Code source de Planète Casio https://planet-casio.com
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

admin.py 4.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
  1. from flask import request, flash, redirect, url_for, abort
  2. from flask_login import login_required
  3. from app.utils.priv_required import priv_required
  4. from flask_wtf import FlaskForm
  5. from wtforms import SubmitField
  6. from app.models.users import Member, Group, GroupPrivilege
  7. from app.models.privs import SpecialPrivilege
  8. from app.forms.account import AdminUpdateAccountForm, AdminDeleteAccountForm
  9. from app.utils.render import render
  10. from app import app, db
  11. import yaml
  12. import os
  13. @app.route('/admin', methods=['GET', 'POST'])
  14. @priv_required('access-admin-panel')
  15. def adm():
  16. return render('admin/index.html')
  17. @app.route('/admin/groups', methods=['GET', 'POST'])
  18. @priv_required('access-admin-panel')
  19. def adm_groups():
  20. class GroupRegenerationForm(FlaskForm):
  21. submit = SubmitField(
  22. 'Régénérer les groupes, privilèges, et comptes communs')
  23. form = GroupRegenerationForm()
  24. if form.validate_on_submit():
  25. # Clean up groups
  26. for g in Group.query.all():
  27. g.delete()
  28. # Create base groups
  29. groups = []
  30. with open(os.path.join(app.root_path, "data", "groups.yaml")) as fp:
  31. groups = yaml.load(fp.read())
  32. for g in groups:
  33. g["obj"] = Group(g["name"], g["css"], g["descr"])
  34. db.session.add(g["obj"])
  35. db.session.commit()
  36. for g in groups:
  37. for priv in g.get("privs", "").split():
  38. db.session.add(GroupPrivilege(g["obj"], priv))
  39. db.session.commit()
  40. # Clean up test members
  41. for name in "PlanèteCasio GLaDOS".split():
  42. m = Member.query.filter_by(name=name).first()
  43. if m is not None:
  44. m.delete()
  45. # Create template members
  46. def addgroup(member, group):
  47. g = Group.query.filter_by(name=group).first()
  48. if g is not None:
  49. member.groups.append(g)
  50. m = Member('PlanèteCasio','contact@planet-casio.com','v5-forever')
  51. addgroup(m, "Compte communautaire")
  52. db.session.add(m)
  53. m = Member('GLaDOS', 'glados@aperture.science', 'v5-forever')
  54. addgroup(m, "Robot")
  55. db.session.add(m)
  56. db.session.commit()
  57. db.session.add(SpecialPrivilege(m, "edit-posts"))
  58. db.session.add(SpecialPrivilege(m, "shoutbox-ban"))
  59. db.session.commit()
  60. users = Member.query.all()
  61. groups = Group.query.all()
  62. return render('admin/groups_privileges.html', users=users, groups=groups,
  63. form=form)
  64. @app.route('/admin/edit-account/<user_id>', methods=['GET', 'POST'])
  65. @priv_required('edit-account')
  66. def adm_edit_account(user_id):
  67. user = Member.query.filter_by(id=user_id).first_or_404()
  68. form = AdminUpdateAccountForm()
  69. if request.method == "POST":
  70. if form.validate_on_submit():
  71. if form.avatar.data:
  72. f = form.avatar.data
  73. f.save("./app/static/"+user.avatar)
  74. newname = form.username.data
  75. names = list(Member.query.filter(Member.id != user.id).values(Member.name))
  76. if newname in names:
  77. raise Exception(f'{data["name"]} is not available')
  78. user.update(
  79. name = form.username.data or None,
  80. email = form.email.data or None,
  81. password = form.password.data or None,
  82. birthday = form.birthday.data,
  83. signature = form.signature.data,
  84. bio = form.biography.data,
  85. newsletter = form.newsletter.data,
  86. xp = form.xp.data or None,
  87. innovation = form.innovation.data or None
  88. )
  89. db.session.merge(user)
  90. db.session.commit()
  91. flash('Modifications effectuées', 'ok')
  92. else:
  93. flash('Erreur lors de la modification', 'error')
  94. return render('admin/edit_account.html', user=user, form=form)
  95. @app.route('/admin/edit-account/<user_id>/delete', methods=['GET', 'POST'])
  96. @priv_required('delete-account')
  97. def adm_delete_account(user_id):
  98. user = Member.query.filter_by(id=user_id).first_or_404()
  99. # Note: A user deleting their own account will be disconnected.
  100. # TODO: Add an overview of what will be deleted.
  101. # * How many posts will be turned into guest posts
  102. # * Option: purely delete the posts in question
  103. # * How many PMs will be deleted (can't unassign PMs)
  104. # * etc.
  105. del_form = AdminDeleteAccountForm()
  106. if request.method == "POST":
  107. if del_form.validate_on_submit():
  108. user.delete()
  109. flash('Compte supprimé', 'ok')
  110. return redirect(url_for('adm'))
  111. else:
  112. flash('Erreur lors de la suppression du compte', 'error')
  113. del_form.delete.data = False # Force to tick to delete the account
  114. return render('admin/delete_account.html', user=user, del_form=del_form)