Browse Source

privs: add methods to properly delete users and groups

master
Lephe 8 months ago
parent
commit
834403038b
3 changed files with 30 additions and 20 deletions
  1. 13
    0
      app/models/privs.py
  2. 14
    0
      app/models/users.py
  3. 3
    20
      app/routes/admin.py

+ 13
- 0
app/models/privs.py View File

@@ -50,6 +50,19 @@ class Group(db.Model):
self.description = descr
self.members = []

def delete(self):
"""
Deletes the group and the associated information:
* Group privileges
"""

for gp in GroupPrivilege.query.filter_by(gid=self.id).all():
db.session.delete(gp)
db.session.commit()

db.session.delete(self)
db.session.commit()

def privs(self):
gps = GroupPrivilege.query.filter_by(gid=self.id).all()
return [ gp.priv for gp in gps ]

+ 14
- 0
app/models/users.py View File

@@ -125,6 +125,19 @@ class Member(User, db.Model):
self.signature = ""
self.birthday = None

def delete(self):
"""
Deletes the user and the associated information:
* Special privileges
"""

for sp in SpecialPrivilege.query.filter_by(mid=self.id).all():
db.session.delete(sp)
db.session.commit()

db.session.delete(self)
db.session.commit()

def priv(self, priv):
"""Check whether the member has the specified privilege."""
if SpecialPrivilege.query.filter_by(mid=self.id, priv=priv).first():
@@ -135,6 +148,7 @@ class Member(User, db.Model):
# GroupPrivilege.priv==priv).first() is not None

def special_privileges(self):
"""List member's special privileges."""
sp = SpecialPrivilege.query.filter_by(mid=self.id).all()
return sorted(row.priv for row in sp)


+ 3
- 20
app/routes/admin.py View File

@@ -54,11 +54,7 @@ def adm_groups():
if form.validate_on_submit():
# Clean up groups
for g in Group.query.all():
for gp in GroupPrivilege.query.filter_by(gid=g.id).all():
db.session.delete(gp)
db.session.commit()
db.session.delete(g)
db.session.commit( )
g.delete()

# Create base groups
groups = [ Group(g[0], g[1], g[2]) for g in default_groups ]
@@ -77,12 +73,7 @@ def adm_groups():
for name in "PlanèteCasio GLaDOS".split():
m = Member.query.filter_by(name=name).first()
if m is not None:
# TODO: Do a real member deletion, not just a hack like this
for sp in SpecialPrivilege.query.filter_by(mid=m.id).all():
db.session.delete(sp)
db.session.commit()
db.session.delete(m)
db.session.commit()
m.delete()

# Create template members

@@ -154,15 +145,7 @@ def adm_delete_account(user_id):
del_form = AdminDeleteAccountForm()
if request.method == "POST":
if del_form.validate_on_submit():
# First delete all special privileges for this user
for sp in SpecialPrivilege.query.filter_by(mid=user.id).all():
db.session.delete(sp)
db.session.commit()

# Then delete the user
db.session.delete(user)
db.session.commit()

user.delete()
flash('Compte supprimé', 'ok')
return redirect(url_for('adm'))
else:

Loading…
Cancel
Save