def add():
form = AddUser()
if form.validate_on_submit():
username = request.values.get('username')
password = request.values.get('password')
bendungan_id = request.values.get('bendungan')
role = request.values.get('role')
# check if username is available
if Users.query.filter_by(username=username).first():
flash('Username tidak tersedia !', 'danger')
return render_template('users/tambah.html', form=form)
# save new user data
new_user = Users(username=username,
bendungan_id=bendungan_id,
role=role)
# hash password as md5
new_user.set_password(password)
db.session.add(new_user)
db.session.flush()
db.session.commit()
flash('Tambah User berhasil !', 'success')
return redirect(url_for('users.index'))
return render_template('users/index.html', form=form)
def add_post():
form = AddUser(request.form)
if form.validate_on_submit():
flash('Added successfully')
return redirect(url_for('user.viewall'))
return render_template('user/add.html', form=form)
def add_user():
form = AddUser()
if form.validate_on_submit():
user = User(username=form.username.data, email=form.email.data, company=form.company.data, title=form.title.data, role=form.role.data, phone=form.phone.data, first_name=form.first_name.data, last_name=form.last_name.data)
db.session.add(user)
db.session.commit()
send_password_login_email(user)
flash('New user has been registered!')
return redirect(url_for('user_management'))
return render_template('add_user.html', title='Add User', form=form)
def addUser():
form = AddUser()
if form.validate_on_submit():
if User.query.filter_by(email=form.email.data).first():
flash('Email "{}" already in list'.format(form.email.data))
else:
user = User(email=form.email.data)
db.session.add(user)
db.session.commit()
flash('New email "{}" added into DB'.format(form.email.data))
return redirect(url_for('index'))
return render_template('addUser.html', title='Add Email', form=form)
def admin():
if not current_user.isAdmin == 1:
return redirect(url_for('index'))
else:
add_user_form = AddUser()
edit_user_form = EditUserForm()
delete_user_form = DeleteUserForm()
if add_user_form.add_user_submit.data and add_user_form.validate():
user = User(username=add_user_form.username.data,
name=add_user_form.name.data,
isAdmin=False)
db.session.add(user)
db.session.commit()
flash("User added.", "success")
return redirect(url_for('admin'))
edit_user_form.update_choices()
if edit_user_form.edit_submit.data and edit_user_form.validate():
user = User.query.filter_by(
username=edit_user_form.username.data).first()
if user is None:
flash("Unable to find username in database", "danger")
return redirect(url_for("admin"))
if edit_user_form.name.data != "":
user.name = edit_user_form.name.data
db.session.commit()
edit_user_form.update_choices()
flash("User details updated.", "success")
return redirect(url_for("admin"))
if edit_user_form.password.data != "":
if edit_user_form.password.data == edit_user_form.password2.data:
print(edit_user_form.password.data)
user.set_password(edit_user_form.password.data)
db.session.commit()
flash("User details updated.", 'success')
return redirect(url_for('admin'))
else: #password field not empty but password wrong
flash("Password does not match!", "danger")
return redirect(url_for('admin'))
delete_user_form.update_choices()
if delete_user_form.delete_submit.data and delete_user_form.validate():
user = User.query.filter_by(
username=delete_user_form.username.data).first()
db.session.delete(user)
db.session.commit()
flash("User deleted", "success")
return redirect(url_for("admin"))
return render_template('admin.html',
add_user_form=add_user_form,
edit_user_form=edit_user_form,
delete_user_form=delete_user_form)
def profile():
#instantiation of the form
user = AddUser()
#making a post request and validating data on submission
if (request.method == "POST" and user.validate_on_submit()):
#doing things the original way and not being fancy
#taking data from the form and adding it to the db
firstname = user.firstname.data
lastname = user.lastname.data
gender = user.gender.data
email = user.email.data
location = user.location.data
biography = user.biography.data
photo = user.photo.data
#saving the photo to the uploads folder
filename = secure_filename(photo.filename)
photo.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
newUser = UserProfile(first_name=firstname,
last_name=lastname,
gender=gender,
email=email,
location=location,
biography=biography,
photo="uploads/" + filename)
db.session.add(newUser)
db.session.commit()
flash('Your Profile has been Successfully added!')
return redirect(url_for('profiles'))
return render_template("profile.html", form=user)
def adduser():
if g.user.admin:
form = AddUser()
return render_template('adduser.html', form=form)
else:
abort(404)
def add():
form = AddUser()
return render_template('user/add.html', form=form)
def new_user():
"""
new_user is a route used exclusively by system admins to add new users to the system.
There is no public registration page for this application (per the flask-security settings),
users must be added by an admin.
We will prompt for an email, username, and role, then create the user and send an email
informing them that they have been added to the system and must change their password.
The change password step is required as the temp password we generated for them is never
revealed, just hashed and stored to protect the account from un-authorized logins while the
confirmation process plays out.
"""
form = AddUser()
if form.validate_on_submit():
new_user = user_datastore.find_user(email=form.email.data)
if new_user:
flash(
'User with given email address already exists. User not created.',
category='error')
return redirect(url_for('new_user'))
"""
Try and create the new user with given email, username, and role.
Assign them a temp password.
Users should be activated by default but for some reason we needed to
manually activate.
"""
try:
new_user = user_datastore.create_user(email=form.email.data,
username=form.username.data,
password=hash_password(
Users.random_password()))
role = user_datastore.find_role(form.roles.data)
user_datastore.add_role_to_user(new_user, role)
user_datastore.activate_user(new_user)
db.session.commit()
except Exception as e:
app.logger.debug(e)
db.session.rollback()
flash(
'There was an error creating this user. Please try again before reporting.',
category='error')
return redirect(url_for('new_user'))
"""
Now that we have a new user, we're going to try and send them their "activation" link via email.
We're really just making use of the built-in password reset function, so generate a new reset token
and send the mail via the flask-security send_mail func.
This sequence makes use of a custom email template.
"""
try:
link = url_for_security(
'reset_password',
token=generate_reset_password_token(new_user),
_external=True)
subject = 'Activate your account for the Health Tracker'
if Config.ORG:
subject = f'Activate your account for the {Config.ORG} Health Tracker'
send_mail(subject,
new_user.email,
'invite_new_user',
reset_link=link)
except Exception as e:
db.session.rollback()
flash('New user was created but invitation email was not sent.',
category='error')
return redirect(url_for('new_user'))
flash(
f'New user "{new_user.username}" was created and invitation email sent.',
category='success')
return redirect(url_for('new_user'))
return render_template('new_user.html', form=form)