github/supysonic
1
0
Fork 0
mirror of https://github.com/spl0k/supysonic.git synced 2024-12-22 08:56:17 +00:00
Code Issues Releases Wiki Activity

Web UI: reworked how data is passed to templates

Browse Source 
Logged user is pushed in request data
No more 'username' session key
Small fixes along the way
This commit is contained in:
spl0k 2017-11-22 21:59:32 +01:00
parent 9a58d067ab
commit b998bb0684
13 changed files with 134 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
supysonic/frontend/__init__.py
View File

@ -9,12 +9,11 @@
#
# Distributed under terms of the GNU AGPLv3 license.
from flask import session
from flask import session, request, redirect, url_for
from supysonic.web import app, store
from supysonic.db import Artist, Album, Track
from supysonic.managers.user import UserManager
app.add_template_filter(str)
from functools import wraps
@app.before_request
def login_check():
@ -24,20 +23,19 @@ def login_check():
if request.path.startswith('/static/'):
return
if request.endpoint != 'login':
should_login = False
if not session.get('userid'):
should_login = True
elif UserManager.get(store, session.get('userid'))[0] != UserManager.SUCCESS:
request.user = None
should_login = True
if session.get('userid'):
code, user = UserManager.get(store, session.get('userid'))
if code != UserManager.SUCCESS:
session.clear()
should_login = True
elif UserManager.get(store, session.get('userid'))[1].name != session.get('username'):
session.clear()
should_login = True
else:
request.user = user
should_login = False
if should_login:
flash('Please login')
return redirect(url_for('login', returnUrl = request.script_root + request.url[len(request.url_root)-1:]))
if should_login and request.endpoint != 'login':
flash('Please login')
return redirect(url_for('login', returnUrl = request.script_root + request.url[len(request.url_root)-1:]))
@app.route('/')
def index():
@ -48,6 +46,14 @@ def index():
}
return render_template('home.html', stats = stats, admin = UserManager.get(store, session.get('userid'))[1].admin)
def admin_only(f):
@wraps(f)
def decorated_func(*args, **kwargs):
if not request.user or not request.user.admin:
return redirect(url_for('index'))
return f(*args, **kwargs)
return decorated_func
from .user import *
from .folder import *
from .playlist import *

32
supysonic/frontend/folder.py
View File

@ -3,7 +3,7 @@
# This file is part of Supysonic.
#
# Supysonic is a Python implementation of the Subsonic server API.
# Copyright (C) 2013 Alban 'spl0k' Féron
# Copyright (C) 2013-2017 Alban 'spl0k' Féron
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -18,7 +18,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from flask import request, flash, render_template, redirect, url_for, session
from flask import request, flash, render_template, redirect, url_for
import os.path
import uuid
@ -28,23 +28,21 @@ from supysonic.scanner import Scanner
from supysonic.managers.user import UserManager
from supysonic.managers.folder import FolderManager
@app.before_request
def check_admin():
if not request.path.startswith('/folder'):
return
if not UserManager.get(store, session.get('userid'))[1].admin:
return redirect(url_for('index'))
from . import admin_only
@app.route('/folder')
@admin_only
def folder_index():
return render_template('folders.html', folders = store.find(Folder, Folder.root == True), admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('folders.html', folders = store.find(Folder, Folder.root == True))
@app.route('/folder/add', methods = [ 'GET', 'POST' ])
def add_folder():
if request.method == 'GET':
return render_template('addfolder.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
@app.route('/folder/add')
@admin_only
def add_folder_form():
return render_template('addfolder.html')
@app.route('/folder/add', methods = [ 'POST' ])
@admin_only
def add_folder_post():
error = False
(name, path) = map(request.form.get, [ 'name', 'path' ])
if name in (None, ''):
@ -54,18 +52,19 @@ def add_folder():
flash('The path is required.')
error = True
if error:
return render_template('addfolder.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('addfolder.html')
ret = FolderManager.add(store, name, path)
if ret != FolderManager.SUCCESS:
flash(FolderManager.error_str(ret))
return render_template('addfolder.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('addfolder.html')
flash("Folder '%s' created. You should now run a scan" % name)
return redirect(url_for('folder_index'))
@app.route('/folder/del/<id>')
@admin_only
def del_folder(id):
try:
idid = uuid.UUID(id)
@ -83,6 +82,7 @@ def del_folder(id):
@app.route('/folder/scan')
@app.route('/folder/scan/<id>')
@admin_only
def scan_folder(id = None):
scanner = Scanner(store)
if id is None:

