From b2618e9404b84cc62d4becb02436233a0d53b375 Mon Sep 17 00:00:00 2001
From: Cédric Bonhomme <cedric@cedricbonhomme.org>
Date: Wed, 25 Nov 2015 22:45:43 +0100
Subject: Rfactorization. Just a start...

---
 web/views/__init__.py     |   6 +
 web/views/api/__init__.py |  31 ++
 web/views/api/article.py  |  63 ++++
 web/views/api/common.py   | 245 ++++++++++++++
 web/views/api/feed.py     |  69 ++++
 web/views/article.py      |  40 +++
 web/views/feed.py         | 207 ++++++++++++
 web/views/icon.py         |  14 +
 web/views/views.py        | 798 ++++++++++++++++++++++++++++++++++++++++++++++
 9 files changed, 1473 insertions(+)
 create mode 100644 web/views/__init__.py
 create mode 100644 web/views/api/__init__.py
 create mode 100644 web/views/api/article.py
 create mode 100644 web/views/api/common.py
 create mode 100644 web/views/api/feed.py
 create mode 100644 web/views/article.py
 create mode 100644 web/views/feed.py
 create mode 100644 web/views/icon.py
 create mode 100644 web/views/views.py

(limited to 'web/views')

diff --git a/web/views/__init__.py b/web/views/__init__.py
new file mode 100644
index 00000000..36d382bd
--- /dev/null
+++ b/web/views/__init__.py
@@ -0,0 +1,6 @@
+from .views import *
+from .api import *
+
+from .article import article_bp, articles_bp
+from .feed import feed_bp, feeds_bp
+from .icon import icon_bp
diff --git a/web/views/api/__init__.py b/web/views/api/__init__.py
new file mode 100644
index 00000000..24472ebe
--- /dev/null
+++ b/web/views/api/__init__.py
@@ -0,0 +1,31 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# jarr - A Web based news aggregator.
+# Copyright (C) 2010-2015  Cédric Bonhomme - http://JARR-aggregator.org/
+#
+# For more information : https://github.com/JARR-aggregator/JARR/
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+__author__ = "Cedric Bonhomme"
+__version__ = "$Revision: 0.2 $"
+__date__ = "$Date: 2014/06/18 $"
+__revision__ = "$Date: 2014/07/05 $"
+__copyright__ = "Copyright (c) Cedric Bonhomme"
+__license__ = "AGPLv3"
+
+from web.views.api import article, feed
+
+__all__ = ['article', 'feed']
diff --git a/web/views/api/article.py b/web/views/api/article.py
new file mode 100644
index 00000000..51844b20
--- /dev/null
+++ b/web/views/api/article.py
@@ -0,0 +1,63 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -
+
+from flask import g
+import dateutil.parser
+
+from web.controllers import ArticleController
+from web.views.api.common import PyAggAbstractResource,\
+                                          PyAggResourceNew, \
+                                          PyAggResourceExisting, \
+                                          PyAggResourceMulti
+
+
+ARTICLE_ATTRS = {'user_id': {'type': int},
+                 'feed_id': {'type': int},
+                 'entry_id': {'type': str},
+                 'link': {'type': str},
+                 'title': {'type': str},
+                 'readed': {'type': bool}, 'like': {'type': bool},
+                 'content': {'type': str},
+                 'date': {'type': str}, 'retrieved_date': {'type': str}}
+
+
+class ArticleNewAPI(PyAggResourceNew):
+    controller_cls = ArticleController
+    attrs = ARTICLE_ATTRS
+    to_date = ['date', 'retrieved_date']
+
+
+class ArticleAPI(PyAggResourceExisting):
+    controller_cls = ArticleController
+    attrs = ARTICLE_ATTRS
+    to_date = ['date', 'retrieved_date']
+
+
+class ArticlesAPI(PyAggResourceMulti):
+    controller_cls = ArticleController
+    attrs = ARTICLE_ATTRS
+    to_date = ['date', 'retrieved_date']
+
+
+class ArticlesChallenge(PyAggAbstractResource):
+    controller_cls = ArticleController
+    attrs = {'ids': {'type': list, 'default': []}}
+    to_date = ['date', 'retrieved_date']
+
+    def get(self):
+        parsed_args = self.reqparse_args()
+        for id_dict in parsed_args['ids']:
+            for key in self.to_date:
+                if key in id_dict:
+                    id_dict[key] = dateutil.parser.parse(id_dict[key])
+
+        result = list(self.wider_controller.challenge(parsed_args['ids']))
+        return result or None, 200 if result else 204
+
+
+g.api.add_resource(ArticleNewAPI, '/article', endpoint='article_new.json')
+g.api.add_resource(ArticleAPI, '/article/<int:obj_id>',
+                   endpoint='article.json')
+g.api.add_resource(ArticlesAPI, '/articles', endpoint='articles.json')
+g.api.add_resource(ArticlesChallenge, '/articles/challenge',
+                   endpoint='articles_challenge.json')
diff --git a/web/views/api/common.py b/web/views/api/common.py
new file mode 100644
index 00000000..3476cad9
--- /dev/null
+++ b/web/views/api/common.py
@@ -0,0 +1,245 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -
+
+"""For a given resources, classes in the module intend to create the following
+routes :
+    GET resource/<id>
+        -> to retrieve one
+    POST resource
+        -> to create one
+    PUT resource/<id>
+        -> to update one
+    DELETE resource/<id>
+        -> to delete one
+
+    GET resources
+        -> to retrieve several
+    POST resources
+        -> to create several
+    PUT resources
+        -> to update several
+    DELETE resources
+        -> to delete several
+"""
+import ast
+import json
+import logging
+import dateutil.parser
+from functools import wraps
+from werkzeug.exceptions import Unauthorized, BadRequest
+from flask import request, g, session, Response
+from flask.ext.restful import Resource, reqparse
+
+from web.lib.utils import default_handler
+from web.models import User
+
+logger = logging.getLogger(__name__)
+
+
+def authenticate(func):
+    """
+    Decorator for the authentication to the web services.
