def edit_user(user_id): user = User.query.filter_by(id=user_id).first_or_404() if not can_edit_user(current_user): flash(_("You are not allowed to edit this user."), "danger") return redirect(url_for("management.users")) secondary_group_query = Group.query.filter( db.not_(Group.id == user.primary_group_id), db.not_(Group.banned), db.not_(Group.guest == True)) form = EditUserForm(user) form.secondary_groups.query = secondary_group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_("User successfully updated."), "success") return redirect(url_for("management.edit_user", user_id=user.id)) return render_template("management/user_form.html", form=form, title=_("Edit User"))
def edit_user(user_id): user = User.query.filter_by(id=user_id).first_or_404() if not Permission(CanEditUser, identity=current_user): flash(_("You are not allowed to edit this user."), "danger") return redirect(url_for("management.users")) member_group = db.and_(*[ db.not_(getattr(Group, p)) for p in ['admin', 'mod', 'super_mod', 'banned', 'guest'] ]) filt = db.or_(Group.id.in_(g.id for g in current_user.groups), member_group) if Permission(IsAtleastSuperModerator, identity=current_user): filt = db.or_(filt, Group.mod) if Permission(IsAdmin, identity=current_user): filt = db.or_(filt, Group.admin, Group.super_mod) if Permission(CanBanUser, identity=current_user): filt = db.or_(filt, Group.banned) group_query = Group.query.filter(filt) form = EditUserForm(user) form.primary_group.query = group_query form.secondary_groups.query = group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_("User updated."), "success") return redirect(url_for("management.edit_user", user_id=user.id)) return render_template("management/user_form.html", form=form, title=_("Edit User"))