16
supysonic/frontend/playlist.py
View File

@ -3,7 +3,7 @@
# This file is part of Supysonic.
#
# Supysonic is a Python implementation of the Subsonic server API.
# Copyright (C) 2013 Alban 'spl0k' Féron
# Copyright (C) 2013-2017 Alban 'spl0k' Féron
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -18,7 +18,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from flask import request, session, flash, render_template, redirect, url_for
from flask import request, flash, render_template, redirect, url_for
import uuid
from supysonic.web import app, store
from supysonic.db import Playlist
@ -26,9 +26,9 @@ from supysonic.managers.user import UserManager
@app.route('/playlist')
def playlist_index():
return render_template('playlists.html', mine = store.find(Playlist, Playlist.user_id == uuid.UUID(session.get('userid'))),
others = store.find(Playlist, Playlist.user_id != uuid.UUID(session.get('userid')), Playlist.public == True),
admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('playlists.html',
mine = store.find(Playlist, Playlist.user_id == request.user.id),
others = store.find(Playlist, Playlist.user_id != request.user.id, Playlist.public == True))
@app.route('/playlist/<uid>')
def playlist_details(uid):
@ -43,7 +43,7 @@ def playlist_details(uid):
flash('Unknown playlist')
return redirect(url_for('playlist_index'))
return render_template('playlist.html', playlist = playlist, admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('playlist.html', playlist = playlist)
@app.route('/playlist/<uid>', methods = [ 'POST' ])
def playlist_update(uid):
@ -58,7 +58,7 @@ def playlist_update(uid):
flash('Unknown playlist')
return redirect(url_for('playlist_index'))
if str(playlist.user_id) != session.get('userid'):
if playlist.user_id != request.user.id:
flash("You're not allowed to edit this playlist")
elif not request.form.get('name'):
flash('Missing playlist name')
@ -81,7 +81,7 @@ def playlist_delete(uid):
playlist = store.get(Playlist, uid)
if not playlist:
flash('Unknown playlist')
elif str(playlist.user_id) != session.get('userid'):
elif playlist.user_id != request.user.id:
flash("You're not allowed to delete this playlist")
else:
store.remove(playlist)

