Пример #1
0
def edit(user_id=None):

    if request.args.get('internaute'):
        title_page = 'Internautes'
    else:
        title_page = 'Utilisateurs'

    if user_id:

        data = Users.objects.get(id=user_id)

        if current_user.has_roles([('super_admin', 'user')],
                                  ['edit']) and data.id == current_user.id:
            return redirect(url_for('user.view', user_id=user_id))

        form = FormUser(obj=data)
        form.id.data = str(data.id)

        # liste des roles lie a l'utiliasteur en cours
        attrib_list = [role.role_id.id for role in data.roles]

        # liste des roles lie a l'utiliasteur en cours avec le droit d'edition
        edit_list = [
            role.role_id.id for role in data.roles if role.edit == True
        ]

        # liste des roles lie a l'utiliasteur en cours avec le droit de suppression
        delete_list = [
            role.role_id.id for role in data.roles if role.deleted == True
        ]

        liste_role = []
        data_role = Roles.objects(valeur__ne='super_admin')

        for role in data_role:
            if not role.parent:
                module = {}
                module['titre'] = role.titre
                module['id'] = role.id
                enfants = Roles.objects(parent=role.id)
                module['role'] = []
                for enfant in enfants:
                    rol = {}
                    rol['id'] = enfant.id
                    rol['titre'] = enfant.titre
                    rol['action'] = enfant.action
                    module['role'].append(rol)
                liste_role.append(module)

    else:
        data = Users()
        form = FormUser()
        if request.args.get('field_soldier'):
            form.user.data = 1
        else:
            form.user.data = 2

    if form.validate_on_submit(
    ) and request.method == 'POST' and current_user.has_roles(
        [('super_admin', 'user')], ['edit']) and current_user.id != data.id:

        data.first_name = form.first_name.data
        data.last_name = form.last_name.data

        if form.email.data != data.email and user_id:
            flash('L\'adresse email ne peut etre modifier dans cette action.',
                  'warning')

        if not user_id:
            data.email = form.email.data
            data.user = int(form.user.data)
            count_user = Users.objects(user__gte=1).count()
            data.ref = function.reference(count=count_user + 1,
                                          caractere=4,
                                          user=True,
                                          refuser=None)

        data.fonction = form.fonction.data
        data.phone = form.phone.data
        data.note = form.note.data

        if not user_id:
            data.activated = False

        data = data.save()

        if not user_id:

            from ..company.models_company import Company

            info = Company.objects.first()

            token = generate_confirmation_token(data.email)
            confirm_url = url_for('user_param.confirm_email',
                                  user_id=data.id,
                                  token=token,
                                  _external=True)
            html = render_template('template_mail/user/activate.html',
                                   **locals())

            msg = Message()
            msg.recipients = [data.email]
            msg.add_recipient(info.senderNotification)
            msg.subject = data.full_name(
            ) + ', veuillez confirmer votre adresse e-mail'
            msg.sender = (info.senderNotification, '*****@*****.**')

            msg.html = html
            mail.send(msg)

            flash(
                'Un mail de confirmation a ete envoye dans l\'adresse email fournit lors de la creation.',
                'success')

        if user_id:
            form_attrib = request.form.getlist('attrib')

            form_edit = request.form.getlist('edit')
            form_delete = request.form.getlist('delete')

            # Insertion des roles et authorisation en provenance du formulaire
            for attrib in form_attrib:

                role_form = Roles.objects.get(id=attrib)
                profil_role_exist = Users.objects(
                    Q(roles__role_id=role_form.id) & Q(id=data.id))

                if profil_role_exist:
                    if attrib in form_edit:
                        profil_role_exist.update_one(set__roles__S__edit=True)
                    else:
                        profil_role_exist.update_one(set__roles__S__edit=False)

                    if attrib in form_delete:
                        profil_role_exist.update_one(
                            set__roles__S__deleted=True)
                    else:
                        profil_role_exist.update_one(
                            set__roles__S__deleted=False)
                else:
                    profil_role_create = UserRole()
                    profil_role_create.role_id = role_form
                    if attrib in form_edit:
                        profil_role_create.edit = True
                    else:
                        profil_role_create.edit = False

                    if attrib in form_delete:
                        profil_role_create.deleted = True
                    else:
                        profil_role_create.deleted = False

                    data = Users.objects.get(id=user_id)
                    data.roles.append(profil_role_create)
                    data.save()

            for role in data.roles:
                if str(role.role_id.id) not in form_attrib:
                    profil_role_exist = Users.objects(id=data.id).update_one(
                        pull__roles__role_id=role.role_id)

        flash('Enregistement effectue avec succes', 'success')

        if request.form['nouveau'] == '1':
            return redirect(url_for('user_param.edit'))
        else:

            return redirect(url_for('user_param.view', user_id=data.id))

    return render_template('user/edit.html', **locals())
Пример #2
0
def permission(user_id):
    menu = 'user'
    submenu = 'users'
    context = 'permission'
    title_page = 'Parametre - Utilisateurs'

    user = Users.objects.get(id=user_id)

