def admin_edituser():
if(current_user.is_admin() == False):
return "Access Denied"
form=EditUserForm()
if form.validate_on_submit():
form.validate()
#Check if user exists in database and can be modified
present = User.query.filter_by(username=form.old_username.data).first()
if present is None:
flash("Error: This user does not exist in the database")
return render_template("admin-edit.html", form=form)
old_user = form.old_username.data
#delete record from database unless it is the admin account or the current user
if (form.delete.data) == True:
if form.old_username.data == "admin":
flash("Error: This user cannot be removed from the database")
return render_template("admin-edit.html", form=form)
elif current_user.username == old_user:
flash("Error: Cannot delete the user currently signed in.")
return render_template("admin-edit.html", form=form)
else:
User.query.filter_by(username=form.old_username.data).delete()
#begin editing record
if old_user:
user=User.query.filter_by(username=form.old_username.data).first()
else:
flash("Error: No user selected for editing")
return render_template("admin-edit.html", form=form)
if old_user == "admin":
flash("Error: Cannot modify admin!")
return render_template("admin-edit.html", form=form)
new_user = form.new_username.data
if new_user:
user.username = form.new_username.data
new_password = form.password_confirm.data
if new_password:
user.set_password(form.password.data)
email = form.email.data
if email:
user.email=form.email.data
admin=form.admin.data
if admin:
user.admin=form.admin.data
db.session.commit()
flash("User succesfully modified")
return redirect(url_for('admin'))
return(render_template('admin-edit.html', form=form))
def admin():
if not current_user.isAdmin == 1:
return redirect(url_for('index'))
else:
add_user_form = AddUser()
edit_user_form = EditUserForm()
delete_user_form = DeleteUserForm()
if add_user_form.add_user_submit.data and add_user_form.validate():
user = User(username=add_user_form.username.data,
name=add_user_form.name.data,
isAdmin=False)
db.session.add(user)
db.session.commit()
flash("User added.", "success")
return redirect(url_for('admin'))
edit_user_form.update_choices()
if edit_user_form.edit_submit.data and edit_user_form.validate():
user = User.query.filter_by(
username=edit_user_form.username.data).first()
if user is None:
flash("Unable to find username in database", "danger")
return redirect(url_for("admin"))
if edit_user_form.name.data != "":
user.name = edit_user_form.name.data
db.session.commit()
edit_user_form.update_choices()
flash("User details updated.", "success")
return redirect(url_for("admin"))
if edit_user_form.password.data != "":
if edit_user_form.password.data == edit_user_form.password2.data:
print(edit_user_form.password.data)
user.set_password(edit_user_form.password.data)
db.session.commit()
flash("User details updated.", 'success')
return redirect(url_for('admin'))
else: #password field not empty but password wrong
flash("Password does not match!", "danger")
return redirect(url_for('admin'))
delete_user_form.update_choices()
if delete_user_form.delete_submit.data and delete_user_form.validate():
user = User.query.filter_by(
username=delete_user_form.username.data).first()
db.session.delete(user)
db.session.commit()
flash("User deleted", "success")
return redirect(url_for("admin"))
return render_template('admin.html',
add_user_form=add_user_form,
edit_user_form=edit_user_form,
delete_user_form=delete_user_form)