111
supysonic/frontend/user.py
View File

@ -3,7 +3,7 @@
# This file is part of Supysonic.
#
# Supysonic is a Python implementation of the Subsonic server API.
# Copyright (C) 2013 Alban 'spl0k' Féron
# Copyright (C) 2013-2017 Alban 'spl0k' Féron
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
@ -27,28 +27,27 @@ import uuid, csv
from supysonic import config
from supysonic.lastfm import LastFm
@app.before_request
def check_admin():
if not request.path.startswith('/user'):
return
if request.endpoint in ('user_index', 'add_user', 'del_user', 'export_users', 'import_users', 'do_user_import') and not UserManager.get(store, session.get('userid'))[1].admin:
return redirect(url_for('index'))
from . import admin_only
@app.route('/user')
@admin_only
def user_index():
return render_template('users.html', users = store.find(User), admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('users.html', users = store.find(User))
@app.route('/user/<uid>')
def user_profile(uid):
if uid == 'me':
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(session.get('userid')))
return render_template('profile.html', user = UserManager.get(store, session.get('userid'))[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
flash(UserManager.error_str(code))
return redirect(url_for('index'))
prefs = store.find(ClientPrefs, ClientPrefs.user_id == uuid.UUID(uid))
return render_template('profile.html', user = UserManager.get(store, uid)[1], api_key = config.get('lastfm', 'api_key'), clients = prefs, admin = UserManager.get(store, session.get('userid'))[1].admin)
prefs = store.find(ClientPrefs, ClientPrefs.user_id == user.id)
return render_template('profile.html', user = user, has_lastfm = config.get('lastfm', 'api_key') != None, clients = prefs)
@app.route('/user/<uid>', methods = [ 'POST' ])
def update_clients(uid):
@ -58,9 +57,9 @@ def update_clients(uid):
app.logger.debug(clients_opts)
if uid == 'me':
userid = uuid.UUID(session.get('userid'))
userid = request.user.id
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
if not request.user.admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
return redirect(url_for('index'))
userid = uuid.UUID(uid)
@ -78,20 +77,22 @@ def update_clients(uid):
return user_profile(uid)
@app.route('/user/<uid>/changeusername', methods = [ 'GET', 'POST' ])
@admin_only
def change_username(uid):
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1]
if request.method == 'POST':
username = request.form.get('user')
if username in ('', None):
flash('The username is required')
return render_template('change_username.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('change_username.html', user = user)
if request.form.get('admin') is None:
admin = False
else:
admin = True
changed = False
if user.name != username or user.admin != admin:
user.name = username
user.admin = admin
@ -102,16 +103,19 @@ def change_username(uid):
flash("No changes for '%s'." % username)
return redirect(url_for('user_profile', uid = uid))
return render_template('change_username.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('change_username.html', user = user)
@app.route('/user/<uid>/changemail', methods = [ 'GET', 'POST' ])
def change_mail(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1]
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1]
if request.method == 'POST':
mail = request.form.get('mail')
# No validation, lol.
@ -119,25 +123,29 @@ def change_mail(uid):
store.commit()
return redirect(url_for('user_profile', uid = uid))
return render_template('change_mail.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('change_mail.html', user = user)
@app.route('/user/<uid>/changepass', methods = [ 'GET', 'POST' ])
def change_password(uid):
if uid == 'me':
user = UserManager.get(store, session.get('userid'))[1].name
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
user = UserManager.get(store, uid)[1].name
if request.method == 'POST':
error = False
if uid == 'me' or uid == session.get('userid'):
if uid == 'me' or uid == str(request.user.id):
current, new, confirm = map(request.form.get, [ 'current', 'new', 'confirm' ])
if current in ('', None):
flash('The current password is required')
error = True
else:
new, confirm = map(request.form.get, [ 'new', 'confirm' ])
if new in ('', None):
flash('The new password is required')
error = True
@ -146,22 +154,24 @@ def change_password(uid):
error = True
if not error:
if uid == 'me' or uid == session.get('userid'):
status = UserManager.change_password(store, session.get('userid'), current, new)
if uid == 'me' or uid == str(request.user.id):
status = UserManager.change_password(store, user.id, current, new)
else:
status = UserManager.change_password2(store, UserManager.get(store, uid)[1].name, new)
status = UserManager.change_password2(store, user.name, new)
if status != UserManager.SUCCESS:
flash(UserManager.error_str(status))
else:
flash('Password changed')
return redirect(url_for('user_profile', uid = uid))
return render_template('change_pass.html', user = user, admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('change_pass.html', user = user)
@app.route('/user/add', methods = [ 'GET', 'POST' ])
@admin_only
def add_user():
if request.method == 'GET':
return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('adduser.html')
error = False
(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'user', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
@ -188,9 +198,10 @@ def add_user():
else:
flash(UserManager.error_str(status))
return render_template('adduser.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('adduser.html')
@app.route('/user/del/<uid>')
@admin_only
def del_user(uid):
status = UserManager.delete(store, uid)
if status == UserManager.SUCCESS:
@ -201,6 +212,7 @@ def del_user(uid):
return redirect(url_for('user_index'))
@app.route('/user/export')
@admin_only
def export_users():
resp = make_response('\n'.join([ '%s,%s,%s,%s,"%s",%s,%s,%s' % (u.id, u.name, u.mail, u.password, u.salt, u.admin, u.lastfm_session, u.lastfm_status)
for u in store.find(User) ]))
@ -209,13 +221,15 @@ def export_users():
return resp
@app.route('/user/import')
@admin_only
def import_users():
return render_template('importusers.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('importusers.html')
@app.route('/user/import', methods = [ 'POST' ])
@admin_only
def do_user_import():
if not request.files['file']:
return render_template('importusers.html', admin = UserManager.get(store, session.get('userid'))[1].admin)
return render_template('importusers.html')
users = []
reader = csv.reader(request.files['file'])
@ -251,11 +265,15 @@ def lastfm_reg(uid):
return redirect(url_for('user_profile', uid = uid))
if uid == 'me':
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
lfm = LastFm(UserManager.get(store, uid)[1], app.logger)
lfm = LastFm(user, app.logger)
status, error = lfm.link_account(token)
store.commit()
flash(error if not status else 'Successfully linked LastFM account')
@ -265,11 +283,15 @@ def lastfm_reg(uid):
@app.route('/user/<uid>/lastfm/unlink')
def lastfm_unreg(uid):
if uid == 'me':
lfm = LastFm(UserManager.get(store, session.get('userid'))[1], app.logger)
user = request.user
elif not request.user.admin:
return redirect(url_for('index'))
else:
if not UserManager.get(store, session.get('userid'))[1].admin or not UserManager.get(store, uid)[0] is UserManager.SUCCESS:
code, user = UserManager.get(store, uid)
if code != UserManager.SUCCESS:
return redirect(url_for('index'))
lfm = LastFm(UserManager.get(store, uid)[1], app.logger)
lfm = LastFm(user, app.logger)
lfm.unlink_account()
store.commit()
flash('Unliked LastFM account')
@ -278,7 +300,7 @@ def lastfm_unreg(uid):
@app.route('/user/login', methods = [ 'GET', 'POST'])
def login():
return_url = request.args.get('returnUrl') or url_for('index')
if session.get('userid'):
if request.user:
flash('Already logged in')
return redirect(return_url)
@ -298,7 +320,6 @@ def login():
status, user = UserManager.try_auth(store, name, password)
if status == UserManager.SUCCESS:
session['userid'] = str(user.id)
session['username'] = user.name
flash('Logged in!')
return redirect(return_url)
else:

