def proEdit(): infoForm = EditUserInfoFrom() passForm = EditUserPassFrom() unableUserForm = UnableUserFrom() if request.method == 'POST': if infoForm.validate_on_submit(): userLogin = infoForm.editILogin.data if current_user.user_login == userLogin or current_user.isAdmin(): user = getUserByLoginName(userLogin) user.user_nicename = infoForm.editINicename.data user.user_url = infoForm.editIUrl.data db.session.add(user) db.session.commit() flash(u'资料修改成功!') else: abort(403) return redirect(url_for('profile', userlogin=userLogin)) if passForm.validate_on_submit(): userLogin = passForm.editLogin.data if current_user.user_login == userLogin or current_user.isAdmin(): user = getUserByLoginName(userLogin) user.updatePassword(passForm.editPpassword.data) db.session.add(user) db.session.commit() flash(u'密码修改成功,下次登录将使用新密码!') else: abort(403) return redirect(url_for('profile', userlogin=userLogin)) if unableUserForm.validate_on_submit(): userLogin = unableUserForm.unableLogin.data if current_user.user_login == userLogin or current_user.isAdmin(): user = getUserByLoginName(userLogin) if user: if user.user_login == unableUserForm.unableName.data: user.user_rule = UserRule['DISABLE'] db.session.add(user) db.session.commit() flash(u'用户:' + userLogin + u' 已经被禁用,如需启用请联系管理员!') else: flash(u'用户登录名确认失败!') else: abort(403) return redirect(url_for('profile', userlogin=userLogin)) userLogin = unableUserForm.unableLogin.data return redirect(url_for('profile', userlogin=userLogin))
def deleteMeasurement(): if not current_user.isAdmin(): flash(constants.NOT_ALLOWED, 'danger') else: measurementid = unicode(request.form['measurementid']) Measurement.delete(Measurement.get(measurementid)) flash(constants.MEASUREMENT_DELETE_SUCCESS, 'success') return redirect(url_for('manageMeasurements'))
def deleteUser(): if not current_user.isAdmin(): flash(constants.NOT_ALLOWED, 'danger') else: userid = unicode(request.form['userid']) user = User.get(userid) User.delete(user) flash(constants.USER_DELETE_SUCCESS.format(user.username), 'success') return redirect(url_for('manageUsers'))
def manageUsers(): if request.method == 'GET': users = User.getAll() return render_template('users.html', users=users) elif request.method == 'POST': if not current_user.isAdmin(): flash(constants.NOT_ALLOWED, 'danger') return redirect(url_for('manageUsers')) else: u = str(request.form['username']) p = str(request.form['password']) user = User.get(u) if user: flash(constants.USERNAME_TAKEN, 'danger') else: User.create(User(u, hash_pass(p))) flash(constants.USER_CREATE_SUCCESS.format(u), 'success') return redirect(url_for('manageUsers'))
def profile(userlogin): user = getUserByLoginName(userlogin) if user is None: abort(404) infoForm = EditUserInfoFrom() passForm = EditUserPassFrom() unableUserForm = UnableUserFrom() if current_user.is_authenticated: if current_user.isAdmin() or current_user == user: infoForm.editILogin.data = user.user_login infoForm.editINicename.data = user.user_nicename if user.user_url is None or user.user_url == '': infoForm.editIUrl.data = 'http://' else: infoForm.editIUrl.data = user.user_url passForm.editLogin.data = user.user_login unableUserForm.unableLogin.data = user.user_login avatar ='http://gravatar.duoshuo.com/avatar/' + hashlib.md5(user.user_email).hexdigest() + '?s=230' return render_template('profile.html', user=user, avatar=avatar, infoForm=infoForm, passForm=passForm, unableUserForm=unableUserForm)
def decorated_function(*args, **kwargs): if not current_user.isAdmin() and requiresAdmin: abort(403) return f(*args, **kwargs)
def is_accessible(self): return current_user.isAdmin()
def index(self): if login.current_user.is_authenticated() and current_user.isAdmin(): return self.render('index.html') else: redirect(url_for('.index'))