def profile_update(user_id):
ucontr = None
if admin_permission.can():
ucontr = UserController()
elif Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
else:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
user = ucontr.get(id=user_id)
profile_form, pass_form = ProfileForm(obj=user), PasswordModForm()
if profile_form.validate():
values = {
'login': profile_form.login.data,
'email': profile_form.email.data
}
if admin_permission.can():
values['is_active'] = profile_form.is_active.data
values['is_admin'] = profile_form.is_admin.data
values['is_api'] = profile_form.is_api.data
ucontr.update({'id': user_id}, values)
flash(gettext('User %(login)s successfully updated', login=user.login),
'success')
return redirect(url_for('user.profile', user_id=user.id))
return render_template('profile.html',
user=user,
admin_permission=admin_permission,
form=profile_form,
pass_form=pass_form)
def profile_update(user_id):
ucontr = None
if admin_permission.can():
ucontr = UserController()
elif Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
else:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
user = ucontr.get(id=user_id)
profile_form, pass_form = ProfileForm(obj=user), PasswordModForm()
if profile_form.validate():
values = {'login': profile_form.login.data,
'email': profile_form.email.data}
if admin_permission.can():
values['is_active'] = profile_form.is_active.data
values['is_admin'] = profile_form.is_admin.data
values['is_api'] = profile_form.is_api.data
ucontr.update({'id': user_id}, values)
flash(gettext('User %(login)s successfully updated',
login=user.login), 'success')
return redirect(url_for('user.profile', user_id=user.id))
return render_template('profile.html', user=user,
admin_permission=admin_permission,
form=profile_form, pass_form=pass_form)
def delete(user_id):
ucontr = None
if admin_permission.can():
ucontr = UserController()
elif Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
else:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
ucontr.delete(user_id)
flash(gettext('Deletion successful'), 'success')
if admin_permission.can():
return redirect(url_for('admin.dashboard'))
return redirect(url_for('logout'))
def delete(user_id):
ucontr = None
if admin_permission.can():
ucontr = UserController()
elif Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
logout_user()
else:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
ucontr.delete(user_id)
flash(gettext('Deletion successful'), 'success')
if admin_permission.can():
return redirect(url_for('admin.dashboard'))
return redirect(url_for('login'))
def reqparse_args(self, right, req=None, strict=False, default=True,
allow_empty=False):
"""
strict: bool
if True will throw 400 error if args are defined and not in request
default: bool
if True, won't return defaults
args: dict
the args to parse, if None, self.attrs will be used
"""
try:
in_values = req.json if req else (request.json or {})
if not in_values and allow_empty:
return {}
except BadRequest:
if allow_empty:
return {}
raise
parser = reqparse.RequestParser()
if self.attrs is not None:
attrs = self.attrs
elif admin_permission.can():
attrs = self.controller_cls._get_attrs_desc('admin')
elif api_permission.can():
attrs = self.controller_cls._get_attrs_desc('api', right)
else:
attrs = self.controller_cls._get_attrs_desc('base', right)
assert attrs, "No defined attrs for %s" % self.__class__.__name__
for attr_name, attr in attrs.items():
if not default and attr_name not in in_values:
continue
else:
parser.add_argument(attr_name, location='json', **attr)
return parser.parse_args(req=req, strict=strict)
def profile(user_id=None):
ucontr = None
if user_id and admin_permission.can():
ucontr = UserController()
elif user_id and Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
elif user_id:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
else:
ucontr = UserController(current_user.id)
user_id = current_user.id
user = ucontr.get(id=user_id)
profile_form, pass_form = ProfileForm(obj=user), PasswordModForm()
return render_template('profile.html', user=user,
admin_permission=admin_permission,
form=profile_form, pass_form=pass_form)
def reqparse_args(self,
right,
req=None,
strict=False,
default=True,
allow_empty=False):
"""
strict: bool
if True will throw 400 error if args are defined and not in request
default: bool
if True, won't return defaults
args: dict
the args to parse, if None, self.attrs will be used
"""
try:
if req:
in_values = req.json
else:
in_values = request.args or request.json or {}
if not in_values and allow_empty:
return {}
except BadRequest:
if allow_empty:
return {}
raise
parser = reqparse.RequestParser()
if self.attrs is not None:
attrs = self.attrs
elif admin_permission.can():
attrs = self.controller_cls._get_attrs_desc('admin')
elif api_permission.can():
attrs = self.controller_cls._get_attrs_desc('api', right)
else:
attrs = self.controller_cls._get_attrs_desc('base', right)
assert attrs, "No defined attrs for %s" % self.__class__.__name__
for attr_name, attr in attrs.items():
if not default and attr_name not in in_values:
continue
else:
parser.add_argument(attr_name,
location='json',
default=in_values[attr_name])
return parser.parse_args(req=request.args, strict=strict)
def profile(user_id=None):
ucontr = None
if user_id and admin_permission.can():
ucontr = UserController()
elif user_id and Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
elif user_id:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
else:
ucontr = UserController(current_user.id)
user_id = current_user.id
user = ucontr.get(id=user_id)
profile_form, pass_form = ProfileForm(obj=user), PasswordModForm()
return render_template('profile.html',
user=user,
admin_permission=admin_permission,
form=profile_form,
pass_form=pass_form)
def password_update(user_id):
ucontr = None
if admin_permission.can():
ucontr = UserController()
elif Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
else:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
user = ucontr.get(id=user_id)
profile_form, pass_form = ProfileForm(obj=user), PasswordModForm()
if pass_form.validate():
ucontr.update({'id': user_id}, {'password': pass_form.password.data})
flash(gettext('Password for %(login)s successfully updated',
login=user.login), 'success')
return redirect(url_for('user.profile', user_id=user.id))
return render_template('profile.html', user=user,
admin_permission=admin_permission,
form=profile_form, pass_form=pass_form)
def password_update(user_id):
ucontr = None
if admin_permission.can():
ucontr = UserController()
elif Permission(UserNeed(user_id)).can():
ucontr = UserController(user_id)
else:
flash(gettext('You do not have rights on this user'), 'danger')
raise Forbidden(gettext('You do not have rights on this user'))
user = ucontr.get(id=user_id)
profile_form, pass_form = ProfileForm(obj=user), PasswordModForm()
if pass_form.validate():
ucontr.update({'id': user_id}, {'password': pass_form.password.data})
flash(
gettext('Password for %(login)s successfully updated',
login=user.login), 'success')
return redirect(url_for('user.profile', user_id=user.id))
return render_template('profile.html',
user=user,
admin_permission=admin_permission,
form=profile_form,
pass_form=pass_form)
def controller(self):
if admin_permission.can():
return self.controller_cls()
return self.controller_cls(current_user.id)
def controller(self):
if admin_permission.can():
return self.controller_cls()
return self.controller_cls(current_user.id)
