def activate(request): _ = get_localizer(request) settings = request.registry.settings user_model = UserModel(request.db_session) code = request.matchdict['code'] user_name = request.matchdict['user_name'] user = user_model.get_by_name(user_name) auth_secret_key = settings['auth_secret_key'] valid_code = user_model.get_verification_code( user_id=user.user_id, verify_type='create_user', secret=auth_secret_key ) if valid_code != code: msg = _(u"Invalid activation link", mapping=dict(user_name=user_name)) return HTTPForbidden(msg) if not user.verified: with transaction.manager: user_model.update_user(user.user_id, verified=True) msg = _(u"User ${user_name} is activated", mapping=dict(user_name=user_name)) request.add_flash(msg, 'success') return dict()
def user_edit(request): _ = get_localizer(request) user_model = UserModel(request.db_session) group_model = GroupModel(request.db_session) user_name = request.matchdict['user_name'] user = user_model.get_by_name(user_name) if user is None: msg = _(u'User %s does not exists') % user_name return HTTPNotFound(msg) user_groups = [str(g.group_id) for g in user.groups] factory = FormFactory(_) UserEditForm = factory.make_user_edit_form() form = UserEditForm( request.params, display_name=user.display_name, email=user.email, groups=user_groups ) groups = group_model.get_list() form.groups.choices = [ (str(g.group_id), '%s - %s' % (g.group_name, g.display_name), ) for g in groups ] if request.method == 'POST': check_csrf_token(request) validate_result = form.validate() display_name = request.params['display_name'] password = request.params['password'] email = request.params['email'] groups = request.params.getall('groups') by_email = user_model.get_by_email(email) if by_email is not None and email != user.email: msg = _(u'Email %s already exists') % email form.email.errors.append(msg) validate_result = False if validate_result: with transaction.manager: user_model.update_user( user_id=user.user_id, display_name=display_name, email=email, ) if password: user_model.update_password(user.user_id, password) user_model.update_groups(user.user_id, map(int, groups)) msg = _(u"User ${user_name} has been updated", mapping=dict(user_name=user_name)) request.add_flash(msg, 'success') url = request.route_url('admin.user_edit', user_name=user.user_name) return HTTPFound(location=url) return dict(form=form, user=user)