async def add_new_user(request):
"""Creates a new user and redirects to the user-edit page."""
try:
users.read_users()
except:
return PlainTextResponse(
'Configuration is being updated. Try again in a minute.')
form = dict(await request.form())
newuser = form.get("name", "")
if newuser in users.users_list:
return PlainTextResponse('User already exists.')
newpassword = users.hash_password(
form.get("password", "here_should_be_a_password"))
users.users_list[newuser] = {
"password": newpassword,
"is_admin": "False",
"change_password": "******"
}
try:
users.save_users()
except:
return PlainTextResponse(
'ERROR: Unable to write user list. Try again.')
logger.info(f'Created user {newuser}')
monitor.send_webgui_event(monitor.w_events.USER_CREATE,
request.user.display_name, newuser)
return RedirectResponse(url='/users/edit/' + newuser, status_code=303)
async def users_delete_post(request):
"""Deletes the given users."""
try:
config.read_config()
except:
return PlainTextResponse("Configuration is being updated. Try again in a minute.")
deleteuser = request.path_params["user"]
if deleteuser in users.users_list:
del users.users_list[deleteuser]
try:
users.save_users()
except:
return PlainTextResponse("ERROR: Unable to write user list. Try again.")
logger.info(f"Deleted user {deleteuser}")
monitor.send_webgui_event(monitor.w_events.USER_DELETE, request.user.display_name, deleteuser)
return RedirectResponse(url="/users", status_code=303)
async def users_edit_post(request):
"""Updates the given user with settings passed as form parameters."""
try:
users.read_users()
except:
return PlainTextResponse(
'Configuration is being updated. Try again in a minute.')
edituser = request.path_params["user"]
form = dict(await request.form())
if not edituser in users.users_list:
return PlainTextResponse('User does not exist anymore.')
users.users_list[edituser]["email"] = form["email"]
if form["password"]:
users.users_list[edituser]["password"] = users.hash_password(
form["password"])
users.users_list[edituser]["change_password"] = "******"
# Only admins are allowed to change the admin status, and the current user
# cannot change the status for himself (which includes the settings page)
if (request.user.is_admin) and (request.user.display_name != edituser):
users.users_list[edituser]["is_admin"] = form["is_admin"]
if (request.user.is_admin):
users.users_list[edituser]["permissions"] = form["permissions"]
try:
users.save_users()
except:
return PlainTextResponse(
'ERROR: Unable to write user list. Try again.')
logger.info(f'Edited user {edituser}')
monitor.send_webgui_event(monitor.w_events.USER_EDIT,
request.user.display_name, edituser)
if "own_settings" in form:
return RedirectResponse(url='/', status_code=303)
else:
return RedirectResponse(url='/users', status_code=303)