+    """
+    @wraps(func)
+    def wrapper(*args, **kwargs):
+        logged_in = False
+        if not getattr(func, 'authenticated', True):
+            logged_in = True
+        # authentication based on the session (already logged on the site)
+        elif 'email' in session or g.user.is_authenticated:
+            logged_in = True
+        else:
+            # authentication via HTTP only
+            auth = request.authorization
+            if auth is not None:
+                user = User.query.filter(
+                        User.nickname == auth.username).first()
+                if user and user.check_password(auth.password) \
+                        and user.activation_key == "":
+                    g.user = user
+                    logged_in = True
+        if logged_in:
+            return func(*args, **kwargs)
+        raise Unauthorized({'WWWAuthenticate': 'Basic realm="Login Required"'})
+    return wrapper
+
+
+def to_response(func):
+    """Will cast results of func as a result, and try to extract
+    a status_code for the Response object"""
+    def wrapper(*args, **kwargs):
+        status_code = 200
+        result = func(*args, **kwargs)
+        if isinstance(result, Response):
+            return result
+        elif isinstance(result, tuple):
+            result, status_code = result
+        return Response(json.dumps(result, default=default_handler),
+                        status=status_code)
+    return wrapper
+
+
+class PyAggAbstractResource(Resource):
+    method_decorators = [authenticate, to_response]
+    attrs = {}
+    to_date = []  # list of fields to cast to datetime
+
+    def __init__(self, *args, **kwargs):
+        super(PyAggAbstractResource, self).__init__(*args, **kwargs)
+
+    @property
+    def controller(self):
+        return self.controller_cls(getattr(g.user, 'id', None))
+
+    @property
+    def wider_controller(self):
+        if g.user.is_admin():
+            return self.controller_cls()
+        return self.controller_cls(getattr(g.user, 'id', None))
+
+    def reqparse_args(self, req=None, strict=False, default=True, args=None):
+        """
+        strict: bool
+            if True will throw 400 error if args are defined and not in request
+        default: bool
+            if True, won't return defaults
+        args: dict
+            the args to parse, if None, self.attrs will be used
+        """
+        parser = reqparse.RequestParser()
+        for attr_name, attrs in (args or self.attrs).items():
+            if attrs.pop('force_default', False):
+                parser.add_argument(attr_name, location='json', **attrs)
+            elif not default and (not request.json
+                    or request.json and attr_name not in request.json):
+                continue
+            else:
+                parser.add_argument(attr_name, location='json', **attrs)
+        parsed = parser.parse_args(strict=strict) if req is None \
+                else parser.parse_args(req, strict=strict)
+        for field in self.to_date:
+            if parsed.get(field):
+                try:
+                    parsed[field] = dateutil.parser.parse(parsed[field])
+                except Exception:
+                    logger.exception('failed to parse %r', parsed[field])
+        return parsed
+
+
+class PyAggResourceNew(PyAggAbstractResource):
+
+    def post(self):
+        """Create a single new object"""
+        return self.controller.create(**self.reqparse_args()), 201
+
+
+class PyAggResourceExisting(PyAggAbstractResource):
+
+    def get(self, obj_id=None):
+        """Retreive a single object"""
+        return self.controller.get(id=obj_id)
+
+    def put(self, obj_id=None):
+        """update an object, new attrs should be passed in the payload"""
+        args = self.reqparse_args(default=False)
+        new_values = {key: args[key] for key in
+                      set(args).intersection(self.attrs)}
+        if 'user_id' in new_values and g.user.is_admin():
+            controller = self.wider_controller
+        else:
+            controller = self.controller
+        return controller.update({'id': obj_id}, new_values), 200
+
+    def delete(self, obj_id=None):
+        """delete a object"""
+        self.controller.delete(obj_id)
+        return None, 204
+
+
+class PyAggResourceMulti(PyAggAbstractResource):
+
+    def get(self):
+        """retrieve several objects. filters can be set in the payload on the
+        different fields of the object, and a limit can be set in there as well
+        """
+        try:
+            limit = request.json.pop('limit', 10)
+            order_by = request.json.pop('order_by', None)
+            query = self.controller.read(**request.json)
+        except:
+            args = {}
+            for k, v in request.args.items():
+                if k in self.attrs.keys():
+                    if self.attrs[k]['type'] in [bool, int]:
+                        args[k] = ast.literal_eval(v)
+                    else:
+                        args[k] = v
+            limit = request.args.get('limit', 10)
+            order_by = request.args.get('order_by', None)
+            query = self.controller.read(**args)
+        if order_by:
+            query = query.order_by(order_by)
+        if limit:
+            query = query.limit(limit)
+        return [res for res in query]
+
+    def post(self):
+        """creating several objects. payload should be a list of dict.
+        """
+        if 'application/json' not in request.headers.get('Content-Type'):
+            raise BadRequest("Content-Type must be application/json")
+        status = 201
+        results = []
+        for attrs in request.json:
+            try:
+                results.append(self.controller.create(**attrs).id)
+            except Exception as error:
+                status = 206
+                results.append(str(error))
+        # if no operation succeded, it's not partial anymore, returning err 500
+        if status == 206 and results.count('ok') == 0:
+            status = 500
+        return results, status
+
+    def put(self):
+        """creating several objects. payload should be:
+        >>> payload
+        [[obj_id1, {attr1: val1, attr2: val2}]
+         [obj_id2, {attr1: val1, attr2: val2}]]
+        """
+        if 'application/json' not in request.headers.get('Content-Type'):
+            raise BadRequest("Content-Type must be application/json")
+        status = 200
+        results = []
+        for obj_id, attrs in request.json:
+            try:
+                new_values = {key: attrs[key] for key in
+                              set(attrs).intersection(self.attrs)}
+                self.controller.update({'id': obj_id}, new_values)
+                results.append('ok')
+            except Exception as error:
+                status = 206
+                results.append(str(error))
