User management got its own module, along with initial configuration

2024-11-09 19:52:16 +00:00 · 2012-11-16 16:59:09 +01:00 · 2012-11-16 16:59:09 +01:00 · e44f7dc2bf
commit e44f7dc2bf
parent 3e89c102e9
6 changed files with 94 additions and 66 deletions
--- a/db.py
+++ b/db.py
@ -53,7 +53,7 @@ class User(Base):
 	mail = Column(String)
 	password = Column(String(40))
 	salt = Column(String(6))
-	admin = Column(Boolean)
+	admin = Column(Boolean, default = False)

 class Folder(Base):
 	__tablename__ = 'folder'
--- a/templates/adduser.html
+++ b/templates/adduser.html
@ -5,6 +5,7 @@
 	<label for="passwd">Password</label><input type="password" id="passwd" name="passwd" /><br />
 	<label for="passwd_confirm">Confirm</label><input type="password" id="passwd_confirm" name="passwd_confirm" /><br />
 	<label for="mail">EMail</label><input type="text" id="mail" name="mail" value="{{ request.form.mail }}" /><br />
+	<label for="admin">Admin</label><input type="checkbox" id="admin" name="admin" {{ 'checked="checked"' if 'admin' in request.form }} /><br />
 	<input type="submit" />
 </form>
 {% endblock %}
--- a/templates/home.html
+++ b/templates/home.html
@ -1,13 +1,6 @@
 {% extends "layout.html" %}
 {% block body %}
-<h2>Users</h2>
-<table>
-	<tr><th>Name</th><th>EMail</th><th></th></tr>
-	{% for user in users %}
-	<tr><td>{{ user.name }}</td><td>{{ user.mail }}</td><td><a href="{{ url_for('del_user', id = user.id) }}">X</a></td></tr>
-	{% endfor %}
-</table>
-<a href="{{ url_for('add_user') }}">Add</a>
+<p><a href="{{ url_for('user_index') }}">Users</a></p>

 <h2>Music folders</h2>
 <table>
--- a/templates/users.html
+++ b/templates/users.html
@ -0,0 +1,12 @@
+{% extends "layout.html" %}
+{% block body %}
+<h2>Users</h2>
+<table>
+	<tr><th>Name</th><th>EMail</th><th>Admin</th><th></th></tr>
+	{% for user in users %}
+	<tr><td>{{ user.name }}</td><td>{{ user.mail }}</td><td>{{ user.admin }}</td><td><a href="{{ url_for('del_user', id = user.id) }}">X</a></td></tr>
+	{% endfor %}
+</table>
+<a href="{{ url_for('add_user') }}">Add</a>
+
+{% endblock %}
--- a/user.py
+++ b/user.py
@ -0,0 +1,67 @@
+# coding: utf-8
+
+from flask import Flask, request, flash, render_template, redirect, url_for
+import string, random, hashlib
+import uuid
+
+from web import app
+import db
+
+@app.route('/user')
+def user_index():
+	return render_template('users.html', users = db.User.query.all())
+
+@app.route('/user/add', methods = [ 'GET', 'POST' ])
+def add_user():
+	if request.method == 'GET':
+		return render_template('adduser.html')
+
+	error = False
+	(name, passwd, passwd_confirm, mail, admin) = map(request.form.get, [ 'name', 'passwd', 'passwd_confirm', 'mail', 'admin' ])
+	if name in (None, ''):
+		flash('The name is required.')
+		error = True
+	elif db.User.query.filter(db.User.name == name).first():
+		flash('There is already a user with that name. Please pick another one.')
+		error = True
+	if passwd in (None, ''):
+		flash('Please provide a password.')
+		error = True
+	elif passwd != passwd_confirm:
+		flash("The passwords don't match.")
+		error = True
+	if admin is None:
+		admin = True if db.User.query.filter(db.User.admin == True).count() == 0 else False
+	else:
+		admin = True
+	if error:
+		return render_template('adduser.html')
+
+	salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
+	crypt = hashlib.sha1(salt + passwd).hexdigest()
+	user = db.User(name = name, mail = mail, password = crypt, salt = salt, admin = admin)
+	db.session.add(user)
+	db.session.commit()
+	flash("User '%s' successfully added" % name)
+
+	return redirect(url_for('index'))
+
+@app.route('/user/del/<id>')
+def del_user(id):
+	try:
+		idid = uuid.UUID(id)
+	except ValueError:
+		flash('Invalid user id')
+		return redirect(url_for('index'))
+
+	user = db.User.query.get(idid)
+	if user is None:
+		flash('No such user')
+		return redirect(url_for('index'))
+
+	db.session.delete(user)
+	db.session.commit()
+	flash("Deleted user '%s'" % user.name)
+
+	return redirect(url_for('index'))
+
--- a/web.py
+++ b/web.py
@ -2,7 +2,6 @@

