def edit_profile(request, username, template_name='people/edit.html'):
from forms import EditUserForm
user = User.get_by_auth_id('twitter:%s' % username)
if user == None:
raise Http404("User not found")
if user.key != request.user.key:
http403 = HttpResponse("This ain't you!")
http403.status = 403
return http403
form = EditUserForm(request.POST or None, user=request.user)
if form.is_valid():
for key in form.cleaned_data:
if key == 'email':
continue
setattr(user, key, form.cleaned_data.get(key))
slugify(user.location)
user.put()
return HttpResponseRedirect(
reverse('member-profile',
kwargs={'username':request.user.username}
)
)
return render_to_response(template_name,
{'form':form},
context_instance=RequestContext(request))
def edit_user(username):
"""Show form for editing user details (GET) or add user edits to db and go to user page (POST)
User cannot change username or password for now"""
# Check if logged in user is this user
if is_correct_user(username):
form = EditUserForm(first_name=current_user.first_name,
last_name=current_user.last_name,
state_code=current_user.state_code)
if form.validate_on_submit():
current_user.first_name = form.first_name.data
current_user.last_name = form.last_name.data
current_user.state_code = form.state_code.data
db.session.commit()
flash("User updated")
# on successful edit, redirect to users page
return redirect(f"/users/{ current_user.username }")
return render_template("edit_user.html", form=form)
flash("Not your profile")
return redirect("/")
def profile():
"""Update profile for current user."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
# username, password
# print('***********g.user.id', g.user.id)
user = User.query.get_or_404(g.user.id)
form = EditUserForm(obj=user)
user = User.authenticate(user.username, form.password.data)
if user and form.validate_on_submit():
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
db.session.commit()
return redirect(f'/users/{g.user.id}')
else:
return render_template('users/edit.html', form=form)
def edit_profile(user_id):
"""On submit update user information.
If form not validated show edit user form.
If password incorrect flash message.
"""
form = EditUserForm()
curr_user = User.query.get_or_404(user_id)
if curr_user.id != g.user.id:
flash('You can only edit your own profile.', 'danger')
return redirect('/leagues')
if form.validate_on_submit():
user = User.authenticate(form.username.data, form.password.data)
if user:
curr_user.username = form.username.data
curr_user.image_url = form.image_url.data
db.session.commit()
else:
flash('Incorrect username or password', 'danger')
return render_template('edit_user.html', form=form, user=curr_user)
flash(f"Successfully Edited {curr_user.username}'s Profile", "success")
return redirect('/leagues')
else:
return render_template('edit_user.html', form=form, user=curr_user)
def edit_profile(user_id):
"""Displays form for user to edit user details (GET) and submits form (POST)"""
if current_user.id == user_id:
user = User.query.get_or_404(user_id)
form = EditUserForm(obj=user)
if form.validate_on_submit():
user.username = form.username.data
user.bio = form.bio.data
user.location = form.location.data
if form.img_url.data == "":
db.session.commit()
flash("Profile changes saved!", "success")
return redirect(f"/user/{user.id}")
else:
user.profile_pic = form.img_url.data
db.session.commit()
flash("Profile changes saved!", "success")
return redirect(f"/user/{user.id}")
else:
return render_template("edituser.html", form=form)
else:
return ("", 403)
def update_profile():
"""Update profile for current user."""
