def test_all(database):
assert not User.exists(email='[email protected]')
assert not User.exists(email='[email protected]')
assert not User.exists(email='[email protected]')
assert not User.exists(email='[email protected]')
assert not User.exists(name='a')
assert not User.exists(name='b')
assert not User.exists(name='c')
assert not User.exists(name='d')
assert User.is_first()
user = User(email='[email protected]', name='a', password='').save()
db.session.commit()
assert not user.admin
assert not User.is_first()
User(email='[email protected]', name='B', password='').save()
User(email='[email protected]', name='C', password='').save()
User(email='[email protected]', name='D', password='').save()
db.session.commit()
assert User.exists(email='[email protected]')
assert User.exists(email='[email protected]')
assert User.exists(email='[email protected]')
assert User.exists(email='[email protected]')
assert User.exists(name='a')
assert User.exists(name='B')
assert User.exists(name='C')
assert User.exists(name='D')
assert User.get('[email protected]').name == 'a'
assert User.get('[email protected]').name == 'B'
assert User.get('[email protected]').name == 'C'
assert User.get('[email protected]').name == 'D'
assert not User.get('[email protected]')
def users_impersonate(user):
if not current_user.admin:
return render_template('error.j2',
error=_('You are not allowed to '
'access this page')), 403
user = User.get(id=user)
login_user(user)
return redirect(url_for('read'))
def test_b_string(database):
user = User(email='*****@*****.**', name='b-string') \
.set_password(b'\xc3\xa9') \
.save()
db.session.commit()
user = User.get('*****@*****.**')
assert user.check_password('é')
assert user.check_password(u'é')
assert user.check_password(b'\xc3\xa9')
def users():
if not current_user.admin:
return render_template('error.j2',
error=_('You are not allowed to '
'access this page')), 403
page_arg = get_int_arg('page', 1)
users = User.get() \
.paginate(page_arg, 100)
if request.method == 'GET':
return render_template('admin-users.j2', users=users)
def users_toggle_admin(user):
if not current_user.admin:
return render_template('error.j2',
error=_('You are not allowed to '
'access this page')), 403
user = User.get(id=user)
if not user == current_user:
user.admin = not user.admin
user.save()
db.session.commit()
return redirect(url_for('users'))