Esempio n. 1
0
def update(entry_id):
    """Update entry.

    Args:
        entry_id (int): id of entry to update
        title (str): title of entry
        body (str): body of entry

    Returns:
        str: template
    """
    entry = Entry.query.get_or_404(entry_id)

    if (ROLE_PRIV[g.user.role] < Privilege.EDITOR and
            entry.author_id != g.user.id):
        abort(403)

    if request.method == 'POST':
        title = request.form['title']
        body = request.form['body']

        if not title:
            flash_error('Title is required.')
        else:
            try:
                entry.title = title
                entry.body = body
                db.session.commit()
            except AssertionError:
                flash_error('Bad data.')
            else:
                flash_success('Update succeeded.')
                return redirect(url_for('blog.update', entry_id=entry_id))

    return render_template('blog/update.html', entry=entry)
Esempio n. 2
0
def create():
    """Create entry.

    Args:
        title (str): title of entry
        body (str): body of entry

    Returns:
        str: template
    """
    if request.method == 'POST':
        title = request.form['title']
        body = request.form['body']

        if not title:
            flash_error('Title is required.')
        else:
            try:
                entry = Entry(title=title, body=body, author_id=g.user.id)
                db.session.add(entry)
                db.session.commit()
            except AssertionError:
                flash_error('Bad data.')
            else:
                flash_success('Creation succeeded.')
                return redirect(url_for('blog.edit_top'))

    return render_template('blog/create.html')
def logout():
    """Log out of the site.

    Returns:
        str: template
    """
    session.clear()
    flash_success('Logged out.')
    return redirect(url_for('index'))
Esempio n. 4
0
def delete(user_id):
    """Delete user.

    Args:
        user_id (int): id of user to delete

    Returns:
        str: template
    """
    user = User.query.get_or_404(user_id)
    db.session.delete(user)
    db.session.commit()

    flash_success('Deletion succeeded.')
    return redirect(url_for('user.index'))
Esempio n. 5
0
def delete(entry_id):
    """Delete entry.

    Args:
        entry_id (int): id of entry to delete

    Returns:
        str: template
    """
    entry = Entry.query.get_or_404(entry_id)
    if (ROLE_PRIV[g.user.role] < Privilege.EDITOR and
            entry.author_id != g.user.id):
        abort(403)

    db.session.delete(entry)
    db.session.commit()

    flash_success('Deletion succeeded.')
    return redirect(url_for('blog.edit_top'))
Esempio n. 6
0
def create():
    """Create user.

    Args:
        role (str): user's role
        username (str): user's name
        password (str): user's password

    Returns:
        str: template
    """
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']
        role = request.form['role']

        error = ''
        if not username:
            error = 'Username is required.'
        elif not password:
            error = 'Password is required.'
        elif not validate_password(password):
            error = 'Bad data.'
        elif User.query.filter_by(name=username).first() is not None:
            error = 'User {0} is already registered.'.format(username)

        if error:
            flash_error(error)
        else:
            try:
                user = User(
                    role=role, name=username,
                    password=generate_password_hash(password)
                )
                db.session.add(user)
                db.session.commit()
            except AssertionError:
                flash_error('Bad data.')
            else:
                flash_success('Creation succeeded.')
                return redirect(url_for('user.index'))

    return render_template('user/create.html', roles=roles)
Esempio n. 7
0
def change_user_password(user_id):
    """Change password.

    Args:
        user_id (int): id of user to change
        new_password (str): password after change

    Returns:
        str: template
    """
    user = User.query.get_or_404(user_id)

    new_password = request.form['new_password']
    succeeded, message = change_password(
        user_id, new_password, old_required=False)
    if succeeded:
        flash_success(message)
    else:
        flash_error(message)

    return render_template('user/update.html', user=user)
def change_my_password():
    """Change own password.

    Args:
        old_password (str): current password
        new_password (str): password after change

    Returns:
        str: template
    """
    if request.method == 'POST':
        old_password = request.form['old_password']
        new_password = request.form['new_password']

        succeeded, message = change_password(g.user.id, new_password,
                                             old_password)
        if succeeded:
            flash_success(message)
        else:
            flash_error(message)

    return render_template('auth/chpasswd.html', user=g.user)
Esempio n. 9
0
def update(user_id):
    """Update user.

    Args:
        user_id (int): id of user to update
        role (str): user's role
        username (str): user's name

    Returns:
        str: template
    """
    user = User.query.get_or_404(user_id)

    if request.method == 'POST':
        role = request.form['role']
        username = request.form['username']

        error = ''
        if not username:
            error = 'Username is required.'
        elif User.query.filter_by(name=username).first() is not None:
            error = 'User {0} is already registered.'.format(username)

        if error:
            flash_error(error)
        else:
            try:
                user.role = role
                user.name = username
                db.session.commit()
            except AssertionError:
                flash_error('Bad data.')
            else:
                flash_success('Update succeeded.')
                return redirect(
                    url_for('user.update', user_id=user_id))

    return render_template('user/update.html', user=user, roles=roles)