def auth_register():
if request.method == "GET":
return render_template("auth/registerform.html", form=RegisterForm())
form = RegisterForm(request.form)
if not form.validate():
return render_template("auth/registerform.html", form=form)
u = User(form.name.data, form.username.data, form.password.data)
db.session().add(u)
db.session().commit()
u.add_name(form.name.data)
login_user(u)
return redirect(url_for("index"))
def people_index():
form = NameForm()
alert = {}
if request.method == "POST":
# if request is related to an existing User, fetch user
if (request.form.get('delete', None)
or request.form.get('make_editor', None)
or request.form.get('remove_editor', None)):
try:
id = int(request.form['id'])
except:
message = "User related request did not contain required parameter id (int)."
return render_template("error500.html", message=message)
user = User.query.get(id)
# request is to create new dummy user
if request.form.get('create_dummy_user', None):
if not (current_user.is_authenticated
and current_user.has_role("EDITOR")):
return redirect(url_for("error403"))
form = NameForm(request.form)
if form.validate():
u = User(form.name.data, "", "")
db.session().add(u)
db.session().commit()
u.add_name(form.name.data)
# empty form
form = NameForm(formdata=None)
alert = {"type": "success", "text": "New dummy user created!"}
# fall through
# request is to delete user
elif request.form.get('delete', None):
if not (current_user.is_authenticated
and current_user.has_role("ADMIN")):
return redirect(url_for("error403"))
if user:
names = Name.query.filter_by(user_id=id)
roles = UserRole.query.filter_by(user_id=id)
for name in names:
db.session.delete(name)
for role in roles:
db.session.delte(role)
db.session.delete(user)
db.session.commit()
alert = {
"type": "success",
"text": "User succesfully deleted!"
}
else:
alert = {
"type": "danger",
"text": "Somebody already deleted that user."
}
# fall through
# request is to make user editor
elif request.form.get('make_editor', None):
if not (current_user.is_authenticated
and current_user.has_role("ADMIN")):
return redirect(url_for("error403"))
if not user:
alert = {"type": "danger", "text": "User was deleted."}
else:
editor = Role.query.filter_by(name="EDITOR").first()
if not editor:
message = "There is no role 'EDITOR' in the database!"
return render_template("error500.html", message=message)
user.add_role(editor)
alert = {
"type": "success",
"text": "User %s is now editor!" % user.name
}
# fall through
# request is to make user not-editor
elif request.form.get('remove_editor', None):
if not (current_user.is_authenticated
and current_user.has_role("ADMIN")):
return redirect(url_for("error403"))
if not user:
alert = {"type": "danger", "text": "User was deleted."}
else:
editor = Role.query.filter_by(name="EDITOR").first()
if not editor:
message = "There is no role 'EDITOR' in the database!"
return render_template("error500.html", message=message)
editor_roles = UserRole.query.filter_by(user_id=user.id,
role_id=editor.id)
for role in editor_roles:
db.session.delete(role)
articles = Article.query.filter_by(editor_in_charge=id)
for article in articles:
article.editor_in_charge = None
db.session.commit()
alert = {
"type": "success",
"text": "User %s is no longer editor!" % user.name
}
# fall through
return render_template("/people/list.html",
people=get_people(),
form=form,
alert=alert)