+        # if no operation succeded, it's not partial anymore, returning err 500
+        if status == 206 and results.count('ok') == 0:
+            status = 500
+        return results, status
+
+    def delete(self):
+        """will delete several objects,
+        a list of their ids should be in the payload"""
+        if 'application/json' not in request.headers.get('Content-Type'):
+            raise BadRequest("Content-Type must be application/json")
+        status = 204
+        results = []
+        for obj_id in request.json:
+            try:
+                self.controller.delete(obj_id)
+                results.append('ok')
+            except Exception as error:
+                status = 206
+                results.append(error)
+        # if no operation succeded, it's not partial anymore, returning err 500
+        if status == 206 and results.count('ok') == 0:
+            status = 500
+        return results, status
diff --git a/web/views/api/feed.py b/web/views/api/feed.py
new file mode 100644
index 00000000..2bb9814f
--- /dev/null
+++ b/web/views/api/feed.py
@@ -0,0 +1,69 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -
+
+from flask import g
+
+from web.controllers.feed import (FeedController,
+                                           DEFAULT_MAX_ERROR,
+                                           DEFAULT_LIMIT,
+                                           DEFAULT_REFRESH_RATE)
+
+from web.views.api.common import PyAggAbstractResource, \
+                                          PyAggResourceNew, \
+                                          PyAggResourceExisting, \
+                                          PyAggResourceMulti
+
+FEED_ATTRS = {'title': {'type': str},
+              'description': {'type': str},
+              'link': {'type': str},
+              'user_id': {'type': int},
+              'site_link': {'type': str},
+              'enabled': {'type': bool, 'default': True},
+              'etag': {'type': str, 'default': ''},
+              'icon_url': {'type': str, 'default': ''},
+              'last_modified': {'type': str},
+              'last_retrieved': {'type': str},
+              'last_error': {'type': str},
+              'error_count': {'type': int, 'default': 0}}
+
+class FeedNewAPI(PyAggResourceNew):
+    controller_cls = FeedController
+    attrs = FEED_ATTRS
+    to_date = ['date', 'last_retrieved']
+
+class FeedAPI(PyAggResourceExisting):
+    controller_cls = FeedController
+    attrs = FEED_ATTRS
+    to_date = ['date', 'last_retrieved']
+
+class FeedsAPI(PyAggResourceMulti):
+    controller_cls = FeedController
+    attrs = FEED_ATTRS
+    to_date = ['date', 'last_retrieved']
+
+class FetchableFeedAPI(PyAggAbstractResource):
+    controller_cls = FeedController
+    to_date = ['date', 'last_retrieved']
+    attrs = {'max_error': {'type': int, 'default': DEFAULT_MAX_ERROR},
+             'limit': {'type': int, 'default': DEFAULT_LIMIT},
+             'refresh_rate': {'type': int, 'default': DEFAULT_REFRESH_RATE},
+             'retreive_all': {'type': bool, 'default': False}}
+
+    def get(self):
+        args = self.reqparse_args()
+        if g.user.refresh_rate:
+            args['refresh_rate'] = g.user.refresh_rate
+
+        if args.pop('retreive_all', False):
+            contr = self.wider_controller
+        else:
+            contr = self.controller
+        result = [feed for feed in contr.list_fetchable(**args)]
+        return result or None, 200 if result else 204
+
+
+g.api.add_resource(FeedNewAPI, '/feed', endpoint='feed_new.json')
+g.api.add_resource(FeedAPI, '/feed/<int:obj_id>', endpoint='feed.json')
+g.api.add_resource(FeedsAPI, '/feeds', endpoint='feeds.json')
+g.api.add_resource(FetchableFeedAPI, '/feeds/fetchable',
+                   endpoint='fetchable_feed.json')
diff --git a/web/views/article.py b/web/views/article.py
new file mode 100644
index 00000000..bb914a6b
--- /dev/null
+++ b/web/views/article.py
@@ -0,0 +1,40 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -
+
+from flask import Blueprint, g, render_template, redirect
+
+from web import controllers, utils
+from web.lib.view_utils import etag_match
+from web.decorators import pyagg_default_decorator
+
+articles_bp = Blueprint('articles', __name__, url_prefix='/articles')
+article_bp = Blueprint('article', __name__, url_prefix='/article')
+
+
+@article_bp.route('/redirect/<int:article_id>', methods=['GET'])
+@pyagg_default_decorator
+def redirect_to_article(article_id):
+    article = controllers.ArticleController(g.user.id).get(id=article_id)
+    return redirect(article.link)
+
+
+@article_bp.route('/<int:article_id>', methods=['GET'])
+@pyagg_default_decorator
+@etag_match
+def article(article_id=None):
+    """
+    Presents the content of an article.
+    """
+    article = controllers.ArticleController(g.user.id).get(id=article_id)
+    previous_article = article.previous_article()
+    if previous_article is None:
+        previous_article = article.source.articles[0]
+    next_article = article.next_article()
+    if next_article is None:
+        next_article = article.source.articles[-1]
+
+    return render_template('article.html',
+                           head_titles=[utils.clear_string(article.title)],
+                           article=article,
+                           previous_article=previous_article,
+                           next_article=next_article)
diff --git a/web/views/feed.py b/web/views/feed.py
new file mode 100644
index 00000000..2a9b2da8
--- /dev/null
+++ b/web/views/feed.py
@@ -0,0 +1,207 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -
+import base64
+import requests.exceptions
+from hashlib import md5
+from datetime import datetime, timedelta
+from sqlalchemy import desc
+from werkzeug.exceptions import BadRequest
+
+from flask import Blueprint, g, render_template, flash, \
+                  redirect, request, url_for, Response
+from flask.ext.babel import gettext
+from flask.ext.login import login_required
+
+import conf
+from web import utils
+from web.lib.view_utils import etag_match
+from web.lib.feed_utils import construct_feed_from
+from web.forms import AddFeedForm
+from web.controllers import FeedController, ArticleController
+
+feeds_bp = Blueprint('feeds', __name__, url_prefix='/feeds')
+feed_bp = Blueprint('feed', __name__, url_prefix='/feed')
+
+
+@feeds_bp.route('/', methods=['GET'])
+@login_required
+@etag_match
+def feeds():
+    "Lists the subscribed  feeds in a table."
+    art_contr = ArticleController(g.user.id)
+    return render_template('feeds.html',
+            feeds=FeedController(g.user.id).read(),
+            unread_article_count=art_contr.count_by_feed(readed=False),
+            article_count=art_contr.count_by_feed())
+
+
+@feed_bp.route('/<int:feed_id>', methods=['GET'])
+@login_required
+@etag_match
+def feed(feed_id=None):
+    "Presents detailed information about a feed."
