approval = True
35
auth.settings.registration_requires_verification = False
36
auth.settings.remember_me_form = False
37
auth.settings.reset_password_requires_verification = True
38

39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
# after registration go to the login page
auth.settings.register_next = URL('user', args='login')

# create user and admin groups
if not db(db.auth_group.id).count():
    db.auth_group.insert(id=ID_ADMIN, role=ADMIN, description=T(DEF_ADMIN))
    db.auth_group.insert(id=ID_USER, role=USER, description=T(DEF_USER))

# Newly registeres user goes in the user group
auth.settings.everybody_group_id = ID_USER

# The first user is auto approved and get all priviledge (admin)
if not db(db.auth_user.id).count():
    auth.settings.everybody_group_id = ID_ADMIN
    auth.settings.registration_requires_approval = False
    
# activate the mailer
#mail = auth.settings.mailer
#mail.settings.server = 'marsmtp.in2p3.fr:25'
#mail.settings.sender = 'legac@cppm.in2p3.fr'
#mail.settings.login = None
60 61 62 63 64 65 66 67 68 69 70 71 72

# tune authentification fields for the extJS interface
db.auth_user.registration_key.readable = True
db.auth_user.registration_key.writable = True

db.auth_membership.user_id.label = 'User'
db.auth_membership.group_id.label = 'Group'

db.auth_membership.user_id.requires = \
IS_IN_DB(db, 'auth_user.id', 'auth_user.last_name')

db.auth_membership.group_id.requires = \
IS_IN_DB(db, 'auth_group.id', 'auth_group.role')