def changePassword():
form = ChangePasswordForm()
form.username = current_user.username
if form.validate_on_submit():
AccountQuery.update_password(current_user.username,
form.new_password.data)
return jsonify(action="success")
return jsonify(action="failed", error=form.errors)
def register():
if "user_create" not in current_user.permissions_name:
return make_response(
jsonify(action="failed", error="Fehlende Berechtigung"), 401)
form = RegistrationForm()
if form.validate_on_submit():
AccountQuery.create_user(form.username.data, form.password.data)
return jsonify(action="success", username=form.username.data)
return jsonify(action="failed", error=form.errors)
def get_members():
all_accounts = AccountQuery.get_all_user()
members = []
for m in all_accounts:
members.append([m.id, m.username, m.created_at])
return make_response(jsonify(action="success", members=members), 200)
def validate_old_password(self, old_password):
user = AccountQuery.get_User(self.username)
if user is None:
raise ValidationError(
'Falscher Benutzer, bitte an einen Admin wenden.')
if not user.check_password(old_password.data):
raise ValidationError(
'Das eingegebene Passwort stimmt nicht mit dem aktuellen überein.'
)
def get_permissions():
if "allow_permission" not in current_user.permissions_name:
return make_response(
jsonify(action="failed", error="Fehlende Berechtigung"), 401)
user_permissions = AccountQuery.get_user_permissions(
request.form['username'])
permissions_query = PermissionQuery.get_permissions()
permissions = []
for p in permissions_query:
permissions.append([p.name, p.label])
return jsonify(action="success",
permissions=permissions,
user_permissions=user_permissions)
def profile(username):
profile_user = AccountQuery.get_User(username)
profile_user.password_hash = None
uploads = ImageQuery.count_uploads_from_user(profile_user.username)
tags = Image_TextQuery.count_tags_from_user(profile_user.username)
created_at = profile_user.created_at.strftime("%d.%m.%Y")
diff = (datetime.datetime.now() - profile_user.created_at).days
return render_template('profile.html',
current_user=current_user,
profile_user=profile_user,
uploads=uploads,
tags=tags,
created_at=created_at,
diff=diff)
def get_ranks():
if "rank_change" not in current_user.permissions_name:
return make_response(
jsonify(action="failed", error="Fehlende Berechtigung"), 401)
user = AccountQuery.get_User(request.form['username'])
if not user.rank_rel:
user_rank = ""
else:
user_rank = user.rank_rel[0].rank_rel.name
rank_query = RankQuery.get_all_ranks()
ranks = []
for r in rank_query:
ranks.append([r.name, r.label])
return jsonify(action="success", ranks=ranks, user_rank=user_rank)
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
username = request.form['username']
password = request.form['password']
user = AccountQuery.get_User(username)
if user == None:
return make_response(
jsonify(action="failed", error="Nutzer nicht vorhanden!"), 200)
if user.check_password(password):
login_user(user, remember=True)
if user.default_pw:
return make_response(
jsonify(action="success", change_password=True), 200)
return make_response(jsonify(action="success"), 200)
else:
return make_response(
jsonify(action="failed", error="Ungültiges Passwort!"), 200)
def validate_username(self, username):
user = AccountQuery.get_User(username.data)
if user is not None:
raise ValidationError('Nutzername bereits in Verwendung.')