def v_user_create():
db_roles = a_roles.list()
possible_roles = []
for db_role in db_roles:
possible_roles.append((db_role.id, db_role.role))
form = UserCreateForm()
form.roles.choices = possible_roles
if request.method == 'POST' and form.validate_on_submit():
a_user = UserApi()
input_data = {
'email': form.email.data,
'password': form.password.data,
'roles': form.roles.data,
'username': form.email.data,
}
try:
new_user = a_user.create(input_data)
except DatabaseItemAlreadyExists as e:
flash(
_('A user called {0} already exists.').format(
input_data['email']))
return render_template('admin/user/create.html', form=form)
except RequiredAttributeMissing as e:
flash(
_('A required form element was not submitted: {0}').format(e))
return render_template('admin/user/create.html', form=form)
except Exception as e: # Remove this after debugging
# flash('An unexpected error occurred: {0}'.format(e))
flash(_('An unexpected error occurred.'))
return render_template('admin/user/create.html', form=form)
else:
return redirect(url_for('admin.v_user_list'))
return render_template('admin/user/create.html', form=form)
def v_user_delete(user_id):
form = UserDeleteForm()
a_user = UserApi()
try:
existing_user = a_user.read(user_id)
except DatabaseItemDoesNotExist as e:
flash(_('No user with id {0}').format(user_id))
return redirect(url_for('admin.v_user_list'))
except Exception as e:
flash(_('An unexpected error occurred: {0}').format(e))
# flash('An unexpected error occurred.')
return redirect(url_for('admin.v_user_list'))
if request.method == 'POST' and form.validate_on_submit():
if a_user.delete(user_id) is True:
flash(_('User {0} deleted').format(existing_user.email))
return redirect(url_for('admin.v_user_list'))
else:
flash(_('Unable to delete user {0}').format(existing_user.email))
return render_template('admin/generic/delete.html',
action_url=url_for('admin.v_user_delete',
user_id=user_id),
item_type=_('User'),
item_identifier=existing_user.email,
form=form)
return render_template('admin/generic/delete.html',
action_url=url_for('admin.v_user_delete',
user_id=user_id),
item_type=_('User'),
item_identifier=existing_user.email,
form=form)
def test_read(self):
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
u = UserApi().get_by_user('*****@*****.**')
assert u.email == '*****@*****.**'
u_id = UserApi().read(u.id)
assert u.id == u_id.id
assert UserApi().check_password(u.id, '123')
self.assertRaises(InvalidPassword, UserApi().check_password, u.id, '456')
def v_register():
if current_user.is_authenticated:
# Force logout
logout_user()
form = RegistrationForm()
a_user = UserApi()
a_role = RoleApi()
a_lang = LangApi()
a_o_type = OrganisationTypeApi()
a_org = OrganisationApi()
form.language.choices = [(l.id, l.lang) for l in a_lang.list()]
form.organisation_type.choices = [(t.id, t.type) for t in a_o_type.list()]
if request.method == 'POST' and form.validate_on_submit():
user_data = {
'email': form.email.data,
'password': form.password.data,
'username': form.email.data,
'lang_id': form.language.data
}
try:
public_role = a_role.get_by_role('public')
except DatabaseItemDoesNotExist:
flash(_('An unexpected error occurred.'))
return redirect(url_for('admin.v_register'))
user_data['roles'] = [public_role.id]
if form.organisation_name:
# Add to organisation & create
organisation_data = {
'name': form.organisation_name.data,
'size': form.organisation_size.data,
'type_id': form.organisation_type.data
}
try:
new_organisation = a_org.create(organisation_data)
except Exception as e:
flash(_('An unexpected error occurred.'))
logger.exception(str(e))
return redirect(url_for('admin.v_register'))
user_data['organisation_id'] = new_organisation.id
try:
new_user = a_user.create(user_data)
except DatabaseItemAlreadyExists:
flash(_('This e-mail address is already in use.'))
except RequiredAttributeMissing as e:
flash(
_('A required form element was not submitted: {0}').format(e))
except Exception as e: # Remove this after debugging
# flash('An unexpected error occurred: {0}'.format(e))
flash(_('An unexpected error occurred.'))
logger.exception(str(e))
return redirect(url_for('admin.v_register'))
else:
flash(
_('You have been successfully registered. Please log in using your username and password.'