form = EditUserForm(obj=g.user)
# user = User.query.get(session[CURR_USER_KEY])
# IMPLEMENT THIS
if form.validate_on_submit():
if User.authenticate(g.user.username, form.password.data):
# we don't need line 230 because we've done it g.user
# user = User.query.get(session[CURR_USER_KEY])
user = g.user
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
db.session.add(user)
db.session.commit()
return redirect(f"/users/{user.id}")
else:
return render_template("users/edit.html", form=form)
def user_edit_page(user_id):
if not current_user.key.id() == user_id:
if not current_user.is_admin():
return render_template('not_found_page.html'), 404
user = User.get_by_id(str(user_id).lower())
if user:
form = EditUserForm()
checked_status = 'checked' if user.is_admin() else ''
if form.validate_on_submit():
user.name = form.name.data
if current_user.is_admin():
user.isAdmin = form.isAdmin.data
user.put()
return redirect(url_for('web_app.user_edit_page', user_id=user_id))
return render_template('edit_user_page.html',
form=form,
checked_status=checked_status,
user=user)
else:
return render_template('not_found_page.html'), 404
def edit_user(username):
form = EditUserForm(obj=g.user)
form.location.choices = country_choices
if form.validate_on_submit():
first_name = form.first_name.data
last_name = form.last_name.data
email = form.email.data
image = form.image.data
username = form.username.data
location = form.location.data
bio = form.bio.data
if type(image) is str:
user = g.user.edit_user(first_name, last_name, username, location,
bio)
else:
url = add_profile_picture(username, image)
user = g.user.edit_user(first_name, last_name, username, location,
bio, url)
if user:
db.session.add(user)
db.session.commit()
return redirect(url_for('show_user', username=username))
else:
form.username.errors.append('Username has already been taken')
return render_template('form.html', form=form)
return render_template('form.html', form=form)
def edit_profile():
"""Update profile for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = g.user
form = EditUserForm(obj=user)
if form.validate_on_submit():
if User.authenticate(user.username, form.password.data):
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data or "/static/images/default-pic.png"
user.header_image_url = form.header_image_url.data or "/static/images/warbler-hero.jpg"
user.bio = form.bio.data
db.session.commit()
return redirect(f"/users/{user.id}")
flash(f"{user.username}, password doesn't match! please try again.",
'danger')
return render_template('users/edit.html', form=form, user_id=user.id)
def profile():
"""Update profile for current user."""
# Check if a User is logged in
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = User.query.get_or_404(g.user.id)
form = EditUserForm(obj=user)
if form.validate_on_submit():
username = form.username.data
email = form.email.data
image_url = form.image_url.data
header_image_url = form.header_image_url.data
bio = form.bio.data
password = form.password.data
if User.authenticate(user.username, password):
user.username = username
user.email = email
user.image_url = image_url
user.header_image_url = header_image_url
user.bio = bio
db.session.commit()
return redirect(f'/users/{user.id}')
else:
flash("Password Incorrect, you can't edit", "danger")
return redirect('/')
return render_template('users/edit.html', form=form)
def profile():
"""Update profile for current user."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = g.user
form = EditUserForm(obj=user)
if form.validate_on_submit():
user = User.authenticate(user.username, form.password.data)
if user:
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
db.session.commit()
flash("User information updated!", "success")
return redirect(f"/users/{g.user.id}")
flash("Invalid credentials.", 'danger')
return redirect(f"/users/{g.user.id}")
return render_template('/users/edit.html', form=form)
def profile():
"""Update profile for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = EditUserForm()
if form.validate_on_submit():
if User.check_entered_pwd(g.user.password, form.password.data):
user = User.query.get(g.user.id)
user.username = form.username.data
user.email = form.email.data
user.password = form.password.data
user.image_url = form.image_url.data
user.header_image_url = form.header_url.data
user.bio = form.bio.data
user.location = form.location.data
db.session.add(user)
db.session.commit()
flash("Info Edited", "success")
return redirect(f"{g.user.id}")
else:
flash("Wrong Password", "danger")
return redirect("/")
return render_template("users/edit.html", form=form)
def profile():
"""Update profile for current user."""
