def init_db(config):
tables = [Entry, Users, Tag, Image, Hop, Grain, Extract, HoppedExtract,
Yeast, Water, Misc, Mineral, Fining, Flavor, Spice, Herb,
BJCPStyle, BJCPCategory, MashTun, BoilKettle, EquipmentSet,
MashProfile, MashStep, MashStepOrder, Recipe, RecipeIngredient,
Inventory, Comment, Role]#, Permission]
for table in tables:
try:
table.createTable()
except OperationalError:
pass
else: # NEED TO FIX THIS
if table.__name__ == 'Users':
adef = config['ADMIN_USERNAME']
admin = Users(email=adef, first_name=adef, last_name=adef, alias=adef)
admin.set_pass(config['PASSWORD_SALT'], config['ADMIN_PASSWORD'])
admin.admin = True
# uncomment when you're sorted out your little permissions thingy
# for role in config['SYSTEM_ROLES']:
# r = Role(name=role)
# admin.addRole(config['SYSTEM_ROLES'].index(config['ADMIN']))
if table.__name__ == 'BJCPCategory':
process_bjcp_styles()
if table.__name__ == 'Inventory':
process_bt_database()
def init_db(config):
tables = [
Entry, Users, Tag, Image, Hop, Grain, Extract, HoppedExtract, Yeast,
Water, Misc, Mineral, Fining, Flavor, Spice, Herb, BJCPStyle,
BJCPCategory, MashTun, BoilKettle, EquipmentSet, MashProfile, MashStep,
MashStepOrder, Recipe, RecipeIngredient, Inventory, Comment, Role
] #, Permission]
for table in tables:
try:
table.createTable()
except OperationalError:
pass
else: # NEED TO FIX THIS
if table.__name__ == 'Users':
adef = config['ADMIN_USERNAME']
admin = Users(email=adef,
first_name=adef,
last_name=adef,
alias=adef)
admin.set_pass(config['PASSWORD_SALT'],
config['ADMIN_PASSWORD'])
admin.admin = True
# uncomment when you're sorted out your little permissions thingy
# for role in config['SYSTEM_ROLES']:
# r = Role(name=role)
# admin.addRole(config['SYSTEM_ROLES'].index(config['ADMIN']))
if table.__name__ == 'BJCPCategory':
process_bjcp_styles()
if table.__name__ == 'Inventory':
process_bt_database()
def edit_user(user_id=-1):
user_form = EditUserForm()
if user_form.validate_on_submit():
user = Users.get(user_form.user_id.data)
if user.id == session.get('user_id') or user.admin:
user.first_name = user_form.first_name.data
user.last_name = user_form.last_name.data
user.email = user_form.email.data
user.alias = user_form.alias.data
user.last_modified = datetime.now()
try:
avatar = list(Image.select(Image.q.url==user_form.avatar.data))[0]
except (SQLObjectNotFound, IndexError):
pass
else:
user.avatar = avatar
flash("%s %s has been updated" % (user.first_name, user.last_name))
return redirect(url_for('list_users'))
else:
flash("Sorry, you're not allowed to do that")
return redirect(url_for('edit_user', user_id=user.id))
else:
try:
user = Users.get(user_id)
except SQLObjectNotFound:
user = {'first_name': '',
'last_name': '',
'email': '',
'password': '',
'avatar': ''}
finally:
return render_template('edit_user.html', data={'form': user_form,
'user': user})
def change_password(user_id=0):
pass_form = ChangePasswordForm()
if pass_form.validate_on_submit():
logged_in_as = session.get('user_id')
if user_id != logged_in_as:
flash("You can only change your own password!")
return redirect(url_for('list_entries'))
try:
user = Users.get(user_id)
except SQLObjectNotFound:
flash("You must provide a user ID")
return redirect(url_for('list_users'))
else:
user.password = generate_password(pass_form.password.data)
flash("Password successfully changed")
return redirect(url_for('edit_user', user_id=user.id))
else:
try:
user = Users.get(user_id)
except SQLNotFoundError:
flash("You must provide a user ID")
return redirect(url_for('list_users'))
else:
return render_template('change_password.html',
data={'form': pass_form,
'user_id': user.id})
def list_users(user_id=0):
if user_id:
try:
users = list(Users.get(user_id))
except SQLObjectNotFound:
flash("No user found by that ID")
return render_template('list_users.html')
else:
users = list(Users.select())
return render_template('list_users.html', data={'users': users})
def admin(*args, **kwargs):
try:
user = Users.get(session.get('user_id'))
if user.admin:
return callback(*args, **kwargs)
else:
flash("Admins only")
return redirect(url_for('list_entries'))
except SQLObjectNotFound:
flash("You're not even logged in")
return redirect(url_for('list_entries'))
def create_user():
user_form = CreateUserForm()
if user_form.validate_on_submit():
user = Users(first_name = user_form.first_name.data,
last_name = user_form.last_name.data,
email = user_form.email.data,
password = generate_password(user_form.password.data),
alias = user_form.alias.data)
if user_form.avatar.data:
i = Image(url=user_form.alias.data)
user.avatar = i
flash("%s %s has been created" % (user.first_name, user.last_name))
return redirect(url_for('list_users'))
else:
user = {'first_name': '',
'last_name': '',
'email': '',
'password': '',
'avatar': ''}
return render_template('edit_user.html', data={'form': user_form,
'user': user})
def login():
error = None
login_form = LoginForm()
if login_form.validate_on_submit():
u_req = Users.get(login_form.user_id.data)
u_req.last_login = datetime.now()
session['logged_in'] = True
session['user_id'] = u_req.id
flash('You were logged in')
return redirect(url_for('list_entries'))
return render_template('login.html', data={"form": login_form,
"error": error})
def __call__(self, form, field):
cyphertext = generate_password(field.data)
username = form.email.data
if form.user_id.data:
raise ValidationError(self.message)
try:
user = list(Users.select(AND(Users.q.email==username,
Users.q.password==cyphertext)))[0]
if not user.active:
raise ValidationError(self.message)
form.user_id.data = user.id
except (SQLObjectNotFound, IndexError):
raise ValidationError(self.message)
def has_permission(permission_type, obj, user_id):
try:
uid = Users.get(user_id)
except SQLObjectNotFound:
flash("You must be logged in to access this page")
return redirect(url_for('login'))
else:
obj_type = obj.__class__.__name__
perm = Permission.select(AND(permission.q.object_type==obj_type,
permission.q.object_id==obj.id))
if user in perm.user or [r for role in user.role if rol in perm.role]:
return True
else:
return False
def role(*args, **kwargs):
error = False
message = "Unauthorized access"
uid = session.get('user_id')
try:
role = list(Role.select(Role.q.name==role_name))[0]
except (SQLObjectNotFound, ValueError, IndexError):
error = True
message = "Role %s is not a valid role" % role_name
try:
user = Users.get(user_id)
except SQLObjectNotFound:
error = True
message = "Sorry, you are not permitted to access this"
if error:
flash(message)
return redirect(url_for('list_entries'))
else:
return callback(*args, **kwargs)
