def user_edit(self):
""" Edit user view. Method handles both post and get
requests.
"""
a = authenticated_userid(self.request)
id = int(self.request.matchdict.get('id'))
""" User one (1) is a bit special..."""
if id is 1 and a is not 1:
return HTTPNotFound()
u = User.by_id(id)
if not u:
return HTTPNotFound()
form = UserEditForm(self.request.POST, u,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
form.populate_obj(u)
if u.password:
u.password = u.pm.encode(form.password.data)
else:
del u.password
self.request.session.flash('User %s updated' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users'))
return {'title': 'Edit user',
'form': form,
'id': id,
'myid': a,
'action': 'user_edit'}
def users_archived(self):
""" Get a paginated list of archived users. """
page = int(self.request.params.get('page', 1))
users = User.page(self.request, page, archived=True)
return {'paginator': users,
'title': 'Archived users',
'archived': True,
'myid': authenticated_userid(self.request)}
def users(self):
""" Get a paginated list of active users. """
page = int(self.request.params.get('page', 1))
users = User.page(self.request, page)
return {'paginator': users,
'title': 'Users',
'archived': False,
'myid': authenticated_userid(self.request)}
def user_create(self):
""" New user view. Method handles both post and get
requests.
"""
form = UserCreateForm(self.request.POST,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
u = User()
form.populate_obj(u)
u.password = u.pm.encode(form.password.data)
DBSession.add(u)
self.request.session.flash('User %s created' %
(u.email), 'success')
return HTTPFound(location=self.request.route_url('users'))
return {'title': 'New user',
'form': form,
'action': 'user_new'}
def groupfinder(userid, request):
"""
A simple groupfinder for picking the right permission
to the right users.
userid -- integer, userid.
request -- object, standard request object.
"""
user = User.by_id(userid)
group = user.group
return ['group:'+group]
def login(self):
""" Login view, used for both get and post method.
This view also checks and authenicated the user by request.
"""
form = LoginForm(self.request.POST,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
user = User.by_email(self.request.POST.get('email'))
if (user
and user.verify_password(self.request.POST.get('password'))
and user.blocked is not True
and user.archived is not True):
headers = remember(self.request, user.id)
shared_unpaid_invoices = 0
shared_categories = Category.all_shared()
for c in shared_categories:
unpaid_invoices = Invoice.with_category_all_unpaid(c.id)
if unpaid_invoices:
shared_unpaid_invoices += len(unpaid_invoices)
self.request.session.pop_flash('shared_unpaid_invoices')
self.request.session.flash(shared_unpaid_invoices,
'shared_unpaid_invoices')
private_unpaid_invoices = 0
private_categories = Category.all_private(self.request,
id=user.id)\
.all()
for c in private_categories:
unpaid_invoices = Invoice.with_category_all_unpaid(c.id)
if unpaid_invoices:
private_unpaid_invoices += len(unpaid_invoices)
self.request.session.pop_flash('private_unpaid_invoices')
self.request.session.flash(private_unpaid_invoices,
'private_unpaid_invoices')
self.request.session.flash('Welcome back %s' %
(user.email), 'success')
return HTTPFound(location=self.request.route_url('index'),
headers=headers)
headers = forget(self.request)
self.request.session.flash('Login failed', 'error')
return {'title': 'Login',
'form': form}
if authenticated_userid(self.request):
self.request.session.flash('You are already logged in', 'status')
return HTTPFound(location=self.request.route_url('index'))
return {'title': 'Login',
'form': form}
def user_restore(self):
""" Restore user, returns redirect. """
id = int(self.request.matchdict.get('id'))
u = User.by_id(id)
if not u:
return HTTPNotFound()
u.archived = False
DBSession.add(u)
self.request.session.flash('User %s restored' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users_archived'))
def user_archive(self):
""" Archive user, returns redirect. """
a = authenticated_userid(self.request)
id = int(self.request.matchdict.get('id'))
""" User one (1) is a bit special..."""
if id is 1:
return HTTPNotFound()
u = User.by_id(id)
if not u:
return HTTPNotFound()
u.archived = True
DBSession.add(u)
self.request.session.flash('User %s archived' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users'))