You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
158 lines
4.4 KiB
158 lines
4.4 KiB
import deform |
|
from sqlalchemy import func |
|
from pyramid.csrf import get_csrf_token |
|
from pyramid.view import view_config |
|
from pyramid.httpexceptions import HTTPFound |
|
|
|
from . import get_offset |
|
from .. import events, models, services, resources |
|
from ..schemas import account |
|
|
|
|
|
def get_role(request): |
|
role_param = request.GET.get("role", "") |
|
try: |
|
return models.UserRole[role_param.upper()] |
|
except KeyError: |
|
return None |
|
|
|
|
|
@view_config( |
|
context="ordr3:resources.UserList", |
|
permission="view", |
|
request_method="GET", |
|
renderer="ordr3:templates/users/list.jinja2", |
|
) |
|
@view_config( |
|
context="ordr3:resources.UserList", |
|
permission="view", |
|
request_method="GET", |
|
xhr=True, |
|
renderer="ordr3:templates/users/list_content.jinja2", |
|
) |
|
def user_list(context, request): |
|
role = get_role(request) |
|
offset = get_offset(request) |
|
limit = 25 |
|
|
|
query = request.repo.session.query(models.User) |
|
if role: |
|
query = query.filter(models.User.role == role) |
|
query = query.order_by(func.lower(models.User.username)) |
|
users = query[offset : offset + limit] # noqa: E203 |
|
|
|
next_offset = None if limit != len(users) else (offset + limit) |
|
filter_role = "all" if role is None else role.name.lower() |
|
user_resources = [resources.User.from_model(u, context) for u in users] |
|
|
|
return { |
|
"filter_role": filter_role, |
|
"roles": models.UserRole, |
|
"users": user_resources, |
|
"next_offset": next_offset, |
|
} |
|
|
|
|
|
@view_config( |
|
context="ordr3:resources.User", |
|
permission="edit", |
|
name="edit", |
|
request_method="GET", |
|
renderer="ordr3:templates/users/edit.jinja2", |
|
) |
|
def edit_user(context, request): |
|
form = account.EditAccountSchema.as_form(request) |
|
form_data = { |
|
"user_name": context.model.username, |
|
"first_name": context.model.first_name, |
|
"last_name": context.model.last_name, |
|
"email": context.model.email, |
|
"role": context.model.role.name, |
|
} |
|
form.set_appstruct(form_data) |
|
return {"form": form} |
|
|
|
|
|
@view_config( |
|
context="ordr3:resources.User", |
|
permission="edit", |
|
name="edit", |
|
request_method="POST", |
|
renderer="ordr3:templates/users/edit.jinja2", |
|
) |
|
def save_edits(context, request): |
|
if "Save_Changes" not in request.POST: |
|
return HTTPFound(request.resource_path(context.__parent__)) |
|
|
|
form = account.EditAccountSchema.as_form(request) |
|
data = request.POST.items() |
|
try: |
|
appstruct = form.validate(data) |
|
except deform.ValidationFailure: |
|
return {"form": form} |
|
|
|
user = context.model |
|
was_active = user.is_active |
|
user.first_name = appstruct["first_name"] |
|
user.last_name = appstruct["last_name"] |
|
user.email = appstruct["email"] |
|
user.role = models.UserRole[appstruct["role"]] |
|
|
|
if not was_active and user.is_active: |
|
request.emit(events.AccountActivationEmail(user,)) |
|
|
|
request.emit(events.FlashMessage.info(f"User {user.username} updated.")) |
|
return HTTPFound(request.resource_path(context.__parent__)) |
|
|
|
|
|
@view_config( |
|
context="ordr3:resources.User", |
|
permission="edit", |
|
name="password", |
|
request_method="GET", |
|
) |
|
def user_reset_password(context, request): |
|
user = context.model |
|
token = services.create_token_for_user(request.repo, user) |
|
request.emit(events.PasswordResetEmail(user, token.token)) |
|
request.emit( |
|
events.FlashMessage.info( |
|
f"A password reset link has been sent to {user.email}." |
|
) |
|
) |
|
|
|
return HTTPFound(request.resource_path(context.__parent__)) |
|
|
|
|
|
@view_config( |
|
context="ordr3:resources.User", |
|
permission="delete", |
|
name="delete", |
|
request_method="GET", |
|
renderer="ordr3:templates/users/delete.jinja2", |
|
) |
|
def delete_user(context, request): |
|
return {"csrf_token": get_csrf_token(request)} |
|
|
|
|
|
@view_config( |
|
context="ordr3:resources.User", |
|
permission="delete", |
|
name="delete", |
|
request_method="POST", |
|
) |
|
def delete_confirmed(context, request): |
|
if "delete" not in request.POST: |
|
return HTTPFound(request.resource_path(context.__parent__)) |
|
if request.POST.get("confirmation", "") != "confirmed": |
|
return HTTPFound(request.resource_path(context.__parent__)) |
|
|
|
user = context.model |
|
request.emit( |
|
events.FlashMessage.info( |
|
f"The user {user.first_name} {user.last_name} has been deleted." |
|
) |
|
) |
|
request.repo.delete_user(user) |
|
|
|
return HTTPFound(request.resource_path(context.__parent__))
|
|
|