def users(user_id=None): """Manage users of PYBOSSA.""" form = SearchForm(request.body) users = [ user for user in user_repo.filter_by(admin=True) if user.id != current_user.id ] if request.method == 'POST' and form.user.data: query = form.user.data found = [ user for user in user_repo.search_by_name(query) if user.id != current_user.id ] [ensure_authorized_to('update', found_user) for found_user in found] if not found: flash("<strong>Ooops!</strong> We didn't find a user " "matching your query: <strong>%s</strong>" % form.user.data) response = dict(template='/admin/users.html', found=found, users=users, title=gettext("Manage Admin Users"), form=form) return handle_content_type(response) response = dict(template='/admin/users.html', found=[], users=users, title=gettext("Manage Admin Users"), form=form) return handle_content_type(response)
def confirm_account(): key = request.args.get('key') if key is None: abort(403) try: userdict = signer.loads(key, max_age=3600, salt='account-validation') except BadData: abort(403) # First check if the user exists users = user_repo.filter_by(name=userdict['name']) if len(users) == 1 and users[0].name == userdict['name']: u = users[0] u.valid_email = True u.confirmation_email_sent = False u.email_addr = userdict['email_addr'] user_repo.update(u) flash(gettext('Your email has been validated.')) if newsletter.app: return redirect(url_for('account.newsletter_subscribe')) else: return redirect(url_for('home.home')) account = model.user.User(fullname=userdict['fullname'], name=userdict['name'], email_addr=userdict['email_addr'], valid_email=True) account.set_password(userdict['password']) user_repo.save(account) login_user(account, remember=True) flash(gettext('Thanks for signing-up'), 'success') if newsletter.app: return redirect(url_for('account.newsletter_subscribe')) else: return redirect(url_for('home.home'))
def users(user_id=None): """Manage users of PyBossa""" try: form = SearchForm(request.form) users = [ user for user in user_repo.filter_by(admin=True) if user.id != current_user.id ] if request.method == 'POST' and form.user.data: query = form.user.data found = [ user for user in user_repo.search_by_name(query) if user.id != current_user.id ] require.user.update(found) if not found: flash("<strong>Ooops!</strong> We didn't find a user " "matching your query: <strong>%s</strong>" % form.user.data) return render_template('/admin/users.html', found=found, users=users, title=gettext("Manage Admin Users"), form=form) return render_template('/admin/users.html', found=[], users=users, title=gettext("Manage Admin Users"), form=form) except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def subadminusers(user_id=None): """Manage subadminusers of PyBossa.""" form = SearchForm(request.form) users = [ user for user in user_repo.filter_by(subadmin=True) if user.id != current_user.id ] if request.method == 'POST' and form.user.data: query = form.user.data found = [ user for user in user_repo.search_by_name(query) if user.id != current_user.id ] [ensure_authorized_to('update', found_user) for found_user in found] if not found: flash("<strong>Ooops!</strong> We didn't find a user " "matching your query: <strong>%s</strong>" % form.user.data) return render_template('/admin/subadminusers.html', found=found, users=users, title=gettext("Manage Subadmin Users"), form=form) return render_template('/admin/subadminusers.html', found=[], users=users, title=gettext("Manage Subadmin Users"), form=form)
def subadminusers(): """Manage subadminusers of PyBossa.""" form = SearchForm(request.form) users = [user for user in user_repo.filter_by(subadmin=True) if user.id != current_user.id] if request.method == 'POST' and form.user.data: query = form.user.data filters = {'subadmin': True, 'enabled': True} found = [user for user in user_repo.search_by_name_orfilters(query, **filters) if user.id != current_user.id] [ensure_authorized_to('update', found_user) for found_user in found] if not found: markup = Markup('<strong>{}</strong> {} <strong>{}</strong>') flash(markup.format(gettext('Ooops!'), gettext("We didn't find any enabled user matching your query:"), form.user.data)) return render_template('/admin/subadminusers.html', found=found, users=users, title=gettext("Manage Subadmin Users"), form=form) return render_template('/admin/subadminusers.html', found=[], users=users, title=gettext("Manage Subadmin Users"), form=form)
def users(user_id=None): """Manage users of PYBOSSA.""" form = SearchForm(request.body) users = [user for user in user_repo.filter_by(admin=True) if user.id != current_user.id] if request.method == 'POST' and form.user.data: query = form.user.data filters = {'admin': True, 'enabled': True} found = [user for user in user_repo.search_by_name_orfilters(query, **filters) if user.id != current_user.id] [ensure_authorized_to('update', found_user) for found_user in found] if not found: markup = Markup('<strong>{}</strong> {} <strong>{}</strong>') flash(markup.format(gettext("Ooops!"), gettext("We didn't find any enabled user matching your query:"), form.user.data)) response = dict(template='/admin/users.html', found=found, users=users, title=gettext("Manage Admin Users"), form=form) return handle_content_type(response) response = dict(template='/admin/users.html', found=[], users=users, title=gettext("Manage Admin Users"), form=form) return handle_content_type(response)
def respond_csv(): tmp = 'attachment; filename=all_users.csv' dict_users = [] for user in user_repo.filter_by(restrict=False): dict_users.append(user.dictize()) df = pd.DataFrame.from_dict(dict_users) res = Response(df.to_csv(columns=exportable_attributes, index=False), mimetype='text/csv') res.headers['Content-Disposition'] = tmp return res
