def edit(username): # noqa: C901
user = User.query.filter_by(username=username).first_or_404()
if not user.is_editable_by_user():
return deny_access(no_perm_url)
form = EditProfileForm()
if current_user.is_admin():
form.role.choices = gen_role_choices()
else:
del form.role
if form.validate_on_submit():
user.about = form.about.data
if (form.password.data):
user.set_password(form.password.data)
if current_user.username == user.username:
user.must_change_password = False
elif current_user.is_admin():
# user must reset password after it has been changed by an admin
user.must_change_password = True
role_okay = True
if current_user.is_admin():
old_role = user.role
new_role = form.role.data
if username == current_user.username and current_user.is_admin(
) and new_role != Role.Admin.value:
flash("You can't revoke your own admin role.", "danger")
role_okay = False
elif user.id == 1 and new_role != Role.Admin.value:
flash("The original admin can't be removed.", "danger")
role_okay = False
else:
user.role = new_role
if role_okay:
db.session.commit()
flash("Your changes have been saved.", "success")
return redirect(user.view_url())
else:
form.role.data = old_role
elif request.method == "GET":
form.about.data = user.about
if current_user.is_admin():
form.role.data = user.role
return render_template("user/edit.html",
form=form,
user=user,
title=page_title(f"Edit User '{user.username}'"))
def create():
form = CreateUserForm()
form.role.choices = gen_role_choices()
if form.validate_on_submit():
new_user = User(username=form.username.data)
new_user.set_password(form.password.data)
new_user.role = form.role.data
new_user.created = datetime.utcnow()
db.session.add(new_user)
db.session.commit()
flash("New user " + new_user.username + " created.", "success")
return redirect(new_user.view_url())
else:
return render_template("user/create.html",
form=form,
title=page_title("Add User"))
def create():
form = CreateUserForm()
form.roles.choices = gen_role_choices()
if form.validate_on_submit():
new_user = User(username=form.username.data)
new_user.set_password(form.password.data)
new_user_roles = Role.query.filter(Role.id.in_(form.roles.data)).all()
new_user.roles = new_user_roles
new_user.created = datetime.utcnow()
db.session.add(new_user)
db.session.commit()
flash("New user " + new_user.username + " created.", "success")
return redirect(url_for('user.profile', username=new_user.username))
else:
return render_template("user/create.html",
form=form,
title=page_title("Add User"))
def edit(username):
# TODO: make a custom decorator for this?
if current_user.has_admin_role() or current_user.username == username:
form = EditProfileForm()
if current_user.has_admin_role():
form.roles.choices = gen_role_choices()
else:
del form.roles
user = User.query.filter_by(username=username).first_or_404()
if form.validate_on_submit():
user.about = form.about.data
if (form.password.data):
user.set_password(form.password.data)
if current_user.username == user.username:
user.must_change_password = False
elif current_user.has_admin_role():
# user must reset password after it has been changed by an admin
user.must_change_password = True
if current_user.has_admin_role():
new_user_roles = Role.query.filter(Role.id.in_(
form.roles.data)).all()
admin_role = Role.query.get(1)
if username == current_user.username and current_user.has_admin_role(
) and admin_role not in new_user_roles:
new_user_roles.append(admin_role)
flash("You can't revoke your own admin role.", "danger")
if user.id == 1 and admin_role not in new_user_roles:
new_user_roles.append(admin_role)
flash("The original admin can't be removed.", "danger")
user.roles = new_user_roles
db.session.commit()
flash("Your changes have been saved.", "success")
return redirect(url_for("user.profile", username=username))
elif request.method == "GET":
form.about.data = user.about
if current_user.has_admin_role():
user_roles = []
for role in user.roles:
user_roles.append(str(role.id))
form.roles.data = user_roles
return render_template("user/edit.html",
form=form,
user=user,
title=page_title("Edit User '%s'" %
user.username))
else:
flash("You dont have the neccessary role to perform this action.",
"danger")
return redirect(url_for(no_perm_url))
def test_gen_role_choices(self, app, client):
from app.helpers import Role
from app.user.helpers import gen_role_choices
self.assertEqual(len(gen_role_choices()), len(Role))