def __init__(self):
self.a_role = RoleApi()
class UserApi(GenericApi):
complex_params = ['posts', 'roles'] # List of role_ids
simple_params = ['email', 'password', 'username']
required_params = ['email', 'password']
possible_params = simple_params + complex_params
def __init__(self):
self.a_role = RoleApi()
def create(self, input_data):
"""
Add a new user. See TagApi.create().
:param input_data:
:return:
"""
cleaned_data = self.clean_input(input_data)
try:
existing_user = self.get_by_user(cleaned_data['email'])
except DatabaseItemDoesNotExist:
existing_user = None
if existing_user:
raise DatabaseItemAlreadyExists('A user called {0} already exists.'.format(input_data['email']))
new_user = User(email=cleaned_data['email'], password=input_data['password'])
db.session.add(new_user)
db.session.commit()
# Add the roles
for role_id in cleaned_data['roles']:
new_user.roles.append(self.a_role.read(role_id))
db.session.commit()
return new_user
def read(self, user_id):
"""
Return a user by its id.
:param user_id:
:return:
"""
existing_user = User.query.filter(User.id == user_id).first()
if existing_user is None:
raise DatabaseItemDoesNotExist('No user with id {0}'.format(user_id))
return existing_user
def update(self, user_id, input_data, update_password=True):
"""
Update an existing user. See TagApi.update()
If update_password is true, the password will be updated,
even if it is empty. Otherwise, it will not be changed,
even if it has changed from what we have in the DB.
:param user_id:
:param input_data:
:param update_password:
:return:
"""
cleaned_data = self.clean_input(input_data)
existing_user = self.read(user_id)
# Update simple attributes
existing_user = self.update_user(existing_user, cleaned_data, update_password=update_password)
# Update roles
existing_user = self.remove_roles(existing_user)
for role_id in cleaned_data['roles']:
existing_user.roles.append(self.a_role.read(role_id))
db.session.commit()
return existing_user
def delete(self, user_id):
"""
Delete a user identified by user_id. See TagApi.delete()
:param user_id:
:return:
"""
existing_user = self.read(user_id)
db.session.delete(existing_user)
db.session.commit()
return True
def get_by_user(self, user_name):
"""
Get a user by its user_name
:param user_name:
:return:
"""
existing_user = User.query.filter(User.username == user_name).first()
if existing_user is None:
raise DatabaseItemDoesNotExist('No user called {0}'.format(user_name))
return existing_user
def check_password(self, user_id, user_password):
"""
Check whether the password for a user_id is correct. If it is, return the user, otherwise, raise InvalidPassword
:param user_id:
:param user_password:
:return:
"""
existing_user = self.read(user_id)
if existing_user.verify_password(user_password):
return existing_user
else:
raise InvalidPassword
def list(self):
"""
List all users
:return:
"""
all_users = User.query.all()
return all_users
def clean_input(self, unclean_data):
cleaned_data = self.clean_input_data(unclean_data, complex_params=self.complex_params,
possible_params=self.possible_params, required_params=self.required_params)
cleaned_data['username'] = cleaned_data['email']
return cleaned_data
def remove_roles(self, entity):
for role in entity.roles:
entity.roles.remove(role)
db.session.commit()
return entity
def update_user(self, existing_user, cleaned_data, update_password=True):
"""
Update an existing user with cleaned_data, but instead of directly setting user.password (which is impossible),
it uses user.set_password(). However, we need to remove the item 'password' from simple_params or otherwise
self.update_simple_attributes() will try to set it and fail. We will however, not call user.set_password()
if update_password is false.
:param existing_user:
:param cleaned_data:
:param update_password:
:return:
"""
unhashed_password = cleaned_data['password']
simple_params = deepcopy(self.simple_params)
simple_params.remove('password')
# We can't set password via this method, because the database object only has password_hash
existing_user = self.update_simple_attributes(existing_user, simple_params, cleaned_data)
# Update password
if update_password is True:
existing_user.set_password(unhashed_password)
return existing_user
def __init__(self):
self.a_role = RoleApi()
from flask import render_template, url_for, flash, request, redirect
from flask.ext.login import login_required
from helptux import app
from helptux.modules.api.role import RoleApi
from helptux.modules.api.user import UserApi
from helptux.modules.error import DatabaseItemAlreadyExists, RequiredAttributeMissing, DatabaseItemDoesNotExist
from helptux.modules.user.authentication import must_be_admin
from helptux.views.forms.user.admin import UserCreateForm, UserDeleteForm, UserModifyForm
a_roles = RoleApi()
db_roles = a_roles.list()
possible_roles = []
for db_role in db_roles:
possible_roles.append((db_role.id, db_role.role))
@app.route('/admin/user/view/<int:user_id>')
@login_required
@must_be_admin
def v_user_view(user_id):
pass
@app.route('/admin/user/list', methods=['GET'])
@login_required
@must_be_admin
def v_user_list():
a_user = UserApi()
l_users = a_user.list()
return render_template('admin/user/list.html', users=l_users)
class UserApi(GenericApi):
complex_params = ['posts', 'roles'] # List of role_ids
simple_params = ['email', 'password', 'username']
required_params = ['email', 'password']
possible_params = simple_params + complex_params
def __init__(self):
self.a_role = RoleApi()
def create(self, input_data):
"""
Add a new user. See TagApi.create().
