def user_edit(self): """ Edit user view. Method handles both post and get requests. """ a = authenticated_userid(self.request) id = int(self.request.matchdict.get('id')) """ User one (1) is a bit special...""" if id is 1 and a is not 1: return HTTPNotFound() u = User.by_id(id) if not u: return HTTPNotFound() form = UserEditForm(self.request.POST, u, csrf_context=self.request.session) if self.request.method == 'POST' and form.validate(): form.populate_obj(u) if u.password: u.password = u.pm.encode(form.password.data) else: del u.password self.request.session.flash('User %s updated' % (u.email), 'status') return HTTPFound(location=self.request.route_url('users')) return {'title': 'Edit user', 'form': form, 'id': id, 'myid': a, 'action': 'user_edit'}
def groupfinder(userid, request): """ A simple groupfinder for picking the right permission to the right users. userid -- integer, userid. request -- object, standard request object. """ user = User.by_id(userid) group = user.group return ['group:'+group]
def user_restore(self): """ Restore user, returns redirect. """ id = int(self.request.matchdict.get('id')) u = User.by_id(id) if not u: return HTTPNotFound() u.archived = False DBSession.add(u) self.request.session.flash('User %s restored' % (u.email), 'status') return HTTPFound(location=self.request.route_url('users_archived'))
def user_archive(self): """ Archive user, returns redirect. """ a = authenticated_userid(self.request) id = int(self.request.matchdict.get('id')) """ User one (1) is a bit special...""" if id is 1: return HTTPNotFound() u = User.by_id(id) if not u: return HTTPNotFound() u.archived = True DBSession.add(u) self.request.session.flash('User %s archived' % (u.email), 'status') return HTTPFound(location=self.request.route_url('users'))