def deactivate(uid):
# Only give access if the uid matches the user, or if the user is an admin
if g.user.id == uid or g.user.role == Role.admin:
usr = User.query.filter_by(id=uid).first()
if usr is not None:
form = DeactivationForm(request.form)
if form.validate_on_submit():
# Deactivate user
usr.name = "Anonymized %s" % usr.id
usr.email = "*****@*****.**" % usr.id
usr.password = User.create_random_password(16)
g.db.commit()
if g.user.role == Role.admin:
return redirect(url_for('.users'))
else:
session.pop('user_id', None)
flash('Account deactivated.', 'success')
return redirect(url_for('.login'))
return {
'form': form,
'view_user': usr
}
abort(404)
else:
abort(403, request.endpoint)
def deactivate(uid):
"""
Deactivate user account.
Only give access if the uid matches the user, or if the user is an admin
:param uid: id of the user
:type uid: int
:return: DeactivationForm and user view if valid response, appropriate error otherwise
:rtype: dynamic
"""
if g.user.id == uid or g.user.role == Role.admin:
usr = User.query.filter_by(id=uid).first()
if usr is not None:
form = DeactivationForm(request.form)
if form.validate_on_submit():
# Deactivate user
usr.name = "Anonymized {id}".format(id=usr.id)
usr.email = "unknown{id}@ccextractor.org".format(id=usr.id)
usr.password = User.create_random_password(16)
g.db.commit()
if g.user.role == Role.admin:
return redirect(url_for('.users'))
else:
session.pop('user_id', None)
g.log.debug(f'account deactivate for user id: {uid}')
flash('Account deactivated.', 'success')
return redirect(url_for('.login'))
return {'form': form, 'view_user': usr}
g.log.debug(f'user with id: {uid} not found!')
abort(404)
else:
abort(403, request.endpoint)
def deactivate(uid):
# Only give access if the uid matches the user, or if the user is an admin
if g.user.id == uid or g.user.role == Role.admin:
usr = User.query.filter_by(id=uid).first()
if usr is not None:
form = DeactivationForm(request.form)
if form.validate_on_submit():
# Deactivate user
usr.name = "Anonymized {id}".format(id=usr.id)
usr.email = "unknown{id}@ccextractor.org".format(id=usr.id)
usr.password = User.create_random_password(16)
g.db.commit()
if g.user.role == Role.admin:
return redirect(url_for('.users'))
else:
session.pop('user_id', None)
flash('Account deactivated.', 'success')
return redirect(url_for('.login'))
return {
'form': form,
'view_user': usr
}
abort(404)
else:
abort(403, request.endpoint)
def users_ajax(action):
result = {
'status': 'error',
'errors': []
}
if action == 'create':
form = CreateUserForm(request.form)
form.role.choices = [(r.id, r.name) for r in
Role.query.order_by('name')]
if form.validate_on_submit():
# Generate random password
password = User.create_random_password()
email = None if len(form.email.data) == 0 else form.email.data
# No errors, so role is valid, email is valid & username
# doesn't exist yet. Create user
user = User(form.role.data, form.username.data, email,
User.generate_hash(password))
g.db.add(user)
g.db.commit()
result['status'] = 'success'
result['user'] = {
'id': user.id,
'name': user.name,
'role_id': user.role_id,
'role_name': user.role.name,
'email': user.email,
'password': password
}
result['errors'] = form.errors
if action == 'delete':
form = UserModifyForm('delete', g.user, request.form)
if form.validate_on_submit():
# Delete user
user = User.query.filter(User.id == form.id.data).first()
g.db.delete(user)
g.db.commit()
result['status'] = 'success'
result['errors'] = form.errors
if action == 'change':
form = UserModifyForm('change', g.user, request.form)
if form.validate_on_submit():
# Change role
user = User.query.filter(User.id == form.id.data).first()
role = Role.query.filter(Role.id == form.role.data).first()
user.role = role
g.db.commit()
result['status'] = 'success'
result['role'] = {
'id': role.id,
'name': role.name
}
result['errors'] = form.errors
if action == 'reset':
form = UserModifyForm('reset', g.user, request.form)
if form.validate_on_submit():
# Reset password
user = User.query.filter(User.id == form.id.data).first()
password = User.create_random_password()
user.update_password(password)
g.db.commit()
result['status'] = 'success'
result['message'] = 'The password for %s (#%s) was reset to: ' \
'<code>%s</code><br />Please copy ' \
'this carefully and give it to the user in ' \
'question.' % (user.name, user.id, password)
result['errors'] = form.errors
return jsonify(result)
def users_ajax(action):
result = {'status': 'error', 'errors': []}
if action == 'create':
form = CreateUserForm(request.form)
form.role.choices = [(r.id, r.name)
for r in Role.query.order_by('name')]
if form.validate_on_submit():
# Generate random password
password = User.create_random_password()
email = None if len(form.email.data) == 0 else form.email.data
# No errors, so role is valid, email is valid & username
# doesn't exist yet. Create user
user = User(form.role.data, form.username.data, email,
User.generate_hash(password))
g.db.add(user)
g.db.commit()
result['status'] = 'success'
result['user'] = {
'id': user.id,
'name': user.name,
'role_id': user.role_id,
'role_name': user.role.name,
'email': user.email,
'password': password
}
result['errors'] = form.errors
if action == 'delete':
form = UserModifyForm('delete', g.user, request.form)
if form.validate_on_submit():
# Delete user
user = User.query.filter(User.id == form.id.data).first()
g.db.delete(user)
g.db.commit()
result['status'] = 'success'
result['errors'] = form.errors
if action == 'change':
form = UserModifyForm('change', g.user, request.form)
if form.validate_on_submit():
# Change role
user = User.query.filter(User.id == form.id.data).first()
role = Role.query.filter(Role.id == form.role.data).first()
user.role = role
g.db.commit()
result['status'] = 'success'
result['role'] = {'id': role.id, 'name': role.name}
result['errors'] = form.errors
if action == 'reset':
form = UserModifyForm('reset', g.user, request.form)
if form.validate_on_submit():
# Reset password
user = User.query.filter(User.id == form.id.data).first()
password = User.create_random_password()
user.update_password(password)
g.db.commit()
result['status'] = 'success'
result['message'] = 'The password for %s (#%s) was reset to: ' \
'<code>%s</code><br />Please copy ' \
'this carefully and give it to the user in ' \
'question.' % (user.name, user.id, password)
result['errors'] = form.errors
return jsonify(result)
