Esempio n. 1
0
def admin_edituser():
    if(current_user.is_admin() == False):
        return "Access Denied"
    form=EditUserForm()
    if form.validate_on_submit():
        form.validate()
        #Check if user exists in database and can be modified
        present = User.query.filter_by(username=form.old_username.data).first()
        if present is None:
            flash("Error: This user does not exist in the database")
            return render_template("admin-edit.html", form=form)
        old_user = form.old_username.data
        #delete record from database unless it is the admin account or the current user
        if (form.delete.data) == True:
            if form.old_username.data == "admin":
                flash("Error: This user cannot be removed from the database")
                return render_template("admin-edit.html", form=form)
            elif current_user.username == old_user:
                flash("Error: Cannot delete the user currently signed in.")
                return render_template("admin-edit.html", form=form)
            else:
                User.query.filter_by(username=form.old_username.data).delete()
        #begin editing record
        if old_user:
            user=User.query.filter_by(username=form.old_username.data).first()
        else:
            flash("Error: No user selected for editing")
            return render_template("admin-edit.html", form=form)
        if old_user == "admin":
            flash("Error: Cannot modify admin!")
            return render_template("admin-edit.html", form=form)
        new_user = form.new_username.data
        if new_user:
            user.username = form.new_username.data
        new_password = form.password_confirm.data
        if new_password:
            user.set_password(form.password.data)
        email =  form.email.data
        if email:
            user.email=form.email.data
        admin=form.admin.data
        if admin:
            user.admin=form.admin.data  
        db.session.commit()
        flash("User succesfully modified")
        return redirect(url_for('admin'))
    return(render_template('admin-edit.html', form=form))
Esempio n. 2
0
def admin():
    if not current_user.isAdmin == 1:
        return redirect(url_for('index'))
    else:
        add_user_form = AddUser()
        edit_user_form = EditUserForm()
        delete_user_form = DeleteUserForm()
        if add_user_form.add_user_submit.data and add_user_form.validate():
            user = User(username=add_user_form.username.data,
                        name=add_user_form.name.data,
                        isAdmin=False)
            db.session.add(user)
            db.session.commit()
            flash("User added.", "success")
            return redirect(url_for('admin'))

        edit_user_form.update_choices()
        if edit_user_form.edit_submit.data and edit_user_form.validate():
            user = User.query.filter_by(
                username=edit_user_form.username.data).first()
            if user is None:
                flash("Unable to find username in database", "danger")
                return redirect(url_for("admin"))
            if edit_user_form.name.data != "":
                user.name = edit_user_form.name.data
                db.session.commit()
                edit_user_form.update_choices()
                flash("User details updated.", "success")
                return redirect(url_for("admin"))
            if edit_user_form.password.data != "":
                if edit_user_form.password.data == edit_user_form.password2.data:
                    print(edit_user_form.password.data)
                    user.set_password(edit_user_form.password.data)
                    db.session.commit()
                    flash("User details updated.", 'success')
                    return redirect(url_for('admin'))
                else:  #password field not empty but password wrong
                    flash("Password does not match!", "danger")
                    return redirect(url_for('admin'))

        delete_user_form.update_choices()
        if delete_user_form.delete_submit.data and delete_user_form.validate():
            user = User.query.filter_by(
                username=delete_user_form.username.data).first()
            db.session.delete(user)
            db.session.commit()
            flash("User deleted", "success")
            return redirect(url_for("admin"))
        return render_template('admin.html',
                               add_user_form=add_user_form,
                               edit_user_form=edit_user_form,
                               delete_user_form=delete_user_form)