def accounts_single(account_id): a = Account.query.get(account_id) if not a: return render_template("404.html", res_type="account"), 404 if a.id not in [a.id for a in Account.get_allowed()]: return login_manager.unauthorized() return render_template("accounts/single.html", account=a)
def accounts_delete(account_id): a = Account.query.get(account_id) if not a: return render_template("404.html", res_type="account"), 404 if a.id not in [a.id for a in Account.get_allowed()]: return login_manager.unauthorized() db.session.delete(a) db.session.commit() return redirect(url_for("accounts_list"))
def accounts_form_update(account_id): a = Account.query.get(account_id) if not a: return render_template("404.html", res_type="account"), 404 if a.id not in [a.id for a in Account.get_allowed()]: return login_manager.unauthorized() form = AccountFormUpdate() form.community.data = a.community form.admin_communities.data = a.admin_communities return render_template("accounts/update.html", account=a, form=form)
def accounts_update(account_id): a = Account.query.get(account_id) if not a: return render_template("404.html", res_type="account"), 404 if a.id not in [a.id for a in Account.get_allowed()]: return login_manager.unauthorized() old_a = copy.deepcopy(a) form = AccountFormUpdate(request.form) if not form.validate(): clean_pw(form) return render_template("accounts/update.html", account=a, form=form) if not argon2.verify(form.current_pw.data, a.pw_hash): clean_pw(form) form.current_pw.errors.append("Wrong current password.") return render_template("accounts/update.html", account=a, form=form) if form.password.data: a.pw_hash = argon2.hash(form.password.data) clean_pw(form) for field in form: if field.data: setattr(a, field.name, field.data) a.admin_communities = form.admin_communities.data try: db.session().commit() except exc.SQLAlchemyError as e: db.session().rollback() msg = "This username is already taken, please choose another one." form.username.errors.append(msg) return render_template("accounts/update.html", account=old_a, form=form) return redirect(url_for("accounts_single", account_id=a.id))