6
supysonic/templates/change_mail.html
View File

@ -9,7 +9,7 @@
-#}
{% extends "layout.html" %}
{% block navbar_users %}
{% if session.username != user.name %}
{% if request.user.id != user.id %}
<li class="active"><a href="{{ url_for('user_index') }}">Users <span
class="sr-only">(current)</span></a></li>
{% else %}
@ -17,8 +17,8 @@
{% endif %}
{% endblock %}
{% block navbar_profile %}
{% if session.username == user.name %}
<li class="active"><a href="{{ url_for('user_profile', uid = 'me') }}">{{ session.username }} <span class="sr-only">(current)</span></a></li>
{% if request.user.id == user.id %}
<li class="active"><a href="{{ url_for('user_profile', uid = 'me') }}">{{ request.user.name }} <span class="sr-only">(current)</span></a></li>
{% else %}
{{ super() }}
{% endif %}

8
supysonic/templates/change_pass.html
View File

@ -9,7 +9,7 @@
-#}
{% extends "layout.html" %}
{% block navbar_users %}
{% if session.username != user %}
{% if request.user.id != user.id %}
<li class="active"><a href="{{ url_for('user_index') }}">Users <span
class="sr-only">(current)</span></a></li>
{% else %}
@ -17,8 +17,8 @@
{% endif %}
{% endblock %}
{% block navbar_profile %}
{% if session.username == user %}
<li class="active"><a href="{{ url_for('user_profile', uid = 'me') }}">{{ session.username }} <span class="sr-only">(current)</span></a></li>
{% if request.user.id == user.id %}
<li class="active"><a href="{{ url_for('user_profile', uid = 'me') }}">{{ request.user.name }} <span class="sr-only">(current)</span></a></li>
{% else %}
{{ super() }}
{% endif %}
@ -28,7 +28,7 @@
<h2>{{ user }}</h2>
</div>
<form method="post">
{% if session.username == user %}
{% if request.user.id == user.id %}
<div class="form-group">
<label class="sr-only" for="current">Current password</label>
<div class="input-group">

