diff options
author | Javier Sánchez Parra <jsanchez@soleta.eu> | 2022-04-27 17:19:54 +0200 |
---|---|---|
committer | Javier Sánchez Parra <jsanchez@soleta.eu> | 2022-04-27 17:34:26 +0200 |
commit | eb8ddd236acac593cce7c341d84a5ab3da834aff (patch) | |
tree | 95bc0dbb0d8b62fe5370c11ee46784d26c43c5f4 | |
parent | 661254b76edd51c36090edd0f898bdca16f23277 (diff) |
Add 'Edit user' to Users section
Creates "Edit user" form with the following inputs: password, password
confirmation, role (administrator or regular), allowed scopes. It does
no allow to change/edit the username.
-rw-r--r-- | ogcp/templates/auth/edit_user.html | 26 | ||||
-rw-r--r-- | ogcp/templates/users.html | 2 | ||||
-rw-r--r-- | ogcp/views.py | 60 |
3 files changed, 88 insertions, 0 deletions
diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html new file mode 100644 index 0000000..9e1b2b9 --- /dev/null +++ b/ogcp/templates/auth/edit_user.html @@ -0,0 +1,26 @@ +{% extends 'users.html' %} +{% import "bootstrap/wtf.html" as wtf %} + +{% set sidebar_state = 'disabled' %} +{% set btn_back = true %} + +{% block nav_user_edit %}active{% endblock %} +{% block content %} + +<h1 class="m-5">{{_('Edit user {}').format(form.username.data)}}</h1> + +{{ wtf.quick_form(form, + action=url_for('user_edit_post'), + method='post', + button_map={'submit_btn':'primary'}, + id='user-form') }} + +<script> + document.addEventListener('readystatechange', () => { + if (document.readyState === 'complete') { + digestUserFormPassword() + } + }); +</script> + +{% endblock %} diff --git a/ogcp/templates/users.html b/ogcp/templates/users.html index c14aae6..6dd056b 100644 --- a/ogcp/templates/users.html +++ b/ogcp/templates/users.html @@ -26,6 +26,8 @@ {% block commands %} <input class="btn btn-light {% block nav_user_add %}{% endblock %}" type="submit" value="{{ _('Add user') }}" form="usersForm" formaction="{{ url_for('user_add_get') }}" formmethod="get"> + <input class="btn btn-light {% block nav_user_edit %}{% endblock %}" type="submit" value="{{ _('Edit user') }}" + form="usersForm" formaction="{{ url_for('user_edit_get') }}" formmethod="get"> {% if btn_back %} <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()"> {{ _("Back") }} diff --git a/ogcp/views.py b/ogcp/views.py index 48486c7..900bba4 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -1239,6 +1239,24 @@ def save_user(form): return redirect(url_for('users')) +def delete_user(username): + user = get_user(username) + + filename = os.path.join(app.root_path, 'cfg', 'ogcp.json') + with open(filename, 'r+') as file: + config = json.load(file) + + config['USERS'].remove(user) + + file.seek(0) + json.dump(config, file, indent='\t') + file.truncate() + + app.config['USERS'].remove(user) + + return redirect(url_for('users')) + + @app.route('/user/add', methods=['GET']) @login_required def user_add_get(): @@ -1263,6 +1281,48 @@ def user_add_post(): return save_user(form) +@app.route('/user/edit', methods=['GET']) +@login_required +def user_edit_get(): + username_set = parse_elements(request.args.to_dict()) + if not validate_elements(username_set, max_len=1): + return redirect(url_for('users')) + + username = username_set.pop() + user = get_user(username) + if not user: + flash(_('User {} do not exists').format(username), category='error') + return redirect(url_for('users')) + + form = UserForm() + form.username.data = user.get('USER') + form.username.render_kw = {'readonly': True} + form.admin.data = user.get('ADMIN') + form.scopes.data = user.get('SCOPES') + form.scopes.choices = get_available_scopes() + + return render_template('auth/edit_user.html', form=form) + + +@app.route('/user/edit', methods=['POST']) +@login_required +def user_edit_post(): + form = UserForm(request.form) + form.scopes.choices = get_available_scopes() + if not form.validate(): + flash(form.errors, category='error') + return redirect(url_for('users')) + + username = form.username.data + if not get_user(username): + flash(_('User {} do not exists').format(username), category='error') + return redirect(url_for('users')) + + delete_user(username) + + return save_user(form) + + @app.route('/action/image/info', methods=['GET']) @login_required def action_image_info(): |