# IMPLEMENT THIS
do_authorize()
profile = User.query.get_or_404(g.user.id)
form = EditUserForm(obj=profile)
if form.validate_on_submit():
if User.authenticate(g.user.username, form.password.data):
profile.username = form.username.data
profile.email = form.email.data
profile.image_url = form.image_url.data
profile.header_image_url = form.header_image_url.data
profile.bio = form.bio.data
profile.location = form.location.data
db.session.commit()
flash("Profile edited", "success")
return redirect(f"/users/{g.user.id}")
flash("You are unauthorized", "danger")
# return redirect("/")
return render_template("/users/edit.html", form=form, user_id=g.user.id)
def user_details(user_id):
"""Display/edit user details"""
if not g.user or g.user.id != user_id:
flash('Access unauthorized.', 'danger')
return redirect("/login")
user = User.query.get_or_404(user_id)
form = EditUserForm()
form.boathouses.choices = [(b.id, b.name) for b in Boathouse.query.all()]
if user.confirmed is False:
flash('Please confirm your email account.', 'danger')
if form.validate_on_submit():
favorite_boathouse = UserFavorites(user_id=user.id,
boathouse_id=form.boathouses.data)
user.c_or_f = form.c_or_f.data
db.session.add(favorite_boathouse)
db.session.add(user)
db.session.commit()
return redirect(f'/userdetail/{user_id}')
if user.boathouses:
boathouse_list = UserFavorites.query.filter_by(user_id=user_id).all()
boathouses = [
Boathouse.query.get_or_404(favorite.boathouse_id)
for favorite in boathouse_list
]
else:
boathouses = None
return render_template('userdetail.html',
form=form,
user=user,
boathouses=boathouses)
def post_user():
# create a new user
db_roles = db.session.query(Roles).all()
radio_roles = [(role.id, role.name) for role in db_roles]
form = EditUserForm()
form.role.choices = radio_roles
if form.validate_on_submit():
user = User(form.login.data.strip(), form.password.data.strip())
if db.session.query(Users).filter(
Users.login == user.login).count() > 0:
return render_template(
'user/edit.html',
errors=[
u'Пользователь с логином <b>%s</b> уже существует' %
user.login
],
form=form)
db_user = Users(user.login, user.pw_hash)
db_role = db.session.query(Roles).get(form.role.data)
db_user.roles.append(db_role)
db.session.add(db_user)
db.session.commit()
flash(u'Пользователь добавлен')
return redirect(url_for('users'))
return render_template('user/edit.html', form=form)
def update_profile():
if 'id' not in session:
flash("Access unauthorized", "danger")
return redirect('/users/login')
user = User.query.get_or_404(session['id'])
username = user.username
img = user.img
form = EditUserForm(obj=user)
if form.validate_on_submit():
if len(form.username.data) == 0:
user.username= user.username
else:
user.username=form.username.data
if len(form.img.data) == 0:
user.img = user.img
else:
user.img=form.img.data
db.session.commit()
flash('update sucessful')
return redirect("/")
else:
return render_template("users/edit.html", form=form, user=user)
def put_user(user_id):
db_user = db.session.query(Users).get(user_id)
if db_user is None:
return render_template(
'user/list.html',
users=db.session.query(Users).order_by(Users.id).all(),
errors=u'Пользователя с id=%s не существует' % user_id)
db_roles = db.session.query(Roles).all()
radio_roles = [(role.id, role.name) for role in db_roles]
form = EditUserForm(login=db_user.login)
form.role.choices = radio_roles
if form.validate_on_submit():
password = form.password.data.strip()
if password:
user = User(form.login.data.strip(), form.password.data.strip())
db_user.password = user.pw_hash
else:
user = User(form.login.data.strip())
if db_user.login != user.login and db.session.query(Users).filter(
Users.login == user.login).count() > 0:
return render_template(
'user/edit.html',
errors=[
u'Пользователь с логином <b>%s</b> уже существует' %
user.login
],
form=form)
db_user.login = user.login
db_role = db.session.query(Roles).get(form.role.data)
db_user.roles[0] = db_role
db.session.commit()
flash(u'Пользователь изменен')
return redirect(url_for('users'))
return render_template('user/edit.html', form=form, user=db_user)
def edit_user_form(id):
"""Edit existing user data"""
user = User.query.get_or_404(id)
form = EditUserForm(obj=user)
# delete username and password from the edit form
del form.username
del form.password
