apps
/
rophako
1
0
Fork 0
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
A Python content management system designed for kirsle.net featuring a blog, comments and photo albums. https://rophako.kirsle.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commitit
1 Haara
609 KiB
 
 
 
 
 
Puu: 80c20ec87b
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '80c20ec87b'
${ noResults }
rophako/rophako/modules/admin.py

183 rivejä
5.0 KiB
Raaka Blame Historia 

  1. # -*- coding: utf-8 -*-

  2. 

  3. """Endpoints for admin functions."""

  4. 

  5. from flask import g, Blueprint, request, redirect, url_for, session, flash

  6. import re

  7. 

  8. import rophako.model.user as User

  9. from rophako.modules.account import validate_create_form

  10. from rophako.utils import template, admin_required

  11. 

  12. mod = Blueprint("admin", __name__, url_prefix="/admin")

  13. 

  14. @mod.route("/")

  15. @admin_required

  16. def index():

  17.     return template("admin/index.html")

  18. 

  19. 

  20. @mod.route("/users")

  21. @admin_required

  22. def users():

  23.     # Get the list of existing users.

  24.     users = User.list_users()

  25. 

  26.     return template("admin/users.html",

  27.         users=users,

  28.     )

  29. 

  30. 

  31. @mod.route("/users/create", methods=["POST"])

  32. @admin_required

  33. def create_user():

  34.     # Submitting the form.

  35.     username = request.form.get("username", "")

  36.     name     = request.form.get("name", "")

  37.     pw1      = request.form.get("password1", "")

  38.     pw2      = request.form.get("password2", "")

  39.     role     = request.form.get("role", "")

  40. 

  41.     # Default name = username.

  42.     if name == "":

  43.         name = username

  44. 

  45.     # Lowercase the user.

  46.     username = username.lower()

  47.     if User.exists(username=username):

  48.         flash("That username already exists.")

  49.         return redirect(url_for(".users"))

  50. 

  51.     # Validate the form.

  52.     errors = validate_create_form(username, pw1, pw2)

  53.     if errors:

  54.         for error in errors:

  55.             flash(error)

  56.         return redirect(url_for(".users"))

  57. 

  58.     # Create the account.

  59.     uid = User.create(

  60.         username=username,

  61.         password=pw1,

  62.         name=name,

  63.         role=role,

  64.     )

  65. 

  66.     flash("User created!")

  67.     return redirect(url_for(".users"))

  68. 

  69. 

  70. @mod.route("/users/edit/<uid>", methods=["GET", "POST"])

  71. @admin_required

  72. def edit_user(uid):

  73.     uid  = int(uid)

  74.     user = User.get_user(uid=uid)

  75. 

  76.     # Submitting?

  77.     if request.method == "POST":

  78.         action   = request.form.get("action", "")

  79.         username = request.form.get("username", "")

  80.         name     = request.form.get("name", "")

  81.         pw1      = request.form.get("password1", "")

  82.         pw2      = request.form.get("password2", "")

  83.         role     = request.form.get("role", "")

  84. 

  85.         username = username.lower()

  86. 

  87.         if action == "save":

  88.             # Validate...

  89.             errors = None

  90. 

  91.             # Don't allow them to change the username to one that exists.

  92.             if username != user["username"]:

  93.                 if User.exists(username=username):

  94.                     flash("That username already exists.")

  95.                     return redirect(url_for(".edit_user", uid=uid))

  96. 

  97.             # Password provided?

  98.             if len(pw1) > 0:

  99.                 errors = validate_create_form(username, pw1, pw2)

  100.             elif username != user["username"]:

  101.                 # Just validate the username, then.

  102.                 errors = validate_create_form(username, skip_passwd=True)

  103. 

  104.             if errors:

  105.                 for error in errors:

  106.                     flash(error)

  107.                 return redirect(url_for(".edit_user", uid=uid))

  108. 

  109.             # Update the user.

  110.             user["username"] = username

  111.             user["name"]     = name or username

  112.             user["role"]     = role

  113.             if len(pw1) > 0:

  114.                 user["password"] = User.hash_password(pw1)

  115.             User.update_user(uid, user)

  116. 

  117.             flash("User account updated!")

  118.             return redirect(url_for(".users"))

  119. 

  120.         elif action == "delete":

  121.             # Don't let them delete themself!

  122.             if uid == g.info["session"]["uid"]:

  123.                 flash("You shouldn't delete yourself!")

  124.                 return redirect(url_for(".edit_user", uid=uid))

  125. 

  126.             User.delete_user(uid)

  127.             flash("User deleted!")

  128.             return redirect(url_for(".users"))

  129. 

  130.     return template("admin/edit_user.html",

  131.         info=user,

  132.     )

  133. 

  134. 

  135. @mod.route("/impersonate/<int:uid>")

  136. @admin_required

  137. def impersonate(uid):

  138.     """Impersonate a user."""

  139.     # Check that they exist.

  140.     if not User.exists(uid=uid):

  141.         flash("That user ID wasn't found.")

  142.         return redirect(url_for(".users"))

  143. 

  144.     db = User.get_user(uid=uid)

  145.     if db["role"] == "deleted":

  146.         flash("That user was deleted!")

  147.         return redirect(url_for(".users"))

  148. 

  149.     # Log them in!

  150.     orig_uid = session["uid"]

  151.     session.update(

  152.         login=True,

  153.         uid=uid,

  154.         username=db["username"],

  155.         name=db["name"],

  156.         role=db["role"],

  157.         impersonator=orig_uid,

  158.     )

  159. 

  160.     flash("Now logged in as {}".format(db["name"]))

  161.     return redirect(url_for("index"))

  162. 

  163. @mod.route("/unimpersonate")

  164. def unimpersonate():

  165.     """Unimpersonate a user."""

  166. 

  167.     # Must be impersonating, first!

  168.     if not "impersonator" in session:

  169.         flash("Stop messing around.")

  170.         return redirect(url_for("index"))

  171. 

  172.     uid = session.pop("impersonator")

  173.     db = User.get_user(uid=uid)

  174.     session.update(

  175.         login=True,

  176.         uid=uid,

  177.         username=db["username"],

  178.         name=db["name"],

  179.         role=db["role"],

  180.     )

  181. 

  182.     flash("No longer impersonating.")

  183.     return redirect(url_for("index"))