 from flask import Flask, request, flash, render_template, redirect, url_for
 from sqlalchemy.orm.exc import NoResultFound
-import string, random, hashlib
 import os.path
 import uuid

@ -12,18 +11,22 @@ app.secret_key = '?9huDM\\H'
 import db
 from scanner import Scanner

+@app.before_request
+def init_check():
+	if request.path.startswith('/rest/'):
+		return
+
+	if db.User.query.filter(db.User.admin == True).count() == 0 and request.endpoint != 'add_user':
+		flash('Not configured. Please create the first admin user')
+		return redirect(url_for('add_user'))
+
@app.teardown_request
 def teardown(exception):
 	db.session.remove()

@app.route('/')
 def index():
-	"""
-	if User.query.count() == 0:
-		flash('Not configured. Please create the first admin user')
-		return redirect(url_for('add_user'))
-	"""
-	return render_template('home.html', users = db.User.query.all(), folders = db.Folder.query.filter(db.Folder.root == True).all(),
+	return render_template('home.html', folders = db.Folder.query.filter(db.Folder.root == True).all(),
 		artists = db.Artist.query.order_by(db.Artist.name).all(),
 		albums = db.Album.query.join(db.Album.artist).order_by(db.Artist.name, db.Album.name).all())

@ -32,56 +35,6 @@ def reset_db():
 	db.recreate_db()
 	return redirect(url_for('index'))

-@app.route('/adduser', methods = [ 'GET', 'POST' ])
-def add_user():
-	if request.method == 'GET':
-		return render_template('adduser.html')
-
-	error = False
-	(name, passwd, passwd_confirm, mail) = map(request.form.get, [ 'name', 'passwd', 'passwd_confirm', 'mail' ])
-	if name in (None, ''):
-		flash('The name is required.')
-		error = True
-	elif db.User.query.filter(db.User.name == name).first():
-		flash('There is already a user with that name. Please pick another one.')
-		error = True
-	if passwd in (None, ''):
-		flash('Please provide a password.')
-		error = True
-	elif passwd != passwd_confirm:
-		flash("The passwords don't match.")
-		error = True
-	if error:
-		return render_template('adduser.html')
-
-	salt = ''.join(random.choice(string.printable.strip()) for i in xrange(6))
-	crypt = hashlib.sha1(salt + passwd).hexdigest()
-	user = db.User(name = name, mail = mail, password = crypt, salt = salt)
-	db.session.add(user)
-	db.session.commit()
-	flash("User '%s' successfully added" % name)
-
-	return redirect(url_for('index'))
-
-@app.route('/deluser/<id>')
-def del_user(id):
-	try:
-		idid = uuid.UUID(id)
-	except ValueError:
-		flash('Invalid user id')
-		return redirect(url_for('index'))
-
-	user = db.User.query.get(idid)
-	if user is None:
-		flash('No such user')
-		return redirect(url_for('index'))
-
-	db.session.delete(user)
-	db.session.commit()
-	flash("Deleted user '%s'" % user.name)
-
-	return redirect(url_for('index'))
-
@app.route('/addfolder', methods = [ 'GET', 'POST' ])
 def add_folder():
 	if request.method == 'GET':
@ -186,6 +139,8 @@ def scan_folder(id = None):
 	flash('Deleted: %i artists, %i albums, %i tracks' % (deleted[0], deleted[1], deleted[2]))
 	return redirect(url_for('index'))

+import user
+
 import api.system
 import api.browse
 import api.user