2
supysonic/templates/folders.html
View File

@ -33,7 +33,7 @@
</tbody>
</table>
<div class="btn-toolbar" role="toolbar">
<a href="{{ url_for('add_folder') }}" class="btn btn-default">Add</a>
<a href="{{ url_for('add_folder_form') }}" class="btn btn-default">Add</a>
<a href="{{ url_for('scan_folder') }}" class="btn btn-default">Scan all</a>
</div>
<div class="modal fade" id="confirm-delete" tabindex="-1" role="dialog">

4
supysonic/templates/layout.html
View File

@ -56,7 +56,7 @@
{% block navbar_playlists %}
<li><a href="{{ url_for('playlist_index') }}">Playlists</a></li>
{% endblock %}
{% if admin %}
{% if request.user.admin %}
{% block navbar_users %}
<li><a href="{{ url_for('user_index') }}">Users</a></li>
{% endblock %}
@ -65,7 +65,7 @@
{% endblock %}
{% endif %}
{% block navbar_profile %}
<li><a href="{{ url_for('user_profile', uid = 'me')}}">{{ session.username }}</a></li>
<li><a href="{{ url_for('user_profile', uid = 'me')}}">{{ request.user.name }}</a></li>
{% endblock %}
</ul>
<ul class="nav navbar-nav navbar-right">

2
supysonic/templates/playlist.html
View File

@ -16,7 +16,7 @@
<div class="page-header first-header">
<h2>Playlist "{{ playlist.name }}"</h2>
</div>
{% if playlist.user_id|str == session.get('userid') %}
{% if playlist.user_id == request.user.id %}
<h3>Edit</h3>
<form method="post">
<table id="playlist" class="table">

18
supysonic/templates/profile.html
View File

@ -9,7 +9,7 @@
-#}
{% extends "layout.html" %}
{% block navbar_users %}
{% if session.username != user.name %}
{% if request.user.id != user.id %}
<li class="active"><a href="{{ url_for('user_index') }}">Users <span
class="sr-only">(current)</span></a></li>
{% else %}
@ -17,8 +17,8 @@
{% endif %}
{% endblock %}
{% block navbar_profile %}
{% if session.username == user.name %}
<li class="active"><a href="{{ url_for('user_profile', uid = 'me') }}">{{ session.username }} <span class="sr-only">(current)</span></a></li>
{% if request.user.id == user.id %}
<li class="active"><a href="{{ url_for('user_profile', uid = 'me') }}">{{ request.user.name }} <span class="sr-only">(current)</span></a></li>
{% else %}
{{ super() }}
{% endif %}
@ -27,7 +27,7 @@
<div class="page-header first-header">
<h2>{{ user.name }}{% if user.admin %} <small><span class="glyphicon
glyphicon-certificate" data-toggle="tooltip" data-placement="right"
title="{% if session.username == user.name %}You're an admin!{% else %}The user is an admin!{% endif %}"></span></small>{% endif %}</h2>
title="{% if request.user.id == user.id %}You're an admin!{% else %}The user is an admin!{% endif %}"></span></small>{% endif %}</h2>
</div>
<div class="row">
<div class="col-md-6">
@ -38,7 +38,7 @@
<div class="input-group-addon">User eMail</div>
<input type="text" class="form-control" id="email" placeholder="{{ user.mail }}" readonly>
<div class="input-group-btn">
{% if session.username == user.name %}
{% if request.user.id == user.id %}
<a href="{{ url_for('change_mail', uid = 'me') }}" class="btn btn-default">Change eMail</a>
{% else %}
<a href="{{ url_for('change_mail', uid = user.id) }}" class="btn btn-default">Change eMail</a>
@ -54,11 +54,11 @@
<label class="sr-only" for="lastfm">LastFM status</label>
<div class="input-group">
<div class="input-group-addon">LastFM status</div>
{% if api_key %}
{% if has_lastfm %}
{% if user.lastfm_session %}
<input type="text" class="form-control" id="lastfm" placeholder="{% if user.lastfm_status %}Linked{% else %}Invalid session{% endif %}" readonly>
<div class="input-group-btn">
{% if session.username == user.name %}
{% if request.user.id == user.id %}
<a href="{{ url_for('lastfm_unreg', uid = 'me') }}" class="btn btn-default">Unlink</a>
{% else %}
<a href="{{ url_for('lastfm_unreg', uid = user.id) }}" class="btn btn-default">Unlink</a>
@ -67,7 +67,7 @@
{% else %}
<input type="text" class="form-control" id="lastfm" placeholder="Unlinked" readonly>
<div class="input-group-btn">
{% if session.username == user.name %}
{% if request.user.id == user.id %}
<a href="http://www.last.fm/api/auth/?api_key={{ api_key }}&cb={{ request.url_root[:-(request.script_root|length+1)] + url_for('lastfm_reg', uid = 'me') }}" class="btn btn-default">Link</a>
{% else %}
<a href="http://www.last.fm/api/auth/?api_key={{ api_key }}&cb={{ request.url_root[:-(request.script_root|length+1)] + url_for('lastfm_reg', uid = user.id) }}" class="btn btn-default">Link</a>
@ -82,7 +82,7 @@
</form>
</div>
</div>
{% if session.username == user.name %}
{% if request.user.id == user.id %}
<a href="{{ url_for('change_password', uid = 'me') }}" class="btn btn-default">Change password</a></li>
{% else %}
<a href="{{ url_for('change_username', uid = user.id) }}" class="btn btn-default">Change username or admin status</a></li>

