def deactivate(uid): # Only give access if the uid matches the user, or if the user is an admin if g.user.id == uid or g.user.role == Role.admin: usr = User.query.filter_by(id=uid).first() if usr is not None: form = DeactivationForm(request.form) if form.validate_on_submit(): # Deactivate user usr.name = "Anonymized %s" % usr.id usr.email = "*****@*****.**" % usr.id usr.password = User.create_random_password(16) g.db.commit() if g.user.role == Role.admin: return redirect(url_for('.users')) else: session.pop('user_id', None) flash('Account deactivated.', 'success') return redirect(url_for('.login')) return { 'form': form, 'view_user': usr } abort(404) else: abort(403, request.endpoint)
def deactivate(uid): """ Deactivate user account. Only give access if the uid matches the user, or if the user is an admin :param uid: id of the user :type uid: int :return: DeactivationForm and user view if valid response, appropriate error otherwise :rtype: dynamic """ if g.user.id == uid or g.user.role == Role.admin: usr = User.query.filter_by(id=uid).first() if usr is not None: form = DeactivationForm(request.form) if form.validate_on_submit(): # Deactivate user usr.name = "Anonymized {id}".format(id=usr.id) usr.email = "unknown{id}@ccextractor.org".format(id=usr.id) usr.password = User.create_random_password(16) g.db.commit() if g.user.role == Role.admin: return redirect(url_for('.users')) else: session.pop('user_id', None) g.log.debug(f'account deactivate for user id: {uid}') flash('Account deactivated.', 'success') return redirect(url_for('.login')) return {'form': form, 'view_user': usr} g.log.debug(f'user with id: {uid} not found!') abort(404) else: abort(403, request.endpoint)
def deactivate(uid): # Only give access if the uid matches the user, or if the user is an admin if g.user.id == uid or g.user.role == Role.admin: usr = User.query.filter_by(id=uid).first() if usr is not None: form = DeactivationForm(request.form) if form.validate_on_submit(): # Deactivate user usr.name = "Anonymized {id}".format(id=usr.id) usr.email = "unknown{id}@ccextractor.org".format(id=usr.id) usr.password = User.create_random_password(16) g.db.commit() if g.user.role == Role.admin: return redirect(url_for('.users')) else: session.pop('user_id', None) flash('Account deactivated.', 'success') return redirect(url_for('.login')) return { 'form': form, 'view_user': usr } abort(404) else: abort(403, request.endpoint)
def users_ajax(action): result = { 'status': 'error', 'errors': [] } if action == 'create': form = CreateUserForm(request.form) form.role.choices = [(r.id, r.name) for r in Role.query.order_by('name')] if form.validate_on_submit(): # Generate random password password = User.create_random_password() email = None if len(form.email.data) == 0 else form.email.data # No errors, so role is valid, email is valid & username # doesn't exist yet. Create user user = User(form.role.data, form.username.data, email, User.generate_hash(password)) g.db.add(user) g.db.commit() result['status'] = 'success' result['user'] = { 'id': user.id, 'name': user.name, 'role_id': user.role_id, 'role_name': user.role.name, 'email': user.email, 'password': password } result['errors'] = form.errors if action == 'delete': form = UserModifyForm('delete', g.user, request.form) if form.validate_on_submit(): # Delete user user = User.query.filter(User.id == form.id.data).first() g.db.delete(user) g.db.commit() result['status'] = 'success' result['errors'] = form.errors if action == 'change': form = UserModifyForm('change', g.user, request.form) if form.validate_on_submit(): # Change role user = User.query.filter(User.id == form.id.data).first() role = Role.query.filter(Role.id == form.role.data).first() user.role = role g.db.commit() result['status'] = 'success' result['role'] = { 'id': role.id, 'name': role.name } result['errors'] = form.errors if action == 'reset': form = UserModifyForm('reset', g.user, request.form) if form.validate_on_submit(): # Reset password user = User.query.filter(User.id == form.id.data).first() password = User.create_random_password() user.update_password(password) g.db.commit() result['status'] = 'success' result['message'] = 'The password for %s (#%s) was reset to: ' \ '<code>%s</code><br />Please copy ' \ 'this carefully and give it to the user in ' \ 'question.' % (user.name, user.id, password) result['errors'] = form.errors return jsonify(result)
def users_ajax(action): result = {'status': 'error', 'errors': []} if action == 'create': form = CreateUserForm(request.form) form.role.choices = [(r.id, r.name) for r in Role.query.order_by('name')] if form.validate_on_submit(): # Generate random password password = User.create_random_password() email = None if len(form.email.data) == 0 else form.email.data # No errors, so role is valid, email is valid & username # doesn't exist yet. Create user user = User(form.role.data, form.username.data, email, User.generate_hash(password)) g.db.add(user) g.db.commit() result['status'] = 'success' result['user'] = { 'id': user.id, 'name': user.name, 'role_id': user.role_id, 'role_name': user.role.name, 'email': user.email, 'password': password } result['errors'] = form.errors if action == 'delete': form = UserModifyForm('delete', g.user, request.form) if form.validate_on_submit(): # Delete user user = User.query.filter(User.id == form.id.data).first() g.db.delete(user) g.db.commit() result['status'] = 'success' result['errors'] = form.errors if action == 'change': form = UserModifyForm('change', g.user, request.form) if form.validate_on_submit(): # Change role user = User.query.filter(User.id == form.id.data).first() role = Role.query.filter(Role.id == form.role.data).first() user.role = role g.db.commit() result['status'] = 'success' result['role'] = {'id': role.id, 'name': role.name} result['errors'] = form.errors if action == 'reset': form = UserModifyForm('reset', g.user, request.form) if form.validate_on_submit(): # Reset password user = User.query.filter(User.id == form.id.data).first() password = User.create_random_password() user.update_password(password) g.db.commit() result['status'] = 'success' result['message'] = 'The password for %s (#%s) was reset to: ' \ '<code>%s</code><br />Please copy ' \ 'this carefully and give it to the user in ' \ 'question.' % (user.name, user.id, password) result['errors'] = form.errors return jsonify(result)