def users_update(user_id): """ Update a user """ if not current_user.role == "admin": abort(404) user = User.find_by_id(user_id) if not user: abort(404) form = UserForm(obj=user) del form.password if request.method == 'POST' and form.validate_on_submit(): user.name = form.name.data user.role = form.role.data db.session.add(user) db.session.commit() return redirect(url_for('users_list')) return render_template('users/update.html', user=user, form=form, page_title="Update %s" % user.name , form_action=url_for('users_update', user_id=user.id), form_submit_button_title="Update" )
def input(self): form = UserForm() if form.validate_on_submit(): user = User(nama=form.nama.data, username=form.username.data) user.set_password(form.password.data) db.session.add(user) db.session.commit() return redirect(url_for('input_admin')) user = User().getAll() return render_template('admin/input.html', form = form, title='Input Admin', user=user)
def system_user_add(): form = UserForm() if form.validate_on_submit(): data = form.data data = User(name=data['name'], password=generate_password_hash(data['password']), description=data['description'], is_admin=data['is_admin'], image="") db.session.add(data) db.session.commit() flash("新增成功", "ok") return render_template("admin/system/user/user_add.html", form=form)
def login(): if current_user.is_authenticated: return redirect(url_for('r_dashboard')) form = UserForm() if form.validate_on_submit(): username = form.username.data password = form.password.data user = User.query.filter(User.username == username).first() if user is not None and check_password_hash(user.password, password): login_user(user) return redirect(url_for('r_dashboard')) flash('Kombinasi username dan password salah') return redirect(url_for('login')) return render_template('login.html', form=form)
def edit_user(id): user = User.objects.get_or_404(pk=id) form = UserForm(obj=user) form_url = url_for('.edit_user', id=id) if form.validate_on_submit(): form.populate_obj(user) user.save() flash('User updated', 'success') return render_template('admin/users/form.html', user=user, form=form, form_url=form_url)
def login(): if current_user.is_authenticated: return redirect(url_for('index')) form = UserForm() if form.validate_on_submit(): user = User.query.filter(User.username == form.username.data).first() captcha = request.form.get('captcha') captcha_hash = request.form.get('captchaHash') if user is None or not user.check_password(form.password.data): flash('Invalid username or password!') return redirect(url_for('login')) elif rp_hash(captcha) != captcha_hash: flash('Invalid captcha') return redirect(url_for('login')) login_user(user) return redirect(url_for('index')) return render_template('login.html', form=form)
def system_user_edit(id=None): if id is None or not id: pass form = UserForm() result = User.query.get_or_404(id) if request.method == "GET": form.description.data = result.description form.is_admin.data = result.is_admin if request.method == "POST": if form.validate_on_submit(): data = form.data result.name = data['name'] result.password = generate_password_hash(data['password']) result.description = data['description'] result.is_admin = data['is_admin'] db.session.add(result) db.session.commit() flash("保存成功", "ok") return render_template("admin/system/user/user_edit.html", form=form, result=result)
def edit(user_id): user_obj = User.query.get(user_id) user_form = UserForm( obj=user_obj) if current_user.is_admin else UserFormNonAdmin( obj=user_obj) if user_form.validate_on_submit(): if not user_form.data['password']: password = user_obj.password user_form.populate_obj(user_obj) user_obj.password = password else: user_form.populate_obj(user_obj) db.session.add(user_obj) db.session.commit() flash('Save Successful', 'success') return redirect(url_for('user.user_list')) return render_template('common/editor.jinja.html', title='User', form=user_form)
def users_change_password(): """ Change a user's password """ # Is this an admin resetting a user's password? if request.args.get('user_id'): user_id = request.args.get('user_id') if user_id != current_user.id and not current_user.role == "admin": abort(404) else: user_id = current_user.id user = User.find_by_id(user_id) if not user: abort(404) form = UserForm(obj=user) del form.name del form.role if request.method == 'POST' and form.validate_on_submit(): user.set_password(form.password.data) db.session.add(user) db.session.commit() return redirect(url_for('users_change_password', user_id=user.id)) if current_user.role == "admin": page_title = "Change password for %s" % user.name else: page_title = "Change your Password" return render_template('users/change_password.html', user=user, form=form, page_title=page_title, form_action=url_for('users_change_password', user_id=user.id), form_submit_button_title="Change" )
def users_create(): """ Create a user """ if not current_user.role == "admin": abort(404) form = UserForm() if request.method == 'POST' and form.validate_on_submit(): user = User( name = form.name.data, password = form.password.data, role = form.role.data ) db.session.add(user) db.session.commit() return redirect(url_for('users_list')) return render_template('users/create.html', form=form, page_title="Create a User", form_action=url_for('users_create'), form_submit_button_title="Create" )