class UsersController(BaseController): @render def show(self): self.user = User.query.get_or_404(self.params['user_id']) @login_required @render def edit(self): if str(self.params['user_id']) != str(self.current_user.id): return abort(403) self.form = getattr(self, 'form', None) or UserEditForm() @login_required def update(self): if str(self.params['user_id']) != str(self.current_user.id): return abort(403) self.form = UserEditForm() if self.form.validate_on_submit(): ext = os.path.splitext(self.form.avatar.data.filename)[1] filename = sha1(os.urandom(50)).hexdigest() + ext avatar = request.files['avatar'].read() path = os.path.join(app.config.root_path, 'static', 'img', filename) open(path, 'wb').write(avatar) self.current_user.update(avatar=filename) return redirect(url_for('users.show', user_id=self.current_user.id)) else: return self.edit() def sign_up(self): if 'user' in session: return redirect(url_for('root')) error = None form = UserSignUpForm() if request.method == 'POST' and form.validate_on_submit(): if User.query.filter_by(username=request.form['username']).first(): error = 'Пользователь с таким именем уже существует' else: is_admin = not User.query.first() username = request.form['username'] password = request.form['password'] user = User.create(username=username, is_admin=is_admin, **User.create_password(password)) session['user'] = user.to_dict() return redirect(url_for('root')) return render_template('users/sign_up.html', current_user=self.current_user, error=error, form=form) def sign_in(self): if 'user' in session: return redirect(url_for('root')) error = None form = UserSignInForm() if request.method == 'POST' and form.validate_on_submit(): user = User.query.filter_by(username=request.form['username']).first() if user and user.check_password(password=request.form['password']): session['user'] = user.to_dict() return redirect(url_for('root')) else: error = 'Неверный логин или пароль' return render_template('users/sign_in.html', current_user=self.current_user, error=error, form=form) def sign_out(self): session.pop('user', None) return redirect(url_for('root'))