diff options
| -rw-r--r-- | ogcp/forms/auth.py | 9 | ||||
| -rw-r--r-- | ogcp/templates/auth/delete_user.html | 17 | ||||
| -rw-r--r-- | ogcp/templates/users.html | 2 | ||||
| -rw-r--r-- | ogcp/views.py | 40 |
4 files changed, 67 insertions, 1 deletions
diff --git a/ogcp/forms/auth.py b/ogcp/forms/auth.py index b10d8fe..edc5d9a 100644 --- a/ogcp/forms/auth.py +++ b/ogcp/forms/auth.py @@ -57,3 +57,12 @@ class UserForm(FlaskForm): submit_btn = SubmitField( label=_l('Submit') ) + + +class DeleteUserForm(FlaskForm): + username = HiddenField( + validators=[InputRequired()] + ) + submit_btn = SubmitField( + label=_l('Submit') + ) diff --git a/ogcp/templates/auth/delete_user.html b/ogcp/templates/auth/delete_user.html new file mode 100644 index 0000000..42301ae --- /dev/null +++ b/ogcp/templates/auth/delete_user.html @@ -0,0 +1,17 @@ +{% extends 'users.html' %} +{% import "bootstrap/wtf.html" as wtf %} + +{% set sidebar_state = 'disabled' %} +{% set btn_back = true %} + +{% block nav_user_edit %}active{% endblock %} +{% block content %} + +<h1 class="m-5">{{_('Delete user {}').format(form.username.data)}}</h1> + +{{ wtf.quick_form(form, + action=url_for('user_delete_post'), + method='post', + button_map={'submit_btn':'primary'}) }} + +{% endblock %} diff --git a/ogcp/templates/users.html b/ogcp/templates/users.html index 6dd056b..bd8e450 100644 --- a/ogcp/templates/users.html +++ b/ogcp/templates/users.html @@ -28,6 +28,8 @@ form="usersForm" formaction="{{ url_for('user_add_get') }}" formmethod="get"> <input class="btn btn-light {% block nav_user_edit %}{% endblock %}" type="submit" value="{{ _('Edit user') }}" form="usersForm" formaction="{{ url_for('user_edit_get') }}" formmethod="get"> + <input class="btn btn-light {% block nav_user_delete %}{% endblock %}" type="submit" value="{{ _('Delete user') }}" + form="usersForm" formaction="{{ url_for('user_delete_get') }}" formmethod="get"> {% if btn_back %} <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()"> {{ _("Back") }} diff --git a/ogcp/views.py b/ogcp/views.py index 900bba4..7f54bcf 100644 --- a/ogcp/views.py +++ b/ogcp/views.py @@ -23,7 +23,7 @@ from flask_login import ( from pathlib import Path from ogcp.models import User -from ogcp.forms.auth import LoginForm, UserForm +from ogcp.forms.auth import LoginForm, UserForm, DeleteUserForm from ogcp.og_server import OGServer from flask_babel import lazy_gettext as _l from flask_babel import _ @@ -1323,6 +1323,44 @@ def user_edit_post(): return save_user(form) +@app.route('/user/delete', methods=['GET']) +@login_required +def user_delete_get(): + username_set = parse_elements(request.args.to_dict()) + if not validate_elements(username_set, max_len=1): + return redirect(url_for('users')) + + username = username_set.pop() + user = get_user(username) + if not user: + flash(_('User {} do not exists').format(username), category='error') + return redirect(url_for('users')) + + form = DeleteUserForm() + form.username.data = user.get('USER') + + return render_template('auth/delete_user.html', form=form) + + +@app.route('/user/delete', methods=['POST']) +@login_required +def user_delete_post(): + form = DeleteUserForm(request.form) + if not form.validate(): + flash(form.errors, category='error') + return redirect(url_for('users')) + + username = form.username.data + if not get_user(username): + flash(_('User {} do not exists').format(username), category='error') + return redirect(url_for('users')) + + delete_user(username) + + flash(_('User {} deleted').format(username), category='info') + return redirect(url_for('users')) + + @app.route('/action/image/info', methods=['GET']) @login_required def action_image_info(): |