def invite_user(): form = InviteForm() # users can only add users one privilege level below them form.role.choices = [(role.id, role.title) for role in Role.query.all() if role.level > current_user.roles[0].level] if form.validate_on_submit(): # the method is POST and the form is valid token = random_base64(lambda t: Invitation.get(t) is None) invitation = Invitation( token, form.email.data, Role.get_by_id(form.role.data), current_user ) # invite_link: http://<host>/signup?invite=<token> invite_link = url_for('auth.signup', _external=True, invite=token) # prepare and send invitation email try: send_email( subject="Asset Tracker Invitation", sender=(current_user.name, current_user.email), recipients=[form.email.data], body="You've been invited to join Asset Tracker. Follow \ this link to sign up: %s" % invite_link, html="You've been invited to join Asset Tracker. Follow \ this link to sign up:<br> <a href=\"%s\">%s</a>" % \ (invite_link, invite_link) ) db.session.add(invitation) db.session.commit() flash("Invitation sent to %s" % form.email.data, 'success') except Exception, e: if current_app.config.get('DEBUG'): raise e else: flash("Failed to send invite due to a %s error" % e.__class__.__name__, 'danger') return render_template('auth/invite.html', form=form) return redirect(url_for('index'))
def signup(): form = SignUpForm() token = request.args.get('invite') invite = Invitation.get(token) if token and not invite: return render_template( 'error/generic.html', message="The invite is invalid" ) if invite is not None: if User.query.filter_by(email=invite.invitee).first() is not None: return render_template( 'error/generic.html', message="Email belongs to an existing user" ) if form.validate_on_submit(): if invite is None: role_short = 'staff' else: role_short = invite.role.short if form.email.data != invite.invitee: return render_template( 'error/generic.html', message="Email doesn't match invite email" ) user = User(form.email.data, form.password.data, form.name.data, role_short) db.session.add(user) db.session.commit() login_user(user) flash("Sign up successful", 'success') return redirect(url_for('index')) if invite is not None: form.email.data = invite.invitee else: flash('Signing up without an inivite defaults to staff member account', 'info') return render_template('auth/signup.html', form=form)