def edit_user(user_id):
user = User.query.filter_by(id=user_id).first_or_404()
if not can_edit_user(current_user):
flash(_("You are not allowed to edit this user."), "danger")
return redirect(url_for("management.users"))
secondary_group_query = Group.query.filter(
db.not_(Group.id == user.primary_group_id), db.not_(Group.banned),
db.not_(Group.guest == True))
form = EditUserForm(user)
form.secondary_groups.query = secondary_group_query
if form.validate_on_submit():
form.populate_obj(user)
user.primary_group_id = form.primary_group.data.id
# Don't override the password
if form.password.data:
user.password = form.password.data
user.save(groups=form.secondary_groups.data)
flash(_("User successfully updated."), "success")
return redirect(url_for("management.edit_user", user_id=user.id))
return render_template("management/user_form.html",
form=form,
title=_("Edit User"))
def edit_user(user_id):
user = User.query.filter_by(id=user_id).first_or_404()
if not Permission(CanEditUser, identity=current_user):
flash(_("You are not allowed to edit this user."), "danger")
return redirect(url_for("management.users"))
member_group = db.and_(*[
db.not_(getattr(Group, p))
for p in ['admin', 'mod', 'super_mod', 'banned', 'guest']
])
filt = db.or_(Group.id.in_(g.id for g in current_user.groups),
member_group)
if Permission(IsAtleastSuperModerator, identity=current_user):
filt = db.or_(filt, Group.mod)
if Permission(IsAdmin, identity=current_user):
filt = db.or_(filt, Group.admin, Group.super_mod)
if Permission(CanBanUser, identity=current_user):
filt = db.or_(filt, Group.banned)
group_query = Group.query.filter(filt)
form = EditUserForm(user)
form.primary_group.query = group_query
form.secondary_groups.query = group_query
if form.validate_on_submit():
form.populate_obj(user)
user.primary_group_id = form.primary_group.data.id
# Don't override the password
if form.password.data:
user.password = form.password.data
user.save(groups=form.secondary_groups.data)
flash(_("User updated."), "success")
return redirect(url_for("management.edit_user", user_id=user.id))
return render_template("management/user_form.html",
form=form,
title=_("Edit User"))
