aboutsummaryrefslogtreecommitdiff
path: root/pyaggr3g470r/views.py
diff options
context:
space:
mode:
Diffstat (limited to 'pyaggr3g470r/views.py')
-rw-r--r--pyaggr3g470r/views.py120
1 files changed, 119 insertions, 1 deletions
diff --git a/pyaggr3g470r/views.py b/pyaggr3g470r/views.py
index 1a5d45a9..7ca3ac02 100644
--- a/pyaggr3g470r/views.py
+++ b/pyaggr3g470r/views.py
@@ -31,6 +31,7 @@ import datetime
from flask import render_template, jsonify, request, flash, session, url_for, redirect, g, current_app, make_response
from flask.ext.login import LoginManager, login_user, logout_user, login_required, current_user, AnonymousUserMixin
from flask.ext.principal import Principal, Identity, AnonymousIdentity, identity_changed, identity_loaded, Permission, RoleNeed, UserNeed
+from werkzeug import generate_password_hash
import utils
import export
@@ -41,6 +42,10 @@ from forms import SigninForm, AddFeedForm, ProfileForm
from pyaggr3g470r import app, db
from pyaggr3g470r.models import User, Feed, Article, Role
+Principal(app)
+# Create a permission with a single Need, in this case a RoleNeed.
+admin_permission = Permission(RoleNeed('admin'))
+
login_manager = LoginManager()
login_manager.init_app(app)
@@ -156,7 +161,7 @@ def logout():
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
flash("Logged out successfully.", 'success')
- return redirect(url_for('map_view'))
+ return redirect(url_for('login'))
@app.route('/')
@login_required
@@ -556,3 +561,116 @@ def profile():
if request.method == 'GET':
form = ProfileForm(obj=user)
return render_template('profile.html', user=user, form=form)
+
+
+
+#
+# Views dedicated to administration tasks.
+#
+@app.route('/admin/dashboard/', methods=['GET', 'POST'])
+@login_required
+@admin_permission.require()
+def dashboard():
+ """
+ Adminstrator's dashboard.
+ """
+ users = User.query.all()
+ users.remove(g.user)
+ return render_template('admin/dashboard.html', users=users)
+
+@app.route('/admin/create_user/', methods=['GET', 'POST'])
+@app.route('/admin/edit_user/<int:user_id>/', methods=['GET', 'POST'])
+@login_required
+@admin_permission.require()
+def create_user(user_id=None):
+ """
+ Create or edit a user.
+ """
+ form = ProfileForm()
+
+ if request.method == 'POST':
+ if form.validate():
+ if user_id != None:
+ # Edit a user
+ user = User.query.filter(User.id == user_id).first()
+ form.populate_obj(user)
+ if form.password.data != "":
+ user.set_password(form.password.data)
+ db.session.commit()
+ flash('User "' + user.firstname + '" successfully updated.', 'success')
+ else:
+ # Create a new user
+ role_user = Role.query.filter(Role.name == "user").first()
+ user = User(firstname=form.firstname.data,
+ lastname=form.lastname.data,
+ email=form.email.data,
+ pwdhash=generate_password_hash(form.password.data))
+ user.roles.extend([role_user])
+ db.session.add(user)
+ db.session.commit()
+ flash('User "' + user.firstname + '" successfully created.', 'success')
+ return redirect("/admin/edit_user/"+str(user.id)+"/")
+ else:
+ return render_template('profile.html', form=form)
+
+ if request.method == 'GET':
+ if user_id != None:
+ user = User.query.filter(User.id == user_id).first()
+ form = ProfileForm(obj=user)
+ message = "Edit the user <i>" + user.firstname + "</i>"
+ else:
+ form = ProfileForm()
+ message="Add a new user"
+ return render_template('/admin/create_user.html', form=form, message=message)
+
+@app.route('/admin/user/<int:user_id>/', methods=['GET'])
+@login_required
+@admin_permission.require()
+def user(user_id=None):
+ """
+ See information about a user (stations, etc.).
+ """
+ user = User.query.filter(User.id == user_id).first()
+ if user is not None:
+ return render_template('/admin/user.html', user=user)
+ else:
+ flash('This user does not exist.', 'danger')
+ return redirect(redirect_url())
+
+@app.route('/admin/delete_user/<int:user_id>/', methods=['GET'])
+@login_required
+@admin_permission.require()
+def delete_user(user_id=None):
+ """
+ Delete a user (with its stations and measures).
+ """
+ user = User.query.filter(User.id == user_id).first()
+ if user is not None:
+ db.session.delete(user)
+ db.session.commit()
+ flash('User "' + user.firstname + '" successfully deleted.', 'success')
+ else:
+ flash('This user does not exist.', 'danger')
+ return redirect(redirect_url())
+
+@app.route('/admin/enable_user/<int:user_id>/', methods=['GET'])
+@app.route('/admin/disable_user/<int:user_id>/', methods=['GET'])
+@login_required
+@admin_permission.require()
+def disable_user(user_id=None):
+ """
+ Enable or disable the API key of a user.
+ """
+ user = User.query.filter(User.id == user_id).first()
+ if user is not None:
+ if user.apikey != "":
+ user.pwdhash = ""
+ flash(user.firstname + '" successfully disabled.', 'success')
+ else:
+ #import random, base64, hashlib
+ user.pwdhash = "newpass"
+ flash(user.firstname + '" successfully enabled.', 'success')
+ db.session.commit()
+ else:
+ flash('This user does not exist.', 'danger')
+ return redirect(redirect_url()) \ No newline at end of file
bgstack15