summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJavier Sánchez Parra <jsanchez@soleta.eu>2022-04-27 17:19:54 +0200
committerJavier Sánchez Parra <jsanchez@soleta.eu>2022-04-27 17:34:26 +0200
commiteb8ddd236acac593cce7c341d84a5ab3da834aff (patch)
tree95bc0dbb0d8b62fe5370c11ee46784d26c43c5f4
parent661254b76edd51c36090edd0f898bdca16f23277 (diff)
Add 'Edit user' to Users section
Creates "Edit user" form with the following inputs: password, password confirmation, role (administrator or regular), allowed scopes. It does no allow to change/edit the username.
-rw-r--r--ogcp/templates/auth/edit_user.html26
-rw-r--r--ogcp/templates/users.html2
-rw-r--r--ogcp/views.py60
3 files changed, 88 insertions, 0 deletions
diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html
new file mode 100644
index 0000000..9e1b2b9
--- /dev/null
+++ b/ogcp/templates/auth/edit_user.html
@@ -0,0 +1,26 @@
+{% extends 'users.html' %}
+{% import "bootstrap/wtf.html" as wtf %}
+
+{% set sidebar_state = 'disabled' %}
+{% set btn_back = true %}
+
+{% block nav_user_edit %}active{% endblock %}
+{% block content %}
+
+<h1 class="m-5">{{_('Edit user {}').format(form.username.data)}}</h1>
+
+{{ wtf.quick_form(form,
+ action=url_for('user_edit_post'),
+ method='post',
+ button_map={'submit_btn':'primary'},
+ id='user-form') }}
+
+<script>
+ document.addEventListener('readystatechange', () => {
+ if (document.readyState === 'complete') {
+ digestUserFormPassword()
+ }
+ });
+</script>
+
+{% endblock %}
diff --git a/ogcp/templates/users.html b/ogcp/templates/users.html
index c14aae6..6dd056b 100644
--- a/ogcp/templates/users.html
+++ b/ogcp/templates/users.html
@@ -26,6 +26,8 @@
{% block commands %}
<input class="btn btn-light {% block nav_user_add %}{% endblock %}" type="submit" value="{{ _('Add user') }}"
form="usersForm" formaction="{{ url_for('user_add_get') }}" formmethod="get">
+ <input class="btn btn-light {% block nav_user_edit %}{% endblock %}" type="submit" value="{{ _('Edit user') }}"
+ form="usersForm" formaction="{{ url_for('user_edit_get') }}" formmethod="get">
{% if btn_back %}
<button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
{{ _("Back") }}
diff --git a/ogcp/views.py b/ogcp/views.py
index 48486c7..900bba4 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -1239,6 +1239,24 @@ def save_user(form):
return redirect(url_for('users'))
+def delete_user(username):
+ user = get_user(username)
+
+ filename = os.path.join(app.root_path, 'cfg', 'ogcp.json')
+ with open(filename, 'r+') as file:
+ config = json.load(file)
+
+ config['USERS'].remove(user)
+
+ file.seek(0)
+ json.dump(config, file, indent='\t')
+ file.truncate()
+
+ app.config['USERS'].remove(user)
+
+ return redirect(url_for('users'))
+
+
@app.route('/user/add', methods=['GET'])
@login_required
def user_add_get():
@@ -1263,6 +1281,48 @@ def user_add_post():
return save_user(form)
+@app.route('/user/edit', methods=['GET'])
+@login_required
+def user_edit_get():
+ username_set = parse_elements(request.args.to_dict())
+ if not validate_elements(username_set, max_len=1):
+ return redirect(url_for('users'))
+
+ username = username_set.pop()
+ user = get_user(username)
+ if not user:
+ flash(_('User {} do not exists').format(username), category='error')
+ return redirect(url_for('users'))
+
+ form = UserForm()
+ form.username.data = user.get('USER')
+ form.username.render_kw = {'readonly': True}
+ form.admin.data = user.get('ADMIN')
+ form.scopes.data = user.get('SCOPES')
+ form.scopes.choices = get_available_scopes()
+
+ return render_template('auth/edit_user.html', form=form)
+
+
+@app.route('/user/edit', methods=['POST'])
+@login_required
+def user_edit_post():
+ form = UserForm(request.form)
+ form.scopes.choices = get_available_scopes()
+ if not form.validate():
+ flash(form.errors, category='error')
+ return redirect(url_for('users'))
+
+ username = form.username.data
+ if not get_user(username):
+ flash(_('User {} do not exists').format(username), category='error')
+ return redirect(url_for('users'))
+
+ delete_user(username)
+
+ return save_user(form)
+
+
@app.route('/action/image/info', methods=['GET'])
@login_required
def action_image_info():