def remove_avatar(user_id=None):
user = User.query.get(user_id)
if not ModuleAPI.can_write('user') and\
(current_user.is_anonymous or current_user.id != user_id):
return abort(403)
UserAPI.remove_avatar(user)
return redirect(url_for('user.view_single', user_id=user_id))
def view_single(user_id=None):
if user_id is None:
if current_user.is_authenticated:
return redirect(url_for('user.view_single',
user_id=current_user.id))
return redirect(url_for('user.view'))
can_read = False
can_write = False
# Only logged in users can view profiles
if current_user.is_anonymous:
return abort(403)
# Unpaid members cannot view other profiles
if current_user.id != user_id and not current_user.has_paid:
return abort(403)
# A user can always view his own profile
if current_user.id == user_id:
can_write = True
can_read = True
# group rights
if ModuleAPI.can_read('user'):
can_read = True
if ModuleAPI.can_write('user'):
can_write = True
can_read = True
user = User.query.get_or_404(user_id)
user.avatar = UserAPI.avatar(user)
user.groups = UserAPI.get_groups_for_user_id(user)
user.groups_amount = user.groups.count()
if "gravatar" in user.avatar:
user.avatar = user.avatar + "&s=341"
# Get all activity entrees from these forms, order by start_time of
# activity.
activities = Activity.query.join(CustomForm).join(CustomFormResult).\
filter(CustomFormResult.owner_id == user_id and
CustomForm.id == CustomFormResult.form_id and
Activity.form_id == CustomForm.id)
user.activities_amount = activities.count()
new_activities = activities\
.filter(Activity.end_time > datetime.today()).distinct()\
.order_by(Activity.start_time)
old_activities = activities\
.filter(Activity.end_time < datetime.today()).distinct()\
.order_by(Activity.start_time.desc())
return render_template('user/view_single.htm', user=user,
new_activities=new_activities,
old_activities=old_activities,
can_read=can_read,
can_write=can_write)
def edit(user_id=None):
"""Create user for admins and edit for admins and users."""
if not ModuleAPI.can_write('user') and\
(current_user.is_anonymous or current_user.id != user_id):
return abort(403)
# Select user
if user_id:
user = User.query.get_or_404(user_id)
else:
user = User()
user.avatar = UserAPI.has_avatar(user_id)
if ModuleAPI.can_write('user'):
form = EditUserForm(request.form, user)
is_admin = True
else:
form = EditUserInfoForm(request.form, user)
is_admin = False
# Add education.
educations = Education.query.all()
form.education_id.choices = [(e.id, e.name) for e in educations]
def edit_page():
return render_template('user/edit.htm', form=form, user=user,
is_admin=is_admin)
if form.validate_on_submit():
# Only new users need a unique email.
query = User.query.filter(User.email == form.email.data)
if user_id:
query = query.filter(User.id != user_id)
if query.count() > 0:
flash(_('A user with this e-mail address already exist.'),
'danger')
return edit_page()
# Because the user model is constructed to have an ID of 0 when it is
# initialized without an email adress provided, reinitialize the user
# with a default string for email adress, so that it will get a unique
# ID when committed to the database.
if not user_id:
user = User('_')
group = Group.query.filter(Group.name == 'all').first()
group.add_user(user)
try:
user.update_email(form.email.data.strip())
except HttpError as e:
if e.resp.status == 404:
flash(_('According to Google this email does not exist. '
'Please use an email that does.'), 'danger')
return edit_page()
raise(e)
user.first_name = form.first_name.data.strip()
user.last_name = form.last_name.data.strip()
user.locale = form.locale.data
if ModuleAPI.can_write('user'):
user.has_paid = form.has_paid.data
user.honorary_member = form.honorary_member.data
user.favourer = form.favourer.data
user.disabled = form.disabled.data
user.alumnus = form.alumnus.data
user.student_id = form.student_id.data.strip()
user.education_id = form.education_id.data
user.birth_date = form.birth_date.data
user.study_start = form.study_start.data
user.receive_information = form.receive_information.data
user.phone_nr = form.phone_nr.data.strip()
user.address = form.address.data.strip()
user.zip = form.zip.data.strip()
user.city = form.city.data.strip()
user.country = form.country.data.strip()
if form.password.data != '':
user.password = bcrypt.hashpw(form.password.data, bcrypt.gensalt())
db.session.add(user)
db.session.add(group)
db.session.commit()
avatar = request.files['avatar']
if avatar:
UserAPI.upload(avatar, user.id)
if user_id:
copernica.update_user(user)
flash(_('Profile succesfully updated'))
else:
copernica.update_user(user, subscribe=True)
flash(_('Profile succesfully created'))
return redirect(url_for('user.view_single', user_id=user.id))
else:
flash_form_errors(form)
return edit_page()
