|
- # -*- coding: utf-8 -*-
-
- """Endpoints for admin functions."""
-
- from flask import g, Blueprint, request, redirect, url_for, session, flash
- import re
-
- import rophako.model.user as User
- from rophako.modules.account import validate_create_form
- from rophako.utils import template, admin_required
-
- mod = Blueprint("admin", __name__, url_prefix="/admin")
-
- @mod.route("/")
- @admin_required
- def index():
- return template("admin/index.html")
-
-
- @mod.route("/users")
- @admin_required
- def users():
- # Get the list of existing users.
- users = User.list_users()
-
- return template("admin/users.html",
- users=users,
- )
-
-
- @mod.route("/users/create", methods=["POST"])
- @admin_required
- def create_user():
- # Submitting the form.
- username = request.form.get("username", "")
- name = request.form.get("name", "")
- pw1 = request.form.get("password1", "")
- pw2 = request.form.get("password2", "")
- role = request.form.get("role", "")
-
- # Default name = username.
- if name == "":
- name = username
-
- # Lowercase the user.
- username = username.lower()
- if User.exists(username=username):
- flash("That username already exists.")
- return redirect(url_for(".users"))
-
- # Validate the form.
- errors = validate_create_form(username, pw1, pw2)
- if errors:
- for error in errors:
- flash(error)
- return redirect(url_for(".users"))
-
- # Create the account.
- uid = User.create(
- username=username,
- password=pw1,
- name=name,
- role=role,
- )
-
- flash("User created!")
- return redirect(url_for(".users"))
-
-
- @mod.route("/users/edit/<uid>", methods=["GET", "POST"])
- @admin_required
- def edit_user(uid):
- uid = int(uid)
- user = User.get_user(uid=uid)
-
- # Submitting?
- if request.method == "POST":
- action = request.form.get("action", "")
- username = request.form.get("username", "")
- name = request.form.get("name", "")
- pw1 = request.form.get("password1", "")
- pw2 = request.form.get("password2", "")
- role = request.form.get("role", "")
-
- username = username.lower()
-
- if action == "save":
- # Validate...
- errors = None
-
- # Don't allow them to change the username to one that exists.
- if username != user["username"]:
- if User.exists(username=username):
- flash("That username already exists.")
- return redirect(url_for(".edit_user", uid=uid))
-
- # Password provided?
- if len(pw1) > 0:
- errors = validate_create_form(username, pw1, pw2)
- elif username != user["username"]:
- # Just validate the username, then.
- errors = validate_create_form(username, skip_passwd=True)
-
- if errors:
- for error in errors:
- flash(error)
- return redirect(url_for(".edit_user", uid=uid))
-
- # Update the user.
- user["username"] = username
- user["name"] = name or username
- user["role"] = role
- if len(pw1) > 0:
- user["password"] = User.hash_password(pw1)
- User.update_user(uid, user)
-
- flash("User account updated!")
- return redirect(url_for(".users"))
-
- elif action == "delete":
- # Don't let them delete themself!
- if uid == g.info["session"]["uid"]:
- flash("You shouldn't delete yourself!")
- return redirect(url_for(".edit_user", uid=uid))
-
- User.delete_user(uid)
- flash("User deleted!")
- return redirect(url_for(".users"))
-
- return template("admin/edit_user.html",
- info=user,
- )
-
-
- @mod.route("/impersonate/<int:uid>")
- @admin_required
- def impersonate(uid):
- """Impersonate a user."""
- # Check that they exist.
- if not User.exists(uid=uid):
- flash("That user ID wasn't found.")
- return redirect(url_for(".users"))
-
- db = User.get_user(uid=uid)
- if db["role"] == "deleted":
- flash("That user was deleted!")
- return redirect(url_for(".users"))
-
- # Log them in!
- orig_uid = session["uid"]
- session.update(
- login=True,
- uid=uid,
- username=db["username"],
- name=db["name"],
- role=db["role"],
- impersonator=orig_uid,
- )
-
- flash("Now logged in as {}".format(db["name"]))
- return redirect(url_for("index"))
-
- @mod.route("/unimpersonate")
- def unimpersonate():
- """Unimpersonate a user."""
-
- # Must be impersonating, first!
- if not "impersonator" in session:
- flash("Stop messing around.")
- return redirect(url_for("index"))
-
- uid = session.pop("impersonator")
- db = User.get_user(uid=uid)
- session.update(
- login=True,
- uid=uid,
- username=db["username"],
- name=db["name"],
- role=db["role"],
- )
-
- flash("No longer impersonating.")
- return redirect(url_for("index"))
|