def users(user_id=None):
"""Manage users of PYBOSSA."""
form = SearchForm(request.body)
users = [
user for user in user_repo.filter_by(admin=True)
if user.id != current_user.id
]
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [
user for user in user_repo.search_by_name(query)
if user.id != current_user.id
]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
flash("<strong>Ooops!</strong> We didn't find a user "
"matching your query: <strong>%s</strong>" % form.user.data)
response = dict(template='/admin/users.html',
found=found,
users=users,
title=gettext("Manage Admin Users"),
form=form)
return handle_content_type(response)
response = dict(template='/admin/users.html',
found=[],
users=users,
title=gettext("Manage Admin Users"),
form=form)
return handle_content_type(response)
def confirm_account():
key = request.args.get('key')
if key is None:
abort(403)
try:
userdict = signer.loads(key, max_age=3600, salt='account-validation')
except BadData:
abort(403)
# First check if the user exists
users = user_repo.filter_by(name=userdict['name'])
if len(users) == 1 and users[0].name == userdict['name']:
u = users[0]
u.valid_email = True
u.confirmation_email_sent = False
u.email_addr = userdict['email_addr']
user_repo.update(u)
flash(gettext('Your email has been validated.'))
if newsletter.app:
return redirect(url_for('account.newsletter_subscribe'))
else:
return redirect(url_for('home.home'))
account = model.user.User(fullname=userdict['fullname'],
name=userdict['name'],
email_addr=userdict['email_addr'],
valid_email=True)
account.set_password(userdict['password'])
user_repo.save(account)
login_user(account, remember=True)
flash(gettext('Thanks for signing-up'), 'success')
if newsletter.app:
return redirect(url_for('account.newsletter_subscribe'))
else:
return redirect(url_for('home.home'))
def users(user_id=None):
"""Manage users of PyBossa"""
try:
form = SearchForm(request.form)
users = [
user for user in user_repo.filter_by(admin=True)
if user.id != current_user.id
]
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [
user for user in user_repo.search_by_name(query)
if user.id != current_user.id
]
require.user.update(found)
if not found:
flash("<strong>Ooops!</strong> We didn't find a user "
"matching your query: <strong>%s</strong>" %
form.user.data)
return render_template('/admin/users.html',
found=found,
users=users,
title=gettext("Manage Admin Users"),
form=form)
return render_template('/admin/users.html',
found=[],
users=users,
title=gettext("Manage Admin Users"),
form=form)
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def subadminusers(user_id=None):
"""Manage subadminusers of PyBossa."""
form = SearchForm(request.form)
users = [
user for user in user_repo.filter_by(subadmin=True)
if user.id != current_user.id
]
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [
user for user in user_repo.search_by_name(query)
if user.id != current_user.id
]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
flash("<strong>Ooops!</strong> We didn't find a user "
"matching your query: <strong>%s</strong>" % form.user.data)
return render_template('/admin/subadminusers.html',
found=found,
users=users,
title=gettext("Manage Subadmin Users"),
form=form)
return render_template('/admin/subadminusers.html',
found=[],
users=users,
title=gettext("Manage Subadmin Users"),
form=form)
def subadminusers():
"""Manage subadminusers of PyBossa."""
form = SearchForm(request.form)
users = [user for user in user_repo.filter_by(subadmin=True)
if user.id != current_user.id]
if request.method == 'POST' and form.user.data:
query = form.user.data
filters = {'subadmin': True, 'enabled': True}
found = [user for user in user_repo.search_by_name_orfilters(query, **filters)
if user.id != current_user.id]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
markup = Markup('<strong>{}</strong> {} <strong>{}</strong>')
flash(markup.format(gettext('Ooops!'),
gettext("We didn't find any enabled user matching your query:"),
form.user.data))
return render_template('/admin/subadminusers.html', found=found,
users=users,
title=gettext("Manage Subadmin Users"),
form=form)
return render_template('/admin/subadminusers.html', found=[], users=users,
title=gettext("Manage Subadmin Users"), form=form)
def users(user_id=None):
"""Manage users of PYBOSSA."""
form = SearchForm(request.body)
users = [user for user in user_repo.filter_by(admin=True)
if user.id != current_user.id]
if request.method == 'POST' and form.user.data:
query = form.user.data
filters = {'admin': True, 'enabled': True}
found = [user for user in user_repo.search_by_name_orfilters(query, **filters)
if user.id != current_user.id]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
markup = Markup('<strong>{}</strong> {} <strong>{}</strong>')
flash(markup.format(gettext("Ooops!"),
gettext("We didn't find any enabled user matching your query:"),
form.user.data))
response = dict(template='/admin/users.html', found=found, users=users,
title=gettext("Manage Admin Users"),
form=form)
return handle_content_type(response)
response = dict(template='/admin/users.html', found=[], users=users,
title=gettext("Manage Admin Users"), form=form)
return handle_content_type(response)
def respond_csv():
tmp = 'attachment; filename=all_users.csv'
dict_users = []
for user in user_repo.filter_by(restrict=False):
dict_users.append(user.dictize())
df = pd.DataFrame.from_dict(dict_users)
res = Response(df.to_csv(columns=exportable_attributes, index=False),
mimetype='text/csv')
res.headers['Content-Disposition'] = tmp
return res
def users(user_id=None):
"""Manage users of PyBossa."""
form = SearchForm(request.form)
users = [user for user in user_repo.filter_by(admin=True)
if user.id != current_user.id]
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [user for user in user_repo.search_by_name(query)
if user.id != current_user.id]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
flash("<strong>Ooops!</strong> We didn't find a user "
"matching your query: <strong>%s</strong>" % form.user.data)
return render_template('/admin/users.html', found=found, users=users,
title=gettext("Manage Admin Users"),
form=form)
return render_template('/admin/users.html', found=[], users=users,
title=gettext("Manage Admin Users"), form=form)
def add_admin(user_id=None):
"""Add admin flag for user_id."""