:param input_data:
:return:
"""
cleaned_data = self.clean_input(input_data)
try:
existing_user = self.get_by_user(cleaned_data['email'])
except DatabaseItemDoesNotExist:
existing_user = None
if existing_user:
raise DatabaseItemAlreadyExists(
'A user called {0} already exists.'.format(
input_data['email']))
new_user = User(email=cleaned_data['email'],
password=input_data['password'])
db.session.add(new_user)
db.session.commit()
# Add the roles
for role_id in cleaned_data['roles']:
new_user.roles.append(self.a_role.read(role_id))
db.session.commit()
return new_user
def read(self, user_id):
"""
Return a user by its id.
:param user_id:
:return:
"""
existing_user = User.query.filter(User.id == user_id).first()
if existing_user is None:
raise DatabaseItemDoesNotExist(
'No user with id {0}'.format(user_id))
return existing_user
def update(self, user_id, input_data, update_password=True):
"""
Update an existing user. See TagApi.update()
If update_password is true, the password will be updated,
even if it is empty. Otherwise, it will not be changed,
even if it has changed from what we have in the DB.
:param user_id:
:param input_data:
:param update_password:
:return:
"""
cleaned_data = self.clean_input(input_data)
existing_user = self.read(user_id)
# Update simple attributes
existing_user = self.update_user(existing_user,
cleaned_data,
update_password=update_password)
# Update roles
existing_user = self.remove_roles(existing_user)
for role_id in cleaned_data['roles']:
existing_user.roles.append(self.a_role.read(role_id))
db.session.commit()
return existing_user
def delete(self, user_id):
"""
Delete a user identified by user_id. See TagApi.delete()
:param user_id:
:return:
"""
existing_user = self.read(user_id)
db.session.delete(existing_user)
db.session.commit()
return True
def get_by_user(self, user_name):
"""
Get a user by its user_name
:param user_name:
:return:
"""
existing_user = User.query.filter(User.username == user_name).first()
if existing_user is None:
raise DatabaseItemDoesNotExist(
'No user called {0}'.format(user_name))
return existing_user
def check_password(self, user_id, user_password):
"""
Check whether the password for a user_id is correct. If it is, return the user, otherwise, raise InvalidPassword
:param user_id:
:param user_password:
:return:
"""
existing_user = self.read(user_id)
if existing_user.verify_password(user_password):
return existing_user
else:
raise InvalidPassword
def list(self):
"""
List all users
:return:
"""
all_users = User.query.all()
return all_users
def clean_input(self, unclean_data):
cleaned_data = self.clean_input_data(
unclean_data,
complex_params=self.complex_params,
possible_params=self.possible_params,
required_params=self.required_params)
cleaned_data['username'] = cleaned_data['email']
return cleaned_data
def remove_roles(self, entity):
for role in entity.roles:
entity.roles.remove(role)
db.session.commit()
return entity
def update_user(self, existing_user, cleaned_data, update_password=True):
"""
Update an existing user with cleaned_data, but instead of directly setting user.password (which is impossible),
it uses user.set_password(). However, we need to remove the item 'password' from simple_params or otherwise
self.update_simple_attributes() will try to set it and fail. We will however, not call user.set_password()
if update_password is false.
:param existing_user:
:param cleaned_data:
:param update_password:
:return:
"""
unhashed_password = cleaned_data['password']
simple_params = deepcopy(self.simple_params)
simple_params.remove('password')
# We can't set password via this method, because the database object only has password_hash
existing_user = self.update_simple_attributes(existing_user,
simple_params,
cleaned_data)
# Update password
if update_password is True:
existing_user.set_password(unhashed_password)
return existing_user
