from app import db, hashids from app.decorators import admin_required from app.models import Role, User, UserSettingJobStatusMailNotificationLevel from app.settings import tasks as settings_tasks from app.settings.forms import ( EditGeneralSettingsForm, EditInterfaceSettingsForm, EditNotificationSettingsForm ) from flask import flash, redirect, render_template, url_for from flask_login import login_required from . import bp from .forms import AdminEditUserForm @bp.before_request @login_required @admin_required def before_request(): ''' Ensures that the routes in this package can be visited only by users with administrator privileges (login_required and admin_required). ''' pass @bp.route('/') def index(): return redirect(url_for('.users')) @bp.route('/users') def users(): dict_users = { user.id: user.to_dict(backrefs=True, relationships=False) for user in User.query.all() } return render_template( 'admin/users.html.j2', dict_users=dict_users, title='Users' ) @bp.route('/users/') def user(user_id): user = User.query.get_or_404(user_id) return render_template('admin/user.html.j2', title='User', user=user) @bp.route('/users//delete') def delete_user(user_id): settings_tasks.delete_user(user_id) flash('User has been marked for deletion') return redirect(url_for('.users')) @bp.route('/users//edit', methods=['GET', 'POST']) def edit_user(user_id): user = User.query.get_or_404(user_id) admin_edit_user_form = AdminEditUserForm( prefix='admin_edit_user_form' ) edit_general_settings_form = EditGeneralSettingsForm( user, prefix='edit_general_settings_form' ) edit_interface_settings_form = EditInterfaceSettingsForm( prefix='edit_interface_settings_form' ) edit_notification_settings_form = EditNotificationSettingsForm( prefix='edit_notification_settings_form' ) if ( admin_edit_user_form.submit.data and admin_edit_user_form.validate() ): user.confirmed = admin_edit_user_form.confirmed.data role_id = hashids.decode(admin_edit_user_form.role.data) user.role = Role.query.get(role_id) flash('Your changes have been saved') return redirect(url_for('.edit_user', user_id=user.id)) if ( edit_general_settings_form.submit.data and edit_general_settings_form.validate() ): user.email = edit_general_settings_form.email.data user.username = edit_general_settings_form.username.data db.session.commit() flash('Your changes have been saved') return redirect(url_for('.edit_user', user_id=user.id)) if ( edit_interface_settings_form.submit.data and edit_interface_settings_form.validate() ): user.setting_dark_mode = edit_interface_settings_form.dark_mode.data db.session.commit() flash('Your changes have been saved') return redirect(url_for('.edit_user', user_id=user.id)) if ( edit_notification_settings_form.submit.data and edit_notification_settings_form.validate() ): user.setting_job_status_mail_notification_level = \ UserSettingJobStatusMailNotificationLevel[ edit_notification_settings_form.job_status_mail_notification_level.data # noqa ] db.session.commit() flash('Your changes have been saved') return redirect(url_for('.edit_user', user_id=user.id)) admin_edit_user_form.confirmed.data = user.confirmed admin_edit_user_form.role.data = user.role.hashid edit_general_settings_form.email.data = user.email edit_general_settings_form.username.data = user.username edit_interface_settings_form.dark_mode.data = user.setting_dark_mode edit_notification_settings_form.job_status_mail_notification_level.data = \ user.setting_job_status_mail_notification_level.name return render_template( 'admin/edit_user.html.j2', admin_edit_user_form=admin_edit_user_form, edit_general_settings_form=edit_general_settings_form, edit_interface_settings_form=edit_interface_settings_form, edit_notification_settings_form=edit_notification_settings_form, title='Edit user', user=user )