def user_delete(username): """ Delete a user """ # security check if session['username'] != 'admin': return error_permission_denied('Unable to remove user as not admin') # check whether exists in database db = LvfsDatabase(os.environ) db_users = LvfsDatabaseUsers(db) try: exists = db_users.is_enabled(username) except CursorError as e: return error_internal(str(e)) if not exists: flash("No entry with username %s" % username) return redirect(url_for('.userlist')), 400 try: db_users.remove(username) except CursorError as e: return error_internal(str(e)) _event_log("Deleted user %s" % username) flash('Deleted user') return redirect(url_for('.userlist')), 201
def useradd(): """ Add a user [ADMIN ONLY] """ # only accept form data if request.method != 'POST': return redirect(url_for('.profile')) # security check if session['username'] != 'admin': return error_permission_denied('Unable to add user as non-admin') db = LvfsDatabase(os.environ) db_users = LvfsDatabaseUsers(db) if not 'password_new' in request.form: return error_permission_denied('Unable to add user an no data') if not 'username_new' in request.form: return error_permission_denied('Unable to add user an no data') if not 'qa_group' in request.form: return error_permission_denied('Unable to add user an no data') if not 'name' in request.form: return error_permission_denied('Unable to add user an no data') if not 'email' in request.form: return error_permission_denied('Unable to add user an no data') try: auth = db_users.is_enabled(request.form['username_new']) except CursorError as e: return error_internal(str(e)) if auth: return error_internal('Already a entry with that username', 422) # verify password password = request.form['password_new'] if not _password_check(password): return redirect(url_for('.userlist')), 302 # verify email email = request.form['email'] if not _email_check(email): return redirect(url_for('.userlist')), 302 # verify qa_group qa_group = request.form['qa_group'] if len(qa_group) < 3: flash('QA group invalid') return redirect(url_for('.userlist')), 302 # verify name name = request.form['name'] if len(name) < 3: flash('Name invalid') return redirect(url_for('.userlist')), 302 # verify username username_new = request.form['username_new'] if len(username_new) < 3: flash('Username invalid') return redirect(url_for('.userlist')), 302 try: db_users.add(username_new, password, name, email, qa_group) except CursorError as e: #FIXME pass _event_log("Created user %s" % username_new) flash('Added user') return redirect(url_for('.userlist')), 201