def default_sharing(self, id): """Change a user's default sharing. .. :quickref: User; Change default sharing When used on another user account, requires the `manage_users` permission. :param id: user id. :>json User user: modified user. """ self.ensure_permission(id) user = User(get_or_404(User.get_collection(), _id=id)) groups = request.form.get('groups', '').split(',') for group in groups: if group in user['groups']: break else: flash('You have to at least keep one of your groups.', 'danger') return redirect(request.referrer) user.update_value('default_sharing', groups) return redirect({'user': clean_users(user)}, request.referrer)
def get(self, id): """Get a user. .. :quickref: User; Get a user The user is returned in the ``user`` field. :param id: user id :>json ObjectId _id: user's ObjectId. :>json string name: full name. :>json string: email address. :>json boolean enabled: ``True`` if the user is enabled. :>json list groups: list of groups the user belongs to. :>json list default_sharing: list of groups used by the user as default sharing preferences. :>json list permissions: list of user's permissions """ self.ensure_permission(id) user = User(get_or_404(User.get_collection(), _id=id)) return render( { 'user': clean_users(user), 'permissions': dispatcher.permissions }, 'users/profile.html')
def update(self, id): """Update a user. .. :quickref: User; Update existing user Requires the `manage_users` permission. When succesful, the new user will be returned in the ``user`` field. Otherwise, an ``errors`` field will list errors. :form name: full name :form email: email address :form groups: comma-delimited list of groups :form permission_VALUE: specify a value different than ``0`` or ``False`` for all permissions the user should have. """ name = request.form.get('name') email = request.form.get('email').lower() groups = [g for g in request.form.get('groups', '').split(',') if g] user = User(get_or_404(User.get_collection(), _id=id)) if not self._valid_form(name, email, groups, user['email']): return validation_error() user['name'] = name user['email'] = email user['groups'] = groups user['permissions'] = self.get_permissions(user['permissions']) user.save() return redirect({'user': clean_users(user)}, url_for('UsersView:get', id=user['_id']))
def _valid_form(self, name, email, groups, previous_email=None): for var in ['name', 'email', 'groups']: if not locals()[var]: flash('"{}" is required'.format(var), 'danger') return False if (previous_email is None) or (previous_email != email): existing_user = User.get_collection().find_one({'email': email}) if existing_user: flash('User with email "{}" already exists.'.format(email), 'danger') return False return True
def disable(self, id): """Disable a user. .. :quickref: User; Disable a user Requires the `manage_users` permission. :param id: user id. :>json User user: modified user. """ user = User(get_or_404(User.get_collection(), _id=id)) user.update_value('enabled', False) return redirect({'user': clean_users(user)}, url_for('UsersView:index'))
def reset_api(self, id): """Reset a user's API key. .. :quickref: User; Reset API key When used on another user account, requires the `manage_users` permission. :param id: user id. :>json User user: modified user. """ self.ensure_permission(id) user = User(get_or_404(User.get_collection(), _id=id)) user.update_value('api_key', User.generate_api_key()) return redirect({'user': clean_users(user)}, request.referrer)
def password_reset(token): try: user_id = validate_password_reset_token(token) except BadTimeSignature: flash('Invalid token', 'danger') return redirect('/login') except SignatureExpired: flash('Expired token', 'danger') return redirect('/login') if request.method == 'POST': password = request.form.get('password', '') confirm = request.form.get('password_confirmation', '') if valid_new_password(password, confirm): user = User(get_or_404(User.get_collection(), _id=user_id)) change_password(user, password) flash('Password was successfully changed.', 'success') return redirect('/login') return render_template('password_reset.html')