))
return redirect(url_for('admin.v_login'))
return render_template('admin/user/register.html', form=form)
def v_user_report_list_by_user(user_id):
if current_user.id != user_id:
flash(_('You can only view your own reports.'))
abort(403)
user_api = UserApi()
reports_user = user_api.get_user_reports(user_id)
return render_template('public/list.html',
reports=reports_user,
title=_('Reports'))
def test_update(self):
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
u = UserApi().get_by_user('*****@*****.**')
u_u = UserApi().update(u.id, {'password': '******', 'email': '*****@*****.**'})
assert u_u.email == '*****@*****.**'
u_x = UserApi().read(u.id)
assert u_x.email == u_u.email
assert UserApi().check_password(u_x.id, '456')
self.assertIsInstance(u_u, User)
def check_has_admin():
"""
If there are no users, this is the first run of the application.
:return:
"""
user_api = UserApi()
if len(user_api.list()) > 0:
return True
else:
return False
def set_locale(self, new_locale):
user_api = UserApi()
if new_locale in app.config['LANGUAGES']:
if self.set_session_locale(new_locale) is True:
if current_user.is_authenticated:
try:
user_api.set_locale(current_user.id, new_locale)
except DatabaseItemDoesNotExist:
return False
return True
return False
def test_read(self):
en = LangApi().by_lang('en')
r = ReportApi().create({'title': 'Test', 'lang_id': en.id})
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
o = UserReportApi().create({
'name': 'Test',
'user_id': u.id,
'report_id': r.id
})
assert o == UserReportApi().read(o.id)
def test_delete(self):
en = LangApi().by_lang('en')
r = ReportApi().create({'title': 'Test', 'lang_id': en.id})
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
o = UserReportApi().create({
'name': 'Test',
'user_id': u.id,
'report_id': r.id
})
assert UserReportApi().delete(o.id) is True
assert o not in scoremodel.db.session
def test_create(self):
en = LangApi().by_lang('en')
r = ReportApi().create({'title': 'Test', 'lang_id': en.id})
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
o = UserReportApi().create({
'name': 'Test',
'user_id': u.id,
'report_id': r.id
})
assert o in scoremodel.db.session
# No checking for already_exists
self.assertIsInstance(o, UserReport)
def v_index():
form = LoginForm()
user_api = UserApi()
lang = locale_api.current_locale
if current_user and current_user.is_authenticated:
user_reports = user_api.get_user_reports(current_user.id)
else:
user_reports = []
try:
page = page_api.by_menu_link_and_lang('v_index', lang)
except DatabaseItemDoesNotExist:
try:
page = page_api.by_menu_link_and_lang(
'v_index', app.config['BABEL_DEFAULT_LOCALE'])
except DatabaseItemDoesNotExist:
abort(404)
return
return render_template('site/home.html',
form=form,
content=markdown.markdown(page.content),
user_reports=user_reports[:5])
def v_update_password():
a_user = UserApi()
form = ChangePasswordForm()
if request.method == 'POST' and form.validate_on_submit():
try:
a_user.check_password(current_user.id, form.old_password.data)
except InvalidPassword:
flash(_('Invalid password.'))
return render_template('admin/user/change_password.html',
form=form)
except Exception as e:
flash(_('An unexpected error occurred.'))
logger.exception(str(e))
return redirect(url_for('admin.v_update_password'))
try:
a_user.update_password(current_user.id, form.new_password.data)
except Exception as e:
flash(_('An unexpected error occurred.'))
logger.exception(str(e))
return redirect(url_for('admin.v_update_password'))
else:
flash(_('Your password has been successfully changed.'))
