class User(db.Model, UserMixin, CRUDMixin): __tablename__ = "users" id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(200), unique=True, nullable=False) email = db.Column(db.String(200), unique=True, nullable=False) _password = db.Column('password', db.String(120), nullable=False) date_joined = db.Column(UTCDateTime(timezone=True), default=time_utcnow, nullable=False) lastseen = db.Column(UTCDateTime(timezone=True), default=time_utcnow, nullable=True) birthday = db.Column(db.DateTime, nullable=True) gender = db.Column(db.String(10), nullable=True) website = db.Column(db.String(200), nullable=True) location = db.Column(db.String(100), nullable=True) signature = db.Column(db.Text, nullable=True) avatar = db.Column(db.String(200), nullable=True) notes = db.Column(db.Text, nullable=True) last_failed_login = db.Column(UTCDateTime(timezone=True), nullable=True) login_attempts = db.Column(db.Integer, default=0, nullable=False) activated = db.Column(db.Boolean, default=False, nullable=False) theme = db.Column(db.String(15), nullable=True) language = db.Column(db.String(15), default="en", nullable=True) post_count = db.Column(db.Integer, default=0) primary_group_id = db.Column(db.Integer, db.ForeignKey('groups.id'), nullable=False) posts = db.relationship("Post", backref="user", primaryjoin="User.id == Post.user_id", lazy="dynamic") topics = db.relationship("Topic", backref="user", primaryjoin="User.id == Topic.user_id", lazy="dynamic") primary_group = db.relationship("Group", backref="user_group", uselist=False, lazy="joined", foreign_keys=[primary_group_id]) secondary_groups = db.relationship( "Group", secondary=groups_users, primaryjoin=(groups_users.c.user_id == id), backref=db.backref("users", lazy="dynamic"), lazy="dynamic") tracked_topics = db.relationship( "Topic", secondary=topictracker, primaryjoin=(topictracker.c.user_id == id), backref=db.backref("topicstracked", lazy="dynamic"), lazy="dynamic", single_parent=True) # Properties @property def is_active(self): """Returns the state of the account. If the ``ACTIVATE_ACCOUNT`` option has been disabled, it will always return ``True``. Is the option activated, it will, depending on the state of the account, either return ``True`` or ``False``. """ if flaskbb_config["ACTIVATE_ACCOUNT"]: if self.activated: return True return False return True @property def last_post(self): """Returns the latest post from the user.""" return Post.query.filter(Post.user_id == self.id).\ order_by(Post.date_created.desc()).first() @property def url(self): """Returns the url for the user.""" return url_for("user.profile", username=self.username) @property def permissions(self): """Returns the permissions for the user.""" return self.get_permissions() @property def groups(self): """Returns the user groups.""" return self.get_groups() @property def days_registered(self): """Returns the amount of days the user is registered.""" days_registered = (time_utcnow() - self.date_joined).days if not days_registered: return 1 return days_registered @property def topic_count(self): """Returns the thread count.""" return Topic.query.filter(Topic.user_id == self.id).count() @property def posts_per_day(self): """Returns the posts per day count.""" return round((float(self.post_count) / float(self.days_registered)), 1) @property def topics_per_day(self): """Returns the topics per day count.""" return round((float(self.topic_count) / float(self.days_registered)), 1) # Methods def __repr__(self): """Set to a unique key specific to the object in the database. Required for cache.memoize() to work across requests. """ return "<{} {}>".format(self.__class__.__name__, self.username) def _get_password(self): """Returns the hashed password.""" return self._password def _set_password(self, password): """Generates a password hash for the provided password.""" if not password: return self._password = generate_password_hash(password) # Hide password encryption by exposing password field only. password = db.synonym('_password', descriptor=property(_get_password, _set_password)) def check_password(self, password): """Check passwords. If passwords match it returns true, else false.""" if self.password is None: return False return check_password_hash(self.password, password) @classmethod @deprecated("Use authentication services instead.") def authenticate(cls, login, password): """A classmethod for authenticating users. It returns the user object if the user/password combination is ok. If the user has entered too often a wrong password, he will be locked out of his account for a specified time. :param login: This can be either a username or a email address. :param password: The password that is connected to username and email. """ user = cls.query.filter( db.or_(User.username == login, User.email == login)).first() if user is not None: if user.check_password(password): # reset them after a successful login attempt user.login_attempts = 0 user.save() return user # user exists, wrong password # never had a bad login before if user.login_attempts is None: user.login_attempts = 1 else: user.login_attempts += 1 user.last_failed_login = time_utcnow() user.save() # protection against account enumeration timing attacks check_password_hash("dummy password", password) raise AuthenticationError def recalculate(self): """Recalculates the post count from the user.""" self.post_count = Post.query.filter_by(user_id=self.id).count() self.save() return self def all_topics(self, page, viewer): """Topics made by a given user, most recent first. :param page: The page which should be displayed. :param viewer: The user who is viewing the page. Only posts accessible to the viewer will be returned. :rtype: flask_sqlalchemy.Pagination """ group_ids = [g.id for g in viewer.groups] topics = Topic.query.