def remove_avatar(user_id=None): user = User.query.get(user_id) if not ModuleAPI.can_write('user') and\ (current_user.is_anonymous or current_user.id != user_id): return abort(403) UserAPI.remove_avatar(user) return redirect(url_for('user.view_single', user_id=user_id))
def view_single(user_id=None): if user_id is None: if current_user.is_authenticated: return redirect(url_for('user.view_single', user_id=current_user.id)) return redirect(url_for('user.view')) can_read = False can_write = False # Only logged in users can view profiles if current_user.is_anonymous: return abort(403) # Unpaid members cannot view other profiles if current_user.id != user_id and not current_user.has_paid: return abort(403) # A user can always view his own profile if current_user.id == user_id: can_write = True can_read = True # group rights if ModuleAPI.can_read('user'): can_read = True if ModuleAPI.can_write('user'): can_write = True can_read = True user = User.query.get_or_404(user_id) user.avatar = UserAPI.avatar(user) user.groups = UserAPI.get_groups_for_user_id(user) user.groups_amount = user.groups.count() if "gravatar" in user.avatar: user.avatar = user.avatar + "&s=341" # Get all activity entrees from these forms, order by start_time of # activity. activities = Activity.query.join(CustomForm).join(CustomFormResult).\ filter(CustomFormResult.owner_id == user_id and CustomForm.id == CustomFormResult.form_id and Activity.form_id == CustomForm.id) user.activities_amount = activities.count() new_activities = activities\ .filter(Activity.end_time > datetime.today()).distinct()\ .order_by(Activity.start_time) old_activities = activities\ .filter(Activity.end_time < datetime.today()).distinct()\ .order_by(Activity.start_time.desc()) return render_template('user/view_single.htm', user=user, new_activities=new_activities, old_activities=old_activities, can_read=can_read, can_write=can_write)
def edit(user_id=None): """Create user for admins and edit for admins and users.""" if not ModuleAPI.can_write('user') and\ (current_user.is_anonymous or current_user.id != user_id): return abort(403) # Select user if user_id: user = User.query.get_or_404(user_id) else: user = User() user.avatar = UserAPI.has_avatar(user_id) if ModuleAPI.can_write('user'): form = EditUserForm(request.form, user) is_admin = True else: form = EditUserInfoForm(request.form, user) is_admin = False # Add education. educations = Education.query.all() form.education_id.choices = [(e.id, e.name) for e in educations] def edit_page(): return render_template('user/edit.htm', form=form, user=user, is_admin=is_admin) if form.validate_on_submit(): # Only new users need a unique email. query = User.query.filter(User.email == form.email.data) if user_id: query = query.filter(User.id != user_id) if query.count() > 0: flash(_('A user with this e-mail address already exist.'), 'danger') return edit_page() # Because the user model is constructed to have an ID of 0 when it is # initialized without an email adress provided, reinitialize the user # with a default string for email adress, so that it will get a unique # ID when committed to the database. if not user_id: user = User('_') group = Group.query.filter(Group.name == 'all').first() group.add_user(user) try: user.update_email(form.email.data.strip()) except HttpError as e: if e.resp.status == 404: flash(_('According to Google this email does not exist. ' 'Please use an email that does.'), 'danger') return edit_page() raise(e) user.first_name = form.first_name.data.strip() user.last_name = form.last_name.data.strip() user.locale = form.locale.data if ModuleAPI.can_write('user'): user.has_paid = form.has_paid.data user.honorary_member = form.honorary_member.data user.favourer = form.favourer.data user.disabled = form.disabled.data user.alumnus = form.alumnus.data user.student_id = form.student_id.data.strip() user.education_id = form.education_id.data user.birth_date = form.birth_date.data user.study_start = form.study_start.data user.receive_information = form.receive_information.data user.phone_nr = form.phone_nr.data.strip() user.address = form.address.data.strip() user.zip = form.zip.data.strip() user.city = form.city.data.strip() user.country = form.country.data.strip() if form.password.data != '': user.password = bcrypt.hashpw(form.password.data, bcrypt.gensalt()) db.session.add(user) db.session.add(group) db.session.commit() avatar = request.files['avatar'] if avatar: UserAPI.upload(avatar, user.id) if user_id: copernica.update_user(user) flash(_('Profile succesfully updated')) else: copernica.update_user(user, subscribe=True) flash(_('Profile succesfully created')) return redirect(url_for('user.view_single', user_id=user.id)) else: flash_form_errors(form) return edit_page()