def init_db(config): tables = [Entry, Users, Tag, Image, Hop, Grain, Extract, HoppedExtract, Yeast, Water, Misc, Mineral, Fining, Flavor, Spice, Herb, BJCPStyle, BJCPCategory, MashTun, BoilKettle, EquipmentSet, MashProfile, MashStep, MashStepOrder, Recipe, RecipeIngredient, Inventory, Comment, Role]#, Permission] for table in tables: try: table.createTable() except OperationalError: pass else: # NEED TO FIX THIS if table.__name__ == 'Users': adef = config['ADMIN_USERNAME'] admin = Users(email=adef, first_name=adef, last_name=adef, alias=adef) admin.set_pass(config['PASSWORD_SALT'], config['ADMIN_PASSWORD']) admin.admin = True # uncomment when you're sorted out your little permissions thingy # for role in config['SYSTEM_ROLES']: # r = Role(name=role) # admin.addRole(config['SYSTEM_ROLES'].index(config['ADMIN'])) if table.__name__ == 'BJCPCategory': process_bjcp_styles() if table.__name__ == 'Inventory': process_bt_database()
def init_db(config): tables = [ Entry, Users, Tag, Image, Hop, Grain, Extract, HoppedExtract, Yeast, Water, Misc, Mineral, Fining, Flavor, Spice, Herb, BJCPStyle, BJCPCategory, MashTun, BoilKettle, EquipmentSet, MashProfile, MashStep, MashStepOrder, Recipe, RecipeIngredient, Inventory, Comment, Role ] #, Permission] for table in tables: try: table.createTable() except OperationalError: pass else: # NEED TO FIX THIS if table.__name__ == 'Users': adef = config['ADMIN_USERNAME'] admin = Users(email=adef, first_name=adef, last_name=adef, alias=adef) admin.set_pass(config['PASSWORD_SALT'], config['ADMIN_PASSWORD']) admin.admin = True # uncomment when you're sorted out your little permissions thingy # for role in config['SYSTEM_ROLES']: # r = Role(name=role) # admin.addRole(config['SYSTEM_ROLES'].index(config['ADMIN'])) if table.__name__ == 'BJCPCategory': process_bjcp_styles() if table.__name__ == 'Inventory': process_bt_database()
def edit_user(user_id=-1): user_form = EditUserForm() if user_form.validate_on_submit(): user = Users.get(user_form.user_id.data) if user.id == session.get('user_id') or user.admin: user.first_name = user_form.first_name.data user.last_name = user_form.last_name.data user.email = user_form.email.data user.alias = user_form.alias.data user.last_modified = datetime.now() try: avatar = list(Image.select(Image.q.url==user_form.avatar.data))[0] except (SQLObjectNotFound, IndexError): pass else: user.avatar = avatar flash("%s %s has been updated" % (user.first_name, user.last_name)) return redirect(url_for('list_users')) else: flash("Sorry, you're not allowed to do that") return redirect(url_for('edit_user', user_id=user.id)) else: try: user = Users.get(user_id) except SQLObjectNotFound: user = {'first_name': '', 'last_name': '', 'email': '', 'password': '', 'avatar': ''} finally: return render_template('edit_user.html', data={'form': user_form, 'user': user})
def change_password(user_id=0): pass_form = ChangePasswordForm() if pass_form.validate_on_submit(): logged_in_as = session.get('user_id') if user_id != logged_in_as: flash("You can only change your own password!") return redirect(url_for('list_entries')) try: user = Users.get(user_id) except SQLObjectNotFound: flash("You must provide a user ID") return redirect(url_for('list_users')) else: user.password = generate_password(pass_form.password.data) flash("Password successfully changed") return redirect(url_for('edit_user', user_id=user.id)) else: try: user = Users.get(user_id) except SQLNotFoundError: flash("You must provide a user ID") return redirect(url_for('list_users')) else: return render_template('change_password.html', data={'form': pass_form, 'user_id': user.id})
def list_users(user_id=0): if user_id: try: users = list(Users.get(user_id)) except SQLObjectNotFound: flash("No user found by that ID") return render_template('list_users.html') else: users = list(Users.select()) return render_template('list_users.html', data={'users': users})
def admin(*args, **kwargs): try: user = Users.get(session.get('user_id')) if user.admin: return callback(*args, **kwargs) else: flash("Admins only") return redirect(url_for('list_entries')) except SQLObjectNotFound: flash("You're not even logged in") return redirect(url_for('list_entries'))
def create_user(): user_form = CreateUserForm() if user_form.validate_on_submit(): user = Users(first_name = user_form.first_name.data, last_name = user_form.last_name.data, email = user_form.email.data, password = generate_password(user_form.password.data), alias = user_form.alias.data) if user_form.avatar.data: i = Image(url=user_form.alias.data) user.avatar = i flash("%s %s has been created" % (user.first_name, user.last_name)) return redirect(url_for('list_users')) else: user = {'first_name': '', 'last_name': '', 'email': '', 'password': '', 'avatar': ''} return render_template('edit_user.html', data={'form': user_form, 'user': user})
def login(): error = None login_form = LoginForm() if login_form.validate_on_submit(): u_req = Users.get(login_form.user_id.data) u_req.last_login = datetime.now() session['logged_in'] = True session['user_id'] = u_req.id flash('You were logged in') return redirect(url_for('list_entries')) return render_template('login.html', data={"form": login_form, "error": error})
def __call__(self, form, field): cyphertext = generate_password(field.data) username = form.email.data if form.user_id.data: raise ValidationError(self.message) try: user = list(Users.select(AND(Users.q.email==username, Users.q.password==cyphertext)))[0] if not user.active: raise ValidationError(self.message) form.user_id.data = user.id except (SQLObjectNotFound, IndexError): raise ValidationError(self.message)
def has_permission(permission_type, obj, user_id): try: uid = Users.get(user_id) except SQLObjectNotFound: flash("You must be logged in to access this page") return redirect(url_for('login')) else: obj_type = obj.__class__.__name__ perm = Permission.select(AND(permission.q.object_type==obj_type, permission.q.object_id==obj.id)) if user in perm.user or [r for role in user.role if rol in perm.role]: return True else: return False
def role(*args, **kwargs): error = False message = "Unauthorized access" uid = session.get('user_id') try: role = list(Role.select(Role.q.name==role_name))[0] except (SQLObjectNotFound, ValueError, IndexError): error = True message = "Role %s is not a valid role" % role_name try: user = Users.get(user_id) except SQLObjectNotFound: error = True message = "Sorry, you are not permitted to access this" if error: flash(message) return redirect(url_for('list_entries')) else: return callback(*args, **kwargs)