diff --git a/supysonic/frontend/user.py b/supysonic/frontend/user.py index 0f3da81..c3341fc 100644 --- a/supysonic/frontend/user.py +++ b/supysonic/frontend/user.py @@ -39,20 +39,33 @@ def check_admin(): def user_index(): return render_template('users.html', users = store.find(User), admin = UserManager.get(store, session.get('userid'))[1].admin) -@app.route('/user/me') -def user_profile(): - prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(session.get('userid'))) - return render_template('profile.html', user = UserManager.get(store, session.get('userid'))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin) +@app.route('/user/') +def user_profile(uid): + if uid == 'me': + prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(session.get('userid'))) + return render_template('profile.html', user = UserManager.get(store, session.get('userid'))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin) + else: + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(uid)) + return render_template('profile.html', user = UserManager.get(store, uuid.UUID(uid))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin) -@app.route('/user/me', methods = [ 'POST' ]) -def update_clients(): +@app.route('/user/', methods = [ 'POST' ]) +def update_clients(uid): clients_opts = {} for client in set(map(lambda k: k.rsplit('_', 1)[0], request.form.keys())): clients_opts[client] = { k.rsplit('_', 1)[1]: v for k, v in filter(lambda (k, v): k.startswith(client), request.form.iteritems()) } app.logger.debug(clients_opts) + if uid == 'me': + userid = uuid.UUID(session.get('userid')) + else: + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + userid = uuid.UUID(uid) + for client, opts in clients_opts.iteritems(): - prefs = store.get(ClientPrefs, (uuid.UUID(session.get('userid')), client)) + prefs = store.get(ClientPrefs, (userid, client)) if 'delete' in opts and opts['delete'] in [ 'on', 'true', 'checked', 'selected', '1' ]: store.remove(prefs) continue @@ -62,22 +75,60 @@ def update_clients(): store.commit() flash('Clients preferences updated.') - return user_profile() + return user_profile(uid) -@app.route('/user/changemail', methods = [ 'GET', 'POST' ]) -def change_mail(): - user = UserManager.get(store, session.get('userid'))[1] +@app.route('/user//changeusername', methods = [ 'GET', 'POST' ]) +def change_username(uid): + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + user = UserManager.get(store, uuid.UUID(uid))[1] + if request.method == 'POST': + username = request.form.get('user') + if username in ('', None): + flash('The username is required') + return render_template('change_username.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin) + if request.form.get('admin') is None: + admin = False + else: + admin = True + changed = False + if user.name != username or user.admin != admin: + user.name = username + user.admin = admin + store.commit() + flash("User '%s' updated." % username) + return redirect(url_for('user_profile', uid = uid)) + else: + flash("No changes for '%s'." % username) + return redirect(url_for('user_profile', uid = uid)) + + return render_template('change_username.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin) + +@app.route('/user//changemail', methods = [ 'GET', 'POST' ]) +def change_mail(uid): + if uid == 'me': + user = UserManager.get(store, session.get('userid'))[1] + else: + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + user = UserManager.get(store, uuid.UUID(uid))[1] if request.method == 'POST': mail = request.form.get('mail') # No validation, lol. user.mail = mail store.commit() - return redirect(url_for('user_profile')) + return redirect(url_for('user_profile', uid = uid)) return render_template('change_mail.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin) -@app.route('/user/changepass', methods = [ 'GET', 'POST' ]) -def change_password(): +@app.route('/user//changepass', methods = [ 'GET', 'POST' ]) +def change_password(uid): + if uid == 'me': + user = UserManager.get(store, session.get('userid'))[1].name + else: + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + user = UserManager.get(store, uuid.UUID(uid))[1].name if request.method == 'POST': current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ]) error = False @@ -92,14 +143,17 @@ def change_password(): error = True if not error: - status = UserManager.change_password(store, session.get('userid'), current, new) + if uid == 'me': + status = UserManager.change_password(store, session.get('userid'), current, new) + else: + status = UserManager.change_password(store, uuid.UUID(uid), current, new) if status != UserManager.SUCCESS: flash(UserManager.error_str(status)) else: flash('Password changed') - return redirect(url_for('user_profile')) + return redirect(url_for('user_profile', uid = uid)) - return render_template('change_pass.html', user = UserManager.get(store, session.get('userid'))[1].name, admin = UserManager.get(store, session.get('userid'))[1].admin) + return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin) @app.route('/user/add', methods = [ 'GET', 'POST' ]) def add_user(): @@ -131,8 +185,7 @@ def add_user(): else: flash(UserManager.error_str(status)) - return render_template('adduser.html') - + return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin) @app.route('/user/del/') def del_user(uid): @@ -187,27 +240,37 @@ def do_user_import(): return redirect(url_for('user_index')) -@app.route('/user/lastfm/link') -def lastfm_reg(): +@app.route('/user//lastfm/link') +def lastfm_reg(uid): token = request.args.get('token') if token in ('', None): flash('Missing LastFM auth token') - return redirect(url_for('user_profile')) + return redirect(url_for('user_profile', uid = uid)) - lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger) + if uid == 'me': + lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger) + else: + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + lfm = LastFm(UserManager.get(store, uuid.UUID(uid))[1], app.logger) status, error = lfm.link_account(token) store.commit() flash(error if not status else 'Successfully linked LastFM account') - return redirect(url_for('user_profile')) + return redirect(url_for('user_profile', uid = uid)) -@app.route('/user/lastfm/unlink') -def lastfm_unreg(): - lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger) +@app.route('/user//lastfm/unlink') +def lastfm_unreg(uid): + if uid == 'me': + lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger) + else: + if not UserManager.get(store, session.get('userid'))[1].admin: + return redirect(url_for('index')) + lfm = LastFm(UserManager.get(store, uuid.UUID(uid))[1], app.logger) lfm.unlink_account() store.commit() flash('Unliked LastFM account') - return redirect(url_for('user_profile')) + return redirect(url_for('user_profile', uid = uid)) @app.route('/user/login', methods = [ 'GET', 'POST']) def login(): diff --git a/supysonic/templates/change_mail.html b/supysonic/templates/change_mail.html index 9a93424..938211e 100644 --- a/supysonic/templates/change_mail.html +++ b/supysonic/templates/change_mail.html @@ -18,8 +18,20 @@ along with this program. If not, see . -#} {% extends "layout.html" %} +{% block navbar_users %} +{% if session.username != user.name %} +
  • Users (current)
  • +{% else %} +{{ super() }} +{% endif %} +{% endblock %} {% block navbar_profile %} -
  • {{ session.username }} (current)
  • +{% if session.username == user.name %} +
  • {{ session.username }} (current)
  • +{% else %} +{{ super() }} +{% endif %} {% endblock %} {% block body %} -Change password +{% if session.username == user.name %} +Change password +{% else %} +Change username or admin status +Change password +{% endif %} {% if clients.count() %}