diff --git a/ordr2/resources/admin.py b/ordr2/resources/admin.py index 054a588..5434ff8 100644 --- a/ordr2/resources/admin.py +++ b/ordr2/resources/admin.py @@ -11,6 +11,7 @@ class UserAccount(BaseResource): return [ (Allow, 'role:admin', 'view'), (Allow, 'role:admin', 'edit'), + (Allow, 'role:admin', 'delete'), DENY_ALL ] @@ -24,6 +25,8 @@ class UserList(BaseResource, PaginationResourceMixin): def __acl__(self): return [ (Allow, 'role:admin', 'view'), + (Allow, 'role:admin', 'edit'), + (Allow, 'role:admin', 'delete'), DENY_ALL ] diff --git a/ordr2/templates/admin/user_list.jinja2 b/ordr2/templates/admin/user_list.jinja2 index 628dd85..98cc0da 100644 --- a/ordr2/templates/admin/user_list.jinja2 +++ b/ordr2/templates/admin/user_list.jinja2 @@ -58,7 +58,7 @@ {% for user in users %} - + {{ user.model.user_name }} diff --git a/ordr2/templates/admin/users_delete.jinja2 b/ordr2/templates/admin/users_delete.jinja2 new file mode 100755 index 0000000..29911f2 --- /dev/null +++ b/ordr2/templates/admin/users_delete.jinja2 @@ -0,0 +1,66 @@ +{% extends "ordr2:templates/layout.jinja2" %} +{% import 'ordr2:templates/macros.jinja2' as macros with context %} + +{% block subtitle %} Account | Admin | Users | Confirm Delete {% endblock subtitle %} + +{% block content %} +
+ +
+
+
+

Delete User{{ 's' if accounts|length > 1 }}

+
+
+ +
+
+ +
+

The following user{{ 's' if accounts|length > 1 }} will be deleted:

+
+ +
+ + + + + + + + + + + + + {% for account in accounts %} + + + + + + + + {% endfor %} + +
UsernameFirst NameLast NameEmailRole
+ + {{ account.user_name }} + {{ account.first_name }} {{ account.last_name }} {{ account.email }} {{ account.role.value.capitalize() }}
+ +
+
+ + +
+
+ +
+ +
+
+ +
+ +
+{% endblock content %} diff --git a/ordr2/views/admin.py b/ordr2/views/admin.py index 7f2ce53..ad0d754 100644 --- a/ordr2/views/admin.py +++ b/ordr2/views/admin.py @@ -60,6 +60,29 @@ def change_column_view(context, request): return HTTPFound(context.url()) + +@view_config( + context='ordr2:resources.UserList', + name='actions', + request_param='action=delete', + permission='delete', + request_method='POST', + renderer='ordr2:templates/admin/users_delete.jinja2' + ) +def delete_multiple_accounts_form(context, request): + print(list(request.POST.items())) + account_ids = [v for k, v in request.POST.items() if k == 'marked'] + accounts = request.dbsession.\ + query(User).\ + filter(User.id.in_(account_ids)).\ + order_by(User.user_name).\ + all() + if len(accounts) == 0: + return HTTPFound(context.url()) + return {'accounts': accounts} + + + @view_config( context='ordr2:resources.UserAccount', permission='edit', @@ -133,3 +156,46 @@ def user_account_form_processing(context, request): return HTTPFound(context, 'delete') return HTTPFound(context.__parent__.url()) + + +@view_config( + context='ordr2:resources.UserAccount', + name='delete', + permission='delete', + request_method='GET', + renderer='ordr2:templates/admin/users_delete.jinja2' + ) +def user_delete_form(context, request): + return {'accounts': [context.model]} + + +@view_config( + context='ordr2:resources.UserList', + name='delete', + permission='delete', + request_method='POST' + ) +@view_config( + context='ordr2:resources.UserAccount', + name='delete', + permission='delete', + request_method='POST' + ) +def user_delete_form_processing(context, request): + if 'delete' in request.POST: + account_ids = [v for k, v in request.POST.items() if k == 'account'] + accounts = request.dbsession.\ + query(User).\ + filter(User.id.in_(account_ids)).\ + all() + for account in accounts: + request.dbsession.delete(account) + + if len(accounts) == 1: + request.flash('success', 'One user account was deleted') + elif len(accounts) > 1: + msg = '{} user accounts were deleted.'.format(len(accounts)) + request.flash('success', msg) + + return HTTPFound(request.resource_url(request.root, 'admin', 'users')) +