A Python content management system designed for kirsle.net featuring a blog, comments and photo albums. https://rophako.kirsle.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 

202 lines
5.5 KiB

  1. # -*- coding: utf-8 -*-
  2. from __future__ import unicode_literals, absolute_import
  3. """Endpoints for admin functions."""
  4. from flask import g, Blueprint, request, redirect, url_for, session, flash
  5. import rophako.model.user as User
  6. import rophako.model.blog as Blog
  7. import rophako.model.tracking as Tracking
  8. from rophako.modules.account import validate_create_form
  9. from rophako.utils import template, admin_required
  10. mod = Blueprint("admin", __name__, url_prefix="/admin")
  11. @mod.route("/")
  12. @admin_required
  13. def index():
  14. return template("admin/index.html")
  15. @mod.route("/users")
  16. @admin_required
  17. def users():
  18. # Get the list of existing users.
  19. users = User.list_users()
  20. return template("admin/users.html",
  21. users=users,
  22. )
  23. @mod.route("/users/create", methods=["POST"])
  24. @admin_required
  25. def create_user():
  26. # Submitting the form.
  27. username = request.form.get("username", "")
  28. name = request.form.get("name", "")
  29. pw1 = request.form.get("password1", "")
  30. pw2 = request.form.get("password2", "")
  31. role = request.form.get("role", "")
  32. # Default name = username.
  33. if name == "":
  34. name = username
  35. # Lowercase the user.
  36. username = username.lower()
  37. if User.exists(username=username):
  38. flash("That username already exists.")
  39. return redirect(url_for(".users"))
  40. # Validate the form.
  41. errors = validate_create_form(username, pw1, pw2)
  42. if errors:
  43. for error in errors:
  44. flash(error)
  45. return redirect(url_for(".users"))
  46. # Create the account.
  47. uid = User.create(
  48. username=username,
  49. password=pw1,
  50. name=name,
  51. role=role,
  52. )
  53. flash("User created!")
  54. return redirect(url_for(".users"))
  55. @mod.route("/users/edit/<uid>", methods=["GET", "POST"])
  56. @admin_required
  57. def edit_user(uid):
  58. uid = int(uid)
  59. user = User.get_user(uid=uid)
  60. # Submitting?
  61. if request.method == "POST":
  62. action = request.form.get("action", "")
  63. username = request.form.get("username", "")
  64. name = request.form.get("name", "")
  65. pw1 = request.form.get("password1", "")
  66. pw2 = request.form.get("password2", "")
  67. role = request.form.get("role", "")
  68. username = username.lower()
  69. if action == "save":
  70. # Validate...
  71. errors = None
  72. # Don't allow them to change the username to one that exists.
  73. if username != user["username"]:
  74. if User.exists(username=username):
  75. flash("That username already exists.")
  76. return redirect(url_for(".edit_user", uid=uid))
  77. # Password provided?
  78. if len(pw1) > 0:
  79. errors = validate_create_form(username, pw1, pw2)
  80. elif username != user["username"]:
  81. # Just validate the username, then.
  82. errors = validate_create_form(username, skip_passwd=True)
  83. if errors:
  84. for error in errors:
  85. flash(error)
  86. return redirect(url_for(".edit_user", uid=uid))
  87. # Update the user.
  88. user["username"] = username
  89. user["name"] = name or username
  90. user["role"] = role
  91. if len(pw1) > 0:
  92. user["password"] = User.hash_password(pw1)
  93. User.update_user(uid, user)
  94. flash("User account updated!")
  95. return redirect(url_for(".users"))
  96. elif action == "delete":
  97. # Don't let them delete themself!
  98. if uid == g.info["session"]["uid"]:
  99. flash("You shouldn't delete yourself!")
  100. return redirect(url_for(".edit_user", uid=uid))
  101. User.delete_user(uid)
  102. flash("User deleted!")
  103. return redirect(url_for(".users"))
  104. return template("admin/edit_user.html",
  105. info=user,
  106. )
  107. @mod.route("/impersonate/<int:uid>")
  108. @admin_required
  109. def impersonate(uid):
  110. """Impersonate a user."""
  111. # Check that they exist.
  112. if not User.exists(uid=uid):
  113. flash("That user ID wasn't found.")
  114. return redirect(url_for(".users"))
  115. db = User.get_user(uid=uid)
  116. if db["role"] == "deleted":
  117. flash("That user was deleted!")
  118. return redirect(url_for(".users"))
  119. # Log them in!
  120. orig_uid = session["uid"]
  121. session.update(
  122. login=True,
  123. uid=uid,
  124. username=db["username"],
  125. name=db["name"],
  126. role=db["role"],
  127. impersonator=orig_uid,
  128. )
  129. flash("Now logged in as {}".format(db["name"]))
  130. return redirect(url_for("index"))
  131. @mod.route("/unimpersonate")
  132. def unimpersonate():
  133. """Unimpersonate a user."""
  134. # Must be impersonating, first!
  135. if not "impersonator" in session:
  136. flash("Stop messing around.")
  137. return redirect(url_for("index"))
  138. uid = session.pop("impersonator")
  139. db = User.get_user(uid=uid)
  140. session.update(
  141. login=True,
  142. uid=uid,
  143. username=db["username"],
  144. name=db["name"],
  145. role=db["role"],
  146. )
  147. flash("No longer impersonating.")
  148. return redirect(url_for("index"))
  149. @mod.route("/maint/rebuild_visitor_counts")
  150. @admin_required
  151. def rebuild_visitor_counts():
  152. """Rebuild visitor counts."""
  153. Tracking.rebuild_visitor_stats()
  154. flash("Visitor counts recalculated.")
  155. return redirect(url_for(".index"))
  156. @mod.route("/maint/rebuild_blog_index")
  157. @admin_required
  158. def rebuild_blog_index():
  159. """Rebuild the blog index."""
  160. Blog.rebuild_index()
  161. flash("Blog index rebuilt.")
  162. return redirect(url_for(".index"))