\ filter(Topic.user_id == self.id, Forum.id == Topic.forum_id, Forum.groups.any(Group.id.in_(group_ids))).\ order_by(Topic.id.desc()).\ paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False) return topics def all_posts(self, page, viewer): """Posts made by a given user, most recent first. :param page: The page which should be displayed. :param viewer: The user who is viewing the page. Only posts accessible to the viewer will be returned. :rtype: flask_sqlalchemy.Pagination """ group_ids = [g.id for g in viewer.groups] posts = Post.query.\ filter(Post.user_id == self.id, Post.topic_id == Topic.id, Topic.forum_id == Forum.id, Forum.groups.any(Group.id.in_(group_ids))).\ order_by(Post.id.desc()).\ paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False) return posts def track_topic(self, topic): """Tracks the specified topic. :param topic: The topic which should be added to the topic tracker. """ if not self.is_tracking_topic(topic): self.tracked_topics.append(topic) return self def untrack_topic(self, topic): """Untracks the specified topic. :param topic: The topic which should be removed from the topic tracker. """ if self.is_tracking_topic(topic): self.tracked_topics.remove(topic) return self def is_tracking_topic(self, topic): """Checks if the user is already tracking this topic. :param topic: The topic which should be checked. """ return self.tracked_topics.filter( topictracker.c.topic_id == topic.id).count() > 0 def add_to_group(self, group): """Adds the user to the `group` if he isn't in it. :param group: The group which should be added to the user. """ if not self.in_group(group): self.secondary_groups.append(group) return self def remove_from_group(self, group): """Removes the user from the `group` if he is in it. :param group: The group which should be removed from the user. """ if self.in_group(group): self.secondary_groups.remove(group) return self def in_group(self, group): """Returns True if the user is in the specified group. :param group: The group which should be checked. """ return self.secondary_groups.filter( groups_users.c.group_id == group.id).count() > 0 @cache.memoize() def get_groups(self): """Returns all the groups the user is in.""" return [self.primary_group] + list(self.secondary_groups) @cache.memoize() def get_permissions(self, exclude=None): """Returns a dictionary with all permissions the user has""" if exclude: exclude = set(exclude) else: exclude = set() exclude.update(['id', 'name', 'description']) perms = {} # Get the Guest group for group in self.groups: columns = set(group.__table__.columns.keys()) - set(exclude) for c in columns: perms[c] = getattr(group, c) or perms.get(c, False) return perms def invalidate_cache(self): """Invalidates this objects cached metadata.""" cache.delete_memoized(self.get_permissions, self) cache.delete_memoized(self.get_groups, self) def ban(self): """Bans the user. Returns True upon success.""" if not self.get_permissions()['banned']: banned_group = Group.query.filter(Group.banned == True).first() self.primary_group = banned_group self.save() self.invalidate_cache() return True return False def unban(self): """Unbans the user. Returns True upon success.""" if self.get_permissions()['banned']: member_group = Group.query.filter(Group.admin == False, Group.super_mod == False, Group.mod == False, Group.guest == False, Group.banned == False).first() self.primary_group = member_group self.save() self.invalidate_cache() return True return False def save(self, groups=None): """Saves a user. If a list with groups is provided, it will add those to the secondary groups from the user. :param groups: A list with groups that should be added to the secondary groups from user. """ if groups is not None: # TODO: Only remove/add groups that are selected with db.session.no_autoflush: secondary_groups = self.secondary_groups.all() for group in secondary_groups: self.remove_from_group(group) for group in groups: # Do not add the primary group to the secondary groups if group == self.primary_group: continue self.add_to_group(group) self.invalidate_cache() db.session.add(self) db.session.commit() return self def delete(self): """Deletes the User.""" db.session.delete(self) db.session.commit() return self
