A Python content management system designed for kirsle.net featuring a blog, comments and photo albums. https://rophako.kirsle.net/
Вы не можете выбрать более 25 тем Темы должны начинаться с буквы или цифры, могут содержать дефисы(-) и должны содержать не более 35 символов.
 
 
 
 
 

183 строки
5.0 KiB

  1. # -*- coding: utf-8 -*-
  2. """Endpoints for admin functions."""
  3. from flask import g, Blueprint, request, redirect, url_for, session, flash
  4. import re
  5. import rophako.model.user as User
  6. from rophako.modules.account import validate_create_form
  7. from rophako.utils import template, admin_required
  8. mod = Blueprint("admin", __name__, url_prefix="/admin")
  9. @mod.route("/")
  10. @admin_required
  11. def index():
  12. return template("admin/index.html")
  13. @mod.route("/users")
  14. @admin_required
  15. def users():
  16. # Get the list of existing users.
  17. users = User.list_users()
  18. return template("admin/users.html",
  19. users=users,
  20. )
  21. @mod.route("/users/create", methods=["POST"])
  22. @admin_required
  23. def create_user():
  24. # Submitting the form.
  25. username = request.form.get("username", "")
  26. name = request.form.get("name", "")
  27. pw1 = request.form.get("password1", "")
  28. pw2 = request.form.get("password2", "")
  29. role = request.form.get("role", "")
  30. # Default name = username.
  31. if name == "":
  32. name = username
  33. # Lowercase the user.
  34. username = username.lower()
  35. if User.exists(username=username):
  36. flash("That username already exists.")
  37. return redirect(url_for(".users"))
  38. # Validate the form.
  39. errors = validate_create_form(username, pw1, pw2)
  40. if errors:
  41. for error in errors:
  42. flash(error)
  43. return redirect(url_for(".users"))
  44. # Create the account.
  45. uid = User.create(
  46. username=username,
  47. password=pw1,
  48. name=name,
  49. role=role,
  50. )
  51. flash("User created!")
  52. return redirect(url_for(".users"))
  53. @mod.route("/users/edit/<uid>", methods=["GET", "POST"])
  54. @admin_required
  55. def edit_user(uid):
  56. uid = int(uid)
  57. user = User.get_user(uid=uid)
  58. # Submitting?
  59. if request.method == "POST":
  60. action = request.form.get("action", "")
  61. username = request.form.get("username", "")
  62. name = request.form.get("name", "")
  63. pw1 = request.form.get("password1", "")
  64. pw2 = request.form.get("password2", "")
  65. role = request.form.get("role", "")
  66. username = username.lower()
  67. if action == "save":
  68. # Validate...
  69. errors = None
  70. # Don't allow them to change the username to one that exists.
  71. if username != user["username"]:
  72. if User.exists(username=username):
  73. flash("That username already exists.")
  74. return redirect(url_for(".edit_user", uid=uid))
  75. # Password provided?
  76. if len(pw1) > 0:
  77. errors = validate_create_form(username, pw1, pw2)
  78. elif username != user["username"]:
  79. # Just validate the username, then.
  80. errors = validate_create_form(username, skip_passwd=True)
  81. if errors:
  82. for error in errors:
  83. flash(error)
  84. return redirect(url_for(".edit_user", uid=uid))
  85. # Update the user.
  86. user["username"] = username
  87. user["name"] = name or username
  88. user["role"] = role
  89. if len(pw1) > 0:
  90. user["password"] = User.hash_password(pw1)
  91. User.update_user(uid, user)
  92. flash("User account updated!")
  93. return redirect(url_for(".users"))
  94. elif action == "delete":
  95. # Don't let them delete themself!
  96. if uid == g.info["session"]["uid"]:
  97. flash("You shouldn't delete yourself!")
  98. return redirect(url_for(".edit_user", uid=uid))
  99. User.delete_user(uid)
  100. flash("User deleted!")
  101. return redirect(url_for(".users"))
  102. return template("admin/edit_user.html",
  103. info=user,
  104. )
  105. @mod.route("/impersonate/<int:uid>")
  106. @admin_required
  107. def impersonate(uid):
  108. """Impersonate a user."""
  109. # Check that they exist.
  110. if not User.exists(uid=uid):
  111. flash("That user ID wasn't found.")
  112. return redirect(url_for(".users"))
  113. db = User.get_user(uid=uid)
  114. if db["role"] == "deleted":
  115. flash("That user was deleted!")
  116. return redirect(url_for(".users"))
  117. # Log them in!
  118. orig_uid = session["uid"]
  119. session.update(
  120. login=True,
  121. uid=uid,
  122. username=db["username"],
  123. name=db["name"],
  124. role=db["role"],
  125. impersonator=orig_uid,
  126. )
  127. flash("Now logged in as {}".format(db["name"]))
  128. return redirect(url_for("index"))
  129. @mod.route("/unimpersonate")
  130. def unimpersonate():
  131. """Unimpersonate a user."""
  132. # Must be impersonating, first!
  133. if not "impersonator" in session:
  134. flash("Stop messing around.")
  135. return redirect(url_for("index"))
  136. uid = session.pop("impersonator")
  137. db = User.get_user(uid=uid)
  138. session.update(
  139. login=True,
  140. uid=uid,
  141. username=db["username"],
  142. name=db["name"],
  143. role=db["role"],
  144. )
  145. flash("No longer impersonating.")
  146. return redirect(url_for("index"))