2012-11-17 01:09:20 +00:00
|
|
|
# coding: utf-8
|
|
|
|
|
2012-11-17 17:30:30 +00:00
|
|
|
from flask import request, session, flash, render_template, redirect, url_for
|
2012-11-17 01:09:20 +00:00
|
|
|
|
|
|
|
from web import app
|
2012-11-17 14:18:07 +00:00
|
|
|
from user_manager import UserManager
|
2012-12-09 20:34:39 +00:00
|
|
|
from db import User, session as db_sess
|
2012-11-17 01:09:20 +00:00
|
|
|
|
2012-12-09 20:30:37 +00:00
|
|
|
@app.before_request
|
|
|
|
def check_admin():
|
2012-12-09 20:34:39 +00:00
|
|
|
if not request.path.startswith('/user'):
|
2012-12-09 20:30:37 +00:00
|
|
|
return
|
|
|
|
|
|
|
|
if request.endpoint == 'add_user' and User.query.filter(User.admin == True).count() == 0:
|
|
|
|
return
|
|
|
|
|
|
|
|
if request.endpoint in ('user_index', 'add_user', 'del_user') and not UserManager.get(session.get('userid'))[1].admin:
|
|
|
|
return redirect(url_for('index'))
|
|
|
|
|
2012-11-17 01:09:20 +00:00
|
|
|
@app.route('/user')
|
|
|
|
def user_index():
|
2012-11-17 17:30:30 +00:00
|
|
|
return render_template('users.html', users = User.query.all())
|
2012-11-17 01:09:20 +00:00
|
|
|
|
2012-12-09 20:34:39 +00:00
|
|
|
@app.route('/user/me')
|
|
|
|
def user_profile():
|
|
|
|
return render_template('profile.html', user = UserManager.get(session.get('userid'))[1])
|
|
|
|
|
|
|
|
@app.route('/user/changemail', methods = [ 'GET', 'POST' ])
|
|
|
|
def change_mail():
|
|
|
|
user = UserManager.get(session.get('userid'))[1]
|
|
|
|
if request.method == 'POST':
|
|
|
|
mail = request.form.get('mail')
|
|
|
|
# No validation, lol.
|
|
|
|
user.mail = mail
|
|
|
|
db_sess.commit()
|
|
|
|
return redirect(url_for('user_profile'))
|
|
|
|
|
|
|
|
return render_template('change_mail.html', user = user)
|
|
|
|
|
|
|
|
@app.route('/user/changepass', methods = [ 'GET', 'POST' ])
|
|
|
|
def change_password():
|
|
|
|
if request.method == 'POST':
|
|
|
|
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
|
|
|
|
error = False
|
|
|
|
if current in ('', None):
|
|
|
|
flash('The current password is required')
|
|
|
|
error = True
|
|
|
|
if new in ('', None):
|
|
|
|
flash('The new password is required')
|
|
|
|
error = True
|
|
|
|
if new != confirm:
|
|
|
|
flash("The new password and its confirmation don't match")
|
|
|
|
error = True
|
|
|
|
|
|
|
|
if not error:
|
|
|
|
status = UserManager.change_password(session.get('userid'), current, new)
|
|
|
|
if status != UserManager.SUCCESS:
|
|
|
|
flash(UserManager.error_str(status))
|
|
|
|
else:
|
|
|
|
flash('Password changed')
|
|
|
|
return redirect(url_for('user_profile'))
|
|
|
|
|
|
|
|
return render_template('change_pass.html', user = UserManager.get(session.get('userid'))[1].name)
|
|
|
|
|
2012-11-17 01:09:20 +00:00
|
|
|
@app.route('/user/add', methods = [ 'GET', 'POST' ])
|
|
|
|
def add_user():
|
|
|
|
if request.method == 'GET':
|
|
|
|
return render_template('adduser.html')
|
|
|
|
|
|
|
|
error = False
|
|
|
|
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'name', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
|
|
|
|
if name in (None, ''):
|
|
|
|
flash('The name is required.')
|
|
|
|
error = True
|
|
|
|
if passwd in (None, ''):
|
|
|
|
flash('Please provide a password.')