class User(db.Model, UserMixin, CRUDMixin): __tablename__ = "users" __searchable__ = ['username', 'email'] id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(200), unique=True, nullable=False) email = db.Column(db.String(200), unique=True, nullable=False) _password = db.Column('password', db.String(120), nullable=False) date_joined = db.Column(db.DateTime, default=datetime.utcnow()) lastseen = db.Column(db.DateTime, default=datetime.utcnow()) birthday = db.Column(db.DateTime) gender = db.Column(db.String(10)) website = db.Column(db.String(200)) location = db.Column(db.String(100)) signature = db.Column(db.Text) avatar = db.Column(db.String(200)) notes = db.Column(db.Text) last_failed_login = db.Column(db.DateTime) login_attempts = db.Column(db.Integer, default=0) activated = db.Column(db.Boolean, default=False) theme = db.Column(db.String(15)) language = db.Column(db.String(15), default="en") posts = db.relationship("Post", backref="user", lazy="dynamic") topics = db.relationship("Topic", backref="user", lazy="dynamic") post_count = db.Column(db.Integer, default=0) primary_group_id = db.Column(db.Integer, db.ForeignKey('groups.id'), nullable=False) primary_group = db.relationship('Group', lazy="joined", backref="user_group", uselist=False, foreign_keys=[primary_group_id]) secondary_groups = \ db.relationship('Group', secondary=groups_users, primaryjoin=(groups_users.c.user_id == id), backref=db.backref('users', lazy='dynamic'), lazy='dynamic') tracked_topics = \ db.relationship("Topic", secondary=topictracker, primaryjoin=(topictracker.c.user_id == id), backref=db.backref("topicstracked", lazy="dynamic"), lazy="dynamic") # Properties @property def is_active(self): """Returns the state of the account. If the ``ACTIVATE_ACCOUNT`` option has been disabled, it will always return ``True``. Is the option activated, it will, depending on the state of the account, either return ``True`` or ``False``. """ if flaskbb_config["ACTIVATE_ACCOUNT"]: if self.activated: return True return False return True @property def last_post(self): """Returns the latest post from the user.""" return Post.query.filter(Post.user_id == self.id).\ order_by(Post.date_created.desc()).first() @property def url(self): """Returns the url for the user.""" return url_for("user.profile", username=self.username) @property def permissions(self): """Returns the permissions for the user.""" return self.get_permissions() @property def groups(self): """Returns the user groups.""" return self.get_groups() @property def unread_messages(self): """Returns the unread messages for the user.""" return self.get_unread_messages() @property def unread_count(self): """Returns the unread message count for the user.""" return len(self.unread_messages) @property def days_registered(self): """Returns the amount of days the user is registered.""" days_registered = (datetime.utcnow() - self.date_joined).days if not days_registered: return 1 return days_registered @property def topic_count(self): """Returns the thread count.""" return Topic.query.filter(Topic.user_id == self.id).count() @property def posts_per_day(self): """Returns the posts per day count.""" return round((float(self.post_count) / float(self.days_registered)), 1) @property def topics_per_day(self): """Returns the topics per day count.""" return round((float(self.topic_count) / float(self.days_registered)), 1) # Methods def __repr__(self): """Set to a unique key specific to the object in the database. Required for cache.memoize() to work across requests. """ return "<{} {}>".format(self.__class__.__name__, self.username) def _get_password(self): """Returns the hashed password.""" return self._password def _set_password(self, password): """Generates a password hash for the provided password.""" if not password: return self._password = generate_password_hash(password) # Hide password encryption by exposing password field only. password = db.synonym('_password', descriptor=property(_get_password, _set_password)) def check_password(self, password): """Check passwords. If passwords match it returns true, else false.""" if self.password is None: return False return check_password_hash(self.password, password) @classmethod def authenticate(cls, login, password): """A classmethod for authenticating users. It returns the user object if the user/password combination is ok. If the user has entered too often a wrong password, he will be locked out of his account for a specified time. :param login: This can be either a username or a email address. :param password: The password that is connected to username and email. """ user = cls.query.filter( db.or_(User.username == login, User.email == login)).first() if user: if user.check_password(password): # reset them after a successful login attempt user.login_attempts = 0 user.save() return user # user exists, wrong password user.login_attempts += 1 user.last_failed_login = datetime.utcnow() user.save() # protection against account enumeration timing attacks dummy_password = os.urandom(15).encode("base-64") check_password_hash(dummy_password, password) raise AuthenticationError def recalculate(self): """Recalculates the post count from the user.""" post_count = Post.query.filter_by(user_id=self.id).count() self.post_count = post_count self.save() return self def all_topics(self, page): """Returns a paginated result with all topics the user has created.""" return Topic.query.filter(Topic.user_id == self.id).