    # liste des roles lie a l'utiliasteur en cours
    attrib = UserRole.objects(
        user_id = user.id
    )
    attrib_list = [role.role_id.id for role in attrib]

    # liste des roles lie a l'utiliasteur en cours avec le droit d'edition
    edit = UserRole.objects(Q(user_id=user.id) & Q(edit=True))
    edit_list = [role.role_id.id for role in edit]

    # liste des roles lie a l'utiliasteur en cours avec le droit de suppression
    delete = UserRole.objects(Q(user_id=user.id) & Q(deleted=True))
    delete_list = [role.role_id.id for role in delete]


    liste_role = []
    data_role = Roles.objects(
        valeur__ne='super_admin'
    )

    for role in data_role:
        if not role.parent:
            module = {}
            module['titre'] = role.titre
            module['id'] = role.id
            enfants = Roles.objects(
                parent = role.id
            )
            module['role'] = []
            for enfant in enfants:
                rol = {}
                rol['id'] = enfant.id
                rol['titre'] = enfant.titre
                rol['action'] = enfant.action
                module['role'].append(rol)
            liste_role.append(module)

    # liste des profils de l'application
    list_profil = Profil.objects(
        active=True
    )

    profil_select = None
    if request.args.get('profil') and request.method == 'GET':

        profil_select = int(request.args.get('profil'))
        profil_request = Profil.objects.get(id=request.args.get('profil'))

        attrib = ProfilRole.objects(
            profil_id= profil_request.id
        )

        attrib_list = [role.role_id.id for role in attrib]

        # liste des roles lie a l'utiliasteur en cours avec le droit d'edition
        edit = ProfilRole.objects(Q(profil_id=profil_request) & Q(edit=True))
        edit_list = [role.role_id.id for role in edit]

        # liste des roles lie a l'utiliasteur en cours avec le droit de suppression
        delete = ProfilRole.objects(Q(profil_id=profil_request.id) & Q(deleted=True))
        delete_list = [role.role_id.id for role in delete]


    if request.method == 'POST' and current_user.has_roles([('super_admin', 'user_permission')], ['edit']):

        form_attrib = request.form.getlist('attrib')

        # if not form_attrib and attrib_list:
        #     flash('Les utilisateurs ne doivent pas exister sans permission dans l\'application', 'warning')
        #     return redirect(url_for('user_param.permission', user_id=user_id))
        # elif form_attrib:
        #     user.is_enabled = True
        #     user.put()

        form_edit = request.form.getlist('edit')
        form_delete = request.form.getlist('delete')

        # liste des roles lie au profil et supprimer ce qui ne sont plus attribue
        current_profil_role = UserRole.objects(
            user_id = user.id
        )
        for current in current_profil_role:
            if current.role_id.id not in form_attrib:
                current.delete()

        # Insertion des roles et authorisation en provenance du formulaire
        for attrib in form_attrib:

            role_form = Roles.objects.get(id=attrib)

            profil_role_exist = UserRole.objects(Q(role_id=role_form.id) & Q(user_id=user.id)).first()

            if profil_role_exist:
                if attrib in form_edit:
                    profil_role_exist.edit = True
                else:
                    profil_role_exist.edit = False

                if attrib in form_delete:
                    profil_role_exist.deleted = True
                else:
                    profil_role_exist.deleted = False

                profil_role_exist.save()
            else:
                profil_role_create = UserRole()
                profil_role_create.role_id = role_form
                profil_role_create.user_id = user
                if attrib in form_edit:
                    profil_role_create.edit = True
                else:
                    profil_role_create.edit = False

                if attrib in form_delete:
                    profil_role_create.deleted = True
                else:
                    profil_role_create.deleted = False

                profil_role_create.save()

        flash('Enregistement effectue avec succes', 'success')
        return redirect(url_for('user_param.permission', user_id=user_id))

    return render_template('user/permission.html', **locals())