nopaque/app/admin/routes.py

from flask import current_app, flash, redirect, render_template, url_for
from flask_login import login_required
from threading import Thread
from app import db, hashids
from app.decorators import admin_required
from app.models import Role, User, UserSettingJobStatusMailNotificationLevel
from app.settings.forms import (
    EditGeneralSettingsForm,
    EditNotificationSettingsForm
)
from . import bp
from .forms import AdminEditUserForm


@bp.before_request
@login_required
@admin_required
def before_request():
    '''
    Ensures that the routes in this package can be visited only by users with
    administrator privileges (login_required and admin_required).
    '''
    pass


@bp.route('')
def index():
    return redirect(url_for('.users'))


@bp.route('/users')
def users():
    json_users = [x.to_json_serializeable(backrefs=True) for x in User.query.all()]
    return render_template(
        'admin/users.html.j2',
        json_users=json_users,
        title='Users'
    )


@bp.route('/users/<hashid:user_id>')
def user(user_id):
    user = User.query.get_or_404(user_id)
    return render_template('admin/user.html.j2', title='User', user=user)


@bp.route('/users/<hashid:user_id>/edit', methods=['GET', 'POST'])
def edit_user(user_id):
    user = User.query.get_or_404(user_id)
    admin_edit_user_form = AdminEditUserForm(
        data={'confirmed': user.confirmed, 'role': user.role.hashid},
        prefix='admin-edit-user-form'
    )
    edit_general_settings_form = EditGeneralSettingsForm(
        user,
        data=user.to_json_serializeable(),
        prefix='edit-general-settings-form'
    )
    edit_notification_settings_form = EditNotificationSettingsForm(
        data=user.to_json_serializeable(),
        prefix='edit-notification-settings-form'
    )
    if (admin_edit_user_form.submit.data
            and admin_edit_user_form.validate()):
        user.confirmed = admin_edit_user_form.confirmed.data
        role_id = hashids.decode(admin_edit_user_form.role.data)
        user.role = Role.query.get(role_id)
        db.session.commit()
        flash('Your changes have been saved')
        return redirect(url_for('.edit_user', user_id=user.id))
    if (edit_general_settings_form.submit.data
            and edit_general_settings_form.validate()):
        user.email = edit_general_settings_form.email.data
        user.username = edit_general_settings_form.username.data
        db.session.commit()
        flash('Your changes have been saved')
        return redirect(url_for('.edit_user', user_id=user.id))
    if (edit_notification_settings_form.submit.data
            and edit_notification_settings_form.validate()):
        user.setting_job_status_mail_notification_level = \
            UserSettingJobStatusMailNotificationLevel[
                edit_notification_settings_form.job_status_mail_notification_level.data  # noqa
            ]
        db.session.commit()
        flash('Your changes have been saved')
        return redirect(url_for('.edit_user', user_id=user.id))
    return render_template(
        'admin/edit_user.html.j2',
        admin_edit_user_form=admin_edit_user_form,
        edit_general_settings_form=edit_general_settings_form,
        edit_notification_settings_form=edit_notification_settings_form,
        title='Edit user',
        user=user
    )


@bp.route('/users/<hashid:user_id>/delete', methods=['DELETE'])
def delete_user(user_id):
    def _delete_user(app, user_id):
        with app.app_context():
            user = User.query.get(user_id)
            user.delete()
            db.session.commit()

    User.query.get_or_404(user_id)
    thread = Thread(
        target=_delete_user,
        args=(current_app._get_current_object(), user_id)
    )
    thread.start()
    return {}, 202