Web UI: split GET and POST handlers

2024-11-12 21:22:17 +00:00 · 2017-11-22 22:39:54 +01:00 · 2017-11-22 22:39:54 +01:00 · b7e9914246
commit b7e9914246
parent b998bb0684
3 changed files with 104 additions and 74 deletions
--- a/supysonic/frontend/user.py
+++ b/supysonic/frontend/user.py
@ -76,37 +76,43 @@ def update_clients(uid):
    flash('Clients preferences updated.')
    return user_profile(uid)
-@app.route('/user/<uid>/changeusername', methods = [ 'GET', 'POST' ])
+@app.route('/user/<uid>/changeusername')
@admin_only
-def change_username(uid):
+def change_username_form(uid):
    code, user = UserManager.get(store, uid)
    if code != UserManager.SUCCESS:
        return redirect(url_for('index'))
    if request.method == 'POST':
        username = request.form.get('user')
        if username in ('', None):
            flash('The username is required')
            return render_template('change_username.html', user = user)
        if request.form.get('admin') is None:
            admin = False
        else:
            admin = True
        if user.name != username or user.admin != admin:
            user.name = username
            user.admin = admin
            store.commit()
            flash("User '%s' updated." % username)
            return redirect(url_for('user_profile', uid = uid))
        else:
            flash("No changes for '%s'." % username)
            return redirect(url_for('user_profile', uid = uid))
    return render_template('change_username.html', user = user)
-@app.route('/user/<uid>/changemail', methods = [ 'GET', 'POST' ])
+@app.route('/user/<uid>/changeusername', methods = [ 'POST' ])
-def change_mail(uid):
+@admin_only
 def change_username_post(uid):
    code, user = UserManager.get(store, uid)
    if code != UserManager.SUCCESS:
        return redirect(url_for('index'))
    username = request.form.get('user')
    if username in ('', None):
        flash('The username is required')
        return render_template('change_username.html', user = user)
    if request.form.get('admin') is None:
        admin = False
    else:
        admin = True
    if user.name != username or user.admin != admin:
        user.name = username
        user.admin = admin
        store.commit()
        flash("User '%s' updated." % username)
    else:
        flash("No changes for '%s'." % username)
    return redirect(url_for('user_profile', uid = uid))
@app.route('/user/<uid>/changemail')
 def change_mail_form(uid):
    if uid == 'me':
        user = request.user
    elif not request.user.admin:
@ -116,17 +122,10 @@ def change_mail(uid):
        if code != UserManager.SUCCESS:
            return redirect(url_for('index'))
    if request.method == 'POST':
        mail = request.form.get('mail')
        # No validation, lol.
        user.mail = mail
        store.commit()
        return redirect(url_for('user_profile', uid = uid))
    return render_template('change_mail.html', user = user)
-@app.route('/user/<uid>/changepass', methods = [ 'GET', 'POST' ])
+@app.route('/user/<uid>/changemail', methods = [ 'POST' ])
-def change_password(uid):
+def change_mail_post(uid):
    if uid == 'me':
        user = request.user
    elif not request.user.admin:
@ -136,49 +135,80 @@ def change_password(uid):
        if code != UserManager.SUCCESS:
            return redirect(url_for('index'))
-    if request.method == 'POST':
+    mail = request.form.get('mail')
-        error = False
+    # No validation, lol.
