All modules are now plugins. The config.py calls load_plugin for each plugin it needs (some plugins may load others automatically). Also each plugin keeps its own template folder which gets added to the template search path, so i.e. if the photo plugin is unloaded completely, the URL endpoints won't work either (with the old system, since the HTML templates still existed in the default root the endpoints would still serve pages, just without any Python logic behind them).
183 рядки
5.0 KiB
Python
183 рядки
5.0 KiB
Python
# -*- coding: utf-8 -*-
|
|
|
|
"""Endpoints for admin functions."""
|
|
|
|
from flask import g, Blueprint, request, redirect, url_for, session, flash
|
|
import re
|
|
|
|
import rophako.model.user as User
|
|
from rophako.modules.account import validate_create_form
|
|
from rophako.utils import template, admin_required
|
|
|
|
mod = Blueprint("admin", __name__, url_prefix="/admin")
|
|
|
|
@mod.route("/")
|
|
@admin_required
|
|
def index():
|
|
return template("admin/index.html")
|
|
|
|
|
|
@mod.route("/users")
|
|
@admin_required
|
|
def users():
|
|
# Get the list of existing users.
|
|
users = User.list_users()
|
|
|
|
return template("admin/users.html",
|
|
users=users,
|
|
)
|
|
|
|
|
|
@mod.route("/users/create", methods=["POST"])
|
|
@admin_required
|
|
def create_user():
|
|
# Submitting the form.
|
|
username = request.form.get("username", "")
|
|
name = request.form.get("name", "")
|
|
pw1 = request.form.get("password1", "")
|
|
pw2 = request.form.get("password2", "")
|
|
role = request.form.get("role", "")
|
|
|
|
# Default name = username.
|
|
if name == "":
|
|
name = username
|
|
|
|
# Lowercase the user.
|
|
username = username.lower()
|
|
if User.exists(username=username):
|
|
flash("That username already exists.")
|
|
return redirect(url_for(".users"))
|
|
|
|
# Validate the form.
|
|
errors = validate_create_form(username, pw1, pw2)
|
|
if errors:
|
|
for error in errors:
|
|
flash(error)
|
|
return redirect(url_for(".users"))
|
|
|
|
# Create the account.
|
|
uid = User.create(
|
|
username=username,
|
|
password=pw1,
|
|
name=name,
|
|
role=role,
|
|
)
|
|
|
|
flash("User created!")
|
|
return redirect(url_for(".users"))
|
|
|
|
|
|
@mod.route("/users/edit/<uid>", methods=["GET", "POST"])
|
|
@admin_required
|
|
def edit_user(uid):
|
|
uid = int(uid)
|
|
user = User.get_user(uid=uid)
|
|
|
|
# Submitting?
|
|
if request.method == "POST":
|
|
action = request.form.get("action", "")
|
|
username = request.form.get("username", "")
|
|
name = request.form.get("name", "")
|
|
pw1 = request.form.get("password1", "")
|
|
pw2 = request.form.get("password2", "")
|
|
role = request.form.get("role", "")
|
|
|
|
username = username.lower()
|
|
|
|
if action == "save":
|
|
# Validate...
|
|
errors = None
|
|
|
|
# Don't allow them to change the username to one that exists.
|
|
if username != user["username"]:
|
|
if User.exists(username=username):
|
|
flash("That username already exists.")
|
|
return redirect(url_for(".edit_user", uid=uid))
|
|
|
|
# Password provided?
|
|
if len(pw1) > 0:
|
|
errors = validate_create_form(username, pw1, pw2)
|
|
elif username != user["username"]:
|
|
# Just validate the username, then.
|
|
errors = validate_create_form(username, skip_passwd=True)
|
|
|
|
if errors:
|
|
for error in errors:
|
|
flash(error)
|
|
return redirect(url_for(".edit_user", uid=uid))
|
|
|
|
# Update the user.
|
|
user["username"] = username
|
|
user["name"] = name or username
|
|
user["role"] = role
|
|
if len(pw1) > 0:
|
|
user["password"] = User.hash_password(pw1)
|
|
User.update_user(uid, user)
|
|
|
|
flash("User account updated!")
|
|
return redirect(url_for(".users"))
|
|
|
|
elif action == "delete":
|
|
# Don't let them delete themself!
|
|
if uid == g.info["session"]["uid"]:
|
|
flash("You shouldn't delete yourself!")
|
|
return redirect(url_for(".edit_user", uid=uid))
|
|
|
|
User.delete_user(uid)
|
|
flash("User deleted!")
|
|
return redirect(url_for(".users"))
|
|
|
|
return template("admin/edit_user.html",
|
|
info=user,
|
|
)
|
|
|
|
|
|
@mod.route("/impersonate/<int:uid>")
|
|
@admin_required
|
|
def impersonate(uid):
|
|
"""Impersonate a user."""
|
|
# Check that they exist.
|
|
if not User.exists(uid=uid):
|
|
flash("That user ID wasn't found.")
|
|
return redirect(url_for(".users"))
|
|
|
|
db = User.get_user(uid=uid)
|
|
if db["role"] == "deleted":
|
|
flash("That user was deleted!")
|
|
return redirect(url_for(".users"))
|
|
|
|
# Log them in!
|
|
orig_uid = session["uid"]
|
|
session.update(
|
|
login=True,
|
|
uid=uid,
|
|
username=db["username"],
|
|
name=db["name"],
|
|
role=db["role"],
|
|
impersonator=orig_uid,
|
|
)
|
|
|
|
flash("Now logged in as {}".format(db["name"]))
|
|
return redirect(url_for("index"))
|
|
|
|
@mod.route("/unimpersonate")
|
|
def unimpersonate():
|
|
"""Unimpersonate a user."""
|
|
|
|
# Must be impersonating, first!
|
|
if not "impersonator" in session:
|
|
flash("Stop messing around.")
|
|
return redirect(url_for("index"))
|
|
|
|
uid = session.pop("impersonator")
|
|
db = User.get_user(uid=uid)
|
|
session.update(
|
|
login=True,
|
|
uid=uid,
|
|
username=db["username"],
|
|
name=db["name"],
|
|
role=db["role"],
|
|
)
|
|
|
|
flash("No longer impersonating.")
|
|
return redirect(url_for("index")) |