def update_photo(): """Allow the user to update their photo.""" if flask.request.method != 'POST': return flask.redirect(flask.request.referrer or flask.url_for('dashboard.profile')) if not login.current_user.can_update_photo(): flask.flash( flask.Markup( ( 'You cannot currently change your photo. Please contact ' '<a href="{0}">the ticketing officer</a> for assistance.' ).format( APP.config['TICKETS_EMAIL_LINK'] ) ), 'error' ) return flask.redirect(flask.request.referrer or flask.url_for('dashboard.profile')) if ( 'photo' in flask.request.files and flask.request.files['photo'].filename != '' ): old_photo = login.current_user.photo new_photo = photos.save_photo(flask.request.files['photo']) login.current_user.photo = new_photo DB.session.delete(old_photo) DB.session.add(new_photo) DB.session.commit() # We don't want to delete the photo from S3 until after the DB has # been updated if old_photo is not None: photos.delete_photo(old_photo) APP.log_manager.log_event( 'Updated photo', user=login.current_user ) flask.flash( 'Your photo has been updated', 'success' ) else: flask.flash('You must select a photo to upload.', 'warning') return flask.redirect(flask.request.referrer or flask.url_for('dashboard.profile'))
def destroy_account(user_id, secret_key): """Destroy an unverified account. If a user is unverified (and therefore has never been able to log in), we allow their account to be destroyed. This is useful if somebody tries to register with an email address that isn't theirs, where the actual owner of the email address can trigger the account's distruction. If a user is verified, it gets a little too complicated to destroy their account (what happens to any tickets they own?) """ user = models.User.get_by_id(user_id) if user is not None and user.secret_key == secret_key: if not user.is_verified: for entry in user.events: entry.action = ( entry.action + ' (destroyed user with email address {0})'.format( user.email ) ) entry.user = None DB.session.delete(user) DB.session.delete(user.photo) DB.session.commit() photos.delete_photo(user.photo) APP.log_manager.log_event( 'Deleted account with email address {0}'.format( user.email ) ) flask.flash('The account has been deleted.', 'info') else: APP.log_manager.log_event( 'Attempted deletion of verified account', user=user ) flask.flash('Could not delete user account.', 'warning') else: flask.flash( ( 'Could not delete user account. Check that you have used the ' 'correct link' ), 'warning' ) return flask.redirect(flask.url_for('front.home'))
def update_photo(): """Allow the user to update their photo.""" if flask.request.method != "POST": return flask.redirect( flask.request.referrer or flask.url_for("dashboard.profile") ) if not login.current_user.can_update_photo(): flask.flash( flask.Markup( ( "You cannot currently change your photo. Please contact " '<a href="{0}">the ticketing officer</a> for assistance.' ).format(APP.config["TICKETS_EMAIL_LINK"]) ), "error", ) return flask.redirect( flask.request.referrer or flask.url_for("dashboard.profile") ) if "photo" in flask.request.files and flask.request.files["photo"].filename != "": old_photo = login.current_user.photo new_photo = photos.save_photo(flask.request.files["photo"]) login.current_user.photo = new_photo DB.session.delete(old_photo) DB.session.add(new_photo) DB.session.commit() # We don't want to delete the photo from S3 until after the DB has # been updated if old_photo is not None: photos.delete_photo(old_photo) APP.log_manager.log_event("Updated photo", user=login.current_user) flask.flash("Your photo has been updated", "success") else: flask.flash("You must select a photo to upload.", "warning") return flask.redirect(flask.request.referrer or flask.url_for("dashboard.profile"))
def destroy_account(user_id, secret_key): """Destroy an unverified account. If a user is unverified (and therefore has never been able to log in), we allow their account to be destroyed. This is useful if somebody tries to register with an email address that isn't theirs, where the actual owner of the email address can trigger the account's distruction. If a user is verified, it gets a little too complicated to destroy their account (what happens to any tickets they own?) """ user = models.User.get_by_id(user_id) if user is not None and user.secret_key == secret_key: if not user.is_verified: for entry in user.events: entry.action = ( entry.action + " (destroyed user with email address {0})".format( user.email)) entry.user = None DB.session.delete(user) DB.session.delete(user.photo) DB.session.commit() photos.delete_photo(user.photo) APP.log_manager.log_event( "Deleted account with email address {0}".format(user.email)) flask.flash("The account has been deleted.", "info") else: APP.log_manager.log_event("Attempted deletion of verified account", user=user) flask.flash("Could not delete user account.", "warning") else: flask.flash( ("Could not delete user account. Check that you have used the " "correct link"), "warning", ) return flask.redirect(flask.url_for("front.home"))
def update_photo(): """Allow the user to update their photo.""" if flask.request.method != 'POST': return flask.redirect(flask.request.referrer or flask.url_for('dashboard.profile')) if not login.current_user.can_update_photo(): flask.flash( flask.Markup( ('You cannot currently change your photo. Please contact ' '<a href="{0}">the ticketing officer</a> for assistance.' ).format(APP.config['TICKETS_EMAIL_LINK'])), 'error') return flask.redirect(flask.request.referrer or flask.url_for('dashboard.profile')) if ('photo' in flask.request.files and flask.request.files['photo'].filename != ''): old_photo = login.current_user.photo new_photo = photos.save_photo(flask.request.files['photo']) login.current_user.photo = new_photo DB.session.delete(old_photo) DB.session.add(new_photo) DB.session.commit() # We don't want to delete the photo from S3 until after the DB has # been updated if old_photo is not None: photos.delete_photo(old_photo) APP.log_manager.log_event('Updated photo', user=login.current_user) flask.flash('Your photo has been updated', 'success') else: flask.flash('You must select a photo to upload.', 'warning') return flask.redirect(flask.request.referrer or flask.url_for('dashboard.profile'))