-        if uid == 'me' or uid == str(request.user.id):
+    user.mail = mail
-            current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
+    store.commit()
-            if current in ('', None):
+    return redirect(url_for('user_profile', uid = uid))
                flash('The current password is required')
                error = True
        else:
            new, confirm = map(request.form.get, [ 'new', 'confirm' ])
-        if new in ('', None):
+@app.route('/user/<uid>/changepass')
-            flash('The new password is required')
+def change_password_form(uid):
-            error = True
+    if uid == 'me':
-        if new != confirm:
+        user = request.user
-            flash("The new password and its confirmation don't match")
+    elif not request.user.admin:
-            error = True
+        return redirect(url_for('index'))
-
+    else:
-        if not error:
+        code, user = UserManager.get(store, uid)
-            if uid == 'me' or uid == str(request.user.id):
+        if code != UserManager.SUCCESS:
-                status = UserManager.change_password(store, user.id, current, new)
+            return redirect(url_for('index'))
            else:
                status = UserManager.change_password2(store, user.name, new)
            if status != UserManager.SUCCESS:
                flash(UserManager.error_str(status))
            else:
                flash('Password changed')
                return redirect(url_for('user_profile', uid = uid))
    return render_template('change_pass.html', user = user)
-@app.route('/user/add', methods = [ 'GET', 'POST' ])
+@app.route('/user/<uid>/changepass', methods = [ 'POST' ])
-@admin_only
+def change_password_post(uid):
-def add_user():
+    if uid == 'me':
-    if request.method == 'GET':
+        user = request.user
-        return render_template('adduser.html')
+    elif not request.user.admin:
        return redirect(url_for('index'))
    else:
        code, user = UserManager.get(store, uid)
        if code != UserManager.SUCCESS:
            return redirect(url_for('index'))
    error = False
    if user.id == request.user.id:
        current = request.form.get('current')
        if not current:
            flash('The current password is required')
            error = True
    new, confirm = map(request.form.get, [ 'new', 'confirm' ])
    if not new:
        flash('The new password is required')
        error = True
    if new != confirm:
        flash("The new password and its confirmation don't match")
        error = True
    if not error:
        if user.id == request.user.id:
            status = UserManager.change_password(store, user.id, current, new)
        else:
            status = UserManager.change_password2(store, user.name, new)
        if status != UserManager.SUCCESS:
            flash(UserManager.error_str(status))
        else:
            flash('Password changed')
            return redirect(url_for('user_profile', uid = uid))
    return change_password_form(uid)
@app.route('/user/add')
@admin_only
 def add_user_form():
    return render_template('adduser.html')
@app.route('/user/add', methods = [ 'POST' ])
@admin_only
 def add_user_post():
    error = False
    (name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
-    if name in (None, ''):
+    if not name:
        flash('The name is required.')
        error = True
-    if passwd in (None, ''):
+    if not passwd:
        flash('Please provide a password.')
        error = True
    elif passwd != passwd_confirm:
@ -198,7 +228,7 @@ def add_user():
        else:
            flash(UserManager.error_str(status))
-    return render_template('adduser.html')
+    return add_user_form()
@app.route('/user/del/<uid>')
@admin_only
--- a/supysonic/templates/profile.html
+++ b/supysonic/templates/profile.html
@ -39,9 +39,9 @@
          <input type="text" class="form-control" id="email" placeholder="{{ user.mail }}" readonly>
          <div class="input-group-btn">
            {% if request.user.id == user.id %}
-            <a href="{{ url_for('change_mail', uid = 'me') }}" class="btn btn-default">Change eMail</a>
+            <a href="{{ url_for('change_mail_form', uid = 'me') }}" class="btn btn-default">Change eMail</a>
            {% else %}
-            <a href="{{ url_for('change_mail', uid = user.id) }}" class="btn btn-default">Change eMail</a>
+            <a href="{{ url_for('change_mail_form', uid = user.id) }}" class="btn btn-default">Change eMail</a>
            {% endif %}
          </div>
        </div>
@ -83,10 +83,10 @@
  </div>
 </div>
 {% if request.user.id == user.id %}
-<a href="{{ url_for('change_password', uid = 'me') }}" class="btn btn-default">Change password</a></li>
+<a href="{{ url_for('change_password_form', uid = 'me') }}" class="btn btn-default">Change password</a></li>
 {% else %}
-<a href="{{ url_for('change_username', uid = user.id) }}" class="btn btn-default">Change username or admin status</a></li>
+<a href="{{ url_for('change_username_form', uid = user.id) }}" class="btn btn-default">Change username or admin status</a></li>
-<a href="{{ url_for('change_password', uid = user.id) }}" class="btn btn-default">Change password</a></li>
+<a href="{{ url_for('change_password_form', uid = user.id) }}" class="btn btn-default">Change password</a></li>
 {% endif %}
 {% if clients.count() %}
 <div class="page-header">
--- a/supysonic/templates/users.html
+++ b/supysonic/templates/users.html
@ -32,7 +32,7 @@
  </tbody>
 </table>
 <div class="btn-toolbar" role="toolbar">
-  <a href="{{ url_for('add_user') }}" class="btn btn-default">Add</a>
+  <a href="{{ url_for('add_user_form') }}" class="btn btn-default">Add</a>
  <a href="{{ url_for('export_users') }}" class="btn btn-default">Export</a>
  <a href="{{ url_for('import_users') }}" class="btn btn-default">Import</a>
 </div>