def user(user_id):
    if not current_user.is_authenticated:
        abort(401)

    form = UsersFormEdit()
    uc = UserController()
    user = uc.getuser(uid=user_id)
    if not user:
        abort(404)

    if current_user.group != 'admin':
        if current_user.username != user.username:
            abort(401)

    if form.validate_on_submit():
        user_data = {}
        if form.delete.data == 'Y':
            user_data['uid'] = user.id
            uc.deleteuser(user_data)
            return redirect(url_for('users', page_num=1))
        else:
            user_data['username'] = form.username.data
            user_data['uid'] = user.id
            user_data['group'] = form.group.data
            uc.edituser(user_data)
            return redirect(url_for('users', page_num=1))

    form.username.data = user.username
    form.group.data = user.group
    delete = request.args.get('delete', None)
    if delete:
        form.delete.data = 'Y'
    else:
        form.delete.data = 'N'

    return render_template('user.html',
                           username=current_user.username,
                           form=form,
                           uid=user.id)
def reset():
    uid = request.args.get('uid', None)
    if current_user.group != 'admin':
        if current_user.id != int(uid):
            abort(401)

    form = UsersFormPassword()
    if form.validate_on_submit():
        hashed_pw = generate_password_hash(form.password.data,
                                           method='pbkdf2:sha256:260000',
                                           salt_length=16)
        uc = UserController()
        user_data = {'uid': int(form.uid.data), 'password': hashed_pw}
        uc.edituser(user_data, updatepw=True)

        if current_user.id == int(uid):
            return redirect(url_for('logout'))
        else:
            return redirect(url_for('users', page_num=1))

    form.uid.data = uid
    return render_template('resetpw.html', form=form)