def default_sharing(self, id):
"""Change a user's default sharing.
.. :quickref: User; Change default sharing
When used on another user account, requires the `manage_users` permission.
:param id: user id.
:>json User user: modified user.
"""
self.ensure_permission(id)
user = User(get_or_404(User.get_collection(), _id=id))
groups = request.form.get('groups', '').split(',')
for group in groups:
if group in user['groups']:
break
else:
flash('You have to at least keep one of your groups.', 'danger')
return redirect(request.referrer)
user.update_value('default_sharing', groups)
return redirect({'user': clean_users(user)}, request.referrer)
def get(self, id):
"""Get a user.
.. :quickref: User; Get a user
The user is returned in the ``user`` field.
:param id: user id
:>json ObjectId _id: user's ObjectId.
:>json string name: full name.
:>json string: email address.
:>json boolean enabled: ``True`` if the user is enabled.
:>json list groups: list of groups the user belongs to.
:>json list default_sharing: list of groups used by the user as default sharing preferences.
:>json list permissions: list of user's permissions
"""
self.ensure_permission(id)
user = User(get_or_404(User.get_collection(), _id=id))
return render(
{
'user': clean_users(user),
'permissions': dispatcher.permissions
}, 'users/profile.html')
def update(self, id):
"""Update a user.
.. :quickref: User; Update existing user
Requires the `manage_users` permission.
When succesful, the new user will be returned in the ``user`` field.
Otherwise, an ``errors`` field will list errors.
:form name: full name
:form email: email address
:form groups: comma-delimited list of groups
:form permission_VALUE: specify a value different than ``0`` or ``False``
for all permissions the user should have.
"""
name = request.form.get('name')
email = request.form.get('email').lower()
groups = [g for g in request.form.get('groups', '').split(',') if g]
user = User(get_or_404(User.get_collection(), _id=id))
if not self._valid_form(name, email, groups, user['email']):
return validation_error()
user['name'] = name
user['email'] = email
user['groups'] = groups
user['permissions'] = self.get_permissions(user['permissions'])
user.save()
return redirect({'user': clean_users(user)},
url_for('UsersView:get', id=user['_id']))
def _valid_form(self, name, email, groups, previous_email=None):
for var in ['name', 'email', 'groups']:
if not locals()[var]:
flash('"{}" is required'.format(var), 'danger')
return False
if (previous_email is None) or (previous_email != email):
existing_user = User.get_collection().find_one({'email': email})
if existing_user:
flash('User with email "{}" already exists.'.format(email),
'danger')
return False
return True
def disable(self, id):
"""Disable a user.
.. :quickref: User; Disable a user
Requires the `manage_users` permission.
:param id: user id.
:>json User user: modified user.
"""
user = User(get_or_404(User.get_collection(), _id=id))
user.update_value('enabled', False)
return redirect({'user': clean_users(user)},
url_for('UsersView:index'))
def reset_api(self, id):
"""Reset a user's API key.
.. :quickref: User; Reset API key
When used on another user account, requires the `manage_users` permission.
:param id: user id.
:>json User user: modified user.
"""
self.ensure_permission(id)
user = User(get_or_404(User.get_collection(), _id=id))
user.update_value('api_key', User.generate_api_key())
return redirect({'user': clean_users(user)}, request.referrer)
def password_reset(token):
try:
user_id = validate_password_reset_token(token)
except BadTimeSignature:
flash('Invalid token', 'danger')
return redirect('/login')
except SignatureExpired:
flash('Expired token', 'danger')
return redirect('/login')
if request.method == 'POST':
password = request.form.get('password', '')
confirm = request.form.get('password_confirmation', '')
if valid_new_password(password, confirm):
user = User(get_or_404(User.get_collection(), _id=user_id))
change_password(user, password)
flash('Password was successfully changed.', 'success')
return redirect('/login')
return render_template('password_reset.html')