+    feed = FeedController(g.user.id).get(id=feed_id)
+    word_size = 6
+    articles = ArticleController(g.user.id) \
+            .read(feed_id=feed_id) \
+            .order_by(desc("Article.date")).all()
+    top_words = utils.top_words(articles, n=50, size=int(word_size))
+    tag_cloud = utils.tag_cloud(top_words)
+
+    today = datetime.now()
+    try:
+        last_article = articles[0].date
+        first_article = articles[-1].date
+        delta = last_article - first_article
+        average = round(float(len(articles)) / abs(delta.days), 2)
+    except:
+        last_article = datetime.fromtimestamp(0)
+        first_article = datetime.fromtimestamp(0)
+        delta = last_article - first_article
+        average = 0
+    elapsed = today - last_article
+
+    return render_template('feed.html',
+                           head_titles=[utils.clear_string(feed.title)],
+                           feed=feed, tag_cloud=tag_cloud,
+                           first_post_date=first_article,
+                           end_post_date=last_article,
+                           average=average, delta=delta, elapsed=elapsed)
+
+
+@feed_bp.route('/delete/<feed_id>', methods=['GET'])
+@login_required
+def delete(feed_id=None):
+    feed_contr = FeedController(g.user.id)
+    feed = feed_contr.get(id=feed_id)
+    feed_contr.delete(feed_id)
+    flash(gettext("Feed %(feed_title)s successfully deleted.",
+                  feed_title=feed.title), 'success')
+    return redirect(url_for('home'))
+
+
+@feed_bp.route('/reset_errors/<int:feed_id>', methods=['GET', 'POST'])
+@login_required
+def reset_errors(feed_id):
+    feed_contr = FeedController(g.user.id)
+    feed = feed_contr.get(id=feed_id)
+    feed_contr.update({'id': feed_id}, {'error_count': 0, 'last_error': ''})
+    flash(gettext('Feed %(feed_title)r successfully updated.',
+                  feed_title=feed.title), 'success')
+    return redirect(request.referrer or url_for('home'))
+
+
+@feed_bp.route('/bookmarklet', methods=['GET'])
+@login_required
+def bookmarklet():
+    feed_contr = FeedController(g.user.id)
+    url = request.args.get('url', None)
+    if not url:
+        flash(gettext("Couldn't add feed: url missing."), "error")
+        raise BadRequest("url is missing")
+
+    feed_exists = list(feed_contr.read(__or__={'link': url, 'site_link': url}))
+    if feed_exists:
+        flash(gettext("Couldn't add feed: feed already exists."),
+                "warning")
+        return redirect(url_for('feed.form', feed_id=feed_exists[0].id))
+
+    try:
+        feed = construct_feed_from(url)
+    except requests.exceptions.ConnectionError:
+        flash(gettext("Impossible to connect to the address: {}.".format(url)),
+              "danger")
+        return redirect(url_for('home'))
+    if not feed.get('link'):
+        feed['enabled'] = False
+        flash(gettext("Couldn't find a feed url, you'll need to find a Atom or"
+                      " RSS link manually and reactivate this feed"),
+              'warning')
+    feed = feed_contr.create(**feed)
+    flash(gettext('Feed was successfully created.'), 'success')
+    if feed.enabled and conf.CRAWLING_METHOD == "classic":
+        utils.fetch(g.user.id, feed.id)
+        flash(gettext("Downloading articles for the new feed..."), 'info')
+    return redirect(url_for('feed.form', feed_id=feed.id))
+
+
+@feed_bp.route('/update/<action>/<int:feed_id>', methods=['GET', 'POST'])
+@feeds_bp.route('/update/<action>', methods=['GET', 'POST'])
+@login_required
+def update(action, feed_id=None):
+    readed = action == 'read'
+    filters = {'readed__ne': readed}
+
+    nb_days = request.args.get('nb_days', 0, type=int)
+    if nb_days != 0:
+        filters['date__lt'] = datetime.now() - timedelta(days=nb_days)
+
+    if feed_id:
+        filters['feed_id'] = feed_id
+    ArticleController(g.user.id).update(filters, {'readed': readed})
+    flash(gettext('Feed successfully updated.'), 'success')
+    return redirect(request.referrer or url_for('home'))
+
+
+@feed_bp.route('/create', methods=['GET'])
+@feed_bp.route('/edit/<int:feed_id>', methods=['GET'])
+@login_required
+@etag_match
+def form(feed_id=None):
+    action = gettext("Add a feed")
+    head_titles = [action]
+    if feed_id is None:
+        return render_template('edit_feed.html', action=action,
+                               head_titles=head_titles, form=AddFeedForm())
+    feed = FeedController(g.user.id).get(id=feed_id)
+    action = gettext('Edit feed')
+    head_titles = [action]
+    if feed.title:
+        head_titles.append(feed.title)
+    return render_template('edit_feed.html', action=action,
+                           head_titles=head_titles,
+                           form=AddFeedForm(obj=feed), feed=feed)
+
+
+@feed_bp.route('/create', methods=['POST'])
+@feed_bp.route('/edit/<int:feed_id>', methods=['POST'])
+@login_required
+def process_form(feed_id=None):
+    form = AddFeedForm()
+    feed_contr = FeedController(g.user.id)
+
+    if not form.validate():
+        return render_template('edit_feed.html', form=form)
+    existing_feeds = list(feed_contr.read(link=form.link.data))
+    if existing_feeds and feed_id is None:
+        flash(gettext("Couldn't add feed: feed already exists."), "warning")
+        return redirect(url_for('feed.form', feed_id=existing_feeds[0].id))
+    # Edit an existing feed
+    feed_attr = {'title': form.title.data, 'enabled': form.enabled.data,
+                 'link': form.link.data, 'site_link': form.site_link.data,
+                 'filters': []}
+
+    for filter_attr in ('type', 'pattern', 'action on', 'action'):
+        for i, value in enumerate(
+                request.form.getlist(filter_attr.replace(' ', '_'))):
+            if i >= len(feed_attr['filters']):
+                feed_attr['filters'].append({})
+            feed_attr['filters'][i][filter_attr] = value
+
+    if feed_id is not None:
+        feed_contr.update({'id': feed_id}, feed_attr)
+        flash(gettext('Feed %(feed_title)r successfully updated.',
+                      feed_title=feed_attr['title']), 'success')
+        return redirect(url_for('feed.form', feed_id=feed_id))
+
+    # Create a new feed
+    new_feed = FeedController(g.user.id).create(**feed_attr)
+
+    flash(gettext('Feed %(feed_title)r successfully created.',
+                  feed_title=new_feed.title), 'success')
+
+    if conf.CRAWLING_METHOD == "classic":
+        utils.fetch(g.user.id, new_feed.id)
+        flash(gettext("Downloading articles for the new feed..."), 'info')
+
+    return redirect(url_for('feed.form', feed_id=new_feed.id))
diff --git a/web/views/icon.py b/web/views/icon.py
new file mode 100644
index 00000000..895b4740
--- /dev/null
+++ b/web/views/icon.py
@@ -0,0 +1,14 @@
+import base64
+from flask import Blueprint, Response, request
+from web.controllers import IconController
+from web.lib.view_utils import etag_match
+
+icon_bp = Blueprint('icon', __name__, url_prefix='/icon')
+
+@icon_bp.route('/', methods=['GET'])
+@etag_match
+def icon():
+    icon = IconController().get(url=request.args['url'])
+    headers = {'Cache-Control': 'max-age=86400',
+               'Content-Type': icon.mimetype}
+    return Response(base64.b64decode(icon.content), headers=headers)
diff --git a/web/views/views.py b/web/views/views.py
new file mode 100644
index 00000000..ed4ae8a7
--- /dev/null
+++ b/web/views/views.py
@@ -0,0 +1,798 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -*-
+
+# jarr - A Web based news aggregator.
