def users_update(user_id):
""" Update a user """
if not current_user.role == "admin":
abort(404)
user = User.find_by_id(user_id)
if not user:
abort(404)
form = UserForm(obj=user)
del form.password
if request.method == 'POST' and form.validate_on_submit():
user.name = form.name.data
user.role = form.role.data
db.session.add(user)
db.session.commit()
return redirect(url_for('users_list'))
return render_template('users/update.html',
user=user,
form=form,
page_title="Update %s" % user.name ,
form_action=url_for('users_update', user_id=user.id),
form_submit_button_title="Update"
)
def input(self):
form = UserForm()
if form.validate_on_submit():
user = User(nama=form.nama.data, username=form.username.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('input_admin'))
user = User().getAll()
return render_template('admin/input.html', form = form, title='Input Admin', user=user)
def system_user_add():
form = UserForm()
if form.validate_on_submit():
data = form.data
data = User(name=data['name'],
password=generate_password_hash(data['password']),
description=data['description'],
is_admin=data['is_admin'],
image="")
db.session.add(data)
db.session.commit()
flash("新增成功", "ok")
return render_template("admin/system/user/user_add.html", form=form)
def login():
if current_user.is_authenticated:
return redirect(url_for('r_dashboard'))
form = UserForm()
if form.validate_on_submit():
username = form.username.data
password = form.password.data
user = User.query.filter(User.username == username).first()
if user is not None and check_password_hash(user.password, password):
login_user(user)
return redirect(url_for('r_dashboard'))
flash('Kombinasi username dan password salah')
return redirect(url_for('login'))
return render_template('login.html', form=form)
def edit_user(id):
user = User.objects.get_or_404(pk=id)
form = UserForm(obj=user)
form_url = url_for('.edit_user', id=id)
if form.validate_on_submit():
form.populate_obj(user)
user.save()
flash('User updated', 'success')
return render_template('admin/users/form.html',
user=user,
form=form,
form_url=form_url)
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = UserForm()
if form.validate_on_submit():
user = User.query.filter(User.username == form.username.data).first()
captcha = request.form.get('captcha')
captcha_hash = request.form.get('captchaHash')
if user is None or not user.check_password(form.password.data):
flash('Invalid username or password!')
return redirect(url_for('login'))
elif rp_hash(captcha) != captcha_hash:
flash('Invalid captcha')
return redirect(url_for('login'))
login_user(user)
return redirect(url_for('index'))
return render_template('login.html', form=form)
def system_user_edit(id=None):
if id is None or not id:
pass
form = UserForm()
result = User.query.get_or_404(id)
if request.method == "GET":
form.description.data = result.description
form.is_admin.data = result.is_admin
if request.method == "POST":
if form.validate_on_submit():
data = form.data
result.name = data['name']
result.password = generate_password_hash(data['password'])
result.description = data['description']
result.is_admin = data['is_admin']
db.session.add(result)
db.session.commit()
flash("保存成功", "ok")
return render_template("admin/system/user/user_edit.html",
form=form,
result=result)
def edit(user_id):
user_obj = User.query.get(user_id)
user_form = UserForm(
obj=user_obj) if current_user.is_admin else UserFormNonAdmin(
obj=user_obj)
if user_form.validate_on_submit():
if not user_form.data['password']:
password = user_obj.password
user_form.populate_obj(user_obj)
user_obj.password = password
else:
user_form.populate_obj(user_obj)
db.session.add(user_obj)
db.session.commit()
flash('Save Successful', 'success')
return redirect(url_for('user.user_list'))
return render_template('common/editor.jinja.html',
title='User',
form=user_form)
def users_change_password():
""" Change a user's password """
# Is this an admin resetting a user's password?
if request.args.get('user_id'):
user_id = request.args.get('user_id')
if user_id != current_user.id and not current_user.role == "admin":
abort(404)
else:
user_id = current_user.id
user = User.find_by_id(user_id)
if not user:
abort(404)
form = UserForm(obj=user)
del form.name
del form.role
if request.method == 'POST' and form.validate_on_submit():
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
return redirect(url_for('users_change_password', user_id=user.id))
if current_user.role == "admin":
page_title = "Change password for %s" % user.name
else:
page_title = "Change your Password"
return render_template('users/change_password.html',
user=user,
form=form,
page_title=page_title,
form_action=url_for('users_change_password', user_id=user.id),
form_submit_button_title="Change"
)
def users_create():
""" Create a user """
if not current_user.role == "admin":
abort(404)
form = UserForm()
if request.method == 'POST' and form.validate_on_submit():
user = User(
name = form.name.data,
password = form.password.data,
role = form.role.data
)
db.session.add(user)
db.session.commit()
return redirect(url_for('users_list'))
return render_template('users/create.html',
form=form,
page_title="Create a User",
form_action=url_for('users_create'),
form_submit_button_title="Create"
)