\ filter(Post.topic_id == Topic.id).\ order_by(Post.id.desc()).\ paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False) def all_posts(self, page): """Returns a paginated result with all posts the user has created.""" return Post.query.filter(Post.user_id == self.id).\ paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False) def track_topic(self, topic): """Tracks the specified topic. :param topic: The topic which should be added to the topic tracker. """ if not self.is_tracking_topic(topic): self.tracked_topics.append(topic) return self def untrack_topic(self, topic): """Untracks the specified topic. :param topic: The topic which should be removed from the topic tracker. """ if self.is_tracking_topic(topic): self.tracked_topics.remove(topic) return self def is_tracking_topic(self, topic): """Checks if the user is already tracking this topic. :param topic: The topic which should be checked. """ return self.tracked_topics.filter( topictracker.c.topic_id == topic.id).count() > 0 def add_to_group(self, group): """Adds the user to the `group` if he isn't in it. :param group: The group which should be added to the user. """ if not self.in_group(group): self.secondary_groups.append(group) return self def remove_from_group(self, group): """Removes the user from the `group` if he is in it. :param group: The group which should be removed from the user. """ if self.in_group(group): self.secondary_groups.remove(group) return self def in_group(self, group): """Returns True if the user is in the specified group. :param group: The group which should be checked. """ return self.secondary_groups.filter( groups_users.c.group_id == group.id).count() > 0 @cache.memoize(timeout=max_integer) def get_groups(self): """Returns all the groups the user is in.""" return [self.primary_group] + list(self.secondary_groups) @cache.memoize(timeout=max_integer) def get_permissions(self, exclude=None): """Returns a dictionary with all permissions the user has""" if exclude: exclude = set(exclude) else: exclude = set() exclude.update(['id', 'name', 'description']) perms = {} # Get the Guest group for group in self.groups: columns = set(group.__table__.columns.keys()) - set(exclude) for c in columns: perms[c] = getattr(group, c) or perms.get(c, False) return perms @cache.memoize(timeout=max_integer) def get_unread_messages(self): """Returns all unread messages for the user.""" unread_messages = Conversation.query.\ filter(Conversation.unread, Conversation.user_id == self.id).all() return unread_messages def invalidate_cache(self, permissions=True, messages=True): """Invalidates this objects cached metadata. :param permissions_only: If set to ``True`` it will only invalidate the permissions cache. Otherwise it will also invalidate the user's unread message cache. """ if messages: cache.delete_memoized(self.get_unread_messages, self) if permissions: cache.delete_memoized(self.get_permissions, self) cache.delete_memoized(self.get_groups, self) def ban(self): """Bans the user. Returns True upon success.""" if not self.get_permissions()['banned']: banned_group = Group.query.filter(Group.banned == True).first() self.primary_group_id = banned_group.id self.save() self.invalidate_cache() return True return False def unban(self): """Unbans the user. Returns True upon success.""" if self.get_permissions()['banned']: member_group = Group.query.filter(Group.admin == False, Group.super_mod == False, Group.mod == False, Group.guest == False, Group.banned == False).first() self.primary_group_id = member_group.id self.save() self.invalidate_cache() return True return False def save(self, groups=None): """Saves a user. If a list with groups is provided, it will add those to the secondary groups from the user. :param groups: A list with groups that should be added to the secondary groups from user. """ if groups is not None: # TODO: Only remove/add groups that are selected secondary_groups = self.secondary_groups.all() for group in secondary_groups: self.remove_from_group(group) db.session.commit() for group in groups: # Do not add the primary group to the secondary groups if group.id == self.primary_group_id: continue self.add_to_group(group) self.invalidate_cache() db.session.add(self) db.session.commit() return self def delete(self): """Deletes the User.""" # This isn't done automatically... Conversation.query.filter_by(user_id=self.id).delete() ForumsRead.query.filter_by(user_id=self.id).delete() TopicsRead.query.filter_by(user_id=self.id).delete() # This should actually be handeld by the dbms.. but dunno why it doesnt # work here from flaskbb.forum.models import Forum last_post_forums = Forum.query.\ filter_by(last_post_user_id=self.id).all() for forum in last_post_forums: forum.last_post_user_id = None forum.save() db.session.delete(self) db.session.commit() return self
