def edit_password(user_id):
if user_id == current_user.id:
edit_info = UserController(user_id)
self.params['title'] = 'Edit password: '******'edit_info'] = edit_info.user
if request.method == 'POST':
password = request.form.get('password')
new_password = request.form.get('new_password')
new_password2 = request.form.get('new_password2')
if edit_info.check_password(password):
edit_info.edit_password(new_password, new_password2)
self.params['errors'] = edit_info.errors
if len(edit_info.errors) == 0:
return redirect('/authors')
return render_template('users/edit_password.html',
**self.params)
flash('Incorrect password')
return render_template('users/edit_password.html',
**self.params)
return render_template('users/edit_password.html',
**self.params)
abort(403)
def delete_user(user_id):
if user_id == current_user.id or current_user.access_rights > 4:
delete_info = UserController(user_id)
for post in delete_info.user.articles:
PostController(post.id).delete_post()
delete_info.delete_user()
return redirect(url_for('logout'))
abort(403)
def user_info(user_id):
Visit().add_visit('user_info')
user = UserController(user_id).user
self.params['likes_number'] = LikesController().likes_number(
user_id)
self.params['author'] = user
self.params['title'] = 'ItStep Blog: ' + user.name
return render_template('users/author.html', **self.params)
def edit_user(user_id):
Visit().add_visit('edit_user')
if user_id == current_user.id:
edit_info = UserController(user_id)
self.params['title'] = 'Edit: ' + edit_info.user.name
self.params['edit_info'] = edit_info.user
if request.method == 'POST':
if edit_info.check_password(request.form.get('password')):
edit_info.edit_info(**request.files, **request.form)
self.params['edit_info'] = edit_info.user
self.params['errors'] = edit_info.errors
if len(edit_info.errors) == 0:
return redirect('/authors')
return render_template('users/edit_user.html',
**self.params)
flash('Incorrect password')
return render_template('users/edit_user.html',
**self.params)
return render_template('users/edit_user.html', **self.params)
abort(403)
def add_new_article(self, article_image):
new_article = Articles()
new_article.author_id = self.author_id
new_article.category_id = self.category_id
new_article.title = self.title
new_article.text = self.text
new_article.image = self.image
self.save_new_tags()
new_article.tags = self.add_tags(new_article)
if len(self.errors) == 0:
new_article_author = UserController(self.author_id).user
new_article_author.post_number += 1
self.save_to_db(new_article_author)
if self.save_to_db(new_article):
article_image.save(
os.path.join(app.config['UPLOAD_FOLDER'], self.image))
return True
def set_access(user_id):
if current_user.access_rights > 4:
UserController(user_id).set_access(**request.form)
return redirect(url_for('admin'))
abort(403)