From c716b74167bf80ca0700eb878e998e73142a686d Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Thu, 1 Sep 2016 00:48:46 +0200
Subject: [PATCH] Log edits to changelog and enhance changelog page

---
 db.py              |  2 ++
 server.py          | 18 ++++++++++++++----
 templates/log.html |  4 ++++
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/db.py b/db.py
index db07d33..4213d17 100644
--- a/db.py
+++ b/db.py
@@ -99,6 +99,8 @@ def ldapget(user):
 		conn = ldap3.Connection('ldaps://rumo.fsmpi.rwth-aachen.de', auto_bind=True)
 		conn.search("ou=users,dc=fsmpi,dc=rwth-aachen,dc=de", "(uid=%s)"%user,
 				attributes=ldap3.ALL_ATTRIBUTES)
+		if not conn.entries:
+			return {}
 		e = conn.entries[0]
 		return {'uid': user, 'givenName': e.givenName.value, 'sn':e.sn.value}
 	else:
diff --git a/server.py b/server.py
index e7572d7..c7bca4b 100755
--- a/server.py
+++ b/server.py
@@ -132,10 +132,15 @@ def login():
 	if request.method == 'GET':
 		return render_template('login.html')
 	user, groups = ldapauth(request.form.get('user'), request.form.get('password'))
-	if user and 'users' in groups:
-		session['user'] = ldapget(user)
-	else:
+	if not user or not 'users' in groups:
 		flash('Login fehlgeschlagen!')
+		return render_template('login.html')
+	session['user'] = ldapget(user)
+	dbuser = query('SELECT * FROM users WHERE name = ?', user)
+	if not dbuser:
+		query('INSERT INTO users (name, realname, fsacc, level, calendar_key, rfc6238) VALUES (?, ?, ?, 1, "", "")', user, session['user']['givenName'], user)
+		dbuser = query('SELECT * FROM users WHERE name = ?', user)
+	session['user']['dbid'] = dbuser[0]['id']
 	return redirect(request.values.get('ref', url_for('index')))
 
 @app.route('/logout', methods=['GET', 'POST'])
@@ -164,6 +169,10 @@ def edit():
 		table, id, column = key.split('.', 2)
 		assert table in tabs
 		assert column in tabs[table][2]
+		old = query('SELECT %s AS value FROM %s WHERE %s = ?'%(column, table, tabs[table][1]), id)
+		query('''INSERT INTO changelog ("when", who, "table", id_key, id_value, field, value_old, value_new, executed)
+				VALUES (?, ?, ?, ?, ?, ?, ?, ?, 1)''', datetime.now(), session['user']['dbid'], table,
+				tabs[table][1], id, column, old[0]['value'], val)
 		query('UPDATE %s SET %s = ? WHERE %s = ?'%(tabs[table][0], column,
 					tabs[table][1]), val, id)
 	query('COMMIT')
@@ -254,4 +263,5 @@ def stats():
 @register_navbar('Changelog', 'book')
 @mod_required
 def log():
-	return render_template('log.html', changelog=query('SELECT * FROM changelog ORDER BY "when" LIMIT 10'))
+	changelog = query('SELECT * FROM changelog LEFT JOIN users ON (changelog.who = users.id) ORDER BY "when" DESC LIMIT 10')
+	return render_template('log.html', changelog=changelog)
diff --git a/templates/log.html b/templates/log.html
index 188c0c0..8d4db32 100644
--- a/templates/log.html
+++ b/templates/log.html
@@ -18,7 +18,11 @@
 			{% for i in changelog %}
 				<tr>
 					<td>{{i.when}}</td>
+					{% if i.realname %}
+					<td>{{i.realname}} ({{i.who}})</td>
+					{% else %}
 					<td>{{i.who}}</td>
+					{% endif %}
 					<td>{{i.path}}</td>
 					<td>"{{i.value_old}}"</td>
 					<td>"{{i.value_new}}"</td>
-- 
GitLab