class User(db.Model, UserMixin, CRUDMixin): __tablename__ = "users" __searchable__ = ['username', 'email'] id = db.Column(db.Integer, primary_key=True) username = db.Column(db.String(200), unique=True, nullable=False) email = db.Column(db.String(200), unique=True, nullable=False) _password = db.Column('password', db.String(120), nullable=False) date_joined = db.Column(db.DateTime, default=datetime.utcnow()) lastseen = db.Column(db.DateTime, default=datetime.utcnow()) birthday = db.Column(db.DateTime) gender = db.Column(db.String(10)) website = db.Column(db.String(200)) location = db.Column(db.String(100)) signature = db.Column(db.Text) avatar = db.Column(db.String(200)) notes = db.Column(db.Text) theme = db.Column(db.String(15)) language = db.Column(db.String(15), default="en") posts = db.relationship("Post", backref="user", lazy="dynamic") topics = db.relationship("Topic", backref="user", lazy="dynamic") post_count = db.Column(db.Integer, default=0) primary_group_id = db.Column(db.Integer, db.ForeignKey('groups.id'), nullable=False) primary_group = db.relationship('Group', lazy="joined", backref="user_group", uselist=False, foreign_keys=[primary_group_id]) secondary_groups = \ db.relationship('Group', secondary=groups_users, primaryjoin=(groups_users.c.user_id == id), backref=db.backref('users', lazy='dynamic'), lazy='dynamic') tracked_topics = \ db.relationship("Topic", secondary=topictracker, primaryjoin=(topictracker.c.user_id == id), backref=db.backref("topicstracked", lazy="dynamic"), lazy="dynamic") # Properties @property def last_post(self): """Returns the latest post from the user""" return Post.query.filter(Post.user_id == self.id).\ order_by(Post.date_created.desc()).first() @property def url(self): """Returns the url for the user""" return url_for("user.profile", username=self.username) @property def permissions(self): """Returns the permissions for the user""" return self.get_permissions() @property def groups(self): """Returns user groups""" return self.get_groups() @property def days_registered(self): """Returns the amount of days the user is registered.""" days_registered = (datetime.utcnow() - self.date_joined).days if not days_registered: return 1 return days_registered @property def topic_count(self): """Returns the thread count""" return Topic.query.filter(Topic.user_id == self.id).count() @property def posts_per_day(self): """Returns the posts per day count""" return round((float(self.post_count) / float(self.days_registered)), 1) @property def topics_per_day(self): """Returns the topics per day count""" return round((float(self.topic_count) / float(self.days_registered)), 1) # Methods def __repr__(self): """Set to a unique key specific to the object in the database. Required for cache.memoize() to work across requests. """ return "<{} {}>".format(self.__class__.__name__, self.username) def _get_password(self): """Returns the hashed password""" return self._password def _set_password(self, password): """Generates a password hash for the provided password""" self._password = generate_password_hash(password) # Hide password encryption by exposing password field only. password = db.synonym('_password', descriptor=property(_get_password, _set_password)) def check_password(self, password): """Check passwords. If passwords match it returns true, else false""" if self.password is None: return False return check_password_hash(self.password, password) @classmethod def authenticate(cls, login, password): """A classmethod for authenticating users It returns true if the user exists and has entered a correct password :param login: This can be either a username or a email address. :param password: The password that is connected to username and email. """ user = cls.query.filter( db.or_(User.username == login, User.email == login)).first() if user: authenticated = user.check_password(password) else: authenticated = False return user, authenticated def _make_token(self, data, timeout): s = Serializer(current_app.config['SECRET_KEY'], timeout) return s.dumps(data) def _verify_token(self, token): s = Serializer(current_app.config['SECRET_KEY']) data = None expired, invalid = False, False try: data = s.loads(token) except SignatureExpired: expired = True except Exception: invalid = True return expired, invalid, data def make_reset_token(self, expiration=3600): """Creates a reset token. The duration can be configured through the expiration parameter. :param expiration: The time in seconds how long the token is valid. """ return self._make_token({'id': self.id, 'op': 'reset'}, expiration) def verify_reset_token(self, token): """Verifies a reset token. It returns three boolean values based on the state of the token (expired, invalid, data) :param token: The reset token that should be checked. """ expired, invalid, data = self._verify_token(token) if data and data.get('id') == self.id and data.get('op') == 'reset': data = True else: data = False return expired, invalid, data def recalculate(self): """Recalculates the post count from the user.""" post_count = Post.query.filter_by(user_id=self.id).count() self.post_count = post_count self.save() return self def all_topics(self, page): """Returns a paginated result with all topics the user has created.""" return Topic.query.filter(Topic.user_id == self.id).