def edit_user(uid): uid = int(uid) user = User.get_user(uid=uid) # Submitting? if request.method == "POST": action = request.form.get("action", "") username = request.form.get("username", "") name = request.form.get("name", "") pw1 = request.form.get("password1", "") pw2 = request.form.get("password2", "") role = request.form.get("role", "") username = username.lower() if action == "save": # Validate... errors = None # Don't allow them to change the username to one that exists. if username != user["username"]: if User.exists(username=username): flash("That username already exists.") return redirect(url_for(".edit_user", uid=uid)) # Password provided? if len(pw1) > 0: errors = validate_create_form(username, pw1, pw2) elif username != user["username"]: # Just validate the username, then. errors = validate_create_form(username, skip_passwd=True) if errors: for error in errors: flash(error) return redirect(url_for(".edit_user", uid=uid)) # Update the user. user["username"] = username user["name"] = name or username user["role"] = role if len(pw1) > 0: user["password"] = User.hash_password(pw1) User.update_user(uid, user) flash("User account updated!") return redirect(url_for(".users")) elif action == "delete": # Don't let them delete themself! if uid == g.info["session"]["uid"]: flash("You shouldn't delete yourself!") return redirect(url_for(".edit_user", uid=uid)) User.delete_user(uid) flash("User deleted!") return redirect(url_for(".users")) return template("admin/edit_user.html", info=user)
def set_profile(key): """Set the pic as your profile picture.""" pic = Photo.get_photo(key) if not pic: flash("The photo wasn't found!") return redirect(url_for(".albums")) uid = g.info["session"]["uid"] User.update_user(uid, dict(picture=key)) flash("Your profile picture has been updated.") return redirect(url_for(".view_photo", key=key))
def edit_user(uid): uid = int(uid) user = User.get_user(uid=uid) # Submitting? if request.method == "POST": action = request.form.get("action", "") username = request.form.get("username", "") name = request.form.get("name", "") pw1 = request.form.get("password1", "") pw2 = request.form.get("password2", "") role = request.form.get("role", "") username = username.lower() if action == "save": # Validate... errors = None # Don't allow them to change the username to one that exists. if username != user["username"]: if User.exists(username=username): flash("That username already exists.") return redirect(url_for(".edit_user", uid=uid)) # Password provided? if len(pw1) > 0: errors = validate_create_form(username, pw1, pw2) elif username != user["username"]: # Just validate the username, then. errors = validate_create_form(username, skip_passwd=True) if errors: for error in errors: flash(error) return redirect(url_for(".edit_user", uid=uid)) # Update the user. user["username"] = username user["name"] = name or username user["role"] = role if len(pw1) > 0: user["password"] = User.hash_password(pw1) User.update_user(uid, user) flash("User account updated!") return redirect(url_for(".users")) elif action == "delete": # Don't let them delete themself! if uid == g.info["session"]["uid"]: flash("You shouldn't delete yourself!") return redirect(url_for(".edit_user", uid=uid)) User.delete_user(uid) flash("User deleted!") return redirect(url_for(".users")) return template( "admin/edit_user.html", info=user, )