def do_update_user():
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1:
return redirect("users")
u_id = request.form.get("u_id")
name = request.form.get("name")
password = request.form.get("password")
privilege = request.form.get("privilege")
usergroup = UserGroup(u_id)
if name != usergroup.name:
cur = bean.get_db().cursor()
res = cur.execute("SELECT * FROM usergroup WHERE name = ?",
[name]).fetchone()
if res is not None:
return redirect("edit_user?u_id={}".format(u_id))
usergroup.name = name
if len(password) > 0:
auth.update_password(usergroup, password)
usergroup.privilege = privilege
return redirect("users")
def do_remove_user():
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1:
return redirect("users")
u_id = request.form.get("u_id")
usergroup = UserGroup(u_id)
remove_usergroup(usergroup)
return redirect("users")
def do_revoke_access():
u_id = request.args.get("u_id")
t_id = request.args.get("t_id")
template = Template(t_id)
current_usergroup = UserGroup(current_usergroup_id())
if template.owner != current_usergroup.id and current_usergroup.privilege < 1:
return redirect("template_detail?id={}".format(t_id))
revoke_access(UserGroup(u_id), template)
return redirect("template_detail?id={}".format(t_id))
def show_edit_user():
usergroup = UserGroup(request.args.get("u_id"))
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1:
return redirect("users")
return render_template("edit_user.html",
current_username=current_username(),
page="users",
id=usergroup.id,
name=usergroup.name,
privilege=usergroup.privilege)
def usergroups_by_template(template_id):
cur = bean.get_db()
result = cur.execute(
"SELECT usergroup_id AS u_id "
"FROM template_usergroup "
"WHERE template_id = ?", [template_id])
return set([UserGroup(r["u_id"]) for r in result])
def show_new_user():
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1:
return redirect("users")
return render_template("new_user.html",
current_username=current_username(),
page="users")
def usergroup_by_auth_token(auth_token):
cursor = get_db()
try:
row = cursor.execute("SELECT * FROM session WHERE auth_token = ?", [auth_token]).fetchone()
except:
return None
return UserGroup(row["usergroup_id"])
def do_duplicate_template():
t_id = request.args.get("id")
template_to_duplicate = Template(t_id)
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1 and current_user.id is not template_to_duplicate.owner:
return redirect("templates")
template_result = duplicate_template(template_to_duplicate)
return redirect("template_detail?id={}".format(template_result.id))
def usergroup_by_name(name):
cursor = get_db()
row = cursor.execute("SELECT * FROM usergroup WHERE name = ?", [name]).fetchone()
if row is None:
return None
cursor.commit()
return UserGroup(row["id"])
def new_template(name, path, owner):
cur = bean.get_db().cursor()
cur.execute(
"INSERT INTO template (name, path, date_added, date_last_used, owner) VALUES (?, ?, ?, ?, ?)",
[name, path, util.today(), "", owner])
template = Template(cur.lastrowid)
owner_usergroup = UserGroup(owner)
grant_access(owner_usergroup, template)
return template
def do_delete_template():
t_id = request.form.get("t_id")
template_to_delete = Template(t_id)
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1 and current_user.id is not template_to_delete.owner:
return redirect("templates")
delete_template(template_to_delete)
return redirect("templates")
def do_register_user():
username = request.form.get("username")
password = request.form.get("password")
privilege = request.form.get("privilege")
current_user = UserGroup(current_usergroup_id())
if current_user.privilege < 1:
return redirect("users")
new_user = auth.register_usergroup(username, password)
new_user.privilege = privilege
return redirect("users")
def usergroups(self):
#print(self.id, type(self.id))
results = bean.get_db().execute(
"SELECT * FROM template_usergroup WHERE template_id = (?)",
[self.id])
return [UserGroup(result["id"]) for result in results]
def current_username():
return UserGroup(current_usergroup_id()).name
def do_logout():
usergroup = UserGroup(current_usergroup_id())
remove_session_by_usergroup(usergroup)
return redirect("login")