def user_change_points(username):
if not ModeratorGroup.is_belong(current_user.group):
flash(NO_RIGHTS_ERROR_MSG, "danger")
return redirect(url_for("users.user_info", username=username))
title = _("Change points")
form = UserChangePointsForm()
if form.validate_on_submit():
form_data = form.data.copy()
for field in ("submit", "csrf_token"):
form_data.pop(field)
response = ApiPut.make_request("users", username, "change_points", json=form_data)
if response.status_code == 200:
flash(_("User's points has been updated."), "success")
return redirect(url_for("users.user_change_points", username=username))
error = response.json()["error"]
code = error["code"]
if errors.InvalidRequestError.sub_code_match(code):
fields = error["fields"]
for field in fields:
if field in form:
form[field].errors += fields[field]
else:
flash(INTERNAL_ERROR_MSG, "danger")
return render_template("user_change_points.html", title=title, form=form, username=username)
def security_settings(username):
if current_user.username != username:
return redirect(url_for("users.security_settings", username=current_user.username))
title = _("Security settings")
form = UserChangePasswordForm()
template_vars = dict(form=form, security_tab="active", username=username)
if form.validate_on_submit():
form_data = form.data.copy()
for field in ("submit", "csrf_token", "new_password_again"):
form_data.pop(field)
response = ApiPut.make_request("users", username, "change_password", json=form_data)
if response.status_code == 200:
flash(_("Your password has been updated."), "success")
return redirect(url_for("users.security_settings", username=username))
error = response.json()["error"]
code = error["code"]
if errors.InvalidRequestError.sub_code_match(code):
fields = error["fields"]
for field in fields:
if field in form:
form[field].errors += fields[field]
elif errors.WrongOldPasswordError.sub_code_match(code):
flash(_("Old password is wrong."), "danger")
else:
flash(INTERNAL_ERROR_MSG, "danger")
return render_template("user_security_edit.html", title=title, **template_vars)
def user_unban(username):
resp = ApiPut.make_request("users", username, "unban")
if resp.status_code == 200:
flash(_("User has been unbanned."), "success")
else:
error = resp.json()["error"]
code = error["code"]
if errors.AccessDeniedError.sub_code_match(code):
flash(NO_RIGHTS_ERROR_MSG, "danger")
else:
flash(INTERNAL_ERROR_MSG, "danger")
return redirect(url_for("users.user_info", username=username))
def profile_settings(username):
if current_user.username != username and not ModeratorGroup.is_belong(current_user.group):
return redirect(url_for("users.profile_settings", username=current_user.username))
title = _("Profile settings")
form = UserProfileForm()
form.username.description = _("Length must be between ") + str(
User.min_username_length) + _(" and ") + str(User.max_username_length)
form.bio.description = _("Length cannot be longer than ") + str(User.max_bio_length)
template_vars = dict(form=form, profile_tab="active", username=username)
if form.validate_on_submit():
form_data = form.data.copy()
for field in ("submit", "csrf_token", "avatar"):
form_data.pop(field)
if form.avatar.data:
user_data = ApiGet.make_request("users", username).json()
last_avatar_filename = user_data.get("user", dict()).get("avatar_filename", None)
form_data["avatar_filename"] = save_image(form.avatar.data, remove=last_avatar_filename)
response = ApiPut.make_request("users", username, "profile", json=form_data)
if response.status_code == 200:
flash(_("Profile settings have been updated."), "success")
return redirect(url_for("users.profile_settings", username=form.username.data))
error = response.json()["error"]
code = error["code"]
if errors.InvalidRequestError.sub_code_match(code):
fields = error["fields"]
for field in fields:
if field in form:
form[field].errors += fields[field]
else:
flash(INTERNAL_ERROR_MSG, "danger")
return render_template("user_profile_edit.html", title=title, **template_vars)
user_data = ApiGet.make_request("users", username).json()
if "user" not in user_data:
return redirect("/")
user_data = user_data["user"]
form.username.data = user_data["username"]
if user_data["bio"]:
form.bio.data = user_data["bio"]
return render_template("user_profile_edit.html", title=title, **template_vars)
def user_change_group(username):
user = ApiGet.make_request("users", username).json().get("user")
if not AdminGroup.is_belong(current_user.group) or current_user.group <= user["group"]:
flash(NO_RIGHTS_ERROR_MSG, "danger")
return redirect(url_for("users.user_info", username=username))
title = _("Change group")
form = UserChangeGroupForm()
if form.is_submitted():
form_data = form.data.copy()
for field in ("submit", "csrf_token"):
form_data.pop(field)
response = ApiPut.make_request("users", username, "change_group", json=form_data)
if response.status_code == 200:
flash(_("User's group has been updated."), "success")
return redirect(url_for("users.user_change_group", username=username))
error = response.json()["error"]
code = error["code"]
if errors.InvalidRequestError.sub_code_match(code):
fields = error["fields"]
for field in fields:
if field in form:
form[field].errors += fields[field]
else:
flash(INTERNAL_ERROR_MSG, "danger")
if user:
form.group.choices = [(group.id, GROUPS[group]) for group in groups if current_user.group > group.id]
form.group.default = user["group"]
form.process()
return render_template("user_change_group.html", title=title, form=form, user=user, username=username)
def email_settings(username):
if current_user.username != username:
return redirect(url_for("users.email_settings", username=current_user.username))
title = _("Change email")
form = UserEmailForm()
template_vars = dict(form=form, email_tab="active", username=username)
if form.validate_on_submit():
form_data = form.data.copy()
for field in ("submit", "csrf_token"):
form_data.pop(field)
response = ApiPut.make_request("users", username, "email", json=form_data)
if response.status_code == 200:
flash(_("Email has been updated."), "success")
return redirect(url_for("users.email_settings", username=username))
error = response.json()["error"]
code = error["code"]
if errors.InvalidRequestError.sub_code_match(code):
fields = error["fields"]
for field in fields:
if field in form:
form[field].errors += fields[field]
else:
flash(INTERNAL_ERROR_MSG, "danger")
user_data = ApiGet.make_request("users", username).json()
if "user" not in user_data or "email" not in user_data["user"]:
return redirect("/")
user_data = user_data["user"]
form.email.data = user_data["email"]
return render_template("user_email_edit.html", title=title, user=user_data, **template_vars)