From 27ea6812790207ca955fc65bf814ccc9ea463175 Mon Sep 17 00:00:00 2001
From: Holger Frey <mail@holgerfrey.de>
Date: Sat, 30 Sep 2017 12:37:38 +0200
Subject: [PATCH] added user edit form

---
 ordr2/resources/admin.py               |  1 +
 ordr2/schemas/account.py               | 11 +++++-
 ordr2/templates/admin/user_edit.jinja2 | 24 ++++++++++++
 ordr2/templates/admin/user_list.jinja2 |  2 +-
 ordr2/views/admin.py                   | 53 ++++++++++++++++++++++++++
 5 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 ordr2/templates/admin/user_edit.jinja2

diff --git a/ordr2/resources/admin.py b/ordr2/resources/admin.py
index fc25c2f..054a588 100644
--- a/ordr2/resources/admin.py
+++ b/ordr2/resources/admin.py
@@ -10,6 +10,7 @@ class UserAccount(BaseResource):
     def __acl__(self):
         return [
             (Allow, 'role:admin', 'view'),
+            (Allow, 'role:admin', 'edit'),
             DENY_ALL
             ]
 
diff --git a/ordr2/schemas/account.py b/ordr2/schemas/account.py
index 1531ca7..d013933 100644
--- a/ordr2/schemas/account.py
+++ b/ordr2/schemas/account.py
@@ -80,7 +80,11 @@ class UserSchema(CSRFSchema):
     @classmethod
     def as_form(cls, request, **override):
         settings = {
-            'buttons': ('Save changes', 'Cancel'),
+            'buttons': (
+                deform.Button('Save changes'),
+                deform.Button('Reset password', css_class='btn-danger'),
+                deform.Button('Cancel')
+                ),
             'css_class': 'form-horizontal',
             }
         settings.update(override)
@@ -131,7 +135,10 @@ class SettingsSchema(CSRFSchema):
         settings.update(override)
         form = super().as_form(request, **settings)
         # disable the role field for user settings
-        form['general']['role'].widget.template='select_disabled.pt'
+        form['general']['role'].widget = deform.widget.SelectWidget(
+            values=ROLES,
+            template='select_disabled.pt'
+            )
         form['general']['role'].widget=deform.widget.TextInputWidget(
             template='textinput_disabled.pt'
             )
diff --git a/ordr2/templates/admin/user_edit.jinja2 b/ordr2/templates/admin/user_edit.jinja2
new file mode 100644
index 0000000..98b7cf5
--- /dev/null
+++ b/ordr2/templates/admin/user_edit.jinja2
@@ -0,0 +1,24 @@
+{% extends "ordr2:templates/layout.jinja2" %}
+{% import 'ordr2:templates/macros.jinja2' as macros with context %}
+
+{% block subtitle %} Account | Admin | User | {{ context.model.user_name }} {% endblock subtitle %}
+
+{% block content %}
+<div class="content controls">
+
+    <div class="container-fluid">
+        <div class="row-fluid">
+            <div class="page-controls">
+                <h1>Edit User: {{ context.model.user_name }}</h1>
+            </div>
+        </div>
+        <div class="row">
+            <div class="span8">
+                {{ macros.flash_messages() }}
+                {{form.render()|safe}}
+            </div>
+        </div>
+    </div>
+
+</div>
+{% endblock content %}
diff --git a/ordr2/templates/admin/user_list.jinja2 b/ordr2/templates/admin/user_list.jinja2
index de0ffd8..628dd85 100644
--- a/ordr2/templates/admin/user_list.jinja2
+++ b/ordr2/templates/admin/user_list.jinja2
@@ -68,7 +68,7 @@
                                         <td class="column-email">{{ user.model.email }} </td>
                                         <td class="column-role">{{ user.model.role.value.capitalize() }} </td>
                                         <td>
-                                            <a href="{{ request.resource_url(user, 'edit') }}" class="action edit" title="Edit User">edit</a>
+                                            <a href="{{ request.resource_url(user) }}" class="action edit" title="Edit User">edit</a>
                                             <a href="{{ request.resource_url(user, 'delete') }}" class="action delete" title="Delete User">delete</a>
                                         </td>
                                     </tr>
diff --git a/ordr2/views/admin.py b/ordr2/views/admin.py
index 436f499..9e947dd 100644
--- a/ordr2/views/admin.py
+++ b/ordr2/views/admin.py
@@ -62,3 +62,56 @@ def change_column_view(context, request):
     display.update({ column: True for column in columns })
     request.session['display']['users'] = display
     return HTTPFound(context.url())
+
+
+@view_config(
+    context='ordr2:resources.UserAccount',
+    permission='edit',
+    request_method='GET',
+    renderer='ordr2:templates/admin/user_edit.jinja2'
+    )
+def user_account_form(context, request):
+    form = UserSchema.as_form(request)
+    form_data = {
+        'user_name': context.model.user_name,
+        'first_name': context.model.first_name,
+        'last_name': context.model.last_name,
+        'email': context.model.email,
+        'role': context.model.role.name
+        }
+    form.set_appstruct(form_data)
+    return {'form': form}
+
+
+@view_config(
+    context='ordr2:resources.Account',
+    name='settingsx',
+    permission='settings',
+    request_method='POST',
+    renderer='ordr2:templates/account/settings.jinja2'
+    )
+def settingsx_form_processing(context, request):
+    ''' display the user settings form '''
+
+    form = SettingsSchema.as_form(request)
+    data = request.POST.items()
+    try:
+        appstruct = form.validate(data)
+    except deform.ValidationFailure as e:
+        return {'form': form}
+
+    # form validation sucessful, change settings
+    request.user.first_name = appstruct['general']['first_name']
+    request.user.last_name = appstruct['general']['last_name']
+    request.user.email = appstruct['general']['email']
+    if appstruct['change_password']['new_password']:
+        request.user.set_password(appstruct['change_password']['new_password'])
+        if len(appstruct['change_password']['new_password']) < 8:
+            request.flash(
+                'warning',
+                'You should really consider using a longer password.'
+                )
+
+    request.flash('success', 'Your account information has been updated.')
+
+    return {'form': form}