if form.validate_on_submit():
user.email = form.email.data
user.first_name = form.first_name.data
user.last_name = form.last_name.data
user.last_updated = datetime.datetime.utcnow()
try:
db.session.commit()
flash("User account info saved", "success")
if form.image.data:
try:
img = Image.open(request.files[form.image.name])
width, height = img.size
img = img.crop((0, 0, min(width,
height), min(width, height)))
upload_img(img, user)
user.has_img = True
user.last_updated = datetime.datetime.utcnow()
db.session.commit()
except:
db.session.rollback()
flash("Image Error", 'error')
except:
db.session.rollback()
flash("Changes could not be saved", 'error')
return redirect(f'/users/{user.id}')
return render_template('edit-user.html', user=user, form=form)
def profile(id):
"""Update profile for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = User.query.get_or_404(id)
form = EditUserForm(obj=user)
if form.validate_on_submit():
"""handles password submission"""
password = User.authenticate(user.username, form.password.data)
if password or g.user.is_admin:
"""updates the user profile"""
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
user.is_admin = form.is_admin.data
db.session.add(user)
db.session.commit()
flash("Updated Profile", "success")
return redirect(f"/users/{user.id}")
else:
"""shows for invalid password"""
flash("Invalid Password", "danger")
return redirect(f"/users/{user.id}/profile")
else:
return render_template("users/edit.html", user=user, form=form)
def edit_profile(username):
""" Show Edit User Profile Form """
if current_user.username != username:
flash('Access unathorized', 'danger')
return redirect(url_for('index'))
user = current_user
form = EditUserForm(obj=user)
if form.validate_on_submit():
user = User.authenticate(current_user.username, form.password.data)
if user:
try:
user.username = form.username.data
user.email = form.email.data
db.session.commit()
flash('User information updated', 'success')
return redirect(url_for('index'))
except:
db.session.rollback()
flash('Username taken.', 'danger')
else:
flash('Invalid credentials.', 'danger')
return render_template('profile.html',
form=form,
btnText='Submit',
cancel='index',
color="#ACDAAA"
)
def edit_user():
if not g.user:
flash("Please sign up to access user functionality")
return redirect("/signup")
form = EditUserForm(obj=g.user)
form.address.id = "search-input"
form.address.type = "search"
if form.validate_on_submit():
first_name = form.first_name.data
last_name = form.last_name.data
email = form.email.data
address = form.address.data
user = User.query.get_or_404(g.user.id)
user.edit_user(first_name=first_name,
last_name=last_name,
email=email,
address=address)
flash("Your persomal information has been successfully edited")
return redirect("/user")
return render_template("edit-user.html", form=form, user=g.user)
def profile():
"""Update profile for current user."""
## if user not logged in, redirect
if not g.user:
return redirect('/')
form = EditUserForm(obj=g.user)
if form.validate_on_submit():
pw = form.password.data
user = User.authenticate(g.user.username, pw) # returns user or false
if user:
for k, v in form.data.items():
if k != 'csrf_token' and k != 'password':
setattr(user, k, v)
db.session.commit()
return redirect(f'/users/{g.user.id}')
else:
form.password.errors = ["invalid password"]
return render_template('/users/edit.html', form=form)
def profile():
"""Update profile for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = EditUserForm(obj=g.user)
user = User.query.filter_by(id=g.user.id).first()
if form.validate_on_submit():
valid_user = User.authenticate(user.username, form.password.data)
if valid_user:
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
user.location = form.location.data
db.session.commit()
return redirect(f'users/{g.user.id}')
else:
flash("Invalid credentials.", 'danger')
return redirect(f'/users/{g.user.id}')
else:
return render_template('users/edit_profile.html', form=form)
def profile():
"""Update profile for current user."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = EditUserForm(obj=g.user)
if form.validate_on_submit():
# check if password is incorrect
if not User.authenticate(g.user.username, form.password.data):
form.password.errors = ['Password is incorrect. Try again.']
