3 files changed, 88 insertions, 0 deletions

diff --git a/ogcp/templates/auth/edit_user.html b/ogcp/templates/auth/edit_user.html
new file mode 100644
index 0000000..9e1b2b9
--- /dev/null
+++ b/ogcp/templates/auth/edit_user.html
@@ -0,0 +1,26 @@
+{% extends 'users.html' %}
+{% import "bootstrap/wtf.html" as wtf %}
+
+{% set sidebar_state = 'disabled' %}
+{% set btn_back = true %}
+
+{% block nav_user_edit %}active{% endblock %}
+{% block content %}
+
+<h1 class="m-5">{{_('Edit user {}').format(form.username.data)}}</h1>
+
+{{ wtf.quick_form(form,
+                  action=url_for('user_edit_post'),
+                  method='post',
+                  button_map={'submit_btn':'primary'},
+                  id='user-form') }}
+
+<script>
+    document.addEventListener('readystatechange', () => {
+        if (document.readyState === 'complete') {
+            digestUserFormPassword()
+        }
+    });
+</script>
+
+{% endblock %}
diff --git a/ogcp/templates/users.html b/ogcp/templates/users.html
index c14aae6..6dd056b 100644
--- a/ogcp/templates/users.html
+++ b/ogcp/templates/users.html
@@ -26,6 +26,8 @@
 {% block commands %}
   <input class="btn btn-light {% block nav_user_add %}{% endblock %}" type="submit" value="{{ _('Add user') }}"
          form="usersForm" formaction="{{ url_for('user_add_get') }}" formmethod="get">
+  <input class="btn btn-light {% block nav_user_edit %}{% endblock %}" type="submit" value="{{ _('Edit user') }}"
+         form="usersForm" formaction="{{ url_for('user_edit_get') }}" formmethod="get">
   {% if btn_back %}
     <button class="btn btn-danger ml-3" type="button" id="backButton" onclick="history.back()">
       {{ _("Back") }}
diff --git a/ogcp/views.py b/ogcp/views.py
index 48486c7..900bba4 100644
--- a/ogcp/views.py
+++ b/ogcp/views.py
@@ -1239,6 +1239,24 @@ def save_user(form):
     return redirect(url_for('users'))
 
 
+def delete_user(username):
+    user = get_user(username)
+
+    filename = os.path.join(app.root_path, 'cfg', 'ogcp.json')
+    with open(filename, 'r+') as file:
+        config = json.load(file)
+
+        config['USERS'].remove(user)
+
+        file.seek(0)
+        json.dump(config, file, indent='\t')
+        file.truncate()
+
+    app.config['USERS'].remove(user)
+
+    return redirect(url_for('users'))
+
+
 @app.route('/user/add', methods=['GET'])
 @login_required
 def user_add_get():
@@ -1263,6 +1281,48 @@ def user_add_post():
     return save_user(form)
 
 
+@app.route('/user/edit', methods=['GET'])
+@login_required
+def user_edit_get():
+    username_set = parse_elements(request.args.to_dict())
+    if not validate_elements(username_set, max_len=1):
+        return redirect(url_for('users'))
+
+    username = username_set.pop()
+    user = get_user(username)
+    if not user:
+        flash(_('User {} do not exists').format(username), category='error')
+        return redirect(url_for('users'))
+
+    form = UserForm()
+    form.username.data = user.get('USER')
+    form.username.render_kw = {'readonly': True}
+    form.admin.data = user.get('ADMIN')
+    form.scopes.data = user.get('SCOPES')
+    form.scopes.choices = get_available_scopes()
+
+    return render_template('auth/edit_user.html', form=form)
+
+
+@app.route('/user/edit', methods=['POST'])
+@login_required
+def user_edit_post():
+    form = UserForm(request.form)
+    form.scopes.choices = get_available_scopes()
+    if not form.validate():
+        flash(form.errors, category='error')
+        return redirect(url_for('users'))
+
+    username = form.username.data
+    if not get_user(username):
+        flash(_('User {} do not exists').format(username), category='error')
+        return redirect(url_for('users'))
+
+    delete_user(username)
+
+    return save_user(form)
+
+
 @app.route('/action/image/info', methods=['GET'])
 @login_required
 def action_image_info():