Esempio n. 1
0
    def user_edit(self):
        """ Edit user view. Method handles both post and get
        requests.
        """

        a = authenticated_userid(self.request)
        id = int(self.request.matchdict.get('id'))

        """ User one (1) is a bit special..."""
        if id is 1 and a is not 1:
            return HTTPNotFound()

        u = User.by_id(id)
        if not u:
            return HTTPNotFound()

        form = UserEditForm(self.request.POST, u,
                            csrf_context=self.request.session)

        if self.request.method == 'POST' and form.validate():
            form.populate_obj(u)
            if u.password:
                u.password = u.pm.encode(form.password.data)
            else:
                del u.password
            self.request.session.flash('User %s updated' %
                                       (u.email), 'status')
            return HTTPFound(location=self.request.route_url('users'))
        return {'title': 'Edit user',
                'form': form,
                'id': id,
                'myid': a,
                'action': 'user_edit'}
Esempio n. 2
0
    def users_archived(self):
        """ Get a paginated list of archived users. """

        page = int(self.request.params.get('page', 1))
        users = User.page(self.request, page, archived=True)
        return {'paginator': users,
                'title': 'Archived users',
                'archived': True,
                'myid': authenticated_userid(self.request)}
Esempio n. 3
0
    def users(self):
        """ Get a paginated list of active users. """

        page = int(self.request.params.get('page', 1))
        users = User.page(self.request, page)
        return {'paginator': users,
                'title': 'Users',
                'archived': False,
                'myid': authenticated_userid(self.request)}
Esempio n. 4
0
    def user_create(self):
        """ New user view. Method handles both post and get
        requests.
        """

        form = UserCreateForm(self.request.POST,
                              csrf_context=self.request.session)

        if self.request.method == 'POST' and form.validate():
            u = User()
            form.populate_obj(u)
            u.password = u.pm.encode(form.password.data)
            DBSession.add(u)
            self.request.session.flash('User %s created' %
                                       (u.email), 'success')
            return HTTPFound(location=self.request.route_url('users'))
        return {'title': 'New user',
                'form': form,
                'action': 'user_new'}
Esempio n. 5
0
def groupfinder(userid, request):
    """
    A simple groupfinder for picking the right permission
    to the right users.

    userid -- integer, userid.
    request -- object, standard request object.
    """
    user = User.by_id(userid)
    group = user.group
    return ['group:'+group]
Esempio n. 6
0
    def login(self):
        """ Login view, used for both get and post method.
        This view also checks and authenicated the user by request.
        """

        form = LoginForm(self.request.POST,
                         csrf_context=self.request.session)

        if self.request.method == 'POST' and form.validate():
            user = User.by_email(self.request.POST.get('email'))
            if (user
               and user.verify_password(self.request.POST.get('password'))
               and user.blocked is not True
               and user.archived is not True):

                headers = remember(self.request, user.id)

                shared_unpaid_invoices = 0
                shared_categories = Category.all_shared()
                for c in shared_categories:
                    unpaid_invoices = Invoice.with_category_all_unpaid(c.id)
                    if unpaid_invoices:
                        shared_unpaid_invoices += len(unpaid_invoices)
                self.request.session.pop_flash('shared_unpaid_invoices')
                self.request.session.flash(shared_unpaid_invoices,
                                           'shared_unpaid_invoices')

                private_unpaid_invoices = 0
                private_categories = Category.all_private(self.request,
                                                          id=user.id)\
                                             .all()
                for c in private_categories:
                    unpaid_invoices = Invoice.with_category_all_unpaid(c.id)
                    if unpaid_invoices:
                        private_unpaid_invoices += len(unpaid_invoices)
                self.request.session.pop_flash('private_unpaid_invoices')
                self.request.session.flash(private_unpaid_invoices,
                                           'private_unpaid_invoices')

                self.request.session.flash('Welcome back %s' %
                                           (user.email), 'success')
                return HTTPFound(location=self.request.route_url('index'),
                                 headers=headers)

            headers = forget(self.request)
            self.request.session.flash('Login failed', 'error')
            return {'title': 'Login',
                    'form': form}

        if authenticated_userid(self.request):
            self.request.session.flash('You are already logged in', 'status')
            return HTTPFound(location=self.request.route_url('index'))
        return {'title': 'Login',
                'form': form}
Esempio n. 7
0
    def user_restore(self):
        """ Restore user, returns redirect. """

        id = int(self.request.matchdict.get('id'))

        u = User.by_id(id)
        if not u:
            return HTTPNotFound()

        u.archived = False
        DBSession.add(u)
        self.request.session.flash('User %s restored' %
                                   (u.email), 'status')
        return HTTPFound(location=self.request.route_url('users_archived'))
Esempio n. 8
0
    def user_archive(self):
        """ Archive user, returns redirect. """

        a = authenticated_userid(self.request)
        id = int(self.request.matchdict.get('id'))

        """ User one (1) is a bit special..."""
        if id is 1:
            return HTTPNotFound()

        u = User.by_id(id)
        if not u:
            return HTTPNotFound()

        u.archived = True
        DBSession.add(u)
        self.request.session.flash('User %s archived' %
                                   (u.email), 'status')
        return HTTPFound(location=self.request.route_url('users'))