2 files changed, 62 insertions, 5 deletions

diff --git a/src/web/templates/admin/dashboard.html b/src/web/templates/admin/dashboard.html
index 57b20bb5..d6e53526 100644
--- a/src/web/templates/admin/dashboard.html
+++ b/src/web/templates/admin/dashboard.html
@@ -17,7 +17,7 @@
         </tr>
     </thead>
     <tbody>
-    {% for user in users|sort(attribute="last_seen")|reverse %}
+    {% for user in users %}
         <tr {% if not user.enabled  %}class="warning"{% endif %}>
             <td>{{ loop.index }}</td>
             <td>{{ user.nickname }}{% if user.id == current_user.id %} (It's you!){% endif %}</td>
@@ -25,7 +25,7 @@
             <td class="date">{{ user.date_created | datetime }}</td>
             <td class="date">{{ user.last_seen | datetime }}</td>
             <td>
-                <a href="{{ url_for("admin.user_form", user_id=user.id) }}"><i class="glyphicon glyphicon-edit" title="{{ _('Edit this user') }}"></i></a>
+                <a href="{{ url_for("admin.user", user_id=user.id) }}"><i class="glyphicon glyphicon-edit" title="{{ _('Edit this user') }}"></i></a>
                 {% if user.id != current_user.id %}
                     <a href="{{ url_for("admin.toggle_user", user_id=user.id) }}">
                     {% if user.enabled %}
@@ -34,7 +34,7 @@
                         <i class="glyphicon glyphicon-ok-circle" title="{{ _("Enable this account") }}"></i>
                     {% endif %}
                     </a>
-                    <a href="{{ url_for("admin.delete_user", user_id=user.id) }}"><i class="glyphicon glyphicon-remove" title="{{ _('Delete this user') }}" onclick="return confirm('{{ _('You are going to delete this account.') }}');"></i></a>
+                    <a href="{{ url_for("admin.toggle_user", user_id=user.id) }}"><i class="glyphicon glyphicon-remove" title="{{ _('Delete this user') }}" onclick="return confirm('{{ _('You are going to delete this account.') }}');"></i></a>
                 {% endif %}
             </td>
         </tr>
diff --git a/src/web/views/admin.py b/src/web/views/admin.py
index 78344983..1dc676de 100644
--- a/src/web/views/admin.py
+++ b/src/web/views/admin.py
@@ -2,10 +2,12 @@ from datetime import datetime
 from flask import (Blueprint, render_template, redirect, flash, url_for)
 from flask.ext.babel import gettext, format_timedelta
 from flask.ext.login import login_required, current_user
+from werkzeug import generate_password_hash
 
 from web.views.common import admin_permission
 from web.lib.utils import redirect_url
 from web.controllers import UserController, ArticleController
+from web.forms import InformationMessageForm, UserForm
 
 admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
 
@@ -16,10 +18,12 @@ admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
 def dashboard():
     last_cons, now = {}, datetime.utcnow()
     users = list(UserController().read().order_by('id'))
+    form = InformationMessageForm()
     for user in users:
-        last_cons[user.id] = format_timedelta(now - user.last_connection)
+        last_cons[user.id] = format_timedelta(now - user.last_seen)
     return render_template('admin/dashboard.html', now=datetime.utcnow(),
-            last_cons=last_cons, users=users, current_user=current_user)
+            last_cons=last_cons, users=users, current_user=current_user,
+            form=form)
 
 
 @admin_bp.route('/user/<int:user_id>', methods=['GET'])
@@ -41,6 +45,59 @@ def user(user_id=None):
         return redirect(redirect_url())
 
 
+@admin_bp.route('/user/create', methods=['GET'])
+@admin_bp.route('/user/edit/<int:user_id>', methods=['GET'])
+@login_required
+@admin_permission.require(http_exception=403)
+def user_form(user_id=None):
+    if user_id is not None:
+        user = UserController().get(id=user_id)
+        form = UserForm(obj=user)
+        message = gettext('Edit the user <i>%(nick)s</i>', nick=user.nickname)
+    else:
+        form = UserForm()
+        message = gettext('Add a new user')
+    return render_template('/admin/create_user.html',
+                           form=form, message=message)
+
+
+@admin_bp.route('/user/create', methods=['POST'])
+@admin_bp.route('/user/edit/<int:user_id>', methods=['POST'])
+@login_required
+@admin_permission.require(http_exception=403)
+def process_user_form(user_id=None):
+    """
+    Create or edit a user.
+    """
+    form = UserForm()
+    user_contr = UserController()
+
+    if not form.validate():
+        return render_template('/admin/create_user.html', form=form,
+                               message=gettext('Some errors were found'))
+
+    if user_id is not None:
+        # Edit a user
+        user_contr.update({'id': user_id},
+                          {'nickname': form.nickname.data,
+                           'email': form.email.data,
+                           'password': form.password.data,
+                           'refresh_rate': form.refresh_rate.data})
+        user = user_contr.get(id=user_id)
+        flash(gettext('User %(nick)s successfully updated',
+                      nick=user.nickname), 'success')
+    else:
+        # Create a new user (by the admin)
+        user = user_contr.create(nickname=form.nickname.data,
+                                 email=form.email.data,
+                                 pwdhash=generate_password_hash(form.password.data),
+                                 is_admin=False,
+                                 refresh_rate=form.refresh_rate.data)
+        flash(gettext('User %(nick)s successfully created',
+                      nick=user.nickname), 'success')
+    return redirect(url_for('admin.user_form', user_id=user.id))
+
+
 @admin_bp.route('/toggle_user/<int:user_id>', methods=['GET'])
 @login_required
 @admin_permission.require()