\ filter(Post.topic_id == Topic.id).\ order_by(Post.id.desc()).\ paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False) def all_posts(self, page): """Returns a paginated result with all posts the user has created.""" return Post.query.filter(Post.user_id == self.id).\ paginate(page, flaskbb_config['TOPICS_PER_PAGE'], False) def track_topic(self, topic): """Tracks the specified topic :param topic: The topic which should be added to the topic tracker. """ if not self.is_tracking_topic(topic): self.tracked_topics.append(topic) return self def untrack_topic(self, topic): """Untracks the specified topic :param topic: The topic which should be removed from the topic tracker. """ if self.is_tracking_topic(topic): self.tracked_topics.remove(topic) return self def is_tracking_topic(self, topic): """Checks if the user is already tracking this topic :param topic: The topic which should be checked. """ return self.tracked_topics.filter( topictracker.c.topic_id == topic.id).count() > 0 def add_to_group(self, group): """Adds the user to the `group` if he isn't in it. :param group: The group which should be added to the user. """ if not self.in_group(group): self.secondary_groups.append(group) return self def remove_from_group(self, group): """Removes the user from the `group` if he is in it. :param group: The group which should be removed from the user. """ if self.in_group(group): self.secondary_groups.remove(group) return self def in_group(self, group): """Returns True if the user is in the specified group :param group: The group which should be checked. """ return self.secondary_groups.filter( groups_users.c.group_id == group.id).count() > 0 @cache.memoize(timeout=max_integer) def get_groups(self): """Returns all the groups the user is in.""" return [self.primary_group] + list(self.secondary_groups) @cache.memoize(timeout=max_integer) def get_permissions(self, exclude=None): """Returns a dictionary with all the permissions the user has. :param exclude: a list with excluded permissions. default is None. """ exclude = exclude or [] exclude.extend(['id', 'name', 'description']) perms = {} groups = self.secondary_groups.all() groups.append(self.primary_group) for group in groups: for c in group.__table__.columns: # try if the permission already exists in the dictionary # and if the permission is true, set it to True try: if not perms[c.name] and getattr(group, c.name): perms[c.name] = True # if the permission doesn't exist in the dictionary # add it to the dictionary except KeyError: # if the permission is in the exclude list, # skip to the next permission if c.name in exclude: continue perms[c.name] = getattr(group, c.name) return perms def invalidate_cache(self): """Invalidates this objects cached metadata.""" cache.delete_memoized(self.get_permissions, self) cache.delete_memoized(self.get_groups, self) def ban(self): """Bans the user. Returns True upon success.""" if not self.get_permissions()['banned']: banned_group = Group.query.filter(Group.banned == True).first() self.primary_group_id = banned_group.id self.save() self.invalidate_cache() return True return False def unban(self): """Unbans the user. Returns True upon success.""" if self.get_permissions()['banned']: member_group = Group.query.filter(Group.admin == False, Group.super_mod == False, Group.mod == False, Group.guest == False, Group.banned == False).first() self.primary_group_id = member_group.id self.save() self.invalidate_cache() return True return False def save(self, groups=None): """Saves a user. If a list with groups is provided, it will add those to the secondary groups from the user. :param groups: A list with groups that should be added to the secondary groups from user. """ if groups is not None: # TODO: Only remove/add groups that are selected secondary_groups = self.secondary_groups.all() for group in secondary_groups: self.remove_from_group(group) db.session.commit() for group in groups: # Do not add the primary group to the secondary groups if group.id == self.primary_group_id: continue self.add_to_group(group) self.invalidate_cache() db.session.add(self) db.session.commit() return self def delete(self): """Deletes the User.""" # This isn't done automatically... Conversation.query.filter_by(user_id=self.id).delete() ForumsRead.query.filter_by(user_id=self.id).delete() TopicsRead.query.filter_by(user_id=self.id).delete() # This should actually be handeld by the dbms.. but dunno why it doesnt # work here from flaskbb.forum.models import Forum last_post_forums = Forum.query.\ filter_by(last_post_user_id=self.id).all() for forum in last_post_forums: forum.last_post_user_id = None forum.save() db.session.delete(self) db.session.commit() return self