def users_edit(id):
    instance = resource_instance('users', id)

    if (current_user.has_role('network-admin')
            and instance.network != current_user.network):
        abort(403)

    if (current_user.has_role('gateway-admin')
            and (instance.network != current_user.network
                 or instance.gateway != current_user.gateway)):
        abort(403)

    form = UserForm(obj=instance)

    if current_user.has_role('network-admin'):
        del form.gateway

    if current_user == instance:
        del form.active
        del form.roles

    if form.validate_on_submit():
        if form.password.data == '':
            del form.password

        form.populate_obj(instance)
        db.session.commit()

        flash('Update %s successful' % instance)
        return redirect(url_for('.users_index'))
    return render_template('users/edit.html', form=form, instance=instance)
Beispiel #2
0
def edit_user(user_id):
    # print(current_user.get_id())
    # print(current_user.admin)
    showadminfield = False
    if current_user.admin and current_user.get_id() != user_id:
        showadminfield = True

    if current_user.admin is False and current_user.id != user_id:
        abort(404)

    user = User.query.filter_by(id=user_id).first()
    form = UserForm()
    if request.method == 'GET':
        form.username.data = user.username
        form.name.data = user.name
        form.email.data = user.email
        form.address.data = user.address
        form.zip_code.data = user.zip_code
        form.city.data = user.city
        form.phone_no.data = user.phone_no
        form.admin.data = user.admin
    elif form.validate_on_submit():
        user.username = form.username.data
        user.name = form.name.data
        user.email = form.email.data
        user.address = form.address.data
        user.zip_code = form.zip_code.data
        user.city = form.city.data
        user.phone_no = form.phone_no.data
        if current_user.admin and current_user.get_id() != user_id:
            user.admin = form.admin.data
        db.session.commit()
        flash('User successfully updated', 'success')
        return redirect(url_for('auth.users'))

    return render_template(signupTemplate,
                           form=form,
                           action=url_for('auth.edit_user', user_id=user_id),
                           showadminfield=showadminfield)