return redirect(url_for('site.v_index'))
return render_template('admin/user/change_password.html', form=form)
def add_admin():
user_api = UserApi()
role_api = RoleApi()
admin_role = role_api.get_by_role('administrator')
if app.config['DEBUG'] is True:
password = '******'
else:
password = ''.join(SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(10))
user_data = {
'email': '*****@*****.**',
'password': password,
'roles': [
admin_role.id
]
}
try:
user_api.get_by_user('*****@*****.**')
except DatabaseItemDoesNotExist:
admin = user_api.create(user_data)
return {
'user': admin,
'password': user_data['password']
}
def v_login():
form = LoginForm()
a_user = UserApi()
if request.method == 'POST' and form.validate_on_submit():
print(form)
try:
user = a_user.get_by_user(form.email.data)
except DatabaseItemDoesNotExist:
# User does not exist
flash(_('Invalid username or password.'))
else:
if user.verify_password(form.password.data):
login_user(user, remember=form.remember_me.data)
next_url = request.args.get('next')
return redirect(next_url or url_for('site.v_index'))
else:
flash(_('Invalid username or password.'))
##
# next=request.args.get('next') must be embedded in the <form action='admin/login?next=next'>, or
# otherwise the POST request (when you submit the form) will not include the "next" bit.
return render_template('admin/login.html',
form=form,
next=request.args.get('next'))
def test_update(self):
en = LangApi().by_lang('en')
r = ReportApi().create({'title': 'Test', 'lang_id': en.id})
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
o = UserReportApi().create({
'name': 'Test',
'user_id': u.id,
'report_id': r.id
})
o_x = UserReportApi().update(o.id, {
'name': 'Foo',
'user_id': u.id,
'report_id': r.id
})
assert o_x == UserReportApi().read(o.id)
assert UserReportApi().read(o.id).name == 'Foo'
self.assertIsInstance(o_x, UserReport)
def test_delete(self):
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
assert UserApi().delete(u.id)
assert u not in scoremodel.db.session
def v_user_list():
a_user = UserApi()
l_users = a_user.list()
return render_template('admin/user/list.html', users=l_users)
def v_user_edit(user_id):
form = UserModifyForm()
a_user = UserApi()
db_roles = a_roles.list()
possible_roles = []
for db_role in db_roles:
possible_roles.append((db_role.id, db_role.role))
form.roles.choices = possible_roles
try:
existing_user = a_user.read(user_id)
except DatabaseItemDoesNotExist:
flash(_('A user with id {0} does not exist.').format(user_id))
return redirect(url_for('admin.v_user_list'))
if request.method == 'POST' and form.validate_on_submit():
input_data = {
'email': form.email.data,
'password': form.password.data,
'roles': form.roles.data
}
##
# We very much dislike empty passwords, so we assume that, if the password field
# is empty, the user didn't want to change it.
if input_data['password'] == '' or input_data['password'] is None:
update_password = False
else:
update_password = True
try:
edited_user = a_user.update(user_id, input_data, update_password)
except DatabaseItemDoesNotExist as e:
flash(_('No user with id {0}').format(user_id))
return redirect(url_for('admin.v_user_list'))
except RequiredAttributeMissing as e:
flash(
_('A required form element was not submitted: {0}').format(e))
return render_template('admin/user/edit.html',
form=form,
user_id=user_id)
except Exception as e:
flash(_('An unexpected error occurred: {0}').format(e))
# flash('An unexpected error occurred.')
return render_template('admin/user/edit.html',
form=form,
user_id=user_id)
else:
return redirect(url_for('admin.v_user_list'))
else:
##
# Add the data from the existing user for the edit form. This must be done after validate_on_submit()
# or it will overwrite the data from the submitted form.
form.email.default = existing_user.email
roles_default = []
for role in existing_user.roles:
roles_default.append(str(role.id))
form.roles.default = roles_default
# http://stackoverflow.com/questions/5519729/wtforms-how-to-select-options-in-selectmultiplefield
form.process()
return render_template('admin/user/edit.html',
form=form,
user_id=user_id)
def test_create(self):
u = UserApi().create({'email': '*****@*****.**', 'password': '******'})
assert u in scoremodel.db.session
assert 'public' in [r.role for r in u.roles]
self.assertIsInstance(u, User)
