def show_profile(user_id): """Show individual user profile""" if not g.user: flash("Access unauthorized. Please login to view profile!", "danger") return redirect("/") user = User.query.get_or_404(user_id) saved_recipes = User.get_user_fav_recipes(user_id) form = UserAddForm() delete_form = DeleteAccountForm() if form.validate_on_submit(): User.update_user(user, form) db.session.commit() return redirect(f'/users/{user_id}') if delete_form.validate_on_submit(): valid = User.authenticate(user.username, delete_form.password.data) if (valid): User.remove_user(user_id) db.session.commit() do_logout() return redirect("/") return render_template('/users/profile.html', saved_recipes=saved_recipes, user=user, form=form, delete_form=delete_form)
def settings(): loggedin_user = get_user() user, allplayers, leaders = get_leaderboard(loggedin_user) form = PasswordResetForm(request.form) deleteform = DeleteAccountForm(request.form) title = "{}'s account settings".format(user.name) if request.method == 'POST' and form.validate(): if form.old_password.data == user.password: flash("Your password has been reset.") user.password = form.new_password.data db.session.commit() password_reset_email(user) return redirect(url_for('user')) else: flash("Your old password was incorrect. Please try again.") return redirect(url_for('settings')) elif request.method == 'POST' and not form.validate(): flash("Something went wrong; please try again.") return redirect(url_for('settings')) else: return render_template('settings.html', title=title, loggedin_user=loggedin_user, user=user, form=form, deleteform=deleteform)
def delete_account(): deleteform = DeleteAccountForm(request.form) loggedin_user = get_user() user, allplayers, leaders = get_leaderboard(loggedin_user) if request.method == 'POST' and deleteform.validate(): if deleteform.confirm.data.upper() == 'DELETE': db.session.delete(user) db.session.commit() flash("Your account has been deleted.") return redirect(url_for('logout')) else: flash( 'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.' ) return redirect(url_for('settings')) elif request.method == 'POST' and not deleteform.validate(): flash( 'Type "DELETE" in the field below if you are sure you want to delete your account; this cannot be undone.' ) return redirect(url_for('settings'))
def deleteAccount(): """ The '/deleteAccount' route directs a user to a form where they can request the superuser to delete their account. """ if 'username' not in session: return redirect(url_for('login')) if session['type_of_user'] == 'superuser': return redirect(url_for('dashboard_superuser')) if session['type_of_user'] == 'applicant': return redirect(url_for('dashboard_applicant')) form = DeleteAccountForm() if request.method == 'GET': return render_template("deleteAccount.html", form=form) elif request.method == 'POST': if form.delete.data: DeleteRequest(session['username']) return redirect(url_for('dashboard')) elif form.cancel.data: return redirect(url_for('dashboard'))