+# Copyright (C) 2010-2015  Cédric Bonhomme - https://www.JARR-aggregator.org
+#
+# For more information : https://github.com/JARR-aggregator/JARR
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+__author__ = "Cedric Bonhomme"
+__version__ = "$Revision: 5.3 $"
+__date__ = "$Date: 2010/01/29 $"
+__revision__ = "$Date: 2014/08/27 $"
+__copyright__ = "Copyright (c) Cedric Bonhomme"
+__license__ = "AGPLv3"
+
+import os
+import string
+import random
+import hashlib
+import logging
+import datetime
+from collections import OrderedDict
+
+from bootstrap import application as app, db
+from flask import render_template, request, flash, session, \
+                  url_for, redirect, g, current_app, make_response
+from flask.ext.login import LoginManager, login_user, logout_user, \
+                            login_required, current_user, AnonymousUserMixin, \
+                            login_url
+from flask.ext.principal import Principal, Identity, AnonymousIdentity, \
+                                identity_changed, identity_loaded, Permission,\
+                                RoleNeed, UserNeed
+from flask.ext.babel import gettext
+from sqlalchemy import or_, and_
+from sqlalchemy.exc import IntegrityError
+from werkzeug import generate_password_hash
+
+import conf
+from web import utils, notifications, export
+from web.lib.view_utils import etag_match
+from web.models import User, Feed, Article, Role
+from web.decorators import feed_access_required
+from web.forms import SignupForm, SigninForm, InformationMessageForm,\
+                    ProfileForm, UserForm, RecoverPasswordForm \
+
+from web.controllers import UserController, FeedController, \
+                                     ArticleController
+
+
+Principal(app)
+# Create a permission with a single Need, in this case a RoleNeed.
+admin_permission = Permission(RoleNeed('admin'))
+
+login_manager = LoginManager()
+login_manager.init_app(app)
+login_manager.login_message = gettext('Authentication required.')
+login_manager.login_message_category = "info"
+login_manager.login_view = 'login'
+
+logger = logging.getLogger(__name__)
+
+#
+# Management of the user's session.
+#
+@identity_loaded.connect_via(app)
+def on_identity_loaded(sender, identity):
+    # Set the identity user object
+    identity.user = current_user
+
+    # Add the UserNeed to the identity
+    if hasattr(current_user, 'id'):
+        identity.provides.add(UserNeed(current_user.id))
+
+    # Assuming the User model has a list of roles, update the
+    # identity with the roles that the user provides
+    if hasattr(current_user, 'roles'):
+        for role in current_user.roles:
+            identity.provides.add(RoleNeed(role.name))
+
+@app.before_request
+def before_request():
+    g.user = current_user
+    if g.user.is_authenticated:
+        g.user.last_seen = datetime.datetime.utcnow()
+        db.session.add(g.user)
+        db.session.commit()
+
+@login_manager.user_loader
+def load_user(id):
+    # Return an instance of the User model
+    return UserController().get(id=id)
+
+#
+# Custom error pages.
+#
+@app.errorhandler(401)
+def authentication_required(e):
+    flash(gettext('Authentication required.'), 'info')
+    return redirect(url_for('login'))
+
+@app.errorhandler(403)
+def authentication_failed(e):
+    flash(gettext('Forbidden.'), 'danger')
+    return redirect(url_for('login'))
+
+@app.errorhandler(404)
+def page_not_found(e):
+    return render_template('errors/404.html'), 404
+
+@app.errorhandler(500)
+def internal_server_error(e):
+    return render_template('errors/500.html'), 500
+
+
+def redirect_url(default='home'):
+    return request.args.get('next') or \
+            request.referrer or \
+            url_for(default)
+
+@g.babel.localeselector
+def get_locale():
+    """
+    Called before each request to give us a chance to choose
+    the language to use when producing its response.
+    """
+    return request.accept_languages.best_match(conf.LANGUAGES.keys())
+
+@g.babel.timezoneselector
+def get_timezone():
+    try:
+        return conf.TIME_ZONE[get_locale()]
+    except:
+        return conf.TIME_ZONE["en"]
+
+#
+# Views.
+#
+@app.route('/login', methods=['GET', 'POST'])
+def login():
+    """
+    Log in view.
+    """
+    if g.user is not None and g.user.is_authenticated:
+        return redirect(url_for('home'))
+    g.user = AnonymousUserMixin()
+    form = SigninForm()
+    if form.validate_on_submit():
+        user = UserController().get(email=form.email.data)
+        login_user(user)
+        g.user = user
+        session['email'] = form.email.data
+        identity_changed.send(current_app._get_current_object(),
+                              identity=Identity(user.id))
+        return form.redirect('home')
+    return render_template('login.html', form=form)
+
+@app.route('/logout')
+@login_required
+def logout():
+    """
+    Log out view. Removes the user information from the session.
+    """
+    session.pop('email', None)
+
+    # Remove the user information from the session
+    logout_user()
+
+    # Remove session keys set by Flask-Principal
+    for key in ('identity.name', 'identity.auth_type'):
+        session.pop(key, None)
+
+    # Tell Flask-Principal the user is anonymous
+    identity_changed.send(current_app._get_current_object(),
+                          identity=AnonymousIdentity())
+
+    flash(gettext("Logged out successfully."), 'success')
+    return redirect(url_for('login'))
+
+@app.route('/signup', methods=['GET', 'POST'])
+def signup():
+    """
+    Signup page.