def users(user_id=None): """Manage users of PyBossa.""" form = SearchForm(request.form) users = [user for user in user_repo.filter_by(admin=True) if user.id != current_user.id] if request.method == 'POST' and form.user.data: query = form.user.data found = [user for user in user_repo.search_by_name(query) if user.id != current_user.id] [ensure_authorized_to('update', found_user) for found_user in found] if not found: flash("<strong>Ooops!</strong> We didn't find a user " "matching your query: <strong>%s</strong>" % form.user.data) return render_template('/admin/users.html', found=found, users=users, title=gettext("Manage Admin Users"), form=form) return render_template('/admin/users.html', found=[], users=users, title=gettext("Manage Admin Users"), form=form)
def add_admin(user_id=None): """Add admin flag for user_id.""" try: if user_id: user = user_repo.get(user_id) if not user: return format_error('User not found', 404) if not user.enabled: markup = Markup('<strong>{}</strong> {} <strong>{}</strong>') flash( markup.format(gettext('User account '), user.fullname, gettext(' is disabled'))) return redirect_content_type(url_for(".users")) if not can_have_super_user_access(user): markup = Markup('<strong>{} {}</strong> {} {}') flash( markup.format(gettext('Denied admin privileges to'), user.fullname, user.email_addr, 'disqualify for admin access.')) return redirect_content_type(url_for(".users")) ensure_authorized_to('update', user) admins_emails = [ u.email_addr for u in user_repo.filter_by(admin=True) ] admins_msg = generate_notification_email_for_admins( user, admins_emails, "Admin") mail_queue.enqueue(send_mail, admins_msg) user.admin = True user_repo.update(user) msg = generate_invitation_email_for_admins_subadmins(user, "Admin") mail_queue.enqueue(send_mail, msg) return redirect_content_type(url_for(".users")) except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def users(user_id=None): """Manage users of PyBossa""" try: form = SearchForm(request.form) users = [user for user in user_repo.filter_by(admin=True) if user.id != current_user.id] if request.method == 'POST' and form.user.data: query = form.user.data found = [user for user in user_repo.search_by_name(query) if user.id != current_user.id] require.user.update(found) if not found: flash("<strong>Ooops!</strong> We didn't find a user " "matching your query: <strong>%s</strong>" % form.user.data) return render_template('/admin/users.html', found=found, users=users, title=gettext("Manage Admin Users"), form=form) return render_template('/admin/users.html', found=[], users=users, title=gettext("Manage Admin Users"), form=form) except Exception as e: # pragma: no cover current_app.logger.error(e) return abort(500)
def users(user_id=None): """Manage users of PYBOSSA.""" form = SearchForm(request.body) users = [user for user in user_repo.filter_by(admin=True) if user.id != current_user.id] if request.method == 'POST' and form.user.data: query = form.user.data found = [user for user in user_repo.search_by_name(query) if user.id != current_user.id] [ensure_authorized_to('update', found_user) for found_user in found] if not found: markup = Markup('<strong>{}</strong> {} <strong>{}</strong>') flash(markup.format(gettext("Ooops!"), gettext("We didn't find a user matching your query:"), form.user.data)) response = dict(template='/admin/users.html', found=found, users=users, title=gettext("Manage Admin Users"), form=form) return handle_content_type(response) response = dict(template='/admin/users.html', found=[], users=users, title=gettext("Manage Admin Users"), form=form) return handle_content_type(response)
def gen_json(): users = user_repo.filter_by(restrict=False) json_users = [] for user in users: json_users.append(dictize_with_exportable_attributes(user)) return json.dumps(json_users)
def gen_csv(out, writer, write_user): add_headers(writer) for user in user_repo.filter_by(restrict=False): write_user(writer, user) yield out.getvalue()
def manageusers(): """Enable/disable users of PyBossa.""" found = [] locs = countries() langs = languages() utypes = user_types() timezone = [time[0] for time in timezones()] args = request.args form = SearchForm(request.form) efilters = dict(enabled=True) dfilters = dict(enabled=False) if not current_user.admin: efilters.update(admin=False, subadmin=False) dfilters.update(admin=False, subadmin=False) users = [ user for user in user_repo.filter_by(**efilters) if user.id != current_user.id ] disabledusers = [ user for user in user_repo.filter_by(**dfilters) if user.id != current_user.id ] columns = user_repo.get_info_columns() if args.get('filter_by_field'): search_criteria = [] params = {} smart_search_input = helper._get_field_filters(args['filter_by_field']) for field, _, value in smart_search_input: if field in columns: if field == 'languages' or field == 'locations': search_criteria.append( "user_pref -> '{}' @> :data".format(field)) params['data'] = '["{}"]'.format(value) elif field == 'additional_comments': search_criteria.append( "info::json -> 'metadata' ->> 'review' iLike :review") params['review'] = '%{}%'.format(value) else: search_criteria.append( "info::json -> 'metadata' ->> '{}' iLike :info".format( field)) params['info'] = value if search_criteria: criteria = ' AND '.join(search_criteria) found = user_repo.smart_search(current_user.admin, criteria, params) if not found: flash('No user found matching your query') if request.method == 'POST' and form.user.data: query = form.user.data found = [ user for user in user_repo.search_by_name(query) if user.id != current_user.id and can_update_user_info(current_user, user) ] if not found: flash('No user found matching your query: {}'.format( form.user.data)) return render_template('/admin/manageusers.html', found=found, users=users, disabledusers=disabledusers, title=gettext("Enable/Disable Users"), form=form, filter_columns=columns, filter_data=[], locations=locs, languages=langs, user_types=utypes, timezones=timezone)