4
supysonic/templates/users.html
View File

@ -23,10 +23,10 @@
<tbody>
{% for user in users %}
<tr>
<td>{% if session.username == user.name %}{{ user.name }}{% else %}
<td>{% if request.user.id == user.id %}{{ user.name }}{% else %}
<a href="{{ url_for('user_profile', uid = user.id) }}">{{ user.name }}</a>{% endif %}</td>
<td>{{ user.mail }}</td><td>{{ user.admin }}</td><td>{{ user.last_play_date }}</td><td>
{% if session.username != user.name %}<button class="btn btn-danger btn-xs" data-href="{{ url_for('del_user', uid = user.id) }}" data-toggle="modal" data-target="#confirm-delete" aria-label="Delete user">
{% if request.user.id != user.id %}<button class="btn btn-danger btn-xs" data-href="{{ url_for('del_user', uid = user.id) }}" data-toggle="modal" data-target="#confirm-delete" aria-label="Delete user">
<span class="glyphicon glyphicon-remove-circle" aria-hidden="true" data-toggle="tooltip" data-placement="top" title="Delete user"></span></button>{% endif %}</td></tr>
{% endfor %}
</tbody>

2
tests/frontend/test_folder.py
View File

@ -33,7 +33,7 @@ class FolderTestCase(FrontendTestBase):
self._login('bob', 'B0b')
rv = self.client.get('/folder/add', follow_redirects = True)
self.assertIn('There\'s nothing much to see', rv.data)
self.assertNotIn('Add folder', rv.data)
self.assertNotIn('Add Folder', rv.data)
self._logout()
self._login('alice', 'Alic3')

8
tests/frontend/test_login.py
View File

@ -54,7 +54,6 @@ class LoginTestCase(FrontendTestBase):
# Root with valid session
with self.client.session_transaction() as sess:
sess['userid'] = self.store.find(User, User.name == 'alice').one().id
sess['username'] = 'alice'
rv = self.client.get('/', follow_redirects=True)
self.assertIn('alice', rv.data)
self.assertIn('Log out', rv.data)
@ -64,13 +63,6 @@ class LoginTestCase(FrontendTestBase):
# Root with a no-valid session
with self.client.session_transaction() as sess:
sess['userid'] = uuid.uuid4()
sess['username'] = 'alice'
rv = self.client.get('/', follow_redirects=True)
self.assertIn('Please login', rv.data)
# Root with a no-valid user
with self.client.session_transaction() as sess:
sess['userid'] = self.store.find(User, User.name == 'alice').one().id
sess['username'] = 'nonexistent'
rv = self.client.get('/', follow_redirects=True)
self.assertIn('Please login', rv.data)