+    """
+    if int(os.environ.get("SELF_REGISTRATION", 0)) != 1:
+        flash(gettext("Self-registration is disabled."), 'warning')
+        return redirect(url_for('home'))
+    if g.user is not None and g.user.is_authenticated:
+        return redirect(url_for('home'))
+
+    form = SignupForm()
+
+    if form.validate_on_submit():
+        role_user = Role.query.filter(Role.name == "user").first()
+        user = User(nickname=form.nickname.data,
+                    email=form.email.data,
+                    pwdhash=generate_password_hash(form.password.data))
+        user.roles = [role_user]
+        db.session.add(user)
+        try:
+            db.session.commit()
+        except IntegrityError:
+            flash(gettext('Email already used.'), 'warning')
+            return render_template('signup.html', form=form)
+
+        # Send the confirmation email
+        try:
+            notifications.new_account_notification(user)
+        except Exception as error:
+            flash(gettext('Problem while sending activation email: %(error)s',
+                          error=error), 'danger')
+            return redirect(url_for('home'))
+
+        flash(gettext('Your account has been created. '
+                      'Check your mail to confirm it.'), 'success')
+        return redirect(url_for('home'))
+
+    return render_template('signup.html', form=form)
+
+
+@etag_match
+def render_home(filters=None, head_titles=None,
+                page_to_render='home', **kwargs):
+    if filters is None:
+        filters = {}
+    if head_titles is None:
+        head_titles = []
+    feed_contr = FeedController(g.user.id)
+    arti_contr = ArticleController(g.user.id)
+    feeds = {feed.id: feed.title for feed in feed_contr.read()}
+
+    in_error = {feed.id: feed.error_count for feed in
+                feed_contr.read(error_count__gt=2)}
+
+    filter_ = request.args.get('filter_',
+                               'unread' if page_to_render == 'home' else 'all')
+    sort_ = request.args.get('sort_', 'date')
+    feed_id = int(request.args.get('feed_id', 0))
+    limit = request.args.get('limit', 1000)
+
+    if filter_ != 'all':
+        filters['readed'] = filter_ == 'read'
+    if feed_id:
+        filters['feed_id'] = feed_id
+        head_titles.append(feed_contr.get(id=feed_id).title)
+
+    sort_param = {"feed": Feed.title.desc(),
+                  "date": Article.date.desc(),
+                  "article": Article.title.desc(),
+                  "-feed": Feed.title.asc(),
+                  "-date": Article.date.asc(),
+                  "-article": Article.title.asc()
+                  }.get(sort_, Article.date.desc())
+
+    articles = arti_contr.read(**filters).join(Article.source). \
+                                            order_by(sort_param)
+    if limit != 'all':
+        limit = int(limit)
+        articles = articles.limit(limit)
+
+    def gen_url(filter_=filter_, sort_=sort_, limit=limit, feed_id=feed_id,
+                **kwargs):
+        o_kwargs = OrderedDict()
+        for key in sorted(kwargs):
+            o_kwargs[key] = kwargs[key]
+        if page_to_render == 'search':
+            o_kwargs['query'] = request.args.get('query', '')
+            o_kwargs['search_title'] = request.args.get('search_title', 'off')
+            o_kwargs['search_content'] = request.args.get(
+                    'search_content', 'off')
+            # if nor title and content are selected, selecting title
+            if o_kwargs['search_title'] == o_kwargs['search_content'] == 'off':
+                o_kwargs['search_title'] = 'on'
+        o_kwargs['filter_'] = filter_
+        o_kwargs['sort_'] = sort_
+        o_kwargs['limit'] = limit
+        o_kwargs['feed_id'] = feed_id
+        return url_for(page_to_render, **o_kwargs)
+
+    articles = list(articles)
+    if (page_to_render == 'home' and feed_id or page_to_render == 'search') \
+            and filter_ != 'all' and not articles:
+        return redirect(gen_url(filter_='all'))
+
+    return render_template('home.html', gen_url=gen_url,
+                           feed_id=feed_id, page_to_render=page_to_render,
+                           filter_=filter_, limit=limit, feeds=feeds,
+                           unread=arti_contr.count_by_feed(readed=False),
+                           articles=articles, in_error=in_error,
+                           head_titles=head_titles, sort_=sort_, **kwargs)
+
+
+@app.route('/')
+@login_required
+def home():
+    "Home page for connected users. Displays by default unread articles."
+    return render_home()
+
+
+@app.route('/favorites')
+@login_required
+def favorites():
+    return render_home({'like': True}, [gettext('Favorites')], 'favorites')
+
+
+@app.route('/search', methods=['GET'])
+@login_required
+def search():
+    "Search articles corresponding to the query."
+    if 'query' not in request.args:
+        flash(gettext("No text to search were provided."), "warning")
+        return render_home()
+    query = request.args['query']
+    filters = {}
+    search_title = request.args.get('search_title', 'off')
+    search_content = request.args.get('search_content', 'off')
+    if search_title == 'on':
+        filters['title__ilike'] = "%%%s%%" % query
+    if search_content == 'on':
+        filters['content__ilike'] = "%%%s%%" % query
+    if len(filters) == 0:
+        search_title = 'on'
+        filters['title__ilike'] = "%%%s%%" % query
+    if len(filters) > 1:
+        filters = {"__or__": filters}
+    return render_home(filters, ["%s %s" % (gettext('Search:'), query)],
+                       'search', search_query=query, search_title=search_title,
+                       search_content=search_content)
+
+
+@app.route('/fetch', methods=['GET'])
+@app.route('/fetch/<int:feed_id>', methods=['GET'])
+@login_required
+def fetch(feed_id=None):
+    """
+    Triggers the download of news.
+    News are downloaded in a separated process, mandatory for Heroku.
+    """
+    if conf.CRAWLING_METHOD == "classic" \
+            and (not conf.ON_HEROKU or g.user.is_admin()):
+        utils.fetch(g.user.id, feed_id)
+        flash(gettext("Downloading articles..."), "info")
+    else:
+        flash(gettext("The manual retrieving of news is only available " +
+                      "for administrator, on the Heroku platform."), "info")
+    return redirect(redirect_url())
+
+
+@app.route('/about', methods=['GET'])
+@etag_match
+def about():
+    """
+    'About' page.
+    """
+    return render_template('about.html')
+
+
+@app.route('/mark_as/<string:new_value>', methods=['GET'])
+@app.route('/mark_as/<string:new_value>/article/<int:article_id>', methods=['GET'])
+@login_required
+@feed_access_required
+def mark_as(new_value='read', feed_id=None, article_id=None):
+    """
+    Mark all unreaded articles as read.
+    """
+    readed = new_value == 'read'
+    articles = Article.query.filter(Article.user_id == g.user.id)
+    if feed_id is not None:
+        articles = articles.filter(Article.feed_id == feed_id)
+        message = 'Feed marked as %s.'
+    elif article_id is not None:
+        articles = articles.filter(Article.id == article_id)
+        message = 'Article marked as %s.'
+    else:
+        message = 'All article marked as %s.'
+    articles.filter(Article.readed == (not readed)).update({"readed": readed})
+    flash(gettext(message % new_value), 'info')
+    db.session.commit()
+    if readed:
+        return redirect(redirect_url())
+    return redirect(url_for('home'))
+
+@app.route('/like/<int:article_id>', methods=['GET'])
+@login_required
+def like(article_id=None):
+    """
+    Mark or unmark an article as favorites.
+    """
+    Article.query.filter(Article.user_id == g.user.id, Article.id == article_id). \
+                update({
+                        "like": not Article.query.filter(Article.id == article_id).first().like
+                       })
+    db.session.commit()
+    return redirect(redirect_url())
+
+@app.route('/delete/<int:article_id>', methods=['GET'])
+@login_required
+def delete(article_id=None):
+    """
+    Delete an article from the database.
+    """
+    article = Article.query.filter(Article.id == article_id).first()
+    if article is not None and article.source.subscriber.id == g.user.id:
+        db.session.delete(article)
+        db.session.commit()
+        flash(gettext('Article') + ' ' + article.title + ' ' + gettext('deleted.'), 'success')
+        return redirect(redirect_url())
+    else:
+        flash(gettext('This article do not exist.'), 'danger')
+        return redirect(url_for('home'))
+
+
+@app.route('/inactives', methods=['GET'])
+@login_required
+def inactives():
+    """
+    List of inactive feeds.
