def auth_register(): if request.method == "GET": return render_template("auth/registerform.html", form=RegisterForm()) form = RegisterForm(request.form) if not form.validate(): return render_template("auth/registerform.html", form=form) u = User(form.name.data, form.username.data, form.password.data) db.session().add(u) db.session().commit() u.add_name(form.name.data) login_user(u) return redirect(url_for("index"))
def people_index(): form = NameForm() alert = {} if request.method == "POST": # if request is related to an existing User, fetch user if (request.form.get('delete', None) or request.form.get('make_editor', None) or request.form.get('remove_editor', None)): try: id = int(request.form['id']) except: message = "User related request did not contain required parameter id (int)." return render_template("error500.html", message=message) user = User.query.get(id) # request is to create new dummy user if request.form.get('create_dummy_user', None): if not (current_user.is_authenticated and current_user.has_role("EDITOR")): return redirect(url_for("error403")) form = NameForm(request.form) if form.validate(): u = User(form.name.data, "", "") db.session().add(u) db.session().commit() u.add_name(form.name.data) # empty form form = NameForm(formdata=None) alert = {"type": "success", "text": "New dummy user created!"} # fall through # request is to delete user elif request.form.get('delete', None): if not (current_user.is_authenticated and current_user.has_role("ADMIN")): return redirect(url_for("error403")) if user: names = Name.query.filter_by(user_id=id) roles = UserRole.query.filter_by(user_id=id) for name in names: db.session.delete(name) for role in roles: db.session.delte(role) db.session.delete(user) db.session.commit() alert = { "type": "success", "text": "User succesfully deleted!" } else: alert = { "type": "danger", "text": "Somebody already deleted that user." } # fall through # request is to make user editor elif request.form.get('make_editor', None): if not (current_user.is_authenticated and current_user.has_role("ADMIN")): return redirect(url_for("error403")) if not user: alert = {"type": "danger", "text": "User was deleted."} else: editor = Role.query.filter_by(name="EDITOR").first() if not editor: message = "There is no role 'EDITOR' in the database!" return render_template("error500.html", message=message) user.add_role(editor) alert = { "type": "success", "text": "User %s is now editor!" % user.name } # fall through # request is to make user not-editor elif request.form.get('remove_editor', None): if not (current_user.is_authenticated and current_user.has_role("ADMIN")): return redirect(url_for("error403")) if not user: alert = {"type": "danger", "text": "User was deleted."} else: editor = Role.query.filter_by(name="EDITOR").first() if not editor: message = "There is no role 'EDITOR' in the database!" return render_template("error500.html", message=message) editor_roles = UserRole.query.filter_by(user_id=user.id, role_id=editor.id) for role in editor_roles: db.session.delete(role) articles = Article.query.filter_by(editor_in_charge=id) for article in articles: article.editor_in_charge = None db.session.commit() alert = { "type": "success", "text": "User %s is no longer editor!" % user.name } # fall through return render_template("/people/list.html", people=get_people(), form=form, alert=alert)