def get(self, user_id): user = User.query.filter_by(id=user_id).first_or_404() form = self.form(user) member_group = db.and_(*[ db.not_(getattr(Group, p)) for p in ['admin', 'mod', 'super_mod', 'banned', 'guest'] ]) filt = db.or_(Group.id.in_(g.id for g in current_user.groups), member_group) if Permission(IsAtleastSuperModerator, identity=current_user): filt = db.or_(filt, Group.mod) if Permission(IsAdmin, identity=current_user): filt = db.or_(filt, Group.admin, Group.super_mod) if Permission(CanBanUser, identity=current_user): filt = db.or_(filt, Group.banned) group_query = Group.query.filter(filt) form.primary_group.query = group_query form.secondary_groups.query = group_query return render_template('management/user_form.html', form=form, title=_('Edit User'))
def validate_name(self, field): if hasattr(self, "group"): group = Group.query.filter( db.and_(Group.name.like(field.data.lower()), db.not_(Group.id == self.group.id))).first() else: group = Group.query.filter(Group.name.like( field.data.lower())).first() if group: raise ValidationError(_("This group name is already taken."))
def validate_email(self, field): if hasattr(self, "user"): user = User.query.filter( db.and_(User.email.like(field.data.lower()), db.not_(User.id == self.user.id))).first() else: user = User.query.filter(User.email.like( field.data.lower())).first() if user: raise ValidationError(_("This email address is already taken."))
def validate_guest(self, field): if hasattr(self, "group"): group = Group.query.filter( db.and_(Group.guest, db.not_(Group.id == self.group.id))).count() else: group = Group.query.filter_by(guest=True).count() if field.data and group > 0: raise ValidationError( _("There is already a group of type " "'Guest'."))
def post(self, user_id): user = User.query.filter_by(id=user_id).first_or_404() member_group = db.and_(*[ db.not_(getattr(Group, p)) for p in ['admin', 'mod', 'super_mod', 'banned', 'guest'] ]) filt = db.or_(Group.id.in_(g.id for g in current_user.groups), member_group) if Permission(IsAtleastSuperModerator, identity=current_user): filt = db.or_(filt, Group.mod) if Permission(IsAdmin, identity=current_user): filt = db.or_(filt, Group.admin, Group.super_mod) if Permission(CanBanUser, identity=current_user): filt = db.or_(filt, Group.banned) group_query = Group.query.filter(filt) form = EditUserForm(user) form.primary_group.query = group_query form.secondary_groups.query = group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_('User updated.'), 'success') return redirect(url_for('management.edit_user', user_id=user.id)) return render_template('management/user_form.html', form=form, title=_('Edit User'))