def user_edit(self):
""" Edit user view. Method handles both post and get
requests.
"""
a = authenticated_userid(self.request)
id = int(self.request.matchdict.get('id'))
""" User one (1) is a bit special..."""
if id is 1 and a is not 1:
return HTTPNotFound()
u = User.by_id(id)
if not u:
return HTTPNotFound()
form = UserEditForm(self.request.POST, u,
csrf_context=self.request.session)
if self.request.method == 'POST' and form.validate():
form.populate_obj(u)
if u.password:
u.password = u.pm.encode(form.password.data)
else:
del u.password
self.request.session.flash('User %s updated' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users'))
return {'title': 'Edit user',
'form': form,
'id': id,
'myid': a,
'action': 'user_edit'}
def groupfinder(userid, request):
"""
A simple groupfinder for picking the right permission
to the right users.
userid -- integer, userid.
request -- object, standard request object.
"""
user = User.by_id(userid)
group = user.group
return ['group:'+group]
def user_restore(self):
""" Restore user, returns redirect. """
id = int(self.request.matchdict.get('id'))
u = User.by_id(id)
if not u:
return HTTPNotFound()
u.archived = False
DBSession.add(u)
self.request.session.flash('User %s restored' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users_archived'))
def user_archive(self):
""" Archive user, returns redirect. """
a = authenticated_userid(self.request)
id = int(self.request.matchdict.get('id'))
""" User one (1) is a bit special..."""
if id is 1:
return HTTPNotFound()
u = User.by_id(id)
if not u:
return HTTPNotFound()
u.archived = True
DBSession.add(u)
self.request.session.flash('User %s archived' %
(u.email), 'status')
return HTTPFound(location=self.request.route_url('users'))
