def proEdit():
infoForm = EditUserInfoFrom()
passForm = EditUserPassFrom()
unableUserForm = UnableUserFrom()
if request.method == 'POST':
if infoForm.validate_on_submit():
userLogin = infoForm.editILogin.data
if current_user.user_login == userLogin or current_user.isAdmin():
user = getUserByLoginName(userLogin)
user.user_nicename = infoForm.editINicename.data
user.user_url = infoForm.editIUrl.data
db.session.add(user)
db.session.commit()
flash(u'资料修改成功!')
else:
abort(403)
return redirect(url_for('profile', userlogin=userLogin))
if passForm.validate_on_submit():
userLogin = passForm.editLogin.data
if current_user.user_login == userLogin or current_user.isAdmin():
user = getUserByLoginName(userLogin)
user.updatePassword(passForm.editPpassword.data)
db.session.add(user)
db.session.commit()
flash(u'密码修改成功,下次登录将使用新密码!')
else:
abort(403)
return redirect(url_for('profile', userlogin=userLogin))
if unableUserForm.validate_on_submit():
userLogin = unableUserForm.unableLogin.data
if current_user.user_login == userLogin or current_user.isAdmin():
user = getUserByLoginName(userLogin)
if user:
if user.user_login == unableUserForm.unableName.data:
user.user_rule = UserRule['DISABLE']
db.session.add(user)
db.session.commit()
flash(u'用户:' + userLogin + u' 已经被禁用,如需启用请联系管理员!')
else:
flash(u'用户登录名确认失败!')
else:
abort(403)
return redirect(url_for('profile', userlogin=userLogin))
userLogin = unableUserForm.unableLogin.data
return redirect(url_for('profile', userlogin=userLogin))
def deleteMeasurement():
if not current_user.isAdmin():
flash(constants.NOT_ALLOWED, 'danger')
else:
measurementid = unicode(request.form['measurementid'])
Measurement.delete(Measurement.get(measurementid))
flash(constants.MEASUREMENT_DELETE_SUCCESS, 'success')
return redirect(url_for('manageMeasurements'))
def deleteUser():
if not current_user.isAdmin():
flash(constants.NOT_ALLOWED, 'danger')
else:
userid = unicode(request.form['userid'])
user = User.get(userid)
User.delete(user)
flash(constants.USER_DELETE_SUCCESS.format(user.username), 'success')
return redirect(url_for('manageUsers'))
def manageUsers():
if request.method == 'GET':
users = User.getAll()
return render_template('users.html', users=users)
elif request.method == 'POST':
if not current_user.isAdmin():
flash(constants.NOT_ALLOWED, 'danger')
return redirect(url_for('manageUsers'))
else:
u = str(request.form['username'])
p = str(request.form['password'])
user = User.get(u)
if user:
flash(constants.USERNAME_TAKEN, 'danger')
else:
User.create(User(u, hash_pass(p)))
flash(constants.USER_CREATE_SUCCESS.format(u), 'success')
return redirect(url_for('manageUsers'))
def profile(userlogin):
user = getUserByLoginName(userlogin)
if user is None:
abort(404)
infoForm = EditUserInfoFrom()
passForm = EditUserPassFrom()
unableUserForm = UnableUserFrom()
if current_user.is_authenticated:
if current_user.isAdmin() or current_user == user:
infoForm.editILogin.data = user.user_login
infoForm.editINicename.data = user.user_nicename
if user.user_url is None or user.user_url == '':
infoForm.editIUrl.data = 'http://'
else:
infoForm.editIUrl.data = user.user_url
passForm.editLogin.data = user.user_login
unableUserForm.unableLogin.data = user.user_login
avatar ='http://gravatar.duoshuo.com/avatar/' + hashlib.md5(user.user_email).hexdigest() + '?s=230'
return render_template('profile.html', user=user, avatar=avatar,
infoForm=infoForm, passForm=passForm, unableUserForm=unableUserForm)
def decorated_function(*args, **kwargs):
if not current_user.isAdmin() and requiresAdmin:
abort(403)
return f(*args, **kwargs)
def is_accessible(self):
return current_user.isAdmin()
def index(self):
if login.current_user.is_authenticated() and current_user.isAdmin():
return self.render('index.html')
else:
redirect(url_for('.index'))
