def profile_update(user_id): ucontr = None if admin_permission.can(): ucontr = UserController() elif Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) else: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) user = ucontr.get(id=user_id) profile_form, pass_form = ProfileForm(obj=user), PasswordModForm() if profile_form.validate(): values = { 'login': profile_form.login.data, 'email': profile_form.email.data } if admin_permission.can(): values['is_active'] = profile_form.is_active.data values['is_admin'] = profile_form.is_admin.data values['is_api'] = profile_form.is_api.data ucontr.update({'id': user_id}, values) flash(gettext('User %(login)s successfully updated', login=user.login), 'success') return redirect(url_for('user.profile', user_id=user.id)) return render_template('profile.html', user=user, admin_permission=admin_permission, form=profile_form, pass_form=pass_form)
def profile_update(user_id): ucontr = None if admin_permission.can(): ucontr = UserController() elif Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) else: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) user = ucontr.get(id=user_id) profile_form, pass_form = ProfileForm(obj=user), PasswordModForm() if profile_form.validate(): values = {'login': profile_form.login.data, 'email': profile_form.email.data} if admin_permission.can(): values['is_active'] = profile_form.is_active.data values['is_admin'] = profile_form.is_admin.data values['is_api'] = profile_form.is_api.data ucontr.update({'id': user_id}, values) flash(gettext('User %(login)s successfully updated', login=user.login), 'success') return redirect(url_for('user.profile', user_id=user.id)) return render_template('profile.html', user=user, admin_permission=admin_permission, form=profile_form, pass_form=pass_form)
def delete(user_id): ucontr = None if admin_permission.can(): ucontr = UserController() elif Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) else: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) ucontr.delete(user_id) flash(gettext('Deletion successful'), 'success') if admin_permission.can(): return redirect(url_for('admin.dashboard')) return redirect(url_for('logout'))
def delete(user_id): ucontr = None if admin_permission.can(): ucontr = UserController() elif Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) logout_user() else: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) ucontr.delete(user_id) flash(gettext('Deletion successful'), 'success') if admin_permission.can(): return redirect(url_for('admin.dashboard')) return redirect(url_for('login'))
def reqparse_args(self, right, req=None, strict=False, default=True, allow_empty=False): """ strict: bool if True will throw 400 error if args are defined and not in request default: bool if True, won't return defaults args: dict the args to parse, if None, self.attrs will be used """ try: in_values = req.json if req else (request.json or {}) if not in_values and allow_empty: return {} except BadRequest: if allow_empty: return {} raise parser = reqparse.RequestParser() if self.attrs is not None: attrs = self.attrs elif admin_permission.can(): attrs = self.controller_cls._get_attrs_desc('admin') elif api_permission.can(): attrs = self.controller_cls._get_attrs_desc('api', right) else: attrs = self.controller_cls._get_attrs_desc('base', right) assert attrs, "No defined attrs for %s" % self.__class__.__name__ for attr_name, attr in attrs.items(): if not default and attr_name not in in_values: continue else: parser.add_argument(attr_name, location='json', **attr) return parser.parse_args(req=req, strict=strict)
def profile(user_id=None): ucontr = None if user_id and admin_permission.can(): ucontr = UserController() elif user_id and Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) elif user_id: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) else: ucontr = UserController(current_user.id) user_id = current_user.id user = ucontr.get(id=user_id) profile_form, pass_form = ProfileForm(obj=user), PasswordModForm() return render_template('profile.html', user=user, admin_permission=admin_permission, form=profile_form, pass_form=pass_form)
def reqparse_args(self, right, req=None, strict=False, default=True, allow_empty=False): """ strict: bool if True will throw 400 error if args are defined and not in request default: bool if True, won't return defaults args: dict the args to parse, if None, self.attrs will be used """ try: if req: in_values = req.json else: in_values = request.args or request.json or {} if not in_values and allow_empty: return {} except BadRequest: if allow_empty: return {} raise parser = reqparse.RequestParser() if self.attrs is not None: attrs = self.attrs elif admin_permission.can(): attrs = self.controller_cls._get_attrs_desc('admin') elif api_permission.can(): attrs = self.controller_cls._get_attrs_desc('api', right) else: attrs = self.controller_cls._get_attrs_desc('base', right) assert attrs, "No defined attrs for %s" % self.__class__.__name__ for attr_name, attr in attrs.items(): if not default and attr_name not in in_values: continue else: parser.add_argument(attr_name, location='json', default=in_values[attr_name]) return parser.parse_args(req=request.args, strict=strict)
def password_update(user_id): ucontr = None if admin_permission.can(): ucontr = UserController() elif Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) else: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) user = ucontr.get(id=user_id) profile_form, pass_form = ProfileForm(obj=user), PasswordModForm() if pass_form.validate(): ucontr.update({'id': user_id}, {'password': pass_form.password.data}) flash(gettext('Password for %(login)s successfully updated', login=user.login), 'success') return redirect(url_for('user.profile', user_id=user.id)) return render_template('profile.html', user=user, admin_permission=admin_permission, form=profile_form, pass_form=pass_form)
def password_update(user_id): ucontr = None if admin_permission.can(): ucontr = UserController() elif Permission(UserNeed(user_id)).can(): ucontr = UserController(user_id) else: flash(gettext('You do not have rights on this user'), 'danger') raise Forbidden(gettext('You do not have rights on this user')) user = ucontr.get(id=user_id) profile_form, pass_form = ProfileForm(obj=user), PasswordModForm() if pass_form.validate(): ucontr.update({'id': user_id}, {'password': pass_form.password.data}) flash( gettext('Password for %(login)s successfully updated', login=user.login), 'success') return redirect(url_for('user.profile', user_id=user.id)) return render_template('profile.html', user=user, admin_permission=admin_permission, form=profile_form, pass_form=pass_form)
def controller(self): if admin_permission.can(): return self.controller_cls() return self.controller_cls(current_user.id)