diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-04-09 20:14:33 +0200 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2014-04-09 20:14:33 +0200 |
commit | 5d220e360454e7643eb5539fa329702cb5c273c5 (patch) | |
tree | 2797e3e3c98c0d47e9515ab4a2c9fd4c0f3070bd /pyaggr3g470r/views.py | |
parent | Fixed bug for deployment on Heroku (3). (diff) | |
download | newspipe-5d220e360454e7643eb5539fa329702cb5c273c5.tar.gz newspipe-5d220e360454e7643eb5539fa329702cb5c273c5.tar.bz2 newspipe-5d220e360454e7643eb5539fa329702cb5c273c5.zip |
Management of users via the administrator's account.
Diffstat (limited to 'pyaggr3g470r/views.py')
-rw-r--r-- | pyaggr3g470r/views.py | 120 |
1 files changed, 119 insertions, 1 deletions
diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py index 1a5d45a9..7ca3ac02 100644 --- a/pyaggr3g470r/views.py +++ b/pyaggr3g470r/views.py @@ -31,6 +31,7 @@ import datetime from flask import render_template, jsonify, request, flash, session, url_for, redirect, g, current_app, make_response from flask.ext.login import LoginManager, login_user, logout_user, login_required, current_user, AnonymousUserMixin from flask.ext.principal import Principal, Identity, AnonymousIdentity, identity_changed, identity_loaded, Permission, RoleNeed, UserNeed +from werkzeug import generate_password_hash import utils import export @@ -41,6 +42,10 @@ from forms import SigninForm, AddFeedForm, ProfileForm from pyaggr3g470r import app, db from pyaggr3g470r.models import User, Feed, Article, Role +Principal(app) +# Create a permission with a single Need, in this case a RoleNeed. +admin_permission = Permission(RoleNeed('admin')) + login_manager = LoginManager() login_manager.init_app(app) @@ -156,7 +161,7 @@ def logout(): identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity()) flash("Logged out successfully.", 'success') - return redirect(url_for('map_view')) + return redirect(url_for('login')) @app.route('/') @login_required @@ -556,3 +561,116 @@ def profile(): if request.method == 'GET': form = ProfileForm(obj=user) return render_template('profile.html', user=user, form=form) + + + +# +# Views dedicated to administration tasks. +# +@app.route('/admin/dashboard/', methods=['GET', 'POST']) +@login_required +@admin_permission.require() +def dashboard(): + """ + Adminstrator's dashboard. + """ + users = User.query.all() + users.remove(g.user) + return render_template('admin/dashboard.html', users=users) + +@app.route('/admin/create_user/', methods=['GET', 'POST']) +@app.route('/admin/edit_user/<int:user_id>/', methods=['GET', 'POST']) +@login_required +@admin_permission.require() +def create_user(user_id=None): + """ + Create or edit a user. + """ + form = ProfileForm() + + if request.method == 'POST': + if form.validate(): + if user_id != None: + # Edit a user + user = User.query.filter(User.id == user_id).first() + form.populate_obj(user) + if form.password.data != "": + user.set_password(form.password.data) + db.session.commit() + flash('User "' + user.firstname + '" successfully updated.', 'success') + else: + # Create a new user + role_user = Role.query.filter(Role.name == "user").first() + user = User(firstname=form.firstname.data, + lastname=form.lastname.data, + email=form.email.data, + pwdhash=generate_password_hash(form.password.data)) + user.roles.extend([role_user]) + db.session.add(user) + db.session.commit() + flash('User "' + user.firstname + '" successfully created.', 'success') + return redirect("/admin/edit_user/"+str(user.id)+"/") + else: + return render_template('profile.html', form=form) + + if request.method == 'GET': + if user_id != None: + user = User.query.filter(User.id == user_id).first() + form = ProfileForm(obj=user) + message = "Edit the user <i>" + user.firstname + "</i>" + else: + form = ProfileForm() + message="Add a new user" + return render_template('/admin/create_user.html', form=form, message=message) + +@app.route('/admin/user/<int:user_id>/', methods=['GET']) +@login_required +@admin_permission.require() +def user(user_id=None): + """ + See information about a user (stations, etc.). + """ + user = User.query.filter(User.id == user_id).first() + if user is not None: + return render_template('/admin/user.html', user=user) + else: + flash('This user does not exist.', 'danger') + return redirect(redirect_url()) + +@app.route('/admin/delete_user/<int:user_id>/', methods=['GET']) +@login_required +@admin_permission.require() +def delete_user(user_id=None): + """ + Delete a user (with its stations and measures). + """ + user = User.query.filter(User.id == user_id).first() + if user is not None: + db.session.delete(user) + db.session.commit() + flash('User "' + user.firstname + '" successfully deleted.', 'success') + else: + flash('This user does not exist.', 'danger') + return redirect(redirect_url()) + +@app.route('/admin/enable_user/<int:user_id>/', methods=['GET']) +@app.route('/admin/disable_user/<int:user_id>/', methods=['GET']) +@login_required +@admin_permission.require() +def disable_user(user_id=None): + """ + Enable or disable the API key of a user. + """ + user = User.query.filter(User.id == user_id).first() + if user is not None: + if user.apikey != "": + user.pwdhash = "" + flash(user.firstname + '" successfully disabled.', 'success') + else: + #import random, base64, hashlib + user.pwdhash = "newpass" + flash(user.firstname + '" successfully enabled.', 'success') + db.session.commit() + else: + flash('This user does not exist.', 'danger') + return redirect(redirect_url())
\ No newline at end of file |