try:
if user_id:
user = user_repo.get(user_id)
if not user:
return format_error('User not found', 404)
if not user.enabled:
markup = Markup('<strong>{}</strong> {} <strong>{}</strong>')
flash(
markup.format(gettext('User account '), user.fullname,
gettext(' is disabled')))
return redirect_content_type(url_for(".users"))
if not can_have_super_user_access(user):
markup = Markup('<strong>{} {}</strong> {} {}')
flash(
markup.format(gettext('Denied admin privileges to'),
user.fullname, user.email_addr,
'disqualify for admin access.'))
return redirect_content_type(url_for(".users"))
ensure_authorized_to('update', user)
admins_emails = [
u.email_addr for u in user_repo.filter_by(admin=True)
]
admins_msg = generate_notification_email_for_admins(
user, admins_emails, "Admin")
mail_queue.enqueue(send_mail, admins_msg)
user.admin = True
user_repo.update(user)
msg = generate_invitation_email_for_admins_subadmins(user, "Admin")
mail_queue.enqueue(send_mail, msg)
return redirect_content_type(url_for(".users"))
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def users(user_id=None):
"""Manage users of PyBossa"""
try:
form = SearchForm(request.form)
users = [user for user in user_repo.filter_by(admin=True) if user.id != current_user.id]
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [user for user in user_repo.search_by_name(query) if user.id != current_user.id]
require.user.update(found)
if not found:
flash("<strong>Ooops!</strong> We didn't find a user "
"matching your query: <strong>%s</strong>" % form.user.data)
return render_template('/admin/users.html', found=found, users=users,
title=gettext("Manage Admin Users"),
form=form)
return render_template('/admin/users.html', found=[], users=users,
title=gettext("Manage Admin Users"), form=form)
except Exception as e: # pragma: no cover
current_app.logger.error(e)
return abort(500)
def users(user_id=None):
"""Manage users of PYBOSSA."""
form = SearchForm(request.body)
users = [user for user in user_repo.filter_by(admin=True)
if user.id != current_user.id]
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [user for user in user_repo.search_by_name(query)
if user.id != current_user.id]
[ensure_authorized_to('update', found_user) for found_user in found]
if not found:
markup = Markup('<strong>{}</strong> {} <strong>{}</strong>')
flash(markup.format(gettext("Ooops!"),
gettext("We didn't find a user matching your query:"),
form.user.data))
response = dict(template='/admin/users.html', found=found, users=users,
title=gettext("Manage Admin Users"),
form=form)
return handle_content_type(response)
response = dict(template='/admin/users.html', found=[], users=users,
title=gettext("Manage Admin Users"), form=form)
return handle_content_type(response)
def gen_json():
users = user_repo.filter_by(restrict=False)
json_users = []
for user in users:
json_users.append(dictize_with_exportable_attributes(user))
return json.dumps(json_users)
def gen_csv(out, writer, write_user):
add_headers(writer)
for user in user_repo.filter_by(restrict=False):
write_user(writer, user)
yield out.getvalue()
def gen_csv(out, writer, write_user):
add_headers(writer)
for user in user_repo.filter_by(restrict=False):
write_user(writer, user)
yield out.getvalue()
def gen_json():
users = user_repo.filter_by(restrict=False)
json_users = []
for user in users:
json_users.append(dictize_with_exportable_attributes(user))
return json.dumps(json_users)
def manageusers():
"""Enable/disable users of PyBossa."""
found = []
locs = countries()
langs = languages()
utypes = user_types()
timezone = [time[0] for time in timezones()]
args = request.args
form = SearchForm(request.form)
efilters = dict(enabled=True)
dfilters = dict(enabled=False)
if not current_user.admin:
efilters.update(admin=False, subadmin=False)
dfilters.update(admin=False, subadmin=False)
users = [
user for user in user_repo.filter_by(**efilters)
if user.id != current_user.id
]
disabledusers = [
user for user in user_repo.filter_by(**dfilters)
if user.id != current_user.id
]
columns = user_repo.get_info_columns()
if args.get('filter_by_field'):
search_criteria = []
params = {}
smart_search_input = helper._get_field_filters(args['filter_by_field'])
for field, _, value in smart_search_input:
if field in columns:
if field == 'languages' or field == 'locations':
search_criteria.append(
"user_pref -> '{}' @> :data".format(field))
params['data'] = '["{}"]'.format(value)
elif field == 'additional_comments':
search_criteria.append(
"info::json -> 'metadata' ->> 'review' iLike :review")
params['review'] = '%{}%'.format(value)
else:
search_criteria.append(
"info::json -> 'metadata' ->> '{}' iLike :info".format(
field))
params['info'] = value
if search_criteria:
criteria = ' AND '.join(search_criteria)
found = user_repo.smart_search(current_user.admin, criteria,
params)
if not found:
flash('No user found matching your query')
if request.method == 'POST' and form.user.data:
query = form.user.data
found = [
user for user in user_repo.search_by_name(query)
if user.id != current_user.id
and can_update_user_info(current_user, user)
]
if not found:
flash('No user found matching your query: {}'.format(
form.user.data))
return render_template('/admin/manageusers.html',
found=found,
users=users,
disabledusers=disabledusers,
title=gettext("Enable/Disable Users"),
form=form,
filter_columns=columns,
filter_data=[],
locations=locs,
languages=langs,
user_types=utypes,
timezones=timezone)
