def user(user_id):
if not current_user.is_authenticated:
abort(401)
form = UsersFormEdit()
uc = UserController()
user = uc.getuser(uid=user_id)
if not user:
abort(404)
if current_user.group != 'admin':
if current_user.username != user.username:
abort(401)
if form.validate_on_submit():
user_data = {}
if form.delete.data == 'Y':
user_data['uid'] = user.id
uc.deleteuser(user_data)
return redirect(url_for('users', page_num=1))
else:
user_data['username'] = form.username.data
user_data['uid'] = user.id
user_data['group'] = form.group.data
uc.edituser(user_data)
return redirect(url_for('users', page_num=1))
form.username.data = user.username
form.group.data = user.group
delete = request.args.get('delete', None)
if delete:
form.delete.data = 'Y'
else:
form.delete.data = 'N'
return render_template('user.html',
username=current_user.username,
form=form,
uid=user.id)
def reset():
uid = request.args.get('uid', None)
if current_user.group != 'admin':
if current_user.id != int(uid):
abort(401)
form = UsersFormPassword()
if form.validate_on_submit():
hashed_pw = generate_password_hash(form.password.data,
method='pbkdf2:sha256:260000',
salt_length=16)
uc = UserController()
user_data = {'uid': int(form.uid.data), 'password': hashed_pw}
uc.edituser(user_data, updatepw=True)
if current_user.id == int(uid):
return redirect(url_for('logout'))
else:
return redirect(url_for('users', page_num=1))
form.uid.data = uid
return render_template('resetpw.html', form=form)