+    """
+    nb_days = int(request.args.get('nb_days', 365))
+    user = UserController(g.user.id).get(email=g.user.email)
+    today = datetime.datetime.now()
+    inactives = []
+    for feed in user.feeds:
+        try:
+            last_post = feed.articles[0].date
+        except IndexError:
+            continue
+        elapsed = today - last_post
+        if elapsed > datetime.timedelta(days=nb_days):
+            inactives.append((feed, elapsed))
+    inactives.sort(key=lambda tup: tup[1], reverse=True)
+    return render_template('inactives.html', inactives=inactives, nb_days=nb_days)
+
+@app.route('/duplicates/<int:feed_id>', methods=['GET'])
+@login_required
+def duplicates(feed_id=None):
+    """
+    Return duplicates article for a feed.
+    """
+    feed = Feed.query.filter(Feed.user_id == g.user.id, Feed.id == feed_id).first()
+    duplicates = []
+    duplicates = utils.compare_documents(feed)
+    if len(duplicates) == 0:
+        flash(gettext('No duplicates in the feed "{}".').format(feed.title),
+                'info')
+        return redirect(redirect_url())
+    return render_template('duplicates.html', duplicates=duplicates, feed=feed)
+
+@app.route('/export', methods=['GET'])
+@login_required
+def export_articles():
+    """
+    Export all articles to HTML or JSON.
+    """
+    user = UserController(g.user.id).get(id=g.user.id)
+    if request.args.get('format') == "HTML":
+        # Export to HTML
+        try:
+            archive_file, archive_file_name = export.export_html(user)
+        except:
+            flash(gettext("Error when exporting articles."), 'danger')
+            return redirect(redirect_url())
+        response = make_response(archive_file)
+        response.headers['Content-Type'] = 'application/x-compressed'
+        response.headers['Content-Disposition'] = 'attachment; filename=%s' \
+                % archive_file_name
+    elif request.args.get('format') == "JSON":
+        # Export to JSON
+        try:
+            json_result = export.export_json(user)
+        except:
+            flash(gettext("Error when exporting articles."), 'danger')
+            return redirect(redirect_url())
+        response = make_response(json_result)
+        response.mimetype = 'application/json'
+        response.headers["Content-Disposition"] = 'attachment; filename=account.json'
+    else:
+        flash(gettext('Export format not supported.'), 'warning')
+        return redirect(redirect_url())
+    return response
+
+@app.route('/export_opml', methods=['GET'])
+@login_required
+def export_opml():
+    """
+    Export all feeds to OPML.
+    """
+    user = UserController(g.user.id).get(id=g.user.id)
+    response = make_response(render_template('opml.xml', user=user,
+                                             now=datetime.datetime.now()))
+    response.headers['Content-Type'] = 'application/xml'
+    response.headers['Content-Disposition'] = 'attachment; filename=feeds.opml'
+    return response
+
+
+@app.route('/management', methods=['GET', 'POST'])
+@login_required
+def management():
+    """
+    Display the management page.
+    """
+    if request.method == 'POST':
+        if None != request.files.get('opmlfile', None):
+            # Import an OPML file
+            data = request.files.get('opmlfile', None)
+            if not utils.allowed_file(data.filename):
+                flash(gettext('File not allowed.'), 'danger')
+            else:
+                try:
+                    nb = utils.import_opml(g.user.email, data.read())
+                    if conf.CRAWLING_METHOD == "classic":
+                        utils.fetch(g.user.email, None)
+                        flash(str(nb) + '  ' + gettext('feeds imported.'),
+                                "success")
+                        flash(gettext("Downloading articles..."), 'info')
+                except:
+                    flash(gettext("Impossible to import the new feeds."),
+                            "danger")
+        elif None != request.files.get('jsonfile', None):
+            # Import an account
+            data = request.files.get('jsonfile', None)
+            if not utils.allowed_file(data.filename):
+                flash(gettext('File not allowed.'), 'danger')
+            else:
+                try:
+                    nb = utils.import_json(g.user.email, data.read())
+                    flash(gettext('Account imported.'), "success")
+                except:
+                    flash(gettext("Impossible to import the account."),
+                            "danger")
+        else:
+            flash(gettext('File not allowed.'), 'danger')
+
+    nb_feeds = len(g.user.feeds.all())
+    articles = Article.query.filter(Article.user_id == g.user.id)
+    nb_articles = articles.count()
+    nb_unread_articles = articles.filter(Article.readed == False).count()
+    return render_template('management.html', user=g.user,
+                            nb_feeds=nb_feeds, nb_articles=nb_articles,
+                            nb_unread_articles=nb_unread_articles)
+
+@app.route('/history', methods=['GET'])
+@app.route('/history/<int:year>', methods=['GET'])
+@app.route('/history/<int:year>/<int:month>', methods=['GET'])
+@login_required
+def history(year=None, month=None):
+    articles_counter, articles = utils.history(g.user.id, year, month)
+    return render_template('history.html',
+                            articles_counter=articles_counter,
+                            articles=articles,
+                            year=year, month=month)
+
+
+@app.route('/profile', methods=['GET', 'POST'])
+@login_required
+def profile():
+    """
+    Edit the profile of the currently logged user.
+    """
+    user = UserController(g.user.id).get(id=g.user.id)
+    form = ProfileForm()
+
+    if request.method == 'POST':
+        if form.validate():
+            form.populate_obj(user)
+            if form.password.data != "":
+                user.set_password(form.password.data)
+            db.session.commit()
+            flash("%s %s %s" % (gettext('User'), user.nickname,
+                                gettext('successfully updated.')),
+                  'success')
+            return redirect(url_for('profile'))
+        else:
+            return render_template('profile.html', user=user, form=form)
+
+    if request.method == 'GET':
+        form = ProfileForm(obj=user)
+        return render_template('profile.html', user=user, form=form)
+
+@app.route('/delete_account', methods=['GET'])
+@login_required
+def delete_account():
+    """
+    Delete the account of the user (with all its data).
+    """
+    user = UserController(g.user.id).get(id=g.user.id)
+    if user is not None:
+        db.session.delete(user)
+        db.session.commit()
+        flash(gettext('Your account has been deleted.'), 'success')
+    else:
+        flash(gettext('This user does not exist.'), 'danger')
+    return redirect(url_for('login'))
+
+@app.route('/expire_articles', methods=['GET'])
+@login_required
+def expire_articles():
+    """
+    Delete articles older than the given number of weeks.
