]> git.xonotic.org Git - xonotic/xonstat.git/blobdiff - xonstat/views/admin.py
projects / xonotic / xonstat.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix imports.
[xonotic/xonstat.git] / xonstat / views / admin.py
diff --git a/xonstat/views/admin.py b/xonstat/views/admin.py
index f46aca2be7077d6cf8a30d37765055488cb3a7cf..9186d5014f0c1b87f9dd58b6af9e336071657515 100644 (file)
--- a/xonstat/views/admin.py
+++ b/xonstat/views/admin.py
@@ -1,8 +1,68 @@
-from pyramid.response import Response
-from pyramid.httpexceptions import HTTPForbidden
+from pyramid.httpexceptions import HTTPFound
+from pyramid.security import remember
+from pyramid.session import check_csrf_token
+from pyramid_persona.views import verify_login
+from xonstat.models import DBSession, Player
+
 
 def forbidden(request):
     '''A simple forbidden view. Does nothing more than set the status and then
     gets the heck out of dodge. The forbidden.mako template does the work.'''
     request.response.status = 403
     return {}
+
+def login(request):
+    # Verify the assertion and get the email of the user
+    persona_email = verify_login(request)
+
+    # Check that the email exists in the players table
+    player_email = DBSession.query(Player).\
+            filter(Player.email_addr == persona_email).one()
+
+    #log.debug("Verified email address: %s" % persona_email)
+    #log.debug("Corresponding player is %s" % player_email)
+
+    if player_email is not None:
+        # Add the headers required to remember the user to the response
+        request.response.headers.extend(remember(request, persona_email))
+    else:
+        url = request.route_url("forbidden")
+        return HTTPFound(location=url)
+
+    # Return a json message containing the address or path to redirect to.
+    return {'redirect': request.POST['came_from'], 'success': True}
+
+
+def merge(request):
+    '''A simple merge view. The merge.mako template does the work.'''
+    s = DBSession()
+
+    # only do a merge if we have all of the required data
+    if request.params.has_key("csrf_token"):
+        # check the token to prevent request forgery
+        st = request.session.get_csrf_token()
+        check_csrf_token(request)
+
+        if request.params.has_key("w_pid") and request.params.has_key("l_pid"):
+            w_pid = request.params.get("w_pid")
+            l_pid = request.params.get("l_pid")
+
+            # do the merge, hope for the best!
+            try:
+                s.execute("select merge_players(:w_pid, :l_pid)",
+                    {"w_pid": w_pid, "l_pid": l_pid})
+
+                s.commit()
+
+                request.session.flash(
+                    "Successfully merged player %s into %s!" % (l_pid, w_pid),
+                    "success")
+
+            except:
+                s.rollback()
+
+                request.session.flash(
+                    "Could not merge player %s into %s." % (l_pid, w_pid),
+                    "failure")
+
+    return {}