|
|
|
|
error = True
|
|
|
|
elif passwd != passwd_confirm:
|
|
|
|
flash("The passwords don't match.")
|
|
|
|
error = True
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2012-11-17 01:09:20 +00:00
|
|
|
if admin is None:
|
2012-11-17 17:30:30 +00:00
|
|
|
admin = True if User.query.filter(User.admin == True).count() == 0 else False
|
2012-11-17 01:09:20 +00:00
|
|
|
else:
|
|
|
|
admin = True
|
|
|
|
|
2012-11-17 14:18:07 +00:00
|
|
|
if not error:
|
|
|
|
status = UserManager.add(name, passwd, mail, admin)
|
2012-11-17 17:00:14 +00:00
|
|
|
if status == UserManager.SUCCESS:
|
2012-11-17 14:18:07 +00:00
|
|
|
flash("User '%s' successfully added" % name)
|
|
|
|
return redirect(url_for('user_index'))
|
2012-11-17 17:00:14 +00:00
|
|
|
else:
|
|
|
|
flash(UserManager.error_str(status))
|
2012-11-17 14:18:07 +00:00
|
|
|
|
|
|
|
return render_template('adduser.html')
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/user/del/<uid>')
|
|
|
|
def del_user(uid):
|
|
|
|
status = UserManager.delete(uid)
|
2012-11-17 17:00:14 +00:00
|
|
|
if status == UserManager.SUCCESS:
|
2012-11-17 14:18:07 +00:00
|
|
|
flash('Deleted user')
|
|
|
|
else:
|
2012-11-17 17:00:14 +00:00
|
|
|
flash(UserManager.error_str(status))
|
2012-11-17 01:09:20 +00:00
|
|
|
|
|
|
|
return redirect(url_for('user_index'))
|
|
|
|
|
|
|
|
@app.route('/user/login', methods = [ 'GET', 'POST'])
|
|
|
|
def login():
|
|
|
|
return_url = request.args.get('returnUrl') or url_for('index')
|
|
|
|
if session.get('userid'):
|
|
|
|
flash('Already logged in')
|
|
|
|
return redirect(return_url)
|
|
|
|
|
|
|
|
if request.method == 'GET':
|
|
|
|
return render_template('login.html')
|
|
|
|
|
2012-11-17 14:18:07 +00:00
|
|
|
name, password = map(request.form.get, [ 'user', 'password' ])
|
2012-11-17 01:09:20 +00:00
|
|
|
error = False
|
2012-11-17 14:18:07 +00:00
|
|
|
if name in ('', None):
|
2012-11-17 01:09:20 +00:00
|
|
|
flash('Missing user name')
|
|
|
|
error = True
|
|
|
|
if password in ('', None):
|
|
|
|
flash('Missing password')
|
|
|
|
error = True
|
2012-11-17 14:18:07 +00:00
|
|
|
|
2012-11-17 01:09:20 +00:00
|
|
|
if not error:
|
2012-11-17 14:18:07 +00:00
|
|
|
status, user = UserManager.try_auth(name, password)
|
2012-11-17 17:00:14 +00:00
|
|
|
if status == UserManager.SUCCESS:
|
2012-11-17 14:18:07 +00:00
|
|
|
session['userid'] = str(user.id)
|
2012-12-09 20:34:39 +00:00
|
|
|
session['username'] = user.name
|
2012-11-17 14:18:07 +00:00
|
|
|
flash('Logged in!')
|
|
|
|
return redirect(return_url)
|
2012-11-17 01:09:20 +00:00
|
|
|
else:
|
2012-11-17 17:00:14 +00:00
|
|
|
flash(UserManager.error_str(status))
|
2012-11-17 01:09:20 +00:00
|
|
|
|
|
|
|
return render_template('login.html')
|
|
|
|
|
|
|
|
@app.route('/user/logout')
|
|
|
|
def logout():
|
|
|
|
session.clear()
|
|
|
|
flash('Logged out!')
|
|
|
|
return redirect(url_for('login'))
|
|
|
|
|