+    """
+    weeks_ago = datetime.datetime.utcnow() - \
+                datetime.timedelta(weeks=int(request.args.get('weeks', 10)))
+    Article.query.filter(
+                        and_(Article.user_id == g.user.id,
+                                or_(Article.date < weeks_ago,
+                                Article.retrieved_date < weeks_ago))).delete()
+    flash(gettext('Articles deleted.'), 'info')
+    db.session.commit()
+    return redirect(redirect_url())
+
+@app.route('/confirm_account/<string:activation_key>', methods=['GET'])
+def confirm_account(activation_key=None):
+    """
+    Confirm the account of a user.
+    """
+    if activation_key != "":
+        user = User.query.filter(User.activation_key == activation_key).first()
+        if user is not None:
+            user.activation_key = ""
+            db.session.commit()
+            flash(gettext('Your account has been confirmed.'), 'success')
+        else:
+            flash(gettext('Impossible to confirm this account.'), 'danger')
+    return redirect(url_for('login'))
+
+@app.route('/recover', methods=['GET', 'POST'])
+def recover():
+    """
+    Enables the user to recover its account when he has forgotten
+    its password.
+    """
+    form = RecoverPasswordForm()
+
+    if request.method == 'POST':
+        if form.validate():
+            user = User.query.filter(User.email == form.email.data).first()
+            characters = string.ascii_letters + string.digits
+            password = "".join(random.choice(characters) for x in range(random.randint(8, 16)))
+            user.set_password(password)
+            db.session.commit()
+
+            # Send the confirmation email
+            try:
+                notifications.new_password_notification(user, password)
+                flash(gettext('New password sent to your address.'), 'success')
+            except Exception as e:
+                flash(gettext('Problem while sending your new password.') + ': ' + str(e), 'danger')
+
+            return redirect(url_for('login'))
+        return render_template('recover.html', form=form)
+
+    if request.method == 'GET':
+        return render_template('recover.html', form=form)
+
+#
+# Views dedicated to administration tasks.
+#
+@app.route('/admin/dashboard', methods=['GET', 'POST'])
+@login_required
+@admin_permission.require(http_exception=403)
+def dashboard():
+    """
+    Adminstrator's dashboard.
+    """
+    form = InformationMessageForm()
+
+    if request.method == 'POST':
+        if form.validate():
+            try:
+                notifications.information_message(form.subject.data, form.message.data)
+            except Exception as e:
+                flash(gettext('Problem while sending email') + ': ' + str(e), 'danger')
+
+    users = User.query.all()
+    return render_template('admin/dashboard.html', users=users, current_user=g.user, form=form)
+
+@app.route('/admin/create_user', methods=['GET', 'POST'])
+@app.route('/admin/edit_user/<int:user_id>', methods=['GET', 'POST'])
+@login_required
+@admin_permission.require(http_exception=403)
+def create_user(user_id=None):
+    """
+    Create or edit a user.
+    """
+    form = UserForm()
+
+    if request.method == 'POST':
+        if form.validate():
+            role_user = Role.query.filter(Role.name == "user").first()
+            if user_id is not None:
+                # Edit a user
+                user = User.query.filter(User.id == user_id).first()
+                form.populate_obj(user)
+                if form.password.data != "":
+                    user.set_password(form.password.data)
+                db.session.commit()
+                flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully updated.'), 'success')
+            else:
+                # Create a new user
+                user = User(nickname=form.nickname.data,
+                             email=form.email.data,
+                             pwdhash=generate_password_hash(form.password.data))
+                user.roles.extend([role_user])
+                user.activation_key = ""
+                db.session.add(user)
+                db.session.commit()
+                flash("%s %s %s" % (gettext('User'), user.nickname,
+                                    gettext('successfully created.')),
+                      'success')
+            return redirect(url_for('create_user', user_id=user.id))
+        else:
+            return redirect(url_for('create_user'))
+
+    if request.method == 'GET':
+        if user_id is not None:
+            user = User.query.filter(User.id == user_id).first()
+            form = UserForm(obj=user)
+            message = "%s <i>%s</i>" % (gettext('Edit the user'),
+                                        user.nickname)
+        else:
+            form = UserForm()
+            message = gettext('Add a new user')
+        return render_template('/admin/create_user.html',
+                               form=form, message=message)
+
+@app.route('/admin/user/<int:user_id>', methods=['GET'])
+@login_required
+@admin_permission.require(http_exception=403)
+def user(user_id=None):
+    """
+    See information about a user (stations, etc.).
+    """
+    user = UserController().get(id=user_id)
+    if user is not None:
+        article_contr = ArticleController(user_id)
+        return render_template('/admin/user.html', user=user, feeds=user.feeds,
+                article_count=article_contr.count_by_feed(),
+                unread_article_count=article_contr.count_by_feed(readed=False))
+
+    else:
+        flash(gettext('This user does not exist.'), 'danger')
+        return redirect(redirect_url())
+
+@app.route('/admin/delete_user/<int:user_id>', methods=['GET'])
+@login_required
+@admin_permission.require(http_exception=403)
+def delete_user(user_id=None):
+    """
+    Delete a user (with all its data).
+    """
+    user = User.query.filter(User.id == user_id).first()
+    if user is not None:
+        db.session.delete(user)
+        db.session.commit()
+        flash(gettext('User') + ' ' + user.nickname + ' ' + gettext('successfully deleted.'), 'success')
+    else:
+        flash(gettext('This user does not exist.'), 'danger')
+    return redirect(redirect_url())
+
+@app.route('/admin/enable_user/<int:user_id>', methods=['GET'])
+@app.route('/admin/disable_user/<int:user_id>', methods=['GET'])
+@login_required
+@admin_permission.require()
+def disable_user(user_id=None):
+    """
+    Enable or disable the account of a user.
+    """
+    user = User.query.filter(User.id == user_id).first()
+    if user is not None:
+        if user.activation_key != "":
+
+            # Send the confirmation email
+            try:
+                notifications.new_account_activation(user)
+                user.activation_key = ""
+                flash(gettext('Account of the user') + ' ' + user.nickname + ' ' + gettext('successfully activated.'), 'success')
+            except Exception as e:
+                flash(gettext('Problem while sending activation email') + ': ' + str(e), 'danger')
+
+        else:
+            user.activation_key = hashlib.sha512(str(random.getrandbits(256)).encode("utf-8")).hexdigest()[:86]
+            flash(gettext('Account of the user') + ' ' + user.nickname + ' ' + gettext('successfully disabled.'), 'success')
+        db.session.commit()
+    else:
+        flash(gettext('This user does not exist.'), 'danger')
+    return redirect(redirect_url())
-- 
cgit