return render_template('users/edit.html', form=form)
g.user.username = form.username.data
g.user.image_url = form.image_url.data or '/static/images/default-pic.png',
g.user.header_image_url = form.header_image_url.data or '/static/images/warbler-hero.jpg',
g.user.bio = form.bio.data
db.session.commit()
return redirect(f"/users/{g.user.id}")
else:
return render_template('users/edit.html', form=form)
def edit_user():
"""Edit profile for user."""
if not g.user:
flash(NOT_LOGGED_IN_MSG, "danger")
return redirect("/login")
user = g.user
# Do not display the static value of the default image
# This will throw an error with the URL validator in wtforms
if user.image_url == User._default_img:
user.image_url = ''
form = EditUserForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
# if the image_url is empty, then set the default again
if not user.image_url:
user.image_url = User._default_img
db.session.commit()
flash("Profile edited.", "success")
return redirect("/profile")
else:
return render_template("profile/edit-form.html", form=form)
def profile():
"""Update profile for current user."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
user = User.query.get(g.user.id)
form = EditUserForm(obj=user)
if form.validate_on_submit() and User.authenticate(form.username.data,
form.password.data):
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
user.location = form.location.data
user.username = form.username.data
user.email = form.email.data
db.session.add(user)
db.session.commit()
flash("Profile Updated Successfully", "success")
return redirect(f"/users/{g.user.id}")
else:
flash("Password did not match. Please try again.", "danger")
return render_template("/users/edit.html", form=form)
return render_template("/users/edit.html", form=form)
def profile():
"""Update profile for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = EditUserForm(obj=g.user)
if form.validate_on_submit():
user = User.authenticate(g.user.username, form.password.data)
if user:
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image = form.header_image_url.data
user.bio = form.bio.data
db.session.commit()
return redirect(f"/users/{user.id}")
else:
flash("Invalid credentials.", 'danger')
return redirect('/')
return render_template(
"users/edit.html",
form=form,
)
def profile():
"""Update profile for current user."""
# IMPLEMENT THIS
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = EditUserForm(obj=g.user)
if form.validate_on_submit():
user = User.authenticate(g.user.username, form.password.data)
if user:
user.username = form.username.data
user.email = form.email.data
user.image_url = form.image_url.data
user.header_image_url = form.header_image_url.data
user.bio = form.bio.data
# form.populate_obj(user)
db.session.commit()
flash('Profile Edited', "success")
return redirect(f'/users/{user.id}')
flash("Error Wrong Password.", 'danger')
return redirect('/')
return render_template('users/edit.html', form=form)
def profile():
"""Update profile for current user."""
form = EditUserForm()
if form.validate_on_submit():
if User.authenticate(g.user.username, form.password.data):
try:
g.user.username = form.username.data
g.user.email = form.email.data
g.user.image_url = form.image_url.data
g.user.header_image_url = form.header_image_url.data or "/static/images/warbler-hero.jpg"
g.user.bio = form.bio.data
db.session.add(g.user)
db.session.commit()
except IntegrityError:
flash("Username already taken", 'danger')
return redirect(url_for('profile'))
flash("Changes Successful!", "success")
return redirect(f"{g.user.id}")
flash("Incorrect Password", "danger")
return redirect(url_for('profile'))
return render_template('users/edit.html', form=form)
def profile():
"""Update profile for current user."""
if not g.user:
flash("Access unauthorized.", "danger")
return redirect("/")
form = EditUserForm(obj=g.user)
if form.validate_on_submit():
g.user.username = form.username.data
g.user.email = form.email.data
g.user.image_url = form.image_url.data or User.image_url.default.arg
g.user.header_image_url = form.header_image_url.data or User.header_image_url.default.arg
g.user.bio = form.bio.data
user = User.authenticate(form.username.data, form.password.data)
if user:
db.session.commit()
return redirect(f'/users/{g.user.id}')
else:
return render_template('/users/edit.html', form=form)
