def invite_user():
"""Invites a new user to create an account and set their own password."""
form = InviteUserForm()
if form.validate_on_submit():
user = User()
form.populate_obj(user)
db_session_add(user)
token = user.generate_confirmation_token()
invite_link = url_for('account.join_from_invite',
user_id=user.id,
token=token,
_external=True)
get_queue().enqueue(
send_email,
recipient=user.email,
subject='You Are Invited To Join',
template='account/email/invite',
user=user,
invite_link=invite_link,
)
form = InviteUserForm()
flash('User {} successfully invited'.format(user.full_name()),
'form-success')
return render_template('admin/new_user.html', form=form)
def new_group():
"""Create a new group."""
form = NewGroupForm()
if form.validate_on_submit():
group = Group(name=form.name.data, users=form.users.data)
db_session_add(group)
flash('Group {} successfully created'.format(group.name),
'form-success')
return render_template('admin/new_group.html', form=form)
def change_user_name():
"""Change an existing user's name."""
form = ChangeUserNameForm()
if form.validate_on_submit():
current_user.first_name = form.first_name.data
current_user.last_name = form.last_name.data
db_session_add(current_user)
flash('Your name has been updated.', 'form-success')
return redirect(url_for('main.index'))
return render_template('account/manage.html', user=current_user, form=form)
def new_user():
"""Create a new user."""
form = NewUserForm()
if form.validate_on_submit():
user = User()
form.populate_obj(user)
db_session_add(user)
flash('User {} successfully created'.format(user.full_name()),
'form-success')
return render_template('admin/new_user.html', form=form)
def new_category():
"""Create a new category."""
form = NewCategoryForm()
if form.validate_on_submit():
category = Category(name=form.name.data, )
db_session_add(category)
flash('Category {} successfully created'.format(category.name),
'form-success')
new_form = NewCategoryForm()
return render_template('admin/new_category.html', form=new_form)
return render_template('admin/new_category.html', form=form)
def change_password():
"""Change an existing user's password."""
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.old_password.data):
current_user.password = form.new_password.data
db_session_add(current_user)
flash('Your password has been updated.', 'form-success')
return redirect(url_for('main.index'))
else:
flash('Original password is invalid.', 'form-error')
return render_template('account/manage.html', user=current_user, form=form)
def change_group(group_id):
"""Change a group's name."""
group = Group.query.filter_by(id=group_id).first()
if group is None:
abort(404)
form = EditGroupForm(obj=group)
if form.validate_on_submit():
form.populate_obj(group)
db_session_add(group)
flash('Successfully updated group {}.'.format(group.name),
'form-success')
return render_template('admin/manage_group.html', group=group, form=form)
def change_collection(collection_id):
"""Edit collection."""
collection = Collection.query.get(collection_id)
if collection is None:
abort(404)
form = EditCollectionForm(obj=collection)
if form.validate_on_submit():
form.populate_obj(collection)
db_session_add(collection)
flash('Collection {} successfully updated.', 'form-success')
return render_template('admin/manage_collection.html',
collection=collection,
form=form)
def change_category(category_id):
"""Edit category."""
category = Category.query.get(category_id)
if category is None:
abort(404)
form = EditCategoryForm(obj=category)
if form.validate_on_submit():
form.populate_obj(category)
db_session_add(category)
flash('Category {} successfully updated.', 'form-success')
return render_template('admin/manage_category.html',
category=category,
form=form)
def update_editor_contents():
"""Update the contents of an editor."""
edit_data = request.form.get('edit_data')
editor_name = request.form.get('editor_name')
editor_contents = EditableHTML.query.filter_by(
editor_name=editor_name).first()
if editor_contents is None:
editor_contents = EditableHTML(editor_name=editor_name)
editor_contents.value = edit_data
db_session_add(editor_contents)
return 'OK', 200
def change_story(story_id):
"""Edit story."""
story = Story.query.get(story_id)
if story is None:
abort(404)
form = EditStoryForm(obj=story)
if form.validate_on_submit():
form.populate_obj(story)
true_value = LookupValue.query.filter_by(group="bool",
value="True").first()
story.curated = true_value
db_session_add(story)
flash('Story {} successfully updated.', 'form-success')
return render_template('admin/manage_story.html', story=story, form=form)
def join_from_invite(user_id, token):
"""
Confirm new user's account with provided token and prompt them to set
a password.
"""
if current_user is not None and current_user.is_authenticated:
flash('You are already logged in.', 'error')
return redirect(url_for('main.index'))
new_user = User.query.get(user_id)
if new_user is None:
return redirect(404)
if new_user.password_hash is not None:
flash('You have already joined.', 'error')
return redirect(url_for('main.index'))
if new_user.confirm_account(token):
form = CreatePasswordForm()
if form.validate_on_submit():
new_user.password = form.password.data
db_session_add(new_user)
flash(
'Your password has been set. After you log in, you can '
'go to the "Your Account" page to review your account '
'information and settings.', 'success')
return redirect(url_for('account.login'))
return render_template('account/join_invite.html', form=form)
else:
flash(
'The confirmation link is invalid or has expired. Another '
'invite email with a new link has been sent to you.', 'error')
token = new_user.generate_confirmation_token()
invite_link = url_for('account.join_from_invite',
user_id=user_id,
token=token,
_external=True)
get_queue().enqueue(send_email,
recipient=new_user.email,
subject='You Are Invited To Join',
template='account/email/invite',
user=new_user,
invite_link=invite_link)
return redirect(url_for('main.index'))
def change_user(user_id):
"""Edit user."""
if current_user.id == user_id:
flash(
'You cannot edit your own account from the admin dashboard. Please ask '
'another administrator to do this.', 'error')
return redirect(url_for('admin.user_info', user_id=user_id))
user = User.query.get(user_id)
if user is None:
abort(404)
form = EditUserForm(obj=user)
if form.validate_on_submit():
form.populate_obj(user)
db_session_add(user)
flash('User {} successfully updated.'.format(user.full_name()),
'form-success')
return render_template('admin/manage_user.html', user=user, form=form)
def register():
"""Register a new user, and send them a confirmation email."""
form = RegistrationForm()
if form.validate_on_submit():
user = User(first_name=form.first_name.data,
last_name=form.last_name.data,
email=form.email.data,
password=form.password.data)
db_session_add(user)
token = user.generate_confirmation_token()
confirm_link = url_for('account.confirm', token=token, _external=True)
get_queue().enqueue(send_email,
recipient=user.email,
subject='Confirm Your Account',
template='account/email/confirm',
user=user,
confirm_link=confirm_link)
flash('A confirmation link has been sent to {}.'.format(user.email),
'warning')
login_user(user)
return jsonify(status='ok')
return render_template('account/register.html',
form=form,
title="Register")
def review_story(story_id):
"""Review new story."""
story = Story.query.filter_by(id=story_id).first()
if story is None:
abort(404)
form = ReviewStoryForm(obj=story)
if form.validate_on_submit():
form.populate_obj(story)
true_value = LookupValue.query.filter_by(group="bool",
value="True").first()
story.curated = true_value
db_session_add(story)
false_value = LookupValue.query.filter_by(group="bool",
value="False").first()
next_story = Story.query.filter_by(origin="remote").filter_by(
curated=false_value).first()
if next_story:
next_form = ReviewStoryForm(obj=next_story)
return render_template('admin/review_story.html',
story=next_story,
form=next_form)
else:
return redirect(url_for('admin.review_stories'))
return render_template('admin/review_story.html', story=story, form=form)
