def show_profile(user_id):
"""Show individual user profile"""
if not g.user:
flash("Access unauthorized. Please login to view profile!", "danger")
return redirect("/")
user = User.query.get_or_404(user_id)
saved_recipes = User.get_user_fav_recipes(user_id)
form = UserAddForm()
delete_form = DeleteAccountForm()
if form.validate_on_submit():
User.update_user(user, form)
db.session.commit()
return redirect(f'/users/{user_id}')
if delete_form.validate_on_submit():
valid = User.authenticate(user.username, delete_form.password.data)
if (valid):
User.remove_user(user_id)
db.session.commit()
do_logout()
return redirect("/")
return render_template('/users/profile.html',
saved_recipes=saved_recipes,
user=user,
form=form,
delete_form=delete_form)
def settings():
loggedin_user = get_user()
user, allplayers, leaders = get_leaderboard(loggedin_user)
form = PasswordResetForm(request.form)
deleteform = DeleteAccountForm(request.form)
title = "{}'s account settings".format(user.name)
if request.method == 'POST' and form.validate():
if form.old_password.data == user.password:
flash("Your password has been reset.")
user.password = form.new_password.data
db.session.commit()
password_reset_email(user)
return redirect(url_for('user'))
else:
flash("Your old password was incorrect. Please try again.")
return redirect(url_for('settings'))
elif request.method == 'POST' and not form.validate():
flash("Something went wrong; please try again.")
return redirect(url_for('settings'))
else:
return render_template('settings.html',
title=title,
loggedin_user=loggedin_user,
user=user,
form=form,
deleteform=deleteform)
def delete_account():
deleteform = DeleteAccountForm(request.form)
loggedin_user = get_user()
user, allplayers, leaders = get_leaderboard(loggedin_user)
if request.method == 'POST' and deleteform.validate():
if deleteform.confirm.data.upper() == 'DELETE':
db.session.delete(user)
db.session.commit()
flash("Your account has been deleted.")
return redirect(url_for('logout'))
else:
flash(
'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.'
)
return redirect(url_for('settings'))
elif request.method == 'POST' and not deleteform.validate():
flash(
'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.'
)
return redirect(url_for('settings'))
def deleteAccount():
"""
The '/deleteAccount' route directs a user to a form where they can request the superuser
to delete their account.
"""
if 'username' not in session:
return redirect(url_for('login'))
if session['type_of_user'] == 'superuser':
return redirect(url_for('dashboard_superuser'))
if session['type_of_user'] == 'applicant':
return redirect(url_for('dashboard_applicant'))
form = DeleteAccountForm()
if request.method == 'GET':
return render_template("deleteAccount.html", form=form)
elif request.method == 'POST':
if form.delete.data:
DeleteRequest(session['username'])
return redirect(url_for('dashboard'))
elif form.cancel.data:
return redirect(url_for('dashboard'))
