def get(self, user_id):
user = User.query.filter_by(id=user_id).first_or_404()
form = self.form(user)
member_group = db.and_(*[
db.not_(getattr(Group, p))
for p in ['admin', 'mod', 'super_mod', 'banned', 'guest']
])
filt = db.or_(Group.id.in_(g.id for g in current_user.groups),
member_group)
if Permission(IsAtleastSuperModerator, identity=current_user):
filt = db.or_(filt, Group.mod)
if Permission(IsAdmin, identity=current_user):
filt = db.or_(filt, Group.admin, Group.super_mod)
if Permission(CanBanUser, identity=current_user):
filt = db.or_(filt, Group.banned)
group_query = Group.query.filter(filt)
form.primary_group.query = group_query
form.secondary_groups.query = group_query
return render_template('management/user_form.html',
form=form,
title=_('Edit User'))
def validate_name(self, field):
if hasattr(self, "group"):
group = Group.query.filter(
db.and_(Group.name.like(field.data.lower()),
db.not_(Group.id == self.group.id))).first()
else:
group = Group.query.filter(Group.name.like(
field.data.lower())).first()
if group:
raise ValidationError(_("This group name is already taken."))
def validate_email(self, field):
if hasattr(self, "user"):
user = User.query.filter(
db.and_(User.email.like(field.data.lower()),
db.not_(User.id == self.user.id))).first()
else:
user = User.query.filter(User.email.like(
field.data.lower())).first()
if user:
raise ValidationError(_("This email address is already taken."))
def validate_guest(self, field):
if hasattr(self, "group"):
group = Group.query.filter(
db.and_(Group.guest,
db.not_(Group.id == self.group.id))).count()
else:
group = Group.query.filter_by(guest=True).count()
if field.data and group > 0:
raise ValidationError(
_("There is already a group of type "
"'Guest'."))
def post(self, user_id):
user = User.query.filter_by(id=user_id).first_or_404()
member_group = db.and_(*[
db.not_(getattr(Group, p))
for p in ['admin', 'mod', 'super_mod', 'banned', 'guest']
])
filt = db.or_(Group.id.in_(g.id for g in current_user.groups),
member_group)
if Permission(IsAtleastSuperModerator, identity=current_user):
filt = db.or_(filt, Group.mod)
if Permission(IsAdmin, identity=current_user):
filt = db.or_(filt, Group.admin, Group.super_mod)
if Permission(CanBanUser, identity=current_user):
filt = db.or_(filt, Group.banned)
group_query = Group.query.filter(filt)
form = EditUserForm(user)
form.primary_group.query = group_query
form.secondary_groups.query = group_query
if form.validate_on_submit():
form.populate_obj(user)
user.primary_group_id = form.primary_group.data.id
# Don't override the password
if form.password.data:
user.password = form.password.data
user.save(groups=form.secondary_groups.data)
flash(_('User updated.'), 'success')
return redirect(url_for('management.edit_user', user_id=user.id))
return render_template('management/user_form.html',
form=form,
title=_('Edit User'))