def confirm(token): if current_user.is_email_confirmed: flash(notify_warning("Account already confirmed.")) return redirect(url_for("dashboard.index")) if current_user.confirm_token(token): flash(notify_success("You have confirmed your account. Thanks!")) return redirect(url_for("dashboard.index")) flash(notify_warning("The confirmation link is invalid/expired.")) return redirect(url_for("auth.unconfirmed"))
def roles_add(): if request.method == "POST": if not Role.query.filter(Role.name == request.form["name"]).first(): role = Role(name=request.form["name"]) role.save() flash(notify_success("Role successfully added")) return redirect(url_for("appadmin.roles")) flash(notify_warning("Role already exists")) return redirect(url_for("appadmin.roles"))
def roles_delete(role_id): role = Role.get_by_id(role_id) if role is None: flash(notify_warning("Unable to delete. Invalid role id")) return redirect(url_for("appadmin.roles")) role.delete() flash(notify_success("Role successfully deleted")) return redirect(url_for("appadmin.roles"))
def register(): context = {} reg_form = RegistrationForm() if request.method == 'POST': if reg_form.validate_on_submit(): password = reg_form.password.data username = reg_form.username.data if not username.replace('-', '').isalnum(): flash('') flash(notify_warning('Username must have only alphanumeric and - characters')) return redirect(url_for('www.index')) if username.lower() in ['contact', 'about', 'privacy-policy']: flash('') flash(notify_warning('Username must cannot be in reserved keywords')) return redirect(url_for('www.index')) user = User.query.filter( func.lower(User.username) == func.lower(username) ).first() if (not user is None): flash('') flash(notify_warning('Username exists')) return redirect(url_for('www.index')) user = User.create( password=password, username=username ) login_user(user) is_disabled = False if "EMAIL_CONFIRMATION_DISABLED" in current_app.config: is_disabled = current_app.config["EMAIL_CONFIRMATION_DISABLED"] if is_disabled is True: user.is_email_confirmed = True user.email_confirm_date = datetime.datetime.now() user.update() return redirect(url_for('www.user_profile', username=username)) else: return redirect(url_for('www.index'))
def roles_update(): if request.method == "POST": role = Role.get_by_id(request.form["role_id"]) if role is None: flash(notify_warning("Unable to update. Role does not exist")) return redirect(url_for("appadmin.roles")) role.name = request.form["role_name"] role.update() flash(notify_success("Role successfully updated")) return redirect(url_for("appadmin.roles"))
def admin_delete(id): """ **Delete a User** :param id: id of the user :type id: int """ user = User.query.get(id) if user is None: flash(notify_warning("Unable to delete. Invalid user id")) return redirect("/appadmin") user.delete() flash(notify_success("User successfully deleted")) return redirect("/appadmin")
def admin_edit(id): """ **Update information for a User** :param id: id of the user :type id: int """ context = {} user = User.query.get(id) if user is None: flash(notify_warning("Unable to edit. Invalid user id")) return redirect("/appadmin") context["user"] = user context["user_roles"] = [r.name for r in user.roles] context["roles"] = Role.query.all() return render_template("appadmin/edit.html", **context)
def user_add(): """ **Adds a User** adds a user to database. """ context = {} if request.method == "POST": email = request.form["email"] password = request.form["password"] first_name = request.form["first_name"] last_name = request.form["last_name"] admin_user = request.form.get("is_admin") if admin_user == "True": is_admin = True else: is_admin = False has_user = db.session.query( exists().where(User.email == email)).scalar() if not has_user: new_user = User() new_user.email = email new_user.is_admin = is_admin new_user.first_name = first_name new_user.last_name = last_name new_user.password = password for key in request.form: if key.startswith("role_"): role_id = key.split("_")[1] role = Role.get_by_id(role_id) new_user.roles.append(role) new_user.save() return redirect(url_for("appadmin.user_add")) flash(notify_warning("User with same email already exists")) context["roles"] = Role.query.all() return render_template("appadmin/add.html", **context)
def admin_update(): """ **Update a User record** """ id = request.form["id"] password = request.form["password"] email = request.form["email"] first_name = request.form["first_name"] last_name = request.form["last_name"] is_admin = request.form.get("is_admin") if is_admin: is_admin = True else: is_admin = False user = User.query.get(id) if user is None: flash(notify_warning("Unable to update. User does not exist.")) return redirect("/admin") user.is_admin = is_admin user.email = email user.first_name = first_name user.last_name = last_name user.roles[:] = [] if password.strip(): user.password = password for key in request.form: if key.startswith("role_"): role_id = key.split("_")[1] role = Role.get_by_id(role_id) user.roles.append(role) user.update() flash(notify_success("User successfully updated")) return redirect("/appadmin")
def wrap(*args, **kwargs): if current_user.is_admin: return f(*args, **kwargs) else: flash(notify_warning("You need to be an admin to view this page.")) return redirect(url_for("dashboard.index"))
from functools import wraps from flask import flash from flask import redirect from flask import url_for from flask_login import current_user from init import login_manager from shopyo.api.html import notify_warning from modules.box__default.auth.models import User login_manager.login_view = "auth.login" login_manager.login_message = notify_warning("Please login for access") @login_manager.user_loader def load_user(id): return User.query.get(id) def admin_required(f): @wraps(f) def wrap(*args, **kwargs): if current_user.is_admin: return f(*args, **kwargs) else: flash(notify_warning("You need to be an admin to view this page.")) return redirect(url_for("dashboard.index"))
def unconfirmed(): if current_user.is_email_confirmed: return redirect(url_for("dashboard.index")) flash(notify_warning("Please confirm your account!")) return render_template("auth/unconfirmed.html")