def edit_user(user_id): user = User.query.filter_by(id=user_id).first_or_404() if not can_edit_user(current_user): flash(_("You are not allowed to edit this user."), "danger") return redirect(url_for("management.users")) secondary_group_query = Group.query.filter( db.not_(Group.id == user.primary_group_id), db.not_(Group.banned), db.not_(Group.guest == True)) form = EditUserForm(user) form.secondary_groups.query = secondary_group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_("User successfully updated."), "success") return redirect(url_for("management.edit_user", user_id=user.id)) return render_template("management/user_form.html", form=form, title=_("Edit User"))
def edit_user(user_id): user = User.query.filter_by(id=user_id).first_or_404() if not can_edit_user(current_user): flash("You are not allowed to edit this user.", "danger") return redirect(url_for("management.users")) secondary_group_query = Group.query.filter( db.not_(Group.id == user.primary_group_id), db.not_(Group.banned == True), db.not_(Group.guest == True)) form = EditUserForm(user) form.secondary_groups.query = secondary_group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash("User successfully edited", "success") return redirect(url_for("management.edit_user", user_id=user.id)) return render_template("management/user_form.html", form=form, title="Edit User")
def edit_user(user_id): user = User.query.filter_by(id=user_id).first_or_404() if not Permission(CanEditUser, identity=current_user): flash(_("You are not allowed to edit this user."), "danger") return redirect(url_for("management.users")) member_group = db.and_(*[ db.not_(getattr(Group, p)) for p in ['admin', 'mod', 'super_mod', 'banned', 'guest'] ]) filt = db.or_(Group.id.in_(g.id for g in current_user.groups), member_group) if Permission(IsAtleastSuperModerator, identity=current_user): filt = db.or_(filt, Group.mod) if Permission(IsAdmin, identity=current_user): filt = db.or_(filt, Group.admin, Group.super_mod) if Permission(CanBanUser, identity=current_user): filt = db.or_(filt, Group.banned) group_query = Group.query.filter(filt) form = EditUserForm(user) form.primary_group.query = group_query form.secondary_groups.query = group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_("User updated."), "success") return redirect(url_for("management.edit_user", user_id=user.id)) return render_template("management/user_form.html", form=form, title=_("Edit User"))
def post(self, user_id): user = User.query.filter_by(id=user_id).first_or_404() member_group = db.and_( * [ db.not_(getattr(Group, p)) for p in ['admin', 'mod', 'super_mod', 'banned', 'guest'] ] ) filt = db.or_( Group.id.in_(g.id for g in current_user.groups), member_group ) if Permission(IsAtleastSuperModerator, identity=current_user): filt = db.or_(filt, Group.mod) if Permission(IsAdmin, identity=current_user): filt = db.or_(filt, Group.admin, Group.super_mod) if Permission(CanBanUser, identity=current_user): filt = db.or_(filt, Group.banned) group_query = Group.query.filter(filt) form = EditUserForm(user) form.primary_group.query = group_query form.secondary_groups.query = group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_('User updated.'), 'success') return redirect(url_for('management.edit_user', user_id=user.id)) return render_template( 'management/user_form.html', form=form, title=_('Edit User') )
def edit_user(user_id): user = User.query.filter_by(id=user_id).first_or_404() if not can_edit_user(current_user): flash(_("You are not allowed to edit this user."), "danger") return redirect(url_for("management.users")) member_group = db.and_(*[db.not_(getattr(Group, p)) for p in ['admin', 'mod', 'super_mod', 'banned', 'guest' ]]) filt = db.or_(Group.id.in_(g.id for g in user.groups), member_group) if any(user.permissions[p] for p in ['super_mod', 'admin']): filt = db.or_(filt, Group.mod) if user.permissions['admin']: filt = db.or_(filt, Group.admin, Group.super_mod) group_query = Group.query.filter(filt) form = EditUserForm(user) form.primary_group.query = group_query form.secondary_groups.query = group_query if form.validate_on_submit(): form.populate_obj(user) user.primary_group_id = form.primary_group.data.id # Don't override the password if form.password.data: user.password = form.password.data user.save(groups=form.secondary_groups.data) flash(_("User successfully updated."), "success") return redirect(url_for("management.edit_user", user_id=user.id)) return render_template("management/user_form.html", form=form, title=_("Edit User"))