def update(entry_id):
"""Update entry.
Args:
entry_id (int): id of entry to update
title (str): title of entry
body (str): body of entry
Returns:
str: template
"""
entry = Entry.query.get_or_404(entry_id)
if (ROLE_PRIV[g.user.role] < Privilege.EDITOR and
entry.author_id != g.user.id):
abort(403)
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
if not title:
flash_error('Title is required.')
else:
try:
entry.title = title
entry.body = body
db.session.commit()
except AssertionError:
flash_error('Bad data.')
else:
flash_success('Update succeeded.')
return redirect(url_for('blog.update', entry_id=entry_id))
return render_template('blog/update.html', entry=entry)
def create():
"""Create entry.
Args:
title (str): title of entry
body (str): body of entry
Returns:
str: template
"""
if request.method == 'POST':
title = request.form['title']
body = request.form['body']
if not title:
flash_error('Title is required.')
else:
try:
entry = Entry(title=title, body=body, author_id=g.user.id)
db.session.add(entry)
db.session.commit()
except AssertionError:
flash_error('Bad data.')
else:
flash_success('Creation succeeded.')
return redirect(url_for('blog.edit_top'))
return render_template('blog/create.html')
def logout():
"""Log out of the site.
Returns:
str: template
"""
session.clear()
flash_success('Logged out.')
return redirect(url_for('index'))
def delete(user_id):
"""Delete user.
Args:
user_id (int): id of user to delete
Returns:
str: template
"""
user = User.query.get_or_404(user_id)
db.session.delete(user)
db.session.commit()
flash_success('Deletion succeeded.')
return redirect(url_for('user.index'))
def delete(entry_id):
"""Delete entry.
Args:
entry_id (int): id of entry to delete
Returns:
str: template
"""
entry = Entry.query.get_or_404(entry_id)
if (ROLE_PRIV[g.user.role] < Privilege.EDITOR and
entry.author_id != g.user.id):
abort(403)
db.session.delete(entry)
db.session.commit()
flash_success('Deletion succeeded.')
return redirect(url_for('blog.edit_top'))
def create():
"""Create user.
Args:
role (str): user's role
username (str): user's name
password (str): user's password
Returns:
str: template
"""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
role = request.form['role']
error = ''
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not validate_password(password):
error = 'Bad data.'
elif User.query.filter_by(name=username).first() is not None:
error = 'User {0} is already registered.'.format(username)
if error:
flash_error(error)
else:
try:
user = User(
role=role, name=username,
password=generate_password_hash(password)
)
db.session.add(user)
db.session.commit()
except AssertionError:
flash_error('Bad data.')
else:
flash_success('Creation succeeded.')
return redirect(url_for('user.index'))
return render_template('user/create.html', roles=roles)
def change_user_password(user_id):
"""Change password.
Args:
user_id (int): id of user to change
new_password (str): password after change
Returns:
str: template
"""
user = User.query.get_or_404(user_id)
new_password = request.form['new_password']
succeeded, message = change_password(
user_id, new_password, old_required=False)
if succeeded:
flash_success(message)
else:
flash_error(message)
return render_template('user/update.html', user=user)
def change_my_password():
"""Change own password.
Args:
old_password (str): current password
new_password (str): password after change
Returns:
str: template
"""
if request.method == 'POST':
old_password = request.form['old_password']
new_password = request.form['new_password']
succeeded, message = change_password(g.user.id, new_password,
old_password)
if succeeded:
flash_success(message)
else:
flash_error(message)
return render_template('auth/chpasswd.html', user=g.user)
def update(user_id):
"""Update user.
Args:
user_id (int): id of user to update
role (str): user's role
username (str): user's name
Returns:
str: template
"""
user = User.query.get_or_404(user_id)
if request.method == 'POST':
role = request.form['role']
username = request.form['username']
error = ''
if not username:
error = 'Username is required.'
elif User.query.filter_by(name=username).first() is not None:
error = 'User {0} is already registered.'.format(username)
if error:
flash_error(error)
else:
try:
user.role = role
user.name = username
db.session.commit()
except AssertionError:
flash_error('Bad data.')
else:
flash_success('Update succeeded.')
return redirect(
url_for('user.update', user_id=user_id))
return render_template('user/update.html', user=user, roles=roles)